1 files changed, 0 insertions, 34 deletions

diff --git a/main/xen/xsa164.patch b/main/xen/xsa164.patch
deleted file mode 100644
index 39ffccc40f..0000000000
--- a/main/xen/xsa164.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-MSI-X: avoid array overrun upon MSI-X table writes
-
-pt_msix_init() allocates msix->msix_entry[] to just cover
-msix->total_entries entries. While pci_msix_readl() resorts to reading
-physical memory for out of bounds reads, pci_msix_writel() so far
-simply accessed/corrupted unrelated memory.
-
-pt_iomem_map()'s call to cpu_register_physical_memory() registers a
-page granular region, which is necessary as the Pending Bit Array may
-share space with the MSI-X table (but nothing else is allowed to). This
-also explains why pci_msix_readl() actually honors out of bounds reads,
-but pci_msi_writel() doesn't need to.
-
-This is XSA-164.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Acked-by: Ian Campbell <ian.campbell@citrix.com>
-
---- a/hw/pt-msi.c
-+++ b/hw/pt-msi.c
-@@ -440,6 +440,13 @@ static void pci_msix_writel(void *opaque
-         return;
-     }
- 
-+    if ( addr - msix->mmio_base_addr >= msix->total_entries * 16 )
-+    {
-+        PT_LOG("Error: Out of bounds write to MSI-X table,"
-+               " addr %016"PRIx64"\n", addr);
-+        return;
-+    }
-+
-     entry_nr = (addr - msix->mmio_base_addr) / 16;
-     entry = &msix->msix_entry[entry_nr];
-     offset = ((addr - msix->mmio_base_addr) % 16) / 4;