From: Jesper Dangaard Brouer hawk@kernel.org
mainline inclusion from mainline-v6.9-rc3 commit 037965402a010898d34f4e35327d22c0a95cd51f category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9O0MS CVE: CVE-2024-27393
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
-------------------------------------------------
Notice that skb_mark_for_recycle() is introduced later than fixes tag in commit 6a5bcd84e886 ("page_pool: Allow drivers to hint on SKB recycling").
It is believed that fixes tag were missing a call to page_pool_release_page() between v5.9 to v5.14, after which is should have used skb_mark_for_recycle(). Since v6.6 the call page_pool_release_page() were removed (in commit 535b9c61bdef ("net: page_pool: hide page_pool_release_page()") and remaining callers converted (in commit 6bfef2ec0172 ("Merge branch 'net-page_pool-remove-page_pool_release_page'")).
This leak became visible in v6.8 via commit dba1b8a7ab68 ("mm/page_pool: catch page_pool memory leaks").
Cc: stable@vger.kernel.org Fixes: 6c5aa6fc4def ("xen networking: add basic XDP support for xen-netfront") Reported-by: Leonidas Spyropoulos artafinde@archlinux.com Link: https://bugzilla.kernel.org/show_bug.cgi?id=218654 Reported-by: Arthur Borsboom arthurborsboom@gmail.com Signed-off-by: Jesper Dangaard Brouer hawk@kernel.org Link: https://lore.kernel.org/r/171154167446.2671062.9127105384591237363.stgit@fir... Signed-off-by: Jakub Kicinski kuba@kernel.org Signed-off-by: Zhang Zekun zhangzekun11@huawei.com --- drivers/net/xen-netfront.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c index 3d149890fa36..819b4e68afc1 100644 --- a/drivers/net/xen-netfront.c +++ b/drivers/net/xen-netfront.c @@ -287,6 +287,7 @@ static struct sk_buff *xennet_alloc_one_rx_buffer(struct netfront_queue *queue) return NULL; } skb_add_rx_frag(skb, 0, page, 0, 0, PAGE_SIZE); + skb_mark_for_recycle(skb);
/* Align ip header to a 16 bytes boundary */ skb_reserve(skb, NET_IP_ALIGN);