From: Zhao Lei Date: Tue, 20 Jan 2015 07:11:31 +0000 (+0800) Subject: Btrfs: fix a out-of-bound access of raid_map X-Git-Tag: firefly_0821_release~176^2~2126^2~62 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=e34c330d639177bbb345bf2bde16613b00cc6e6b;p=firefly-linux-kernel-4.4.55.git Btrfs: fix a out-of-bound access of raid_map We add the number of stripes on target devices into bbio->num_stripes if we are under device replacement, and we just sort the raid_map of those stripes that not on the target devices, so if when we need real raid_map, we need skip the stripes on the target devices. Signed-off-by: Zhao Lei Signed-off-by: Miao Xie Signed-off-by: Chris Mason --- diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c index 53575a45f7d1..673e32be88fa 100644 --- a/fs/btrfs/scrub.c +++ b/fs/btrfs/scrub.c @@ -1299,7 +1299,9 @@ out: static inline int scrub_nr_raid_mirrors(struct btrfs_bio *bbio, u64 *raid_map) { if (raid_map) { - if (raid_map[bbio->num_stripes - 1] == RAID6_Q_STRIPE) + int real_stripes = bbio->num_stripes - bbio->num_tgtdevs; + + if (raid_map[real_stripes - 1] == RAID6_Q_STRIPE) return 3; else return 2; @@ -1420,7 +1422,8 @@ leave_nomem: scrub_stripe_index_and_offset(logical, raid_map, mapped_length, - bbio->num_stripes, + bbio->num_stripes - + bbio->num_tgtdevs, mirror_index, &stripe_index, &stripe_offset);