xen/netfront: fix leaking data in shared pages

Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit?id=728d68bfe68d92eae1407b8a9edc7817d6227404
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2022-33740

commit 307c8de2b02344805ebead3440d8feed28f2f010 upstream.

When allocating pages to be used for shared communication with the
backend always zero them, this avoids leaking unintended data present
on the pages.

This is CVE-2022-33740, part of XSA-403.

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name xen-netfront-fix-leaking-data-in-shared-pages.patch

diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c
index 1a69b5246133b1310e06f670d15be400f22b540e..e5157126057c35a882d634b08c8a3d08419a404a 100644 (file)
--- a/drivers/net/xen-netfront.c
+++ b/drivers/net/xen-netfront.c
@@ -273,7 +273,8 @@ static struct sk_buff *xennet_alloc_one_rx_buffer(struct netfront_queue *queue)
        if (unlikely(!skb))
                return NULL;
 
-       page = page_pool_dev_alloc_pages(queue->page_pool);
+       page = page_pool_alloc_pages(queue->page_pool,
+                                    GFP_ATOMIC | __GFP_NOWARN | __GFP_ZERO);
        if (unlikely(!page)) {
                kfree_skb(skb);
                return NULL;