xen/netfront: fix leaking data in shared pages

commit 307c8de2b02344805ebead3440d8feed28f2f010 upstream. When allocating pages to be used for shared communication with the backend always zero them, this avoids leaking unintended data present on the pages. This is CVE-2022-33740, part of XSA-403. Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Juergen Gross <jgross@suse.com> Signed-off-by: Juergen Gross <jgross@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Roger Pau Monne <roger.pau@citrix.com> 2022-04-06 17:38:04 +0200
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2022-07-07 17:55:00 +0200
commit: 6d98cf6e58b5867225c3b4ea49bc431895ef33f0 (patch)
tree: 9f947d24a8c3618a49dd6fed22a9551f5a1e1346
parent: 62b5d188a270a25138a88c18409c596c1406b993 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c
index e2b4a1893a13..af3296171d86 100644
--- a/drivers/net/xen-netfront.c
+++ b/drivers/net/xen-netfront.c
@@ -273,7 +273,8 @@ static struct sk_buff *xennet_alloc_one_rx_buffer(struct netfront_queue *queue)
 	if (unlikely(!skb))
 		return NULL;
 
-	page = page_pool_dev_alloc_pages(queue->page_pool);
+	page = page_pool_alloc_pages(queue->page_pool,
+				     GFP_ATOMIC | __GFP_NOWARN | __GFP_ZERO);
 	if (unlikely(!page)) {
 		kfree_skb(skb);
 		return NULL;
author	Roger Pau Monne <roger.pau@citrix.com>	2022-04-06 17:38:04 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2022-07-07 17:55:00 +0200
commit	6d98cf6e58b5867225c3b4ea49bc431895ef33f0 (patch)
tree	9f947d24a8c3618a49dd6fed22a9551f5a1e1346
parent	62b5d188a270a25138a88c18409c596c1406b993 (diff)