www.infradead.org Git - users/dwmw2/linux.git/commit

author	Roger Pau Monne <roger.pau@citrix.com>
	Thu, 7 Apr 2022 10:20:06 +0000 (12:20 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 7 Jul 2022 15:52:22 +0000 (17:52 +0200)
commit	4923217af5742a796821272ee03f8d6de15c0cca
tree	d9ad5c8bd99ded14b368a76c08c65acd176475e1	tree
parent	728d68bfe68d92eae1407b8a9edc7817d6227404	commit \| diff

xen/netfront: force data bouncing when backend is untrusted

commit 4491001c2e0fa69efbb748c96ec96b100a5cdb7e upstream.

Bounce all data on the skbs to be transmitted into zeroed pages if the
backend is untrusted. This avoids leaking data present in the pages
shared with the backend but not part of the skb fragments. This
requires introducing a new helper in order to allocate skbs with a
size multiple of XEN_PAGE_SIZE so we don't leak contiguous data on the
granted pages.

Reporting whether the backend is to be trusted can be done using a
module parameter, or from the xenstore frontend path as set by the
toolstack when adding the device.

This is CVE-2022-33741, part of XSA-403.

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>