From: Eric Sandeen <sandeen@redhat.com>
Date: Thu, 31 Jan 2013 00:55:01 +0000 (+0000)
Subject: btrfs: ensure we don't overrun devices_info[] in __btrfs_alloc_chunk
X-Git-Tag: v3.12-rc1~1062^2~57^2~33
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=063d006fa06fbf73fab370921120380333a33e85;p=kernel%2Fkernel-generic.git

btrfs: ensure we don't overrun devices_info[] in __btrfs_alloc_chunk

WARN_ON isn't enough, we need to stop the loop if for any reason
we would overrun the devices_info array.

I tried to track down the connection between the length of
the alloc_devices list and the rw_devices counter but
it wasn't immediately obvious, so be defensive about it.

Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Josef Bacik <jbacik@fusionio.com>
---

diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
index c784334..305b6a6 100644
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -3734,12 +3734,16 @@ static int __btrfs_alloc_chunk(struct btrfs_trans_handle *trans,
 		if (max_avail < BTRFS_STRIPE_LEN * dev_stripes)
 			continue;
 
+		if (ndevs == fs_devices->rw_devices) {
+			WARN(1, "%s: found more than %llu devices\n",
+			     __func__, fs_devices->rw_devices);
+			break;
+		}
 		devices_info[ndevs].dev_offset = dev_offset;
 		devices_info[ndevs].max_avail = max_avail;
 		devices_info[ndevs].total_avail = total_avail;
 		devices_info[ndevs].dev = device;
 		++ndevs;
-		WARN_ON(ndevs > fs_devices->rw_devices);
 	}
 
 	/*