Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / kernel / common / e34c330d639177bbb345bf2bde16613b00cc6e6b^! / . / fs / btrfs / scrub.c
commite34c330d639177bbb345bf2bde16613b00cc6e6b[log] [tgz]
authorZhao Lei <zhaolei@cn.fujitsu.com>Tue Jan 20 15:11:31 2015 +0800
committerChris Mason <clm@fb.com>Wed Jan 21 18:06:47 2015 -0800
treed08a3f23ae3609cba9fca83b22943c7a04032349
parentdf8d116ffa379f3ef09d7ff28da0f0c921cc9fa1 [diff] [blame]
Btrfs: fix a out-of-bound access of raid_map

We add the number of stripes on target devices into bbio->num_stripes
if we are under device replacement, and we just sort the raid_map of
those stripes that not on the target devices, so if when we need
real raid_map, we need skip the stripes on the target devices.

Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
Signed-off-by: Chris Mason <clm@fb.com>

diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c
index 53575a4..673e32b 100644
--- a/fs/btrfs/scrub.c
+++ b/fs/btrfs/scrub.c

@@ -1299,7 +1299,9 @@
 static inline int scrub_nr_raid_mirrors(struct btrfs_bio *bbio, u64 *raid_map)
 {
 	if (raid_map) {
-		if (raid_map[bbio->num_stripes - 1] == RAID6_Q_STRIPE)
+		int real_stripes = bbio->num_stripes - bbio->num_tgtdevs;
+
+		if (raid_map[real_stripes - 1] == RAID6_Q_STRIPE)
 			return 3;
 		else
 			return 2;
@@ -1420,7 +1422,8 @@
 
 			scrub_stripe_index_and_offset(logical, raid_map,
 						      mapped_length,
-						      bbio->num_stripes,
+						      bbio->num_stripes -
+						      bbio->num_tgtdevs,
 						      mirror_index,
 						      &stripe_index,
 						      &stripe_offset);