From: GuoHan Zhao <zhaoguohan@kylinos.cn> mainline inclusion from mainline-v7.0-rc6 commit cd7e1fef5a1ca1c4fcd232211962ac2395601636 category: bugfix bugzilla: https://atomgit.com/src-openeuler/kernel/issues/14027 CVE: CVE-2026-31788 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... -------------------------------- Commit 453b8fb68f36 ("xen/privcmd: restrict usage in unprivileged domU") added a xenstore notifier to defer setting the restriction target until Xenstore is ready. XEN_PRIVCMD can be built as a module, but privcmd_exit() leaves that notifier behind. Balance the notifier lifecycle by unregistering it on module exit. This is harmless even if xenstore was already ready at registration time and the notifier was never queued on the chain. Fixes: 453b8fb68f36 ("xen/privcmd: restrict usage in unprivileged domU") Signed-off-by: GuoHan Zhao <zhaoguohan@kylinos.cn> Reviewed-by: Juergen Gross <jgross@suse.com> Signed-off-by: Juergen Gross <jgross@suse.com> Message-ID: <20260325120246.252899-1-zhaoguohan@kylinos.cn> Conflicts: drivers/xen/privcmd.c [commit f0d7db7b33243 not merged] Signed-off-by: Zhang Yuwei <zhangyuwei20@huawei.com> --- drivers/xen/privcmd.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/xen/privcmd.c b/drivers/xen/privcmd.c index cb50038c0c9c..f082fa8c77f9 100644 --- a/drivers/xen/privcmd.c +++ b/drivers/xen/privcmd.c @@ -1054,6 +1054,9 @@ static int __init privcmd_init(void) static void __exit privcmd_exit(void) { + if (!xen_initial_domain()) + unregister_xenstore_notifier(&xenstore_notifier); + misc_deregister(&privcmd_dev); misc_deregister(&xen_privcmdbuf_dev); } -- 2.22.0