cgroup.c 127.6 KB
Newer Older
1 2 3 4 5 6
/*
 *  Generic process-grouping system.
 *
 *  Based originally on the cpuset system, extracted by Paul Menage
 *  Copyright (C) 2006 Google, Inc
 *
7 8 9 10
 *  Notifications support
 *  Copyright (C) 2009 Nokia Corporation
 *  Author: Kirill A. Shutemov
 *
11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
 *  Copyright notices from the original cpuset code:
 *  --------------------------------------------------
 *  Copyright (C) 2003 BULL SA.
 *  Copyright (C) 2004-2006 Silicon Graphics, Inc.
 *
 *  Portions derived from Patrick Mochel's sysfs code.
 *  sysfs is Copyright (c) 2001-3 Patrick Mochel
 *
 *  2003-10-10 Written by Simon Derr.
 *  2003-10-22 Updates by Stephen Hemminger.
 *  2004 May-July Rework by Paul Jackson.
 *  ---------------------------------------------------
 *
 *  This file is subject to the terms and conditions of the GNU General Public
 *  License.  See the file COPYING in the main directory of the Linux
 *  distribution for more details.
 */

#include <linux/cgroup.h>
30
#include <linux/cred.h>
31
#include <linux/ctype.h>
32
#include <linux/errno.h>
33
#include <linux/init_task.h>
34 35 36 37 38 39
#include <linux/kernel.h>
#include <linux/list.h>
#include <linux/mm.h>
#include <linux/mutex.h>
#include <linux/mount.h>
#include <linux/pagemap.h>
40
#include <linux/proc_fs.h>
41 42 43 44
#include <linux/rcupdate.h>
#include <linux/sched.h>
#include <linux/slab.h>
#include <linux/spinlock.h>
45
#include <linux/rwsem.h>
46
#include <linux/string.h>
47
#include <linux/sort.h>
48
#include <linux/kmod.h>
B
Balbir Singh 已提交
49 50
#include <linux/delayacct.h>
#include <linux/cgroupstats.h>
51
#include <linux/hashtable.h>
L
Li Zefan 已提交
52
#include <linux/pid_namespace.h>
53
#include <linux/idr.h>
54
#include <linux/vmalloc.h> /* TODO: replace with more sophisticated array */
55
#include <linux/kthread.h>
T
Tejun Heo 已提交
56
#include <linux/delay.h>
B
Balbir Singh 已提交
57

A
Arun Sharma 已提交
58
#include <linux/atomic.h>
59

60 61 62 63 64 65 66 67
/*
 * pidlists linger the following amount before being destroyed.  The goal
 * is avoiding frequent destruction in the middle of consecutive read calls
 * Expiring in the middle is a performance problem not a correctness one.
 * 1 sec should be enough.
 */
#define CGROUP_PIDLIST_DESTROY_DELAY	HZ

T
Tejun Heo 已提交
68 69 70
#define CGROUP_FILE_NAME_MAX		(MAX_CGROUP_TYPE_NAMELEN +	\
					 MAX_CFTYPE_NAME + 2)

T
Tejun Heo 已提交
71 72 73 74 75 76 77 78 79
/*
 * cgroup_tree_mutex nests above cgroup_mutex and protects cftypes, file
 * creation/removal and hierarchy changing operations including cgroup
 * creation, removal, css association and controller rebinding.  This outer
 * lock is needed mainly to resolve the circular dependency between kernfs
 * active ref and cgroup_mutex.  cgroup_tree_mutex nests above both.
 */
static DEFINE_MUTEX(cgroup_tree_mutex);

T
Tejun Heo 已提交
80 81 82
/*
 * cgroup_mutex is the master lock.  Any modification to cgroup or its
 * hierarchy must be performed while holding it.
83 84 85 86 87 88
 *
 * css_set_rwsem protects task->cgroups pointer, the list of css_set
 * objects, and the chain of tasks off each css_set.
 *
 * These locks are exported if CONFIG_PROVE_RCU so that accessors in
 * cgroup.h can use them for lockdep annotations.
T
Tejun Heo 已提交
89
 */
T
Tejun Heo 已提交
90 91
#ifdef CONFIG_PROVE_RCU
DEFINE_MUTEX(cgroup_mutex);
92 93 94
DECLARE_RWSEM(css_set_rwsem);
EXPORT_SYMBOL_GPL(cgroup_mutex);
EXPORT_SYMBOL_GPL(css_set_rwsem);
T
Tejun Heo 已提交
95
#else
96
static DEFINE_MUTEX(cgroup_mutex);
97
static DECLARE_RWSEM(css_set_rwsem);
T
Tejun Heo 已提交
98 99
#endif

100 101 102 103 104 105
/*
 * Protects cgroup_subsys->release_agent_path.  Modifying it also requires
 * cgroup_mutex.  Reading requires either cgroup_mutex or this spinlock.
 */
static DEFINE_SPINLOCK(release_agent_path_lock);

T
Tejun Heo 已提交
106
#define cgroup_assert_mutexes_or_rcu_locked()				\
107
	rcu_lockdep_assert(rcu_read_lock_held() ||			\
T
Tejun Heo 已提交
108
			   lockdep_is_held(&cgroup_tree_mutex) ||	\
109
			   lockdep_is_held(&cgroup_mutex),		\
T
Tejun Heo 已提交
110
			   "cgroup_[tree_]mutex or RCU read lock required");
111

112 113 114 115 116 117 118 119
/*
 * cgroup destruction makes heavy use of work items and there can be a lot
 * of concurrent destructions.  Use a separate workqueue so that cgroup
 * destruction work items don't end up filling up max_active of system_wq
 * which may lead to deadlock.
 */
static struct workqueue_struct *cgroup_destroy_wq;

120 121 122 123 124 125
/*
 * pidlist destructions need to be flushed on cgroup destruction.  Use a
 * separate workqueue as flush domain.
 */
static struct workqueue_struct *cgroup_pidlist_destroy_wq;

T
Tejun Heo 已提交
126
/* generate an array of cgroup subsystem pointers */
127
#define SUBSYS(_x) [_x ## _cgrp_id] = &_x ## _cgrp_subsys,
T
Tejun Heo 已提交
128
static struct cgroup_subsys *cgroup_subsys[] = {
129 130
#include <linux/cgroup_subsys.h>
};
131 132 133 134 135 136 137 138
#undef SUBSYS

/* array of cgroup subsystem names */
#define SUBSYS(_x) [_x ## _cgrp_id] = #_x,
static const char *cgroup_subsys_name[] = {
#include <linux/cgroup_subsys.h>
};
#undef SUBSYS
139 140

/*
141 142 143
 * The dummy hierarchy, reserved for the subsystems that are otherwise
 * unattached - it never has more than a single cgroup, and all tasks are
 * part of that cgroup.
144
 */
145 146 147 148
static struct cgroupfs_root cgroup_dummy_root;

/* dummy_top is a shorthand for the dummy hierarchy's top cgroup */
static struct cgroup * const cgroup_dummy_top = &cgroup_dummy_root.top_cgroup;
149 150 151

/* The list of hierarchy roots */

152 153
static LIST_HEAD(cgroup_roots);
static int cgroup_root_count;
154

T
Tejun Heo 已提交
155
/* hierarchy ID allocation and mapping, protected by cgroup_mutex */
156
static DEFINE_IDR(cgroup_hierarchy_idr);
157

158 159 160 161 162
/*
 * Assign a monotonically increasing serial number to cgroups.  It
 * guarantees cgroups with bigger numbers are newer than those with smaller
 * numbers.  Also, as cgroups are always appended to the parent's
 * ->children list, it guarantees that sibling cgroups are always sorted in
163 164
 * the ascending serial number order on the list.  Protected by
 * cgroup_mutex.
165
 */
166
static u64 cgroup_serial_nr_next = 1;
167

168
/* This flag indicates whether tasks in the fork and exit paths should
L
Li Zefan 已提交
169 170 171
 * check for fork/exit handlers to call. This avoids us having to do
 * extra work in the fork/exit path if none of the subsystems need to
 * be called.
172
 */
173
static int need_forkexit_callback __read_mostly;
174

175 176
static struct cftype cgroup_base_files[];

177
static void cgroup_put(struct cgroup *cgrp);
178 179
static int rebind_subsystems(struct cgroupfs_root *dst_root,
			     unsigned long ss_mask);
180
static void cgroup_destroy_css_killed(struct cgroup *cgrp);
181
static int cgroup_destroy_locked(struct cgroup *cgrp);
182 183
static int cgroup_addrm_files(struct cgroup *cgrp, struct cftype cfts[],
			      bool is_add);
184
static void cgroup_pidlist_destroy_all(struct cgroup *cgrp);
185

T
Tejun Heo 已提交
186 187 188
/**
 * cgroup_css - obtain a cgroup's css for the specified subsystem
 * @cgrp: the cgroup of interest
189
 * @ss: the subsystem of interest (%NULL returns the dummy_css)
T
Tejun Heo 已提交
190
 *
191 192 193 194 195
 * Return @cgrp's css (cgroup_subsys_state) associated with @ss.  This
 * function must be called either under cgroup_mutex or rcu_read_lock() and
 * the caller is responsible for pinning the returned css if it wants to
 * keep accessing it outside the said locks.  This function may return
 * %NULL if @cgrp doesn't have @subsys_id enabled.
T
Tejun Heo 已提交
196 197
 */
static struct cgroup_subsys_state *cgroup_css(struct cgroup *cgrp,
198
					      struct cgroup_subsys *ss)
T
Tejun Heo 已提交
199
{
200
	if (ss)
201
		return rcu_dereference_check(cgrp->subsys[ss->id],
T
Tejun Heo 已提交
202 203
					lockdep_is_held(&cgroup_tree_mutex) ||
					lockdep_is_held(&cgroup_mutex));
204 205
	else
		return &cgrp->dummy_css;
T
Tejun Heo 已提交
206
}
207

208
/* convenient tests for these bits */
209
static inline bool cgroup_is_dead(const struct cgroup *cgrp)
210
{
211
	return test_bit(CGRP_DEAD, &cgrp->flags);
212 213
}

214 215
struct cgroup_subsys_state *seq_css(struct seq_file *seq)
{
T
Tejun Heo 已提交
216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231
	struct kernfs_open_file *of = seq->private;
	struct cgroup *cgrp = of->kn->parent->priv;
	struct cftype *cft = seq_cft(seq);

	/*
	 * This is open and unprotected implementation of cgroup_css().
	 * seq_css() is only called from a kernfs file operation which has
	 * an active reference on the file.  Because all the subsystem
	 * files are drained before a css is disassociated with a cgroup,
	 * the matching css from the cgroup's subsys table is guaranteed to
	 * be and stay valid until the enclosing operation is complete.
	 */
	if (cft->ss)
		return rcu_dereference_raw(cgrp->subsys[cft->ss->id]);
	else
		return &cgrp->dummy_css;
232 233 234
}
EXPORT_SYMBOL_GPL(seq_css);

235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252
/**
 * cgroup_is_descendant - test ancestry
 * @cgrp: the cgroup to be tested
 * @ancestor: possible ancestor of @cgrp
 *
 * Test whether @cgrp is a descendant of @ancestor.  It also returns %true
 * if @cgrp == @ancestor.  This function is safe to call as long as @cgrp
 * and @ancestor are accessible.
 */
bool cgroup_is_descendant(struct cgroup *cgrp, struct cgroup *ancestor)
{
	while (cgrp) {
		if (cgrp == ancestor)
			return true;
		cgrp = cgrp->parent;
	}
	return false;
}
253

254
static int cgroup_is_releasable(const struct cgroup *cgrp)
255 256
{
	const int bits =
257 258 259
		(1 << CGRP_RELEASABLE) |
		(1 << CGRP_NOTIFY_ON_RELEASE);
	return (cgrp->flags & bits) == bits;
260 261
}

262
static int notify_on_release(const struct cgroup *cgrp)
263
{
264
	return test_bit(CGRP_NOTIFY_ON_RELEASE, &cgrp->flags);
265 266
}

T
Tejun Heo 已提交
267 268 269 270 271 272 273 274 275 276 277 278
/**
 * for_each_css - iterate all css's of a cgroup
 * @css: the iteration cursor
 * @ssid: the index of the subsystem, CGROUP_SUBSYS_COUNT after reaching the end
 * @cgrp: the target cgroup to iterate css's of
 *
 * Should be called under cgroup_mutex.
 */
#define for_each_css(css, ssid, cgrp)					\
	for ((ssid) = 0; (ssid) < CGROUP_SUBSYS_COUNT; (ssid)++)	\
		if (!((css) = rcu_dereference_check(			\
				(cgrp)->subsys[(ssid)],			\
T
Tejun Heo 已提交
279
				lockdep_is_held(&cgroup_tree_mutex) ||	\
T
Tejun Heo 已提交
280 281 282
				lockdep_is_held(&cgroup_mutex)))) { }	\
		else

283
/**
T
Tejun Heo 已提交
284
 * for_each_subsys - iterate all enabled cgroup subsystems
285
 * @ss: the iteration cursor
286
 * @ssid: the index of @ss, CGROUP_SUBSYS_COUNT after reaching the end
287
 */
288
#define for_each_subsys(ss, ssid)					\
T
Tejun Heo 已提交
289 290
	for ((ssid) = 0; (ssid) < CGROUP_SUBSYS_COUNT &&		\
	     (((ss) = cgroup_subsys[ssid]) || true); (ssid)++)
291

292 293
/* iterate across the hierarchies */
#define for_each_root(root)						\
294
	list_for_each_entry((root), &cgroup_roots, root_list)
295

296 297 298 299
/**
 * cgroup_lock_live_group - take cgroup_mutex and check that cgrp is alive.
 * @cgrp: the cgroup to be checked for liveness
 *
T
Tejun Heo 已提交
300 301
 * On success, returns true; the mutex should be later unlocked.  On
 * failure returns false with no lock held.
302
 */
303
static bool cgroup_lock_live_group(struct cgroup *cgrp)
304 305
{
	mutex_lock(&cgroup_mutex);
306
	if (cgroup_is_dead(cgrp)) {
307 308 309 310 311 312
		mutex_unlock(&cgroup_mutex);
		return false;
	}
	return true;
}

313 314 315
/* the list of cgroups eligible for automatic release. Protected by
 * release_list_lock */
static LIST_HEAD(release_list);
316
static DEFINE_RAW_SPINLOCK(release_list_lock);
317 318
static void cgroup_release_agent(struct work_struct *work);
static DECLARE_WORK(release_agent_work, cgroup_release_agent);
319
static void check_for_release(struct cgroup *cgrp);
320

321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338
/*
 * A cgroup can be associated with multiple css_sets as different tasks may
 * belong to different cgroups on different hierarchies.  In the other
 * direction, a css_set is naturally associated with multiple cgroups.
 * This M:N relationship is represented by the following link structure
 * which exists for each association and allows traversing the associations
 * from both sides.
 */
struct cgrp_cset_link {
	/* the cgroup and css_set this link associates */
	struct cgroup		*cgrp;
	struct css_set		*cset;

	/* list of cgrp_cset_links anchored at cgrp->cset_links */
	struct list_head	cset_link;

	/* list of cgrp_cset_links anchored at css_set->cgrp_links */
	struct list_head	cgrp_link;
339 340
};

341 342
/*
 * The default css_set - used by init and its children prior to any
343 344 345 346 347
 * hierarchies being mounted. It contains a pointer to the root state
 * for each subsystem. Also used to anchor the list of css_sets. Not
 * reference-counted, to improve performance when child cgroups
 * haven't been created.
 */
348 349 350 351 352 353 354 355
static struct css_set init_css_set = {
	.refcount		= ATOMIC_INIT(1),
	.cgrp_links		= LIST_HEAD_INIT(init_css_set.cgrp_links),
	.tasks			= LIST_HEAD_INIT(init_css_set.tasks),
	.mg_tasks		= LIST_HEAD_INIT(init_css_set.mg_tasks),
	.mg_preload_node	= LIST_HEAD_INIT(init_css_set.mg_preload_node),
	.mg_node		= LIST_HEAD_INIT(init_css_set.mg_node),
};
356

357
static int css_set_count	= 1;	/* 1 for init_css_set */
358

359 360 361 362 363
/*
 * hash table for cgroup groups. This improves the performance to find
 * an existing css_set. This hash doesn't (currently) take into
 * account cgroups in empty hierarchies.
 */
364
#define CSS_SET_HASH_BITS	7
365
static DEFINE_HASHTABLE(css_set_table, CSS_SET_HASH_BITS);
366

367
static unsigned long css_set_hash(struct cgroup_subsys_state *css[])
368
{
369
	unsigned long key = 0UL;
370 371
	struct cgroup_subsys *ss;
	int i;
372

373
	for_each_subsys(ss, i)
374 375
		key += (unsigned long)css[i];
	key = (key >> 16) ^ key;
376

377
	return key;
378 379
}

380
static void put_css_set_locked(struct css_set *cset, bool taskexit)
381
{
382
	struct cgrp_cset_link *link, *tmp_link;
383

384 385 386
	lockdep_assert_held(&css_set_rwsem);

	if (!atomic_dec_and_test(&cset->refcount))
387
		return;
388

389
	/* This css_set is dead. unlink it and release cgroup refcounts */
390
	hash_del(&cset->hlist);
391 392
	css_set_count--;

393
	list_for_each_entry_safe(link, tmp_link, &cset->cgrp_links, cgrp_link) {
394
		struct cgroup *cgrp = link->cgrp;
395

396 397
		list_del(&link->cset_link);
		list_del(&link->cgrp_link);
L
Li Zefan 已提交
398

399
		/* @cgrp can't go away while we're holding css_set_rwsem */
T
Tejun Heo 已提交
400
		if (list_empty(&cgrp->cset_links) && notify_on_release(cgrp)) {
401
			if (taskexit)
402 403
				set_bit(CGRP_RELEASABLE, &cgrp->flags);
			check_for_release(cgrp);
404
		}
405 406

		kfree(link);
407
	}
408

409
	kfree_rcu(cset, rcu_head);
410 411
}

412 413 414 415 416 417 418 419 420 421 422 423 424 425 426
static void put_css_set(struct css_set *cset, bool taskexit)
{
	/*
	 * Ensure that the refcount doesn't hit zero while any readers
	 * can see it. Similar to atomic_dec_and_lock(), but for an
	 * rwlock
	 */
	if (atomic_add_unless(&cset->refcount, -1, 1))
		return;

	down_write(&css_set_rwsem);
	put_css_set_locked(cset, taskexit);
	up_write(&css_set_rwsem);
}

427 428 429
/*
 * refcounted get/put for css_set objects
 */
430
static inline void get_css_set(struct css_set *cset)
431
{
432
	atomic_inc(&cset->refcount);
433 434
}

435
/**
436
 * compare_css_sets - helper function for find_existing_css_set().
437 438
 * @cset: candidate css_set being tested
 * @old_cset: existing css_set for a task
439 440 441
 * @new_cgrp: cgroup that's being entered by the task
 * @template: desired set of css pointers in css_set (pre-calculated)
 *
L
Li Zefan 已提交
442
 * Returns true if "cset" matches "old_cset" except for the hierarchy
443 444
 * which "new_cgrp" belongs to, for which it should match "new_cgrp".
 */
445 446
static bool compare_css_sets(struct css_set *cset,
			     struct css_set *old_cset,
447 448 449 450 451
			     struct cgroup *new_cgrp,
			     struct cgroup_subsys_state *template[])
{
	struct list_head *l1, *l2;

452
	if (memcmp(template, cset->subsys, sizeof(cset->subsys))) {
453 454 455 456 457 458 459 460 461 462 463 464 465
		/* Not all subsystems matched */
		return false;
	}

	/*
	 * Compare cgroup pointers in order to distinguish between
	 * different cgroups in heirarchies with no subsystems. We
	 * could get by with just this check alone (and skip the
	 * memcmp above) but on most setups the memcmp check will
	 * avoid the need for this more expensive check on almost all
	 * candidates.
	 */

466 467
	l1 = &cset->cgrp_links;
	l2 = &old_cset->cgrp_links;
468
	while (1) {
469
		struct cgrp_cset_link *link1, *link2;
470
		struct cgroup *cgrp1, *cgrp2;
471 472 473 474

		l1 = l1->next;
		l2 = l2->next;
		/* See if we reached the end - both lists are equal length. */
475 476
		if (l1 == &cset->cgrp_links) {
			BUG_ON(l2 != &old_cset->cgrp_links);
477 478
			break;
		} else {
479
			BUG_ON(l2 == &old_cset->cgrp_links);
480 481
		}
		/* Locate the cgroups associated with these links. */
482 483 484 485
		link1 = list_entry(l1, struct cgrp_cset_link, cgrp_link);
		link2 = list_entry(l2, struct cgrp_cset_link, cgrp_link);
		cgrp1 = link1->cgrp;
		cgrp2 = link2->cgrp;
486
		/* Hierarchies should be linked in the same order. */
487
		BUG_ON(cgrp1->root != cgrp2->root);
488 489 490 491 492 493 494 495

		/*
		 * If this hierarchy is the hierarchy of the cgroup
		 * that's changing, then we need to check that this
		 * css_set points to the new cgroup; if it's any other
		 * hierarchy, then this css_set should point to the
		 * same cgroup as the old css_set.
		 */
496 497
		if (cgrp1->root == new_cgrp->root) {
			if (cgrp1 != new_cgrp)
498 499
				return false;
		} else {
500
			if (cgrp1 != cgrp2)
501 502 503 504 505 506
				return false;
		}
	}
	return true;
}

507 508 509 510 511
/**
 * find_existing_css_set - init css array and find the matching css_set
 * @old_cset: the css_set that we're using before the cgroup transition
 * @cgrp: the cgroup that we're moving into
 * @template: out param for the new set of csses, should be clear on entry
512
 */
513 514 515
static struct css_set *find_existing_css_set(struct css_set *old_cset,
					struct cgroup *cgrp,
					struct cgroup_subsys_state *template[])
516
{
517
	struct cgroupfs_root *root = cgrp->root;
518
	struct cgroup_subsys *ss;
519
	struct css_set *cset;
520
	unsigned long key;
521
	int i;
522

B
Ben Blum 已提交
523 524 525 526 527
	/*
	 * Build the set of subsystem state objects that we want to see in the
	 * new css_set. while subsystems can change globally, the entries here
	 * won't change, so no need for locking.
	 */
528
	for_each_subsys(ss, i) {
529
		if (root->subsys_mask & (1UL << i)) {
530 531 532
			/* Subsystem is in this hierarchy. So we want
			 * the subsystem state from the new
			 * cgroup */
533
			template[i] = cgroup_css(cgrp, ss);
534 535 536
		} else {
			/* Subsystem is not in this hierarchy, so we
			 * don't want to change the subsystem state */
537
			template[i] = old_cset->subsys[i];
538 539 540
		}
	}

541
	key = css_set_hash(template);
542 543
	hash_for_each_possible(css_set_table, cset, hlist, key) {
		if (!compare_css_sets(cset, old_cset, cgrp, template))
544 545 546
			continue;

		/* This css_set matches what we need */
547
		return cset;
548
	}
549 550 551 552 553

	/* No existing cgroup group matched */
	return NULL;
}

554
static void free_cgrp_cset_links(struct list_head *links_to_free)
555
{
556
	struct cgrp_cset_link *link, *tmp_link;
557

558 559
	list_for_each_entry_safe(link, tmp_link, links_to_free, cset_link) {
		list_del(&link->cset_link);
560 561 562 563
		kfree(link);
	}
}

564 565 566 567 568 569 570
/**
 * allocate_cgrp_cset_links - allocate cgrp_cset_links
 * @count: the number of links to allocate
 * @tmp_links: list_head the allocated links are put on
 *
 * Allocate @count cgrp_cset_link structures and chain them on @tmp_links
 * through ->cset_link.  Returns 0 on success or -errno.
571
 */
572
static int allocate_cgrp_cset_links(int count, struct list_head *tmp_links)
573
{
574
	struct cgrp_cset_link *link;
575
	int i;
576 577 578

	INIT_LIST_HEAD(tmp_links);

579
	for (i = 0; i < count; i++) {
580
		link = kzalloc(sizeof(*link), GFP_KERNEL);
581
		if (!link) {
582
			free_cgrp_cset_links(tmp_links);
583 584
			return -ENOMEM;
		}
585
		list_add(&link->cset_link, tmp_links);
586 587 588 589
	}
	return 0;
}

590 591
/**
 * link_css_set - a helper function to link a css_set to a cgroup
592
 * @tmp_links: cgrp_cset_link objects allocated by allocate_cgrp_cset_links()
593
 * @cset: the css_set to be linked
594 595
 * @cgrp: the destination cgroup
 */
596 597
static void link_css_set(struct list_head *tmp_links, struct css_set *cset,
			 struct cgroup *cgrp)
598
{
599
	struct cgrp_cset_link *link;
600

601 602 603
	BUG_ON(list_empty(tmp_links));
	link = list_first_entry(tmp_links, struct cgrp_cset_link, cset_link);
	link->cset = cset;
604
	link->cgrp = cgrp;
605
	list_move(&link->cset_link, &cgrp->cset_links);
606 607 608 609
	/*
	 * Always add links to the tail of the list so that the list
	 * is sorted by order of hierarchy creation
	 */
610
	list_add_tail(&link->cgrp_link, &cset->cgrp_links);
611 612
}

613 614 615 616 617 618 619
/**
 * find_css_set - return a new css_set with one cgroup updated
 * @old_cset: the baseline css_set
 * @cgrp: the cgroup to be updated
 *
 * Return a new css_set that's equivalent to @old_cset, but with @cgrp
 * substituted into the appropriate hierarchy.
620
 */
621 622
static struct css_set *find_css_set(struct css_set *old_cset,
				    struct cgroup *cgrp)
623
{
624
	struct cgroup_subsys_state *template[CGROUP_SUBSYS_COUNT] = { };
625
	struct css_set *cset;
626 627
	struct list_head tmp_links;
	struct cgrp_cset_link *link;
628
	unsigned long key;
629

630 631
	lockdep_assert_held(&cgroup_mutex);

632 633
	/* First see if we already have a cgroup group that matches
	 * the desired set */
634
	down_read(&css_set_rwsem);
635 636 637
	cset = find_existing_css_set(old_cset, cgrp, template);
	if (cset)
		get_css_set(cset);
638
	up_read(&css_set_rwsem);
639

640 641
	if (cset)
		return cset;
642

643
	cset = kzalloc(sizeof(*cset), GFP_KERNEL);
644
	if (!cset)
645 646
		return NULL;

647
	/* Allocate all the cgrp_cset_link objects that we'll need */
648
	if (allocate_cgrp_cset_links(cgroup_root_count, &tmp_links) < 0) {
649
		kfree(cset);
650 651 652
		return NULL;
	}

653
	atomic_set(&cset->refcount, 1);
654
	INIT_LIST_HEAD(&cset->cgrp_links);
655
	INIT_LIST_HEAD(&cset->tasks);
T
Tejun Heo 已提交
656
	INIT_LIST_HEAD(&cset->mg_tasks);
657
	INIT_LIST_HEAD(&cset->mg_preload_node);
658
	INIT_LIST_HEAD(&cset->mg_node);
659
	INIT_HLIST_NODE(&cset->hlist);
660 661 662

	/* Copy the set of subsystem state objects generated in
	 * find_existing_css_set() */
663
	memcpy(cset->subsys, template, sizeof(cset->subsys));
664

665
	down_write(&css_set_rwsem);
666
	/* Add reference counts and links from the new css_set. */
667
	list_for_each_entry(link, &old_cset->cgrp_links, cgrp_link) {
668
		struct cgroup *c = link->cgrp;
669

670 671
		if (c->root == cgrp->root)
			c = cgrp;
672
		link_css_set(&tmp_links, cset, c);
673
	}
674

675
	BUG_ON(!list_empty(&tmp_links));
676 677

	css_set_count++;
678 679

	/* Add this cgroup group to the hash table */
680 681
	key = css_set_hash(cset->subsys);
	hash_add(css_set_table, &cset->hlist, key);
682

683
	up_write(&css_set_rwsem);
684

685
	return cset;
686 687
}

T
Tejun Heo 已提交
688 689 690 691 692 693 694
static struct cgroupfs_root *cgroup_root_from_kf(struct kernfs_root *kf_root)
{
	struct cgroup *top_cgrp = kf_root->kn->priv;

	return top_cgrp->root;
}

695
static int cgroup_init_root_id(struct cgroupfs_root *root)
696 697 698 699 700
{
	int id;

	lockdep_assert_held(&cgroup_mutex);

701
	id = idr_alloc_cyclic(&cgroup_hierarchy_idr, root, 0, 0, GFP_KERNEL);
702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729
	if (id < 0)
		return id;

	root->hierarchy_id = id;
	return 0;
}

static void cgroup_exit_root_id(struct cgroupfs_root *root)
{
	lockdep_assert_held(&cgroup_mutex);

	if (root->hierarchy_id) {
		idr_remove(&cgroup_hierarchy_idr, root->hierarchy_id);
		root->hierarchy_id = 0;
	}
}

static void cgroup_free_root(struct cgroupfs_root *root)
{
	if (root) {
		/* hierarhcy ID shoulid already have been released */
		WARN_ON_ONCE(root->hierarchy_id);

		idr_destroy(&root->cgroup_idr);
		kfree(root);
	}
}

T
Tejun Heo 已提交
730
static void cgroup_destroy_root(struct cgroupfs_root *root)
731
{
732 733 734
	struct cgroup *cgrp = &root->top_cgroup;
	struct cgrp_cset_link *link, *tmp_link;

T
Tejun Heo 已提交
735 736
	mutex_lock(&cgroup_tree_mutex);
	mutex_lock(&cgroup_mutex);
737

T
Tejun Heo 已提交
738
	BUG_ON(atomic_read(&root->nr_cgrps));
739 740 741
	BUG_ON(!list_empty(&cgrp->children));

	/* Rebind all subsystems back to the default hierarchy */
742
	rebind_subsystems(&cgroup_dummy_root, root->subsys_mask);
743 744 745 746 747

	/*
	 * Release all the links from cset_links to this hierarchy's
	 * root cgroup
	 */
748
	down_write(&css_set_rwsem);
749 750 751 752 753 754

	list_for_each_entry_safe(link, tmp_link, &cgrp->cset_links, cset_link) {
		list_del(&link->cset_link);
		list_del(&link->cgrp_link);
		kfree(link);
	}
755
	up_write(&css_set_rwsem);
756 757 758 759 760 761 762 763 764 765 766

	if (!list_empty(&root->root_list)) {
		list_del(&root->root_list);
		cgroup_root_count--;
	}

	cgroup_exit_root_id(root);

	mutex_unlock(&cgroup_mutex);
	mutex_unlock(&cgroup_tree_mutex);

T
Tejun Heo 已提交
767
	kernfs_destroy_root(root->kf_root);
768 769 770
	cgroup_free_root(root);
}

771 772
/* look up cgroup associated with given css_set on the specified hierarchy */
static struct cgroup *cset_cgroup_from_root(struct css_set *cset,
773 774 775 776
					    struct cgroupfs_root *root)
{
	struct cgroup *res = NULL;

777 778 779
	lockdep_assert_held(&cgroup_mutex);
	lockdep_assert_held(&css_set_rwsem);

780
	if (cset == &init_css_set) {
781 782
		res = &root->top_cgroup;
	} else {
783 784 785
		struct cgrp_cset_link *link;

		list_for_each_entry(link, &cset->cgrp_links, cgrp_link) {
786
			struct cgroup *c = link->cgrp;
787

788 789 790 791 792 793
			if (c->root == root) {
				res = c;
				break;
			}
		}
	}
794

795 796 797 798
	BUG_ON(!res);
	return res;
}

799 800 801 802 803 804 805 806 807 808 809 810 811 812 813
/*
 * Return the cgroup for "task" from the given hierarchy. Must be
 * called with cgroup_mutex and css_set_rwsem held.
 */
static struct cgroup *task_cgroup_from_root(struct task_struct *task,
					    struct cgroupfs_root *root)
{
	/*
	 * No need to lock the task - since we hold cgroup_mutex the
	 * task can't change groups, so the only thing that can happen
	 * is that it exits and its css is set back to init_css_set.
	 */
	return cset_cgroup_from_root(task_css_set(task), root);
}

814 815 816 817 818 819
/*
 * A task must hold cgroup_mutex to modify cgroups.
 *
 * Any task can increment and decrement the count field without lock.
 * So in general, code holding cgroup_mutex can't rely on the count
 * field not changing.  However, if the count goes to zero, then only
820
 * cgroup_attach_task() can increment it again.  Because a count of zero
821 822 823 824 825 826 827 828 829 830 831 832 833
 * means that no tasks are currently attached, therefore there is no
 * way a task attached to that cgroup can fork (the other way to
 * increment the count).  So code holding cgroup_mutex can safely
 * assume that if the count is zero, it will stay zero. Similarly, if
 * a task holds cgroup_mutex on a cgroup with zero count, it
 * knows that the cgroup won't be removed, as cgroup_rmdir()
 * needs that mutex.
 *
 * The fork and exit callbacks cgroup_fork() and cgroup_exit(), don't
 * (usually) take cgroup_mutex.  These are the two most performance
 * critical pieces of code here.  The exception occurs on cgroup_exit(),
 * when a task in a notify_on_release cgroup exits.  Then cgroup_mutex
 * is taken, and if the cgroup count is zero, a usermode call made
L
Li Zefan 已提交
834 835
 * to the release agent with the name of the cgroup (path relative to
 * the root of cgroup file system) as the argument.
836 837 838 839 840 841 842 843 844
 *
 * A cgroup can only be deleted if both its 'count' of using tasks
 * is zero, and its list of 'children' cgroups is empty.  Since all
 * tasks in the system use _some_ cgroup, and since there is always at
 * least one task in the system (init, pid == 1), therefore, top_cgroup
 * always has either children cgroups and/or using tasks.  So we don't
 * need a special hack to ensure that top_cgroup cannot be deleted.
 *
 * P.S.  One more locking exception.  RCU is used to guard the
845
 * update of a tasks cgroup pointer by cgroup_attach_task()
846 847
 */

848
static int cgroup_populate_dir(struct cgroup *cgrp, unsigned long subsys_mask);
T
Tejun Heo 已提交
849
static struct kernfs_syscall_ops cgroup_kf_syscall_ops;
850
static const struct file_operations proc_cgroupstats_operations;
851

T
Tejun Heo 已提交
852 853 854 855 856 857 858 859 860 861 862 863
static char *cgroup_file_name(struct cgroup *cgrp, const struct cftype *cft,
			      char *buf)
{
	if (cft->ss && !(cft->flags & CFTYPE_NO_PREFIX) &&
	    !(cgrp->root->flags & CGRP_ROOT_NOPREFIX))
		snprintf(buf, CGROUP_FILE_NAME_MAX, "%s.%s",
			 cft->ss->name, cft->name);
	else
		strncpy(buf, cft->name, CGROUP_FILE_NAME_MAX);
	return buf;
}

864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889
/**
 * cgroup_file_mode - deduce file mode of a control file
 * @cft: the control file in question
 *
 * returns cft->mode if ->mode is not 0
 * returns S_IRUGO|S_IWUSR if it has both a read and a write handler
 * returns S_IRUGO if it has only a read handler
 * returns S_IWUSR if it has only a write hander
 */
static umode_t cgroup_file_mode(const struct cftype *cft)
{
	umode_t mode = 0;

	if (cft->mode)
		return cft->mode;

	if (cft->read_u64 || cft->read_s64 || cft->seq_show)
		mode |= S_IRUGO;

	if (cft->write_u64 || cft->write_s64 || cft->write_string ||
	    cft->trigger)
		mode |= S_IWUSR;

	return mode;
}

890 891
static void cgroup_free_fn(struct work_struct *work)
{
892
	struct cgroup *cgrp = container_of(work, struct cgroup, destroy_work);
893

894
	atomic_dec(&cgrp->root->nr_cgrps);
895
	cgroup_pidlist_destroy_all(cgrp);
896

T
Tejun Heo 已提交
897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912
	if (cgrp->parent) {
		/*
		 * We get a ref to the parent, and put the ref when this
		 * cgroup is being freed, so it's guaranteed that the
		 * parent won't be destroyed before its children.
		 */
		cgroup_put(cgrp->parent);
		kernfs_put(cgrp->kn);
		kfree(cgrp);
	} else {
		/*
		 * This is top cgroup's refcnt reaching zero, which
		 * indicates that the root should be released.
		 */
		cgroup_destroy_root(cgrp->root);
	}
913 914 915 916 917 918
}

static void cgroup_free_rcu(struct rcu_head *head)
{
	struct cgroup *cgrp = container_of(head, struct cgroup, rcu_head);

919
	INIT_WORK(&cgrp->destroy_work, cgroup_free_fn);
920
	queue_work(cgroup_destroy_wq, &cgrp->destroy_work);
921 922
}

923 924
static void cgroup_get(struct cgroup *cgrp)
{
T
Tejun Heo 已提交
925 926 927
	WARN_ON_ONCE(cgroup_is_dead(cgrp));
	WARN_ON_ONCE(atomic_read(&cgrp->refcnt) <= 0);
	atomic_inc(&cgrp->refcnt);
928 929
}

930 931
static void cgroup_put(struct cgroup *cgrp)
{
T
Tejun Heo 已提交
932 933
	if (!atomic_dec_and_test(&cgrp->refcnt))
		return;
T
Tejun Heo 已提交
934
	if (WARN_ON_ONCE(cgrp->parent && !cgroup_is_dead(cgrp)))
T
Tejun Heo 已提交
935
		return;
936

T
Tejun Heo 已提交
937 938 939 940 941 942 943 944 945 946
	/*
	 * XXX: cgrp->id is only used to look up css's.  As cgroup and
	 * css's lifetimes will be decoupled, it should be made
	 * per-subsystem and moved to css->id so that lookups are
	 * successful until the target css is released.
	 */
	mutex_lock(&cgroup_mutex);
	idr_remove(&cgrp->root->cgroup_idr, cgrp->id);
	mutex_unlock(&cgroup_mutex);
	cgrp->id = -1;
947

T
Tejun Heo 已提交
948
	call_rcu(&cgrp->rcu_head, cgroup_free_rcu);
949 950
}

951
static void cgroup_rm_file(struct cgroup *cgrp, const struct cftype *cft)
T
Tejun Heo 已提交
952
{
T
Tejun Heo 已提交
953
	char name[CGROUP_FILE_NAME_MAX];
T
Tejun Heo 已提交
954

T
Tejun Heo 已提交
955
	lockdep_assert_held(&cgroup_tree_mutex);
T
Tejun Heo 已提交
956
	kernfs_remove_by_name(cgrp->kn, cgroup_file_name(cgrp, cft, name));
T
Tejun Heo 已提交
957 958
}

959
/**
960
 * cgroup_clear_dir - remove subsys files in a cgroup directory
961
 * @cgrp: target cgroup
962 963
 * @subsys_mask: mask of the subsystem ids whose files should be removed
 */
964
static void cgroup_clear_dir(struct cgroup *cgrp, unsigned long subsys_mask)
T
Tejun Heo 已提交
965
{
966
	struct cgroup_subsys *ss;
967
	int i;
T
Tejun Heo 已提交
968

969
	for_each_subsys(ss, i) {
T
Tejun Heo 已提交
970
		struct cftype *cfts;
971 972

		if (!test_bit(i, &subsys_mask))
973
			continue;
T
Tejun Heo 已提交
974 975
		list_for_each_entry(cfts, &ss->cfts, node)
			cgroup_addrm_files(cgrp, cfts, false);
976
	}
977 978
}

979 980
static int rebind_subsystems(struct cgroupfs_root *dst_root,
			     unsigned long ss_mask)
981
{
982
	struct cgroup *dst_top = &dst_root->top_cgroup;
983
	struct cgroup_subsys *ss;
984
	int ssid, ret;
985

T
Tejun Heo 已提交
986 987
	lockdep_assert_held(&cgroup_tree_mutex);
	lockdep_assert_held(&cgroup_mutex);
B
Ben Blum 已提交
988

989 990 991 992 993 994 995 996 997 998
	for_each_subsys(ss, ssid) {
		if (!(ss_mask & (1 << ssid)))
			continue;

		/* if @ss is on the dummy_root, we can always move it */
		if (ss->root == &cgroup_dummy_root)
			continue;

		/* if @ss has non-root cgroups attached to it, can't move */
		if (!list_empty(&ss->root->top_cgroup.children))
T
Tejun Heo 已提交
999
			return -EBUSY;
1000

1001 1002 1003 1004 1005 1006 1007 1008 1009 1010
		/* can't move between two non-dummy roots either */
		if (dst_root != &cgroup_dummy_root)
			return -EBUSY;
	}

	if (dst_root != &cgroup_dummy_root) {
		ret = cgroup_populate_dir(dst_top, ss_mask);
		if (ret)
			return ret;
	}
1011 1012 1013 1014 1015

	/*
	 * Nothing can fail from this point on.  Remove files for the
	 * removed subsystems and rebind each subsystem.
	 */
1016
	mutex_unlock(&cgroup_mutex);
1017 1018 1019
	for_each_subsys(ss, ssid)
		if ((ss_mask & (1 << ssid)) && ss->root != &cgroup_dummy_root)
			cgroup_clear_dir(&ss->root->top_cgroup, 1 << ssid);
1020
	mutex_lock(&cgroup_mutex);
1021

1022 1023 1024 1025
	for_each_subsys(ss, ssid) {
		struct cgroupfs_root *src_root;
		struct cgroup *src_top;
		struct cgroup_subsys_state *css;
1026

1027 1028
		if (!(ss_mask & (1 << ssid)))
			continue;
1029

1030 1031 1032
		src_root = ss->root;
		src_top = &src_root->top_cgroup;
		css = cgroup_css(src_top, ss);
1033

1034
		WARN_ON(!css || cgroup_css(dst_top, ss));
1035

1036 1037 1038 1039
		RCU_INIT_POINTER(src_top->subsys[ssid], NULL);
		rcu_assign_pointer(dst_top->subsys[ssid], css);
		ss->root = dst_root;
		css->cgroup = dst_top;
1040

1041 1042
		src_root->subsys_mask &= ~(1 << ssid);
		dst_root->subsys_mask |= 1 << ssid;
1043

1044 1045
		if (ss->bind)
			ss->bind(css);
1046 1047
	}

1048 1049
	if (dst_root != &cgroup_dummy_root)
		kernfs_activate(dst_top->kn);
1050 1051 1052
	return 0;
}

T
Tejun Heo 已提交
1053 1054
static int cgroup_show_options(struct seq_file *seq,
			       struct kernfs_root *kf_root)
1055
{
T
Tejun Heo 已提交
1056
	struct cgroupfs_root *root = cgroup_root_from_kf(kf_root);
1057
	struct cgroup_subsys *ss;
T
Tejun Heo 已提交
1058
	int ssid;
1059

T
Tejun Heo 已提交
1060 1061 1062
	for_each_subsys(ss, ssid)
		if (root->subsys_mask & (1 << ssid))
			seq_printf(seq, ",%s", ss->name);
1063 1064
	if (root->flags & CGRP_ROOT_SANE_BEHAVIOR)
		seq_puts(seq, ",sane_behavior");
1065
	if (root->flags & CGRP_ROOT_NOPREFIX)
1066
		seq_puts(seq, ",noprefix");
1067
	if (root->flags & CGRP_ROOT_XATTR)
A
Aristeu Rozanski 已提交
1068
		seq_puts(seq, ",xattr");
1069 1070

	spin_lock(&release_agent_path_lock);
1071 1072
	if (strlen(root->release_agent_path))
		seq_printf(seq, ",release_agent=%s", root->release_agent_path);
1073 1074
	spin_unlock(&release_agent_path_lock);

1075
	if (test_bit(CGRP_CPUSET_CLONE_CHILDREN, &root->top_cgroup.flags))
1076
		seq_puts(seq, ",clone_children");
1077 1078
	if (strlen(root->name))
		seq_printf(seq, ",name=%s", root->name);
1079 1080 1081 1082
	return 0;
}

struct cgroup_sb_opts {
1083
	unsigned long subsys_mask;
1084
	unsigned long flags;
1085
	char *release_agent;
1086
	bool cpuset_clone_children;
1087
	char *name;
1088 1089
	/* User explicitly requested empty subsystem */
	bool none;
1090 1091
};

B
Ben Blum 已提交
1092
/*
1093 1094 1095 1096
 * Convert a hierarchy specifier into a bitmask of subsystems and
 * flags. Call with cgroup_mutex held to protect the cgroup_subsys[]
 * array. This function takes refcounts on subsystems to be used, unless it
 * returns error, in which case no refcounts are taken.
B
Ben Blum 已提交
1097
 */
B
Ben Blum 已提交
1098
static int parse_cgroupfs_options(char *data, struct cgroup_sb_opts *opts)
1099
{
1100 1101
	char *token, *o = data;
	bool all_ss = false, one_ss = false;
1102
	unsigned long mask = (unsigned long)-1;
1103 1104
	struct cgroup_subsys *ss;
	int i;
1105

B
Ben Blum 已提交
1106 1107
	BUG_ON(!mutex_is_locked(&cgroup_mutex));

1108
#ifdef CONFIG_CPUSETS
1109
	mask = ~(1UL << cpuset_cgrp_id);
1110
#endif
1111

1112
	memset(opts, 0, sizeof(*opts));
1113 1114 1115 1116

	while ((token = strsep(&o, ",")) != NULL) {
		if (!*token)
			return -EINVAL;
1117
		if (!strcmp(token, "none")) {
1118 1119
			/* Explicitly have no subsystems */
			opts->none = true;
1120 1121 1122 1123 1124 1125 1126 1127 1128
			continue;
		}
		if (!strcmp(token, "all")) {
			/* Mutually exclusive option 'all' + subsystem name */
			if (one_ss)
				return -EINVAL;
			all_ss = true;
			continue;
		}
1129 1130 1131 1132
		if (!strcmp(token, "__DEVEL__sane_behavior")) {
			opts->flags |= CGRP_ROOT_SANE_BEHAVIOR;
			continue;
		}
1133
		if (!strcmp(token, "noprefix")) {
1134
			opts->flags |= CGRP_ROOT_NOPREFIX;
1135 1136 1137
			continue;
		}
		if (!strcmp(token, "clone_children")) {
1138
			opts->cpuset_clone_children = true;
1139 1140
			continue;
		}
A
Aristeu Rozanski 已提交
1141
		if (!strcmp(token, "xattr")) {
1142
			opts->flags |= CGRP_ROOT_XATTR;
A
Aristeu Rozanski 已提交
1143 1144
			continue;
		}
1145
		if (!strncmp(token, "release_agent=", 14)) {
1146 1147 1148
			/* Specifying two release agents is forbidden */
			if (opts->release_agent)
				return -EINVAL;
1149
			opts->release_agent =
1150
				kstrndup(token + 14, PATH_MAX - 1, GFP_KERNEL);
1151 1152
			if (!opts->release_agent)
				return -ENOMEM;
1153 1154 1155
			continue;
		}
		if (!strncmp(token, "name=", 5)) {
1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172
			const char *name = token + 5;
			/* Can't specify an empty name */
			if (!strlen(name))
				return -EINVAL;
			/* Must match [\w.-]+ */
			for (i = 0; i < strlen(name); i++) {
				char c = name[i];
				if (isalnum(c))
					continue;
				if ((c == '.') || (c == '-') || (c == '_'))
					continue;
				return -EINVAL;
			}
			/* Specifying two names is forbidden */
			if (opts->name)
				return -EINVAL;
			opts->name = kstrndup(name,
1173
					      MAX_CGROUP_ROOT_NAMELEN - 1,
1174 1175 1176
					      GFP_KERNEL);
			if (!opts->name)
				return -ENOMEM;
1177 1178 1179 1180

			continue;
		}

1181
		for_each_subsys(ss, i) {
1182 1183 1184 1185 1186 1187 1188 1189
			if (strcmp(token, ss->name))
				continue;
			if (ss->disabled)
				continue;

			/* Mutually exclusive option 'all' + subsystem name */
			if (all_ss)
				return -EINVAL;
1190
			set_bit(i, &opts->subsys_mask);
1191 1192 1193 1194 1195 1196 1197 1198 1199 1200
			one_ss = true;

			break;
		}
		if (i == CGROUP_SUBSYS_COUNT)
			return -ENOENT;
	}

	/*
	 * If the 'all' option was specified select all the subsystems,
1201 1202
	 * otherwise if 'none', 'name=' and a subsystem name options
	 * were not specified, let's default to 'all'
1203
	 */
1204 1205 1206 1207
	if (all_ss || (!one_ss && !opts->none && !opts->name))
		for_each_subsys(ss, i)
			if (!ss->disabled)
				set_bit(i, &opts->subsys_mask);
1208

1209 1210
	/* Consistency checks */

1211 1212 1213
	if (opts->flags & CGRP_ROOT_SANE_BEHAVIOR) {
		pr_warning("cgroup: sane_behavior: this is still under development and its behaviors will change, proceed at your own risk\n");

1214 1215 1216 1217
		if ((opts->flags & (CGRP_ROOT_NOPREFIX | CGRP_ROOT_XATTR)) ||
		    opts->cpuset_clone_children || opts->release_agent ||
		    opts->name) {
			pr_err("cgroup: sane_behavior: noprefix, xattr, clone_children, release_agent and name are not allowed\n");
1218 1219 1220 1221
			return -EINVAL;
		}
	}

1222 1223 1224 1225 1226
	/*
	 * Option noprefix was introduced just for backward compatibility
	 * with the old cpuset, so we allow noprefix only if mounting just
	 * the cpuset subsystem.
	 */
1227
	if ((opts->flags & CGRP_ROOT_NOPREFIX) && (opts->subsys_mask & mask))
1228 1229
		return -EINVAL;

1230 1231

	/* Can't specify "none" and some subsystems */
1232
	if (opts->subsys_mask && opts->none)
1233 1234 1235 1236 1237 1238
		return -EINVAL;

	/*
	 * We either have to specify by name or by subsystems. (So all
	 * empty hierarchies must have a name).
	 */
1239
	if (!opts->subsys_mask && !opts->name)
1240 1241 1242 1243 1244
		return -EINVAL;

	return 0;
}

T
Tejun Heo 已提交
1245
static int cgroup_remount(struct kernfs_root *kf_root, int *flags, char *data)
1246 1247
{
	int ret = 0;
T
Tejun Heo 已提交
1248
	struct cgroupfs_root *root = cgroup_root_from_kf(kf_root);
1249
	struct cgroup_sb_opts opts;
1250
	unsigned long added_mask, removed_mask;
1251

1252 1253 1254 1255 1256
	if (root->flags & CGRP_ROOT_SANE_BEHAVIOR) {
		pr_err("cgroup: sane_behavior: remount is not allowed\n");
		return -EINVAL;
	}

T
Tejun Heo 已提交
1257
	mutex_lock(&cgroup_tree_mutex);
1258 1259 1260 1261 1262 1263 1264
	mutex_lock(&cgroup_mutex);

	/* See what subsystems are wanted */
	ret = parse_cgroupfs_options(data, &opts);
	if (ret)
		goto out_unlock;

1265
	if (opts.subsys_mask != root->subsys_mask || opts.release_agent)
1266 1267 1268
		pr_warning("cgroup: option changes via remount are deprecated (pid=%d comm=%s)\n",
			   task_tgid_nr(current), current->comm);

1269 1270
	added_mask = opts.subsys_mask & ~root->subsys_mask;
	removed_mask = root->subsys_mask & ~opts.subsys_mask;
1271

B
Ben Blum 已提交
1272
	/* Don't allow flags or name to change at remount */
1273
	if (((opts.flags ^ root->flags) & CGRP_ROOT_OPTION_MASK) ||
B
Ben Blum 已提交
1274
	    (opts.name && strcmp(opts.name, root->name))) {
1275 1276 1277
		pr_err("cgroup: option or name mismatch, new: 0x%lx \"%s\", old: 0x%lx \"%s\"\n",
		       opts.flags & CGRP_ROOT_OPTION_MASK, opts.name ?: "",
		       root->flags & CGRP_ROOT_OPTION_MASK, root->name);
1278 1279 1280 1281
		ret = -EINVAL;
		goto out_unlock;
	}

1282
	/* remounting is not allowed for populated hierarchies */
1283
	if (!list_empty(&root->top_cgroup.children)) {
1284
		ret = -EBUSY;
1285
		goto out_unlock;
B
Ben Blum 已提交
1286
	}
1287

1288
	ret = rebind_subsystems(root, added_mask);
1289
	if (ret)
1290
		goto out_unlock;
1291

1292 1293
	rebind_subsystems(&cgroup_dummy_root, removed_mask);

1294 1295
	if (opts.release_agent) {
		spin_lock(&release_agent_path_lock);
1296
		strcpy(root->release_agent_path, opts.release_agent);
1297 1298
		spin_unlock(&release_agent_path_lock);
	}
1299
 out_unlock:
1300
	kfree(opts.release_agent);
1301
	kfree(opts.name);
1302
	mutex_unlock(&cgroup_mutex);
T
Tejun Heo 已提交
1303
	mutex_unlock(&cgroup_tree_mutex);
1304 1305 1306
	return ret;
}

1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318
/*
 * To reduce the fork() overhead for systems that are not actually using
 * their cgroups capability, we don't maintain the lists running through
 * each css_set to its tasks until we see the list actually used - in other
 * words after the first mount.
 */
static bool use_task_css_set_links __read_mostly;

static void cgroup_enable_task_cg_lists(void)
{
	struct task_struct *p, *g;

1319
	down_write(&css_set_rwsem);
1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341

	if (use_task_css_set_links)
		goto out_unlock;

	use_task_css_set_links = true;

	/*
	 * We need tasklist_lock because RCU is not safe against
	 * while_each_thread(). Besides, a forking task that has passed
	 * cgroup_post_fork() without seeing use_task_css_set_links = 1
	 * is not guaranteed to have its child immediately visible in the
	 * tasklist if we walk through it with RCU.
	 */
	read_lock(&tasklist_lock);
	do_each_thread(g, p) {
		WARN_ON_ONCE(!list_empty(&p->cg_list) ||
			     task_css_set(p) != &init_css_set);

		/*
		 * We should check if the process is exiting, otherwise
		 * it will race with cgroup_exit() in that the list
		 * entry won't be deleted though the process has exited.
1342 1343
		 * Do it while holding siglock so that we don't end up
		 * racing against cgroup_exit().
1344
		 */
1345
		spin_lock_irq(&p->sighand->siglock);
1346 1347 1348 1349 1350 1351
		if (!(p->flags & PF_EXITING)) {
			struct css_set *cset = task_css_set(p);

			list_add(&p->cg_list, &cset->tasks);
			get_css_set(cset);
		}
1352
		spin_unlock_irq(&p->sighand->siglock);
1353 1354 1355
	} while_each_thread(g, p);
	read_unlock(&tasklist_lock);
out_unlock:
1356
	up_write(&css_set_rwsem);
1357 1358
}

1359 1360
static void init_cgroup_housekeeping(struct cgroup *cgrp)
{
T
Tejun Heo 已提交
1361
	atomic_set(&cgrp->refcnt, 1);
1362 1363
	INIT_LIST_HEAD(&cgrp->sibling);
	INIT_LIST_HEAD(&cgrp->children);
1364
	INIT_LIST_HEAD(&cgrp->cset_links);
1365
	INIT_LIST_HEAD(&cgrp->release_list);
1366 1367
	INIT_LIST_HEAD(&cgrp->pidlists);
	mutex_init(&cgrp->pidlist_mutex);
T
Tejun Heo 已提交
1368
	cgrp->dummy_css.cgroup = cgrp;
1369
}
1370

1371 1372
static void init_cgroup_root(struct cgroupfs_root *root,
			     struct cgroup_sb_opts *opts)
1373
{
1374
	struct cgroup *cgrp = &root->top_cgroup;
1375

1376
	INIT_LIST_HEAD(&root->root_list);
1377
	atomic_set(&root->nr_cgrps, 1);
1378
	cgrp->root = root;
1379
	init_cgroup_housekeeping(cgrp);
1380
	idr_init(&root->cgroup_idr);
1381

1382 1383 1384 1385 1386
	root->flags = opts->flags;
	if (opts->release_agent)
		strcpy(root->release_agent_path, opts->release_agent);
	if (opts->name)
		strcpy(root->name, opts->name);
1387 1388
	if (opts->cpuset_clone_children)
		set_bit(CGRP_CPUSET_CLONE_CHILDREN, &root->top_cgroup.flags);
1389 1390
}

T
Tejun Heo 已提交
1391
static int cgroup_setup_root(struct cgroupfs_root *root, unsigned long ss_mask)
1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402
{
	LIST_HEAD(tmp_links);
	struct cgroup *root_cgrp = &root->top_cgroup;
	struct css_set *cset;
	int i, ret;

	lockdep_assert_held(&cgroup_tree_mutex);
	lockdep_assert_held(&cgroup_mutex);

	ret = idr_alloc(&root->cgroup_idr, root_cgrp, 0, 1, GFP_KERNEL);
	if (ret < 0)
T
Tejun Heo 已提交
1403
		goto out;
1404 1405 1406
	root_cgrp->id = ret;

	/*
1407
	 * We're accessing css_set_count without locking css_set_rwsem here,
1408 1409 1410 1411 1412 1413
	 * but that's OK - it can only be increased by someone holding
	 * cgroup_lock, and that's us. The worst that can happen is that we
	 * have some link structures left over
	 */
	ret = allocate_cgrp_cset_links(css_set_count, &tmp_links);
	if (ret)
T
Tejun Heo 已提交
1414
		goto out;
1415

1416
	ret = cgroup_init_root_id(root);
1417
	if (ret)
T
Tejun Heo 已提交
1418
		goto out;
1419

T
Tejun Heo 已提交
1420 1421 1422 1423 1424 1425 1426 1427
	root->kf_root = kernfs_create_root(&cgroup_kf_syscall_ops,
					   KERNFS_ROOT_CREATE_DEACTIVATED,
					   root_cgrp);
	if (IS_ERR(root->kf_root)) {
		ret = PTR_ERR(root->kf_root);
		goto exit_root_id;
	}
	root_cgrp->kn = root->kf_root->kn;
1428 1429 1430

	ret = cgroup_addrm_files(root_cgrp, cgroup_base_files, true);
	if (ret)
T
Tejun Heo 已提交
1431
		goto destroy_root;
1432

1433
	ret = rebind_subsystems(root, ss_mask);
1434
	if (ret)
T
Tejun Heo 已提交
1435
		goto destroy_root;
1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448

	/*
	 * There must be no failure case after here, since rebinding takes
	 * care of subsystems' refcounts, which are explicitly dropped in
	 * the failure exit path.
	 */
	list_add(&root->root_list, &cgroup_roots);
	cgroup_root_count++;

	/*
	 * Link the top cgroup in this hierarchy into all the css_set
	 * objects.
	 */
1449
	down_write(&css_set_rwsem);
1450 1451
	hash_for_each(css_set_table, i, cset, hlist)
		link_css_set(&tmp_links, cset, root_cgrp);
1452
	up_write(&css_set_rwsem);
1453 1454

	BUG_ON(!list_empty(&root_cgrp->children));
1455
	BUG_ON(atomic_read(&root->nr_cgrps) != 1);
1456

T
Tejun Heo 已提交
1457
	kernfs_activate(root_cgrp->kn);
1458
	ret = 0;
T
Tejun Heo 已提交
1459
	goto out;
1460

T
Tejun Heo 已提交
1461 1462 1463 1464
destroy_root:
	kernfs_destroy_root(root->kf_root);
	root->kf_root = NULL;
exit_root_id:
1465
	cgroup_exit_root_id(root);
T
Tejun Heo 已提交
1466
out:
1467 1468 1469 1470
	free_cgrp_cset_links(&tmp_links);
	return ret;
}

A
Al Viro 已提交
1471
static struct dentry *cgroup_mount(struct file_system_type *fs_type,
1472
			 int flags, const char *unused_dev_name,
A
Al Viro 已提交
1473
			 void *data)
1474
{
T
Tejun Heo 已提交
1475
	struct cgroupfs_root *root;
1476
	struct cgroup_sb_opts opts;
T
Tejun Heo 已提交
1477
	struct dentry *dentry;
1478
	int ret;
1479 1480 1481 1482 1483 1484 1485

	/*
	 * The first time anyone tries to mount a cgroup, enable the list
	 * linking each css_set to its tasks and fix up all existing tasks.
	 */
	if (!use_task_css_set_links)
		cgroup_enable_task_cg_lists();
T
Tejun Heo 已提交
1486
retry:
1487
	mutex_lock(&cgroup_tree_mutex);
B
Ben Blum 已提交
1488
	mutex_lock(&cgroup_mutex);
1489 1490

	/* First find the desired set of subsystems */
1491
	ret = parse_cgroupfs_options(data, &opts);
1492
	if (ret)
1493
		goto out_unlock;
1494

T
Tejun Heo 已提交
1495
	/* look for a matching existing root */
1496
	for_each_root(root) {
T
Tejun Heo 已提交
1497
		bool name_match = false;
1498

1499 1500 1501
		if (root == &cgroup_dummy_root)
			continue;

T
Tejun Heo 已提交
1502 1503 1504 1505 1506 1507 1508 1509 1510 1511
		/*
		 * If we asked for a name then it must match.  Also, if
		 * name matches but sybsys_mask doesn't, we should fail.
		 * Remember whether name matched.
		 */
		if (opts.name) {
			if (strcmp(opts.name, root->name))
				continue;
			name_match = true;
		}
1512

1513
		/*
T
Tejun Heo 已提交
1514 1515
		 * If we asked for subsystems (or explicitly for no
		 * subsystems) then they must match.
1516
		 */
T
Tejun Heo 已提交
1517 1518 1519 1520 1521 1522 1523
		if ((opts.subsys_mask || opts.none) &&
		    (opts.subsys_mask != root->subsys_mask)) {
			if (!name_match)
				continue;
			ret = -EBUSY;
			goto out_unlock;
		}
1524

1525
		if ((root->flags ^ opts.flags) & CGRP_ROOT_OPTION_MASK) {
1526 1527 1528
			if ((root->flags | opts.flags) & CGRP_ROOT_SANE_BEHAVIOR) {
				pr_err("cgroup: sane_behavior: new mount options should match the existing superblock\n");
				ret = -EINVAL;
1529
				goto out_unlock;
1530 1531 1532
			} else {
				pr_warning("cgroup: new mount options do not match the existing superblock, will be ignored\n");
			}
1533
		}
T
Tejun Heo 已提交
1534

T
Tejun Heo 已提交
1535 1536 1537 1538 1539 1540 1541 1542 1543 1544
		/*
		 * A root's lifetime is governed by its top cgroup.  Zero
		 * ref indicate that the root is being destroyed.  Wait for
		 * destruction to complete so that the subsystems are free.
		 * We can use wait_queue for the wait but this path is
		 * super cold.  Let's just sleep for a bit and retry.
		 */
		if (!atomic_inc_not_zero(&root->top_cgroup.refcnt)) {
			mutex_unlock(&cgroup_mutex);
			mutex_unlock(&cgroup_tree_mutex);
1545 1546
			kfree(opts.release_agent);
			kfree(opts.name);
T
Tejun Heo 已提交
1547 1548 1549 1550 1551
			msleep(10);
			goto retry;
		}

		ret = 0;
T
Tejun Heo 已提交
1552
		goto out_unlock;
1553 1554
	}

1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566 1567
	/*
	 * No such thing, create a new one.  name= matching without subsys
	 * specification is allowed for already existing hierarchies but we
	 * can't create new one without subsys specification.
	 */
	if (!opts.subsys_mask && !opts.none) {
		ret = -EINVAL;
		goto out_unlock;
	}

	root = kzalloc(sizeof(*root), GFP_KERNEL);
	if (!root) {
		ret = -ENOMEM;
T
Tejun Heo 已提交
1568 1569 1570
		goto out_unlock;
	}

1571 1572
	init_cgroup_root(root, &opts);

T
Tejun Heo 已提交
1573
	ret = cgroup_setup_root(root, opts.subsys_mask);
T
Tejun Heo 已提交
1574 1575 1576
	if (ret)
		cgroup_free_root(root);

1577
out_unlock:
T
Tejun Heo 已提交
1578
	mutex_unlock(&cgroup_mutex);
T
Tejun Heo 已提交
1579
	mutex_unlock(&cgroup_tree_mutex);
1580

1581 1582
	kfree(opts.release_agent);
	kfree(opts.name);
1583

T
Tejun Heo 已提交
1584
	if (ret)
1585
		return ERR_PTR(ret);
T
Tejun Heo 已提交
1586 1587 1588

	dentry = kernfs_mount(fs_type, flags, root->kf_root);
	if (IS_ERR(dentry))
T
Tejun Heo 已提交
1589
		cgroup_put(&root->top_cgroup);
T
Tejun Heo 已提交
1590 1591 1592 1593 1594 1595 1596 1597
	return dentry;
}

static void cgroup_kill_sb(struct super_block *sb)
{
	struct kernfs_root *kf_root = kernfs_root_from_sb(sb);
	struct cgroupfs_root *root = cgroup_root_from_kf(kf_root);

T
Tejun Heo 已提交
1598
	cgroup_put(&root->top_cgroup);
T
Tejun Heo 已提交
1599
	kernfs_kill_sb(sb);
1600 1601 1602 1603
}

static struct file_system_type cgroup_fs_type = {
	.name = "cgroup",
A
Al Viro 已提交
1604
	.mount = cgroup_mount,
1605 1606 1607
	.kill_sb = cgroup_kill_sb,
};

1608 1609
static struct kobject *cgroup_kobj;

1610
/**
1611
 * task_cgroup_path - cgroup path of a task in the first cgroup hierarchy
1612 1613 1614 1615
 * @task: target task
 * @buf: the buffer to write the path into
 * @buflen: the length of the buffer
 *
1616 1617 1618 1619 1620
 * Determine @task's cgroup on the first (the one with the lowest non-zero
 * hierarchy_id) cgroup hierarchy and copy its path into @buf.  This
 * function grabs cgroup_mutex and shouldn't be used inside locks used by
 * cgroup controller callbacks.
 *
T
Tejun Heo 已提交
1621
 * Return value is the same as kernfs_path().
1622
 */
T
Tejun Heo 已提交
1623
char *task_cgroup_path(struct task_struct *task, char *buf, size_t buflen)
1624 1625
{
	struct cgroupfs_root *root;
1626
	struct cgroup *cgrp;
T
Tejun Heo 已提交
1627 1628
	int hierarchy_id = 1;
	char *path = NULL;
1629 1630

	mutex_lock(&cgroup_mutex);
1631
	down_read(&css_set_rwsem);
1632

1633 1634
	root = idr_get_next(&cgroup_hierarchy_idr, &hierarchy_id);

1635 1636
	if (root) {
		cgrp = task_cgroup_from_root(task, root);
T
Tejun Heo 已提交
1637
		path = cgroup_path(cgrp, buf, buflen);
1638 1639
	} else {
		/* if no hierarchy exists, everyone is in "/" */
T
Tejun Heo 已提交
1640 1641
		if (strlcpy(buf, "/", buflen) < buflen)
			path = buf;
1642 1643
	}

1644
	up_read(&css_set_rwsem);
1645
	mutex_unlock(&cgroup_mutex);
T
Tejun Heo 已提交
1646
	return path;
1647
}
1648
EXPORT_SYMBOL_GPL(task_cgroup_path);
1649

1650
/* used to track tasks and other necessary states during migration */
1651
struct cgroup_taskset {
1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669
	/* the src and dst cset list running through cset->mg_node */
	struct list_head	src_csets;
	struct list_head	dst_csets;

	/*
	 * Fields for cgroup_taskset_*() iteration.
	 *
	 * Before migration is committed, the target migration tasks are on
	 * ->mg_tasks of the csets on ->src_csets.  After, on ->mg_tasks of
	 * the csets on ->dst_csets.  ->csets point to either ->src_csets
	 * or ->dst_csets depending on whether migration is committed.
	 *
	 * ->cur_csets and ->cur_task point to the current task position
	 * during iteration.
	 */
	struct list_head	*csets;
	struct css_set		*cur_cset;
	struct task_struct	*cur_task;
1670 1671 1672 1673 1674 1675 1676 1677 1678 1679
};

/**
 * cgroup_taskset_first - reset taskset and return the first task
 * @tset: taskset of interest
 *
 * @tset iteration is initialized and the first task is returned.
 */
struct task_struct *cgroup_taskset_first(struct cgroup_taskset *tset)
{
1680 1681 1682 1683
	tset->cur_cset = list_first_entry(tset->csets, struct css_set, mg_node);
	tset->cur_task = NULL;

	return cgroup_taskset_next(tset);
1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694
}

/**
 * cgroup_taskset_next - iterate to the next task in taskset
 * @tset: taskset of interest
 *
 * Return the next task in @tset.  Iteration must have been initialized
 * with cgroup_taskset_first().
 */
struct task_struct *cgroup_taskset_next(struct cgroup_taskset *tset)
{
1695 1696
	struct css_set *cset = tset->cur_cset;
	struct task_struct *task = tset->cur_task;
1697

1698 1699 1700 1701 1702 1703
	while (&cset->mg_node != tset->csets) {
		if (!task)
			task = list_first_entry(&cset->mg_tasks,
						struct task_struct, cg_list);
		else
			task = list_next_entry(task, cg_list);
1704

1705 1706 1707 1708 1709 1710 1711 1712 1713 1714 1715
		if (&task->cg_list != &cset->mg_tasks) {
			tset->cur_cset = cset;
			tset->cur_task = task;
			return task;
		}

		cset = list_next_entry(cset, mg_node);
		task = NULL;
	}

	return NULL;
1716 1717
}

1718
/**
B
Ben Blum 已提交
1719
 * cgroup_task_migrate - move a task from one cgroup to another.
1720 1721 1722
 * @old_cgrp; the cgroup @tsk is being migrated from
 * @tsk: the task being migrated
 * @new_cset: the new css_set @tsk is being attached to
B
Ben Blum 已提交
1723
 *
1724
 * Must be called with cgroup_mutex, threadgroup and css_set_rwsem locked.
B
Ben Blum 已提交
1725
 */
1726 1727 1728
static void cgroup_task_migrate(struct cgroup *old_cgrp,
				struct task_struct *tsk,
				struct css_set *new_cset)
B
Ben Blum 已提交
1729
{
1730
	struct css_set *old_cset;
B
Ben Blum 已提交
1731

1732 1733 1734
	lockdep_assert_held(&cgroup_mutex);
	lockdep_assert_held(&css_set_rwsem);

B
Ben Blum 已提交
1735
	/*
1736 1737 1738
	 * We are synchronized through threadgroup_lock() against PF_EXITING
	 * setting such that we can't race against cgroup_exit() changing the
	 * css_set to init_css_set and dropping the old one.
B
Ben Blum 已提交
1739
	 */
1740
	WARN_ON_ONCE(tsk->flags & PF_EXITING);
1741
	old_cset = task_css_set(tsk);
B
Ben Blum 已提交
1742

1743
	get_css_set(new_cset);
1744
	rcu_assign_pointer(tsk->cgroups, new_cset);
1745
	list_move(&tsk->cg_list, &new_cset->mg_tasks);
B
Ben Blum 已提交
1746 1747

	/*
1748 1749 1750
	 * We just gained a reference on old_cset by taking it from the
	 * task. As trading it for new_cset is protected by cgroup_mutex,
	 * we're safe to drop it here; it will be freed under RCU.
B
Ben Blum 已提交
1751
	 */
1752
	set_bit(CGRP_RELEASABLE, &old_cgrp->flags);
1753
	put_css_set_locked(old_cset, false);
B
Ben Blum 已提交
1754 1755
}

L
Li Zefan 已提交
1756
/**
1757 1758
 * cgroup_migrate_finish - cleanup after attach
 * @preloaded_csets: list of preloaded css_sets
B
Ben Blum 已提交
1759
 *
1760 1761
 * Undo cgroup_migrate_add_src() and cgroup_migrate_prepare_dst().  See
 * those functions for details.
B
Ben Blum 已提交
1762
 */
1763 1764 1765 1766 1767 1768 1769 1770 1771 1772 1773 1774 1775 1776 1777 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 1799 1800 1801 1802 1803 1804 1805 1806 1807 1808 1809 1810 1811 1812 1813 1814 1815 1816 1817 1818 1819 1820 1821 1822 1823 1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842 1843 1844 1845 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 1857 1858 1859 1860 1861 1862 1863 1864 1865 1866 1867 1868 1869 1870 1871 1872 1873 1874 1875 1876 1877 1878 1879 1880 1881 1882 1883 1884 1885 1886 1887
static void cgroup_migrate_finish(struct list_head *preloaded_csets)
{
	struct css_set *cset, *tmp_cset;

	lockdep_assert_held(&cgroup_mutex);

	down_write(&css_set_rwsem);
	list_for_each_entry_safe(cset, tmp_cset, preloaded_csets, mg_preload_node) {
		cset->mg_src_cgrp = NULL;
		cset->mg_dst_cset = NULL;
		list_del_init(&cset->mg_preload_node);
		put_css_set_locked(cset, false);
	}
	up_write(&css_set_rwsem);
}

/**
 * cgroup_migrate_add_src - add a migration source css_set
 * @src_cset: the source css_set to add
 * @dst_cgrp: the destination cgroup
 * @preloaded_csets: list of preloaded css_sets
 *
 * Tasks belonging to @src_cset are about to be migrated to @dst_cgrp.  Pin
 * @src_cset and add it to @preloaded_csets, which should later be cleaned
 * up by cgroup_migrate_finish().
 *
 * This function may be called without holding threadgroup_lock even if the
 * target is a process.  Threads may be created and destroyed but as long
 * as cgroup_mutex is not dropped, no new css_set can be put into play and
 * the preloaded css_sets are guaranteed to cover all migrations.
 */
static void cgroup_migrate_add_src(struct css_set *src_cset,
				   struct cgroup *dst_cgrp,
				   struct list_head *preloaded_csets)
{
	struct cgroup *src_cgrp;

	lockdep_assert_held(&cgroup_mutex);
	lockdep_assert_held(&css_set_rwsem);

	src_cgrp = cset_cgroup_from_root(src_cset, dst_cgrp->root);

	/* nothing to do if this cset already belongs to the cgroup */
	if (src_cgrp == dst_cgrp)
		return;

	if (!list_empty(&src_cset->mg_preload_node))
		return;

	WARN_ON(src_cset->mg_src_cgrp);
	WARN_ON(!list_empty(&src_cset->mg_tasks));
	WARN_ON(!list_empty(&src_cset->mg_node));

	src_cset->mg_src_cgrp = src_cgrp;
	get_css_set(src_cset);
	list_add(&src_cset->mg_preload_node, preloaded_csets);
}

/**
 * cgroup_migrate_prepare_dst - prepare destination css_sets for migration
 * @dst_cgrp: the destination cgroup
 * @preloaded_csets: list of preloaded source css_sets
 *
 * Tasks are about to be moved to @dst_cgrp and all the source css_sets
 * have been preloaded to @preloaded_csets.  This function looks up and
 * pins all destination css_sets, links each to its source, and put them on
 * @preloaded_csets.
 *
 * This function must be called after cgroup_migrate_add_src() has been
 * called on each migration source css_set.  After migration is performed
 * using cgroup_migrate(), cgroup_migrate_finish() must be called on
 * @preloaded_csets.
 */
static int cgroup_migrate_prepare_dst(struct cgroup *dst_cgrp,
				      struct list_head *preloaded_csets)
{
	LIST_HEAD(csets);
	struct css_set *src_cset;

	lockdep_assert_held(&cgroup_mutex);

	/* look up the dst cset for each src cset and link it to src */
	list_for_each_entry(src_cset, preloaded_csets, mg_preload_node) {
		struct css_set *dst_cset;

		dst_cset = find_css_set(src_cset, dst_cgrp);
		if (!dst_cset)
			goto err;

		WARN_ON_ONCE(src_cset->mg_dst_cset || dst_cset->mg_dst_cset);
		src_cset->mg_dst_cset = dst_cset;

		if (list_empty(&dst_cset->mg_preload_node))
			list_add(&dst_cset->mg_preload_node, &csets);
		else
			put_css_set(dst_cset, false);
	}

	list_splice(&csets, preloaded_csets);
	return 0;
err:
	cgroup_migrate_finish(&csets);
	return -ENOMEM;
}

/**
 * cgroup_migrate - migrate a process or task to a cgroup
 * @cgrp: the destination cgroup
 * @leader: the leader of the process or the task to migrate
 * @threadgroup: whether @leader points to the whole process or a single task
 *
 * Migrate a process or task denoted by @leader to @cgrp.  If migrating a
 * process, the caller must be holding threadgroup_lock of @leader.  The
 * caller is also responsible for invoking cgroup_migrate_add_src() and
 * cgroup_migrate_prepare_dst() on the targets before invoking this
 * function and following up with cgroup_migrate_finish().
 *
 * As long as a controller's ->can_attach() doesn't fail, this function is
 * guaranteed to succeed.  This means that, excluding ->can_attach()
 * failure, when migrating multiple targets, the success or failure can be
 * decided for all targets by invoking group_migrate_prepare_dst() before
 * actually starting migrating.
 */
static int cgroup_migrate(struct cgroup *cgrp, struct task_struct *leader,
			  bool threadgroup)
B
Ben Blum 已提交
1888
{
1889 1890 1891 1892 1893
	struct cgroup_taskset tset = {
		.src_csets	= LIST_HEAD_INIT(tset.src_csets),
		.dst_csets	= LIST_HEAD_INIT(tset.dst_csets),
		.csets		= &tset.src_csets,
	};
T
Tejun Heo 已提交
1894
	struct cgroup_subsys_state *css, *failed_css = NULL;
1895 1896 1897
	struct css_set *cset, *tmp_cset;
	struct task_struct *task, *tmp_task;
	int i, ret;
B
Ben Blum 已提交
1898

1899 1900 1901 1902 1903
	/*
	 * Prevent freeing of tasks while we take a snapshot. Tasks that are
	 * already PF_EXITING could be freed from underneath us unless we
	 * take an rcu_read_lock.
	 */
1904
	down_write(&css_set_rwsem);
1905
	rcu_read_lock();
1906
	task = leader;
B
Ben Blum 已提交
1907
	do {
1908 1909
		/* @task either already exited or can't exit until the end */
		if (task->flags & PF_EXITING)
1910
			goto next;
1911

1912 1913 1914 1915
		/* leave @task alone if post_fork() hasn't linked it yet */
		if (list_empty(&task->cg_list))
			goto next;

1916
		cset = task_css_set(task);
1917
		if (!cset->mg_src_cgrp)
1918
			goto next;
1919 1920

		list_move(&task->cg_list, &cset->mg_tasks);
1921 1922
		list_move(&cset->mg_node, &tset.src_csets);
		list_move(&cset->mg_dst_cset->mg_node, &tset.dst_csets);
1923
	next:
1924 1925
		if (!threadgroup)
			break;
1926
	} while_each_thread(leader, task);
1927
	rcu_read_unlock();
1928
	up_write(&css_set_rwsem);
B
Ben Blum 已提交
1929

1930
	/* methods shouldn't be called if no task is actually migrating */
1931 1932
	if (list_empty(&tset.src_csets))
		return 0;
1933

1934
	/* check that we can legitimately attach to the cgroup */
T
Tejun Heo 已提交
1935 1936
	for_each_css(css, i, cgrp) {
		if (css->ss->can_attach) {
1937 1938
			ret = css->ss->can_attach(css, &tset);
			if (ret) {
T
Tejun Heo 已提交
1939
				failed_css = css;
B
Ben Blum 已提交
1940 1941 1942 1943 1944 1945
				goto out_cancel_attach;
			}
		}
	}

	/*
1946 1947 1948
	 * Now that we're guaranteed success, proceed to move all tasks to
	 * the new cgroup.  There are no failure cases after here, so this
	 * is the commit point.
B
Ben Blum 已提交
1949
	 */
1950
	down_write(&css_set_rwsem);
1951 1952 1953 1954
	list_for_each_entry(cset, &tset.src_csets, mg_node) {
		list_for_each_entry_safe(task, tmp_task, &cset->mg_tasks, cg_list)
			cgroup_task_migrate(cset->mg_src_cgrp, task,
					    cset->mg_dst_cset);
B
Ben Blum 已提交
1955
	}
1956
	up_write(&css_set_rwsem);
1957

B
Ben Blum 已提交
1958
	/*
1959 1960 1961
	 * Migration is committed, all target tasks are now on dst_csets.
	 * Nothing is sensitive to fork() after this point.  Notify
	 * controllers that migration is complete.
B
Ben Blum 已提交
1962
	 */
1963 1964
	tset.csets = &tset.dst_csets;

T
Tejun Heo 已提交
1965 1966 1967
	for_each_css(css, i, cgrp)
		if (css->ss->attach)
			css->ss->attach(css, &tset);
B
Ben Blum 已提交
1968

1969
	ret = 0;
1970 1971
	goto out_release_tset;

B
Ben Blum 已提交
1972
out_cancel_attach:
1973 1974 1975 1976 1977
	for_each_css(css, i, cgrp) {
		if (css == failed_css)
			break;
		if (css->ss->cancel_attach)
			css->ss->cancel_attach(css, &tset);
B
Ben Blum 已提交
1978
	}
1979 1980 1981 1982 1983 1984 1985 1986
out_release_tset:
	down_write(&css_set_rwsem);
	list_splice_init(&tset.dst_csets, &tset.src_csets);
	list_for_each_entry_safe(cset, tmp_cset, &tset.src_csets, mg_node) {
		list_splice_init(&cset->mg_tasks, &cset->tasks);
		list_del_init(&cset->mg_node);
	}
	up_write(&css_set_rwsem);
1987
	return ret;
B
Ben Blum 已提交
1988 1989
}

1990 1991 1992 1993 1994 1995
/**
 * cgroup_attach_task - attach a task or a whole threadgroup to a cgroup
 * @dst_cgrp: the cgroup to attach to
 * @leader: the task or the leader of the threadgroup to be attached
 * @threadgroup: attach the whole threadgroup?
 *
1996
 * Call holding cgroup_mutex and threadgroup_lock of @leader.
1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026
 */
static int cgroup_attach_task(struct cgroup *dst_cgrp,
			      struct task_struct *leader, bool threadgroup)
{
	LIST_HEAD(preloaded_csets);
	struct task_struct *task;
	int ret;

	/* look up all src csets */
	down_read(&css_set_rwsem);
	rcu_read_lock();
	task = leader;
	do {
		cgroup_migrate_add_src(task_css_set(task), dst_cgrp,
				       &preloaded_csets);
		if (!threadgroup)
			break;
	} while_each_thread(leader, task);
	rcu_read_unlock();
	up_read(&css_set_rwsem);

	/* prepare dst csets and commit */
	ret = cgroup_migrate_prepare_dst(dst_cgrp, &preloaded_csets);
	if (!ret)
		ret = cgroup_migrate(dst_cgrp, leader, threadgroup);

	cgroup_migrate_finish(&preloaded_csets);
	return ret;
}

B
Ben Blum 已提交
2027 2028
/*
 * Find the task_struct of the task to attach by vpid and pass it along to the
2029
 * function to attach either it or all tasks in its threadgroup. Will lock
2030
 * cgroup_mutex and threadgroup.
2031
 */
B
Ben Blum 已提交
2032
static int attach_task_by_pid(struct cgroup *cgrp, u64 pid, bool threadgroup)
2033 2034
{
	struct task_struct *tsk;
2035
	const struct cred *cred = current_cred(), *tcred;
2036 2037
	int ret;

B
Ben Blum 已提交
2038 2039 2040
	if (!cgroup_lock_live_group(cgrp))
		return -ENODEV;

2041 2042
retry_find_task:
	rcu_read_lock();
2043
	if (pid) {
2044
		tsk = find_task_by_vpid(pid);
B
Ben Blum 已提交
2045 2046
		if (!tsk) {
			rcu_read_unlock();
S
SeongJae Park 已提交
2047
			ret = -ESRCH;
2048
			goto out_unlock_cgroup;
2049
		}
B
Ben Blum 已提交
2050 2051 2052 2053
		/*
		 * even if we're attaching all tasks in the thread group, we
		 * only need to check permissions on one of them.
		 */
2054
		tcred = __task_cred(tsk);
2055 2056 2057
		if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
		    !uid_eq(cred->euid, tcred->uid) &&
		    !uid_eq(cred->euid, tcred->suid)) {
2058
			rcu_read_unlock();
2059 2060
			ret = -EACCES;
			goto out_unlock_cgroup;
2061
		}
2062 2063
	} else
		tsk = current;
2064 2065

	if (threadgroup)
2066
		tsk = tsk->group_leader;
2067 2068

	/*
2069
	 * Workqueue threads may acquire PF_NO_SETAFFINITY and become
2070 2071 2072
	 * trapped in a cpuset, or RT worker may be born in a cgroup
	 * with no rt_runtime allocated.  Just say no.
	 */
2073
	if (tsk == kthreadd_task || (tsk->flags & PF_NO_SETAFFINITY)) {
2074 2075 2076 2077 2078
		ret = -EINVAL;
		rcu_read_unlock();
		goto out_unlock_cgroup;
	}

2079 2080 2081 2082 2083 2084 2085 2086 2087 2088 2089 2090 2091 2092 2093 2094 2095
	get_task_struct(tsk);
	rcu_read_unlock();

	threadgroup_lock(tsk);
	if (threadgroup) {
		if (!thread_group_leader(tsk)) {
			/*
			 * a race with de_thread from another thread's exec()
			 * may strip us of our leadership, if this happens,
			 * there is no choice but to throw this task away and
			 * try again; this is
			 * "double-double-toil-and-trouble-check locking".
			 */
			threadgroup_unlock(tsk);
			put_task_struct(tsk);
			goto retry_find_task;
		}
2096 2097 2098 2099
	}

	ret = cgroup_attach_task(cgrp, tsk, threadgroup);

2100 2101
	threadgroup_unlock(tsk);

2102
	put_task_struct(tsk);
2103
out_unlock_cgroup:
T
Tejun Heo 已提交
2104
	mutex_unlock(&cgroup_mutex);
2105 2106 2107
	return ret;
}

2108 2109 2110 2111 2112 2113 2114 2115 2116 2117
/**
 * cgroup_attach_task_all - attach task 'tsk' to all cgroups of task 'from'
 * @from: attach to all cgroups of a given task
 * @tsk: the task to be attached
 */
int cgroup_attach_task_all(struct task_struct *from, struct task_struct *tsk)
{
	struct cgroupfs_root *root;
	int retval = 0;

T
Tejun Heo 已提交
2118
	mutex_lock(&cgroup_mutex);
2119
	for_each_root(root) {
2120 2121
		struct cgroup *from_cgrp;

2122 2123 2124
		if (root == &cgroup_dummy_root)
			continue;

2125 2126 2127
		down_read(&css_set_rwsem);
		from_cgrp = task_cgroup_from_root(from, root);
		up_read(&css_set_rwsem);
2128

L
Li Zefan 已提交
2129
		retval = cgroup_attach_task(from_cgrp, tsk, false);
2130 2131 2132
		if (retval)
			break;
	}
T
Tejun Heo 已提交
2133
	mutex_unlock(&cgroup_mutex);
2134 2135 2136 2137 2138

	return retval;
}
EXPORT_SYMBOL_GPL(cgroup_attach_task_all);

2139 2140
static int cgroup_tasks_write(struct cgroup_subsys_state *css,
			      struct cftype *cft, u64 pid)
B
Ben Blum 已提交
2141
{
2142
	return attach_task_by_pid(css->cgroup, pid, false);
B
Ben Blum 已提交
2143 2144
}

2145 2146
static int cgroup_procs_write(struct cgroup_subsys_state *css,
			      struct cftype *cft, u64 tgid)
2147
{
2148
	return attach_task_by_pid(css->cgroup, tgid, true);
2149 2150
}

2151 2152
static int cgroup_release_agent_write(struct cgroup_subsys_state *css,
				      struct cftype *cft, const char *buffer)
2153
{
2154 2155 2156
	struct cgroupfs_root *root = css->cgroup->root;

	BUILD_BUG_ON(sizeof(root->release_agent_path) < PATH_MAX);
2157
	if (!cgroup_lock_live_group(css->cgroup))
2158
		return -ENODEV;
2159
	spin_lock(&release_agent_path_lock);
2160 2161
	strlcpy(root->release_agent_path, buffer,
		sizeof(root->release_agent_path));
2162
	spin_unlock(&release_agent_path_lock);
T
Tejun Heo 已提交
2163
	mutex_unlock(&cgroup_mutex);
2164 2165 2166
	return 0;
}

2167
static int cgroup_release_agent_show(struct seq_file *seq, void *v)
2168
{
2169
	struct cgroup *cgrp = seq_css(seq)->cgroup;
2170

2171 2172 2173 2174
	if (!cgroup_lock_live_group(cgrp))
		return -ENODEV;
	seq_puts(seq, cgrp->root->release_agent_path);
	seq_putc(seq, '\n');
T
Tejun Heo 已提交
2175
	mutex_unlock(&cgroup_mutex);
2176 2177 2178
	return 0;
}

2179
static int cgroup_sane_behavior_show(struct seq_file *seq, void *v)
2180
{
2181 2182 2183
	struct cgroup *cgrp = seq_css(seq)->cgroup;

	seq_printf(seq, "%d\n", cgroup_sane_behavior(cgrp));
2184 2185 2186
	return 0;
}

T
Tejun Heo 已提交
2187 2188
static ssize_t cgroup_file_write(struct kernfs_open_file *of, char *buf,
				 size_t nbytes, loff_t off)
2189
{
T
Tejun Heo 已提交
2190 2191 2192
	struct cgroup *cgrp = of->kn->parent->priv;
	struct cftype *cft = of->kn->priv;
	struct cgroup_subsys_state *css;
2193
	int ret;
2194

T
Tejun Heo 已提交
2195 2196 2197 2198 2199 2200 2201 2202 2203
	/*
	 * kernfs guarantees that a file isn't deleted with operations in
	 * flight, which means that the matching css is and stays alive and
	 * doesn't need to be pinned.  The RCU locking is not necessary
	 * either.  It's just for the convenience of using cgroup_css().
	 */
	rcu_read_lock();
	css = cgroup_css(cgrp, cft->ss);
	rcu_read_unlock();
2204 2205 2206 2207 2208 2209 2210 2211 2212 2213 2214 2215 2216 2217 2218

	if (cft->write_string) {
		ret = cft->write_string(css, cft, strstrip(buf));
	} else if (cft->write_u64) {
		unsigned long long v;
		ret = kstrtoull(buf, 0, &v);
		if (!ret)
			ret = cft->write_u64(css, cft, v);
	} else if (cft->write_s64) {
		long long v;
		ret = kstrtoll(buf, 0, &v);
		if (!ret)
			ret = cft->write_s64(css, cft, v);
	} else if (cft->trigger) {
		ret = cft->trigger(css, (unsigned int)cft->private);
2219
	} else {
2220
		ret = -EINVAL;
2221
	}
T
Tejun Heo 已提交
2222

2223
	return ret ?: nbytes;
2224 2225
}

2226
static void *cgroup_seqfile_start(struct seq_file *seq, loff_t *ppos)
2227
{
T
Tejun Heo 已提交
2228
	return seq_cft(seq)->seq_start(seq, ppos);
2229 2230
}

2231
static void *cgroup_seqfile_next(struct seq_file *seq, void *v, loff_t *ppos)
2232
{
T
Tejun Heo 已提交
2233
	return seq_cft(seq)->seq_next(seq, v, ppos);
2234 2235
}

2236
static void cgroup_seqfile_stop(struct seq_file *seq, void *v)
2237
{
T
Tejun Heo 已提交
2238
	seq_cft(seq)->seq_stop(seq, v);
2239 2240
}

2241
static int cgroup_seqfile_show(struct seq_file *m, void *arg)
2242
{
2243 2244
	struct cftype *cft = seq_cft(m);
	struct cgroup_subsys_state *css = seq_css(m);
2245

2246 2247
	if (cft->seq_show)
		return cft->seq_show(m, arg);
2248

2249
	if (cft->read_u64)
2250 2251 2252 2253 2254 2255
		seq_printf(m, "%llu\n", cft->read_u64(css, cft));
	else if (cft->read_s64)
		seq_printf(m, "%lld\n", cft->read_s64(css, cft));
	else
		return -EINVAL;
	return 0;
2256 2257
}

T
Tejun Heo 已提交
2258 2259 2260 2261
static struct kernfs_ops cgroup_kf_single_ops = {
	.atomic_write_len	= PAGE_SIZE,
	.write			= cgroup_file_write,
	.seq_show		= cgroup_seqfile_show,
2262 2263
};

T
Tejun Heo 已提交
2264 2265 2266 2267 2268 2269 2270 2271
static struct kernfs_ops cgroup_kf_ops = {
	.atomic_write_len	= PAGE_SIZE,
	.write			= cgroup_file_write,
	.seq_start		= cgroup_seqfile_start,
	.seq_next		= cgroup_seqfile_next,
	.seq_stop		= cgroup_seqfile_stop,
	.seq_show		= cgroup_seqfile_show,
};
2272 2273 2274 2275

/*
 * cgroup_rename - Only allow simple rename of directories in place.
 */
T
Tejun Heo 已提交
2276 2277
static int cgroup_rename(struct kernfs_node *kn, struct kernfs_node *new_parent,
			 const char *new_name_str)
2278
{
T
Tejun Heo 已提交
2279 2280
	struct cgroup *cgrp = kn->priv;
	int ret;
2281

T
Tejun Heo 已提交
2282
	if (kernfs_type(kn) != KERNFS_DIR)
2283
		return -ENOTDIR;
T
Tejun Heo 已提交
2284
	if (kn->parent != new_parent)
2285
		return -EIO;
2286

2287 2288 2289 2290 2291 2292 2293
	/*
	 * This isn't a proper migration and its usefulness is very
	 * limited.  Disallow if sane_behavior.
	 */
	if (cgroup_sane_behavior(cgrp))
		return -EPERM;

T
Tejun Heo 已提交
2294 2295 2296 2297
	mutex_lock(&cgroup_tree_mutex);
	mutex_lock(&cgroup_mutex);

	ret = kernfs_rename(kn, new_parent, new_name_str);
2298

T
Tejun Heo 已提交
2299 2300 2301
	mutex_unlock(&cgroup_mutex);
	mutex_unlock(&cgroup_tree_mutex);
	return ret;
2302 2303
}

2304
static int cgroup_add_file(struct cgroup *cgrp, struct cftype *cft)
2305
{
T
Tejun Heo 已提交
2306
	char name[CGROUP_FILE_NAME_MAX];
T
Tejun Heo 已提交
2307 2308
	struct kernfs_node *kn;
	struct lock_class_key *key = NULL;
T
Tejun Heo 已提交
2309

T
Tejun Heo 已提交
2310 2311 2312 2313 2314 2315
#ifdef CONFIG_DEBUG_LOCK_ALLOC
	key = &cft->lockdep_key;
#endif
	kn = __kernfs_create_file(cgrp->kn, cgroup_file_name(cgrp, cft, name),
				  cgroup_file_mode(cft), 0, cft->kf_ops, cft,
				  NULL, false, key);
F
Fengguang Wu 已提交
2316
	return PTR_ERR_OR_ZERO(kn);
2317 2318
}

2319 2320 2321 2322 2323 2324 2325
/**
 * cgroup_addrm_files - add or remove files to a cgroup directory
 * @cgrp: the target cgroup
 * @cfts: array of cftypes to be added
 * @is_add: whether to add or remove
 *
 * Depending on @is_add, add or remove files defined by @cfts on @cgrp.
2326 2327 2328
 * For removals, this function never fails.  If addition fails, this
 * function doesn't remove files already added.  The caller is responsible
 * for cleaning up.
2329
 */
2330 2331
static int cgroup_addrm_files(struct cgroup *cgrp, struct cftype cfts[],
			      bool is_add)
2332
{
A
Aristeu Rozanski 已提交
2333
	struct cftype *cft;
2334 2335
	int ret;

T
Tejun Heo 已提交
2336
	lockdep_assert_held(&cgroup_tree_mutex);
T
Tejun Heo 已提交
2337 2338

	for (cft = cfts; cft->name[0] != '\0'; cft++) {
2339
		/* does cft->flags tell us to skip this file on @cgrp? */
2340 2341
		if ((cft->flags & CFTYPE_INSANE) && cgroup_sane_behavior(cgrp))
			continue;
2342 2343 2344 2345 2346
		if ((cft->flags & CFTYPE_NOT_ON_ROOT) && !cgrp->parent)
			continue;
		if ((cft->flags & CFTYPE_ONLY_ON_ROOT) && cgrp->parent)
			continue;

2347
		if (is_add) {
2348
			ret = cgroup_add_file(cgrp, cft);
2349
			if (ret) {
2350
				pr_warn("cgroup_addrm_files: failed to add %s, err=%d\n",
2351 2352 2353
					cft->name, ret);
				return ret;
			}
2354 2355
		} else {
			cgroup_rm_file(cgrp, cft);
T
Tejun Heo 已提交
2356
		}
2357
	}
2358
	return 0;
2359 2360
}

2361
static int cgroup_apply_cftypes(struct cftype *cfts, bool is_add)
2362 2363
{
	LIST_HEAD(pending);
2364
	struct cgroup_subsys *ss = cfts[0].ss;
2365 2366
	struct cgroup *root = &ss->root->top_cgroup;
	struct cgroup_subsys_state *css;
2367
	int ret = 0;
2368

2369
	lockdep_assert_held(&cgroup_tree_mutex);
2370

2371 2372
	/* don't bother if @ss isn't attached */
	if (ss->root == &cgroup_dummy_root)
2373
		return 0;
2374 2375

	/* add/rm files for all cgroups created before */
2376
	css_for_each_descendant_pre(css, cgroup_css(root, ss)) {
2377 2378
		struct cgroup *cgrp = css->cgroup;

2379 2380 2381
		if (cgroup_is_dead(cgrp))
			continue;

2382
		ret = cgroup_addrm_files(cgrp, cfts, is_add);
2383 2384
		if (ret)
			break;
2385
	}
2386 2387 2388

	if (is_add && !ret)
		kernfs_activate(root->kn);
2389
	return ret;
2390 2391
}

2392 2393 2394 2395
static void cgroup_exit_cftypes(struct cftype *cfts)
{
	struct cftype *cft;

T
Tejun Heo 已提交
2396 2397 2398 2399 2400
	for (cft = cfts; cft->name[0] != '\0'; cft++) {
		/* free copy for custom atomic_write_len, see init_cftypes() */
		if (cft->max_write_len && cft->max_write_len != PAGE_SIZE)
			kfree(cft->kf_ops);
		cft->kf_ops = NULL;
2401
		cft->ss = NULL;
T
Tejun Heo 已提交
2402
	}
2403 2404
}

T
Tejun Heo 已提交
2405
static int cgroup_init_cftypes(struct cgroup_subsys *ss, struct cftype *cfts)
2406 2407 2408
{
	struct cftype *cft;

T
Tejun Heo 已提交
2409 2410 2411
	for (cft = cfts; cft->name[0] != '\0'; cft++) {
		struct kernfs_ops *kf_ops;

T
Tejun Heo 已提交
2412 2413
		WARN_ON(cft->ss || cft->kf_ops);

T
Tejun Heo 已提交
2414 2415 2416 2417 2418 2419 2420 2421 2422 2423 2424 2425 2426 2427 2428 2429 2430 2431 2432
		if (cft->seq_start)
			kf_ops = &cgroup_kf_ops;
		else
			kf_ops = &cgroup_kf_single_ops;

		/*
		 * Ugh... if @cft wants a custom max_write_len, we need to
		 * make a copy of kf_ops to set its atomic_write_len.
		 */
		if (cft->max_write_len && cft->max_write_len != PAGE_SIZE) {
			kf_ops = kmemdup(kf_ops, sizeof(*kf_ops), GFP_KERNEL);
			if (!kf_ops) {
				cgroup_exit_cftypes(cfts);
				return -ENOMEM;
			}
			kf_ops->atomic_write_len = cft->max_write_len;
		}

		cft->kf_ops = kf_ops;
2433
		cft->ss = ss;
T
Tejun Heo 已提交
2434 2435 2436
	}

	return 0;
2437 2438
}

2439 2440 2441 2442 2443 2444 2445 2446 2447 2448 2449 2450 2451
static int cgroup_rm_cftypes_locked(struct cftype *cfts)
{
	lockdep_assert_held(&cgroup_tree_mutex);

	if (!cfts || !cfts[0].ss)
		return -ENOENT;

	list_del(&cfts->node);
	cgroup_apply_cftypes(cfts, false);
	cgroup_exit_cftypes(cfts);
	return 0;
}

T
Tejun Heo 已提交
2452 2453 2454 2455 2456 2457 2458 2459 2460 2461 2462 2463 2464
/**
 * cgroup_rm_cftypes - remove an array of cftypes from a subsystem
 * @cfts: zero-length name terminated array of cftypes
 *
 * Unregister @cfts.  Files described by @cfts are removed from all
 * existing cgroups and all future cgroups won't have them either.  This
 * function can be called anytime whether @cfts' subsys is attached or not.
 *
 * Returns 0 on successful unregistration, -ENOENT if @cfts is not
 * registered.
 */
int cgroup_rm_cftypes(struct cftype *cfts)
{
2465
	int ret;
T
Tejun Heo 已提交
2466

2467 2468 2469 2470
	mutex_lock(&cgroup_tree_mutex);
	ret = cgroup_rm_cftypes_locked(cfts);
	mutex_unlock(&cgroup_tree_mutex);
	return ret;
T
Tejun Heo 已提交
2471 2472
}

2473 2474 2475 2476 2477 2478 2479 2480 2481 2482 2483 2484 2485 2486
/**
 * cgroup_add_cftypes - add an array of cftypes to a subsystem
 * @ss: target cgroup subsystem
 * @cfts: zero-length name terminated array of cftypes
 *
 * Register @cfts to @ss.  Files described by @cfts are created for all
 * existing cgroups to which @ss is attached and all future cgroups will
 * have them too.  This function can be called anytime whether @ss is
 * attached or not.
 *
 * Returns 0 on successful registration, -errno on failure.  Note that this
 * function currently returns 0 as long as @cfts registration is successful
 * even if some file creation attempts on existing cgroups fail.
 */
A
Aristeu Rozanski 已提交
2487
int cgroup_add_cftypes(struct cgroup_subsys *ss, struct cftype *cfts)
2488
{
2489
	int ret;
2490

2491 2492 2493
	if (!cfts || cfts[0].name[0] == '\0')
		return 0;

T
Tejun Heo 已提交
2494 2495 2496
	ret = cgroup_init_cftypes(ss, cfts);
	if (ret)
		return ret;
2497

2498 2499
	mutex_lock(&cgroup_tree_mutex);

T
Tejun Heo 已提交
2500
	list_add_tail(&cfts->node, &ss->cfts);
2501
	ret = cgroup_apply_cftypes(cfts, true);
2502
	if (ret)
2503 2504 2505
		cgroup_rm_cftypes_locked(cfts);

	mutex_unlock(&cgroup_tree_mutex);
2506
	return ret;
2507 2508
}

L
Li Zefan 已提交
2509 2510 2511 2512 2513 2514
/**
 * cgroup_task_count - count the number of tasks in a cgroup.
 * @cgrp: the cgroup in question
 *
 * Return the number of tasks in the cgroup.
 */
2515
static int cgroup_task_count(const struct cgroup *cgrp)
2516 2517
{
	int count = 0;
2518
	struct cgrp_cset_link *link;
2519

2520
	down_read(&css_set_rwsem);
2521 2522
	list_for_each_entry(link, &cgrp->cset_links, cset_link)
		count += atomic_read(&link->cset->refcount);
2523
	up_read(&css_set_rwsem);
2524 2525 2526
	return count;
}

2527
/**
2528 2529 2530
 * css_next_child - find the next child of a given css
 * @pos_css: the current position (%NULL to initiate traversal)
 * @parent_css: css whose children to walk
2531
 *
2532
 * This function returns the next child of @parent_css and should be called
2533 2534 2535
 * under either cgroup_mutex or RCU read lock.  The only requirement is
 * that @parent_css and @pos_css are accessible.  The next sibling is
 * guaranteed to be returned regardless of their states.
2536
 */
2537 2538 2539
struct cgroup_subsys_state *
css_next_child(struct cgroup_subsys_state *pos_css,
	       struct cgroup_subsys_state *parent_css)
2540
{
2541 2542
	struct cgroup *pos = pos_css ? pos_css->cgroup : NULL;
	struct cgroup *cgrp = parent_css->cgroup;
2543 2544
	struct cgroup *next;

T
Tejun Heo 已提交
2545
	cgroup_assert_mutexes_or_rcu_locked();
2546 2547 2548 2549

	/*
	 * @pos could already have been removed.  Once a cgroup is removed,
	 * its ->sibling.next is no longer updated when its next sibling
2550 2551 2552 2553 2554 2555 2556
	 * changes.  As CGRP_DEAD assertion is serialized and happens
	 * before the cgroup is taken off the ->sibling list, if we see it
	 * unasserted, it's guaranteed that the next sibling hasn't
	 * finished its grace period even if it's already removed, and thus
	 * safe to dereference from this RCU critical section.  If
	 * ->sibling.next is inaccessible, cgroup_is_dead() is guaranteed
	 * to be visible as %true here.
2557 2558 2559 2560 2561 2562 2563 2564
	 *
	 * If @pos is dead, its next pointer can't be dereferenced;
	 * however, as each cgroup is given a monotonically increasing
	 * unique serial number and always appended to the sibling list,
	 * the next one can be found by walking the parent's children until
	 * we see a cgroup with higher serial number than @pos's.  While
	 * this path can be slower, it's taken only when either the current
	 * cgroup is removed or iteration and removal race.
2565
	 */
2566 2567 2568
	if (!pos) {
		next = list_entry_rcu(cgrp->children.next, struct cgroup, sibling);
	} else if (likely(!cgroup_is_dead(pos))) {
2569
		next = list_entry_rcu(pos->sibling.next, struct cgroup, sibling);
2570 2571 2572 2573
	} else {
		list_for_each_entry_rcu(next, &cgrp->children, sibling)
			if (next->serial_nr > pos->serial_nr)
				break;
2574 2575
	}

2576 2577 2578
	if (&next->sibling == &cgrp->children)
		return NULL;

2579
	return cgroup_css(next, parent_css->ss);
2580 2581
}

2582
/**
2583
 * css_next_descendant_pre - find the next descendant for pre-order walk
2584
 * @pos: the current position (%NULL to initiate traversal)
2585
 * @root: css whose descendants to walk
2586
 *
2587
 * To be used by css_for_each_descendant_pre().  Find the next descendant
2588 2589
 * to visit for pre-order traversal of @root's descendants.  @root is
 * included in the iteration and the first node to be visited.
2590
 *
2591 2592 2593 2594
 * While this function requires cgroup_mutex or RCU read locking, it
 * doesn't require the whole traversal to be contained in a single critical
 * section.  This function will return the correct next descendant as long
 * as both @pos and @root are accessible and @pos is a descendant of @root.
2595
 */
2596 2597 2598
struct cgroup_subsys_state *
css_next_descendant_pre(struct cgroup_subsys_state *pos,
			struct cgroup_subsys_state *root)
2599
{
2600
	struct cgroup_subsys_state *next;
2601

T
Tejun Heo 已提交
2602
	cgroup_assert_mutexes_or_rcu_locked();
2603

2604
	/* if first iteration, visit @root */
2605
	if (!pos)
2606
		return root;
2607 2608

	/* visit the first child if exists */
2609
	next = css_next_child(NULL, pos);
2610 2611 2612 2613
	if (next)
		return next;

	/* no child, visit my or the closest ancestor's next sibling */
2614 2615
	while (pos != root) {
		next = css_next_child(pos, css_parent(pos));
2616
		if (next)
2617
			return next;
2618
		pos = css_parent(pos);
2619
	}
2620 2621 2622 2623

	return NULL;
}

2624
/**
2625 2626
 * css_rightmost_descendant - return the rightmost descendant of a css
 * @pos: css of interest
2627
 *
2628 2629
 * Return the rightmost descendant of @pos.  If there's no descendant, @pos
 * is returned.  This can be used during pre-order traversal to skip
2630
 * subtree of @pos.
2631
 *
2632 2633 2634 2635
 * While this function requires cgroup_mutex or RCU read locking, it
 * doesn't require the whole traversal to be contained in a single critical
 * section.  This function will return the correct rightmost descendant as
 * long as @pos is accessible.
2636
 */
2637 2638
struct cgroup_subsys_state *
css_rightmost_descendant(struct cgroup_subsys_state *pos)
2639
{
2640
	struct cgroup_subsys_state *last, *tmp;
2641

T
Tejun Heo 已提交
2642
	cgroup_assert_mutexes_or_rcu_locked();
2643 2644 2645 2646 2647

	do {
		last = pos;
		/* ->prev isn't RCU safe, walk ->next till the end */
		pos = NULL;
2648
		css_for_each_child(tmp, last)
2649 2650 2651 2652 2653 2654
			pos = tmp;
	} while (pos);

	return last;
}

2655 2656
static struct cgroup_subsys_state *
css_leftmost_descendant(struct cgroup_subsys_state *pos)
2657
{
2658
	struct cgroup_subsys_state *last;
2659 2660 2661

	do {
		last = pos;
2662
		pos = css_next_child(NULL, pos);
2663 2664 2665 2666 2667 2668
	} while (pos);

	return last;
}

/**
2669
 * css_next_descendant_post - find the next descendant for post-order walk
2670
 * @pos: the current position (%NULL to initiate traversal)
2671
 * @root: css whose descendants to walk
2672
 *
2673
 * To be used by css_for_each_descendant_post().  Find the next descendant
2674 2675
 * to visit for post-order traversal of @root's descendants.  @root is
 * included in the iteration and the last node to be visited.
2676
 *
2677 2678 2679 2680 2681
 * While this function requires cgroup_mutex or RCU read locking, it
 * doesn't require the whole traversal to be contained in a single critical
 * section.  This function will return the correct next descendant as long
 * as both @pos and @cgroup are accessible and @pos is a descendant of
 * @cgroup.
2682
 */
2683 2684 2685
struct cgroup_subsys_state *
css_next_descendant_post(struct cgroup_subsys_state *pos,
			 struct cgroup_subsys_state *root)
2686
{
2687
	struct cgroup_subsys_state *next;
2688

T
Tejun Heo 已提交
2689
	cgroup_assert_mutexes_or_rcu_locked();
2690

2691 2692 2693
	/* if first iteration, visit leftmost descendant which may be @root */
	if (!pos)
		return css_leftmost_descendant(root);
2694

2695 2696 2697 2698
	/* if we visited @root, we're done */
	if (pos == root)
		return NULL;

2699
	/* if there's an unvisited sibling, visit its leftmost descendant */
2700
	next = css_next_child(pos, css_parent(pos));
2701
	if (next)
2702
		return css_leftmost_descendant(next);
2703 2704

	/* no sibling left, visit parent */
2705
	return css_parent(pos);
2706 2707
}

2708
/**
2709
 * css_advance_task_iter - advance a task itererator to the next css_set
2710 2711 2712
 * @it: the iterator to advance
 *
 * Advance @it to the next css_set to walk.
2713
 */
2714
static void css_advance_task_iter(struct css_task_iter *it)
2715 2716 2717 2718 2719 2720 2721 2722
{
	struct list_head *l = it->cset_link;
	struct cgrp_cset_link *link;
	struct css_set *cset;

	/* Advance to the next non-empty css_set */
	do {
		l = l->next;
2723
		if (l == &it->origin_css->cgroup->cset_links) {
2724 2725 2726 2727 2728
			it->cset_link = NULL;
			return;
		}
		link = list_entry(l, struct cgrp_cset_link, cset_link);
		cset = link->cset;
T
Tejun Heo 已提交
2729 2730
	} while (list_empty(&cset->tasks) && list_empty(&cset->mg_tasks));

2731
	it->cset_link = l;
T
Tejun Heo 已提交
2732 2733 2734 2735 2736

	if (!list_empty(&cset->tasks))
		it->task = cset->tasks.next;
	else
		it->task = cset->mg_tasks.next;
2737 2738
}

2739
/**
2740 2741
 * css_task_iter_start - initiate task iteration
 * @css: the css to walk tasks of
2742 2743
 * @it: the task iterator to use
 *
2744 2745 2746 2747
 * Initiate iteration through the tasks of @css.  The caller can call
 * css_task_iter_next() to walk through the tasks until the function
 * returns NULL.  On completion of iteration, css_task_iter_end() must be
 * called.
2748 2749 2750 2751 2752
 *
 * Note that this function acquires a lock which is released when the
 * iteration finishes.  The caller can't sleep while iteration is in
 * progress.
 */
2753 2754
void css_task_iter_start(struct cgroup_subsys_state *css,
			 struct css_task_iter *it)
2755
	__acquires(css_set_rwsem)
2756
{
2757 2758
	/* no one should try to iterate before mounting cgroups */
	WARN_ON_ONCE(!use_task_css_set_links);
2759

2760
	down_read(&css_set_rwsem);
2761

2762 2763
	it->origin_css = css;
	it->cset_link = &css->cgroup->cset_links;
2764

2765
	css_advance_task_iter(it);
2766 2767
}

2768
/**
2769
 * css_task_iter_next - return the next task for the iterator
2770 2771 2772
 * @it: the task iterator being iterated
 *
 * The "next" function for task iteration.  @it should have been
2773 2774
 * initialized via css_task_iter_start().  Returns NULL when the iteration
 * reaches the end.
2775
 */
2776
struct task_struct *css_task_iter_next(struct css_task_iter *it)
2777 2778 2779
{
	struct task_struct *res;
	struct list_head *l = it->task;
T
Tejun Heo 已提交
2780 2781
	struct cgrp_cset_link *link = list_entry(it->cset_link,
					struct cgrp_cset_link, cset_link);
2782 2783

	/* If the iterator cg is NULL, we have no tasks */
2784
	if (!it->cset_link)
2785 2786
		return NULL;
	res = list_entry(l, struct task_struct, cg_list);
T
Tejun Heo 已提交
2787 2788 2789 2790 2791 2792

	/*
	 * Advance iterator to find next entry.  cset->tasks is consumed
	 * first and then ->mg_tasks.  After ->mg_tasks, we move onto the
	 * next cset.
	 */
2793
	l = l->next;
T
Tejun Heo 已提交
2794 2795 2796 2797 2798

	if (l == &link->cset->tasks)
		l = link->cset->mg_tasks.next;

	if (l == &link->cset->mg_tasks)
2799
		css_advance_task_iter(it);
T
Tejun Heo 已提交
2800
	else
2801
		it->task = l;
T
Tejun Heo 已提交
2802

2803 2804 2805
	return res;
}

2806
/**
2807
 * css_task_iter_end - finish task iteration
2808 2809
 * @it: the task iterator to finish
 *
2810
 * Finish task iteration started by css_task_iter_start().
2811
 */
2812
void css_task_iter_end(struct css_task_iter *it)
2813
	__releases(css_set_rwsem)
2814
{
2815
	up_read(&css_set_rwsem);
2816 2817
}

2818 2819 2820 2821
/**
 * cgroup_trasnsfer_tasks - move tasks from one cgroup to another
 * @to: cgroup to which the tasks will be moved
 * @from: cgroup in which the tasks currently reside
2822 2823 2824 2825 2826 2827
 *
 * Locking rules between cgroup_post_fork() and the migration path
 * guarantee that, if a task is forking while being migrated, the new child
 * is guaranteed to be either visible in the source cgroup after the
 * parent's migration is complete or put into the target cgroup.  No task
 * can slip out of migration through forking.
2828 2829 2830
 */
int cgroup_transfer_tasks(struct cgroup *to, struct cgroup *from)
{
2831 2832
	LIST_HEAD(preloaded_csets);
	struct cgrp_cset_link *link;
2833 2834
	struct css_task_iter it;
	struct task_struct *task;
2835 2836 2837 2838 2839 2840 2841 2842 2843
	int ret;

	mutex_lock(&cgroup_mutex);

	/* all tasks in @from are being moved, all csets are source */
	down_read(&css_set_rwsem);
	list_for_each_entry(link, &from->cset_links, cset_link)
		cgroup_migrate_add_src(link->cset, to, &preloaded_csets);
	up_read(&css_set_rwsem);
2844

2845 2846 2847 2848 2849 2850 2851 2852
	ret = cgroup_migrate_prepare_dst(to, &preloaded_csets);
	if (ret)
		goto out_err;

	/*
	 * Migrate tasks one-by-one until @form is empty.  This fails iff
	 * ->can_attach() fails.
	 */
2853 2854 2855 2856 2857 2858 2859 2860
	do {
		css_task_iter_start(&from->dummy_css, &it);
		task = css_task_iter_next(&it);
		if (task)
			get_task_struct(task);
		css_task_iter_end(&it);

		if (task) {
2861
			ret = cgroup_migrate(to, task, false);
2862 2863 2864
			put_task_struct(task);
		}
	} while (task && !ret);
2865 2866 2867
out_err:
	cgroup_migrate_finish(&preloaded_csets);
	mutex_unlock(&cgroup_mutex);
2868
	return ret;
2869 2870
}

2871
/*
2872
 * Stuff for reading the 'tasks'/'procs' files.
2873 2874 2875 2876 2877 2878 2879 2880
 *
 * Reading this file can return large amounts of data if a cgroup has
 * *lots* of attached tasks. So it may need several calls to read(),
 * but we cannot guarantee that the information we produce is correct
 * unless we produce it entirely atomically.
 *
 */

2881 2882 2883 2884 2885 2886 2887 2888 2889 2890 2891 2892 2893 2894 2895 2896 2897 2898 2899 2900 2901 2902 2903 2904 2905 2906
/* which pidlist file are we talking about? */
enum cgroup_filetype {
	CGROUP_FILE_PROCS,
	CGROUP_FILE_TASKS,
};

/*
 * A pidlist is a list of pids that virtually represents the contents of one
 * of the cgroup files ("procs" or "tasks"). We keep a list of such pidlists,
 * a pair (one each for procs, tasks) for each pid namespace that's relevant
 * to the cgroup.
 */
struct cgroup_pidlist {
	/*
	 * used to find which pidlist is wanted. doesn't change as long as
	 * this particular list stays in the list.
	*/
	struct { enum cgroup_filetype type; struct pid_namespace *ns; } key;
	/* array of xids */
	pid_t *list;
	/* how many elements the above list has */
	int length;
	/* each of these stored in a list by its cgroup */
	struct list_head links;
	/* pointer to the cgroup we belong to, for list removal purposes */
	struct cgroup *owner;
2907 2908
	/* for delayed destruction */
	struct delayed_work destroy_dwork;
2909 2910
};

2911 2912 2913 2914 2915 2916 2917 2918 2919 2920 2921 2922 2923
/*
 * The following two functions "fix" the issue where there are more pids
 * than kmalloc will give memory for; in such cases, we use vmalloc/vfree.
 * TODO: replace with a kernel-wide solution to this problem
 */
#define PIDLIST_TOO_LARGE(c) ((c) * sizeof(pid_t) > (PAGE_SIZE * 2))
static void *pidlist_allocate(int count)
{
	if (PIDLIST_TOO_LARGE(count))
		return vmalloc(count * sizeof(pid_t));
	else
		return kmalloc(count * sizeof(pid_t), GFP_KERNEL);
}
2924

2925 2926 2927 2928 2929 2930 2931 2932
static void pidlist_free(void *p)
{
	if (is_vmalloc_addr(p))
		vfree(p);
	else
		kfree(p);
}

2933 2934 2935 2936 2937 2938 2939 2940 2941 2942 2943 2944 2945 2946 2947 2948 2949 2950 2951 2952 2953 2954 2955 2956 2957 2958 2959
/*
 * Used to destroy all pidlists lingering waiting for destroy timer.  None
 * should be left afterwards.
 */
static void cgroup_pidlist_destroy_all(struct cgroup *cgrp)
{
	struct cgroup_pidlist *l, *tmp_l;

	mutex_lock(&cgrp->pidlist_mutex);
	list_for_each_entry_safe(l, tmp_l, &cgrp->pidlists, links)
		mod_delayed_work(cgroup_pidlist_destroy_wq, &l->destroy_dwork, 0);
	mutex_unlock(&cgrp->pidlist_mutex);

	flush_workqueue(cgroup_pidlist_destroy_wq);
	BUG_ON(!list_empty(&cgrp->pidlists));
}

static void cgroup_pidlist_destroy_work_fn(struct work_struct *work)
{
	struct delayed_work *dwork = to_delayed_work(work);
	struct cgroup_pidlist *l = container_of(dwork, struct cgroup_pidlist,
						destroy_dwork);
	struct cgroup_pidlist *tofree = NULL;

	mutex_lock(&l->owner->pidlist_mutex);

	/*
2960 2961
	 * Destroy iff we didn't get queued again.  The state won't change
	 * as destroy_dwork can only be queued while locked.
2962
	 */
2963
	if (!delayed_work_pending(dwork)) {
2964 2965 2966 2967 2968 2969 2970 2971 2972 2973
		list_del(&l->links);
		pidlist_free(l->list);
		put_pid_ns(l->key.ns);
		tofree = l;
	}

	mutex_unlock(&l->owner->pidlist_mutex);
	kfree(tofree);
}

2974
/*
2975
 * pidlist_uniq - given a kmalloc()ed list, strip out all duplicate entries
2976
 * Returns the number of unique elements.
2977
 */
2978
static int pidlist_uniq(pid_t *list, int length)
2979
{
2980 2981 2982 2983 2984 2985 2986 2987 2988 2989 2990 2991 2992 2993 2994 2995 2996 2997 2998 2999 3000 3001 3002 3003
	int src, dest = 1;

	/*
	 * we presume the 0th element is unique, so i starts at 1. trivial
	 * edge cases first; no work needs to be done for either
	 */
	if (length == 0 || length == 1)
		return length;
	/* src and dest walk down the list; dest counts unique elements */
	for (src = 1; src < length; src++) {
		/* find next unique element */
		while (list[src] == list[src-1]) {
			src++;
			if (src == length)
				goto after;
		}
		/* dest always points to where the next unique element goes */
		list[dest] = list[src];
		dest++;
	}
after:
	return dest;
}

3004 3005 3006 3007 3008 3009 3010 3011 3012 3013 3014 3015 3016 3017 3018 3019 3020 3021 3022 3023 3024 3025 3026 3027 3028 3029 3030 3031 3032 3033 3034 3035 3036
/*
 * The two pid files - task and cgroup.procs - guaranteed that the result
 * is sorted, which forced this whole pidlist fiasco.  As pid order is
 * different per namespace, each namespace needs differently sorted list,
 * making it impossible to use, for example, single rbtree of member tasks
 * sorted by task pointer.  As pidlists can be fairly large, allocating one
 * per open file is dangerous, so cgroup had to implement shared pool of
 * pidlists keyed by cgroup and namespace.
 *
 * All this extra complexity was caused by the original implementation
 * committing to an entirely unnecessary property.  In the long term, we
 * want to do away with it.  Explicitly scramble sort order if
 * sane_behavior so that no such expectation exists in the new interface.
 *
 * Scrambling is done by swapping every two consecutive bits, which is
 * non-identity one-to-one mapping which disturbs sort order sufficiently.
 */
static pid_t pid_fry(pid_t pid)
{
	unsigned a = pid & 0x55555555;
	unsigned b = pid & 0xAAAAAAAA;

	return (a << 1) | (b >> 1);
}

static pid_t cgroup_pid_fry(struct cgroup *cgrp, pid_t pid)
{
	if (cgroup_sane_behavior(cgrp))
		return pid_fry(pid);
	else
		return pid;
}

3037 3038 3039 3040 3041
static int cmppid(const void *a, const void *b)
{
	return *(pid_t *)a - *(pid_t *)b;
}

3042 3043 3044 3045 3046
static int fried_cmppid(const void *a, const void *b)
{
	return pid_fry(*(pid_t *)a) - pid_fry(*(pid_t *)b);
}

T
Tejun Heo 已提交
3047 3048 3049 3050 3051 3052 3053 3054 3055 3056 3057 3058 3059 3060 3061
static struct cgroup_pidlist *cgroup_pidlist_find(struct cgroup *cgrp,
						  enum cgroup_filetype type)
{
	struct cgroup_pidlist *l;
	/* don't need task_nsproxy() if we're looking at ourself */
	struct pid_namespace *ns = task_active_pid_ns(current);

	lockdep_assert_held(&cgrp->pidlist_mutex);

	list_for_each_entry(l, &cgrp->pidlists, links)
		if (l->key.type == type && l->key.ns == ns)
			return l;
	return NULL;
}

3062 3063 3064 3065 3066 3067
/*
 * find the appropriate pidlist for our purpose (given procs vs tasks)
 * returns with the lock on that pidlist already held, and takes care
 * of the use count, or returns NULL with no locks held if we're out of
 * memory.
 */
T
Tejun Heo 已提交
3068 3069
static struct cgroup_pidlist *cgroup_pidlist_find_create(struct cgroup *cgrp,
						enum cgroup_filetype type)
3070 3071
{
	struct cgroup_pidlist *l;
3072

T
Tejun Heo 已提交
3073 3074 3075 3076 3077 3078
	lockdep_assert_held(&cgrp->pidlist_mutex);

	l = cgroup_pidlist_find(cgrp, type);
	if (l)
		return l;

3079
	/* entry not found; create a new one */
3080
	l = kzalloc(sizeof(struct cgroup_pidlist), GFP_KERNEL);
T
Tejun Heo 已提交
3081
	if (!l)
3082
		return l;
T
Tejun Heo 已提交
3083

3084
	INIT_DELAYED_WORK(&l->destroy_dwork, cgroup_pidlist_destroy_work_fn);
3085
	l->key.type = type;
T
Tejun Heo 已提交
3086 3087
	/* don't need task_nsproxy() if we're looking at ourself */
	l->key.ns = get_pid_ns(task_active_pid_ns(current));
3088 3089 3090 3091 3092
	l->owner = cgrp;
	list_add(&l->links, &cgrp->pidlists);
	return l;
}

3093 3094 3095
/*
 * Load a cgroup's pidarray with either procs' tgids or tasks' pids
 */
3096 3097
static int pidlist_array_load(struct cgroup *cgrp, enum cgroup_filetype type,
			      struct cgroup_pidlist **lp)
3098 3099 3100 3101
{
	pid_t *array;
	int length;
	int pid, n = 0; /* used for populating the array */
3102
	struct css_task_iter it;
3103
	struct task_struct *tsk;
3104 3105
	struct cgroup_pidlist *l;

3106 3107
	lockdep_assert_held(&cgrp->pidlist_mutex);

3108 3109 3110 3111 3112 3113 3114
	/*
	 * If cgroup gets more users after we read count, we won't have
	 * enough space - tough.  This race is indistinguishable to the
	 * caller from the case that the additional cgroup users didn't
	 * show up until sometime later on.
	 */
	length = cgroup_task_count(cgrp);
3115
	array = pidlist_allocate(length);
3116 3117 3118
	if (!array)
		return -ENOMEM;
	/* now, populate the array */
3119 3120
	css_task_iter_start(&cgrp->dummy_css, &it);
	while ((tsk = css_task_iter_next(&it))) {
3121
		if (unlikely(n == length))
3122
			break;
3123
		/* get tgid or pid for procs or tasks file respectively */
3124 3125 3126 3127
		if (type == CGROUP_FILE_PROCS)
			pid = task_tgid_vnr(tsk);
		else
			pid = task_pid_vnr(tsk);
3128 3129
		if (pid > 0) /* make sure to only use valid results */
			array[n++] = pid;
3130
	}
3131
	css_task_iter_end(&it);
3132 3133
	length = n;
	/* now sort & (if procs) strip out duplicates */
3134 3135 3136 3137
	if (cgroup_sane_behavior(cgrp))
		sort(array, length, sizeof(pid_t), fried_cmppid, NULL);
	else
		sort(array, length, sizeof(pid_t), cmppid, NULL);
3138
	if (type == CGROUP_FILE_PROCS)
3139
		length = pidlist_uniq(array, length);
T
Tejun Heo 已提交
3140 3141

	l = cgroup_pidlist_find_create(cgrp, type);
3142
	if (!l) {
T
Tejun Heo 已提交
3143
		mutex_unlock(&cgrp->pidlist_mutex);
3144
		pidlist_free(array);
3145
		return -ENOMEM;
3146
	}
T
Tejun Heo 已提交
3147 3148

	/* store array, freeing old if necessary */
3149
	pidlist_free(l->list);
3150 3151
	l->list = array;
	l->length = length;
3152
	*lp = l;
3153
	return 0;
3154 3155
}

B
Balbir Singh 已提交
3156
/**
L
Li Zefan 已提交
3157
 * cgroupstats_build - build and fill cgroupstats
B
Balbir Singh 已提交
3158 3159 3160
 * @stats: cgroupstats to fill information into
 * @dentry: A dentry entry belonging to the cgroup for which stats have
 * been requested.
L
Li Zefan 已提交
3161 3162 3163
 *
 * Build and fill cgroupstats so that taskstats can export it to user
 * space.
B
Balbir Singh 已提交
3164 3165 3166
 */
int cgroupstats_build(struct cgroupstats *stats, struct dentry *dentry)
{
T
Tejun Heo 已提交
3167
	struct kernfs_node *kn = kernfs_node_from_dentry(dentry);
3168
	struct cgroup *cgrp;
3169
	struct css_task_iter it;
B
Balbir Singh 已提交
3170
	struct task_struct *tsk;
3171

T
Tejun Heo 已提交
3172 3173 3174 3175 3176
	/* it should be kernfs_node belonging to cgroupfs and is a directory */
	if (dentry->d_sb->s_type != &cgroup_fs_type || !kn ||
	    kernfs_type(kn) != KERNFS_DIR)
		return -EINVAL;

3177 3178
	mutex_lock(&cgroup_mutex);

B
Balbir Singh 已提交
3179
	/*
T
Tejun Heo 已提交
3180 3181 3182
	 * We aren't being called from kernfs and there's no guarantee on
	 * @kn->priv's validity.  For this and css_tryget_from_dir(),
	 * @kn->priv is RCU safe.  Let's do the RCU dancing.
B
Balbir Singh 已提交
3183
	 */
T
Tejun Heo 已提交
3184 3185
	rcu_read_lock();
	cgrp = rcu_dereference(kn->priv);
3186
	if (!cgrp || cgroup_is_dead(cgrp)) {
T
Tejun Heo 已提交
3187
		rcu_read_unlock();
3188
		mutex_unlock(&cgroup_mutex);
T
Tejun Heo 已提交
3189 3190
		return -ENOENT;
	}
3191
	rcu_read_unlock();
B
Balbir Singh 已提交
3192

3193 3194
	css_task_iter_start(&cgrp->dummy_css, &it);
	while ((tsk = css_task_iter_next(&it))) {
B
Balbir Singh 已提交
3195 3196 3197 3198 3199 3200 3201 3202 3203 3204 3205 3206 3207 3208 3209 3210 3211 3212 3213
		switch (tsk->state) {
		case TASK_RUNNING:
			stats->nr_running++;
			break;
		case TASK_INTERRUPTIBLE:
			stats->nr_sleeping++;
			break;
		case TASK_UNINTERRUPTIBLE:
			stats->nr_uninterruptible++;
			break;
		case TASK_STOPPED:
			stats->nr_stopped++;
			break;
		default:
			if (delayacct_is_task_waiting_on_io(tsk))
				stats->nr_io_wait++;
			break;
		}
	}
3214
	css_task_iter_end(&it);
B
Balbir Singh 已提交
3215

3216
	mutex_unlock(&cgroup_mutex);
T
Tejun Heo 已提交
3217
	return 0;
B
Balbir Singh 已提交
3218 3219
}

3220

3221
/*
3222
 * seq_file methods for the tasks/procs files. The seq_file position is the
3223
 * next pid to display; the seq_file iterator is a pointer to the pid
3224
 * in the cgroup->l->list array.
3225
 */
3226

3227
static void *cgroup_pidlist_start(struct seq_file *s, loff_t *pos)
3228
{
3229 3230 3231 3232 3233 3234
	/*
	 * Initially we receive a position value that corresponds to
	 * one more than the last pid shown (or 0 on the first call or
	 * after a seek to the start). Use a binary-search to find the
	 * next pid to display, if any
	 */
T
Tejun Heo 已提交
3235
	struct kernfs_open_file *of = s->private;
3236
	struct cgroup *cgrp = seq_css(s)->cgroup;
3237
	struct cgroup_pidlist *l;
3238
	enum cgroup_filetype type = seq_cft(s)->private;
3239
	int index = 0, pid = *pos;
3240 3241 3242 3243 3244
	int *iter, ret;

	mutex_lock(&cgrp->pidlist_mutex);

	/*
3245
	 * !NULL @of->priv indicates that this isn't the first start()
3246
	 * after open.  If the matching pidlist is around, we can use that.
3247
	 * Look for it.  Note that @of->priv can't be used directly.  It
3248 3249
	 * could already have been destroyed.
	 */
3250 3251
	if (of->priv)
		of->priv = cgroup_pidlist_find(cgrp, type);
3252 3253 3254 3255 3256

	/*
	 * Either this is the first start() after open or the matching
	 * pidlist has been destroyed inbetween.  Create a new one.
	 */
3257 3258 3259
	if (!of->priv) {
		ret = pidlist_array_load(cgrp, type,
					 (struct cgroup_pidlist **)&of->priv);
3260 3261 3262
		if (ret)
			return ERR_PTR(ret);
	}
3263
	l = of->priv;
3264 3265

	if (pid) {
3266
		int end = l->length;
S
Stephen Rothwell 已提交
3267

3268 3269
		while (index < end) {
			int mid = (index + end) / 2;
3270
			if (cgroup_pid_fry(cgrp, l->list[mid]) == pid) {
3271 3272
				index = mid;
				break;
3273
			} else if (cgroup_pid_fry(cgrp, l->list[mid]) <= pid)
3274 3275 3276 3277 3278 3279
				index = mid + 1;
			else
				end = mid;
		}
	}
	/* If we're off the end of the array, we're done */
3280
	if (index >= l->length)
3281 3282
		return NULL;
	/* Update the abstract position to be the actual pid that we found */
3283
	iter = l->list + index;
3284
	*pos = cgroup_pid_fry(cgrp, *iter);
3285 3286 3287
	return iter;
}

3288
static void cgroup_pidlist_stop(struct seq_file *s, void *v)
3289
{
T
Tejun Heo 已提交
3290
	struct kernfs_open_file *of = s->private;
3291
	struct cgroup_pidlist *l = of->priv;
3292

3293 3294
	if (l)
		mod_delayed_work(cgroup_pidlist_destroy_wq, &l->destroy_dwork,
3295
				 CGROUP_PIDLIST_DESTROY_DELAY);
3296
	mutex_unlock(&seq_css(s)->cgroup->pidlist_mutex);
3297 3298
}

3299
static void *cgroup_pidlist_next(struct seq_file *s, void *v, loff_t *pos)
3300
{
T
Tejun Heo 已提交
3301
	struct kernfs_open_file *of = s->private;
3302
	struct cgroup_pidlist *l = of->priv;
3303 3304
	pid_t *p = v;
	pid_t *end = l->list + l->length;
3305 3306 3307 3308 3309 3310 3311 3312
	/*
	 * Advance to the next pid in the array. If this goes off the
	 * end, we're done
	 */
	p++;
	if (p >= end) {
		return NULL;
	} else {
3313
		*pos = cgroup_pid_fry(seq_css(s)->cgroup, *p);
3314 3315 3316 3317
		return p;
	}
}

3318
static int cgroup_pidlist_show(struct seq_file *s, void *v)
3319 3320 3321
{
	return seq_printf(s, "%d\n", *(int *)v);
}
3322

3323 3324 3325 3326 3327 3328 3329 3330 3331
/*
 * seq_operations functions for iterating on pidlists through seq_file -
 * independent of whether it's tasks or procs
 */
static const struct seq_operations cgroup_pidlist_seq_operations = {
	.start = cgroup_pidlist_start,
	.stop = cgroup_pidlist_stop,
	.next = cgroup_pidlist_next,
	.show = cgroup_pidlist_show,
3332 3333
};

3334 3335
static u64 cgroup_read_notify_on_release(struct cgroup_subsys_state *css,
					 struct cftype *cft)
3336
{
3337
	return notify_on_release(css->cgroup);
3338 3339
}

3340 3341
static int cgroup_write_notify_on_release(struct cgroup_subsys_state *css,
					  struct cftype *cft, u64 val)
3342
{
3343
	clear_bit(CGRP_RELEASABLE, &css->cgroup->flags);
3344
	if (val)
3345
		set_bit(CGRP_NOTIFY_ON_RELEASE, &css->cgroup->flags);
3346
	else
3347
		clear_bit(CGRP_NOTIFY_ON_RELEASE, &css->cgroup->flags);
3348 3349 3350
	return 0;
}

3351 3352
static u64 cgroup_clone_children_read(struct cgroup_subsys_state *css,
				      struct cftype *cft)
3353
{
3354
	return test_bit(CGRP_CPUSET_CLONE_CHILDREN, &css->cgroup->flags);
3355 3356
}

3357 3358
static int cgroup_clone_children_write(struct cgroup_subsys_state *css,
				       struct cftype *cft, u64 val)
3359 3360
{
	if (val)
3361
		set_bit(CGRP_CPUSET_CLONE_CHILDREN, &css->cgroup->flags);
3362
	else
3363
		clear_bit(CGRP_CPUSET_CLONE_CHILDREN, &css->cgroup->flags);
3364 3365 3366
	return 0;
}

3367
static struct cftype cgroup_base_files[] = {
3368
	{
3369
		.name = "cgroup.procs",
3370 3371 3372 3373
		.seq_start = cgroup_pidlist_start,
		.seq_next = cgroup_pidlist_next,
		.seq_stop = cgroup_pidlist_stop,
		.seq_show = cgroup_pidlist_show,
3374
		.private = CGROUP_FILE_PROCS,
B
Ben Blum 已提交
3375 3376
		.write_u64 = cgroup_procs_write,
		.mode = S_IRUGO | S_IWUSR,
3377
	},
3378 3379
	{
		.name = "cgroup.clone_children",
3380
		.flags = CFTYPE_INSANE,
3381 3382 3383
		.read_u64 = cgroup_clone_children_read,
		.write_u64 = cgroup_clone_children_write,
	},
3384 3385 3386
	{
		.name = "cgroup.sane_behavior",
		.flags = CFTYPE_ONLY_ON_ROOT,
3387
		.seq_show = cgroup_sane_behavior_show,
3388
	},
3389 3390 3391 3392 3393 3394 3395 3396 3397

	/*
	 * Historical crazy stuff.  These don't have "cgroup."  prefix and
	 * don't exist if sane_behavior.  If you're depending on these, be
	 * prepared to be burned.
	 */
	{
		.name = "tasks",
		.flags = CFTYPE_INSANE,		/* use "procs" instead */
3398 3399 3400 3401
		.seq_start = cgroup_pidlist_start,
		.seq_next = cgroup_pidlist_next,
		.seq_stop = cgroup_pidlist_stop,
		.seq_show = cgroup_pidlist_show,
3402
		.private = CGROUP_FILE_TASKS,
3403 3404 3405 3406 3407 3408 3409 3410 3411
		.write_u64 = cgroup_tasks_write,
		.mode = S_IRUGO | S_IWUSR,
	},
	{
		.name = "notify_on_release",
		.flags = CFTYPE_INSANE,
		.read_u64 = cgroup_read_notify_on_release,
		.write_u64 = cgroup_write_notify_on_release,
	},
3412 3413
	{
		.name = "release_agent",
3414
		.flags = CFTYPE_INSANE | CFTYPE_ONLY_ON_ROOT,
3415
		.seq_show = cgroup_release_agent_show,
3416
		.write_string = cgroup_release_agent_write,
3417
		.max_write_len = PATH_MAX - 1,
3418
	},
T
Tejun Heo 已提交
3419
	{ }	/* terminate */
3420 3421
};

3422
/**
3423
 * cgroup_populate_dir - create subsys files in a cgroup directory
3424 3425
 * @cgrp: target cgroup
 * @subsys_mask: mask of the subsystem ids whose files should be added
3426 3427
 *
 * On failure, no file is added.
3428
 */
3429
static int cgroup_populate_dir(struct cgroup *cgrp, unsigned long subsys_mask)
3430 3431
{
	struct cgroup_subsys *ss;
3432
	int i, ret = 0;
3433

3434
	/* process cftsets of each subsystem */
3435
	for_each_subsys(ss, i) {
T
Tejun Heo 已提交
3436
		struct cftype *cfts;
3437 3438

		if (!test_bit(i, &subsys_mask))
3439
			continue;
3440

T
Tejun Heo 已提交
3441 3442
		list_for_each_entry(cfts, &ss->cfts, node) {
			ret = cgroup_addrm_files(cgrp, cfts, true);
3443 3444 3445
			if (ret < 0)
				goto err;
		}
3446 3447
	}
	return 0;
3448 3449 3450
err:
	cgroup_clear_dir(cgrp, subsys_mask);
	return ret;
3451 3452
}

3453 3454 3455 3456 3457 3458 3459 3460 3461 3462 3463 3464 3465 3466 3467 3468 3469 3470 3471 3472 3473 3474
/*
 * css destruction is four-stage process.
 *
 * 1. Destruction starts.  Killing of the percpu_ref is initiated.
 *    Implemented in kill_css().
 *
 * 2. When the percpu_ref is confirmed to be visible as killed on all CPUs
 *    and thus css_tryget() is guaranteed to fail, the css can be offlined
 *    by invoking offline_css().  After offlining, the base ref is put.
 *    Implemented in css_killed_work_fn().
 *
 * 3. When the percpu_ref reaches zero, the only possible remaining
 *    accessors are inside RCU read sections.  css_release() schedules the
 *    RCU callback.
 *
 * 4. After the grace period, the css can be freed.  Implemented in
 *    css_free_work_fn().
 *
 * It is actually hairier because both step 2 and 4 require process context
 * and thus involve punting to css->destroy_work adding two additional
 * steps to the already complex sequence.
 */
3475
static void css_free_work_fn(struct work_struct *work)
3476 3477
{
	struct cgroup_subsys_state *css =
3478
		container_of(work, struct cgroup_subsys_state, destroy_work);
3479
	struct cgroup *cgrp = css->cgroup;
3480

3481 3482 3483
	if (css->parent)
		css_put(css->parent);

3484
	css->ss->css_free(css);
T
Tejun Heo 已提交
3485
	cgroup_put(cgrp);
3486 3487
}

3488
static void css_free_rcu_fn(struct rcu_head *rcu_head)
3489 3490
{
	struct cgroup_subsys_state *css =
3491
		container_of(rcu_head, struct cgroup_subsys_state, rcu_head);
3492

3493
	INIT_WORK(&css->destroy_work, css_free_work_fn);
3494
	queue_work(cgroup_destroy_wq, &css->destroy_work);
3495 3496
}

3497 3498 3499 3500 3501
static void css_release(struct percpu_ref *ref)
{
	struct cgroup_subsys_state *css =
		container_of(ref, struct cgroup_subsys_state, refcnt);

3502
	rcu_assign_pointer(css->cgroup->subsys[css->ss->id], NULL);
3503
	call_rcu(&css->rcu_head, css_free_rcu_fn);
3504 3505
}

3506 3507
static void init_css(struct cgroup_subsys_state *css, struct cgroup_subsys *ss,
		     struct cgroup *cgrp)
3508
{
3509
	css->cgroup = cgrp;
3510
	css->ss = ss;
3511
	css->flags = 0;
3512 3513

	if (cgrp->parent)
3514
		css->parent = cgroup_css(cgrp->parent, ss);
3515
	else
3516
		css->flags |= CSS_ROOT;
3517

3518
	BUG_ON(cgroup_css(cgrp, ss));
3519 3520
}

3521
/* invoke ->css_online() on a new CSS and mark it online if successful */
3522
static int online_css(struct cgroup_subsys_state *css)
3523
{
3524
	struct cgroup_subsys *ss = css->ss;
T
Tejun Heo 已提交
3525 3526
	int ret = 0;

T
Tejun Heo 已提交
3527
	lockdep_assert_held(&cgroup_tree_mutex);
3528 3529
	lockdep_assert_held(&cgroup_mutex);

3530
	if (ss->css_online)
3531
		ret = ss->css_online(css);
3532
	if (!ret) {
3533
		css->flags |= CSS_ONLINE;
3534
		css->cgroup->nr_css++;
3535
		rcu_assign_pointer(css->cgroup->subsys[ss->id], css);
3536
	}
T
Tejun Heo 已提交
3537
	return ret;
3538 3539
}

3540
/* if the CSS is online, invoke ->css_offline() on it and mark it offline */
3541
static void offline_css(struct cgroup_subsys_state *css)
3542
{
3543
	struct cgroup_subsys *ss = css->ss;
3544

T
Tejun Heo 已提交
3545
	lockdep_assert_held(&cgroup_tree_mutex);
3546 3547 3548 3549 3550
	lockdep_assert_held(&cgroup_mutex);

	if (!(css->flags & CSS_ONLINE))
		return;

3551
	if (ss->css_offline)
3552
		ss->css_offline(css);
3553

3554
	css->flags &= ~CSS_ONLINE;
3555
	css->cgroup->nr_css--;
3556
	RCU_INIT_POINTER(css->cgroup->subsys[ss->id], css);
3557 3558
}

3559 3560 3561 3562 3563 3564 3565 3566 3567 3568 3569 3570 3571 3572 3573 3574 3575 3576 3577 3578 3579 3580 3581 3582 3583 3584 3585
/**
 * create_css - create a cgroup_subsys_state
 * @cgrp: the cgroup new css will be associated with
 * @ss: the subsys of new css
 *
 * Create a new css associated with @cgrp - @ss pair.  On success, the new
 * css is online and installed in @cgrp with all interface files created.
 * Returns 0 on success, -errno on failure.
 */
static int create_css(struct cgroup *cgrp, struct cgroup_subsys *ss)
{
	struct cgroup *parent = cgrp->parent;
	struct cgroup_subsys_state *css;
	int err;

	lockdep_assert_held(&cgroup_mutex);

	css = ss->css_alloc(cgroup_css(parent, ss));
	if (IS_ERR(css))
		return PTR_ERR(css);

	err = percpu_ref_init(&css->refcnt, css_release);
	if (err)
		goto err_free;

	init_css(css, ss, cgrp);

3586
	err = cgroup_populate_dir(cgrp, 1 << ss->id);
3587 3588 3589 3590 3591 3592 3593
	if (err)
		goto err_free;

	err = online_css(css);
	if (err)
		goto err_free;

3594
	cgroup_get(cgrp);
3595 3596 3597 3598 3599 3600 3601 3602 3603 3604 3605 3606 3607 3608 3609 3610 3611 3612 3613
	css_get(css->parent);

	if (ss->broken_hierarchy && !ss->warned_broken_hierarchy &&
	    parent->parent) {
		pr_warning("cgroup: %s (%d) created nested cgroup for controller \"%s\" which has incomplete hierarchy support. Nested cgroups may change behavior in the future.\n",
			   current->comm, current->pid, ss->name);
		if (!strcmp(ss->name, "memory"))
			pr_warning("cgroup: \"memory\" requires setting use_hierarchy to 1 on the root.\n");
		ss->warned_broken_hierarchy = true;
	}

	return 0;

err_free:
	percpu_ref_cancel_init(&css->refcnt);
	ss->css_free(css);
	return err;
}

T
Tejun Heo 已提交
3614
/**
L
Li Zefan 已提交
3615 3616
 * cgroup_create - create a cgroup
 * @parent: cgroup that will be parent of the new cgroup
T
Tejun Heo 已提交
3617
 * @name: name of the new cgroup
T
Tejun Heo 已提交
3618
 * @mode: mode to set on new cgroup
3619
 */
T
Tejun Heo 已提交
3620
static long cgroup_create(struct cgroup *parent, const char *name,
T
Tejun Heo 已提交
3621
			  umode_t mode)
3622
{
3623
	struct cgroup *cgrp;
3624
	struct cgroupfs_root *root = parent->root;
3625
	int ssid, err;
3626
	struct cgroup_subsys *ss;
T
Tejun Heo 已提交
3627
	struct kernfs_node *kn;
3628

T
Tejun Heo 已提交
3629
	/* allocate the cgroup and its ID, 0 is reserved for the root */
3630 3631
	cgrp = kzalloc(sizeof(*cgrp), GFP_KERNEL);
	if (!cgrp)
3632 3633
		return -ENOMEM;

T
Tejun Heo 已提交
3634 3635
	mutex_lock(&cgroup_tree_mutex);

3636 3637 3638 3639 3640 3641 3642 3643 3644
	/*
	 * Only live parents can have children.  Note that the liveliness
	 * check isn't strictly necessary because cgroup_mkdir() and
	 * cgroup_rmdir() are fully synchronized by i_mutex; however, do it
	 * anyway so that locking is contained inside cgroup proper and we
	 * don't get nasty surprises if we ever grow another caller.
	 */
	if (!cgroup_lock_live_group(parent)) {
		err = -ENODEV;
T
Tejun Heo 已提交
3645
		goto err_unlock_tree;
3646 3647 3648 3649 3650 3651 3652 3653 3654 3655
	}

	/*
	 * Temporarily set the pointer to NULL, so idr_find() won't return
	 * a half-baked cgroup.
	 */
	cgrp->id = idr_alloc(&root->cgroup_idr, NULL, 1, 0, GFP_KERNEL);
	if (cgrp->id < 0) {
		err = -ENOMEM;
		goto err_unlock;
3656 3657
	}

3658
	init_cgroup_housekeeping(cgrp);
3659

3660
	cgrp->parent = parent;
3661
	cgrp->dummy_css.parent = &parent->dummy_css;
3662
	cgrp->root = parent->root;
3663

3664 3665 3666
	if (notify_on_release(parent))
		set_bit(CGRP_NOTIFY_ON_RELEASE, &cgrp->flags);

3667 3668
	if (test_bit(CGRP_CPUSET_CLONE_CHILDREN, &parent->flags))
		set_bit(CGRP_CPUSET_CLONE_CHILDREN, &cgrp->flags);
3669

T
Tejun Heo 已提交
3670
	/* create the directory */
T
Tejun Heo 已提交
3671
	kn = kernfs_create_dir(parent->kn, name, mode, cgrp);
T
Tejun Heo 已提交
3672 3673
	if (IS_ERR(kn)) {
		err = PTR_ERR(kn);
3674
		goto err_free_id;
T
Tejun Heo 已提交
3675 3676
	}
	cgrp->kn = kn;
3677

3678 3679 3680 3681 3682 3683
	/*
	 * This extra ref will be put in cgroup_free_fn() and guarantees
	 * that @cgrp->kn is always accessible.
	 */
	kernfs_get(kn);

3684
	cgrp->serial_nr = cgroup_serial_nr_next++;
3685

3686 3687
	/* allocation complete, commit to creation */
	list_add_tail_rcu(&cgrp->sibling, &cgrp->parent->children);
3688
	atomic_inc(&root->nr_cgrps);
3689
	cgroup_get(parent);
3690

3691 3692 3693 3694
	/*
	 * @cgrp is now fully operational.  If something fails after this
	 * point, it'll be released via the normal destruction path.
	 */
3695 3696
	idr_replace(&root->cgroup_idr, cgrp, cgrp->id);

3697
	err = cgroup_addrm_files(cgrp, cgroup_base_files, true);
3698 3699 3700
	if (err)
		goto err_destroy;

3701
	/* let's create and online css's */
T
Tejun Heo 已提交
3702 3703 3704 3705 3706 3707
	for_each_subsys(ss, ssid) {
		if (root->subsys_mask & (1 << ssid)) {
			err = create_css(cgrp, ss);
			if (err)
				goto err_destroy;
		}
3708
	}
3709

T
Tejun Heo 已提交
3710 3711
	kernfs_activate(kn);

3712
	mutex_unlock(&cgroup_mutex);
T
Tejun Heo 已提交
3713
	mutex_unlock(&cgroup_tree_mutex);
3714 3715 3716

	return 0;

T
Tejun Heo 已提交
3717
err_free_id:
3718
	idr_remove(&root->cgroup_idr, cgrp->id);
3719 3720
err_unlock:
	mutex_unlock(&cgroup_mutex);
T
Tejun Heo 已提交
3721 3722
err_unlock_tree:
	mutex_unlock(&cgroup_tree_mutex);
3723
	kfree(cgrp);
3724
	return err;
3725 3726 3727 3728

err_destroy:
	cgroup_destroy_locked(cgrp);
	mutex_unlock(&cgroup_mutex);
T
Tejun Heo 已提交
3729
	mutex_unlock(&cgroup_tree_mutex);
3730
	return err;
3731 3732
}

T
Tejun Heo 已提交
3733 3734
static int cgroup_mkdir(struct kernfs_node *parent_kn, const char *name,
			umode_t mode)
3735
{
T
Tejun Heo 已提交
3736
	struct cgroup *parent = parent_kn->priv;
3737

T
Tejun Heo 已提交
3738
	return cgroup_create(parent, name, mode);
3739 3740
}

3741 3742 3743 3744 3745
/*
 * This is called when the refcnt of a css is confirmed to be killed.
 * css_tryget() is now guaranteed to fail.
 */
static void css_killed_work_fn(struct work_struct *work)
3746
{
3747 3748 3749
	struct cgroup_subsys_state *css =
		container_of(work, struct cgroup_subsys_state, destroy_work);
	struct cgroup *cgrp = css->cgroup;
3750

T
Tejun Heo 已提交
3751
	mutex_lock(&cgroup_tree_mutex);
3752 3753
	mutex_lock(&cgroup_mutex);

3754 3755 3756 3757 3758 3759
	/*
	 * css_tryget() is guaranteed to fail now.  Tell subsystems to
	 * initate destruction.
	 */
	offline_css(css);

3760 3761 3762 3763 3764
	/*
	 * If @cgrp is marked dead, it's waiting for refs of all css's to
	 * be disabled before proceeding to the second phase of cgroup
	 * destruction.  If we are the last one, kick it off.
	 */
3765
	if (!cgrp->nr_css && cgroup_is_dead(cgrp))
3766 3767 3768
		cgroup_destroy_css_killed(cgrp);

	mutex_unlock(&cgroup_mutex);
T
Tejun Heo 已提交
3769
	mutex_unlock(&cgroup_tree_mutex);
3770 3771 3772 3773 3774 3775 3776 3777 3778

	/*
	 * Put the css refs from kill_css().  Each css holds an extra
	 * reference to the cgroup's dentry and cgroup removal proceeds
	 * regardless of css refs.  On the last put of each css, whenever
	 * that may be, the extra dentry ref is put so that dentry
	 * destruction happens only after all css's are released.
	 */
	css_put(css);
3779 3780
}

3781 3782
/* css kill confirmation processing requires process context, bounce */
static void css_killed_ref_fn(struct percpu_ref *ref)
3783 3784 3785 3786
{
	struct cgroup_subsys_state *css =
		container_of(ref, struct cgroup_subsys_state, refcnt);

3787
	INIT_WORK(&css->destroy_work, css_killed_work_fn);
3788
	queue_work(cgroup_destroy_wq, &css->destroy_work);
3789 3790
}

T
Tejun Heo 已提交
3791 3792 3793 3794
/**
 * kill_css - destroy a css
 * @css: css to destroy
 *
3795 3796 3797 3798
 * This function initiates destruction of @css by removing cgroup interface
 * files and putting its base reference.  ->css_offline() will be invoked
 * asynchronously once css_tryget() is guaranteed to fail and when the
 * reference count reaches zero, @css will be released.
T
Tejun Heo 已提交
3799 3800 3801
 */
static void kill_css(struct cgroup_subsys_state *css)
{
T
Tejun Heo 已提交
3802 3803 3804 3805
	/*
	 * This must happen before css is disassociated with its cgroup.
	 * See seq_css() for details.
	 */
3806
	cgroup_clear_dir(css->cgroup, 1 << css->ss->id);
3807

T
Tejun Heo 已提交
3808 3809 3810 3811 3812 3813 3814 3815 3816 3817 3818 3819 3820 3821 3822 3823 3824
	/*
	 * Killing would put the base ref, but we need to keep it alive
	 * until after ->css_offline().
	 */
	css_get(css);

	/*
	 * cgroup core guarantees that, by the time ->css_offline() is
	 * invoked, no new css reference will be given out via
	 * css_tryget().  We can't simply call percpu_ref_kill() and
	 * proceed to offlining css's because percpu_ref_kill() doesn't
	 * guarantee that the ref is seen as killed on all CPUs on return.
	 *
	 * Use percpu_ref_kill_and_confirm() to get notifications as each
	 * css is confirmed to be seen as killed on all CPUs.
	 */
	percpu_ref_kill_and_confirm(&css->refcnt, css_killed_ref_fn);
3825 3826 3827 3828 3829 3830 3831 3832 3833 3834 3835 3836 3837 3838 3839 3840 3841 3842 3843 3844 3845 3846 3847 3848 3849 3850
}

/**
 * cgroup_destroy_locked - the first stage of cgroup destruction
 * @cgrp: cgroup to be destroyed
 *
 * css's make use of percpu refcnts whose killing latency shouldn't be
 * exposed to userland and are RCU protected.  Also, cgroup core needs to
 * guarantee that css_tryget() won't succeed by the time ->css_offline() is
 * invoked.  To satisfy all the requirements, destruction is implemented in
 * the following two steps.
 *
 * s1. Verify @cgrp can be destroyed and mark it dying.  Remove all
 *     userland visible parts and start killing the percpu refcnts of
 *     css's.  Set up so that the next stage will be kicked off once all
 *     the percpu refcnts are confirmed to be killed.
 *
 * s2. Invoke ->css_offline(), mark the cgroup dead and proceed with the
 *     rest of destruction.  Once all cgroup references are gone, the
 *     cgroup is RCU-freed.
 *
 * This function implements s1.  After this step, @cgrp is gone as far as
 * the userland is concerned and a new cgroup with the same name may be
 * created.  As cgroup doesn't care about the names internally, this
 * doesn't cause any problem.
 */
3851 3852
static int cgroup_destroy_locked(struct cgroup *cgrp)
	__releases(&cgroup_mutex) __acquires(&cgroup_mutex)
3853
{
3854
	struct cgroup *child;
T
Tejun Heo 已提交
3855
	struct cgroup_subsys_state *css;
3856
	bool empty;
T
Tejun Heo 已提交
3857
	int ssid;
3858

T
Tejun Heo 已提交
3859
	lockdep_assert_held(&cgroup_tree_mutex);
3860 3861
	lockdep_assert_held(&cgroup_mutex);

3862
	/*
3863
	 * css_set_rwsem synchronizes access to ->cset_links and prevents
3864
	 * @cgrp from being removed while put_css_set() is in progress.
3865
	 */
3866
	down_read(&css_set_rwsem);
3867
	empty = list_empty(&cgrp->cset_links);
3868
	up_read(&css_set_rwsem);
3869
	if (!empty)
3870
		return -EBUSY;
L
Li Zefan 已提交
3871

3872 3873 3874 3875 3876 3877 3878 3879 3880 3881 3882 3883 3884 3885 3886 3887
	/*
	 * Make sure there's no live children.  We can't test ->children
	 * emptiness as dead children linger on it while being destroyed;
	 * otherwise, "rmdir parent/child parent" may fail with -EBUSY.
	 */
	empty = true;
	rcu_read_lock();
	list_for_each_entry_rcu(child, &cgrp->children, sibling) {
		empty = cgroup_is_dead(child);
		if (!empty)
			break;
	}
	rcu_read_unlock();
	if (!empty)
		return -EBUSY;

3888 3889 3890 3891 3892 3893 3894 3895 3896
	/*
	 * Mark @cgrp dead.  This prevents further task migration and child
	 * creation by disabling cgroup_lock_live_group().  Note that
	 * CGRP_DEAD assertion is depended upon by css_next_child() to
	 * resume iteration after dropping RCU read lock.  See
	 * css_next_child() for details.
	 */
	set_bit(CGRP_DEAD, &cgrp->flags);

3897
	/*
T
Tejun Heo 已提交
3898 3899
	 * Initiate massacre of all css's.  cgroup_destroy_css_killed()
	 * will be invoked to perform the rest of destruction once the
3900 3901
	 * percpu refs of all css's are confirmed to be killed.  This
	 * involves removing the subsystem's files, drop cgroup_mutex.
3902
	 */
3903
	mutex_unlock(&cgroup_mutex);
T
Tejun Heo 已提交
3904 3905
	for_each_css(css, ssid, cgrp)
		kill_css(css);
3906
	mutex_lock(&cgroup_mutex);
3907 3908 3909 3910 3911 3912 3913 3914

	/* CGRP_DEAD is set, remove from ->release_list for the last time */
	raw_spin_lock(&release_list_lock);
	if (!list_empty(&cgrp->release_list))
		list_del_init(&cgrp->release_list);
	raw_spin_unlock(&release_list_lock);

	/*
3915 3916 3917 3918 3919 3920 3921 3922
	 * If @cgrp has css's attached, the second stage of cgroup
	 * destruction is kicked off from css_killed_work_fn() after the
	 * refs of all attached css's are killed.  If @cgrp doesn't have
	 * any css, we kick it off here.
	 */
	if (!cgrp->nr_css)
		cgroup_destroy_css_killed(cgrp);

T
Tejun Heo 已提交
3923 3924 3925
	/* remove @cgrp directory along with the base files */
	mutex_unlock(&cgroup_mutex);

3926
	/*
T
Tejun Heo 已提交
3927 3928 3929 3930 3931
	 * There are two control paths which try to determine cgroup from
	 * dentry without going through kernfs - cgroupstats_build() and
	 * css_tryget_from_dir().  Those are supported by RCU protecting
	 * clearing of cgrp->kn->priv backpointer, which should happen
	 * after all files under it have been removed.
3932
	 */
3933
	kernfs_remove(cgrp->kn);	/* @cgrp has an extra ref on its kn */
T
Tejun Heo 已提交
3934 3935
	RCU_INIT_POINTER(*(void __rcu __force **)&cgrp->kn->priv, NULL);

3936
	mutex_lock(&cgroup_mutex);
3937

3938 3939 3940
	return 0;
};

3941
/**
3942
 * cgroup_destroy_css_killed - the second step of cgroup destruction
3943 3944 3945
 * @work: cgroup->destroy_free_work
 *
 * This function is invoked from a work item for a cgroup which is being
3946 3947 3948
 * destroyed after all css's are offlined and performs the rest of
 * destruction.  This is the second step of destruction described in the
 * comment above cgroup_destroy_locked().
3949
 */
3950
static void cgroup_destroy_css_killed(struct cgroup *cgrp)
3951 3952 3953
{
	struct cgroup *parent = cgrp->parent;

T
Tejun Heo 已提交
3954
	lockdep_assert_held(&cgroup_tree_mutex);
3955
	lockdep_assert_held(&cgroup_mutex);
3956

3957
	/* delete this cgroup from parent->children */
3958
	list_del_rcu(&cgrp->sibling);
3959

3960
	cgroup_put(cgrp);
3961

3962
	set_bit(CGRP_RELEASABLE, &parent->flags);
3963
	check_for_release(parent);
3964 3965
}

T
Tejun Heo 已提交
3966
static int cgroup_rmdir(struct kernfs_node *kn)
3967
{
T
Tejun Heo 已提交
3968 3969 3970 3971 3972 3973 3974 3975 3976 3977 3978
	struct cgroup *cgrp = kn->priv;
	int ret = 0;

	/*
	 * This is self-destruction but @kn can't be removed while this
	 * callback is in progress.  Let's break active protection.  Once
	 * the protection is broken, @cgrp can be destroyed at any point.
	 * Pin it so that it stays accessible.
	 */
	cgroup_get(cgrp);
	kernfs_break_active_protection(kn);
3979

T
Tejun Heo 已提交
3980
	mutex_lock(&cgroup_tree_mutex);
3981
	mutex_lock(&cgroup_mutex);
T
Tejun Heo 已提交
3982 3983 3984 3985 3986 3987 3988 3989

	/*
	 * @cgrp might already have been destroyed while we're trying to
	 * grab the mutexes.
	 */
	if (!cgroup_is_dead(cgrp))
		ret = cgroup_destroy_locked(cgrp);

3990
	mutex_unlock(&cgroup_mutex);
T
Tejun Heo 已提交
3991
	mutex_unlock(&cgroup_tree_mutex);
3992

T
Tejun Heo 已提交
3993 3994
	kernfs_unbreak_active_protection(kn);
	cgroup_put(cgrp);
3995 3996 3997
	return ret;
}

T
Tejun Heo 已提交
3998 3999 4000 4001 4002 4003 4004 4005
static struct kernfs_syscall_ops cgroup_kf_syscall_ops = {
	.remount_fs		= cgroup_remount,
	.show_options		= cgroup_show_options,
	.mkdir			= cgroup_mkdir,
	.rmdir			= cgroup_rmdir,
	.rename			= cgroup_rename,
};

4006
static void __init cgroup_init_subsys(struct cgroup_subsys *ss)
4007 4008
{
	struct cgroup_subsys_state *css;
D
Diego Calleja 已提交
4009 4010

	printk(KERN_INFO "Initializing cgroup subsys %s\n", ss->name);
4011

T
Tejun Heo 已提交
4012
	mutex_lock(&cgroup_tree_mutex);
4013 4014
	mutex_lock(&cgroup_mutex);

T
Tejun Heo 已提交
4015
	INIT_LIST_HEAD(&ss->cfts);
4016

4017
	/* Create the top cgroup state for this subsystem */
4018
	ss->root = &cgroup_dummy_root;
4019
	css = ss->css_alloc(cgroup_css(cgroup_dummy_top, ss));
4020 4021
	/* We don't handle early failures gracefully */
	BUG_ON(IS_ERR(css));
4022
	init_css(css, ss, cgroup_dummy_top);
4023

L
Li Zefan 已提交
4024
	/* Update the init_css_set to contain a subsys
4025
	 * pointer to this state - since the subsystem is
L
Li Zefan 已提交
4026 4027
	 * newly registered, all tasks and hence the
	 * init_css_set is in the subsystem's top cgroup. */
4028
	init_css_set.subsys[ss->id] = css;
4029 4030 4031

	need_forkexit_callback |= ss->fork || ss->exit;

L
Li Zefan 已提交
4032 4033 4034 4035 4036
	/* At system boot, before all subsystems have been
	 * registered, no tasks have been forked, so we don't
	 * need to invoke fork callbacks here. */
	BUG_ON(!list_empty(&init_task.tasks));

4037
	BUG_ON(online_css(css));
4038

4039 4040
	cgroup_dummy_root.subsys_mask |= 1 << ss->id;

4041
	mutex_unlock(&cgroup_mutex);
T
Tejun Heo 已提交
4042
	mutex_unlock(&cgroup_tree_mutex);
4043 4044
}

4045
/**
L
Li Zefan 已提交
4046 4047 4048 4049
 * cgroup_init_early - cgroup initialization at system boot
 *
 * Initialize cgroups at system boot, and initialize any
 * subsystems that request early init.
4050 4051 4052
 */
int __init cgroup_init_early(void)
{
4053
	static struct cgroup_sb_opts __initdata opts = { };
4054
	struct cgroup_subsys *ss;
4055
	int i;
4056

4057
	init_cgroup_root(&cgroup_dummy_root, &opts);
4058
	RCU_INIT_POINTER(init_task.cgroups, &init_css_set);
4059

T
Tejun Heo 已提交
4060
	for_each_subsys(ss, i) {
4061
		WARN(!ss->css_alloc || !ss->css_free || ss->name || ss->id,
4062 4063
		     "invalid cgroup_subsys %d:%s css_alloc=%p css_free=%p name:id=%d:%s\n",
		     i, cgroup_subsys_name[i], ss->css_alloc, ss->css_free,
4064
		     ss->id, ss->name);
4065 4066 4067
		WARN(strlen(cgroup_subsys_name[i]) > MAX_CGROUP_TYPE_NAMELEN,
		     "cgroup_subsys_name %s too long\n", cgroup_subsys_name[i]);

4068
		ss->id = i;
4069
		ss->name = cgroup_subsys_name[i];
4070 4071 4072 4073 4074 4075 4076 4077

		if (ss->early_init)
			cgroup_init_subsys(ss);
	}
	return 0;
}

/**
L
Li Zefan 已提交
4078 4079 4080 4081
 * cgroup_init - cgroup initialization
 *
 * Register cgroup filesystem and /proc file, and initialize
 * any subsystems that didn't request early init.
4082 4083 4084
 */
int __init cgroup_init(void)
{
4085
	struct cgroup_subsys *ss;
4086
	unsigned long key;
4087
	int ssid, err;
4088

T
Tejun Heo 已提交
4089
	BUG_ON(cgroup_init_cftypes(NULL, cgroup_base_files));
4090

4091
	mutex_lock(&cgroup_tree_mutex);
T
Tejun Heo 已提交
4092 4093
	mutex_lock(&cgroup_mutex);

4094 4095 4096 4097
	/* Add init_css_set to the hash table */
	key = css_set_hash(init_css_set.subsys);
	hash_add(css_set_table, &init_css_set.hlist, key);

4098
	BUG_ON(cgroup_setup_root(&cgroup_dummy_root, 0));
4099

T
Tejun Heo 已提交
4100
	mutex_unlock(&cgroup_mutex);
4101
	mutex_unlock(&cgroup_tree_mutex);
T
Tejun Heo 已提交
4102

4103 4104 4105 4106 4107 4108 4109 4110 4111 4112 4113 4114
	for_each_subsys(ss, ssid) {
		if (!ss->early_init)
			cgroup_init_subsys(ss);

		/*
		 * cftype registration needs kmalloc and can't be done
		 * during early_init.  Register base cftypes separately.
		 */
		if (ss->base_cftypes)
			WARN_ON(cgroup_add_cftypes(ss, ss->base_cftypes));
	}

4115
	cgroup_kobj = kobject_create_and_add("cgroup", fs_kobj);
T
Tejun Heo 已提交
4116 4117
	if (!cgroup_kobj)
		return -ENOMEM;
4118

4119
	err = register_filesystem(&cgroup_fs_type);
4120 4121
	if (err < 0) {
		kobject_put(cgroup_kobj);
T
Tejun Heo 已提交
4122
		return err;
4123
	}
4124

L
Li Zefan 已提交
4125
	proc_create("cgroups", 0, NULL, &proc_cgroupstats_operations);
T
Tejun Heo 已提交
4126
	return 0;
4127
}
4128

4129 4130 4131 4132 4133
static int __init cgroup_wq_init(void)
{
	/*
	 * There isn't much point in executing destruction path in
	 * parallel.  Good chunk is serialized with cgroup_mutex anyway.
4134
	 * Use 1 for @max_active.
4135 4136 4137 4138
	 *
	 * We would prefer to do this in cgroup_init() above, but that
	 * is called before init_workqueues(): so leave this until after.
	 */
4139
	cgroup_destroy_wq = alloc_workqueue("cgroup_destroy", 0, 1);
4140
	BUG_ON(!cgroup_destroy_wq);
4141 4142 4143 4144 4145 4146 4147 4148 4149

	/*
	 * Used to destroy pidlists and separate to serve as flush domain.
	 * Cap @max_active to 1 too.
	 */
	cgroup_pidlist_destroy_wq = alloc_workqueue("cgroup_pidlist_destroy",
						    0, 1);
	BUG_ON(!cgroup_pidlist_destroy_wq);

4150 4151 4152 4153
	return 0;
}
core_initcall(cgroup_wq_init);

4154 4155 4156 4157 4158 4159 4160
/*
 * proc_cgroup_show()
 *  - Print task's cgroup paths into seq_file, one line for each hierarchy
 *  - Used for /proc/<pid>/cgroup.
 */

/* TODO: Use a proper seq_file iterator */
4161
int proc_cgroup_show(struct seq_file *m, void *v)
4162 4163 4164
{
	struct pid *pid;
	struct task_struct *tsk;
T
Tejun Heo 已提交
4165
	char *buf, *path;
4166 4167 4168 4169
	int retval;
	struct cgroupfs_root *root;

	retval = -ENOMEM;
T
Tejun Heo 已提交
4170
	buf = kmalloc(PATH_MAX, GFP_KERNEL);
4171 4172 4173 4174 4175 4176 4177 4178 4179 4180 4181 4182
	if (!buf)
		goto out;

	retval = -ESRCH;
	pid = m->private;
	tsk = get_pid_task(pid, PIDTYPE_PID);
	if (!tsk)
		goto out_free;

	retval = 0;

	mutex_lock(&cgroup_mutex);
4183
	down_read(&css_set_rwsem);
4184

4185
	for_each_root(root) {
4186
		struct cgroup_subsys *ss;
4187
		struct cgroup *cgrp;
T
Tejun Heo 已提交
4188
		int ssid, count = 0;
4189

4190 4191 4192
		if (root == &cgroup_dummy_root)
			continue;

4193
		seq_printf(m, "%d:", root->hierarchy_id);
T
Tejun Heo 已提交
4194 4195 4196
		for_each_subsys(ss, ssid)
			if (root->subsys_mask & (1 << ssid))
				seq_printf(m, "%s%s", count++ ? "," : "", ss->name);
4197 4198 4199
		if (strlen(root->name))
			seq_printf(m, "%sname=%s", count ? "," : "",
				   root->name);
4200
		seq_putc(m, ':');
4201
		cgrp = task_cgroup_from_root(tsk, root);
T
Tejun Heo 已提交
4202 4203 4204
		path = cgroup_path(cgrp, buf, PATH_MAX);
		if (!path) {
			retval = -ENAMETOOLONG;
4205
			goto out_unlock;
T
Tejun Heo 已提交
4206 4207
		}
		seq_puts(m, path);
4208 4209 4210 4211
		seq_putc(m, '\n');
	}

out_unlock:
4212
	up_read(&css_set_rwsem);
4213 4214 4215 4216 4217 4218 4219 4220 4221 4222 4223
	mutex_unlock(&cgroup_mutex);
	put_task_struct(tsk);
out_free:
	kfree(buf);
out:
	return retval;
}

/* Display information about each subsystem and each hierarchy */
static int proc_cgroupstats_show(struct seq_file *m, void *v)
{
4224
	struct cgroup_subsys *ss;
4225 4226
	int i;

4227
	seq_puts(m, "#subsys_name\thierarchy\tnum_cgroups\tenabled\n");
B
Ben Blum 已提交
4228 4229 4230 4231 4232
	/*
	 * ideally we don't want subsystems moving around while we do this.
	 * cgroup_mutex is also necessary to guarantee an atomic snapshot of
	 * subsys/hierarchy state.
	 */
4233
	mutex_lock(&cgroup_mutex);
4234 4235

	for_each_subsys(ss, i)
4236 4237
		seq_printf(m, "%s\t%d\t%d\t%d\n",
			   ss->name, ss->root->hierarchy_id,
4238
			   atomic_read(&ss->root->nr_cgrps), !ss->disabled);
4239

4240 4241 4242 4243 4244 4245
	mutex_unlock(&cgroup_mutex);
	return 0;
}

static int cgroupstats_open(struct inode *inode, struct file *file)
{
A
Al Viro 已提交
4246
	return single_open(file, proc_cgroupstats_show, NULL);
4247 4248
}

4249
static const struct file_operations proc_cgroupstats_operations = {
4250 4251 4252 4253 4254 4255
	.open = cgroupstats_open,
	.read = seq_read,
	.llseek = seq_lseek,
	.release = single_release,
};

4256
/**
4257
 * cgroup_fork - initialize cgroup related fields during copy_process()
L
Li Zefan 已提交
4258
 * @child: pointer to task_struct of forking parent process.
4259
 *
4260 4261 4262
 * A task is associated with the init_css_set until cgroup_post_fork()
 * attaches it to the parent's css_set.  Empty cg_list indicates that
 * @child isn't holding reference to its css_set.
4263 4264 4265
 */
void cgroup_fork(struct task_struct *child)
{
4266
	RCU_INIT_POINTER(child->cgroups, &init_css_set);
4267
	INIT_LIST_HEAD(&child->cg_list);
4268 4269
}

4270
/**
L
Li Zefan 已提交
4271 4272 4273
 * cgroup_post_fork - called on a new task after adding it to the task list
 * @child: the task in question
 *
4274 4275 4276
 * Adds the task to the list running through its css_set if necessary and
 * call the subsystem fork() callbacks.  Has to be after the task is
 * visible on the task list in case we race with the first call to
4277
 * cgroup_task_iter_start() - to guarantee that the new task ends up on its
4278
 * list.
L
Li Zefan 已提交
4279
 */
4280 4281
void cgroup_post_fork(struct task_struct *child)
{
4282
	struct cgroup_subsys *ss;
4283 4284
	int i;

4285
	/*
4286 4287 4288 4289 4290 4291 4292 4293 4294 4295 4296 4297 4298 4299 4300 4301 4302 4303 4304
	 * This may race against cgroup_enable_task_cg_links().  As that
	 * function sets use_task_css_set_links before grabbing
	 * tasklist_lock and we just went through tasklist_lock to add
	 * @child, it's guaranteed that either we see the set
	 * use_task_css_set_links or cgroup_enable_task_cg_lists() sees
	 * @child during its iteration.
	 *
	 * If we won the race, @child is associated with %current's
	 * css_set.  Grabbing css_set_rwsem guarantees both that the
	 * association is stable, and, on completion of the parent's
	 * migration, @child is visible in the source of migration or
	 * already in the destination cgroup.  This guarantee is necessary
	 * when implementing operations which need to migrate all tasks of
	 * a cgroup to another.
	 *
	 * Note that if we lose to cgroup_enable_task_cg_links(), @child
	 * will remain in init_css_set.  This is safe because all tasks are
	 * in the init_css_set before cg_links is enabled and there's no
	 * operation which transfers all tasks out of init_css_set.
4305
	 */
4306
	if (use_task_css_set_links) {
4307 4308
		struct css_set *cset;

4309
		down_write(&css_set_rwsem);
4310
		cset = task_css_set(current);
4311 4312 4313 4314 4315
		if (list_empty(&child->cg_list)) {
			rcu_assign_pointer(child->cgroups, cset);
			list_add(&child->cg_list, &cset->tasks);
			get_css_set(cset);
		}
4316
		up_write(&css_set_rwsem);
4317
	}
4318 4319 4320 4321 4322 4323 4324

	/*
	 * Call ss->fork().  This must happen after @child is linked on
	 * css_set; otherwise, @child might change state between ->fork()
	 * and addition to css_set.
	 */
	if (need_forkexit_callback) {
T
Tejun Heo 已提交
4325
		for_each_subsys(ss, i)
4326 4327 4328
			if (ss->fork)
				ss->fork(child);
	}
4329
}
4330

4331 4332 4333
/**
 * cgroup_exit - detach cgroup from exiting task
 * @tsk: pointer to task_struct of exiting process
L
Li Zefan 已提交
4334
 * @run_callback: run exit callbacks?
4335 4336 4337 4338 4339 4340 4341 4342 4343
 *
 * Description: Detach cgroup from @tsk and release it.
 *
 * Note that cgroups marked notify_on_release force every task in
 * them to take the global cgroup_mutex mutex when exiting.
 * This could impact scaling on very large systems.  Be reluctant to
 * use notify_on_release cgroups where very high task exit scaling
 * is required on large systems.
 *
4344 4345 4346 4347 4348 4349 4350
 * We set the exiting tasks cgroup to the root cgroup (top_cgroup).  We
 * call cgroup_exit() while the task is still competent to handle
 * notify_on_release(), then leave the task attached to the root cgroup in
 * each hierarchy for the remainder of its exit.  No need to bother with
 * init_css_set refcnting.  init_css_set never goes away and we can't race
 * with migration path - either PF_EXITING is visible to migration path or
 * @tsk never got on the tasklist.
4351 4352 4353
 */
void cgroup_exit(struct task_struct *tsk, int run_callbacks)
{
4354
	struct cgroup_subsys *ss;
4355
	struct css_set *cset;
4356
	bool put_cset = false;
4357
	int i;
4358 4359

	/*
4360 4361
	 * Unlink from @tsk from its css_set.  As migration path can't race
	 * with us, we can check cg_list without grabbing css_set_rwsem.
4362 4363
	 */
	if (!list_empty(&tsk->cg_list)) {
4364
		down_write(&css_set_rwsem);
4365
		list_del_init(&tsk->cg_list);
4366
		up_write(&css_set_rwsem);
4367
		put_cset = true;
4368 4369
	}

4370
	/* Reassign the task to the init_css_set. */
4371 4372
	cset = task_css_set(tsk);
	RCU_INIT_POINTER(tsk->cgroups, &init_css_set);
4373 4374

	if (run_callbacks && need_forkexit_callback) {
T
Tejun Heo 已提交
4375 4376
		/* see cgroup_post_fork() for details */
		for_each_subsys(ss, i) {
4377
			if (ss->exit) {
4378 4379
				struct cgroup_subsys_state *old_css = cset->subsys[i];
				struct cgroup_subsys_state *css = task_css(tsk, i);
4380

4381
				ss->exit(css, old_css, tsk);
4382 4383 4384 4385
			}
		}
	}

4386 4387
	if (put_cset)
		put_css_set(cset, true);
4388
}
4389

4390
static void check_for_release(struct cgroup *cgrp)
4391
{
4392
	if (cgroup_is_releasable(cgrp) &&
T
Tejun Heo 已提交
4393
	    list_empty(&cgrp->cset_links) && list_empty(&cgrp->children)) {
4394 4395
		/*
		 * Control Group is currently removeable. If it's not
4396
		 * already queued for a userspace notification, queue
4397 4398
		 * it now
		 */
4399
		int need_schedule_work = 0;
4400

4401
		raw_spin_lock(&release_list_lock);
4402
		if (!cgroup_is_dead(cgrp) &&
4403 4404
		    list_empty(&cgrp->release_list)) {
			list_add(&cgrp->release_list, &release_list);
4405 4406
			need_schedule_work = 1;
		}
4407
		raw_spin_unlock(&release_list_lock);
4408 4409 4410 4411 4412 4413 4414 4415 4416 4417 4418 4419 4420 4421 4422 4423 4424 4425 4426 4427 4428 4429 4430 4431 4432 4433 4434 4435 4436 4437 4438 4439
		if (need_schedule_work)
			schedule_work(&release_agent_work);
	}
}

/*
 * Notify userspace when a cgroup is released, by running the
 * configured release agent with the name of the cgroup (path
 * relative to the root of cgroup file system) as the argument.
 *
 * Most likely, this user command will try to rmdir this cgroup.
 *
 * This races with the possibility that some other task will be
 * attached to this cgroup before it is removed, or that some other
 * user task will 'mkdir' a child cgroup of this cgroup.  That's ok.
 * The presumed 'rmdir' will fail quietly if this cgroup is no longer
 * unused, and this cgroup will be reprieved from its death sentence,
 * to continue to serve a useful existence.  Next time it's released,
 * we will get notified again, if it still has 'notify_on_release' set.
 *
 * The final arg to call_usermodehelper() is UMH_WAIT_EXEC, which
 * means only wait until the task is successfully execve()'d.  The
 * separate release agent task is forked by call_usermodehelper(),
 * then control in this thread returns here, without waiting for the
 * release agent task.  We don't bother to wait because the caller of
 * this routine has no use for the exit status of the release agent
 * task, so no sense holding our caller up for that.
 */
static void cgroup_release_agent(struct work_struct *work)
{
	BUG_ON(work != &release_agent_work);
	mutex_lock(&cgroup_mutex);
4440
	raw_spin_lock(&release_list_lock);
4441 4442 4443
	while (!list_empty(&release_list)) {
		char *argv[3], *envp[3];
		int i;
T
Tejun Heo 已提交
4444
		char *pathbuf = NULL, *agentbuf = NULL, *path;
4445
		struct cgroup *cgrp = list_entry(release_list.next,
4446 4447
						    struct cgroup,
						    release_list);
4448
		list_del_init(&cgrp->release_list);
4449
		raw_spin_unlock(&release_list_lock);
T
Tejun Heo 已提交
4450
		pathbuf = kmalloc(PATH_MAX, GFP_KERNEL);
4451 4452
		if (!pathbuf)
			goto continue_free;
T
Tejun Heo 已提交
4453 4454
		path = cgroup_path(cgrp, pathbuf, PATH_MAX);
		if (!path)
4455 4456 4457 4458
			goto continue_free;
		agentbuf = kstrdup(cgrp->root->release_agent_path, GFP_KERNEL);
		if (!agentbuf)
			goto continue_free;
4459 4460

		i = 0;
4461
		argv[i++] = agentbuf;
T
Tejun Heo 已提交
4462
		argv[i++] = path;
4463 4464 4465 4466 4467 4468 4469 4470 4471 4472 4473 4474 4475 4476
		argv[i] = NULL;

		i = 0;
		/* minimal command environment */
		envp[i++] = "HOME=/";
		envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
		envp[i] = NULL;

		/* Drop the lock while we invoke the usermode helper,
		 * since the exec could involve hitting disk and hence
		 * be a slow process */
		mutex_unlock(&cgroup_mutex);
		call_usermodehelper(argv[0], argv, envp, UMH_WAIT_EXEC);
		mutex_lock(&cgroup_mutex);
4477 4478 4479
 continue_free:
		kfree(pathbuf);
		kfree(agentbuf);
4480
		raw_spin_lock(&release_list_lock);
4481
	}
4482
	raw_spin_unlock(&release_list_lock);
4483 4484
	mutex_unlock(&cgroup_mutex);
}
4485 4486 4487

static int __init cgroup_disable(char *str)
{
4488
	struct cgroup_subsys *ss;
4489
	char *token;
4490
	int i;
4491 4492 4493 4494

	while ((token = strsep(&str, ",")) != NULL) {
		if (!*token)
			continue;
4495

T
Tejun Heo 已提交
4496
		for_each_subsys(ss, i) {
4497 4498 4499 4500 4501 4502 4503 4504 4505 4506 4507
			if (!strcmp(token, ss->name)) {
				ss->disabled = 1;
				printk(KERN_INFO "Disabling %s control group"
					" subsystem\n", ss->name);
				break;
			}
		}
	}
	return 1;
}
__setup("cgroup_disable=", cgroup_disable);
K
KAMEZAWA Hiroyuki 已提交
4508

4509
/**
4510
 * css_tryget_from_dir - get corresponding css from the dentry of a cgroup dir
4511 4512
 * @dentry: directory dentry of interest
 * @ss: subsystem of interest
4513
 *
4514 4515 4516
 * If @dentry is a directory for a cgroup which has @ss enabled on it, try
 * to get the corresponding css and return it.  If such css doesn't exist
 * or can't be pinned, an ERR_PTR value is returned.
S
Stephane Eranian 已提交
4517
 */
4518 4519
struct cgroup_subsys_state *css_tryget_from_dir(struct dentry *dentry,
						struct cgroup_subsys *ss)
S
Stephane Eranian 已提交
4520
{
T
Tejun Heo 已提交
4521 4522
	struct kernfs_node *kn = kernfs_node_from_dentry(dentry);
	struct cgroup_subsys_state *css = NULL;
S
Stephane Eranian 已提交
4523
	struct cgroup *cgrp;
4524

4525
	/* is @dentry a cgroup dir? */
T
Tejun Heo 已提交
4526 4527
	if (dentry->d_sb->s_type != &cgroup_fs_type || !kn ||
	    kernfs_type(kn) != KERNFS_DIR)
S
Stephane Eranian 已提交
4528 4529
		return ERR_PTR(-EBADF);

4530 4531
	rcu_read_lock();

T
Tejun Heo 已提交
4532 4533 4534 4535 4536 4537 4538 4539
	/*
	 * This path doesn't originate from kernfs and @kn could already
	 * have been or be removed at any point.  @kn->priv is RCU
	 * protected for this access.  See destroy_locked() for details.
	 */
	cgrp = rcu_dereference(kn->priv);
	if (cgrp)
		css = cgroup_css(cgrp, ss);
4540 4541 4542 4543 4544 4545

	if (!css || !css_tryget(css))
		css = ERR_PTR(-ENOENT);

	rcu_read_unlock();
	return css;
S
Stephane Eranian 已提交
4546 4547
}

4548 4549 4550 4551 4552 4553 4554 4555 4556 4557 4558 4559
/**
 * css_from_id - lookup css by id
 * @id: the cgroup id
 * @ss: cgroup subsys to be looked into
 *
 * Returns the css if there's valid one with @id, otherwise returns NULL.
 * Should be called under rcu_read_lock().
 */
struct cgroup_subsys_state *css_from_id(int id, struct cgroup_subsys *ss)
{
	struct cgroup *cgrp;

T
Tejun Heo 已提交
4560
	cgroup_assert_mutexes_or_rcu_locked();
4561 4562 4563

	cgrp = idr_find(&ss->root->cgroup_idr, id);
	if (cgrp)
4564
		return cgroup_css(cgrp, ss);
4565
	return NULL;
S
Stephane Eranian 已提交
4566 4567
}

4568
#ifdef CONFIG_CGROUP_DEBUG
4569 4570
static struct cgroup_subsys_state *
debug_css_alloc(struct cgroup_subsys_state *parent_css)
4571 4572 4573 4574 4575 4576 4577 4578 4579
{
	struct cgroup_subsys_state *css = kzalloc(sizeof(*css), GFP_KERNEL);

	if (!css)
		return ERR_PTR(-ENOMEM);

	return css;
}

4580
static void debug_css_free(struct cgroup_subsys_state *css)
4581
{
4582
	kfree(css);
4583 4584
}

4585 4586
static u64 debug_taskcount_read(struct cgroup_subsys_state *css,
				struct cftype *cft)
4587
{
4588
	return cgroup_task_count(css->cgroup);
4589 4590
}

4591 4592
static u64 current_css_set_read(struct cgroup_subsys_state *css,
				struct cftype *cft)
4593 4594 4595 4596
{
	return (u64)(unsigned long)current->cgroups;
}

4597
static u64 current_css_set_refcount_read(struct cgroup_subsys_state *css,
L
Li Zefan 已提交
4598
					 struct cftype *cft)
4599 4600 4601 4602
{
	u64 count;

	rcu_read_lock();
4603
	count = atomic_read(&task_css_set(current)->refcount);
4604 4605 4606 4607
	rcu_read_unlock();
	return count;
}

4608
static int current_css_set_cg_links_read(struct seq_file *seq, void *v)
4609
{
4610
	struct cgrp_cset_link *link;
4611
	struct css_set *cset;
T
Tejun Heo 已提交
4612 4613 4614 4615 4616
	char *name_buf;

	name_buf = kmalloc(NAME_MAX + 1, GFP_KERNEL);
	if (!name_buf)
		return -ENOMEM;
4617

4618
	down_read(&css_set_rwsem);
4619
	rcu_read_lock();
4620
	cset = rcu_dereference(current->cgroups);
4621
	list_for_each_entry(link, &cset->cgrp_links, cgrp_link) {
4622
		struct cgroup *c = link->cgrp;
4623 4624
		const char *name = "?";

T
Tejun Heo 已提交
4625 4626 4627 4628
		if (c != cgroup_dummy_top) {
			cgroup_name(c, name_buf, NAME_MAX + 1);
			name = name_buf;
		}
4629

4630 4631
		seq_printf(seq, "Root %d group %s\n",
			   c->root->hierarchy_id, name);
4632 4633
	}
	rcu_read_unlock();
4634
	up_read(&css_set_rwsem);
T
Tejun Heo 已提交
4635
	kfree(name_buf);
4636 4637 4638 4639
	return 0;
}

#define MAX_TASKS_SHOWN_PER_CSS 25
4640
static int cgroup_css_links_read(struct seq_file *seq, void *v)
4641
{
4642
	struct cgroup_subsys_state *css = seq_css(seq);
4643
	struct cgrp_cset_link *link;
4644

4645
	down_read(&css_set_rwsem);
4646
	list_for_each_entry(link, &css->cgroup->cset_links, cset_link) {
4647
		struct css_set *cset = link->cset;
4648 4649
		struct task_struct *task;
		int count = 0;
T
Tejun Heo 已提交
4650

4651
		seq_printf(seq, "css_set %p\n", cset);
T
Tejun Heo 已提交
4652

4653
		list_for_each_entry(task, &cset->tasks, cg_list) {
T
Tejun Heo 已提交
4654 4655 4656 4657 4658 4659 4660 4661 4662
			if (count++ > MAX_TASKS_SHOWN_PER_CSS)
				goto overflow;
			seq_printf(seq, "  task %d\n", task_pid_vnr(task));
		}

		list_for_each_entry(task, &cset->mg_tasks, cg_list) {
			if (count++ > MAX_TASKS_SHOWN_PER_CSS)
				goto overflow;
			seq_printf(seq, "  task %d\n", task_pid_vnr(task));
4663
		}
T
Tejun Heo 已提交
4664 4665 4666
		continue;
	overflow:
		seq_puts(seq, "  ...\n");
4667
	}
4668
	up_read(&css_set_rwsem);
4669 4670 4671
	return 0;
}

4672
static u64 releasable_read(struct cgroup_subsys_state *css, struct cftype *cft)
4673
{
4674
	return test_bit(CGRP_RELEASABLE, &css->cgroup->flags);
4675 4676 4677 4678 4679 4680 4681 4682 4683 4684 4685 4686 4687 4688 4689 4690 4691 4692
}

static struct cftype debug_files[] =  {
	{
		.name = "taskcount",
		.read_u64 = debug_taskcount_read,
	},

	{
		.name = "current_css_set",
		.read_u64 = current_css_set_read,
	},

	{
		.name = "current_css_set_refcount",
		.read_u64 = current_css_set_refcount_read,
	},

4693 4694
	{
		.name = "current_css_set_cg_links",
4695
		.seq_show = current_css_set_cg_links_read,
4696 4697 4698 4699
	},

	{
		.name = "cgroup_css_links",
4700
		.seq_show = cgroup_css_links_read,
4701 4702
	},

4703 4704 4705 4706 4707
	{
		.name = "releasable",
		.read_u64 = releasable_read,
	},

4708 4709
	{ }	/* terminate */
};
4710

4711
struct cgroup_subsys debug_cgrp_subsys = {
4712 4713
	.css_alloc = debug_css_alloc,
	.css_free = debug_css_free,
4714
	.base_cftypes = debug_files,
4715 4716
};
#endif /* CONFIG_CGROUP_DEBUG */