Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp1249089imw; Tue, 5 Jul 2022 06:25:04 -0700 (PDT) X-Google-Smtp-Source: AGRyM1u8AOjYBD4K6hKxabku3ZhBfBIL/NRNfJ18Q+mvuqwTkCi6fq0IOwKrxuuzrZu600kdzGjI X-Received: by 2002:a05:6402:2750:b0:435:ab9f:1235 with SMTP id z16-20020a056402275000b00435ab9f1235mr47162127edd.188.1657027503854; Tue, 05 Jul 2022 06:25:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1657027503; cv=none; d=google.com; s=arc-20160816; b=noTorqFZj5Rwq7wvNU3RY+YANo+iZK6DoJAh00229Pl5h9JYRGQnGKRsAnINuIsA5X /9HNaDlUtBGklbKc60qHFVb00g24JzudJOEQ1nIM4rs5scR1EzOVIsudhXnh2lH/Aqmr DsZPb8b2LinKwRpfuy1OvOVd8sjmSnNv6+5vFFBycWFVk7Z4LJscngC8iJ8sSfSSfXXC SBaIbsoksyfi8sJXAxR70EYmKyBUeW3wgfGuq3j2ogCuA1uBZQi/eI8aVaOiOI3hdjOw ceAegSa3hFnNNZdFlkvxV23HgO1y7N9jl+5H/7dz6zNi5QRNZEk9grslbK7iaYcqdLvv DxtQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=is8DLFU92+LE0U54rImQfknCyyHMOtyJd+Drb23DW0A=; b=GzOuUrPqBwQMZpCoI98w3p5qXV5Jtvl26dW6APxqooW7trtuEnuQqOBzz/brFwqq7z xU9Z4WtFWqqmfJJqVlTjcpdQ6tfzKxmz15UpLZFn1V5n0TLqnUz87ZEdUuMb9doHrRWp oGdD4H2vj1tQ8LHkeDmMulmp/xCQqIecsWuZpS6/JOgvheqJdBP9arSJn51D2Mvh64Vd jChLLEKGSb6pBQVo+cB2F35OzY7MfuVibgZrqa5or53E7Sa80IE9ikNSFavkmhAp6Zx7 SNERwh/totdEEmb4yCjjNyjyT4gKlhwZV3FmRcbnnOr7+yI9nvGY6sqYy4t9Mkm69HVM dMaQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=gBvAv5cn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id cr15-20020a170906d54f00b006f4b2a8c255si20035797ejc.113.2022.07.05.06.24.38; Tue, 05 Jul 2022 06:25:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=gBvAv5cn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233450AbiGEMGJ (ORCPT + 99 others); Tue, 5 Jul 2022 08:06:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46670 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233562AbiGEMD1 (ORCPT ); Tue, 5 Jul 2022 08:03:27 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 91C98CEB; Tue, 5 Jul 2022 05:03:25 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 0457B61840; Tue, 5 Jul 2022 12:03:25 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 14CA2C341C7; Tue, 5 Jul 2022 12:03:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1657022604; bh=FKkgouZZjBPUrb7Wvw9iFLZz7PIMsh/l6Yr1v91nFWs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=gBvAv5cnJbMnaOGgCcmaYLY1+hR9WV2mnCsSwQiAsDk0WGmtIA3bWqpFI1HCARFu+ ZRjh5xcBWrUDRcwJj9jzm6ywTnfAC2M/E+PcbgdtcLaTSAJ8ch49WA7X1mXq/+/3B5 yUuT4dCqEqm+mW4opCtNRNgLAWuwE2oXq8iqCgEA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Jan Beulich , Juergen Gross Subject: [PATCH 4.19 28/33] xen/netfront: fix leaking data in shared pages Date: Tue, 5 Jul 2022 13:58:20 +0200 Message-Id: <20220705115607.537718504@linuxfoundation.org> X-Mailer: git-send-email 2.37.0 In-Reply-To: <20220705115606.709817198@linuxfoundation.org> References: <20220705115606.709817198@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Roger Pau Monne commit 307c8de2b02344805ebead3440d8feed28f2f010 upstream. When allocating pages to be used for shared communication with the backend always zero them, this avoids leaking unintended data present on the pages. This is CVE-2022-33740, part of XSA-403. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Juergen Gross Signed-off-by: Juergen Gross Signed-off-by: Greg Kroah-Hartman --- drivers/net/xen-netfront.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/net/xen-netfront.c +++ b/drivers/net/xen-netfront.c @@ -261,7 +261,7 @@ static struct sk_buff *xennet_alloc_one_ if (unlikely(!skb)) return NULL; - page = alloc_page(GFP_ATOMIC | __GFP_NOWARN); + page = alloc_page(GFP_ATOMIC | __GFP_NOWARN | __GFP_ZERO); if (!page) { kfree_skb(skb); return NULL;