This is a note to let you know that I've just added the patch titled
xen/netfront: fix leaking data in shared pages
to the 5.18-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
xen-netfront-fix-leaking-data-in-shared-pages.patch
and it can be found in the queue-5.18 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From foo@baz Tue Jul 5 12:55:01 PM CEST 2022
From: Roger Pau Monne <roger.pau@xxxxxxxxxx>
Date: Wed, 6 Apr 2022 17:38:04 +0200
Subject: xen/netfront: fix leaking data in shared pages
From: Roger Pau Monne <roger.pau@xxxxxxxxxx>
commit 307c8de2b02344805ebead3440d8feed28f2f010 upstream.
When allocating pages to be used for shared communication with the
backend always zero them, this avoids leaking unintended data present
on the pages.
This is CVE-2022-33740, part of XSA-403.
Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
Reviewed-by: Juergen Gross <jgross@xxxxxxxx>
Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/net/xen-netfront.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/net/xen-netfront.c
+++ b/drivers/net/xen-netfront.c
@@ -273,7 +273,8 @@ static struct sk_buff *xennet_alloc_one_
if (unlikely(!skb))
return NULL;
- page = page_pool_dev_alloc_pages(queue->page_pool);
+ page = page_pool_alloc_pages(queue->page_pool,
+ GFP_ATOMIC | __GFP_NOWARN | __GFP_ZERO);
if (unlikely(!page)) {
kfree_skb(skb);
return NULL;
Patches currently in stable-queue which might be from roger.pau@xxxxxxxxxx are
queue-5.18/xen-netfront-fix-leaking-data-in-shared-pages.patch
queue-5.18/xen-blkfront-force-data-bouncing-when-backend-is-untrusted.patch
queue-5.18/xen-blkfront-fix-leaking-data-in-shared-pages.patch
queue-5.18/xen-netfront-force-data-bouncing-when-backend-is-untrusted.patch
