From mboxrd@z Thu Jan  1 00:00:00 1970
From: David Vrabel <david.vrabel@citrix.com>
Subject: [PATCH 1/2] kexec: fix kexec_lock use in
	kexec_swap_images()
Date: Wed, 13 Nov 2013 14:43:48 +0000
Message-ID: <1384353829-3917-2-git-send-email-david.vrabel@citrix.com>
References: <1384353829-3917-1-git-send-email-david.vrabel@citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <1384353829-3917-1-git-send-email-david.vrabel@citrix.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: xen-devel@lists.xen.org
Cc: David Vrabel <david.vrabel@citrix.com>, Jan Beulich <jan.beulich@suse.com>
List-Id: xen-devel@lists.xenproject.org

From: David Vrabel <david.vrabel@citrix.com>

CID 1128573

If a bad image type is supplied in a KEXECOP_unload hypercall, the
kexec_lock in kexec_swap_images() was left locked, causing a deadlock
on a subsequent image load or unload.

The kexec_lock is only required to serialize the swap operation
itself.

Signed-off-by: David Vrabel <david.vrabel@citrix.com>
---
 xen/common/kexec.c |    7 ++-----
 1 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/xen/common/kexec.c b/xen/common/kexec.c
index 9999bab..17f3ed7 100644
--- a/xen/common/kexec.c
+++ b/xen/common/kexec.c
@@ -785,17 +785,14 @@ static int kexec_swap_images(int type, struct kexec_image *new,
 
     *old = NULL;
 
-    spin_lock(&kexec_lock);
-
     if ( test_bit(KEXEC_FLAG_IN_PROGRESS, &kexec_flags) )
-    {
-        spin_unlock(&kexec_lock);
         return -EBUSY;
-    }
 
     if ( kexec_load_get_bits(type, &base, &bit) )
         return -EINVAL;
 
+    spin_lock(&kexec_lock);
+
     pos = (test_bit(bit, &kexec_flags) != 0);
     old_slot = base + pos;
     new_slot = base + !pos;
-- 
1.7.2.5