1 files changed, 0 insertions, 37 deletions

diff --git a/main/xen/xsa215.patch b/main/xen/xsa215.patch
deleted file mode 100644
index f18a1cd01f..0000000000
--- a/main/xen/xsa215.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From: Jan Beulich <jbeulich@suse.com>
-Subject: x86: correct create_bounce_frame
-
-We may push up to 96 bytes on the guest (kernel) stack, so we should
-also cover as much in the early range check. Note that this is the
-simplest possible patch, which has the theoretical potential of
-breaking a guest: We only really push 96 bytes when invoking the
-failsafe callback, ordinary exceptions only have 56 or 64 bytes pushed
-(without / with error code respectively). There is, however, no PV OS
-known to place a kernel stack there.
-
-This is XSA-215.
-
-Reported-by: Jann Horn <jannh@google.com>
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
-
---- a/xen/arch/x86/x86_64/entry.S
-+++ b/xen/arch/x86/x86_64/entry.S
-@@ -347,7 +347,7 @@ int80_slow_path:
-         jmp   handle_exception_saved
- 
- /* CREATE A BASIC EXCEPTION FRAME ON GUEST OS STACK:                     */
--/*   { RCX, R11, [DS-GS,] [CR2,] [ERRCODE,] RIP, CS, RFLAGS, RSP, SS }   */
-+/*   { RCX, R11, [DS-GS,] [ERRCODE,] RIP, CS, RFLAGS, RSP, SS }          */
- /* %rdx: trap_bounce, %rbx: struct vcpu                                  */
- /* On return only %rbx and %rdx are guaranteed non-clobbered.            */
- create_bounce_frame:
-@@ -367,7 +367,7 @@ create_bounce_frame:
- 2:      andq  $~0xf,%rsi                # Stack frames are 16-byte aligned.
-         movq  $HYPERVISOR_VIRT_START,%rax
-         cmpq  %rax,%rsi
--        movq  $HYPERVISOR_VIRT_END+60,%rax
-+        movq  $HYPERVISOR_VIRT_END+12*8,%rax
-         sbb   %ecx,%ecx                 # In +ve address space? Then okay.
-         cmpq  %rax,%rsi
-         adc   %ecx,%ecx                 # Above Xen private area? Then okay.