kexec: clear kexec_image slot when unloading kexec image

When kexec_do_unload calls kexec_swap_images to get the old kexec_image to
free, it passes NULL for the new kexec_image pointer. The new slot wasn't being
cleared in such a case, leading to a stale pointer being left behind in the
kexec_image array and Xen panics in subsequent load/unload operations.

Signed-off-by: Bhavesh Davda <bhavesh.davda@oracle.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

diff --git a/xen/common/kexec.c b/xen/common/kexec.c
index 940fc7ec943ae0b185d6431bdbbe383e8444401a..072cc8e0db542ed947073155cb805367215832b7 100644 (file)
--- a/xen/common/kexec.c
+++ b/xen/common/kexec.c
@@ -837,11 +837,9 @@ static int kexec_swap_images(int type, struct kexec_image *new,
     old_slot = base + pos;
     new_slot = base + !pos;
 
+    kexec_image[new_slot] = new;
     if ( new )
-    {
-        kexec_image[new_slot] = new;
         set_bit(new_slot, &kexec_flags);
-    }
     change_bit(bit, &kexec_flags);
 
     clear_bit(old_slot, &kexec_flags);