1 files changed, 0 insertions, 43 deletions

diff --git a/main/xen/xsa71.patch b/main/xen/xsa71.patch
deleted file mode 100644
index 45e52eb0f8..0000000000
--- a/main/xen/xsa71.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 23260e589e52ec83349f22198eab2331b5a1684e Mon Sep 17 00:00:00 2001
-From: Matthew Daley <mattjd@gmail.com>
-Date: Wed, 25 Sep 2013 12:28:47 +1200
-Subject: [PATCH] xen_disk: mark ioreq as mapped before unmapping in error
- case
-
-Commit c6961b7d ("xen_disk: use bdrv_aio_flush instead of bdrv_flush")
-modified the semantics of ioreq_{un,}map so that they are idempotent if
-called when they're not needed (ie., twice in a row). However, it neglected
-to handle the case where batch mapping is not being used (the default), and
-one of the grants fails to map. In this case, ioreq_unmap will be called to
-unwind and unmap any mappings already performed, but ioreq_unmap simply
-returns due to the aforementioned change (the ioreq has not already been
-marked as mapped).
-
-The frontend user can therefore force xen_disk to leak grant mappings, a
-per-backend-domain limited resource.
-
-Fix by marking the ioreq as mapped before calling ioreq_unmap in this
-situation.
-
-This is XSA-71 / CVE-2013-4375
-
-Signed-off-by: Matthew Daley <mattjd@gmail.com>
----
- hw/xen_disk.c |    1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/tools/qemu-xen/hw/xen_disk.c b/tools/qemu-xen/hw/xen_disk.c
-index a402ac8..1cdfcbc 100644
---- a/tools/qemu-xen/hw/xen_disk.c
-+++ b/tools/qemu-xen/hw/xen_disk.c
-@@ -299,6 +299,7 @@ static int ioreq_map(struct ioreq *ioreq)
-                 xen_be_printf(&ioreq->blkdev->xendev, 0,
-                               "can't map grant ref %d (%s, %d maps)\n",
-                               refs[i], strerror(errno), ioreq->blkdev->cnt_map);
-+                ioreq->mapped = 1;
-                 ioreq_unmap(ioreq);
-                 return -1;
-             }
--- 
-1.7.10.4
-