From: David Vrabel <david.vrabel@citrix.com>
Date: Fri, 15 Nov 2013 09:59:41 +0000 (+0100)
Subject: kexec: fix kexec_lock use in kexec_swap_images()
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~5955
X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/%22/%22http:/www.example.com/cgi/%22?a=commitdiff_plain;h=029c84d2efbebc02a4e9a6ee9a3a94289ca36f72;p=xen.git

kexec: fix kexec_lock use in kexec_swap_images()

CID 1128573

If a bad image type is supplied in a KEXECOP_unload hypercall, the
kexec_lock in kexec_swap_images() was left locked, causing a deadlock
on a subsequent image load or unload.

The kexec_lock is only required to serialize the swap operation
itself.

Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
---

diff --git a/xen/common/kexec.c b/xen/common/kexec.c
index 9999babce6..17f3ed793d 100644
--- a/xen/common/kexec.c
+++ b/xen/common/kexec.c
@@ -785,17 +785,14 @@ static int kexec_swap_images(int type, struct kexec_image *new,
 
     *old = NULL;
 
-    spin_lock(&kexec_lock);
-
     if ( test_bit(KEXEC_FLAG_IN_PROGRESS, &kexec_flags) )
-    {
-        spin_unlock(&kexec_lock);
         return -EBUSY;
-    }
 
     if ( kexec_load_get_bits(type, &base, &bit) )
         return -EINVAL;
 
+    spin_lock(&kexec_lock);
+
     pos = (test_bit(bit, &kexec_flags) != 0);
     old_slot = base + pos;
     new_slot = base + !pos;