Several access permission issues with IRQs for unprivileged guests
Various IRQ related access control operations may not have the intended effect, thus potentially permitting a stub domain to grant its client domain access to an IRQ it doesn’t have access to itself.
privilege uncheck (inadequate check in IRQ handling)
x86: fix various issues with handling guest IRQs
- properly revoke IRQ access in map_domain_pirq() error path
- don’t permit replacing an in use IRQ
- don’t accept inputs in the GSI range for MAP_PIRQ_TYPE_MSI
- track IRQ access permission in host IRQ terms, not guest IRQ ones (and with that, also disallow Dom0 access to IRQ0)
Malicious or buggy stub domains kernels can mount a denial of service attack possibly affecting the whole system.