Btrfs: fix a out-of-bound access of raid_map

We add the number of stripes on target devices into bbio->num_stripes
if we are under device replacement, and we just sort the raid_map of
those stripes that not on the target devices, so if when we need
real raid_map, we need skip the stripes on the target devices.

Signed-off-by: Zhao Lei <zhaolei@cn.fujitsu.com>
Signed-off-by: Miao Xie <miaox@cn.fujitsu.com>
Signed-off-by: Chris Mason <clm@fb.com>

fs/btrfs/scrub.c

@@ -1299,7 +1299,9 @@ out:
 static inline int scrub_nr_raid_mirrors(struct btrfs_bio *bbio, u64 *raid_map)
 {
 	if (raid_map) {
-		if (raid_map[bbio->num_stripes - 1] == RAID6_Q_STRIPE)
+		int real_stripes = bbio->num_stripes - bbio->num_tgtdevs;
+
+		if (raid_map[real_stripes - 1] == RAID6_Q_STRIPE)
 			return 3;
 		else
 			return 2;
@@ -1420,7 +1422,8 @@ leave_nomem:
 
 			scrub_stripe_index_and_offset(logical, raid_map,
 						      mapped_length,
-						      bbio->num_stripes,
+						      bbio->num_stripes -
+						      bbio->num_tgtdevs,
 						      mirror_index,
 						      &stripe_index,
 						      &stripe_offset);