xen/netfront: fix leaking data in shared pages

commit a34431598e051e119d74a3f1c83f783c61b3ac5d upstream.

When allocating pages to be used for shared communication with the
backend always zero them, this avoids leaking unintended data present
on the pages.

This is CVE-2022-33740, part of XSA-403.

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c
index 94dd6edd18006a23765c8ff63be4e69e24e3b589..af23d0bc6f7ce605b311f6a07640335a4c3d6105 100644 (file)
--- a/drivers/net/xen-netfront.c
+++ b/drivers/net/xen-netfront.c
@@ -261,7 +261,7 @@ static struct sk_buff *xennet_alloc_one_rx_buffer(struct netfront_queue *queue)
        if (unlikely(!skb))
                return NULL;
 
-       page = alloc_page(GFP_ATOMIC | __GFP_NOWARN);
+       page = alloc_page(GFP_ATOMIC | __GFP_NOWARN | __GFP_ZERO);
        if (!page) {
                kfree_skb(skb);
                return NULL;