CVE-2026-23085

In the Linux kernel, the following vulnerability has been resolved:

irqchip/gic-v3-its: Avoid truncating memory addresses

On 32-bit machines with CONFIGARMLPAE, it is possible for lowmem allocations to be backed by addresses physical memory above the 32-bit address limit, as found while experimenting with larger VMSPLIT configurations.

This caused the qemu virt model to crash in the GICv3 driver, which allocates the 'itt' object using GFPKERNEL. Since all memory below the 4GB physical address limit is in ZONEDMA in this configuration, kmalloc() defaults to higher addresses for ZONE_NORMAL, and the ITS driver stores the physical address in a 32-bit 'unsigned long' variable.

Change the ittaddr variable to the correct physaddr_t type instead, along with all other variables in this driver that hold a physical address.

The gicv5 driver correctly uses u64 variables, while all other irqchip drivers don't call virttophys or similar interfaces. It's expected that other device drivers have similar issues, but fixing this one is sufficient for booting a virtio based guest.