jfs: fix metapage reference count leak in dbAllocCtl

In dbAllocCtl(), read_metapage() increases the reference count of the
metapage. However, when dp->tree.budmin < 0, the function returns -EIO
without calling release_metapage() to decrease the reference count,
leading to a memory leak.

Add release_metapage(mp) before the error return to properly manage
the metapage reference count and prevent the leak.

Fixes: a5f5e4698f8abbb25fe4959814093fb5bfa1aa9d ("jfs: fix shift-out-of-bounds in dbSplit")
Signed-off-by: Zheng Yu <zheng.yu@northwestern.edu>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>

diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c
index 5080d59089bd7896541e45d53825d87dccc9d177..cdfa699cd7c8fa4cddf81d731098645f83f10ff6 100644 (file)
--- a/fs/jfs/jfs_dmap.c
+++ b/fs/jfs/jfs_dmap.c
@@ -1815,8 +1815,10 @@ dbAllocCtl(struct bmap * bmp, s64 nblocks, int l2nb, s64 blkno, s64 * results)
                        return -EIO;
                dp = (struct dmap *) mp->data;
 
-               if (dp->tree.budmin < 0)
+               if (dp->tree.budmin < 0) {
+                       release_metapage(mp);
                        return -EIO;
+               }
 
                /* try to allocate the blocks.
                 */