xen/netfront: fix leaking data in shared pages

commit 307c8de2b02344805ebead3440d8feed28f2f010 upstream. When allocating pages to be used for shared communication with the backend always zero them, this avoids leaking unintended data present on the pages. This is CVE-2022-33740, part of XSA-403. Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Juergen Gross <jgross@suse.com> Signed-off-by: Juergen Gross <jgross@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Roger Pau Monne <roger.pau@citrix.com> 2022-04-06 17:38:04 +0200
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2022-07-07 17:36:53 +0200
commit: 04945b5beb73019145ac17a2565526afa7293c14 (patch)
tree: 8a0d1f6c0fe1ce8931be4ef18a6aba628d404eee
parent: 42112e8f94617d83943f8f3b8de2b66041905506 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c
index 94dd6edd1800..af23d0bc6f7c 100644
--- a/drivers/net/xen-netfront.c
+++ b/drivers/net/xen-netfront.c
@@ -261,7 +261,7 @@ static struct sk_buff *xennet_alloc_one_rx_buffer(struct netfront_queue *queue)
 	if (unlikely(!skb))
 		return NULL;
 
-	page = alloc_page(GFP_ATOMIC | __GFP_NOWARN);
+	page = alloc_page(GFP_ATOMIC | __GFP_NOWARN | __GFP_ZERO);
 	if (!page) {
 		kfree_skb(skb);
 		return NULL;
author	Roger Pau Monne <roger.pau@citrix.com>	2022-04-06 17:38:04 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2022-07-07 17:36:53 +0200
commit	04945b5beb73019145ac17a2565526afa7293c14 (patch)
tree	8a0d1f6c0fe1ce8931be4ef18a6aba628d404eee
parent	42112e8f94617d83943f8f3b8de2b66041905506 (diff)