xen/blkfront: fix leaking data in shared pages

jira VULN-1437
cve CVE-2022-26365
commit-author Roger Pau Monne <[email protected]>
commit 2f446ff
upstream-diff One of the alloc_page calls has not been switched to
              GFP_KERNEL yet, so __GFP_ZERO is or'd with GFP_NOIO
              instead

When allocating pages to be used for shared communication with the
backend always zero them, this avoids leaking unintended data present
on the pages.

This is CVE-2022-26365, part of XSA-403.

	Signed-off-by: Roger Pau Monné <[email protected]>
	Reviewed-by: Jan Beulich <[email protected]>
	Reviewed-by: Juergen Gross <[email protected]>
	Signed-off-by: Juergen Gross <[email protected]>
(cherry picked from commit 2f446ff)
	Signed-off-by: Brett Mastbergen <[email protected]>

Author: bmastbergen

drivers/block/xen-blkfront.c

@@ -201,7 +201,7 @@ static int fill_grant_buffer(struct blkfront_info *info, int num)
 			goto out_of_memory;
 
 		if (info->feature_persistent) {
-			granted_page = alloc_page(GFP_NOIO);
+			granted_page = alloc_page(GFP_NOIO | __GFP_ZERO);
 			if (!granted_page) {
 				kfree(gnt_list_entry);
 				goto out_of_memory;
@@ -1707,7 +1707,8 @@ static int blkfront_setup_indirect(struct blkfront_info *info)
 
 		BUG_ON(!list_empty(&info->indirect_pages));
 		for (i = 0; i < num; i++) {
-			struct page *indirect_page = alloc_page(GFP_NOIO);
+			struct page *indirect_page = alloc_page(GFP_NOIO |
+								__GFP_ZERO);
 			if (!indirect_page)
 				goto out_of_memory;
 			list_add(&indirect_page->lru, &info->indirect_pages);