6964154 Missing unlock in set_all_zone_usr_proc_sys()

6964159 Missing unlock in immu_quiesce() and immu_unquiesce()
6964162 Pointer dereferenced before NULL check in kcpc_reqs_add()
6964446 Uninitialized variable used in rootnex_coredma_bindhdl()
6965638 Potential memory leak in configure_ffc()
6965642 Freeing variable that may be NULL in kmem_free()

7 files changed, 23 insertions, 21 deletions

diff --git a/usr/src/uts/common/os/kcpc.c b/usr/src/uts/common/os/kcpc.c
index 50a999dcc5..c9707c5b48 100644
--- a/usr/src/uts/common/os/kcpc.c
+++ b/usr/src/uts/common/os/kcpc.c
@@ -20,8 +20,7 @@
  */
 
 /*
- * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
  */
 
 #include <sys/param.h>
@@ -2281,10 +2280,11 @@ kcpc_reqs_add(kcpc_request_list_t *req_list, char *event, uint64_t preset,
 {
 	kcpc_request_t	*req;
 
-	ASSERT(req_list->krl_max != 0);
 	if (req_list == NULL || req_list->krl_list == NULL)
 		return (-1);
 
+	ASSERT(req_list->krl_max != 0);
+
 	/*
 	 * Allocate more space (if needed)
 	 */
diff --git a/usr/src/uts/common/os/kmem.c b/usr/src/uts/common/os/kmem.c
index 56b67b3147..dbd7c9a1ea 100644
--- a/usr/src/uts/common/os/kmem.c
+++ b/usr/src/uts/common/os/kmem.c
@@ -2971,6 +2971,7 @@ kmem_free(void *buf, size_t size)
 		/* fall through to kmem_cache_free() */
 
 	} else {
+		EQUIV(buf == NULL, size == 0);
 		if (buf == NULL && size == 0)
 			return;
 		vmem_free(kmem_oversize_arena, buf, size);
diff --git a/usr/src/uts/i86pc/io/immu.c b/usr/src/uts/i86pc/io/immu.c
index fb4c35f772..ed21bf8655 100644
--- a/usr/src/uts/i86pc/io/immu.c
+++ b/usr/src/uts/i86pc/io/immu.c
@@ -1215,8 +1215,10 @@ immu_quiesce(void)
 
 	mutex_enter(&immu_lock);
 
-	if (immu_running == B_FALSE)
+	if (immu_running == B_FALSE) {
+		mutex_exit(&immu_lock);
 		return (DDI_SUCCESS);
+	}
 
 	immu = list_head(&immu_list);
 	for (; immu; immu = list_next(&immu_list, immu)) {
@@ -1249,12 +1251,12 @@ immu_quiesce(void)
 
 		mutex_exit(&(immu->immu_lock));
 	}
-	mutex_exit(&immu_lock);
 
 	if (ret == DDI_SUCCESS) {
 		immu_running = B_FALSE;
 		immu_quiesced = B_TRUE;
 	}
+	mutex_exit(&immu_lock);
 
 	return (ret);
 }
@@ -1271,8 +1273,10 @@ immu_unquiesce(void)
 
 	mutex_enter(&immu_lock);
 
-	if (immu_quiesced == B_FALSE)
+	if (immu_quiesced == B_FALSE) {
+		mutex_exit(&immu_lock);
 		return (DDI_SUCCESS);
+	}
 
 	immu = list_head(&immu_list);
 	for (; immu; immu = list_next(&immu_list, immu)) {
diff --git a/usr/src/uts/i86pc/io/rootnex.c b/usr/src/uts/i86pc/io/rootnex.c
index 2bdaafec6b..0f42739f23 100644
--- a/usr/src/uts/i86pc/io/rootnex.c
+++ b/usr/src/uts/i86pc/io/rootnex.c
@@ -1988,10 +1988,11 @@ rootnex_coredma_bindhdl(dev_info_t *dip, dev_info_t *rdip,
 	sinfo = &dma->dp_sglinfo;
 	attr = &hp->dmai_attr;
 
+	/* convert the sleep flags */
 	if (dmareq->dmar_fp == DDI_DMA_SLEEP) {
-		dma->dp_sleep_flags = KM_SLEEP;
+		dma->dp_sleep_flags = kmflag = KM_SLEEP;
 	} else {
-		dma->dp_sleep_flags = KM_NOSLEEP;
+		dma->dp_sleep_flags = kmflag = KM_NOSLEEP;
 	}
 
 	hp->dmai_rflags = dmareq->dmar_flags & DMP_DDIFLAGS;
@@ -2121,13 +2122,6 @@ rootnex_coredma_bindhdl(dev_info_t *dip, dev_info_t *rdip,
 	 * the bind interface would speed this case up.
 	 */
 	} else {
-		/* convert the sleep flags */
-		if (dmareq->dmar_fp == DDI_DMA_SLEEP) {
-			kmflag =  KM_SLEEP;
-		} else {
-			kmflag =  KM_NOSLEEP;
-		}
-
 		/*
 		 * Save away how much memory we allocated. If we're doing a
 		 * nosleep, the alloc could fail...
diff --git a/usr/src/uts/intel/ia32/os/syscall.c b/usr/src/uts/intel/ia32/os/syscall.c
index e2b6fd0a88..f2087a2023 100644
--- a/usr/src/uts/intel/ia32/os/syscall.c
+++ b/usr/src/uts/intel/ia32/os/syscall.c
@@ -20,8 +20,7 @@
  */
 
 /*
- * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
  */
 
 #include <sys/param.h>
@@ -1357,8 +1356,10 @@ set_all_zone_usr_proc_sys(zoneid_t zoneid)
 		 */
 		if (zoneid == ALL_ZONES || p->p_zone->zone_id == zoneid) {
 			mutex_enter(&p->p_lock);
-			if ((t = p->p_tlist) == NULL)
+			if ((t = p->p_tlist) == NULL) {
+				mutex_exit(&p->p_lock);
 				continue;
+			}
 			/*
 			 * Set pre- and post-syscall processing flags
 			 * for all threads of the process
diff --git a/usr/src/uts/intel/pcbe/core_pcbe.c b/usr/src/uts/intel/pcbe/core_pcbe.c
index ea0164ef3d..bc571c45e9 100644
--- a/usr/src/uts/intel/pcbe/core_pcbe.c
+++ b/usr/src/uts/intel/pcbe/core_pcbe.c
@@ -1793,6 +1793,7 @@ configure_ffc(uint_t picnum, char *event, uint64_t preset, uint32_t flags,
 	for (i = 0; i < nattrs; i++) {
 		if (strncmp(attrs[i].ka_name, "anythr", 7) == 0) {
 			if (secpolicy_cpc_cpu(crgetcred()) != 0) {
+				kmem_free(conf, sizeof (core_pcbe_config_t));
 				return (CPC_ATTR_REQUIRES_PRIVILEGE);
 			}
 			if (attrs[i].ka_val != 0) {
diff --git a/usr/src/uts/sparc/os/syscall.c b/usr/src/uts/sparc/os/syscall.c
index 6157f6addd..06e14ea513 100644
--- a/usr/src/uts/sparc/os/syscall.c
+++ b/usr/src/uts/sparc/os/syscall.c
@@ -20,8 +20,7 @@
  */
 
 /*
- * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 1991, 2010, Oracle and/or its affiliates. All rights reserved.
  */
 
 #include <sys/param.h>
@@ -1197,8 +1196,10 @@ set_all_zone_usr_proc_sys(zoneid_t zoneid)
 		 */
 		if (zoneid == ALL_ZONES || p->p_zone->zone_id == zoneid) {
 			mutex_enter(&p->p_lock);
-			if ((t = p->p_tlist) == NULL)
+			if ((t = p->p_tlist) == NULL) {
+				mutex_exit(&p->p_lock);
 				continue;
+			}
 			/*
 			 * Set pre- and post-syscall processing flags
 			 * for all threads of the process