kexec: fix kexec_lock use in kexec_swap_images()

CID 1128573

If a bad image type is supplied in a KEXECOP_unload hypercall, the
kexec_lock in kexec_swap_images() was left locked, causing a deadlock
on a subsequent image load or unload.

The kexec_lock is only required to serialize the swap operation
itself.

Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

diff --git a/xen/common/kexec.c b/xen/common/kexec.c
index 9999babce67653d99f44f17e8aa3c23f2e5323d7..17f3ed793dcd1a586e20e0e2aaea756870fbaf8e 100644 (file)
--- a/xen/common/kexec.c
+++ b/xen/common/kexec.c
@@ -785,17 +785,14 @@ static int kexec_swap_images(int type, struct kexec_image *new,
 
     *old = NULL;
 
-    spin_lock(&kexec_lock);
-
     if ( test_bit(KEXEC_FLAG_IN_PROGRESS, &kexec_flags) )
-    {
-        spin_unlock(&kexec_lock);
         return -EBUSY;
-    }
 
     if ( kexec_load_get_bits(type, &base, &bit) )
         return -EINVAL;
 
+    spin_lock(&kexec_lock);
+
     pos = (test_bit(bit, &kexec_flags) != 0);
     old_slot = base + pos;
     new_slot = base + !pos;