[SRU][F:linux-bluefield][PATCH 12/21] xdp: Clear grow memory in bpf_xdp_adjust_tail()

[Bodong Wang]

From: Jesper Dangaard Brouer <brouer at redhat.com>

BugLink: https://bugs.launchpad.net/bugs/1934499

Clearing memory of tail when grow happens, because it is too easy
to write a XDP_PASS program that extend the tail, which expose
this memory to users that can run tcpdump.

Signed-off-by: Jesper Dangaard Brouer <brouer at redhat.com>
Signed-off-by: Alexei Starovoitov <ast at kernel.org>
Acked-by: Toke Høiland-Jørgensen <toke at redhat.com>
Link: https://lore.kernel.org/bpf/158945349039.97035.5262100484553494.stgit@firesoul
(cherry picked from commit ddb47d518ca10948d1f64a983cb9274720f691cd)
Signed-off-by: Maxim Mikityanskiy <maximmi at nvidia.com>
Reviewed-by: Moshe Shemesh <moshe at nvidia.com>
Signed-off-by: Bodong Wang <bodong at nvidia.com>
---
 net/core/filter.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/net/core/filter.c b/net/core/filter.c
index c826b0c..609fe9f 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -3424,6 +3424,10 @@ static unsigned long xdp_get_metalen(const struct xdp_buff *xdp)
 	if (unlikely(data_end < xdp->data + ETH_HLEN))
 		return -EINVAL;
 
+	/* Clear memory area on grow, can contain uninit kernel memory */
+	if (offset > 0)
+		memset(xdp->data_end, 0, offset);
+
 	xdp->data_end = data_end;
 
 	return 0;
-- 
1.8.3.1