Commit 2f446ffe authored by Roger Pau Monne's avatar Roger Pau Monne Committed by Juergen Gross
Browse files

xen/blkfront: fix leaking data in shared pages 



When allocating pages to be used for shared communication with the
backend always zero them, this avoids leaking unintended data present
on the pages.

This is CVE-2022-26365, part of XSA-403.

Signed-off-by: default avatarRoger Pau Monné <roger.pau@citrix.com>
Reviewed-by: default avatarJan Beulich <jbeulich@suse.com>
Reviewed-by: default avatarJuergen Gross <jgross@suse.com>
Signed-off-by: default avatarJuergen Gross <jgross@suse.com>
parent a175eca0

drivers/block/xen-blkfront.c

+3 −2
Original line number Diff line number Diff line
@@ -311,7 +311,7 @@ static int fill_grant_buffer(struct blkfront_ring_info *rinfo, int num) 
			goto out_of_memory;



		if (info->feature_persistent) {

			granted_page = alloc_page(GFP_NOIO);

			granted_page = alloc_page(GFP_NOIO | __GFP_ZERO);

			if (!granted_page) {

				kfree(gnt_list_entry);

				goto out_of_memory;
@@ -2183,7 +2183,8 @@ static int blkfront_setup_indirect(struct blkfront_ring_info *rinfo) 


		BUG_ON(!list_empty(&rinfo->indirect_pages));

		for (i = 0; i < num; i++) {

			struct page *indirect_page = alloc_page(GFP_KERNEL);

			struct page *indirect_page = alloc_page(GFP_KERNEL |

								__GFP_ZERO);

			if (!indirect_page)

				goto out_of_memory;

			list_add(&indirect_page->lru, &rinfo->indirect_pages);