aix-unpin-after-free-20080520

LICENSE IPL10
FIXES 99456

in order that cleanup be safe we need to do it this way

diff --git a/src/afs/afs_icl.c b/src/afs/afs_icl.c
index 69abd90..d4c3970 100644 (file)
--- a/src/afs/afs_icl.c
+++ b/src/afs/afs_icl.c
@@ -1016,10 +1016,10 @@ afs_icl_LogFreeUse(register struct afs_icl_log *logp)
     ObtainWriteLock(&logp->lock, 189);
     if (--logp->setCount == 0) {
        /* no more users -- free it (but keep log structure around) */
+       afs_osi_Free(logp->datap, sizeof(afs_int32) * logp->logSize);
 #ifdef KERNEL_HAVE_PIN
        unpin((char *)logp->datap, sizeof(afs_int32) * logp->logSize);
 #endif
-       afs_osi_Free(logp->datap, sizeof(afs_int32) * logp->logSize);
        logp->firstUsed = logp->firstFree = 0;
        logp->logElements = 0;
        logp->datap = NULL;
@@ -1042,10 +1042,10 @@ afs_icl_LogSetSize(register struct afs_icl_log *logp, afs_int32 logSize)
        logp->logElements = 0;
 
        /* free and allocate a new one */
+       afs_osi_Free(logp->datap, sizeof(afs_int32) * logp->logSize);
 #ifdef KERNEL_HAVE_PIN
        unpin((char *)logp->datap, sizeof(afs_int32) * logp->logSize);
 #endif
-       afs_osi_Free(logp->datap, sizeof(afs_int32) * logp->logSize);
        logp->datap =
            (afs_int32 *) afs_osi_Alloc(sizeof(afs_int32) * logSize);
 #ifdef KERNEL_HAVE_PIN
@@ -1069,10 +1069,10 @@ afs_icl_ZapLog(register struct afs_icl_log *logp)
            /* found the dude we want to remove */
            *lpp = logp->nextp;
            osi_FreeSmallSpace(logp->name);
+           afs_osi_Free(logp->datap, sizeof(afs_int32) * logp->logSize);
 #ifdef KERNEL_HAVE_PIN
            unpin((char *)logp->datap, sizeof(afs_int32) * logp->logSize);
 #endif
-           afs_osi_Free(logp->datap, sizeof(afs_int32) * logp->logSize);
            osi_FreeSmallSpace(logp);
            break;              /* won't find it twice */
        }
@@ -1330,10 +1330,10 @@ afs_icl_ZapSet(register struct afs_icl_set *setp)
            /* found the dude we want to remove */
            *lpp = setp->nextp;
            osi_FreeSmallSpace(setp->name);
+           afs_osi_Free(setp->eventFlags, ICL_DEFAULTEVENTS);
 #ifdef KERNEL_HAVE_PIN
            unpin((char *)setp->eventFlags, ICL_DEFAULTEVENTS);
 #endif
-           afs_osi_Free(setp->eventFlags, ICL_DEFAULTEVENTS);
            for (i = 0; i < ICL_LOGSPERSET; i++) {
                if ((tlp = setp->logs[i]))
                    afs_icl_LogReleNL(tlp);

diff --git a/src/afs/afs_osi_alloc.c b/src/afs/afs_osi_alloc.c
index e7108a7..91ad583 100644 (file)
--- a/src/afs/afs_osi_alloc.c
+++ b/src/afs/afs_osi_alloc.c
@@ -233,18 +233,18 @@ shutdown_osinet(void)
 
        while ((tp = freePacketList)) {
            freePacketList = tp->next;
+           afs_osi_Free(tp, AFS_LRALLOCSIZ);
 #ifdef  KERNEL_HAVE_PIN
            unpin(tp, AFS_LRALLOCSIZ);
 #endif
-           afs_osi_Free(tp, AFS_LRALLOCSIZ);
        }
 
        while ((tp = freeSmallList)) {
            freeSmallList = tp->next;
+           afs_osi_Free(tp, AFS_SMALLOCSIZ);
 #ifdef  KERNEL_HAVE_PIN
            unpin(tp, AFS_SMALLOCSIZ);
 #endif
-           afs_osi_Free(tp, AFS_SMALLOCSIZ);
        }
        LOCK_INIT(&osi_fsplock, "osi_fsplock");
        LOCK_INIT(&osi_flplock, "osi_flplock");

diff --git a/src/afs/afs_vcache.c b/src/afs/afs_vcache.c
index 2c74d4b..9c67dfd 100644 (file)
--- a/src/afs/afs_vcache.c
+++ b/src/afs/afs_vcache.c
@@ -3087,12 +3087,12 @@ shutdown_vcache(void)
     }
     afs_cbrSpace = 0;
 
-#ifdef  KERNEL_HAVE_PIN
-    unpin(Initial_freeVCList, afs_cacheStats * sizeof(struct vcache));
-#endif
 #if !defined(AFS_OSF_ENV) && !defined(AFS_LINUX22_ENV)
     afs_osi_Free(Initial_freeVCList, afs_cacheStats * sizeof(struct vcache));
 #endif
+#ifdef  KERNEL_HAVE_PIN
+    unpin(Initial_freeVCList, afs_cacheStats * sizeof(struct vcache));
+#endif
 
 #if !defined(AFS_OSF_ENV) && !defined(AFS_LINUX22_ENV)
     freeVCList = Initial_freeVCList = 0;