From: Kent Overstreet <kent.overstreet@gmail.com>
Date: Fri, 11 Jun 2021 03:51:09 +0000 (-0400)
Subject: bcachefs: Fix overflow in journal_replay_entry_early
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=90d22a660a4ed5e1500602f15edcb91ab38a1e7c;p=users%2Fwilly%2Flinux.git

bcachefs: Fix overflow in journal_replay_entry_early

If filesystem on disk was used by a version with a larger BCH_DATA_NR
thas the currently running version, we don't want this to cause a buffer
overrun.

Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com>
---

diff --git a/fs/bcachefs/recovery.c b/fs/bcachefs/recovery.c
index 9bd6348842e0..f32414171aab 100644
--- a/fs/bcachefs/recovery.c
+++ b/fs/bcachefs/recovery.c
@@ -725,7 +725,7 @@ static int journal_replay_entry_early(struct bch_fs *c,
 		ca->usage_base->buckets_ec		= le64_to_cpu(u->buckets_ec);
 		ca->usage_base->buckets_unavailable	= le64_to_cpu(u->buckets_unavailable);
 
-		for (i = 0; i < nr_types; i++) {
+		for (i = 0; i < min_t(unsigned, nr_types, BCH_DATA_NR); i++) {
 			ca->usage_base->d[i].buckets	= le64_to_cpu(u->d[i].buckets);
 			ca->usage_base->d[i].sectors	= le64_to_cpu(u->d[i].sectors);
 			ca->usage_base->d[i].fragmented	= le64_to_cpu(u->d[i].fragmented);