From: Roger Pau Monne Date: Wed, 6 Apr 2022 15:38:04 +0000 (+0200) Subject: xen/netfront: fix leaking data in shared pages X-Git-Tag: archive/raspbian/5.10.127-2+rpi1^2~23 X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/cgi/%22https:/%22bookmarks:///%22http:/www.example.com/cgi/%22https:/%22bookmarks:/?a=commitdiff_plain;h=9760cb576a565d8313ce74e70c703f286cd829b8;p=linux.git xen/netfront: fix leaking data in shared pages Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit?id=728d68bfe68d92eae1407b8a9edc7817d6227404 Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2022-33740 commit 307c8de2b02344805ebead3440d8feed28f2f010 upstream. When allocating pages to be used for shared communication with the backend always zero them, this avoids leaking unintended data present on the pages. This is CVE-2022-33740, part of XSA-403. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Juergen Gross Signed-off-by: Juergen Gross Signed-off-by: Greg Kroah-Hartman Gbp-Pq: Topic bugfix/all Gbp-Pq: Name xen-netfront-fix-leaking-data-in-shared-pages.patch --- diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c index 1a69b524613..e5157126057 100644 --- a/drivers/net/xen-netfront.c +++ b/drivers/net/xen-netfront.c @@ -273,7 +273,8 @@ static struct sk_buff *xennet_alloc_one_rx_buffer(struct netfront_queue *queue) if (unlikely(!skb)) return NULL; - page = page_pool_dev_alloc_pages(queue->page_pool); + page = page_pool_alloc_pages(queue->page_pool, + GFP_ATOMIC | __GFP_NOWARN | __GFP_ZERO); if (unlikely(!page)) { kfree_skb(skb); return NULL;