From 78bcad94a34642c7b29272db2c20684bc809ff8c Mon Sep 17 00:00:00 2001
From: Reg Tiangha <reg@reginaldtiangha.com>
Date: Thu, 29 Jun 2017 13:41:07 -0600
Subject: [PATCH] Remove XSA216 patch which is now merged into 4.9.35

---
 patches.xen/xsa216-linux-4.11.patch | 113 ----------------------------
 series.conf                         |   1 -
 2 files changed, 114 deletions(-)
 delete mode 100644 patches.xen/xsa216-linux-4.11.patch

diff --git a/patches.xen/xsa216-linux-4.11.patch b/patches.xen/xsa216-linux-4.11.patch
deleted file mode 100644
index 27c8003..0000000
--- a/patches.xen/xsa216-linux-4.11.patch
+++ /dev/null
@@ -1,113 +0,0 @@
-From: Jan Beulich <jbeulich@suse.com>
-Subject: xen-blkback: don't leak stack data via response ring
-
-Rather than constructing a local structure instance on the stack, fill
-the fields directly on the shared ring, just like other backends do.
-Build on the fact that all response structure flavors are actually
-identical (the old code did make this assumption too).
-
-This is XSA-216.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
-
---- a/drivers/block/xen-blkback/blkback.c
-+++ b/drivers/block/xen-blkback/blkback.c
-@@ -1436,34 +1436,35 @@ static int dispatch_rw_block_io(struct x
- static void make_response(struct xen_blkif_ring *ring, u64 id,
- 			  unsigned short op, int st)
- {
--	struct blkif_response  resp;
-+	struct blkif_response *resp;
- 	unsigned long     flags;
- 	union blkif_back_rings *blk_rings;
- 	int notify;
- 
--	resp.id        = id;
--	resp.operation = op;
--	resp.status    = st;
--
- 	spin_lock_irqsave(&ring->blk_ring_lock, flags);
- 	blk_rings = &ring->blk_rings;
- 	/* Place on the response ring for the relevant domain. */
- 	switch (ring->blkif->blk_protocol) {
- 	case BLKIF_PROTOCOL_NATIVE:
--		memcpy(RING_GET_RESPONSE(&blk_rings->native, blk_rings->native.rsp_prod_pvt),
--		       &resp, sizeof(resp));
-+		resp = RING_GET_RESPONSE(&blk_rings->native,
-+					 blk_rings->native.rsp_prod_pvt);
- 		break;
- 	case BLKIF_PROTOCOL_X86_32:
--		memcpy(RING_GET_RESPONSE(&blk_rings->x86_32, blk_rings->x86_32.rsp_prod_pvt),
--		       &resp, sizeof(resp));
-+		resp = RING_GET_RESPONSE(&blk_rings->x86_32,
-+					 blk_rings->x86_32.rsp_prod_pvt);
- 		break;
- 	case BLKIF_PROTOCOL_X86_64:
--		memcpy(RING_GET_RESPONSE(&blk_rings->x86_64, blk_rings->x86_64.rsp_prod_pvt),
--		       &resp, sizeof(resp));
-+		resp = RING_GET_RESPONSE(&blk_rings->x86_64,
-+					 blk_rings->x86_64.rsp_prod_pvt);
- 		break;
- 	default:
- 		BUG();
- 	}
-+
-+	resp->id        = id;
-+	resp->operation = op;
-+	resp->status    = st;
-+
- 	blk_rings->common.rsp_prod_pvt++;
- 	RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&blk_rings->common, notify);
- 	spin_unlock_irqrestore(&ring->blk_ring_lock, flags);
---- a/drivers/block/xen-blkback/common.h
-+++ b/drivers/block/xen-blkback/common.h
-@@ -75,9 +75,8 @@ extern unsigned int xenblk_max_queues;
- struct blkif_common_request {
- 	char dummy;
- };
--struct blkif_common_response {
--	char dummy;
--};
-+
-+/* i386 protocol version */
- 
- struct blkif_x86_32_request_rw {
- 	uint8_t        nr_segments;  /* number of segments                   */
-@@ -129,14 +128,6 @@ struct blkif_x86_32_request {
- 	} u;
- } __attribute__((__packed__));
- 
--/* i386 protocol version */
--#pragma pack(push, 4)
--struct blkif_x86_32_response {
--	uint64_t        id;              /* copied from request */
--	uint8_t         operation;       /* copied from request */
--	int16_t         status;          /* BLKIF_RSP_???       */
--};
--#pragma pack(pop)
- /* x86_64 protocol version */
- 
- struct blkif_x86_64_request_rw {
-@@ -193,18 +184,12 @@ struct blkif_x86_64_request {
- 	} u;
- } __attribute__((__packed__));
- 
--struct blkif_x86_64_response {
--	uint64_t       __attribute__((__aligned__(8))) id;
--	uint8_t         operation;       /* copied from request */
--	int16_t         status;          /* BLKIF_RSP_???       */
--};
--
- DEFINE_RING_TYPES(blkif_common, struct blkif_common_request,
--		  struct blkif_common_response);
-+		  struct blkif_response);
- DEFINE_RING_TYPES(blkif_x86_32, struct blkif_x86_32_request,
--		  struct blkif_x86_32_response);
-+		  struct blkif_response __packed);
- DEFINE_RING_TYPES(blkif_x86_64, struct blkif_x86_64_request,
--		  struct blkif_x86_64_response);
-+		  struct blkif_response);
- 
- union blkif_back_rings {
- 	struct blkif_back_ring        native;
diff --git a/series.conf b/series.conf
index a4bbaa1..0950b46 100644
--- a/series.conf
+++ b/series.conf
@@ -19,7 +19,6 @@ patches.xen/xsa155-linux44-0010-xen-netfront-do-not-use-data-already-exposed-to-
 patches.xen/xsa155-linux-0011-xen-netfront-add-range-check-for-Tx-response-id.patch
 patches.xen/xsa155-linux312-0012-xen-blkfront-make-local-copy-of-response-before-usin.patch
 patches.xen/xsa155-linux44-0013-xen-blkfront-prepare-request-locally-only-then-put-i.patch
-patches.xen/xsa216-linux-4.11.patch
 
 # MSI-X enabled device passthrough fix (#1734)
 patches.xen/pci_op-cleanup.patch