summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChunwei Chen <[email protected]>2016-05-27 15:44:52 -0700
committerBrian Behlendorf <[email protected]>2016-05-31 16:04:26 -0700
commit06ee0031a6d658bbf4ab953070ff4cdf4af64496 (patch)
tree57b809c411dbba1817d9009201ed7fe2c1122390
parent540c39279322cb278ad45840f260fe4b92c3c8b7 (diff)
Fix memleak in zpl_parse_options
strsep() will advance tmp_mntopts, and will change it to NULL on last iteration. This will cause strfree(tmp_mntopts) to not free anything. unreferenced object 0xffff8800883976c0 (size 64): comm "mount.zfs", pid 3361, jiffies 4294931877 (age 1482.408s) hex dump (first 32 bytes): 72 77 00 73 74 72 69 63 74 61 74 69 6d 65 00 7a rw.strictatime.z 66 73 75 74 69 6c 00 6d 6e 74 70 6f 69 6e 74 3d fsutil.mntpoint= backtrace: [<ffffffff81810c4e>] kmemleak_alloc+0x4e/0xb0 [<ffffffff811f9cac>] __kmalloc+0x16c/0x250 [<ffffffffc065ce9b>] strdup+0x3b/0x60 [spl] [<ffffffffc080fad6>] zpl_parse_options+0x56/0x300 [zfs] [<ffffffffc080fe46>] zpl_mount+0x36/0x80 [zfs] [<ffffffff81222dc8>] mount_fs+0x38/0x160 [<ffffffff81240097>] vfs_kern_mount+0x67/0x110 [<ffffffff812428e0>] do_mount+0x250/0xe20 [<ffffffff812437d5>] SyS_mount+0x95/0xe0 [<ffffffff8181aff6>] entry_SYSCALL_64_fastpath+0x1e/0xa8 [<ffffffffffffffff>] 0xffffffffffffffff Signed-off-by: Chunwei Chen <[email protected]> Signed-off-by: Tony Hutter <[email protected]> Signed-off-by: Brian Behlendorf <[email protected]> Closes #4706 Issue #4708
-rw-r--r--module/zfs/zpl_super.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/module/zfs/zpl_super.c b/module/zfs/zpl_super.c
index bcdbbd69e..91c36c9e3 100644
--- a/module/zfs/zpl_super.c
+++ b/module/zfs/zpl_super.c
@@ -336,12 +336,12 @@ zpl_parse_options(char *osname, char *mntopts, zfs_mntopts_t *zmo,
if (mntopts) {
substring_t args[MAX_OPT_ARGS];
- char *tmp_mntopts, *p;
+ char *tmp_mntopts, *p, *t;
int token;
- tmp_mntopts = strdup(mntopts);
+ t = tmp_mntopts = strdup(mntopts);
- while ((p = strsep(&tmp_mntopts, ",")) != NULL) {
+ while ((p = strsep(&t, ",")) != NULL) {
if (!*p)
continue;