[Xen-changelog] [xen stable-4.6] kexec: clear kexec_image slot when unloading kexec image

commit 68fa6911900cc5fde84632004a18a14090c4c7a9
Author:     Bhavesh Davda <bhavesh.davda@xxxxxxxxxx>
AuthorDate: Wed May 3 17:14:35 2017 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Wed May 3 17:14:35 2017 +0200

    kexec: clear kexec_image slot when unloading kexec image
    When kexec_do_unload calls kexec_swap_images to get the old kexec_image to
    free, it passes NULL for the new kexec_image pointer. The new slot wasn't 
    cleared in such a case, leading to a stale pointer being left behind in the
    kexec_image array and Xen panics in subsequent load/unload operations.
    Signed-off-by: Bhavesh Davda <bhavesh.davda@xxxxxxxxxx>
    Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
    Reviewed-by: Daniel Kiper <daniel.kiper@xxxxxxxxxx>
    Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    master commit: 5c5216e825332c83b1965b5a39a6100f9dde34da
    master date: 2017-04-04 11:34:57 +0200
 xen/common/kexec.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/xen/common/kexec.c b/xen/common/kexec.c
index 7dd2700..aae9f00 100644
--- a/xen/common/kexec.c
+++ b/xen/common/kexec.c
@@ -834,11 +834,9 @@ static int kexec_swap_images(int type, struct kexec_image 
     old_slot = base + pos;
     new_slot = base + !pos;
+    kexec_image[new_slot] = new;
     if ( new )
-    {
-        kexec_image[new_slot] = new;
         set_bit(new_slot, &kexec_flags);
-    }
     change_bit(bit, &kexec_flags);
     clear_bit(old_slot, &kexec_flags);
generated by git-patchbot for /home/xen/git/xen.git#stable-4.6

