lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <901162ef-e607-4db3-976b-33b81e322c6b@oracle.com>
Date: Tue, 29 Jul 2025 08:50:18 -0500
From: Dave Kleikamp <dave.kleikamp@...cle.com>
To: Zheng Yu <zheng.yu@...thwestern.edu>
Cc: "eadavis@...com" <eadavis@...com>,
        "rand.sec96@...il.com" <rand.sec96@...il.com>,
        "aha310510@...il.com" <aha310510@...il.com>,
        "niharchaithanya@...il.com" <niharchaithanya@...il.com>,
        "kovalev@...linux.org" <kovalev@...linux.org>,
        "jfs-discussion@...ts.sourceforge.net"
 <jfs-discussion@...ts.sourceforge.net>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] jfs: fix metapage reference count leak in dbAllocCtl

On 7/28/25 8:22PM, Zheng Yu wrote:
> In dbAllocCtl(), read_metapage() increases the reference count of the
> metapage. However, when dp->tree.budmin < 0, the function returns -EIO
> without calling release_metapage() to decrease the reference count,
> leading to a memory leak.
> 
> Add release_metapage(mp) before the error return to properly manage
> the metapage reference count and prevent the leak.

Thanks for catching this.

> 
> Fixes: 51a203470f502a64a3da8dcea51c4748e8267a6c ("jfs: fix shift-out-of-bounds in dbSplit")

The correct commit is a5f5e4698f8abbb25fe4959814093fb5bfa1aa9d. I'm 
guessing the above is from one of the stable branches

Also, I'm fixing up the whitespace. You have spaces instead of tabs.

Applying and testing this.

Thanks!

Shaggy
> 
> Signed-off-by: Zheng Yu <zheng.yu@...thwestern.edu>
> ---
>   fs/jfs/jfs_dmap.c | 4 +++-
>   1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c
> index 35e063c9f3a4..5a877261c3fe 100644
> --- a/fs/jfs/jfs_dmap.c
> +++ b/fs/jfs/jfs_dmap.c
> @@ -1809,8 +1809,10 @@ dbAllocCtl(struct bmap * bmp, s64 nblocks, int l2nb, s64 blkno, s64 * results)
>                           return -EIO;
>                   dp = (struct dmap *) mp->data;
>   
> -               if (dp->tree.budmin < 0)
> +               if (dp->tree.budmin < 0) {
> +                       release_metapage(mp);
>                           return -EIO;
> +               }
>   
>                   /* try to allocate the blocks.
>                    */
> --
> 2.43.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ