This is a note to let you know that I've just added the patch titled
eventfs: Do ctx->pos update for all iterations in eventfs_iterate()
to the 6.7-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
eventfs-do-ctx-pos-update-for-all-iterations-in-eventfs_iterate.patch
and it can be found in the queue-6.7 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From SRS0=eEWY=JP=rostedt.homelinux.com=rostedt@xxxxxxxxxx Tue Feb 6 12:33:32 2024
From: Steven Rostedt <rostedt@xxxxxxxxxxx>
Date: Tue, 06 Feb 2024 06:32:03 -0500
Subject: eventfs: Do ctx->pos update for all iterations in eventfs_iterate()
To: linux-kernel@xxxxxxxxxxxxxxx, stable@xxxxxxxxxxxxxxx
Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>, Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>, Sasha Levin <sashal@xxxxxxxxxx>, Masami Hiramatsu <mhiramat@xxxxxxxxxx>, Mark Rutland <mark.rutland@xxxxxxx>, Mathieu Desnoyers <mathieu.desnoyers@xxxxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, Al Viro <viro@xxxxxxxxxxxxxxxxxx>, Christian Brauner <brauner@xxxxxxxxxx>
Message-ID: <20240206113358.897028018@xxxxxxxxxxxxxxxxxxxxx>
From: "Steven Rostedt (Google)" <rostedt@xxxxxxxxxxx>
commit 1e4624eb5a0ecaae0d2c4e3019bece119725bb98 upstream.
The ctx->pos was only updated when it added an entry, but the "skip to
current pos" check (c--) happened for every loop regardless of if the
entry was added or not. This inconsistency caused readdir to be incorrect.
It was due to:
for (i = 0; i < ei->nr_entries; i++) {
if (c > 0) {
c--;
continue;
}
mutex_lock(&eventfs_mutex);
/* If ei->is_freed then just bail here, nothing more to do */
if (ei->is_freed) {
mutex_unlock(&eventfs_mutex);
goto out;
}
r = entry->callback(name, &mode, &cdata, &fops);
mutex_unlock(&eventfs_mutex);
[..]
ctx->pos++;
}
But this can cause the iterator to return a file that was already read.
That's because of the way the callback() works. Some events may not have
all files, and the callback can return 0 to tell eventfs to skip the file
for this directory.
for instance, we have:
# ls /sys/kernel/tracing/events/ftrace/function
format hist hist_debug id inject
and
# ls /sys/kernel/tracing/events/sched/sched_switch/
enable filter format hist hist_debug id inject trigger
Where the function directory is missing "enable", "filter" and
"trigger". That's because the callback() for events has:
static int event_callback(const char *name, umode_t *mode, void **data,
const struct file_operations **fops)
{
struct trace_event_file *file = *data;
struct trace_event_call *call = file->event_call;
[..]
/*
* Only event directories that can be enabled should have
* triggers or filters, with the exception of the "print"
* event that can have a "trigger" file.
*/
if (!(call->flags & TRACE_EVENT_FL_IGNORE_ENABLE)) {
if (call->class->reg && strcmp(name, "enable") == 0) {
*mode = TRACE_MODE_WRITE;
*fops = &ftrace_enable_fops;
return 1;
}
if (strcmp(name, "filter") == 0) {
*mode = TRACE_MODE_WRITE;
*fops = &ftrace_event_filter_fops;
return 1;
}
}
if (!(call->flags & TRACE_EVENT_FL_IGNORE_ENABLE) ||
strcmp(trace_event_name(call), "print") == 0) {
if (strcmp(name, "trigger") == 0) {
*mode = TRACE_MODE_WRITE;
*fops = &event_trigger_fops;
return 1;
}
}
[..]
return 0;
}
Where the function event has the TRACE_EVENT_FL_IGNORE_ENABLE set.
This means that the entries array elements for "enable", "filter" and
"trigger" when called on the function event will have the callback return
0 and not 1, to tell eventfs to skip these files for it.
Because the "skip to current ctx->pos" check happened for all entries, but
the ctx->pos++ only happened to entries that exist, it would confuse the
reading of a directory. Which would cause:
# ls /sys/kernel/tracing/events/ftrace/function/
format hist hist hist_debug hist_debug id inject inject
The missing "enable", "filter" and "trigger" caused ls to show "hist",
"hist_debug" and "inject" twice.
Update the ctx->pos for every iteration to keep its update and the "skip"
update consistent. This also means that on error, the ctx->pos needs to be
decremented if it was incremented without adding something.
Link: https://lore.kernel.org/all/20240104150500.38b15a62@xxxxxxxxxxxxxxxxxx/
Link: https://lore.kernel.org/linux-trace-kernel/20240104220048.172295263@xxxxxxxxxxx
Cc: Masami Hiramatsu <mhiramat@xxxxxxxxxx>
Cc: Mark Rutland <mark.rutland@xxxxxxx>
Cc: Mathieu Desnoyers <mathieu.desnoyers@xxxxxxxxxxxx>
Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Cc: Christian Brauner <brauner@xxxxxxxxxx>
Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Fixes: 493ec81a8fb8e ("eventfs: Stop using dcache_readdir() for getdents()")
Signed-off-by: Steven Rostedt (Google) <rostedt@xxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
fs/tracefs/event_inode.c | 21 ++++++++++++++-------
1 file changed, 14 insertions(+), 7 deletions(-)
--- a/fs/tracefs/event_inode.c
+++ b/fs/tracefs/event_inode.c
@@ -722,6 +722,8 @@ static int eventfs_iterate(struct file *
continue;
}
+ ctx->pos++;
+
if (ei_child->is_freed)
continue;
@@ -729,13 +731,12 @@ static int eventfs_iterate(struct file *
dentry = create_dir_dentry(ei, ei_child, ei_dentry);
if (!dentry)
- goto out;
+ goto out_dec;
ino = dentry->d_inode->i_ino;
dput(dentry);
if (!dir_emit(ctx, name, strlen(name), ino, DT_DIR))
- goto out;
- ctx->pos++;
+ goto out_dec;
}
for (i = 0; i < ei->nr_entries; i++) {
@@ -746,6 +747,8 @@ static int eventfs_iterate(struct file *
continue;
}
+ ctx->pos++;
+
entry = &ei->entries[i];
name = entry->name;
@@ -753,7 +756,7 @@ static int eventfs_iterate(struct file *
/* If ei->is_freed then just bail here, nothing more to do */
if (ei->is_freed) {
mutex_unlock(&eventfs_mutex);
- goto out;
+ goto out_dec;
}
r = entry->callback(name, &mode, &cdata, &fops);
mutex_unlock(&eventfs_mutex);
@@ -762,19 +765,23 @@ static int eventfs_iterate(struct file *
dentry = create_file_dentry(ei, i, ei_dentry, name, mode, cdata, fops);
if (!dentry)
- goto out;
+ goto out_dec;
ino = dentry->d_inode->i_ino;
dput(dentry);
if (!dir_emit(ctx, name, strlen(name), ino, DT_REG))
- goto out;
- ctx->pos++;
+ goto out_dec;
}
ret = 1;
out:
srcu_read_unlock(&eventfs_srcu, idx);
return ret;
+
+ out_dec:
+ /* Incremented ctx->pos without adding something, reset it */
+ ctx->pos--;
+ goto out;
}
/**
Patches currently in stable-queue which might be from rostedt@xxxxxxxxxx are
queue-6.7/eventfs-keep-all-directory-links-at-1.patch
queue-6.7/eventfs-save-directory-inodes-in-the-eventfs_inode-structure.patch
queue-6.7/tracefs-zero-out-the-tracefs_inode-when-allocating-it.patch
queue-6.7/eventfs-read-ei-entries-before-ei-children-in-eventfs_iterate.patch
queue-6.7/eventfs-remove-lookup-parameter-from-create_dir-file_dentry.patch
queue-6.7/eventfs-remove-fsnotify-functions-from-lookup.patch
queue-6.7/eventfs-stop-using-dcache_readdir-for-getdents.patch
queue-6.7/tracefs-avoid-using-the-ei-dentry-pointer-unnecessarily.patch
queue-6.7/eventfs-initialize-the-tracefs-inode-properly.patch
queue-6.7/eventfs-do-ctx-pos-update-for-all-iterations-in-eventfs_iterate.patch
queue-6.7/tracefs-dentry-lookup-crapectomy.patch
queue-6.7/eventfs-have-the-inodes-all-for-files-and-directories-all-be-the-same.patch
queue-6.7/eventfs-use-kcalloc-instead-of-kzalloc.patch
queue-6.7/eventfs-shortcut-eventfs_iterate-by-skipping-entries-already-read.patch
queue-6.7/eventfs-do-not-create-dentries-nor-inodes-in-iterate_shared.patch
queue-6.7/eventfs-have-eventfs_iterate-stop-immediately-if-ei-is_freed-is-set.patch
queue-6.7/eventfs-restructure-eventfs_inode-structure-to-be-more-condensed.patch
queue-6.7/eventfs-warn-if-an-eventfs_inode-is-freed-without-is_freed-being-set.patch
queue-6.7/eventfs-get-rid-of-dentry-pointers-without-refcounts.patch
queue-6.7/eventfs-remove-unused-d_parent-pointer-field.patch
queue-6.7/eventfs-clean-up-dentry-ops-and-add-revalidate-function.patch
