[PATCH] erofs: avoid reading more for fragment maps

[Hongbo Li]

On 2025/9/16 16:48, Gao Xiang wrote:
> Since all real encoded extents (directly handled by the decompression
> subsystem) have a sane, limited maximum decoded length
> (Z_EROFS_PCLUSTER_MAX_DSIZE), and the read‑more policy is only applied
> if needed.
> 
> However, it makes no sense to read more for non‑encoded maps, such as
> fragment extents, since such extents can be huge (up to i_size) and
> there is no benefit to reading more at this layer.
> 
> For normal images, it does not really matter, but for crafted images
> generated by syzbot, excessively large fragment extents can cause
> read‑more to run for an overly long time.
> 
> Reported-by: syzbot+1a9af3ef3c84c5e14dcc at syzkaller.appspotmail.com
> Closes: https://lore.kernel.org/r/68c8583d.050a0220.2ff435.03a3.GAE@google.com
> Fixes: b44686c8391b ("erofs: fix large fragment handling")
> Fixes: b15b2e307c3a ("erofs: support on-disk compressed fragments data")
> Signed-off-by: Gao Xiang <hsiangkao at linux.alibaba.com>
> ---

Reviewed-by: Hongbo Li <lihongbo22 at huawei.com>

Thanks,
Hongbo

>   fs/erofs/zdata.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/erofs/zdata.c b/fs/erofs/zdata.c
> index 2d73297003d2..625b8ae8f67f 100644
> --- a/fs/erofs/zdata.c
> +++ b/fs/erofs/zdata.c
> @@ -1835,7 +1835,7 @@ static void z_erofs_pcluster_readmore(struct z_erofs_frontend *f,
>   		map->m_la = end;
>   		err = z_erofs_map_blocks_iter(inode, map,
>   					      EROFS_GET_BLOCKS_READMORE);
> -		if (err)
> +		if (err || !(map->m_flags & EROFS_MAP_ENCODED))
>   			return;
>   
>   		/* expand ra for the trailing edge if readahead */
> @@ -1847,7 +1847,7 @@ static void z_erofs_pcluster_readmore(struct z_erofs_frontend *f,
>   		end = round_up(end, PAGE_SIZE);
>   	} else {
>   		end = round_up(map->m_la, PAGE_SIZE);
> -		if (!map->m_llen)
> +		if (!(map->m_flags & EROFS_MAP_ENCODED) || !map->m_llen)
>   			return;
>   	}
>