Description
In the Linux kernel, the following vulnerability has been resolved: xen/events: Return -EEXIST for bound VIRQs Change find_virq() to return -EEXIST when a VIRQ is bound to a different CPU than the one passed in. With that, remove the BUG_ON() from bind_virq_to_irq() to propogate the error upwards. Some VIRQs are per-cpu, but others are per-domain or global. Those must be bound to CPU0 and can then migrate elsewhere. The lookup for per-domain and global will probably fail when migrated off CPU 0, especially when the current CPU is tracked. This now returns -EEXIST instead of BUG_ON(). A second call to bind a per-domain or global VIRQ is not expected, but make it non-fatal to avoid trying to look up the irq, since we don't know which per_cpu(virq_to_irq) it will be in.
Product status
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 612ef6056855c0aacb9b25d1d853c435754483f7
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before a1e7f07ae6b594f1ba5be46c6125b43bc505c5aa
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before f81db055a793eca9d05f79658ff62adafb41d664
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 07ce121d93a5e5fb2440a24da3dbf408fcee978e
6.6.113 (semver)
6.12.54 (semver)
6.17.4 (semver)
6.18 (original_commit_for_fix)
References
git.kernel.org/...c/612ef6056855c0aacb9b25d1d853c435754483f7
git.kernel.org/...c/a1e7f07ae6b594f1ba5be46c6125b43bc505c5aa
git.kernel.org/...c/f81db055a793eca9d05f79658ff62adafb41d664
git.kernel.org/...c/07ce121d93a5e5fb2440a24da3dbf408fcee978e
