1. Patchew
  2. linux
  3. View series

[PATCH] jfs: fix metapage reference count leak in dbAllocCtl

Zheng Yu posted 1 patch 2 months, 1 week ago 
fs/jfs/jfs_dmap.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
[PATCH] jfs: fix metapage reference count leak in dbAllocCtl
Posted by Zheng Yu 2 months, 1 week ago 
In dbAllocCtl(), read_metapage() increases the reference count of the
metapage. However, when dp->tree.budmin < 0, the function returns -EIO
without calling release_metapage() to decrease the reference count,
leading to a memory leak.

Add release_metapage(mp) before the error return to properly manage
the metapage reference count and prevent the leak.

Fixes: 51a203470f502a64a3da8dcea51c4748e8267a6c ("jfs: fix shift-out-of-bounds in dbSplit")

Signed-off-by: Zheng Yu <zheng.yu@northwestern.edu>
---
 fs/jfs/jfs_dmap.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c
index 35e063c9f3a4..5a877261c3fe 100644
--- a/fs/jfs/jfs_dmap.c
+++ b/fs/jfs/jfs_dmap.c
@@ -1809,8 +1809,10 @@ dbAllocCtl(struct bmap * bmp, s64 nblocks, int l2nb, s64 blkno, s64 * results)
                         return -EIO;
                 dp = (struct dmap *) mp->data;
 
-               if (dp->tree.budmin < 0)
+               if (dp->tree.budmin < 0) {
+                       release_metapage(mp);
                         return -EIO;
+               }
 
                 /* try to allocate the blocks.
                  */
--
2.43.0
Re: [PATCH] jfs: fix metapage reference count leak in dbAllocCtl
Posted by Dave Kleikamp 2 months, 1 week ago 
On 7/28/25 8:22PM, Zheng Yu wrote:
> In dbAllocCtl(), read_metapage() increases the reference count of the
> metapage. However, when dp->tree.budmin < 0, the function returns -EIO
> without calling release_metapage() to decrease the reference count,
> leading to a memory leak.
> 
> Add release_metapage(mp) before the error return to properly manage
> the metapage reference count and prevent the leak.

Thanks for catching this.

> 
> Fixes: 51a203470f502a64a3da8dcea51c4748e8267a6c ("jfs: fix shift-out-of-bounds in dbSplit")

The correct commit is a5f5e4698f8abbb25fe4959814093fb5bfa1aa9d. I'm 
guessing the above is from one of the stable branches

Also, I'm fixing up the whitespace. You have spaces instead of tabs.

Applying and testing this.

Thanks!

Shaggy
> 
> Signed-off-by: Zheng Yu <zheng.yu@northwestern.edu>
> ---
>   fs/jfs/jfs_dmap.c | 4 +++-
>   1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c
> index 35e063c9f3a4..5a877261c3fe 100644
> --- a/fs/jfs/jfs_dmap.c
> +++ b/fs/jfs/jfs_dmap.c
> @@ -1809,8 +1809,10 @@ dbAllocCtl(struct bmap * bmp, s64 nblocks, int l2nb, s64 blkno, s64 * results)
>                           return -EIO;
>                   dp = (struct dmap *) mp->data;
>   
> -               if (dp->tree.budmin < 0)
> +               if (dp->tree.budmin < 0) {
> +                       release_metapage(mp);
>                           return -EIO;
> +               }
>   
>                   /* try to allocate the blocks.
>                    */
> --
> 2.43.0

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.