From: Andrii Sultanov <andriy.sultanov@vates.tech>
Subject: tools/oxenstored: Reset quota when resetting permissions

The quota object contains both limits and the current node usage counts.

When a domain is torn down, the node data itself is cleaned up but the node
usage counts are not.  A later domain reusing the same domid can create fewer
nodes before being deemed to be over quota.

Reset the count when the node permissions are cleaned up.

This is XSA-483 / CVE-2026-23556.

Signed-off-by: Andrii Sultanov <andriy.sultanov@vates.tech>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

diff --git a/oxenstored/store.ml b/oxenstored/store.ml
index 3f390155abac..51df81e24d65 100644
--- a/oxenstored/store.ml
+++ b/oxenstored/store.ml
@@ -510,7 +510,8 @@ let reset_permissions store domid =
                 (Node.get_name node) ;
             Some {node with Node.perms}
       )
-      store.root
+      store.root ;
+  store.quota <- Quota.del store.quota domid
 
 type ops = {
     store: t