From 3602878ff7bf3be01ceab81742020e4b10d068f1 Mon Sep 17 00:00:00 2001 From: Chunwei Chen Date: Fri, 27 May 2016 15:44:52 -0700 Subject: [PATCH] Fix memleak in zpl_parse_options strsep() will advance tmp_mntopts, and will change it to NULL on last iteration. This will cause strfree(tmp_mntopts) to not free anything. unreferenced object 0xffff8800883976c0 (size 64): comm "mount.zfs", pid 3361, jiffies 4294931877 (age 1482.408s) hex dump (first 32 bytes): 72 77 00 73 74 72 69 63 74 61 74 69 6d 65 00 7a rw.strictatime.z 66 73 75 74 69 6c 00 6d 6e 74 70 6f 69 6e 74 3d fsutil.mntpoint= backtrace: [] kmemleak_alloc+0x4e/0xb0 [] __kmalloc+0x16c/0x250 [] strdup+0x3b/0x60 [spl] [] zpl_parse_options+0x56/0x300 [zfs] [] zpl_mount+0x36/0x80 [zfs] [] mount_fs+0x38/0x160 [] vfs_kern_mount+0x67/0x110 [] do_mount+0x250/0xe20 [] SyS_mount+0x95/0xe0 [] entry_SYSCALL_64_fastpath+0x1e/0xa8 [] 0xffffffffffffffff Signed-off-by: Chunwei Chen Signed-off-by: Tony Hutter Signed-off-by: Brian Behlendorf Closes #4706 Issue #4708 --- module/zfs/zpl_super.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/module/zfs/zpl_super.c b/module/zfs/zpl_super.c index bcdbbd69e2..91c36c9e36 100644 --- a/module/zfs/zpl_super.c +++ b/module/zfs/zpl_super.c @@ -336,12 +336,12 @@ zpl_parse_options(char *osname, char *mntopts, zfs_mntopts_t *zmo, if (mntopts) { substring_t args[MAX_OPT_ARGS]; - char *tmp_mntopts, *p; + char *tmp_mntopts, *p, *t; int token; - tmp_mntopts = strdup(mntopts); + t = tmp_mntopts = strdup(mntopts); - while ((p = strsep(&tmp_mntopts, ",")) != NULL) { + while ((p = strsep(&t, ",")) != NULL) { if (!*p) continue;