From: Sasha Levin <sasha.levin@oracle.com>
Date: Thu, 28 Feb 2013 01:03:28 +0000 (-0800)
Subject: kexec: prevent double free on image allocation failure
X-Git-Tag: v3.9~314^2~124
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=fe88f2ee33731f0934e8fb26f762b6715e43ff6f;p=platform%2Fkernel%2Flinux-amlogic.git

kexec: prevent double free on image allocation failure

If kimage_normal_alloc() fails to initialize an allocated kimage, it will
free the image but would still set 'rimage', as a result kexec_load will
try to free it again.

This would explode as part of the freeing process is accessing internal
members which point to uninitialized memory.

Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Zhang Yanfei <zhangyanfei@cn.fujitsu.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---

diff --git a/kernel/kexec.c b/kernel/kexec.c
index 2348bd6..855bfbb 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -242,8 +242,6 @@ static int kimage_normal_alloc(struct kimage **rimage, unsigned long entry,
 	if (result)
 		goto out;
 
-	*rimage = image;
-
 	/*
 	 * Find a location for the control code buffer, and add it
 	 * the vector of segments so that it's pages will also be