Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp1231686imw; Tue, 5 Jul 2022 06:09:19 -0700 (PDT) X-Google-Smtp-Source: AGRyM1viWoZJ4QORSjE+fIZUlXVSaJP1mz+dRl4sZDV0aAvKhtLKI1mVsgql+AP2CdcY4QqG9Ym3 X-Received: by 2002:a65:41ca:0:b0:408:aa25:5026 with SMTP id b10-20020a6541ca000000b00408aa255026mr31063386pgq.96.1657026558909; Tue, 05 Jul 2022 06:09:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1657026558; cv=none; d=google.com; s=arc-20160816; b=nFwPH8RaXbRN4f8cSyslNTlXhY80bSyRgTMsg9OaTRxgP154afYmT0gDJmc0FGi66s 76qFLqLKm0FHveWGNuQ4ERoJsKJwwK/YT1eh9vYj4uOToUJmVw2w5thmU8/JM5mz8UGk KxeCM8gcNZ/xbyOnkk1AKUwsZBoRFVZ/pVNHGhQST1ckzj0s58cozgwfmeXNW6uFteKx 6PRnK8MvyRgWRyyUxwK7hptOmzMMd1mH3MmhuHfzyKcvkiEOwzgI6u+i1t5fgI2hleAf GNy1l5svqTMj0IEFmPsjThReHL4FtU5qLej3NYIF4zot/zxZhHlVzf6qpCN+Aw7ps11E LxUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=cFuvSwLEJH3sK153D9IOyzHL6di/zuKdeMJxDWusMuc=; b=t1PyFzrdoZ1B4nJRajR2pj0ISE/+zMr/5+O3bMVS6i4APpx1XtOWE10NOVWZkfO/Tp 57oXIjLooA95iS0VI6z9PVc+jvbQENJDSNobAHea5h0kaqNLKdgMx9Aiq6dQEBOWI13S 82zFMm99M3DukYY7cBfVR2VkR8732cWuSwSBQngbP6AHjAUZCGS2WsE0t2l8a/mimZ0l EXhB+ySDUSvTES55rrCmSp+HqQen0N+l9Ym03HfSnevFUKd2VA8K5DMuVEGxG5s1rmf8 QC4GUN3+L3RKXlrf5KsZeAik8F9+Pdgm69xgfF1P/IKdy5egSk8b/a6Bav6xO8xMsJrT wC1w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=zTbmRxmQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x196-20020a6286cd000000b0050cfb4ff72dsi42460552pfd.52.2022.07.05.06.09.06; Tue, 05 Jul 2022 06:09:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=zTbmRxmQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232854AbiGEMAQ (ORCPT + 99 others); Tue, 5 Jul 2022 08:00:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42286 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232680AbiGEMAF (ORCPT ); Tue, 5 Jul 2022 08:00:05 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AED4917E3C; Tue, 5 Jul 2022 05:00:00 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 43D31B817D3; Tue, 5 Jul 2022 11:59:59 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 91DB9C341C7; Tue, 5 Jul 2022 11:59:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1657022398; bh=AZoMAuQ6OxD3h/PpP37DVLqlgzQlS/JHVB1+uwEHFWU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=zTbmRxmQyTX81I/IYiks6QPfpP9mXohJbxXvPxj+QH/rZgs7nKmPXn3elzLAhS+6I 3hvBlcefWLtAc7iu94rwmGBCPrTzohB/nkcTwMzWERyWROPNtbB4tDufy/WmW9QLLD 6KV/JeXOg+YqlydDeBh46t9M6fswfGOBQPKPYYNM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Jan Beulich , Juergen Gross Subject: [PATCH 4.9 21/29] xen/netfront: fix leaking data in shared pages Date: Tue, 5 Jul 2022 13:58:02 +0200 Message-Id: <20220705115606.373332495@linuxfoundation.org> X-Mailer: git-send-email 2.37.0 In-Reply-To: <20220705115605.742248854@linuxfoundation.org> References: <20220705115605.742248854@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Roger Pau Monne commit 307c8de2b02344805ebead3440d8feed28f2f010 upstream. When allocating pages to be used for shared communication with the backend always zero them, this avoids leaking unintended data present on the pages. This is CVE-2022-33740, part of XSA-403. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Juergen Gross Signed-off-by: Juergen Gross Signed-off-by: Greg Kroah-Hartman --- drivers/net/xen-netfront.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/net/xen-netfront.c +++ b/drivers/net/xen-netfront.c @@ -260,7 +260,7 @@ static struct sk_buff *xennet_alloc_one_ if (unlikely(!skb)) return NULL; - page = alloc_page(GFP_ATOMIC | __GFP_NOWARN); + page = alloc_page(GFP_ATOMIC | __GFP_NOWARN | __GFP_ZERO); if (!page) { kfree_skb(skb); return NULL;