xen/netfront: fix leaking data in shared pages

commit 307c8de2b02344805ebead3440d8feed28f2f010 upstream. When allocating pages to be used for shared communication with the backend always zero them, this avoids leaking unintended data present on the pages. This is CVE-2022-33740, part of XSA-403. Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Juergen Gross <jgross@suse.com> Signed-off-by: Juergen Gross <jgross@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Roger Pau Monne <roger.pau@citrix.com> 2022-04-06 17:38:04 +0200
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2022-07-07 17:31:18 +0200
commit: f2c6f208a52df7e201f9fc34ae5efd7f9f40133e (patch)
tree: 96ca62a84cc002f030125fd2e2c0b4a9450a6083
parent: 44dc5bcac4b0ec4e876110a69ead25a9b130234b (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c
index 430d7c223585..1dcc38b06185 100644
--- a/drivers/net/xen-netfront.c
+++ b/drivers/net/xen-netfront.c
@@ -261,7 +261,7 @@ static struct sk_buff *xennet_alloc_one_rx_buffer(struct netfront_queue *queue)
 	if (unlikely(!skb))
 		return NULL;
 
-	page = alloc_page(GFP_ATOMIC | __GFP_NOWARN);
+	page = alloc_page(GFP_ATOMIC | __GFP_NOWARN | __GFP_ZERO);
 	if (!page) {
 		kfree_skb(skb);
 		return NULL;
author	Roger Pau Monne <roger.pau@citrix.com>	2022-04-06 17:38:04 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2022-07-07 17:31:18 +0200
commit	f2c6f208a52df7e201f9fc34ae5efd7f9f40133e (patch)
tree	96ca62a84cc002f030125fd2e2c0b4a9450a6083
parent	44dc5bcac4b0ec4e876110a69ead25a9b130234b (diff)