This is a note to let you know that I've just added the patch titled eventfs: Do ctx->pos update for all iterations in eventfs_iterate() to the 6.6-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: eventfs-do-ctx-pos-update-for-all-iterations-in-eventfs_iterate.patch and it can be found in the queue-6.6 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From SRS0=eEWY=JP=rostedt.homelinux.com=rostedt@xxxxxxxxxx Tue Feb 6 13:10:53 2024 From: Steven Rostedt <rostedt@xxxxxxxxxxx> Date: Tue, 06 Feb 2024 07:09:44 -0500 Subject: eventfs: Do ctx->pos update for all iterations in eventfs_iterate() To: linux-kernel@xxxxxxxxxxxxxxx, stable@xxxxxxxxxxxxxxx Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>, Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>, Sasha Levin <sashal@xxxxxxxxxx>, Masami Hiramatsu <mhiramat@xxxxxxxxxx>, Mark Rutland <mark.rutland@xxxxxxx>, Mathieu Desnoyers <mathieu.desnoyers@xxxxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, Al Viro <viro@xxxxxxxxxxxxxxxxxx>, Christian Brauner <brauner@xxxxxxxxxx> Message-ID: <20240206120952.722064231@xxxxxxxxxxxxxxxxxxxxx> From: "Steven Rostedt (Google)" <rostedt@xxxxxxxxxxx> commit 1e4624eb5a0ecaae0d2c4e3019bece119725bb98 upstream. The ctx->pos was only updated when it added an entry, but the "skip to current pos" check (c--) happened for every loop regardless of if the entry was added or not. This inconsistency caused readdir to be incorrect. It was due to: for (i = 0; i < ei->nr_entries; i++) { if (c > 0) { c--; continue; } mutex_lock(&eventfs_mutex); /* If ei->is_freed then just bail here, nothing more to do */ if (ei->is_freed) { mutex_unlock(&eventfs_mutex); goto out; } r = entry->callback(name, &mode, &cdata, &fops); mutex_unlock(&eventfs_mutex); [..] ctx->pos++; } But this can cause the iterator to return a file that was already read. That's because of the way the callback() works. Some events may not have all files, and the callback can return 0 to tell eventfs to skip the file for this directory. for instance, we have: # ls /sys/kernel/tracing/events/ftrace/function format hist hist_debug id inject and # ls /sys/kernel/tracing/events/sched/sched_switch/ enable filter format hist hist_debug id inject trigger Where the function directory is missing "enable", "filter" and "trigger". That's because the callback() for events has: static int event_callback(const char *name, umode_t *mode, void **data, const struct file_operations **fops) { struct trace_event_file *file = *data; struct trace_event_call *call = file->event_call; [..] /* * Only event directories that can be enabled should have * triggers or filters, with the exception of the "print" * event that can have a "trigger" file. */ if (!(call->flags & TRACE_EVENT_FL_IGNORE_ENABLE)) { if (call->class->reg && strcmp(name, "enable") == 0) { *mode = TRACE_MODE_WRITE; *fops = &ftrace_enable_fops; return 1; } if (strcmp(name, "filter") == 0) { *mode = TRACE_MODE_WRITE; *fops = &ftrace_event_filter_fops; return 1; } } if (!(call->flags & TRACE_EVENT_FL_IGNORE_ENABLE) || strcmp(trace_event_name(call), "print") == 0) { if (strcmp(name, "trigger") == 0) { *mode = TRACE_MODE_WRITE; *fops = &event_trigger_fops; return 1; } } [..] return 0; } Where the function event has the TRACE_EVENT_FL_IGNORE_ENABLE set. This means that the entries array elements for "enable", "filter" and "trigger" when called on the function event will have the callback return 0 and not 1, to tell eventfs to skip these files for it. Because the "skip to current ctx->pos" check happened for all entries, but the ctx->pos++ only happened to entries that exist, it would confuse the reading of a directory. Which would cause: # ls /sys/kernel/tracing/events/ftrace/function/ format hist hist hist_debug hist_debug id inject inject The missing "enable", "filter" and "trigger" caused ls to show "hist", "hist_debug" and "inject" twice. Update the ctx->pos for every iteration to keep its update and the "skip" update consistent. This also means that on error, the ctx->pos needs to be decremented if it was incremented without adding something. Link: https://lore.kernel.org/all/20240104150500.38b15a62@xxxxxxxxxxxxxxxxxx/ Link: https://lore.kernel.org/linux-trace-kernel/20240104220048.172295263@xxxxxxxxxxx Cc: Masami Hiramatsu <mhiramat@xxxxxxxxxx> Cc: Mark Rutland <mark.rutland@xxxxxxx> Cc: Mathieu Desnoyers <mathieu.desnoyers@xxxxxxxxxxxx> Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx> Cc: Christian Brauner <brauner@xxxxxxxxxx> Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> Fixes: 493ec81a8fb8e ("eventfs: Stop using dcache_readdir() for getdents()") Signed-off-by: Steven Rostedt (Google) <rostedt@xxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- fs/tracefs/event_inode.c | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -760,6 +760,8 @@ static int eventfs_iterate(struct file * continue; } + ctx->pos++; + if (ei_child->is_freed) continue; @@ -767,13 +769,12 @@ static int eventfs_iterate(struct file * dentry = create_dir_dentry(ei, ei_child, ei_dentry); if (!dentry) - goto out; + goto out_dec; ino = dentry->d_inode->i_ino; dput(dentry); if (!dir_emit(ctx, name, strlen(name), ino, DT_DIR)) - goto out; - ctx->pos++; + goto out_dec; } for (i = 0; i < ei->nr_entries; i++) { @@ -784,6 +785,8 @@ static int eventfs_iterate(struct file * continue; } + ctx->pos++; + entry = &ei->entries[i]; name = entry->name; @@ -791,7 +794,7 @@ static int eventfs_iterate(struct file * /* If ei->is_freed then just bail here, nothing more to do */ if (ei->is_freed) { mutex_unlock(&eventfs_mutex); - goto out; + goto out_dec; } r = entry->callback(name, &mode, &cdata, &fops); mutex_unlock(&eventfs_mutex); @@ -800,19 +803,23 @@ static int eventfs_iterate(struct file * dentry = create_file_dentry(ei, i, ei_dentry, name, mode, cdata, fops); if (!dentry) - goto out; + goto out_dec; ino = dentry->d_inode->i_ino; dput(dentry); if (!dir_emit(ctx, name, strlen(name), ino, DT_REG)) - goto out; - ctx->pos++; + goto out_dec; } ret = 1; out: srcu_read_unlock(&eventfs_srcu, idx); return ret; + + out_dec: + /* Incremented ctx->pos without adding something, reset it */ + ctx->pos--; + goto out; } /** Patches currently in stable-queue which might be from rostedt@xxxxxxxxxx are queue-6.6/eventfs-keep-all-directory-links-at-1.patch queue-6.6/eventfs-make-sure-that-parent-d_inode-is-locked-in-creating-files-dirs.patch queue-6.6/eventfs-save-directory-inodes-in-the-eventfs_inode-structure.patch queue-6.6/revert-eventfs-save-ownership-and-mode.patch queue-6.6/tracefs-zero-out-the-tracefs_inode-when-allocating-it.patch queue-6.6/eventfs-read-ei-entries-before-ei-children-in-eventfs_iterate.patch queue-6.6/eventfs-do-not-invalidate-dentry-in-create_file-dir_dentry.patch queue-6.6/eventfs-fix-file-and-directory-uid-and-gid-ownership.patch queue-6.6/eventfs-remove-lookup-parameter-from-create_dir-file_dentry.patch queue-6.6/eventfs-use-gfp_nofs-for-allocation-when-eventfs_mutex-is-held.patch queue-6.6/eventfs-remove-fsnotify-functions-from-lookup.patch queue-6.6/eventfs-use-err_cast-in-eventfs_create_events_dir.patch queue-6.6/revert-eventfs-use-simple_recursive_removal-to-clean-up-dentries.patch queue-6.6/eventfs-use-simple_recursive_removal-to-clean-up-dentries.patch queue-6.6/eventfs-stop-using-dcache_readdir-for-getdents.patch queue-6.6/eventfs-have-event-files-and-directories-default-to-parent-uid-and-gid.patch queue-6.6/eventfs-use-eventfs_remove_events_dir.patch queue-6.6/eventfs-delete-eventfs_inode-when-the-last-dentry-is-freed.patch queue-6.6/tracefs-avoid-using-the-ei-dentry-pointer-unnecessarily.patch queue-6.6/tracefs-remove-stale-update_gid-code.patch queue-6.6/eventfs-initialize-the-tracefs-inode-properly.patch queue-6.6/eventfs-remove-special-processing-of-dput-of-events-directory.patch queue-6.6/eventfs-save-ownership-and-mode.patch queue-6.6/tracefs-check-for-dentry-d_inode-exists-in-set_gid.patch queue-6.6/eventfs-do-ctx-pos-update-for-all-iterations-in-eventfs_iterate.patch queue-6.6/tracefs-dentry-lookup-crapectomy.patch queue-6.6/eventfs-move-taking-of-inode_lock-into-dcache_dir_open_wrapper.patch queue-6.6/eventfs-have-a-free_ei-that-just-frees-the-eventfs_inode.patch queue-6.6/revert-eventfs-remove-is_freed-union-with-rcu-head.patch queue-6.6/eventfs-have-the-inodes-all-for-files-and-directories-all-be-the-same.patch queue-6.6/eventfs-use-kcalloc-instead-of-kzalloc.patch queue-6.6/eventfs-test-for-ei-is_freed-when-accessing-ei-dentry.patch queue-6.6/eventfs-fix-bitwise-fields-for-is_events.patch queue-6.6/eventfs-fix-warn_on-in-create_file_dentry.patch queue-6.6/eventfs-fix-events-beyond-name_max-blocking-tasks.patch queue-6.6/eventfs-shortcut-eventfs_iterate-by-skipping-entries-already-read.patch queue-6.6/revert-eventfs-do-not-allow-null-parent-to-eventfs_start_creating.patch queue-6.6/eventfs-do-not-allow-null-parent-to-eventfs_start_creating.patch queue-6.6/eventfs-do-not-create-dentries-nor-inodes-in-iterate_shared.patch queue-6.6/eventfs-have-eventfs_iterate-stop-immediately-if-ei-is_freed-is-set.patch queue-6.6/eventfs-fix-typo-in-eventfs_inode-union-comment.patch queue-6.6/eventfs-remove-expectation-that-ei-is_freed-means-ei-dentry-null.patch queue-6.6/eventfs-restructure-eventfs_inode-structure-to-be-more-condensed.patch queue-6.6/eventfs-warn-if-an-eventfs_inode-is-freed-without-is_freed-being-set.patch queue-6.6/eventfs-get-rid-of-dentry-pointers-without-refcounts.patch queue-6.6/eventfs-remove-unused-d_parent-pointer-field.patch queue-6.6/eventfs-hold-eventfs_mutex-when-calling-callback-functions.patch queue-6.6/eventfs-remove-is_freed-union-with-rcu-head.patch queue-6.6/tracefs-eventfs-modify-mismatched-function-name.patch queue-6.6/eventfs-fix-kerneldoc-of-eventfs_remove_rec.patch queue-6.6/tracefs-eventfs-use-root-and-instance-inodes-as-default-ownership.patch queue-6.6/revert-eventfs-check-for-null-ef-in-eventfs_set_attr.patch queue-6.6/eventfs-fix-failure-path-in-eventfs_create_events_dir.patch queue-6.6/eventfs-clean-up-dentry-ops-and-add-revalidate-function.patch