From: Bhavesh Davda <bhavesh.davda@oracle.com>
Date: Tue, 4 Apr 2017 09:34:57 +0000 (+0200)
Subject: kexec: clear kexec_image slot when unloading kexec image
X-Git-Tag: archive/raspbian/4.11.1-1+rpi1~1^2~66^2~2363
X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/success//%22http:/www.example.com/cgi/success/?a=commitdiff_plain;h=5c5216e825332c83b1965b5a39a6100f9dde34da;p=xen.git

kexec: clear kexec_image slot when unloading kexec image

When kexec_do_unload calls kexec_swap_images to get the old kexec_image to
free, it passes NULL for the new kexec_image pointer. The new slot wasn't being
cleared in such a case, leading to a stale pointer being left behind in the
kexec_image array and Xen panics in subsequent load/unload operations.

Signed-off-by: Bhavesh Davda <bhavesh.davda@oracle.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
---

diff --git a/xen/common/kexec.c b/xen/common/kexec.c
index 940fc7ec94..072cc8e0db 100644
--- a/xen/common/kexec.c
+++ b/xen/common/kexec.c
@@ -837,11 +837,9 @@ static int kexec_swap_images(int type, struct kexec_image *new,
     old_slot = base + pos;
     new_slot = base + !pos;
 
+    kexec_image[new_slot] = new;
     if ( new )
-    {
-        kexec_image[new_slot] = new;
         set_bit(new_slot, &kexec_flags);
-    }
     change_bit(bit, &kexec_flags);
 
     clear_bit(old_slot, &kexec_flags);