Description
In the Linux kernel, the following vulnerability has been resolved: xen/events: Return -EEXIST for bound VIRQs Change find_virq() to return -EEXIST when a VIRQ is bound to a different CPU than the one passed in. With that, remove the BUG_ON() from bind_virq_to_irq() to propogate the error upwards. Some VIRQs are per-cpu, but others are per-domain or global. Those must be bound to CPU0 and can then migrate elsewhere. The lookup for per-domain and global will probably fail when migrated off CPU 0, especially when the current CPU is tracked. This now returns -EEXIST instead of BUG_ON(). A second call to bind a per-domain or global VIRQ is not expected, but make it non-fatal to avoid trying to look up the irq, since we don't know which per_cpu(virq_to_irq) it will be in.
Product status
62cc5fc7b2e0218144e162afb8191db9b924b5e6 (git) before 612ef6056855c0aacb9b25d1d853c435754483f7
62cc5fc7b2e0218144e162afb8191db9b924b5e6 (git) before a1e7f07ae6b594f1ba5be46c6125b43bc505c5aa
62cc5fc7b2e0218144e162afb8191db9b924b5e6 (git) before f81db055a793eca9d05f79658ff62adafb41d664
62cc5fc7b2e0218144e162afb8191db9b924b5e6 (git) before 07ce121d93a5e5fb2440a24da3dbf408fcee978e
3.2
Any version before 3.2
6.6.113 (semver)
6.12.54 (semver)
6.17.4 (semver)
6.18 (original_commit_for_fix)
References
git.kernel.org/...c/612ef6056855c0aacb9b25d1d853c435754483f7
git.kernel.org/...c/a1e7f07ae6b594f1ba5be46c6125b43bc505c5aa
git.kernel.org/...c/f81db055a793eca9d05f79658ff62adafb41d664
git.kernel.org/...c/07ce121d93a5e5fb2440a24da3dbf408fcee978e