From nobody Thu Oct 2 14:27:45 2025 Received: from out30-132.freemail.mail.aliyun.com (out30-132.freemail.mail.aliyun.com [115.124.30.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9BFD41DED52 for ; Tue, 16 Sep 2025 08:49:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=115.124.30.132 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758012550; cv=none; b=N3tzCKpqwS/cOf3CAaGdz8VKnvkDKYU6UZ45SAdTO3DJWN6EVmXY8I63ZU9KZlYZx/wexNpP5wYpZvVaDjB5f+SMXZnpR3Sd0PMc0rlhQKhUuTI4KjvldI2dNqtcRjnq0cwcD0uhWwVvTHui0e0Rst4Q8RNVx0Y3lae2yX+/b3w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758012550; c=relaxed/simple; bh=Npbs9qszfbSsYmrbOjYViY2aw34lCwB9UQHAwRW2LaI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=XLg+vKhS3P5odUFuY3vSthSMhH/BXMuk5UugQ0AFae3MnEMbOXpGaeSnFw2ChnWFP5wcu7TZn8fLXwg8jagRjzXmRG+eeA5LodruWhW0eL1WXvBJefjPuwZBQ8Qn3+ZclQw7mK+wPfovlcOHKPRFbtr9HY4PfoaFe4EAcEsBXu8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com; spf=pass smtp.mailfrom=linux.alibaba.com; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b=VgXSbwNM; arc=none smtp.client-ip=115.124.30.132 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b="VgXSbwNM" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.alibaba.com; s=default; t=1758012537; h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type; bh=8qnhYfS7VrRZICNtKs2/xri74kwNWI+Epqo+8EzBylY=; b=VgXSbwNM2zexoAMcXBff4RVUSlWlrPzs7RfqfT33BOsAhTJk/7HPOp+QzqU002pPo3SoGbbBSKiPiMUVLP6sXziIcqvsPfDe262iiVmUXMjUSeBJdUvMtaUR7i+uyt5GDaTQEe6omkoZFE2y6nD0qvXBjroopJmH21cWw3YLGbk= Received: from x31i01179.sqa.na131.tbsite.net(mailfrom:hsiangkao@linux.alibaba.com fp:SMTPD_---0Wo81C3I_1758012532 cluster:ay36) by smtp.aliyun-inc.com; Tue, 16 Sep 2025 16:48:56 +0800 From: Gao Xiang To: linux-erofs@lists.ozlabs.org Cc: LKML , Gao Xiang , syzbot+1a9af3ef3c84c5e14dcc@syzkaller.appspotmail.com Subject: [PATCH] erofs: avoid reading more for fragment maps Date: Tue, 16 Sep 2025 16:48:51 +0800 Message-ID: <20250916084851.1759111-1-hsiangkao@linux.alibaba.com> X-Mailer: git-send-email 2.43.5 In-Reply-To: <68c8583d.050a0220.2ff435.03a3.GAE@google.com> References: <68c8583d.050a0220.2ff435.03a3.GAE@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Since all real encoded extents (directly handled by the decompression subsystem) have a sane, limited maximum decoded length (Z_EROFS_PCLUSTER_MAX_DSIZE), and the read=E2=80=91more policy is only appl= ied if needed. However, it makes no sense to read more for non=E2=80=91encoded maps, such = as fragment extents, since such extents can be huge (up to i_size) and there is no benefit to reading more at this layer. For normal images, it does not really matter, but for crafted images generated by syzbot, excessively large fragment extents can cause read=E2=80=91more to run for an overly long time. Reported-by: syzbot+1a9af3ef3c84c5e14dcc@syzkaller.appspotmail.com Closes: https://lore.kernel.org/r/68c8583d.050a0220.2ff435.03a3.GAE@google.= com Fixes: b44686c8391b ("erofs: fix large fragment handling") Fixes: b15b2e307c3a ("erofs: support on-disk compressed fragments data") Signed-off-by: Gao Xiang Reviewed-by: Chao Yu --- fs/erofs/zdata.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/erofs/zdata.c b/fs/erofs/zdata.c index 2d73297003d2..625b8ae8f67f 100644 --- a/fs/erofs/zdata.c +++ b/fs/erofs/zdata.c @@ -1835,7 +1835,7 @@ static void z_erofs_pcluster_readmore(struct z_erofs_= frontend *f, map->m_la =3D end; err =3D z_erofs_map_blocks_iter(inode, map, EROFS_GET_BLOCKS_READMORE); - if (err) + if (err || !(map->m_flags & EROFS_MAP_ENCODED)) return; =20 /* expand ra for the trailing edge if readahead */ @@ -1847,7 +1847,7 @@ static void z_erofs_pcluster_readmore(struct z_erofs_= frontend *f, end =3D round_up(end, PAGE_SIZE); } else { end =3D round_up(map->m_la, PAGE_SIZE); - if (!map->m_llen) + if (!(map->m_flags & EROFS_MAP_ENCODED) || !map->m_llen) return; } =20 --=20 2.43.5