Commit 49126621 authored Jan 06, 2025 by Alex Zenla Committed by Ze Zuo Jan 06, 2025

9p/xen: fix release of IRQ

stable inclusion
from stable-v4.19.325
commit 692eb06703afc3e24d889d77e94a0e20229f6a4a
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBEDPA
CVE: CVE-2024-56704

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=692eb06703afc3e24d889d77e94a0e20229f6a4a



--------------------------------

[ Upstream commit e43c608f40c065b30964f0a806348062991b802d ]

Kernel logs indicate an IRQ was double-freed.

Pass correct device ID during IRQ release.

Fixes: 71ebd719 ("xen/9pfs: connect to the backend")
Signed-off-by: Alex Zenla <alex@edera.dev>
Signed-off-by: Alexander Merritt <alexander@edera.dev>
Signed-off-by: Ariadne Conill <ariadne@ariadne.space>
Reviewed-by: Juergen Gross <jgross@suse.com>
Message-ID: <20241121225100.5736-1-alexander@edera.dev>
[Dominique: remove confusing variable reset to 0]
Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 692eb06703afc3e24d889d77e94a0e20229f6a4a)
Signed-off-by: Ze Zuo <zuoze1@huawei.com>

parent bedee5b4

net/9p/trans_xen.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -297,7 +297,7 @@ static void xen_9pfs_front_free(struct xen_9pfs_front_priv *priv)
		if (!priv->rings[i].intf)
		break;
		if (priv->rings[i].irq > 0)
		unbind_from_irqhandler(priv->rings[i].irq, priv->dev);
		unbind_from_irqhandler(priv->rings[i].irq, ring);
		if (priv->rings[i].data.in) {
		for (j = 0; j < (1 << XEN_9PFS_RING_ORDER); j++) {
		grant_ref_t ref;