[PATCH openEuler-5.10 21/23] xen/netfront: fix leaking data in shared pages

12 Jul 2022

From: Roger Pau Monne roger.pau@citrix.com
stable inclusion
from stable-v5.10.129
commit 728d68bfe68d92eae1407b8a9edc7817d6227404
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I5GLYP
CVE: CVE-2022-33740
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=l...
--------------------------------
commit 307c8de2b02344805ebead3440d8feed28f2f010 upstream.
When allocating pages to be used for shared communication with the
backend always zero them, this avoids leaking unintended data present
on the pages.
This is CVE-2022-33740, part of XSA-403.
Signed-off-by: Roger Pau Monné roger.pau@citrix.com
Reviewed-by: Jan Beulich jbeulich@suse.com
Reviewed-by: Juergen Gross jgross@suse.com
Signed-off-by: Juergen Gross jgross@suse.com
Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
Signed-off-by: ChenXiaoSong chenxiaosong2@huawei.com
Reviewed-by: Xiu Jianfeng xiujianfeng@huawei.com
Reviewed-by: Jason Yan yanaijie@huawei.com
Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com
---
 drivers/net/xen-netfront.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c
index a7ebf17f75a3..881bc68e5402 100644
--- a/drivers/net/xen-netfront.c
+++ b/drivers/net/xen-netfront.c
@@ -273,7 +273,8 @@ static struct sk_buff *xennet_alloc_one_rx_buffer(struct netfront_queue *queue)
    if (unlikely(!skb))
    	return NULL;
-	page = page_pool_dev_alloc_pages(queue->page_pool);
+	page = page_pool_alloc_pages(queue->page_pool,
+				     GFP_ATOMIC | __GFP_NOWARN | __GFP_ZERO);
    if (unlikely(!page)) {
    	kfree_skb(skb);
    	return NULL;
-- 
2.20.1

    

2024

2023

2022

2021

2020

2019

[PATCH openEuler-5.10 21/23] xen/netfront: fix leaking data in shared pages