Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp1254093imw; Tue, 5 Jul 2022 06:29:56 -0700 (PDT) X-Google-Smtp-Source: AGRyM1sgysWiGCPJGyTt7wbkwszDrun2RsK/hiOKO3OgFADV3Jh5wKhrdwNIza3MDTm6BLt150QQ X-Received: by 2002:a63:f14b:0:b0:412:6c21:f1ed with SMTP id o11-20020a63f14b000000b004126c21f1edmr4384181pgk.198.1657027795818; Tue, 05 Jul 2022 06:29:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1657027795; cv=none; d=google.com; s=arc-20160816; b=a+CBDpou2o7/c+A0hrKrGPRg7bm01gU2d09Ko9xBlbCuDtuzIbyM2z36x+fnvhFBiW TRWLJ+dU2v6ALTs/pW3hwKdcxDvo6IkszpTTvpXBkzkFEYo/9BkHMne5H8AJun/23lH2 0XoTlW8ORXwnVJSZI5D+vOTcXsXDYsgH+PcN9dyshBaWvbT0VbSlGQARPbL+pbP6j1O3 AW3XXq7z8oLF6qQgkgOepMSndSw+vKidvRXL6o53hpu1BU+6z5qVX1HXu9pi3kBp3k49 ycSMvLk9f7lx90XpK+QIoKO1tuqgeWcRU1bpn7GkYvJJBTO5K/BcSXkRkSULbaTPEmJ0 ABGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=is8DLFU92+LE0U54rImQfknCyyHMOtyJd+Drb23DW0A=; b=fsUwcWSF2kFHn7Q6gqfKjxbM0mB5fOsRwzR3F5AzG+8RTE9w3RbudYWPZJ2Ll5MYg/ YJEVybk7BWo7U50CzzMk6lSovQrNVxTdOb5vqYUDG0yi32YPdNUHOtGEfFio6vTzck7n SZbZuNMBqn+7eyfCKGPT+iNmruotaXcVJfvJ4WeR7FFbkDpazlPwyrZy6QnEuwsS7/ny Uf8R5tXzqLDQGPs920guYUXv/e6URwOrBoez5onVQtIcGnC2br88tHpNkxZv5+YXTWEZ frOqYRqbXG6Np0yUY/Llnxpu0dr8XYLRgSrUQ9wZPPHwpjYUCWeeEefYX9kxUjHCzF8N eUyA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=KhNDMZku; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t6-20020a170902e84600b00153b640ed90si21516327plg.38.2022.07.05.06.29.44; Tue, 05 Jul 2022 06:29:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=KhNDMZku; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233308AbiGEMDE (ORCPT + 99 others); Tue, 5 Jul 2022 08:03:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44246 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233032AbiGEMBc (ORCPT ); Tue, 5 Jul 2022 08:01:32 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 518DF17AA9; Tue, 5 Jul 2022 05:01:31 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id D0374B817DA; Tue, 5 Jul 2022 12:01:29 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 344AFC341C7; Tue, 5 Jul 2022 12:01:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1657022488; bh=FKkgouZZjBPUrb7Wvw9iFLZz7PIMsh/l6Yr1v91nFWs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=KhNDMZkud+vWwVZXM6/zbM5Fq1KpK5FJBxGFYWAWamXzA7KelCd/dxFhSPxG0q9vr +OGdc9bjPjbIlzD85wlM5sG88jDhNmbsO12UZzq+Q6s8NxsGOKtUd1kJZWFMzpqEEf 9ioeZwePZTRn0nUpxn5dMidbPPfB59df1zQhJgfo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= , Jan Beulich , Juergen Gross Subject: [PATCH 4.14 24/29] xen/netfront: fix leaking data in shared pages Date: Tue, 5 Jul 2022 13:58:12 +0200 Message-Id: <20220705115607.055647740@linuxfoundation.org> X-Mailer: git-send-email 2.37.0 In-Reply-To: <20220705115606.333669144@linuxfoundation.org> References: <20220705115606.333669144@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Roger Pau Monne commit 307c8de2b02344805ebead3440d8feed28f2f010 upstream. When allocating pages to be used for shared communication with the backend always zero them, this avoids leaking unintended data present on the pages. This is CVE-2022-33740, part of XSA-403. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Juergen Gross Signed-off-by: Juergen Gross Signed-off-by: Greg Kroah-Hartman --- drivers/net/xen-netfront.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/net/xen-netfront.c +++ b/drivers/net/xen-netfront.c @@ -261,7 +261,7 @@ static struct sk_buff *xennet_alloc_one_ if (unlikely(!skb)) return NULL; - page = alloc_page(GFP_ATOMIC | __GFP_NOWARN); + page = alloc_page(GFP_ATOMIC | __GFP_NOWARN | __GFP_ZERO); if (!page) { kfree_skb(skb); return NULL;