cgroup.c 148.1 KB
Newer Older
1 2 3 4 5 6
/*
 *  Generic process-grouping system.
 *
 *  Based originally on the cpuset system, extracted by Paul Menage
 *  Copyright (C) 2006 Google, Inc
 *
7 8 9 10
 *  Notifications support
 *  Copyright (C) 2009 Nokia Corporation
 *  Author: Kirill A. Shutemov
 *
11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
 *  Copyright notices from the original cpuset code:
 *  --------------------------------------------------
 *  Copyright (C) 2003 BULL SA.
 *  Copyright (C) 2004-2006 Silicon Graphics, Inc.
 *
 *  Portions derived from Patrick Mochel's sysfs code.
 *  sysfs is Copyright (c) 2001-3 Patrick Mochel
 *
 *  2003-10-10 Written by Simon Derr.
 *  2003-10-22 Updates by Stephen Hemminger.
 *  2004 May-July Rework by Paul Jackson.
 *  ---------------------------------------------------
 *
 *  This file is subject to the terms and conditions of the GNU General Public
 *  License.  See the file COPYING in the main directory of the Linux
 *  distribution for more details.
 */

#include <linux/cgroup.h>
30
#include <linux/cred.h>
31
#include <linux/ctype.h>
32
#include <linux/errno.h>
33
#include <linux/init_task.h>
34 35 36 37 38 39
#include <linux/kernel.h>
#include <linux/list.h>
#include <linux/mm.h>
#include <linux/mutex.h>
#include <linux/mount.h>
#include <linux/pagemap.h>
40
#include <linux/proc_fs.h>
41 42
#include <linux/rcupdate.h>
#include <linux/sched.h>
43
#include <linux/backing-dev.h>
44 45 46 47 48
#include <linux/seq_file.h>
#include <linux/slab.h>
#include <linux/magic.h>
#include <linux/spinlock.h>
#include <linux/string.h>
49
#include <linux/sort.h>
50
#include <linux/kmod.h>
51
#include <linux/module.h>
B
Balbir Singh 已提交
52 53
#include <linux/delayacct.h>
#include <linux/cgroupstats.h>
54
#include <linux/hashtable.h>
55
#include <linux/namei.h>
L
Li Zefan 已提交
56
#include <linux/pid_namespace.h>
57
#include <linux/idr.h>
58
#include <linux/vmalloc.h> /* TODO: replace with more sophisticated array */
59
#include <linux/flex_array.h> /* used in cgroup_attach_task */
60
#include <linux/kthread.h>
B
Balbir Singh 已提交
61

A
Arun Sharma 已提交
62
#include <linux/atomic.h>
63

64 65 66 67 68 69 70 71
/*
 * pidlists linger the following amount before being destroyed.  The goal
 * is avoiding frequent destruction in the middle of consecutive read calls
 * Expiring in the middle is a performance problem not a correctness one.
 * 1 sec should be enough.
 */
#define CGROUP_PIDLIST_DESTROY_DELAY	HZ

T
Tejun Heo 已提交
72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87
/*
 * cgroup_mutex is the master lock.  Any modification to cgroup or its
 * hierarchy must be performed while holding it.
 *
 * cgroup_root_mutex nests inside cgroup_mutex and should be held to modify
 * cgroupfs_root of any cgroup hierarchy - subsys list, flags,
 * release_agent_path and so on.  Modifying requires both cgroup_mutex and
 * cgroup_root_mutex.  Readers can acquire either of the two.  This is to
 * break the following locking order cycle.
 *
 *  A. cgroup_mutex -> cred_guard_mutex -> s_type->i_mutex_key -> namespace_sem
 *  B. namespace_sem -> cgroup_mutex
 *
 * B happens only through cgroup_show_options() and using cgroup_root_mutex
 * breaks it.
 */
T
Tejun Heo 已提交
88 89
#ifdef CONFIG_PROVE_RCU
DEFINE_MUTEX(cgroup_mutex);
90
EXPORT_SYMBOL_GPL(cgroup_mutex);	/* only for lockdep */
T
Tejun Heo 已提交
91
#else
92
static DEFINE_MUTEX(cgroup_mutex);
T
Tejun Heo 已提交
93 94
#endif

T
Tejun Heo 已提交
95
static DEFINE_MUTEX(cgroup_root_mutex);
96

97 98 99 100 101 102 103 104
/*
 * cgroup destruction makes heavy use of work items and there can be a lot
 * of concurrent destructions.  Use a separate workqueue so that cgroup
 * destruction work items don't end up filling up max_active of system_wq
 * which may lead to deadlock.
 */
static struct workqueue_struct *cgroup_destroy_wq;

105 106 107 108 109 110
/*
 * pidlist destructions need to be flushed on cgroup destruction.  Use a
 * separate workqueue as flush domain.
 */
static struct workqueue_struct *cgroup_pidlist_destroy_wq;

B
Ben Blum 已提交
111 112
/*
 * Generate an array of cgroup subsystem pointers. At boot time, this is
113
 * populated with the built in subsystems, and modular subsystems are
B
Ben Blum 已提交
114 115 116
 * registered after that. The mutable section of this array is protected by
 * cgroup_mutex.
 */
117
#define SUBSYS(_x) [_x ## _subsys_id] = &_x ## _subsys,
118
#define IS_SUBSYS_ENABLED(option) IS_BUILTIN(option)
119
static struct cgroup_subsys *cgroup_subsys[CGROUP_SUBSYS_COUNT] = {
120 121 122 123
#include <linux/cgroup_subsys.h>
};

/*
124 125 126
 * The dummy hierarchy, reserved for the subsystems that are otherwise
 * unattached - it never has more than a single cgroup, and all tasks are
 * part of that cgroup.
127
 */
128 129 130 131
static struct cgroupfs_root cgroup_dummy_root;

/* dummy_top is a shorthand for the dummy hierarchy's top cgroup */
static struct cgroup * const cgroup_dummy_top = &cgroup_dummy_root.top_cgroup;
132

T
Tejun Heo 已提交
133 134 135 136 137 138 139
/*
 * cgroupfs file entry, pointed to from leaf dentry->d_fsdata.
 */
struct cfent {
	struct list_head		node;
	struct dentry			*dentry;
	struct cftype			*type;
140
	struct cgroup_subsys_state	*css;
L
Li Zefan 已提交
141 142 143

	/* file xattrs */
	struct simple_xattrs		xattrs;
T
Tejun Heo 已提交
144 145
};

146 147
/* The list of hierarchy roots */

148 149
static LIST_HEAD(cgroup_roots);
static int cgroup_root_count;
150

T
Tejun Heo 已提交
151 152 153 154 155
/*
 * Hierarchy ID allocation and mapping.  It follows the same exclusion
 * rules as other root ops - both cgroup_mutex and cgroup_root_mutex for
 * writes, either for reads.
 */
156
static DEFINE_IDR(cgroup_hierarchy_idr);
157

158 159
static struct cgroup_name root_cgroup_name = { .name = "/" };

160 161 162 163 164
/*
 * Assign a monotonically increasing serial number to cgroups.  It
 * guarantees cgroups with bigger numbers are newer than those with smaller
 * numbers.  Also, as cgroups are always appended to the parent's
 * ->children list, it guarantees that sibling cgroups are always sorted in
165 166
 * the ascending serial number order on the list.  Protected by
 * cgroup_mutex.
167
 */
168
static u64 cgroup_serial_nr_next = 1;
169

170
/* This flag indicates whether tasks in the fork and exit paths should
L
Li Zefan 已提交
171 172 173
 * check for fork/exit handlers to call. This avoids us having to do
 * extra work in the fork/exit path if none of the subsystems need to
 * be called.
174
 */
175
static int need_forkexit_callback __read_mostly;
176

177 178
static struct cftype cgroup_base_files[];

179
static void cgroup_destroy_css_killed(struct cgroup *cgrp);
180
static int cgroup_destroy_locked(struct cgroup *cgrp);
181 182
static int cgroup_addrm_files(struct cgroup *cgrp, struct cftype cfts[],
			      bool is_add);
183
static int cgroup_file_release(struct inode *inode, struct file *file);
184
static void cgroup_pidlist_destroy_all(struct cgroup *cgrp);
185

T
Tejun Heo 已提交
186 187 188
/**
 * cgroup_css - obtain a cgroup's css for the specified subsystem
 * @cgrp: the cgroup of interest
189
 * @ss: the subsystem of interest (%NULL returns the dummy_css)
T
Tejun Heo 已提交
190
 *
191 192 193 194 195
 * Return @cgrp's css (cgroup_subsys_state) associated with @ss.  This
 * function must be called either under cgroup_mutex or rcu_read_lock() and
 * the caller is responsible for pinning the returned css if it wants to
 * keep accessing it outside the said locks.  This function may return
 * %NULL if @cgrp doesn't have @subsys_id enabled.
T
Tejun Heo 已提交
196 197
 */
static struct cgroup_subsys_state *cgroup_css(struct cgroup *cgrp,
198
					      struct cgroup_subsys *ss)
T
Tejun Heo 已提交
199
{
200 201 202 203 204
	if (ss)
		return rcu_dereference_check(cgrp->subsys[ss->subsys_id],
					     lockdep_is_held(&cgroup_mutex));
	else
		return &cgrp->dummy_css;
T
Tejun Heo 已提交
205
}
206

207
/* convenient tests for these bits */
208
static inline bool cgroup_is_dead(const struct cgroup *cgrp)
209
{
210
	return test_bit(CGRP_DEAD, &cgrp->flags);
211 212
}

213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231
/**
 * cgroup_is_descendant - test ancestry
 * @cgrp: the cgroup to be tested
 * @ancestor: possible ancestor of @cgrp
 *
 * Test whether @cgrp is a descendant of @ancestor.  It also returns %true
 * if @cgrp == @ancestor.  This function is safe to call as long as @cgrp
 * and @ancestor are accessible.
 */
bool cgroup_is_descendant(struct cgroup *cgrp, struct cgroup *ancestor)
{
	while (cgrp) {
		if (cgrp == ancestor)
			return true;
		cgrp = cgrp->parent;
	}
	return false;
}
EXPORT_SYMBOL_GPL(cgroup_is_descendant);
232

233
static int cgroup_is_releasable(const struct cgroup *cgrp)
234 235
{
	const int bits =
236 237 238
		(1 << CGRP_RELEASABLE) |
		(1 << CGRP_NOTIFY_ON_RELEASE);
	return (cgrp->flags & bits) == bits;
239 240
}

241
static int notify_on_release(const struct cgroup *cgrp)
242
{
243
	return test_bit(CGRP_NOTIFY_ON_RELEASE, &cgrp->flags);
244 245
}

246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270
/**
 * for_each_subsys - iterate all loaded cgroup subsystems
 * @ss: the iteration cursor
 * @i: the index of @ss, CGROUP_SUBSYS_COUNT after reaching the end
 *
 * Should be called under cgroup_mutex.
 */
#define for_each_subsys(ss, i)						\
	for ((i) = 0; (i) < CGROUP_SUBSYS_COUNT; (i)++)			\
		if (({ lockdep_assert_held(&cgroup_mutex);		\
		       !((ss) = cgroup_subsys[i]); })) { }		\
		else

/**
 * for_each_builtin_subsys - iterate all built-in cgroup subsystems
 * @ss: the iteration cursor
 * @i: the index of @ss, CGROUP_BUILTIN_SUBSYS_COUNT after reaching the end
 *
 * Bulit-in subsystems are always present and iteration itself doesn't
 * require any synchronization.
 */
#define for_each_builtin_subsys(ss, i)					\
	for ((i) = 0; (i) < CGROUP_BUILTIN_SUBSYS_COUNT &&		\
	     (((ss) = cgroup_subsys[i]) || true); (i)++)

271 272 273
/* iterate each subsystem attached to a hierarchy */
#define for_each_root_subsys(root, ss)					\
	list_for_each_entry((ss), &(root)->subsys_list, sibling)
274

275 276 277
/* iterate across the active hierarchies */
#define for_each_active_root(root)					\
	list_for_each_entry((root), &cgroup_roots, root_list)
278

279 280 281 282 283
static inline struct cgroup *__d_cgrp(struct dentry *dentry)
{
	return dentry->d_fsdata;
}

T
Tejun Heo 已提交
284
static inline struct cfent *__d_cfe(struct dentry *dentry)
285 286 287 288
{
	return dentry->d_fsdata;
}

T
Tejun Heo 已提交
289 290 291 292 293
static inline struct cftype *__d_cft(struct dentry *dentry)
{
	return __d_cfe(dentry)->type;
}

294 295 296 297
/**
 * cgroup_lock_live_group - take cgroup_mutex and check that cgrp is alive.
 * @cgrp: the cgroup to be checked for liveness
 *
T
Tejun Heo 已提交
298 299
 * On success, returns true; the mutex should be later unlocked.  On
 * failure returns false with no lock held.
300
 */
301
static bool cgroup_lock_live_group(struct cgroup *cgrp)
302 303
{
	mutex_lock(&cgroup_mutex);
304
	if (cgroup_is_dead(cgrp)) {
305 306 307 308 309 310
		mutex_unlock(&cgroup_mutex);
		return false;
	}
	return true;
}

311 312 313
/* the list of cgroups eligible for automatic release. Protected by
 * release_list_lock */
static LIST_HEAD(release_list);
314
static DEFINE_RAW_SPINLOCK(release_list_lock);
315 316
static void cgroup_release_agent(struct work_struct *work);
static DECLARE_WORK(release_agent_work, cgroup_release_agent);
317
static void check_for_release(struct cgroup *cgrp);
318

319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336
/*
 * A cgroup can be associated with multiple css_sets as different tasks may
 * belong to different cgroups on different hierarchies.  In the other
 * direction, a css_set is naturally associated with multiple cgroups.
 * This M:N relationship is represented by the following link structure
 * which exists for each association and allows traversing the associations
 * from both sides.
 */
struct cgrp_cset_link {
	/* the cgroup and css_set this link associates */
	struct cgroup		*cgrp;
	struct css_set		*cset;

	/* list of cgrp_cset_links anchored at cgrp->cset_links */
	struct list_head	cset_link;

	/* list of cgrp_cset_links anchored at css_set->cgrp_links */
	struct list_head	cgrp_link;
337 338 339 340 341 342 343 344 345 346
};

/* The default css_set - used by init and its children prior to any
 * hierarchies being mounted. It contains a pointer to the root state
 * for each subsystem. Also used to anchor the list of css_sets. Not
 * reference-counted, to improve performance when child cgroups
 * haven't been created.
 */

static struct css_set init_css_set;
347
static struct cgrp_cset_link init_cgrp_cset_link;
348

349 350 351
/*
 * css_set_lock protects the list of css_set objects, and the chain of
 * tasks off each css_set.  Nests outside task->alloc_lock due to
352
 * css_task_iter_start().
353
 */
354 355 356
static DEFINE_RWLOCK(css_set_lock);
static int css_set_count;

357 358 359 360 361
/*
 * hash table for cgroup groups. This improves the performance to find
 * an existing css_set. This hash doesn't (currently) take into
 * account cgroups in empty hierarchies.
 */
362
#define CSS_SET_HASH_BITS	7
363
static DEFINE_HASHTABLE(css_set_table, CSS_SET_HASH_BITS);
364

365
static unsigned long css_set_hash(struct cgroup_subsys_state *css[])
366
{
367
	unsigned long key = 0UL;
368 369
	struct cgroup_subsys *ss;
	int i;
370

371
	for_each_subsys(ss, i)
372 373
		key += (unsigned long)css[i];
	key = (key >> 16) ^ key;
374

375
	return key;
376 377
}

378 379
/*
 * We don't maintain the lists running through each css_set to its task
380 381 382
 * until after the first call to css_task_iter_start().  This reduces the
 * fork()/exit() overhead for people who have cgroups compiled into their
 * kernel but not actually in use.
383
 */
384
static int use_task_css_set_links __read_mostly;
385

386
static void __put_css_set(struct css_set *cset, int taskexit)
387
{
388
	struct cgrp_cset_link *link, *tmp_link;
389

390 391 392 393 394
	/*
	 * Ensure that the refcount doesn't hit zero while any readers
	 * can see it. Similar to atomic_dec_and_lock(), but for an
	 * rwlock
	 */
395
	if (atomic_add_unless(&cset->refcount, -1, 1))
396 397
		return;
	write_lock(&css_set_lock);
398
	if (!atomic_dec_and_test(&cset->refcount)) {
399 400 401
		write_unlock(&css_set_lock);
		return;
	}
402

403
	/* This css_set is dead. unlink it and release cgroup refcounts */
404
	hash_del(&cset->hlist);
405 406
	css_set_count--;

407
	list_for_each_entry_safe(link, tmp_link, &cset->cgrp_links, cgrp_link) {
408
		struct cgroup *cgrp = link->cgrp;
409

410 411
		list_del(&link->cset_link);
		list_del(&link->cgrp_link);
L
Li Zefan 已提交
412

413
		/* @cgrp can't go away while we're holding css_set_lock */
T
Tejun Heo 已提交
414
		if (list_empty(&cgrp->cset_links) && notify_on_release(cgrp)) {
415
			if (taskexit)
416 417
				set_bit(CGRP_RELEASABLE, &cgrp->flags);
			check_for_release(cgrp);
418
		}
419 420

		kfree(link);
421
	}
422 423

	write_unlock(&css_set_lock);
424
	kfree_rcu(cset, rcu_head);
425 426
}

427 428 429
/*
 * refcounted get/put for css_set objects
 */
430
static inline void get_css_set(struct css_set *cset)
431
{
432
	atomic_inc(&cset->refcount);
433 434
}

435
static inline void put_css_set(struct css_set *cset)
436
{
437
	__put_css_set(cset, 0);
438 439
}

440
static inline void put_css_set_taskexit(struct css_set *cset)
441
{
442
	__put_css_set(cset, 1);
443 444
}

445
/**
446
 * compare_css_sets - helper function for find_existing_css_set().
447 448
 * @cset: candidate css_set being tested
 * @old_cset: existing css_set for a task
449 450 451
 * @new_cgrp: cgroup that's being entered by the task
 * @template: desired set of css pointers in css_set (pre-calculated)
 *
L
Li Zefan 已提交
452
 * Returns true if "cset" matches "old_cset" except for the hierarchy
453 454
 * which "new_cgrp" belongs to, for which it should match "new_cgrp".
 */
455 456
static bool compare_css_sets(struct css_set *cset,
			     struct css_set *old_cset,
457 458 459 460 461
			     struct cgroup *new_cgrp,
			     struct cgroup_subsys_state *template[])
{
	struct list_head *l1, *l2;

462
	if (memcmp(template, cset->subsys, sizeof(cset->subsys))) {
463 464 465 466 467 468 469 470 471 472 473 474 475
		/* Not all subsystems matched */
		return false;
	}

	/*
	 * Compare cgroup pointers in order to distinguish between
	 * different cgroups in heirarchies with no subsystems. We
	 * could get by with just this check alone (and skip the
	 * memcmp above) but on most setups the memcmp check will
	 * avoid the need for this more expensive check on almost all
	 * candidates.
	 */

476 477
	l1 = &cset->cgrp_links;
	l2 = &old_cset->cgrp_links;
478
	while (1) {
479
		struct cgrp_cset_link *link1, *link2;
480
		struct cgroup *cgrp1, *cgrp2;
481 482 483 484

		l1 = l1->next;
		l2 = l2->next;
		/* See if we reached the end - both lists are equal length. */
485 486
		if (l1 == &cset->cgrp_links) {
			BUG_ON(l2 != &old_cset->cgrp_links);
487 488
			break;
		} else {
489
			BUG_ON(l2 == &old_cset->cgrp_links);
490 491
		}
		/* Locate the cgroups associated with these links. */
492 493 494 495
		link1 = list_entry(l1, struct cgrp_cset_link, cgrp_link);
		link2 = list_entry(l2, struct cgrp_cset_link, cgrp_link);
		cgrp1 = link1->cgrp;
		cgrp2 = link2->cgrp;
496
		/* Hierarchies should be linked in the same order. */
497
		BUG_ON(cgrp1->root != cgrp2->root);
498 499 500 501 502 503 504 505

		/*
		 * If this hierarchy is the hierarchy of the cgroup
		 * that's changing, then we need to check that this
		 * css_set points to the new cgroup; if it's any other
		 * hierarchy, then this css_set should point to the
		 * same cgroup as the old css_set.
		 */
506 507
		if (cgrp1->root == new_cgrp->root) {
			if (cgrp1 != new_cgrp)
508 509
				return false;
		} else {
510
			if (cgrp1 != cgrp2)
511 512 513 514 515 516
				return false;
		}
	}
	return true;
}

517 518 519 520 521
/**
 * find_existing_css_set - init css array and find the matching css_set
 * @old_cset: the css_set that we're using before the cgroup transition
 * @cgrp: the cgroup that we're moving into
 * @template: out param for the new set of csses, should be clear on entry
522
 */
523 524 525
static struct css_set *find_existing_css_set(struct css_set *old_cset,
					struct cgroup *cgrp,
					struct cgroup_subsys_state *template[])
526
{
527
	struct cgroupfs_root *root = cgrp->root;
528
	struct cgroup_subsys *ss;
529
	struct css_set *cset;
530
	unsigned long key;
531
	int i;
532

B
Ben Blum 已提交
533 534 535 536 537
	/*
	 * Build the set of subsystem state objects that we want to see in the
	 * new css_set. while subsystems can change globally, the entries here
	 * won't change, so no need for locking.
	 */
538
	for_each_subsys(ss, i) {
539
		if (root->subsys_mask & (1UL << i)) {
540 541 542
			/* Subsystem is in this hierarchy. So we want
			 * the subsystem state from the new
			 * cgroup */
543
			template[i] = cgroup_css(cgrp, ss);
544 545 546
		} else {
			/* Subsystem is not in this hierarchy, so we
			 * don't want to change the subsystem state */
547
			template[i] = old_cset->subsys[i];
548 549 550
		}
	}

551
	key = css_set_hash(template);
552 553
	hash_for_each_possible(css_set_table, cset, hlist, key) {
		if (!compare_css_sets(cset, old_cset, cgrp, template))
554 555 556
			continue;

		/* This css_set matches what we need */
557
		return cset;
558
	}
559 560 561 562 563

	/* No existing cgroup group matched */
	return NULL;
}

564
static void free_cgrp_cset_links(struct list_head *links_to_free)
565
{
566
	struct cgrp_cset_link *link, *tmp_link;
567

568 569
	list_for_each_entry_safe(link, tmp_link, links_to_free, cset_link) {
		list_del(&link->cset_link);
570 571 572 573
		kfree(link);
	}
}

574 575 576 577 578 579 580
/**
 * allocate_cgrp_cset_links - allocate cgrp_cset_links
 * @count: the number of links to allocate
 * @tmp_links: list_head the allocated links are put on
 *
 * Allocate @count cgrp_cset_link structures and chain them on @tmp_links
 * through ->cset_link.  Returns 0 on success or -errno.
581
 */
582
static int allocate_cgrp_cset_links(int count, struct list_head *tmp_links)
583
{
584
	struct cgrp_cset_link *link;
585
	int i;
586 587 588

	INIT_LIST_HEAD(tmp_links);

589
	for (i = 0; i < count; i++) {
590
		link = kzalloc(sizeof(*link), GFP_KERNEL);
591
		if (!link) {
592
			free_cgrp_cset_links(tmp_links);
593 594
			return -ENOMEM;
		}
595
		list_add(&link->cset_link, tmp_links);
596 597 598 599
	}
	return 0;
}

600 601
/**
 * link_css_set - a helper function to link a css_set to a cgroup
602
 * @tmp_links: cgrp_cset_link objects allocated by allocate_cgrp_cset_links()
603
 * @cset: the css_set to be linked
604 605
 * @cgrp: the destination cgroup
 */
606 607
static void link_css_set(struct list_head *tmp_links, struct css_set *cset,
			 struct cgroup *cgrp)
608
{
609
	struct cgrp_cset_link *link;
610

611 612 613
	BUG_ON(list_empty(tmp_links));
	link = list_first_entry(tmp_links, struct cgrp_cset_link, cset_link);
	link->cset = cset;
614
	link->cgrp = cgrp;
615
	list_move(&link->cset_link, &cgrp->cset_links);
616 617 618 619
	/*
	 * Always add links to the tail of the list so that the list
	 * is sorted by order of hierarchy creation
	 */
620
	list_add_tail(&link->cgrp_link, &cset->cgrp_links);
621 622
}

623 624 625 626 627 628 629
/**
 * find_css_set - return a new css_set with one cgroup updated
 * @old_cset: the baseline css_set
 * @cgrp: the cgroup to be updated
 *
 * Return a new css_set that's equivalent to @old_cset, but with @cgrp
 * substituted into the appropriate hierarchy.
630
 */
631 632
static struct css_set *find_css_set(struct css_set *old_cset,
				    struct cgroup *cgrp)
633
{
634
	struct cgroup_subsys_state *template[CGROUP_SUBSYS_COUNT] = { };
635
	struct css_set *cset;
636 637
	struct list_head tmp_links;
	struct cgrp_cset_link *link;
638
	unsigned long key;
639

640 641
	lockdep_assert_held(&cgroup_mutex);

642 643
	/* First see if we already have a cgroup group that matches
	 * the desired set */
644
	read_lock(&css_set_lock);
645 646 647
	cset = find_existing_css_set(old_cset, cgrp, template);
	if (cset)
		get_css_set(cset);
648
	read_unlock(&css_set_lock);
649

650 651
	if (cset)
		return cset;
652

653
	cset = kzalloc(sizeof(*cset), GFP_KERNEL);
654
	if (!cset)
655 656
		return NULL;

657
	/* Allocate all the cgrp_cset_link objects that we'll need */
658
	if (allocate_cgrp_cset_links(cgroup_root_count, &tmp_links) < 0) {
659
		kfree(cset);
660 661 662
		return NULL;
	}

663
	atomic_set(&cset->refcount, 1);
664
	INIT_LIST_HEAD(&cset->cgrp_links);
665 666
	INIT_LIST_HEAD(&cset->tasks);
	INIT_HLIST_NODE(&cset->hlist);
667 668 669

	/* Copy the set of subsystem state objects generated in
	 * find_existing_css_set() */
670
	memcpy(cset->subsys, template, sizeof(cset->subsys));
671 672 673

	write_lock(&css_set_lock);
	/* Add reference counts and links from the new css_set. */
674
	list_for_each_entry(link, &old_cset->cgrp_links, cgrp_link) {
675
		struct cgroup *c = link->cgrp;
676

677 678
		if (c->root == cgrp->root)
			c = cgrp;
679
		link_css_set(&tmp_links, cset, c);
680
	}
681

682
	BUG_ON(!list_empty(&tmp_links));
683 684

	css_set_count++;
685 686

	/* Add this cgroup group to the hash table */
687 688
	key = css_set_hash(cset->subsys);
	hash_add(css_set_table, &cset->hlist, key);
689

690 691
	write_unlock(&css_set_lock);

692
	return cset;
693 694
}

695 696 697 698 699 700 701
/*
 * Return the cgroup for "task" from the given hierarchy. Must be
 * called with cgroup_mutex held.
 */
static struct cgroup *task_cgroup_from_root(struct task_struct *task,
					    struct cgroupfs_root *root)
{
702
	struct css_set *cset;
703 704 705 706 707 708 709 710 711
	struct cgroup *res = NULL;

	BUG_ON(!mutex_is_locked(&cgroup_mutex));
	read_lock(&css_set_lock);
	/*
	 * No need to lock the task - since we hold cgroup_mutex the
	 * task can't change groups, so the only thing that can happen
	 * is that it exits and its css is set back to init_css_set.
	 */
712
	cset = task_css_set(task);
713
	if (cset == &init_css_set) {
714 715
		res = &root->top_cgroup;
	} else {
716 717 718
		struct cgrp_cset_link *link;

		list_for_each_entry(link, &cset->cgrp_links, cgrp_link) {
719
			struct cgroup *c = link->cgrp;
720

721 722 723 724 725 726 727 728 729 730 731
			if (c->root == root) {
				res = c;
				break;
			}
		}
	}
	read_unlock(&css_set_lock);
	BUG_ON(!res);
	return res;
}

732 733 734 735 736 737 738 739 740 741
/*
 * There is one global cgroup mutex. We also require taking
 * task_lock() when dereferencing a task's cgroup subsys pointers.
 * See "The task_lock() exception", at the end of this comment.
 *
 * A task must hold cgroup_mutex to modify cgroups.
 *
 * Any task can increment and decrement the count field without lock.
 * So in general, code holding cgroup_mutex can't rely on the count
 * field not changing.  However, if the count goes to zero, then only
742
 * cgroup_attach_task() can increment it again.  Because a count of zero
743 744 745 746 747 748 749 750 751 752 753 754 755
 * means that no tasks are currently attached, therefore there is no
 * way a task attached to that cgroup can fork (the other way to
 * increment the count).  So code holding cgroup_mutex can safely
 * assume that if the count is zero, it will stay zero. Similarly, if
 * a task holds cgroup_mutex on a cgroup with zero count, it
 * knows that the cgroup won't be removed, as cgroup_rmdir()
 * needs that mutex.
 *
 * The fork and exit callbacks cgroup_fork() and cgroup_exit(), don't
 * (usually) take cgroup_mutex.  These are the two most performance
 * critical pieces of code here.  The exception occurs on cgroup_exit(),
 * when a task in a notify_on_release cgroup exits.  Then cgroup_mutex
 * is taken, and if the cgroup count is zero, a usermode call made
L
Li Zefan 已提交
756 757
 * to the release agent with the name of the cgroup (path relative to
 * the root of cgroup file system) as the argument.
758 759 760 761 762 763 764 765 766 767 768
 *
 * A cgroup can only be deleted if both its 'count' of using tasks
 * is zero, and its list of 'children' cgroups is empty.  Since all
 * tasks in the system use _some_ cgroup, and since there is always at
 * least one task in the system (init, pid == 1), therefore, top_cgroup
 * always has either children cgroups and/or using tasks.  So we don't
 * need a special hack to ensure that top_cgroup cannot be deleted.
 *
 *	The task_lock() exception
 *
 * The need for this exception arises from the action of
769
 * cgroup_attach_task(), which overwrites one task's cgroup pointer with
L
Li Zefan 已提交
770
 * another.  It does so using cgroup_mutex, however there are
771 772 773
 * several performance critical places that need to reference
 * task->cgroup without the expense of grabbing a system global
 * mutex.  Therefore except as noted below, when dereferencing or, as
774
 * in cgroup_attach_task(), modifying a task's cgroup pointer we use
775 776 777 778
 * task_lock(), which acts on a spinlock (task->alloc_lock) already in
 * the task_struct routinely used for such matters.
 *
 * P.S.  One more locking exception.  RCU is used to guard the
779
 * update of a tasks cgroup pointer by cgroup_attach_task()
780 781 782 783 784 785 786 787 788
 */

/*
 * A couple of forward declarations required, due to cyclic reference loop:
 * cgroup_mkdir -> cgroup_create -> cgroup_populate_dir ->
 * cgroup_add_file -> cgroup_create_file -> cgroup_dir_inode_operations
 * -> cgroup_mkdir.
 */

789
static int cgroup_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode);
790
static int cgroup_rmdir(struct inode *unused_dir, struct dentry *dentry);
791
static int cgroup_populate_dir(struct cgroup *cgrp, unsigned long subsys_mask);
792
static const struct inode_operations cgroup_dir_inode_operations;
793
static const struct file_operations proc_cgroupstats_operations;
794 795

static struct backing_dev_info cgroup_backing_dev_info = {
796
	.name		= "cgroup",
797
	.capabilities	= BDI_CAP_NO_ACCT_AND_WRITEBACK,
798
};
799

A
Al Viro 已提交
800
static struct inode *cgroup_new_inode(umode_t mode, struct super_block *sb)
801 802 803 804
{
	struct inode *inode = new_inode(sb);

	if (inode) {
805
		inode->i_ino = get_next_ino();
806
		inode->i_mode = mode;
807 808
		inode->i_uid = current_fsuid();
		inode->i_gid = current_fsgid();
809 810 811 812 813 814
		inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;
		inode->i_mapping->backing_dev_info = &cgroup_backing_dev_info;
	}
	return inode;
}

815 816 817 818 819 820 821 822 823 824 825
static struct cgroup_name *cgroup_alloc_name(struct dentry *dentry)
{
	struct cgroup_name *name;

	name = kmalloc(sizeof(*name) + dentry->d_name.len + 1, GFP_KERNEL);
	if (!name)
		return NULL;
	strcpy(name->name, dentry->d_name.name);
	return name;
}

826 827
static void cgroup_free_fn(struct work_struct *work)
{
828
	struct cgroup *cgrp = container_of(work, struct cgroup, destroy_work);
829 830 831 832 833

	mutex_lock(&cgroup_mutex);
	cgrp->root->number_of_cgroups--;
	mutex_unlock(&cgroup_mutex);

834 835 836 837 838 839 840
	/*
	 * We get a ref to the parent's dentry, and put the ref when
	 * this cgroup is being freed, so it's guaranteed that the
	 * parent won't be destroyed before its children.
	 */
	dput(cgrp->parent->dentry);

841 842
	/*
	 * Drop the active superblock reference that we took when we
843 844
	 * created the cgroup. This will free cgrp->root, if we are
	 * holding the last reference to @sb.
845 846 847
	 */
	deactivate_super(cgrp->root->sb);

848
	cgroup_pidlist_destroy_all(cgrp);
849 850 851

	simple_xattrs_free(&cgrp->xattrs);

852
	kfree(rcu_dereference_raw(cgrp->name));
853 854 855 856 857 858 859
	kfree(cgrp);
}

static void cgroup_free_rcu(struct rcu_head *head)
{
	struct cgroup *cgrp = container_of(head, struct cgroup, rcu_head);

860
	INIT_WORK(&cgrp->destroy_work, cgroup_free_fn);
861
	queue_work(cgroup_destroy_wq, &cgrp->destroy_work);
862 863
}

864 865 866 867
static void cgroup_diput(struct dentry *dentry, struct inode *inode)
{
	/* is dentry a directory ? if so, kfree() associated cgroup */
	if (S_ISDIR(inode->i_mode)) {
868
		struct cgroup *cgrp = dentry->d_fsdata;
869

870
		BUG_ON(!(cgroup_is_dead(cgrp)));
871
		call_rcu(&cgrp->rcu_head, cgroup_free_rcu);
T
Tejun Heo 已提交
872 873 874 875 876 877 878
	} else {
		struct cfent *cfe = __d_cfe(dentry);
		struct cgroup *cgrp = dentry->d_parent->d_fsdata;

		WARN_ONCE(!list_empty(&cfe->node) &&
			  cgrp != &cgrp->root->top_cgroup,
			  "cfe still linked for %s\n", cfe->type->name);
L
Li Zefan 已提交
879
		simple_xattrs_free(&cfe->xattrs);
T
Tejun Heo 已提交
880
		kfree(cfe);
881 882 883 884 885 886 887 888 889 890 891 892 893
	}
	iput(inode);
}

static void remove_dir(struct dentry *d)
{
	struct dentry *parent = dget(d->d_parent);

	d_delete(d);
	simple_rmdir(parent->d_inode, d);
	dput(parent);
}

894
static void cgroup_rm_file(struct cgroup *cgrp, const struct cftype *cft)
T
Tejun Heo 已提交
895 896 897 898 899 900
{
	struct cfent *cfe;

	lockdep_assert_held(&cgrp->dentry->d_inode->i_mutex);
	lockdep_assert_held(&cgroup_mutex);

901 902 903 904
	/*
	 * If we're doing cleanup due to failure of cgroup_create(),
	 * the corresponding @cfe may not exist.
	 */
T
Tejun Heo 已提交
905 906 907 908 909 910 911 912
	list_for_each_entry(cfe, &cgrp->files, node) {
		struct dentry *d = cfe->dentry;

		if (cft && cfe->type != cft)
			continue;

		dget(d);
		d_delete(d);
913
		simple_unlink(cgrp->dentry->d_inode, d);
T
Tejun Heo 已提交
914 915 916
		list_del_init(&cfe->node);
		dput(d);

917
		break;
918
	}
T
Tejun Heo 已提交
919 920
}

921
/**
922
 * cgroup_clear_dir - remove subsys files in a cgroup directory
923
 * @cgrp: target cgroup
924 925
 * @subsys_mask: mask of the subsystem ids whose files should be removed
 */
926
static void cgroup_clear_dir(struct cgroup *cgrp, unsigned long subsys_mask)
T
Tejun Heo 已提交
927
{
928
	struct cgroup_subsys *ss;
929
	int i;
T
Tejun Heo 已提交
930

931
	for_each_subsys(ss, i) {
932
		struct cftype_set *set;
933 934

		if (!test_bit(i, &subsys_mask))
935 936
			continue;
		list_for_each_entry(set, &ss->cftsets, node)
937
			cgroup_addrm_files(cgrp, set->cfts, false);
938
	}
939 940 941 942 943 944 945
}

/*
 * NOTE : the dentry must have been dget()'ed
 */
static void cgroup_d_remove_dir(struct dentry *dentry)
{
N
Nick Piggin 已提交
946
	struct dentry *parent;
947

N
Nick Piggin 已提交
948 949
	parent = dentry->d_parent;
	spin_lock(&parent->d_lock);
950
	spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED);
951
	list_del_init(&dentry->d_u.d_child);
N
Nick Piggin 已提交
952 953
	spin_unlock(&dentry->d_lock);
	spin_unlock(&parent->d_lock);
954 955 956
	remove_dir(dentry);
}

B
Ben Blum 已提交
957
/*
B
Ben Blum 已提交
958 959 960
 * Call with cgroup_mutex held. Drops reference counts on modules, including
 * any duplicate ones that parse_cgroupfs_options took. If this function
 * returns an error, no reference counts are touched.
B
Ben Blum 已提交
961
 */
962
static int rebind_subsystems(struct cgroupfs_root *root,
963
			     unsigned long added_mask, unsigned removed_mask)
964
{
965
	struct cgroup *cgrp = &root->top_cgroup;
966
	struct cgroup_subsys *ss;
967
	unsigned long pinned = 0;
968
	int i, ret;
969

B
Ben Blum 已提交
970
	BUG_ON(!mutex_is_locked(&cgroup_mutex));
T
Tejun Heo 已提交
971
	BUG_ON(!mutex_is_locked(&cgroup_root_mutex));
B
Ben Blum 已提交
972

973
	/* Check that any added subsystems are currently free */
974
	for_each_subsys(ss, i) {
975
		if (!(added_mask & (1 << i)))
976
			continue;
977

978
		/* is the subsystem mounted elsewhere? */
979
		if (ss->root != &cgroup_dummy_root) {
980 981 982 983 984 985 986 987
			ret = -EBUSY;
			goto out_put;
		}

		/* pin the module */
		if (!try_module_get(ss->module)) {
			ret = -ENOENT;
			goto out_put;
988
		}
989
		pinned |= 1 << i;
990 991
	}

992 993 994 995
	/* subsys could be missing if unloaded between parsing and here */
	if (added_mask != pinned) {
		ret = -ENOENT;
		goto out_put;
996 997
	}

998 999
	ret = cgroup_populate_dir(cgrp, added_mask);
	if (ret)
1000
		goto out_put;
1001 1002 1003 1004 1005 1006

	/*
	 * Nothing can fail from this point on.  Remove files for the
	 * removed subsystems and rebind each subsystem.
	 */
	cgroup_clear_dir(cgrp, removed_mask);
1007

1008
	for_each_subsys(ss, i) {
1009
		unsigned long bit = 1UL << i;
1010

1011
		if (bit & added_mask) {
1012
			/* We're binding this subsystem to this hierarchy */
1013 1014 1015
			BUG_ON(cgroup_css(cgrp, ss));
			BUG_ON(!cgroup_css(cgroup_dummy_top, ss));
			BUG_ON(cgroup_css(cgroup_dummy_top, ss)->cgroup != cgroup_dummy_top);
1016

1017
			rcu_assign_pointer(cgrp->subsys[i],
1018 1019
					   cgroup_css(cgroup_dummy_top, ss));
			cgroup_css(cgrp, ss)->cgroup = cgrp;
1020

1021
			list_move(&ss->sibling, &root->subsys_list);
1022
			ss->root = root;
1023
			if (ss->bind)
1024
				ss->bind(cgroup_css(cgrp, ss));
1025

B
Ben Blum 已提交
1026
			/* refcount was already taken, and we're keeping it */
1027
			root->subsys_mask |= bit;
1028
		} else if (bit & removed_mask) {
1029
			/* We're removing this subsystem */
1030 1031
			BUG_ON(cgroup_css(cgrp, ss) != cgroup_css(cgroup_dummy_top, ss));
			BUG_ON(cgroup_css(cgrp, ss)->cgroup != cgrp);
1032

1033
			if (ss->bind)
1034
				ss->bind(cgroup_css(cgroup_dummy_top, ss));
1035

1036
			cgroup_css(cgroup_dummy_top, ss)->cgroup = cgroup_dummy_top;
1037 1038
			RCU_INIT_POINTER(cgrp->subsys[i], NULL);

1039 1040
			cgroup_subsys[i]->root = &cgroup_dummy_root;
			list_move(&ss->sibling, &cgroup_dummy_root.subsys_list);
1041

B
Ben Blum 已提交
1042 1043
			/* subsystem is now free - drop reference on module */
			module_put(ss->module);
1044
			root->subsys_mask &= ~bit;
1045 1046 1047
		}
	}

1048 1049 1050 1051 1052 1053
	/*
	 * Mark @root has finished binding subsystems.  @root->subsys_mask
	 * now matches the bound subsystems.
	 */
	root->flags |= CGRP_ROOT_SUBSYS_BOUND;

1054
	return 0;
1055 1056 1057 1058 1059 1060

out_put:
	for_each_subsys(ss, i)
		if (pinned & (1 << i))
			module_put(ss->module);
	return ret;
1061 1062
}

1063
static int cgroup_show_options(struct seq_file *seq, struct dentry *dentry)
1064
{
1065
	struct cgroupfs_root *root = dentry->d_sb->s_fs_info;
1066 1067
	struct cgroup_subsys *ss;

T
Tejun Heo 已提交
1068
	mutex_lock(&cgroup_root_mutex);
1069
	for_each_root_subsys(root, ss)
1070
		seq_printf(seq, ",%s", ss->name);
1071 1072
	if (root->flags & CGRP_ROOT_SANE_BEHAVIOR)
		seq_puts(seq, ",sane_behavior");
1073
	if (root->flags & CGRP_ROOT_NOPREFIX)
1074
		seq_puts(seq, ",noprefix");
1075
	if (root->flags & CGRP_ROOT_XATTR)
A
Aristeu Rozanski 已提交
1076
		seq_puts(seq, ",xattr");
1077 1078
	if (strlen(root->release_agent_path))
		seq_printf(seq, ",release_agent=%s", root->release_agent_path);
1079
	if (test_bit(CGRP_CPUSET_CLONE_CHILDREN, &root->top_cgroup.flags))
1080
		seq_puts(seq, ",clone_children");
1081 1082
	if (strlen(root->name))
		seq_printf(seq, ",name=%s", root->name);
T
Tejun Heo 已提交
1083
	mutex_unlock(&cgroup_root_mutex);
1084 1085 1086 1087
	return 0;
}

struct cgroup_sb_opts {
1088
	unsigned long subsys_mask;
1089
	unsigned long flags;
1090
	char *release_agent;
1091
	bool cpuset_clone_children;
1092
	char *name;
1093 1094
	/* User explicitly requested empty subsystem */
	bool none;
1095 1096

	struct cgroupfs_root *new_root;
1097

1098 1099
};

B
Ben Blum 已提交
1100
/*
1101 1102 1103 1104
 * Convert a hierarchy specifier into a bitmask of subsystems and
 * flags. Call with cgroup_mutex held to protect the cgroup_subsys[]
 * array. This function takes refcounts on subsystems to be used, unless it
 * returns error, in which case no refcounts are taken.
B
Ben Blum 已提交
1105
 */
B
Ben Blum 已提交
1106
static int parse_cgroupfs_options(char *data, struct cgroup_sb_opts *opts)
1107
{
1108 1109
	char *token, *o = data;
	bool all_ss = false, one_ss = false;
1110
	unsigned long mask = (unsigned long)-1;
1111 1112
	struct cgroup_subsys *ss;
	int i;
1113

B
Ben Blum 已提交
1114 1115
	BUG_ON(!mutex_is_locked(&cgroup_mutex));

1116 1117 1118
#ifdef CONFIG_CPUSETS
	mask = ~(1UL << cpuset_subsys_id);
#endif
1119

1120
	memset(opts, 0, sizeof(*opts));
1121 1122 1123 1124

	while ((token = strsep(&o, ",")) != NULL) {
		if (!*token)
			return -EINVAL;
1125
		if (!strcmp(token, "none")) {
1126 1127
			/* Explicitly have no subsystems */
			opts->none = true;
1128 1129 1130 1131 1132 1133 1134 1135 1136
			continue;
		}
		if (!strcmp(token, "all")) {
			/* Mutually exclusive option 'all' + subsystem name */
			if (one_ss)
				return -EINVAL;
			all_ss = true;
			continue;
		}
1137 1138 1139 1140
		if (!strcmp(token, "__DEVEL__sane_behavior")) {
			opts->flags |= CGRP_ROOT_SANE_BEHAVIOR;
			continue;
		}
1141
		if (!strcmp(token, "noprefix")) {
1142
			opts->flags |= CGRP_ROOT_NOPREFIX;
1143 1144 1145
			continue;
		}
		if (!strcmp(token, "clone_children")) {
1146
			opts->cpuset_clone_children = true;
1147 1148
			continue;
		}
A
Aristeu Rozanski 已提交
1149
		if (!strcmp(token, "xattr")) {
1150
			opts->flags |= CGRP_ROOT_XATTR;
A
Aristeu Rozanski 已提交
1151 1152
			continue;
		}
1153
		if (!strncmp(token, "release_agent=", 14)) {
1154 1155 1156
			/* Specifying two release agents is forbidden */
			if (opts->release_agent)
				return -EINVAL;
1157
			opts->release_agent =
1158
				kstrndup(token + 14, PATH_MAX - 1, GFP_KERNEL);
1159 1160
			if (!opts->release_agent)
				return -ENOMEM;
1161 1162 1163
			continue;
		}
		if (!strncmp(token, "name=", 5)) {
1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180
			const char *name = token + 5;
			/* Can't specify an empty name */
			if (!strlen(name))
				return -EINVAL;
			/* Must match [\w.-]+ */
			for (i = 0; i < strlen(name); i++) {
				char c = name[i];
				if (isalnum(c))
					continue;
				if ((c == '.') || (c == '-') || (c == '_'))
					continue;
				return -EINVAL;
			}
			/* Specifying two names is forbidden */
			if (opts->name)
				return -EINVAL;
			opts->name = kstrndup(name,
1181
					      MAX_CGROUP_ROOT_NAMELEN - 1,
1182 1183 1184
					      GFP_KERNEL);
			if (!opts->name)
				return -ENOMEM;
1185 1186 1187 1188

			continue;
		}

1189
		for_each_subsys(ss, i) {
1190 1191 1192 1193 1194 1195 1196 1197
			if (strcmp(token, ss->name))
				continue;
			if (ss->disabled)
				continue;

			/* Mutually exclusive option 'all' + subsystem name */
			if (all_ss)
				return -EINVAL;
1198
			set_bit(i, &opts->subsys_mask);
1199 1200 1201 1202 1203 1204 1205 1206 1207 1208
			one_ss = true;

			break;
		}
		if (i == CGROUP_SUBSYS_COUNT)
			return -ENOENT;
	}

	/*
	 * If the 'all' option was specified select all the subsystems,
1209 1210
	 * otherwise if 'none', 'name=' and a subsystem name options
	 * were not specified, let's default to 'all'
1211
	 */
1212 1213 1214 1215
	if (all_ss || (!one_ss && !opts->none && !opts->name))
		for_each_subsys(ss, i)
			if (!ss->disabled)
				set_bit(i, &opts->subsys_mask);
1216

1217 1218
	/* Consistency checks */

1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232
	if (opts->flags & CGRP_ROOT_SANE_BEHAVIOR) {
		pr_warning("cgroup: sane_behavior: this is still under development and its behaviors will change, proceed at your own risk\n");

		if (opts->flags & CGRP_ROOT_NOPREFIX) {
			pr_err("cgroup: sane_behavior: noprefix is not allowed\n");
			return -EINVAL;
		}

		if (opts->cpuset_clone_children) {
			pr_err("cgroup: sane_behavior: clone_children is not allowed\n");
			return -EINVAL;
		}
	}

1233 1234 1235 1236 1237
	/*
	 * Option noprefix was introduced just for backward compatibility
	 * with the old cpuset, so we allow noprefix only if mounting just
	 * the cpuset subsystem.
	 */
1238
	if ((opts->flags & CGRP_ROOT_NOPREFIX) && (opts->subsys_mask & mask))
1239 1240
		return -EINVAL;

1241 1242

	/* Can't specify "none" and some subsystems */
1243
	if (opts->subsys_mask && opts->none)
1244 1245 1246 1247 1248 1249
		return -EINVAL;

	/*
	 * We either have to specify by name or by subsystems. (So all
	 * empty hierarchies must have a name).
	 */
1250
	if (!opts->subsys_mask && !opts->name)
1251 1252 1253 1254 1255 1256 1257 1258 1259
		return -EINVAL;

	return 0;
}

static int cgroup_remount(struct super_block *sb, int *flags, char *data)
{
	int ret = 0;
	struct cgroupfs_root *root = sb->s_fs_info;
1260
	struct cgroup *cgrp = &root->top_cgroup;
1261
	struct cgroup_sb_opts opts;
1262
	unsigned long added_mask, removed_mask;
1263

1264 1265 1266 1267 1268
	if (root->flags & CGRP_ROOT_SANE_BEHAVIOR) {
		pr_err("cgroup: sane_behavior: remount is not allowed\n");
		return -EINVAL;
	}

1269
	mutex_lock(&cgrp->dentry->d_inode->i_mutex);
1270
	mutex_lock(&cgroup_mutex);
T
Tejun Heo 已提交
1271
	mutex_lock(&cgroup_root_mutex);
1272 1273 1274 1275 1276 1277

	/* See what subsystems are wanted */
	ret = parse_cgroupfs_options(data, &opts);
	if (ret)
		goto out_unlock;

1278
	if (opts.subsys_mask != root->subsys_mask || opts.release_agent)
1279 1280 1281
		pr_warning("cgroup: option changes via remount are deprecated (pid=%d comm=%s)\n",
			   task_tgid_nr(current), current->comm);

1282 1283
	added_mask = opts.subsys_mask & ~root->subsys_mask;
	removed_mask = root->subsys_mask & ~opts.subsys_mask;
1284

B
Ben Blum 已提交
1285
	/* Don't allow flags or name to change at remount */
1286
	if (((opts.flags ^ root->flags) & CGRP_ROOT_OPTION_MASK) ||
B
Ben Blum 已提交
1287
	    (opts.name && strcmp(opts.name, root->name))) {
1288 1289 1290
		pr_err("cgroup: option or name mismatch, new: 0x%lx \"%s\", old: 0x%lx \"%s\"\n",
		       opts.flags & CGRP_ROOT_OPTION_MASK, opts.name ?: "",
		       root->flags & CGRP_ROOT_OPTION_MASK, root->name);
1291 1292 1293 1294
		ret = -EINVAL;
		goto out_unlock;
	}

1295 1296 1297
	/* remounting is not allowed for populated hierarchies */
	if (root->number_of_cgroups > 1) {
		ret = -EBUSY;
1298
		goto out_unlock;
B
Ben Blum 已提交
1299
	}
1300

1301
	ret = rebind_subsystems(root, added_mask, removed_mask);
1302
	if (ret)
1303
		goto out_unlock;
1304

1305 1306
	if (opts.release_agent)
		strcpy(root->release_agent_path, opts.release_agent);
1307
 out_unlock:
1308
	kfree(opts.release_agent);
1309
	kfree(opts.name);
T
Tejun Heo 已提交
1310
	mutex_unlock(&cgroup_root_mutex);
1311
	mutex_unlock(&cgroup_mutex);
1312
	mutex_unlock(&cgrp->dentry->d_inode->i_mutex);
1313 1314 1315
	return ret;
}

1316
static const struct super_operations cgroup_ops = {
1317 1318 1319 1320 1321 1322
	.statfs = simple_statfs,
	.drop_inode = generic_delete_inode,
	.show_options = cgroup_show_options,
	.remount_fs = cgroup_remount,
};

1323 1324 1325 1326
static void init_cgroup_housekeeping(struct cgroup *cgrp)
{
	INIT_LIST_HEAD(&cgrp->sibling);
	INIT_LIST_HEAD(&cgrp->children);
T
Tejun Heo 已提交
1327
	INIT_LIST_HEAD(&cgrp->files);
1328
	INIT_LIST_HEAD(&cgrp->cset_links);
1329
	INIT_LIST_HEAD(&cgrp->release_list);
1330 1331
	INIT_LIST_HEAD(&cgrp->pidlists);
	mutex_init(&cgrp->pidlist_mutex);
T
Tejun Heo 已提交
1332
	cgrp->dummy_css.cgroup = cgrp;
A
Aristeu Rozanski 已提交
1333
	simple_xattrs_init(&cgrp->xattrs);
1334
}
1335

1336 1337
static void init_cgroup_root(struct cgroupfs_root *root)
{
1338
	struct cgroup *cgrp = &root->top_cgroup;
1339

1340 1341 1342
	INIT_LIST_HEAD(&root->subsys_list);
	INIT_LIST_HEAD(&root->root_list);
	root->number_of_cgroups = 1;
1343
	cgrp->root = root;
1344
	RCU_INIT_POINTER(cgrp->name, &root_cgroup_name);
1345
	init_cgroup_housekeeping(cgrp);
1346
	idr_init(&root->cgroup_idr);
1347 1348
}

1349
static int cgroup_init_root_id(struct cgroupfs_root *root, int start, int end)
1350
{
1351
	int id;
1352

T
Tejun Heo 已提交
1353 1354 1355
	lockdep_assert_held(&cgroup_mutex);
	lockdep_assert_held(&cgroup_root_mutex);

1356 1357
	id = idr_alloc_cyclic(&cgroup_hierarchy_idr, root, start, end,
			      GFP_KERNEL);
1358 1359 1360 1361
	if (id < 0)
		return id;

	root->hierarchy_id = id;
1362 1363 1364 1365 1366
	return 0;
}

static void cgroup_exit_root_id(struct cgroupfs_root *root)
{
T
Tejun Heo 已提交
1367 1368 1369
	lockdep_assert_held(&cgroup_mutex);
	lockdep_assert_held(&cgroup_root_mutex);

1370
	if (root->hierarchy_id) {
1371
		idr_remove(&cgroup_hierarchy_idr, root->hierarchy_id);
1372 1373
		root->hierarchy_id = 0;
	}
1374 1375
}

1376 1377
static int cgroup_test_super(struct super_block *sb, void *data)
{
1378
	struct cgroup_sb_opts *opts = data;
1379 1380
	struct cgroupfs_root *root = sb->s_fs_info;

1381 1382 1383
	/* If we asked for a name then it must match */
	if (opts->name && strcmp(opts->name, root->name))
		return 0;
1384

1385 1386 1387 1388
	/*
	 * If we asked for subsystems (or explicitly for no
	 * subsystems) then they must match
	 */
1389 1390
	if ((opts->subsys_mask || opts->none)
	    && (opts->subsys_mask != root->subsys_mask))
1391 1392 1393 1394 1395
		return 0;

	return 1;
}

1396 1397 1398 1399
static struct cgroupfs_root *cgroup_root_from_opts(struct cgroup_sb_opts *opts)
{
	struct cgroupfs_root *root;

1400
	if (!opts->subsys_mask && !opts->none)
1401 1402 1403 1404 1405 1406 1407
		return NULL;

	root = kzalloc(sizeof(*root), GFP_KERNEL);
	if (!root)
		return ERR_PTR(-ENOMEM);

	init_cgroup_root(root);
1408

1409 1410 1411 1412 1413 1414 1415 1416
	/*
	 * We need to set @root->subsys_mask now so that @root can be
	 * matched by cgroup_test_super() before it finishes
	 * initialization; otherwise, competing mounts with the same
	 * options may try to bind the same subsystems instead of waiting
	 * for the first one leading to unexpected mount errors.
	 * SUBSYS_BOUND will be set once actual binding is complete.
	 */
1417
	root->subsys_mask = opts->subsys_mask;
1418 1419 1420 1421 1422
	root->flags = opts->flags;
	if (opts->release_agent)
		strcpy(root->release_agent_path, opts->release_agent);
	if (opts->name)
		strcpy(root->name, opts->name);
1423 1424
	if (opts->cpuset_clone_children)
		set_bit(CGRP_CPUSET_CLONE_CHILDREN, &root->top_cgroup.flags);
1425 1426 1427
	return root;
}

1428
static void cgroup_free_root(struct cgroupfs_root *root)
1429
{
1430 1431 1432
	if (root) {
		/* hierarhcy ID shoulid already have been released */
		WARN_ON_ONCE(root->hierarchy_id);
1433

1434
		idr_destroy(&root->cgroup_idr);
1435 1436
		kfree(root);
	}
1437 1438
}

1439 1440 1441
static int cgroup_set_super(struct super_block *sb, void *data)
{
	int ret;
1442 1443 1444 1445 1446 1447
	struct cgroup_sb_opts *opts = data;

	/* If we don't have a new root, we can't set up a new sb */
	if (!opts->new_root)
		return -EINVAL;

1448
	BUG_ON(!opts->subsys_mask && !opts->none);
1449 1450 1451 1452 1453

	ret = set_anon_super(sb, NULL);
	if (ret)
		return ret;

1454 1455
	sb->s_fs_info = opts->new_root;
	opts->new_root->sb = sb;
1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466

	sb->s_blocksize = PAGE_CACHE_SIZE;
	sb->s_blocksize_bits = PAGE_CACHE_SHIFT;
	sb->s_magic = CGROUP_SUPER_MAGIC;
	sb->s_op = &cgroup_ops;

	return 0;
}

static int cgroup_get_rootdir(struct super_block *sb)
{
A
Al Viro 已提交
1467 1468
	static const struct dentry_operations cgroup_dops = {
		.d_iput = cgroup_diput,
1469
		.d_delete = always_delete_dentry,
A
Al Viro 已提交
1470 1471
	};

1472 1473 1474 1475 1476 1477 1478 1479 1480 1481
	struct inode *inode =
		cgroup_new_inode(S_IFDIR | S_IRUGO | S_IXUGO | S_IWUSR, sb);

	if (!inode)
		return -ENOMEM;

	inode->i_fop = &simple_dir_operations;
	inode->i_op = &cgroup_dir_inode_operations;
	/* directories start off with i_nlink == 2 (for "." entry) */
	inc_nlink(inode);
1482 1483
	sb->s_root = d_make_root(inode);
	if (!sb->s_root)
1484
		return -ENOMEM;
A
Al Viro 已提交
1485 1486
	/* for everything else we want ->d_op set */
	sb->s_d_op = &cgroup_dops;
1487 1488 1489
	return 0;
}

A
Al Viro 已提交
1490
static struct dentry *cgroup_mount(struct file_system_type *fs_type,
1491
			 int flags, const char *unused_dev_name,
A
Al Viro 已提交
1492
			 void *data)
1493 1494
{
	struct cgroup_sb_opts opts;
1495
	struct cgroupfs_root *root;
1496 1497
	int ret = 0;
	struct super_block *sb;
1498
	struct cgroupfs_root *new_root;
1499
	struct list_head tmp_links;
T
Tejun Heo 已提交
1500
	struct inode *inode;
1501
	const struct cred *cred;
1502 1503

	/* First find the desired set of subsystems */
B
Ben Blum 已提交
1504
	mutex_lock(&cgroup_mutex);
1505
	ret = parse_cgroupfs_options(data, &opts);
B
Ben Blum 已提交
1506
	mutex_unlock(&cgroup_mutex);
1507 1508
	if (ret)
		goto out_err;
1509

1510 1511 1512 1513 1514 1515 1516
	/*
	 * Allocate a new cgroup root. We may not need it if we're
	 * reusing an existing hierarchy.
	 */
	new_root = cgroup_root_from_opts(&opts);
	if (IS_ERR(new_root)) {
		ret = PTR_ERR(new_root);
1517
		goto out_err;
1518
	}
1519
	opts.new_root = new_root;
1520

1521
	/* Locate an existing or new sb for this hierarchy */
D
David Howells 已提交
1522
	sb = sget(fs_type, cgroup_test_super, cgroup_set_super, 0, &opts);
1523
	if (IS_ERR(sb)) {
1524
		ret = PTR_ERR(sb);
1525
		cgroup_free_root(opts.new_root);
1526
		goto out_err;
1527 1528
	}

1529 1530 1531 1532
	root = sb->s_fs_info;
	BUG_ON(!root);
	if (root == opts.new_root) {
		/* We used the new root structure, so this is a new hierarchy */
1533
		struct cgroup *root_cgrp = &root->top_cgroup;
1534
		struct cgroupfs_root *existing_root;
1535
		int i;
1536
		struct css_set *cset;
1537 1538 1539 1540 1541 1542

		BUG_ON(sb->s_root != NULL);

		ret = cgroup_get_rootdir(sb);
		if (ret)
			goto drop_new_super;
1543
		inode = sb->s_root->d_inode;
1544

1545
		mutex_lock(&inode->i_mutex);
1546
		mutex_lock(&cgroup_mutex);
T
Tejun Heo 已提交
1547
		mutex_lock(&cgroup_root_mutex);
1548

1549 1550 1551 1552 1553
		root_cgrp->id = idr_alloc(&root->cgroup_idr, root_cgrp,
					   0, 1, GFP_KERNEL);
		if (root_cgrp->id < 0)
			goto unlock_drop;

T
Tejun Heo 已提交
1554 1555 1556 1557 1558 1559
		/* Check for name clashes with existing mounts */
		ret = -EBUSY;
		if (strlen(root->name))
			for_each_active_root(existing_root)
				if (!strcmp(existing_root->name, root->name))
					goto unlock_drop;
1560

1561 1562 1563 1564 1565 1566 1567
		/*
		 * We're accessing css_set_count without locking
		 * css_set_lock here, but that's OK - it can only be
		 * increased by someone holding cgroup_lock, and
		 * that's us. The worst that can happen is that we
		 * have some link structures left over
		 */
1568
		ret = allocate_cgrp_cset_links(css_set_count, &tmp_links);
T
Tejun Heo 已提交
1569 1570
		if (ret)
			goto unlock_drop;
1571

1572 1573
		/* ID 0 is reserved for dummy root, 1 for unified hierarchy */
		ret = cgroup_init_root_id(root, 2, 0);
1574 1575 1576
		if (ret)
			goto unlock_drop;

1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588
		sb->s_root->d_fsdata = root_cgrp;
		root_cgrp->dentry = sb->s_root;

		/*
		 * We're inside get_sb() and will call lookup_one_len() to
		 * create the root files, which doesn't work if SELinux is
		 * in use.  The following cred dancing somehow works around
		 * it.  See 2ce9738ba ("cgroupfs: use init_cred when
		 * populating new cgroupfs mount") for more details.
		 */
		cred = override_creds(&init_cred);

1589
		ret = cgroup_addrm_files(root_cgrp, cgroup_base_files, true);
1590 1591 1592
		if (ret)
			goto rm_base_files;

1593
		ret = rebind_subsystems(root, root->subsys_mask, 0);
1594 1595 1596 1597 1598
		if (ret)
			goto rm_base_files;

		revert_creds(cred);

B
Ben Blum 已提交
1599 1600 1601 1602 1603
		/*
		 * There must be no failure case after here, since rebinding
		 * takes care of subsystems' refcounts, which are explicitly
		 * dropped in the failure exit path.
		 */
1604

1605 1606
		list_add(&root->root_list, &cgroup_roots);
		cgroup_root_count++;
1607

1608 1609 1610
		/* Link the top cgroup in this hierarchy into all
		 * the css_set objects */
		write_lock(&css_set_lock);
1611
		hash_for_each(css_set_table, i, cset, hlist)
1612
			link_css_set(&tmp_links, cset, root_cgrp);
1613 1614
		write_unlock(&css_set_lock);

1615
		free_cgrp_cset_links(&tmp_links);
1616

1617
		BUG_ON(!list_empty(&root_cgrp->children));
1618 1619
		BUG_ON(root->number_of_cgroups != 1);

T
Tejun Heo 已提交
1620
		mutex_unlock(&cgroup_root_mutex);
1621
		mutex_unlock(&cgroup_mutex);
1622
		mutex_unlock(&inode->i_mutex);
1623 1624 1625 1626 1627
	} else {
		/*
		 * We re-used an existing hierarchy - the new root (if
		 * any) is not needed
		 */
1628
		cgroup_free_root(opts.new_root);
1629

1630
		if ((root->flags ^ opts.flags) & CGRP_ROOT_OPTION_MASK) {
1631 1632 1633 1634 1635 1636 1637
			if ((root->flags | opts.flags) & CGRP_ROOT_SANE_BEHAVIOR) {
				pr_err("cgroup: sane_behavior: new mount options should match the existing superblock\n");
				ret = -EINVAL;
				goto drop_new_super;
			} else {
				pr_warning("cgroup: new mount options do not match the existing superblock, will be ignored\n");
			}
1638
		}
1639 1640
	}

1641 1642
	kfree(opts.release_agent);
	kfree(opts.name);
A
Al Viro 已提交
1643
	return dget(sb->s_root);
1644

1645 1646
 rm_base_files:
	free_cgrp_cset_links(&tmp_links);
1647
	cgroup_addrm_files(&root->top_cgroup, cgroup_base_files, false);
1648
	revert_creds(cred);
T
Tejun Heo 已提交
1649
 unlock_drop:
1650
	cgroup_exit_root_id(root);
T
Tejun Heo 已提交
1651 1652 1653
	mutex_unlock(&cgroup_root_mutex);
	mutex_unlock(&cgroup_mutex);
	mutex_unlock(&inode->i_mutex);
1654
 drop_new_super:
1655
	deactivate_locked_super(sb);
1656 1657 1658
 out_err:
	kfree(opts.release_agent);
	kfree(opts.name);
A
Al Viro 已提交
1659
	return ERR_PTR(ret);
1660 1661 1662 1663
}

static void cgroup_kill_sb(struct super_block *sb) {
	struct cgroupfs_root *root = sb->s_fs_info;
1664
	struct cgroup *cgrp = &root->top_cgroup;
1665
	struct cgrp_cset_link *link, *tmp_link;
1666 1667 1668 1669 1670
	int ret;

	BUG_ON(!root);

	BUG_ON(root->number_of_cgroups != 1);
1671
	BUG_ON(!list_empty(&cgrp->children));
1672

1673
	mutex_lock(&cgrp->dentry->d_inode->i_mutex);
1674
	mutex_lock(&cgroup_mutex);
T
Tejun Heo 已提交
1675
	mutex_lock(&cgroup_root_mutex);
1676 1677

	/* Rebind all subsystems back to the default hierarchy */
1678 1679 1680 1681 1682
	if (root->flags & CGRP_ROOT_SUBSYS_BOUND) {
		ret = rebind_subsystems(root, 0, root->subsys_mask);
		/* Shouldn't be able to fail ... */
		BUG_ON(ret);
	}
1683

1684
	/*
1685
	 * Release all the links from cset_links to this hierarchy's
1686 1687 1688
	 * root cgroup
	 */
	write_lock(&css_set_lock);
K
KOSAKI Motohiro 已提交
1689

1690 1691 1692
	list_for_each_entry_safe(link, tmp_link, &cgrp->cset_links, cset_link) {
		list_del(&link->cset_link);
		list_del(&link->cgrp_link);
1693 1694 1695 1696
		kfree(link);
	}
	write_unlock(&css_set_lock);

1697 1698
	if (!list_empty(&root->root_list)) {
		list_del(&root->root_list);
1699
		cgroup_root_count--;
1700
	}
1701

1702 1703
	cgroup_exit_root_id(root);

T
Tejun Heo 已提交
1704
	mutex_unlock(&cgroup_root_mutex);
1705
	mutex_unlock(&cgroup_mutex);
1706
	mutex_unlock(&cgrp->dentry->d_inode->i_mutex);
1707

A
Aristeu Rozanski 已提交
1708 1709
	simple_xattrs_free(&cgrp->xattrs);

1710
	kill_litter_super(sb);
1711
	cgroup_free_root(root);
1712 1713 1714 1715
}

static struct file_system_type cgroup_fs_type = {
	.name = "cgroup",
A
Al Viro 已提交
1716
	.mount = cgroup_mount,
1717 1718 1719
	.kill_sb = cgroup_kill_sb,
};

1720 1721
static struct kobject *cgroup_kobj;

L
Li Zefan 已提交
1722 1723 1724 1725 1726 1727
/**
 * cgroup_path - generate the path of a cgroup
 * @cgrp: the cgroup in question
 * @buf: the buffer to write the path into
 * @buflen: the length of the buffer
 *
1728 1729 1730 1731 1732 1733
 * Writes path of cgroup into buf.  Returns 0 on success, -errno on error.
 *
 * We can't generate cgroup path using dentry->d_name, as accessing
 * dentry->name must be protected by irq-unsafe dentry->d_lock or parent
 * inode's i_mutex, while on the other hand cgroup_path() can be called
 * with some irq-safe spinlocks held.
1734
 */
1735
int cgroup_path(const struct cgroup *cgrp, char *buf, int buflen)
1736
{
1737
	int ret = -ENAMETOOLONG;
1738
	char *start;
1739

1740 1741 1742
	if (!cgrp->parent) {
		if (strlcpy(buf, "/", buflen) >= buflen)
			return -ENAMETOOLONG;
1743 1744 1745
		return 0;
	}

1746 1747
	start = buf + buflen - 1;
	*start = '\0';
1748

1749
	rcu_read_lock();
1750
	do {
1751 1752 1753 1754
		const char *name = cgroup_name(cgrp);
		int len;

		len = strlen(name);
1755
		if ((start -= len) < buf)
1756 1757
			goto out;
		memcpy(start, name, len);
1758

1759
		if (--start < buf)
1760
			goto out;
1761
		*start = '/';
1762 1763

		cgrp = cgrp->parent;
1764
	} while (cgrp->parent);
1765
	ret = 0;
1766
	memmove(buf, start, buf + buflen - start);
1767 1768 1769
out:
	rcu_read_unlock();
	return ret;
1770
}
B
Ben Blum 已提交
1771
EXPORT_SYMBOL_GPL(cgroup_path);
1772

1773
/**
1774
 * task_cgroup_path - cgroup path of a task in the first cgroup hierarchy
1775 1776 1777 1778
 * @task: target task
 * @buf: the buffer to write the path into
 * @buflen: the length of the buffer
 *
1779 1780 1781 1782 1783 1784
 * Determine @task's cgroup on the first (the one with the lowest non-zero
 * hierarchy_id) cgroup hierarchy and copy its path into @buf.  This
 * function grabs cgroup_mutex and shouldn't be used inside locks used by
 * cgroup controller callbacks.
 *
 * Returns 0 on success, fails with -%ENAMETOOLONG if @buflen is too short.
1785
 */
1786
int task_cgroup_path(struct task_struct *task, char *buf, size_t buflen)
1787 1788
{
	struct cgroupfs_root *root;
1789 1790 1791 1792 1793
	struct cgroup *cgrp;
	int hierarchy_id = 1, ret = 0;

	if (buflen < 2)
		return -ENAMETOOLONG;
1794 1795 1796

	mutex_lock(&cgroup_mutex);

1797 1798
	root = idr_get_next(&cgroup_hierarchy_idr, &hierarchy_id);

1799 1800 1801
	if (root) {
		cgrp = task_cgroup_from_root(task, root);
		ret = cgroup_path(cgrp, buf, buflen);
1802 1803 1804
	} else {
		/* if no hierarchy exists, everyone is in "/" */
		memcpy(buf, "/", 2);
1805 1806 1807 1808 1809
	}

	mutex_unlock(&cgroup_mutex);
	return ret;
}
1810
EXPORT_SYMBOL_GPL(task_cgroup_path);
1811

1812 1813 1814
/*
 * Control Group taskset
 */
1815 1816 1817
struct task_and_cgroup {
	struct task_struct	*task;
	struct cgroup		*cgrp;
L
Li Zefan 已提交
1818
	struct css_set		*cset;
1819 1820
};

1821 1822 1823 1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842 1843 1844 1845 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 1857 1858 1859 1860 1861 1862 1863 1864 1865 1866 1867
struct cgroup_taskset {
	struct task_and_cgroup	single;
	struct flex_array	*tc_array;
	int			tc_array_len;
	int			idx;
	struct cgroup		*cur_cgrp;
};

/**
 * cgroup_taskset_first - reset taskset and return the first task
 * @tset: taskset of interest
 *
 * @tset iteration is initialized and the first task is returned.
 */
struct task_struct *cgroup_taskset_first(struct cgroup_taskset *tset)
{
	if (tset->tc_array) {
		tset->idx = 0;
		return cgroup_taskset_next(tset);
	} else {
		tset->cur_cgrp = tset->single.cgrp;
		return tset->single.task;
	}
}
EXPORT_SYMBOL_GPL(cgroup_taskset_first);

/**
 * cgroup_taskset_next - iterate to the next task in taskset
 * @tset: taskset of interest
 *
 * Return the next task in @tset.  Iteration must have been initialized
 * with cgroup_taskset_first().
 */
struct task_struct *cgroup_taskset_next(struct cgroup_taskset *tset)
{
	struct task_and_cgroup *tc;

	if (!tset->tc_array || tset->idx >= tset->tc_array_len)
		return NULL;

	tc = flex_array_get(tset->tc_array, tset->idx++);
	tset->cur_cgrp = tc->cgrp;
	return tc->task;
}
EXPORT_SYMBOL_GPL(cgroup_taskset_next);

/**
1868
 * cgroup_taskset_cur_css - return the matching css for the current task
1869
 * @tset: taskset of interest
1870
 * @subsys_id: the ID of the target subsystem
1871
 *
1872 1873 1874
 * Return the css for the current (last returned) task of @tset for
 * subsystem specified by @subsys_id.  This function must be preceded by
 * either cgroup_taskset_first() or cgroup_taskset_next().
1875
 */
1876 1877
struct cgroup_subsys_state *cgroup_taskset_cur_css(struct cgroup_taskset *tset,
						   int subsys_id)
1878
{
1879
	return cgroup_css(tset->cur_cgrp, cgroup_subsys[subsys_id]);
1880
}
1881
EXPORT_SYMBOL_GPL(cgroup_taskset_cur_css);
1882 1883 1884 1885 1886 1887 1888 1889 1890 1891 1892 1893

/**
 * cgroup_taskset_size - return the number of tasks in taskset
 * @tset: taskset of interest
 */
int cgroup_taskset_size(struct cgroup_taskset *tset)
{
	return tset->tc_array ? tset->tc_array_len : 1;
}
EXPORT_SYMBOL_GPL(cgroup_taskset_size);


B
Ben Blum 已提交
1894 1895 1896
/*
 * cgroup_task_migrate - move a task from one cgroup to another.
 *
1897
 * Must be called with cgroup_mutex and threadgroup locked.
B
Ben Blum 已提交
1898
 */
1899 1900 1901
static void cgroup_task_migrate(struct cgroup *old_cgrp,
				struct task_struct *tsk,
				struct css_set *new_cset)
B
Ben Blum 已提交
1902
{
1903
	struct css_set *old_cset;
B
Ben Blum 已提交
1904 1905

	/*
1906 1907 1908
	 * We are synchronized through threadgroup_lock() against PF_EXITING
	 * setting such that we can't race against cgroup_exit() changing the
	 * css_set to init_css_set and dropping the old one.
B
Ben Blum 已提交
1909
	 */
1910
	WARN_ON_ONCE(tsk->flags & PF_EXITING);
1911
	old_cset = task_css_set(tsk);
B
Ben Blum 已提交
1912 1913

	task_lock(tsk);
1914
	rcu_assign_pointer(tsk->cgroups, new_cset);
B
Ben Blum 已提交
1915 1916 1917 1918 1919
	task_unlock(tsk);

	/* Update the css_set linked lists if we're using them */
	write_lock(&css_set_lock);
	if (!list_empty(&tsk->cg_list))
1920
		list_move(&tsk->cg_list, &new_cset->tasks);
B
Ben Blum 已提交
1921 1922 1923
	write_unlock(&css_set_lock);

	/*
1924 1925 1926
	 * We just gained a reference on old_cset by taking it from the
	 * task. As trading it for new_cset is protected by cgroup_mutex,
	 * we're safe to drop it here; it will be freed under RCU.
B
Ben Blum 已提交
1927
	 */
1928 1929
	set_bit(CGRP_RELEASABLE, &old_cgrp->flags);
	put_css_set(old_cset);
B
Ben Blum 已提交
1930 1931
}

L
Li Zefan 已提交
1932
/**
1933
 * cgroup_attach_task - attach a task or a whole threadgroup to a cgroup
B
Ben Blum 已提交
1934
 * @cgrp: the cgroup to attach to
1935 1936
 * @tsk: the task or the leader of the threadgroup to be attached
 * @threadgroup: attach the whole threadgroup?
B
Ben Blum 已提交
1937
 *
1938
 * Call holding cgroup_mutex and the group_rwsem of the leader. Will take
1939
 * task_lock of @tsk or each thread in the threadgroup individually in turn.
B
Ben Blum 已提交
1940
 */
T
Tejun Heo 已提交
1941 1942
static int cgroup_attach_task(struct cgroup *cgrp, struct task_struct *tsk,
			      bool threadgroup)
B
Ben Blum 已提交
1943 1944 1945 1946 1947
{
	int retval, i, group_size;
	struct cgroup_subsys *ss, *failed_ss = NULL;
	struct cgroupfs_root *root = cgrp->root;
	/* threadgroup list cursor and array */
1948
	struct task_struct *leader = tsk;
1949
	struct task_and_cgroup *tc;
1950
	struct flex_array *group;
1951
	struct cgroup_taskset tset = { };
B
Ben Blum 已提交
1952 1953 1954 1955 1956

	/*
	 * step 0: in order to do expensive, possibly blocking operations for
	 * every thread, we cannot iterate the thread group list, since it needs
	 * rcu or tasklist locked. instead, build an array of all threads in the
1957 1958
	 * group - group_rwsem prevents new threads from appearing, and if
	 * threads exit, this will just be an over-estimate.
B
Ben Blum 已提交
1959
	 */
1960 1961 1962 1963
	if (threadgroup)
		group_size = get_nr_threads(tsk);
	else
		group_size = 1;
1964
	/* flex_array supports very large thread-groups better than kmalloc. */
1965
	group = flex_array_alloc(sizeof(*tc), group_size, GFP_KERNEL);
B
Ben Blum 已提交
1966 1967
	if (!group)
		return -ENOMEM;
1968
	/* pre-allocate to guarantee space while iterating in rcu read-side. */
1969
	retval = flex_array_prealloc(group, 0, group_size, GFP_KERNEL);
1970 1971
	if (retval)
		goto out_free_group_list;
B
Ben Blum 已提交
1972 1973

	i = 0;
1974 1975 1976 1977 1978 1979
	/*
	 * Prevent freeing of tasks while we take a snapshot. Tasks that are
	 * already PF_EXITING could be freed from underneath us unless we
	 * take an rcu_read_lock.
	 */
	rcu_read_lock();
B
Ben Blum 已提交
1980
	do {
1981 1982
		struct task_and_cgroup ent;

1983 1984
		/* @tsk either already exited or can't exit until the end */
		if (tsk->flags & PF_EXITING)
1985
			goto next;
1986

B
Ben Blum 已提交
1987 1988
		/* as per above, nr_threads may decrease, but not increase. */
		BUG_ON(i >= group_size);
1989 1990
		ent.task = tsk;
		ent.cgrp = task_cgroup_from_root(tsk, root);
1991 1992
		/* nothing to do if this task is already in the cgroup */
		if (ent.cgrp == cgrp)
1993
			goto next;
1994 1995 1996 1997
		/*
		 * saying GFP_ATOMIC has no effect here because we did prealloc
		 * earlier, but it's good form to communicate our expectations.
		 */
1998
		retval = flex_array_put(group, i, &ent, GFP_ATOMIC);
1999
		BUG_ON(retval != 0);
B
Ben Blum 已提交
2000
		i++;
2001
	next:
2002 2003
		if (!threadgroup)
			break;
B
Ben Blum 已提交
2004
	} while_each_thread(leader, tsk);
2005
	rcu_read_unlock();
B
Ben Blum 已提交
2006 2007
	/* remember the number of threads in the array for later. */
	group_size = i;
2008 2009
	tset.tc_array = group;
	tset.tc_array_len = group_size;
B
Ben Blum 已提交
2010

2011 2012
	/* methods shouldn't be called if no task is actually migrating */
	retval = 0;
2013
	if (!group_size)
2014
		goto out_free_group_list;
2015

B
Ben Blum 已提交
2016 2017 2018
	/*
	 * step 1: check that we can legitimately attach to the cgroup.
	 */
2019
	for_each_root_subsys(root, ss) {
2020
		struct cgroup_subsys_state *css = cgroup_css(cgrp, ss);
2021

B
Ben Blum 已提交
2022
		if (ss->can_attach) {
2023
			retval = ss->can_attach(css, &tset);
B
Ben Blum 已提交
2024 2025 2026 2027 2028 2029 2030 2031 2032 2033 2034 2035
			if (retval) {
				failed_ss = ss;
				goto out_cancel_attach;
			}
		}
	}

	/*
	 * step 2: make sure css_sets exist for all threads to be migrated.
	 * we use find_css_set, which allocates a new one if necessary.
	 */
	for (i = 0; i < group_size; i++) {
2036 2037
		struct css_set *old_cset;

2038
		tc = flex_array_get(group, i);
2039
		old_cset = task_css_set(tc->task);
L
Li Zefan 已提交
2040 2041
		tc->cset = find_css_set(old_cset, cgrp);
		if (!tc->cset) {
2042 2043
			retval = -ENOMEM;
			goto out_put_css_set_refs;
B
Ben Blum 已提交
2044 2045 2046 2047
		}
	}

	/*
2048 2049 2050
	 * step 3: now that we're guaranteed success wrt the css_sets,
	 * proceed to move all tasks to the new cgroup.  There are no
	 * failure cases after here, so this is the commit point.
B
Ben Blum 已提交
2051 2052
	 */
	for (i = 0; i < group_size; i++) {
2053
		tc = flex_array_get(group, i);
L
Li Zefan 已提交
2054
		cgroup_task_migrate(tc->cgrp, tc->task, tc->cset);
B
Ben Blum 已提交
2055 2056 2057 2058
	}
	/* nothing is sensitive to fork() after this point. */

	/*
2059
	 * step 4: do subsystem attach callbacks.
B
Ben Blum 已提交
2060
	 */
2061
	for_each_root_subsys(root, ss) {
2062
		struct cgroup_subsys_state *css = cgroup_css(cgrp, ss);
2063

B
Ben Blum 已提交
2064
		if (ss->attach)
2065
			ss->attach(css, &tset);
B
Ben Blum 已提交
2066 2067 2068 2069 2070 2071
	}

	/*
	 * step 5: success! and cleanup
	 */
	retval = 0;
2072 2073 2074 2075
out_put_css_set_refs:
	if (retval) {
		for (i = 0; i < group_size; i++) {
			tc = flex_array_get(group, i);
L
Li Zefan 已提交
2076
			if (!tc->cset)
2077
				break;
L
Li Zefan 已提交
2078
			put_css_set(tc->cset);
2079
		}
B
Ben Blum 已提交
2080 2081 2082
	}
out_cancel_attach:
	if (retval) {
2083
		for_each_root_subsys(root, ss) {
2084
			struct cgroup_subsys_state *css = cgroup_css(cgrp, ss);
2085

2086
			if (ss == failed_ss)
B
Ben Blum 已提交
2087 2088
				break;
			if (ss->cancel_attach)
2089
				ss->cancel_attach(css, &tset);
B
Ben Blum 已提交
2090 2091 2092
		}
	}
out_free_group_list:
2093
	flex_array_free(group);
B
Ben Blum 已提交
2094 2095 2096 2097 2098
	return retval;
}

/*
 * Find the task_struct of the task to attach by vpid and pass it along to the
2099 2100
 * function to attach either it or all tasks in its threadgroup. Will lock
 * cgroup_mutex and threadgroup; may take task_lock of task.
2101
 */
B
Ben Blum 已提交
2102
static int attach_task_by_pid(struct cgroup *cgrp, u64 pid, bool threadgroup)
2103 2104
{
	struct task_struct *tsk;
2105
	const struct cred *cred = current_cred(), *tcred;
2106 2107
	int ret;

B
Ben Blum 已提交
2108 2109 2110
	if (!cgroup_lock_live_group(cgrp))
		return -ENODEV;

2111 2112
retry_find_task:
	rcu_read_lock();
2113
	if (pid) {
2114
		tsk = find_task_by_vpid(pid);
B
Ben Blum 已提交
2115 2116
		if (!tsk) {
			rcu_read_unlock();
2117 2118
			ret= -ESRCH;
			goto out_unlock_cgroup;
2119
		}
B
Ben Blum 已提交
2120 2121 2122 2123
		/*
		 * even if we're attaching all tasks in the thread group, we
		 * only need to check permissions on one of them.
		 */
2124
		tcred = __task_cred(tsk);
2125 2126 2127
		if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
		    !uid_eq(cred->euid, tcred->uid) &&
		    !uid_eq(cred->euid, tcred->suid)) {
2128
			rcu_read_unlock();
2129 2130
			ret = -EACCES;
			goto out_unlock_cgroup;
2131
		}
2132 2133
	} else
		tsk = current;
2134 2135

	if (threadgroup)
2136
		tsk = tsk->group_leader;
2137 2138

	/*
2139
	 * Workqueue threads may acquire PF_NO_SETAFFINITY and become
2140 2141 2142
	 * trapped in a cpuset, or RT worker may be born in a cgroup
	 * with no rt_runtime allocated.  Just say no.
	 */
2143
	if (tsk == kthreadd_task || (tsk->flags & PF_NO_SETAFFINITY)) {
2144 2145 2146 2147 2148
		ret = -EINVAL;
		rcu_read_unlock();
		goto out_unlock_cgroup;
	}

2149 2150 2151 2152 2153 2154 2155 2156 2157 2158 2159 2160 2161 2162 2163 2164 2165
	get_task_struct(tsk);
	rcu_read_unlock();

	threadgroup_lock(tsk);
	if (threadgroup) {
		if (!thread_group_leader(tsk)) {
			/*
			 * a race with de_thread from another thread's exec()
			 * may strip us of our leadership, if this happens,
			 * there is no choice but to throw this task away and
			 * try again; this is
			 * "double-double-toil-and-trouble-check locking".
			 */
			threadgroup_unlock(tsk);
			put_task_struct(tsk);
			goto retry_find_task;
		}
2166 2167 2168 2169
	}

	ret = cgroup_attach_task(cgrp, tsk, threadgroup);

2170 2171
	threadgroup_unlock(tsk);

2172
	put_task_struct(tsk);
2173
out_unlock_cgroup:
T
Tejun Heo 已提交
2174
	mutex_unlock(&cgroup_mutex);
2175 2176 2177
	return ret;
}

2178 2179 2180 2181 2182 2183 2184 2185 2186 2187
/**
 * cgroup_attach_task_all - attach task 'tsk' to all cgroups of task 'from'
 * @from: attach to all cgroups of a given task
 * @tsk: the task to be attached
 */
int cgroup_attach_task_all(struct task_struct *from, struct task_struct *tsk)
{
	struct cgroupfs_root *root;
	int retval = 0;

T
Tejun Heo 已提交
2188
	mutex_lock(&cgroup_mutex);
2189
	for_each_active_root(root) {
L
Li Zefan 已提交
2190
		struct cgroup *from_cgrp = task_cgroup_from_root(from, root);
2191

L
Li Zefan 已提交
2192
		retval = cgroup_attach_task(from_cgrp, tsk, false);
2193 2194 2195
		if (retval)
			break;
	}
T
Tejun Heo 已提交
2196
	mutex_unlock(&cgroup_mutex);
2197 2198 2199 2200 2201

	return retval;
}
EXPORT_SYMBOL_GPL(cgroup_attach_task_all);

2202 2203
static int cgroup_tasks_write(struct cgroup_subsys_state *css,
			      struct cftype *cft, u64 pid)
B
Ben Blum 已提交
2204
{
2205
	return attach_task_by_pid(css->cgroup, pid, false);
B
Ben Blum 已提交
2206 2207
}

2208 2209
static int cgroup_procs_write(struct cgroup_subsys_state *css,
			      struct cftype *cft, u64 tgid)
2210
{
2211
	return attach_task_by_pid(css->cgroup, tgid, true);
2212 2213
}

2214 2215
static int cgroup_release_agent_write(struct cgroup_subsys_state *css,
				      struct cftype *cft, const char *buffer)
2216
{
2217
	BUILD_BUG_ON(sizeof(css->cgroup->root->release_agent_path) < PATH_MAX);
2218 2219
	if (strlen(buffer) >= PATH_MAX)
		return -EINVAL;
2220
	if (!cgroup_lock_live_group(css->cgroup))
2221
		return -ENODEV;
T
Tejun Heo 已提交
2222
	mutex_lock(&cgroup_root_mutex);
2223
	strcpy(css->cgroup->root->release_agent_path, buffer);
T
Tejun Heo 已提交
2224
	mutex_unlock(&cgroup_root_mutex);
T
Tejun Heo 已提交
2225
	mutex_unlock(&cgroup_mutex);
2226 2227 2228
	return 0;
}

2229 2230
static int cgroup_release_agent_show(struct cgroup_subsys_state *css,
				     struct cftype *cft, struct seq_file *seq)
2231
{
2232 2233
	struct cgroup *cgrp = css->cgroup;

2234 2235 2236 2237
	if (!cgroup_lock_live_group(cgrp))
		return -ENODEV;
	seq_puts(seq, cgrp->root->release_agent_path);
	seq_putc(seq, '\n');
T
Tejun Heo 已提交
2238
	mutex_unlock(&cgroup_mutex);
2239 2240 2241
	return 0;
}

2242 2243
static int cgroup_sane_behavior_show(struct cgroup_subsys_state *css,
				     struct cftype *cft, struct seq_file *seq)
2244
{
2245
	seq_printf(seq, "%d\n", cgroup_sane_behavior(css->cgroup));
2246 2247 2248
	return 0;
}

2249 2250 2251
/* A buffer size big enough for numbers or short strings */
#define CGROUP_LOCAL_BUFFER_SIZE 64

2252 2253 2254 2255
static ssize_t cgroup_write_X64(struct cgroup_subsys_state *css,
				struct cftype *cft, struct file *file,
				const char __user *userbuf, size_t nbytes,
				loff_t *unused_ppos)
2256
{
2257
	char buffer[CGROUP_LOCAL_BUFFER_SIZE];
2258 2259 2260 2261 2262 2263 2264 2265 2266 2267 2268
	int retval = 0;
	char *end;

	if (!nbytes)
		return -EINVAL;
	if (nbytes >= sizeof(buffer))
		return -E2BIG;
	if (copy_from_user(buffer, userbuf, nbytes))
		return -EFAULT;

	buffer[nbytes] = 0;     /* nul-terminate */
2269
	if (cft->write_u64) {
K
KOSAKI Motohiro 已提交
2270
		u64 val = simple_strtoull(strstrip(buffer), &end, 0);
2271 2272
		if (*end)
			return -EINVAL;
2273
		retval = cft->write_u64(css, cft, val);
2274
	} else {
K
KOSAKI Motohiro 已提交
2275
		s64 val = simple_strtoll(strstrip(buffer), &end, 0);
2276 2277
		if (*end)
			return -EINVAL;
2278
		retval = cft->write_s64(css, cft, val);
2279
	}
2280 2281 2282 2283 2284
	if (!retval)
		retval = nbytes;
	return retval;
}

2285 2286 2287 2288
static ssize_t cgroup_write_string(struct cgroup_subsys_state *css,
				   struct cftype *cft, struct file *file,
				   const char __user *userbuf, size_t nbytes,
				   loff_t *unused_ppos)
2289
{
2290
	char local_buffer[CGROUP_LOCAL_BUFFER_SIZE];
2291 2292 2293 2294 2295 2296 2297 2298 2299 2300 2301 2302 2303 2304
	int retval = 0;
	size_t max_bytes = cft->max_write_len;
	char *buffer = local_buffer;

	if (!max_bytes)
		max_bytes = sizeof(local_buffer) - 1;
	if (nbytes >= max_bytes)
		return -E2BIG;
	/* Allocate a dynamic buffer if we need one */
	if (nbytes >= sizeof(local_buffer)) {
		buffer = kmalloc(nbytes + 1, GFP_KERNEL);
		if (buffer == NULL)
			return -ENOMEM;
	}
L
Li Zefan 已提交
2305 2306 2307 2308
	if (nbytes && copy_from_user(buffer, userbuf, nbytes)) {
		retval = -EFAULT;
		goto out;
	}
2309 2310

	buffer[nbytes] = 0;     /* nul-terminate */
2311
	retval = cft->write_string(css, cft, strstrip(buffer));
2312 2313
	if (!retval)
		retval = nbytes;
L
Li Zefan 已提交
2314
out:
2315 2316 2317 2318 2319
	if (buffer != local_buffer)
		kfree(buffer);
	return retval;
}

2320
static ssize_t cgroup_file_write(struct file *file, const char __user *buf,
2321
				 size_t nbytes, loff_t *ppos)
2322
{
2323
	struct cfent *cfe = __d_cfe(file->f_dentry);
2324
	struct cftype *cft = __d_cft(file->f_dentry);
2325
	struct cgroup_subsys_state *css = cfe->css;
2326

2327
	if (cft->write)
2328
		return cft->write(css, cft, file, buf, nbytes, ppos);
2329
	if (cft->write_u64 || cft->write_s64)
2330
		return cgroup_write_X64(css, cft, file, buf, nbytes, ppos);
2331
	if (cft->write_string)
2332
		return cgroup_write_string(css, cft, file, buf, nbytes, ppos);
2333
	if (cft->trigger) {
2334
		int ret = cft->trigger(css, (unsigned int)cft->private);
2335 2336
		return ret ? ret : nbytes;
	}
2337
	return -EINVAL;
2338 2339
}

2340 2341 2342
static ssize_t cgroup_read_u64(struct cgroup_subsys_state *css,
			       struct cftype *cft, struct file *file,
			       char __user *buf, size_t nbytes, loff_t *ppos)
2343
{
2344
	char tmp[CGROUP_LOCAL_BUFFER_SIZE];
2345
	u64 val = cft->read_u64(css, cft);
2346 2347 2348 2349 2350
	int len = sprintf(tmp, "%llu\n", (unsigned long long) val);

	return simple_read_from_buffer(buf, nbytes, ppos, tmp, len);
}

2351 2352 2353
static ssize_t cgroup_read_s64(struct cgroup_subsys_state *css,
			       struct cftype *cft, struct file *file,
			       char __user *buf, size_t nbytes, loff_t *ppos)
2354
{
2355
	char tmp[CGROUP_LOCAL_BUFFER_SIZE];
2356
	s64 val = cft->read_s64(css, cft);
2357 2358 2359 2360 2361
	int len = sprintf(tmp, "%lld\n", (long long) val);

	return simple_read_from_buffer(buf, nbytes, ppos, tmp, len);
}

2362
static ssize_t cgroup_file_read(struct file *file, char __user *buf,
2363
				size_t nbytes, loff_t *ppos)
2364
{
2365
	struct cfent *cfe = __d_cfe(file->f_dentry);
2366
	struct cftype *cft = __d_cft(file->f_dentry);
2367
	struct cgroup_subsys_state *css = cfe->css;
2368 2369

	if (cft->read)
2370
		return cft->read(css, cft, file, buf, nbytes, ppos);
2371
	if (cft->read_u64)
2372
		return cgroup_read_u64(css, cft, file, buf, nbytes, ppos);
2373
	if (cft->read_s64)
2374
		return cgroup_read_s64(css, cft, file, buf, nbytes, ppos);
2375 2376 2377
	return -EINVAL;
}

2378 2379 2380 2381 2382 2383 2384 2385 2386 2387 2388 2389 2390
/*
 * seqfile ops/methods for returning structured data. Currently just
 * supports string->u64 maps, but can be extended in future.
 */

static int cgroup_map_add(struct cgroup_map_cb *cb, const char *key, u64 value)
{
	struct seq_file *sf = cb->state;
	return seq_printf(sf, "%s %llu\n", key, (unsigned long long)value);
}

static int cgroup_seqfile_show(struct seq_file *m, void *arg)
{
2391 2392
	struct cfent *cfe = m->private;
	struct cftype *cft = cfe->type;
2393
	struct cgroup_subsys_state *css = cfe->css;
2394

2395 2396 2397 2398 2399
	if (cft->read_map) {
		struct cgroup_map_cb cb = {
			.fill = cgroup_map_add,
			.state = m,
		};
2400
		return cft->read_map(css, cft, &cb);
2401
	}
2402
	return cft->read_seq_string(css, cft, m);
2403 2404
}

2405
static const struct file_operations cgroup_seqfile_operations = {
2406
	.read = seq_read,
2407
	.write = cgroup_file_write,
2408
	.llseek = seq_lseek,
2409
	.release = cgroup_file_release,
2410 2411
};

2412 2413
static int cgroup_file_open(struct inode *inode, struct file *file)
{
2414 2415
	struct cfent *cfe = __d_cfe(file->f_dentry);
	struct cftype *cft = __d_cft(file->f_dentry);
2416 2417
	struct cgroup *cgrp = __d_cgrp(cfe->dentry->d_parent);
	struct cgroup_subsys_state *css;
2418 2419 2420 2421 2422
	int err;

	err = generic_file_open(inode, file);
	if (err)
		return err;
2423

2424 2425 2426 2427 2428
	/*
	 * If the file belongs to a subsystem, pin the css.  Will be
	 * unpinned either on open failure or release.  This ensures that
	 * @css stays alive for all file operations.
	 */
2429
	rcu_read_lock();
2430 2431 2432
	css = cgroup_css(cgrp, cft->ss);
	if (cft->ss && !css_tryget(css))
		css = NULL;
2433
	rcu_read_unlock();
2434

2435
	if (!css)
2436
		return -ENODEV;
2437

2438 2439 2440 2441 2442 2443 2444 2445
	/*
	 * @cfe->css is used by read/write/close to determine the
	 * associated css.  @file->private_data would be a better place but
	 * that's already used by seqfile.  Multiple accessors may use it
	 * simultaneously which is okay as the association never changes.
	 */
	WARN_ON_ONCE(cfe->css && cfe->css != css);
	cfe->css = css;
2446

2447
	if (cft->read_map || cft->read_seq_string) {
2448
		file->f_op = &cgroup_seqfile_operations;
2449 2450
		err = single_open(file, cgroup_seqfile_show, cfe);
	} else if (cft->open) {
2451
		err = cft->open(inode, file);
2452
	}
2453

T
Tejun Heo 已提交
2454
	if (css->ss && err)
2455
		css_put(css);
2456 2457 2458 2459 2460
	return err;
}

static int cgroup_file_release(struct inode *inode, struct file *file)
{
2461
	struct cfent *cfe = __d_cfe(file->f_dentry);
2462
	struct cgroup_subsys_state *css = cfe->css;
2463

T
Tejun Heo 已提交
2464
	if (css->ss)
2465
		css_put(css);
2466 2467
	if (file->f_op == &cgroup_seqfile_operations)
		single_release(inode, file);
2468
	return 0;
2469 2470 2471 2472 2473 2474 2475 2476
}

/*
 * cgroup_rename - Only allow simple rename of directories in place.
 */
static int cgroup_rename(struct inode *old_dir, struct dentry *old_dentry,
			    struct inode *new_dir, struct dentry *new_dentry)
{
2477 2478 2479 2480 2481 2482 2483 2484 2485 2486
	int ret;
	struct cgroup_name *name, *old_name;
	struct cgroup *cgrp;

	/*
	 * It's convinient to use parent dir's i_mutex to protected
	 * cgrp->name.
	 */
	lockdep_assert_held(&old_dir->i_mutex);

2487 2488 2489 2490 2491 2492
	if (!S_ISDIR(old_dentry->d_inode->i_mode))
		return -ENOTDIR;
	if (new_dentry->d_inode)
		return -EEXIST;
	if (old_dir != new_dir)
		return -EIO;
2493 2494 2495

	cgrp = __d_cgrp(old_dentry);

2496 2497 2498 2499 2500 2501 2502
	/*
	 * This isn't a proper migration and its usefulness is very
	 * limited.  Disallow if sane_behavior.
	 */
	if (cgroup_sane_behavior(cgrp))
		return -EPERM;

2503 2504 2505 2506 2507 2508 2509 2510 2511 2512
	name = cgroup_alloc_name(new_dentry);
	if (!name)
		return -ENOMEM;

	ret = simple_rename(old_dir, old_dentry, new_dir, new_dentry);
	if (ret) {
		kfree(name);
		return ret;
	}

2513
	old_name = rcu_dereference_protected(cgrp->name, true);
2514 2515 2516 2517
	rcu_assign_pointer(cgrp->name, name);

	kfree_rcu(old_name, rcu_head);
	return 0;
2518 2519
}

A
Aristeu Rozanski 已提交
2520 2521 2522 2523 2524
static struct simple_xattrs *__d_xattrs(struct dentry *dentry)
{
	if (S_ISDIR(dentry->d_inode->i_mode))
		return &__d_cgrp(dentry)->xattrs;
	else
L
Li Zefan 已提交
2525
		return &__d_cfe(dentry)->xattrs;
A
Aristeu Rozanski 已提交
2526 2527 2528 2529 2530
}

static inline int xattr_enabled(struct dentry *dentry)
{
	struct cgroupfs_root *root = dentry->d_sb->s_fs_info;
2531
	return root->flags & CGRP_ROOT_XATTR;
A
Aristeu Rozanski 已提交
2532 2533 2534 2535 2536 2537 2538 2539 2540 2541 2542 2543 2544 2545 2546 2547 2548 2549 2550 2551 2552 2553 2554 2555 2556 2557 2558 2559 2560 2561 2562 2563 2564 2565 2566 2567 2568 2569 2570 2571 2572 2573 2574 2575 2576 2577
}

static bool is_valid_xattr(const char *name)
{
	if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN) ||
	    !strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN))
		return true;
	return false;
}

static int cgroup_setxattr(struct dentry *dentry, const char *name,
			   const void *val, size_t size, int flags)
{
	if (!xattr_enabled(dentry))
		return -EOPNOTSUPP;
	if (!is_valid_xattr(name))
		return -EINVAL;
	return simple_xattr_set(__d_xattrs(dentry), name, val, size, flags);
}

static int cgroup_removexattr(struct dentry *dentry, const char *name)
{
	if (!xattr_enabled(dentry))
		return -EOPNOTSUPP;
	if (!is_valid_xattr(name))
		return -EINVAL;
	return simple_xattr_remove(__d_xattrs(dentry), name);
}

static ssize_t cgroup_getxattr(struct dentry *dentry, const char *name,
			       void *buf, size_t size)
{
	if (!xattr_enabled(dentry))
		return -EOPNOTSUPP;
	if (!is_valid_xattr(name))
		return -EINVAL;
	return simple_xattr_get(__d_xattrs(dentry), name, buf, size);
}

static ssize_t cgroup_listxattr(struct dentry *dentry, char *buf, size_t size)
{
	if (!xattr_enabled(dentry))
		return -EOPNOTSUPP;
	return simple_xattr_list(__d_xattrs(dentry), buf, size);
}

2578
static const struct file_operations cgroup_file_operations = {
2579 2580 2581 2582 2583 2584 2585
	.read = cgroup_file_read,
	.write = cgroup_file_write,
	.llseek = generic_file_llseek,
	.open = cgroup_file_open,
	.release = cgroup_file_release,
};

A
Aristeu Rozanski 已提交
2586 2587 2588 2589 2590 2591 2592
static const struct inode_operations cgroup_file_inode_operations = {
	.setxattr = cgroup_setxattr,
	.getxattr = cgroup_getxattr,
	.listxattr = cgroup_listxattr,
	.removexattr = cgroup_removexattr,
};

2593
static const struct inode_operations cgroup_dir_inode_operations = {
A
Al Viro 已提交
2594
	.lookup = simple_lookup,
2595 2596 2597
	.mkdir = cgroup_mkdir,
	.rmdir = cgroup_rmdir,
	.rename = cgroup_rename,
A
Aristeu Rozanski 已提交
2598 2599 2600 2601
	.setxattr = cgroup_setxattr,
	.getxattr = cgroup_getxattr,
	.listxattr = cgroup_listxattr,
	.removexattr = cgroup_removexattr,
2602 2603
};

A
Al Viro 已提交
2604
static int cgroup_create_file(struct dentry *dentry, umode_t mode,
2605 2606
				struct super_block *sb)
{
2607 2608 2609 2610 2611 2612 2613 2614 2615 2616 2617 2618 2619 2620 2621 2622 2623
	struct inode *inode;

	if (!dentry)
		return -ENOENT;
	if (dentry->d_inode)
		return -EEXIST;

	inode = cgroup_new_inode(mode, sb);
	if (!inode)
		return -ENOMEM;

	if (S_ISDIR(mode)) {
		inode->i_op = &cgroup_dir_inode_operations;
		inode->i_fop = &simple_dir_operations;

		/* start off with i_nlink == 2 (for "." entry) */
		inc_nlink(inode);
T
Tejun Heo 已提交
2624
		inc_nlink(dentry->d_parent->d_inode);
2625

2626 2627 2628 2629 2630 2631 2632 2633 2634
		/*
		 * Control reaches here with cgroup_mutex held.
		 * @inode->i_mutex should nest outside cgroup_mutex but we
		 * want to populate it immediately without releasing
		 * cgroup_mutex.  As @inode isn't visible to anyone else
		 * yet, trylock will always succeed without affecting
		 * lockdep checks.
		 */
		WARN_ON_ONCE(!mutex_trylock(&inode->i_mutex));
2635 2636 2637
	} else if (S_ISREG(mode)) {
		inode->i_size = 0;
		inode->i_fop = &cgroup_file_operations;
A
Aristeu Rozanski 已提交
2638
		inode->i_op = &cgroup_file_inode_operations;
2639 2640 2641 2642 2643 2644
	}
	d_instantiate(dentry, inode);
	dget(dentry);	/* Extra count - pin the dentry in core */
	return 0;
}

L
Li Zefan 已提交
2645 2646 2647 2648 2649 2650 2651 2652 2653
/**
 * cgroup_file_mode - deduce file mode of a control file
 * @cft: the control file in question
 *
 * returns cft->mode if ->mode is not 0
 * returns S_IRUGO|S_IWUSR if it has both a read and a write handler
 * returns S_IRUGO if it has only a read handler
 * returns S_IWUSR if it has only a write hander
 */
A
Al Viro 已提交
2654
static umode_t cgroup_file_mode(const struct cftype *cft)
L
Li Zefan 已提交
2655
{
A
Al Viro 已提交
2656
	umode_t mode = 0;
L
Li Zefan 已提交
2657 2658 2659 2660 2661 2662 2663 2664 2665 2666 2667 2668 2669 2670 2671

	if (cft->mode)
		return cft->mode;

	if (cft->read || cft->read_u64 || cft->read_s64 ||
	    cft->read_map || cft->read_seq_string)
		mode |= S_IRUGO;

	if (cft->write || cft->write_u64 || cft->write_s64 ||
	    cft->write_string || cft->trigger)
		mode |= S_IWUSR;

	return mode;
}

2672
static int cgroup_add_file(struct cgroup *cgrp, struct cftype *cft)
2673
{
2674
	struct dentry *dir = cgrp->dentry;
T
Tejun Heo 已提交
2675
	struct cgroup *parent = __d_cgrp(dir);
2676
	struct dentry *dentry;
T
Tejun Heo 已提交
2677
	struct cfent *cfe;
2678
	int error;
A
Al Viro 已提交
2679
	umode_t mode;
2680
	char name[MAX_CGROUP_TYPE_NAMELEN + MAX_CFTYPE_NAME + 2] = { 0 };
2681

T
Tejun Heo 已提交
2682 2683
	if (cft->ss && !(cft->flags & CFTYPE_NO_PREFIX) &&
	    !(cgrp->root->flags & CGRP_ROOT_NOPREFIX)) {
2684
		strcpy(name, cft->ss->name);
2685 2686 2687
		strcat(name, ".");
	}
	strcat(name, cft->name);
T
Tejun Heo 已提交
2688

2689
	BUG_ON(!mutex_is_locked(&dir->d_inode->i_mutex));
T
Tejun Heo 已提交
2690 2691 2692 2693 2694

	cfe = kzalloc(sizeof(*cfe), GFP_KERNEL);
	if (!cfe)
		return -ENOMEM;

2695
	dentry = lookup_one_len(name, dir, strlen(name));
T
Tejun Heo 已提交
2696
	if (IS_ERR(dentry)) {
2697
		error = PTR_ERR(dentry);
T
Tejun Heo 已提交
2698 2699 2700
		goto out;
	}

2701 2702 2703 2704 2705
	cfe->type = (void *)cft;
	cfe->dentry = dentry;
	dentry->d_fsdata = cfe;
	simple_xattrs_init(&cfe->xattrs);

T
Tejun Heo 已提交
2706 2707 2708 2709 2710 2711 2712 2713 2714
	mode = cgroup_file_mode(cft);
	error = cgroup_create_file(dentry, mode | S_IFREG, cgrp->root->sb);
	if (!error) {
		list_add_tail(&cfe->node, &parent->files);
		cfe = NULL;
	}
	dput(dentry);
out:
	kfree(cfe);
2715 2716 2717
	return error;
}

2718 2719 2720 2721 2722 2723 2724
/**
 * cgroup_addrm_files - add or remove files to a cgroup directory
 * @cgrp: the target cgroup
 * @cfts: array of cftypes to be added
 * @is_add: whether to add or remove
 *
 * Depending on @is_add, add or remove files defined by @cfts on @cgrp.
2725 2726 2727
 * For removals, this function never fails.  If addition fails, this
 * function doesn't remove files already added.  The caller is responsible
 * for cleaning up.
2728
 */
2729 2730
static int cgroup_addrm_files(struct cgroup *cgrp, struct cftype cfts[],
			      bool is_add)
2731
{
A
Aristeu Rozanski 已提交
2732
	struct cftype *cft;
2733 2734 2735 2736
	int ret;

	lockdep_assert_held(&cgrp->dentry->d_inode->i_mutex);
	lockdep_assert_held(&cgroup_mutex);
T
Tejun Heo 已提交
2737 2738

	for (cft = cfts; cft->name[0] != '\0'; cft++) {
2739
		/* does cft->flags tell us to skip this file on @cgrp? */
2740 2741
		if ((cft->flags & CFTYPE_INSANE) && cgroup_sane_behavior(cgrp))
			continue;
2742 2743 2744 2745 2746
		if ((cft->flags & CFTYPE_NOT_ON_ROOT) && !cgrp->parent)
			continue;
		if ((cft->flags & CFTYPE_ONLY_ON_ROOT) && cgrp->parent)
			continue;

2747
		if (is_add) {
2748
			ret = cgroup_add_file(cgrp, cft);
2749
			if (ret) {
2750
				pr_warn("cgroup_addrm_files: failed to add %s, err=%d\n",
2751 2752 2753
					cft->name, ret);
				return ret;
			}
2754 2755
		} else {
			cgroup_rm_file(cgrp, cft);
T
Tejun Heo 已提交
2756
		}
2757
	}
2758
	return 0;
2759 2760
}

2761
static void cgroup_cfts_prepare(void)
2762
	__acquires(&cgroup_mutex)
2763 2764 2765 2766
{
	/*
	 * Thanks to the entanglement with vfs inode locking, we can't walk
	 * the existing cgroups under cgroup_mutex and create files.
2767 2768
	 * Instead, we use css_for_each_descendant_pre() and drop RCU read
	 * lock before calling cgroup_addrm_files().
2769 2770 2771 2772
	 */
	mutex_lock(&cgroup_mutex);
}

2773
static int cgroup_cfts_commit(struct cftype *cfts, bool is_add)
2774
	__releases(&cgroup_mutex)
2775 2776
{
	LIST_HEAD(pending);
2777
	struct cgroup_subsys *ss = cfts[0].ss;
2778
	struct cgroup *root = &ss->root->top_cgroup;
2779
	struct super_block *sb = ss->root->sb;
2780 2781
	struct dentry *prev = NULL;
	struct inode *inode;
2782
	struct cgroup_subsys_state *css;
2783
	u64 update_before;
2784
	int ret = 0;
2785 2786

	/* %NULL @cfts indicates abort and don't bother if @ss isn't attached */
2787
	if (!cfts || ss->root == &cgroup_dummy_root ||
2788 2789
	    !atomic_inc_not_zero(&sb->s_active)) {
		mutex_unlock(&cgroup_mutex);
2790
		return 0;
2791 2792 2793
	}

	/*
2794 2795
	 * All cgroups which are created after we drop cgroup_mutex will
	 * have the updated set of files, so we only need to update the
2796
	 * cgroups created before the current @cgroup_serial_nr_next.
2797
	 */
2798
	update_before = cgroup_serial_nr_next;
2799 2800 2801 2802 2803

	mutex_unlock(&cgroup_mutex);

	/* add/rm files for all cgroups created before */
	rcu_read_lock();
2804
	css_for_each_descendant_pre(css, cgroup_css(root, ss)) {
2805 2806
		struct cgroup *cgrp = css->cgroup;

2807 2808 2809 2810 2811 2812 2813 2814 2815
		if (cgroup_is_dead(cgrp))
			continue;

		inode = cgrp->dentry->d_inode;
		dget(cgrp->dentry);
		rcu_read_unlock();

		dput(prev);
		prev = cgrp->dentry;
2816 2817 2818

		mutex_lock(&inode->i_mutex);
		mutex_lock(&cgroup_mutex);
2819
		if (cgrp->serial_nr < update_before && !cgroup_is_dead(cgrp))
2820
			ret = cgroup_addrm_files(cgrp, cfts, is_add);
2821 2822 2823
		mutex_unlock(&cgroup_mutex);
		mutex_unlock(&inode->i_mutex);

2824
		rcu_read_lock();
2825 2826
		if (ret)
			break;
2827
	}
2828 2829 2830
	rcu_read_unlock();
	dput(prev);
	deactivate_super(sb);
2831
	return ret;
2832 2833 2834 2835 2836 2837 2838 2839 2840 2841 2842 2843 2844 2845 2846 2847
}

/**
 * cgroup_add_cftypes - add an array of cftypes to a subsystem
 * @ss: target cgroup subsystem
 * @cfts: zero-length name terminated array of cftypes
 *
 * Register @cfts to @ss.  Files described by @cfts are created for all
 * existing cgroups to which @ss is attached and all future cgroups will
 * have them too.  This function can be called anytime whether @ss is
 * attached or not.
 *
 * Returns 0 on successful registration, -errno on failure.  Note that this
 * function currently returns 0 as long as @cfts registration is successful
 * even if some file creation attempts on existing cgroups fail.
 */
A
Aristeu Rozanski 已提交
2848
int cgroup_add_cftypes(struct cgroup_subsys *ss, struct cftype *cfts)
2849 2850
{
	struct cftype_set *set;
2851
	struct cftype *cft;
2852
	int ret;
2853 2854 2855 2856 2857

	set = kzalloc(sizeof(*set), GFP_KERNEL);
	if (!set)
		return -ENOMEM;

2858 2859 2860
	for (cft = cfts; cft->name[0] != '\0'; cft++)
		cft->ss = ss;

2861 2862 2863
	cgroup_cfts_prepare();
	set->cfts = cfts;
	list_add_tail(&set->node, &ss->cftsets);
2864
	ret = cgroup_cfts_commit(cfts, true);
2865
	if (ret)
2866
		cgroup_rm_cftypes(cfts);
2867
	return ret;
2868 2869 2870
}
EXPORT_SYMBOL_GPL(cgroup_add_cftypes);

2871 2872 2873 2874
/**
 * cgroup_rm_cftypes - remove an array of cftypes from a subsystem
 * @cfts: zero-length name terminated array of cftypes
 *
2875 2876 2877
 * Unregister @cfts.  Files described by @cfts are removed from all
 * existing cgroups and all future cgroups won't have them either.  This
 * function can be called anytime whether @cfts' subsys is attached or not.
2878 2879
 *
 * Returns 0 on successful unregistration, -ENOENT if @cfts is not
2880
 * registered.
2881
 */
2882
int cgroup_rm_cftypes(struct cftype *cfts)
2883 2884 2885
{
	struct cftype_set *set;

2886 2887 2888
	if (!cfts || !cfts[0].ss)
		return -ENOENT;

2889 2890
	cgroup_cfts_prepare();

2891
	list_for_each_entry(set, &cfts[0].ss->cftsets, node) {
2892
		if (set->cfts == cfts) {
2893 2894
			list_del(&set->node);
			kfree(set);
2895
			cgroup_cfts_commit(cfts, false);
2896 2897 2898 2899
			return 0;
		}
	}

2900
	cgroup_cfts_commit(NULL, false);
2901 2902 2903
	return -ENOENT;
}

L
Li Zefan 已提交
2904 2905 2906 2907 2908 2909
/**
 * cgroup_task_count - count the number of tasks in a cgroup.
 * @cgrp: the cgroup in question
 *
 * Return the number of tasks in the cgroup.
 */
2910
int cgroup_task_count(const struct cgroup *cgrp)
2911 2912
{
	int count = 0;
2913
	struct cgrp_cset_link *link;
2914 2915

	read_lock(&css_set_lock);
2916 2917
	list_for_each_entry(link, &cgrp->cset_links, cset_link)
		count += atomic_read(&link->cset->refcount);
2918
	read_unlock(&css_set_lock);
2919 2920 2921
	return count;
}

2922
/*
2923 2924 2925
 * To reduce the fork() overhead for systems that are not actually using
 * their cgroups capability, we don't maintain the lists running through
 * each css_set to its tasks until we see the list actually used - in other
2926
 * words after the first call to css_task_iter_start().
2927
 */
2928
static void cgroup_enable_task_cg_lists(void)
2929 2930 2931 2932
{
	struct task_struct *p, *g;
	write_lock(&css_set_lock);
	use_task_css_set_links = 1;
2933 2934 2935 2936 2937 2938 2939 2940
	/*
	 * We need tasklist_lock because RCU is not safe against
	 * while_each_thread(). Besides, a forking task that has passed
	 * cgroup_post_fork() without seeing use_task_css_set_links = 1
	 * is not guaranteed to have its child immediately visible in the
	 * tasklist if we walk through it with RCU.
	 */
	read_lock(&tasklist_lock);
2941 2942
	do_each_thread(g, p) {
		task_lock(p);
2943 2944 2945 2946 2947 2948
		/*
		 * We should check if the process is exiting, otherwise
		 * it will race with cgroup_exit() in that the list
		 * entry won't be deleted though the process has exited.
		 */
		if (!(p->flags & PF_EXITING) && list_empty(&p->cg_list))
2949
			list_add(&p->cg_list, &task_css_set(p)->tasks);
2950 2951
		task_unlock(p);
	} while_each_thread(g, p);
2952
	read_unlock(&tasklist_lock);
2953 2954 2955
	write_unlock(&css_set_lock);
}

2956
/**
2957 2958 2959
 * css_next_child - find the next child of a given css
 * @pos_css: the current position (%NULL to initiate traversal)
 * @parent_css: css whose children to walk
2960
 *
2961 2962 2963 2964
 * This function returns the next child of @parent_css and should be called
 * under RCU read lock.  The only requirement is that @parent_css and
 * @pos_css are accessible.  The next sibling is guaranteed to be returned
 * regardless of their states.
2965
 */
2966 2967 2968
struct cgroup_subsys_state *
css_next_child(struct cgroup_subsys_state *pos_css,
	       struct cgroup_subsys_state *parent_css)
2969
{
2970 2971
	struct cgroup *pos = pos_css ? pos_css->cgroup : NULL;
	struct cgroup *cgrp = parent_css->cgroup;
2972 2973 2974 2975 2976 2977 2978
	struct cgroup *next;

	WARN_ON_ONCE(!rcu_read_lock_held());

	/*
	 * @pos could already have been removed.  Once a cgroup is removed,
	 * its ->sibling.next is no longer updated when its next sibling
2979 2980 2981 2982 2983 2984 2985
	 * changes.  As CGRP_DEAD assertion is serialized and happens
	 * before the cgroup is taken off the ->sibling list, if we see it
	 * unasserted, it's guaranteed that the next sibling hasn't
	 * finished its grace period even if it's already removed, and thus
	 * safe to dereference from this RCU critical section.  If
	 * ->sibling.next is inaccessible, cgroup_is_dead() is guaranteed
	 * to be visible as %true here.
2986 2987 2988 2989 2990 2991 2992 2993
	 *
	 * If @pos is dead, its next pointer can't be dereferenced;
	 * however, as each cgroup is given a monotonically increasing
	 * unique serial number and always appended to the sibling list,
	 * the next one can be found by walking the parent's children until
	 * we see a cgroup with higher serial number than @pos's.  While
	 * this path can be slower, it's taken only when either the current
	 * cgroup is removed or iteration and removal race.
2994
	 */
2995 2996 2997
	if (!pos) {
		next = list_entry_rcu(cgrp->children.next, struct cgroup, sibling);
	} else if (likely(!cgroup_is_dead(pos))) {
2998
		next = list_entry_rcu(pos->sibling.next, struct cgroup, sibling);
2999 3000 3001 3002
	} else {
		list_for_each_entry_rcu(next, &cgrp->children, sibling)
			if (next->serial_nr > pos->serial_nr)
				break;
3003 3004
	}

3005 3006 3007
	if (&next->sibling == &cgrp->children)
		return NULL;

3008
	return cgroup_css(next, parent_css->ss);
3009
}
3010
EXPORT_SYMBOL_GPL(css_next_child);
3011

3012
/**
3013
 * css_next_descendant_pre - find the next descendant for pre-order walk
3014
 * @pos: the current position (%NULL to initiate traversal)
3015
 * @root: css whose descendants to walk
3016
 *
3017
 * To be used by css_for_each_descendant_pre().  Find the next descendant
3018 3019
 * to visit for pre-order traversal of @root's descendants.  @root is
 * included in the iteration and the first node to be visited.
3020 3021 3022 3023
 *
 * While this function requires RCU read locking, it doesn't require the
 * whole traversal to be contained in a single RCU critical section.  This
 * function will return the correct next descendant as long as both @pos
3024
 * and @root are accessible and @pos is a descendant of @root.
3025
 */
3026 3027 3028
struct cgroup_subsys_state *
css_next_descendant_pre(struct cgroup_subsys_state *pos,
			struct cgroup_subsys_state *root)
3029
{
3030
	struct cgroup_subsys_state *next;
3031 3032 3033

	WARN_ON_ONCE(!rcu_read_lock_held());

3034
	/* if first iteration, visit @root */
3035
	if (!pos)
3036
		return root;
3037 3038

	/* visit the first child if exists */
3039
	next = css_next_child(NULL, pos);
3040 3041 3042 3043
	if (next)
		return next;

	/* no child, visit my or the closest ancestor's next sibling */
3044 3045
	while (pos != root) {
		next = css_next_child(pos, css_parent(pos));
3046
		if (next)
3047
			return next;
3048
		pos = css_parent(pos);
3049
	}
3050 3051 3052

	return NULL;
}
3053
EXPORT_SYMBOL_GPL(css_next_descendant_pre);
3054

3055
/**
3056 3057
 * css_rightmost_descendant - return the rightmost descendant of a css
 * @pos: css of interest
3058
 *
3059 3060
 * Return the rightmost descendant of @pos.  If there's no descendant, @pos
 * is returned.  This can be used during pre-order traversal to skip
3061
 * subtree of @pos.
3062 3063 3064 3065 3066
 *
 * While this function requires RCU read locking, it doesn't require the
 * whole traversal to be contained in a single RCU critical section.  This
 * function will return the correct rightmost descendant as long as @pos is
 * accessible.
3067
 */
3068 3069
struct cgroup_subsys_state *
css_rightmost_descendant(struct cgroup_subsys_state *pos)
3070
{
3071
	struct cgroup_subsys_state *last, *tmp;
3072 3073 3074 3075 3076 3077 3078

	WARN_ON_ONCE(!rcu_read_lock_held());

	do {
		last = pos;
		/* ->prev isn't RCU safe, walk ->next till the end */
		pos = NULL;
3079
		css_for_each_child(tmp, last)
3080 3081 3082 3083 3084
			pos = tmp;
	} while (pos);

	return last;
}
3085
EXPORT_SYMBOL_GPL(css_rightmost_descendant);
3086

3087 3088
static struct cgroup_subsys_state *
css_leftmost_descendant(struct cgroup_subsys_state *pos)
3089
{
3090
	struct cgroup_subsys_state *last;
3091 3092 3093

	do {
		last = pos;
3094
		pos = css_next_child(NULL, pos);
3095 3096 3097 3098 3099 3100
	} while (pos);

	return last;
}

/**
3101
 * css_next_descendant_post - find the next descendant for post-order walk
3102
 * @pos: the current position (%NULL to initiate traversal)
3103
 * @root: css whose descendants to walk
3104
 *
3105
 * To be used by css_for_each_descendant_post().  Find the next descendant
3106 3107
 * to visit for post-order traversal of @root's descendants.  @root is
 * included in the iteration and the last node to be visited.
3108 3109 3110 3111 3112
 *
 * While this function requires RCU read locking, it doesn't require the
 * whole traversal to be contained in a single RCU critical section.  This
 * function will return the correct next descendant as long as both @pos
 * and @cgroup are accessible and @pos is a descendant of @cgroup.
3113
 */
3114 3115 3116
struct cgroup_subsys_state *
css_next_descendant_post(struct cgroup_subsys_state *pos,
			 struct cgroup_subsys_state *root)
3117
{
3118
	struct cgroup_subsys_state *next;
3119 3120 3121

	WARN_ON_ONCE(!rcu_read_lock_held());

3122 3123 3124
	/* if first iteration, visit leftmost descendant which may be @root */
	if (!pos)
		return css_leftmost_descendant(root);
3125

3126 3127 3128 3129
	/* if we visited @root, we're done */
	if (pos == root)
		return NULL;

3130
	/* if there's an unvisited sibling, visit its leftmost descendant */
3131
	next = css_next_child(pos, css_parent(pos));
3132
	if (next)
3133
		return css_leftmost_descendant(next);
3134 3135

	/* no sibling left, visit parent */
3136
	return css_parent(pos);
3137
}
3138
EXPORT_SYMBOL_GPL(css_next_descendant_post);
3139

3140
/**
3141
 * css_advance_task_iter - advance a task itererator to the next css_set
3142 3143 3144
 * @it: the iterator to advance
 *
 * Advance @it to the next css_set to walk.
3145
 */
3146
static void css_advance_task_iter(struct css_task_iter *it)
3147 3148 3149 3150 3151 3152 3153 3154
{
	struct list_head *l = it->cset_link;
	struct cgrp_cset_link *link;
	struct css_set *cset;

	/* Advance to the next non-empty css_set */
	do {
		l = l->next;
3155
		if (l == &it->origin_css->cgroup->cset_links) {
3156 3157 3158 3159 3160 3161 3162 3163 3164 3165
			it->cset_link = NULL;
			return;
		}
		link = list_entry(l, struct cgrp_cset_link, cset_link);
		cset = link->cset;
	} while (list_empty(&cset->tasks));
	it->cset_link = l;
	it->task = cset->tasks.next;
}

3166
/**
3167 3168
 * css_task_iter_start - initiate task iteration
 * @css: the css to walk tasks of
3169 3170
 * @it: the task iterator to use
 *
3171 3172 3173 3174
 * Initiate iteration through the tasks of @css.  The caller can call
 * css_task_iter_next() to walk through the tasks until the function
 * returns NULL.  On completion of iteration, css_task_iter_end() must be
 * called.
3175 3176 3177 3178 3179
 *
 * Note that this function acquires a lock which is released when the
 * iteration finishes.  The caller can't sleep while iteration is in
 * progress.
 */
3180 3181
void css_task_iter_start(struct cgroup_subsys_state *css,
			 struct css_task_iter *it)
3182
	__acquires(css_set_lock)
3183 3184
{
	/*
3185 3186 3187
	 * The first time anyone tries to iterate across a css, we need to
	 * enable the list linking each css_set to its tasks, and fix up
	 * all existing tasks.
3188
	 */
3189 3190 3191
	if (!use_task_css_set_links)
		cgroup_enable_task_cg_lists();

3192
	read_lock(&css_set_lock);
3193

3194 3195
	it->origin_css = css;
	it->cset_link = &css->cgroup->cset_links;
3196

3197
	css_advance_task_iter(it);
3198 3199
}

3200
/**
3201
 * css_task_iter_next - return the next task for the iterator
3202 3203 3204
 * @it: the task iterator being iterated
 *
 * The "next" function for task iteration.  @it should have been
3205 3206
 * initialized via css_task_iter_start().  Returns NULL when the iteration
 * reaches the end.
3207
 */
3208
struct task_struct *css_task_iter_next(struct css_task_iter *it)
3209 3210 3211
{
	struct task_struct *res;
	struct list_head *l = it->task;
3212
	struct cgrp_cset_link *link;
3213 3214

	/* If the iterator cg is NULL, we have no tasks */
3215
	if (!it->cset_link)
3216 3217 3218 3219
		return NULL;
	res = list_entry(l, struct task_struct, cg_list);
	/* Advance iterator to find next entry */
	l = l->next;
3220 3221
	link = list_entry(it->cset_link, struct cgrp_cset_link, cset_link);
	if (l == &link->cset->tasks) {
3222 3223 3224 3225
		/*
		 * We reached the end of this task list - move on to the
		 * next cgrp_cset_link.
		 */
3226
		css_advance_task_iter(it);
3227 3228 3229 3230 3231 3232
	} else {
		it->task = l;
	}
	return res;
}

3233
/**
3234
 * css_task_iter_end - finish task iteration
3235 3236
 * @it: the task iterator to finish
 *
3237
 * Finish task iteration started by css_task_iter_start().
3238
 */
3239
void css_task_iter_end(struct css_task_iter *it)
3240
	__releases(css_set_lock)
3241 3242 3243 3244
{
	read_unlock(&css_set_lock);
}

3245 3246 3247 3248 3249 3250 3251 3252 3253 3254 3255 3256 3257 3258 3259 3260 3261 3262 3263 3264 3265 3266 3267 3268 3269 3270 3271 3272 3273 3274 3275 3276 3277 3278 3279
static inline int started_after_time(struct task_struct *t1,
				     struct timespec *time,
				     struct task_struct *t2)
{
	int start_diff = timespec_compare(&t1->start_time, time);
	if (start_diff > 0) {
		return 1;
	} else if (start_diff < 0) {
		return 0;
	} else {
		/*
		 * Arbitrarily, if two processes started at the same
		 * time, we'll say that the lower pointer value
		 * started first. Note that t2 may have exited by now
		 * so this may not be a valid pointer any longer, but
		 * that's fine - it still serves to distinguish
		 * between two tasks started (effectively) simultaneously.
		 */
		return t1 > t2;
	}
}

/*
 * This function is a callback from heap_insert() and is used to order
 * the heap.
 * In this case we order the heap in descending task start time.
 */
static inline int started_after(void *p1, void *p2)
{
	struct task_struct *t1 = p1;
	struct task_struct *t2 = p2;
	return started_after_time(t1, &t2->start_time, t2);
}

/**
3280 3281
 * css_scan_tasks - iterate though all the tasks in a css
 * @css: the css to iterate tasks of
T
Tejun Heo 已提交
3282 3283 3284 3285
 * @test: optional test callback
 * @process: process callback
 * @data: data passed to @test and @process
 * @heap: optional pre-allocated heap used for task iteration
3286
 *
3287 3288
 * Iterate through all the tasks in @css, calling @test for each, and if it
 * returns %true, call @process for it also.
3289
 *
T
Tejun Heo 已提交
3290
 * @test may be NULL, meaning always true (select all tasks), which
3291
 * effectively duplicates css_task_iter_{start,next,end}() but does not
T
Tejun Heo 已提交
3292 3293 3294
 * lock css_set_lock for the call to @process.
 *
 * It is guaranteed that @process will act on every task that is a member
3295 3296 3297
 * of @css for the duration of this call.  This function may or may not
 * call @process for tasks that exit or move to a different css during the
 * call, or are forked or move into the css during the call.
3298
 *
T
Tejun Heo 已提交
3299 3300 3301
 * Note that @test may be called with locks held, and may in some
 * situations be called multiple times for the same task, so it should be
 * cheap.
3302
 *
T
Tejun Heo 已提交
3303 3304 3305 3306
 * If @heap is non-NULL, a heap has been pre-allocated and will be used for
 * heap operations (and its "gt" member will be overwritten), else a
 * temporary heap will be used (allocation of which may cause this function
 * to fail).
3307
 */
3308 3309 3310 3311
int css_scan_tasks(struct cgroup_subsys_state *css,
		   bool (*test)(struct task_struct *, void *),
		   void (*process)(struct task_struct *, void *),
		   void *data, struct ptr_heap *heap)
3312 3313
{
	int retval, i;
3314
	struct css_task_iter it;
3315 3316 3317 3318 3319 3320
	struct task_struct *p, *dropped;
	/* Never dereference latest_task, since it's not refcounted */
	struct task_struct *latest_task = NULL;
	struct ptr_heap tmp_heap;
	struct timespec latest_time = { 0, 0 };

T
Tejun Heo 已提交
3321
	if (heap) {
3322 3323 3324 3325 3326 3327 3328 3329 3330 3331 3332 3333 3334
		/* The caller supplied our heap and pre-allocated its memory */
		heap->gt = &started_after;
	} else {
		/* We need to allocate our own heap memory */
		heap = &tmp_heap;
		retval = heap_init(heap, PAGE_SIZE, GFP_KERNEL, &started_after);
		if (retval)
			/* cannot allocate the heap */
			return retval;
	}

 again:
	/*
3335
	 * Scan tasks in the css, using the @test callback to determine
T
Tejun Heo 已提交
3336 3337 3338 3339 3340 3341 3342
	 * which are of interest, and invoking @process callback on the
	 * ones which need an update.  Since we don't want to hold any
	 * locks during the task updates, gather tasks to be processed in a
	 * heap structure.  The heap is sorted by descending task start
	 * time.  If the statically-sized heap fills up, we overflow tasks
	 * that started later, and in future iterations only consider tasks
	 * that started after the latest task in the previous pass. This
3343 3344 3345
	 * guarantees forward progress and that we don't miss any tasks.
	 */
	heap->size = 0;
3346 3347
	css_task_iter_start(css, &it);
	while ((p = css_task_iter_next(&it))) {
3348 3349 3350 3351
		/*
		 * Only affect tasks that qualify per the caller's callback,
		 * if he provided one
		 */
T
Tejun Heo 已提交
3352
		if (test && !test(p, data))
3353 3354 3355 3356 3357 3358 3359 3360 3361 3362 3363 3364 3365 3366 3367 3368 3369 3370 3371 3372 3373 3374 3375 3376 3377 3378 3379
			continue;
		/*
		 * Only process tasks that started after the last task
		 * we processed
		 */
		if (!started_after_time(p, &latest_time, latest_task))
			continue;
		dropped = heap_insert(heap, p);
		if (dropped == NULL) {
			/*
			 * The new task was inserted; the heap wasn't
			 * previously full
			 */
			get_task_struct(p);
		} else if (dropped != p) {
			/*
			 * The new task was inserted, and pushed out a
			 * different task
			 */
			get_task_struct(p);
			put_task_struct(dropped);
		}
		/*
		 * Else the new task was newer than anything already in
		 * the heap and wasn't inserted
		 */
	}
3380
	css_task_iter_end(&it);
3381 3382 3383

	if (heap->size) {
		for (i = 0; i < heap->size; i++) {
3384
			struct task_struct *q = heap->ptrs[i];
3385
			if (i == 0) {
3386 3387
				latest_time = q->start_time;
				latest_task = q;
3388 3389
			}
			/* Process the task per the caller's callback */
T
Tejun Heo 已提交
3390
			process(q, data);
3391
			put_task_struct(q);
3392 3393 3394 3395 3396 3397 3398 3399 3400 3401 3402 3403 3404 3405 3406
		}
		/*
		 * If we had to process any tasks at all, scan again
		 * in case some of them were in the middle of forking
		 * children that didn't get processed.
		 * Not the most efficient way to do it, but it avoids
		 * having to take callback_mutex in the fork path
		 */
		goto again;
	}
	if (heap == &tmp_heap)
		heap_free(&tmp_heap);
	return 0;
}

T
Tejun Heo 已提交
3407
static void cgroup_transfer_one_task(struct task_struct *task, void *data)
3408
{
T
Tejun Heo 已提交
3409
	struct cgroup *new_cgroup = data;
3410

T
Tejun Heo 已提交
3411
	mutex_lock(&cgroup_mutex);
3412
	cgroup_attach_task(new_cgroup, task, false);
T
Tejun Heo 已提交
3413
	mutex_unlock(&cgroup_mutex);
3414 3415 3416 3417 3418 3419 3420 3421 3422
}

/**
 * cgroup_trasnsfer_tasks - move tasks from one cgroup to another
 * @to: cgroup to which the tasks will be moved
 * @from: cgroup in which the tasks currently reside
 */
int cgroup_transfer_tasks(struct cgroup *to, struct cgroup *from)
{
3423 3424
	return css_scan_tasks(&from->dummy_css, NULL, cgroup_transfer_one_task,
			      to, NULL);
3425 3426
}

3427
/*
3428
 * Stuff for reading the 'tasks'/'procs' files.
3429 3430 3431 3432 3433 3434 3435 3436
 *
 * Reading this file can return large amounts of data if a cgroup has
 * *lots* of attached tasks. So it may need several calls to read(),
 * but we cannot guarantee that the information we produce is correct
 * unless we produce it entirely atomically.
 *
 */

3437 3438 3439 3440 3441 3442 3443 3444 3445 3446 3447 3448 3449 3450 3451 3452 3453 3454 3455 3456 3457 3458 3459 3460 3461 3462 3463 3464 3465
/* which pidlist file are we talking about? */
enum cgroup_filetype {
	CGROUP_FILE_PROCS,
	CGROUP_FILE_TASKS,
};

/*
 * A pidlist is a list of pids that virtually represents the contents of one
 * of the cgroup files ("procs" or "tasks"). We keep a list of such pidlists,
 * a pair (one each for procs, tasks) for each pid namespace that's relevant
 * to the cgroup.
 */
struct cgroup_pidlist {
	/*
	 * used to find which pidlist is wanted. doesn't change as long as
	 * this particular list stays in the list.
	*/
	struct { enum cgroup_filetype type; struct pid_namespace *ns; } key;
	/* array of xids */
	pid_t *list;
	/* how many elements the above list has */
	int length;
	/* how many files are using the current array */
	int use_count;
	/* each of these stored in a list by its cgroup */
	struct list_head links;
	/* pointer to the cgroup we belong to, for list removal purposes */
	struct cgroup *owner;
	/* protects the other fields */
L
Li Zefan 已提交
3466
	struct rw_semaphore rwsem;
3467 3468
	/* for delayed destruction */
	struct delayed_work destroy_dwork;
3469 3470
};

3471 3472 3473 3474 3475 3476 3477
/* seq_file->private points to the following */
struct cgroup_pidlist_open_file {
	enum cgroup_filetype		type;
	struct cgroup			*cgrp;
	struct cgroup_pidlist		*pidlist;
};

3478 3479 3480 3481 3482 3483 3484 3485 3486 3487 3488 3489 3490
/*
 * The following two functions "fix" the issue where there are more pids
 * than kmalloc will give memory for; in such cases, we use vmalloc/vfree.
 * TODO: replace with a kernel-wide solution to this problem
 */
#define PIDLIST_TOO_LARGE(c) ((c) * sizeof(pid_t) > (PAGE_SIZE * 2))
static void *pidlist_allocate(int count)
{
	if (PIDLIST_TOO_LARGE(count))
		return vmalloc(count * sizeof(pid_t));
	else
		return kmalloc(count * sizeof(pid_t), GFP_KERNEL);
}
3491

3492 3493 3494 3495 3496 3497 3498 3499
static void pidlist_free(void *p)
{
	if (is_vmalloc_addr(p))
		vfree(p);
	else
		kfree(p);
}

3500 3501 3502 3503 3504 3505 3506 3507 3508 3509 3510 3511 3512 3513 3514 3515 3516 3517 3518 3519 3520 3521 3522 3523 3524 3525 3526 3527 3528 3529 3530 3531 3532 3533 3534 3535 3536 3537 3538 3539 3540 3541 3542
/*
 * Used to destroy all pidlists lingering waiting for destroy timer.  None
 * should be left afterwards.
 */
static void cgroup_pidlist_destroy_all(struct cgroup *cgrp)
{
	struct cgroup_pidlist *l, *tmp_l;

	mutex_lock(&cgrp->pidlist_mutex);
	list_for_each_entry_safe(l, tmp_l, &cgrp->pidlists, links)
		mod_delayed_work(cgroup_pidlist_destroy_wq, &l->destroy_dwork, 0);
	mutex_unlock(&cgrp->pidlist_mutex);

	flush_workqueue(cgroup_pidlist_destroy_wq);
	BUG_ON(!list_empty(&cgrp->pidlists));
}

static void cgroup_pidlist_destroy_work_fn(struct work_struct *work)
{
	struct delayed_work *dwork = to_delayed_work(work);
	struct cgroup_pidlist *l = container_of(dwork, struct cgroup_pidlist,
						destroy_dwork);
	struct cgroup_pidlist *tofree = NULL;

	mutex_lock(&l->owner->pidlist_mutex);
	down_write(&l->rwsem);

	/*
	 * Destroy iff we didn't race with a new user or get queued again.
	 * Queued state won't change as it can only be queued while locked.
	 */
	if (!l->use_count && !delayed_work_pending(dwork)) {
		list_del(&l->links);
		pidlist_free(l->list);
		put_pid_ns(l->key.ns);
		tofree = l;
	}

	up_write(&l->rwsem);
	mutex_unlock(&l->owner->pidlist_mutex);
	kfree(tofree);
}

3543
/*
3544
 * pidlist_uniq - given a kmalloc()ed list, strip out all duplicate entries
3545
 * Returns the number of unique elements.
3546
 */
3547
static int pidlist_uniq(pid_t *list, int length)
3548
{
3549 3550 3551 3552 3553 3554 3555 3556 3557 3558 3559 3560 3561 3562 3563 3564 3565 3566 3567 3568 3569 3570 3571 3572 3573 3574 3575 3576 3577
	int src, dest = 1;

	/*
	 * we presume the 0th element is unique, so i starts at 1. trivial
	 * edge cases first; no work needs to be done for either
	 */
	if (length == 0 || length == 1)
		return length;
	/* src and dest walk down the list; dest counts unique elements */
	for (src = 1; src < length; src++) {
		/* find next unique element */
		while (list[src] == list[src-1]) {
			src++;
			if (src == length)
				goto after;
		}
		/* dest always points to where the next unique element goes */
		list[dest] = list[src];
		dest++;
	}
after:
	return dest;
}

static int cmppid(const void *a, const void *b)
{
	return *(pid_t *)a - *(pid_t *)b;
}

3578 3579 3580 3581 3582 3583 3584 3585 3586 3587 3588
/*
 * find the appropriate pidlist for our purpose (given procs vs tasks)
 * returns with the lock on that pidlist already held, and takes care
 * of the use count, or returns NULL with no locks held if we're out of
 * memory.
 */
static struct cgroup_pidlist *cgroup_pidlist_find(struct cgroup *cgrp,
						  enum cgroup_filetype type)
{
	struct cgroup_pidlist *l;
	/* don't need task_nsproxy() if we're looking at ourself */
3589
	struct pid_namespace *ns = task_active_pid_ns(current);
3590

3591
	/*
L
Li Zefan 已提交
3592
	 * We can't drop the pidlist_mutex before taking the l->rwsem in case
3593 3594 3595 3596 3597 3598 3599 3600
	 * the last ref-holder is trying to remove l from the list at the same
	 * time. Holding the pidlist_mutex precludes somebody taking whichever
	 * list we find out from under us - compare release_pid_array().
	 */
	mutex_lock(&cgrp->pidlist_mutex);
	list_for_each_entry(l, &cgrp->pidlists, links) {
		if (l->key.type == type && l->key.ns == ns) {
			/* make sure l doesn't vanish out from under us */
L
Li Zefan 已提交
3601
			down_write(&l->rwsem);
3602 3603 3604 3605 3606
			mutex_unlock(&cgrp->pidlist_mutex);
			return l;
		}
	}
	/* entry not found; create a new one */
3607
	l = kzalloc(sizeof(struct cgroup_pidlist), GFP_KERNEL);
3608 3609 3610 3611
	if (!l) {
		mutex_unlock(&cgrp->pidlist_mutex);
		return l;
	}
L
Li Zefan 已提交
3612
	init_rwsem(&l->rwsem);
3613
	INIT_DELAYED_WORK(&l->destroy_dwork, cgroup_pidlist_destroy_work_fn);
L
Li Zefan 已提交
3614
	down_write(&l->rwsem);
3615
	l->key.type = type;
3616
	l->key.ns = get_pid_ns(ns);
3617 3618 3619 3620 3621 3622
	l->owner = cgrp;
	list_add(&l->links, &cgrp->pidlists);
	mutex_unlock(&cgrp->pidlist_mutex);
	return l;
}

3623 3624 3625
/*
 * Load a cgroup's pidarray with either procs' tgids or tasks' pids
 */
3626 3627
static int pidlist_array_load(struct cgroup *cgrp, enum cgroup_filetype type,
			      struct cgroup_pidlist **lp)
3628 3629 3630 3631
{
	pid_t *array;
	int length;
	int pid, n = 0; /* used for populating the array */
3632
	struct css_task_iter it;
3633
	struct task_struct *tsk;
3634 3635 3636 3637 3638 3639 3640 3641 3642
	struct cgroup_pidlist *l;

	/*
	 * If cgroup gets more users after we read count, we won't have
	 * enough space - tough.  This race is indistinguishable to the
	 * caller from the case that the additional cgroup users didn't
	 * show up until sometime later on.
	 */
	length = cgroup_task_count(cgrp);
3643
	array = pidlist_allocate(length);
3644 3645 3646
	if (!array)
		return -ENOMEM;
	/* now, populate the array */
3647 3648
	css_task_iter_start(&cgrp->dummy_css, &it);
	while ((tsk = css_task_iter_next(&it))) {
3649
		if (unlikely(n == length))
3650
			break;
3651
		/* get tgid or pid for procs or tasks file respectively */
3652 3653 3654 3655
		if (type == CGROUP_FILE_PROCS)
			pid = task_tgid_vnr(tsk);
		else
			pid = task_pid_vnr(tsk);
3656 3657
		if (pid > 0) /* make sure to only use valid results */
			array[n++] = pid;
3658
	}
3659
	css_task_iter_end(&it);
3660 3661 3662
	length = n;
	/* now sort & (if procs) strip out duplicates */
	sort(array, length, sizeof(pid_t), cmppid, NULL);
3663
	if (type == CGROUP_FILE_PROCS)
3664
		length = pidlist_uniq(array, length);
3665 3666
	l = cgroup_pidlist_find(cgrp, type);
	if (!l) {
3667
		pidlist_free(array);
3668
		return -ENOMEM;
3669
	}
3670
	/* store array, freeing old if necessary - lock already held */
3671
	pidlist_free(l->list);
3672 3673 3674
	l->list = array;
	l->length = length;
	l->use_count++;
L
Li Zefan 已提交
3675
	up_write(&l->rwsem);
3676
	*lp = l;
3677
	return 0;
3678 3679
}

B
Balbir Singh 已提交
3680
/**
L
Li Zefan 已提交
3681
 * cgroupstats_build - build and fill cgroupstats
B
Balbir Singh 已提交
3682 3683 3684
 * @stats: cgroupstats to fill information into
 * @dentry: A dentry entry belonging to the cgroup for which stats have
 * been requested.
L
Li Zefan 已提交
3685 3686 3687
 *
 * Build and fill cgroupstats so that taskstats can export it to user
 * space.
B
Balbir Singh 已提交
3688 3689 3690 3691
 */
int cgroupstats_build(struct cgroupstats *stats, struct dentry *dentry)
{
	int ret = -EINVAL;
3692
	struct cgroup *cgrp;
3693
	struct css_task_iter it;
B
Balbir Singh 已提交
3694
	struct task_struct *tsk;
3695

B
Balbir Singh 已提交
3696
	/*
3697 3698
	 * Validate dentry by checking the superblock operations,
	 * and make sure it's a directory.
B
Balbir Singh 已提交
3699
	 */
3700 3701
	if (dentry->d_sb->s_op != &cgroup_ops ||
	    !S_ISDIR(dentry->d_inode->i_mode))
B
Balbir Singh 已提交
3702 3703 3704
		 goto err;

	ret = 0;
3705
	cgrp = dentry->d_fsdata;
B
Balbir Singh 已提交
3706

3707 3708
	css_task_iter_start(&cgrp->dummy_css, &it);
	while ((tsk = css_task_iter_next(&it))) {
B
Balbir Singh 已提交
3709 3710 3711 3712 3713 3714 3715 3716 3717 3718 3719 3720 3721 3722 3723 3724 3725 3726 3727
		switch (tsk->state) {
		case TASK_RUNNING:
			stats->nr_running++;
			break;
		case TASK_INTERRUPTIBLE:
			stats->nr_sleeping++;
			break;
		case TASK_UNINTERRUPTIBLE:
			stats->nr_uninterruptible++;
			break;
		case TASK_STOPPED:
			stats->nr_stopped++;
			break;
		default:
			if (delayacct_is_task_waiting_on_io(tsk))
				stats->nr_io_wait++;
			break;
		}
	}
3728
	css_task_iter_end(&it);
B
Balbir Singh 已提交
3729 3730 3731 3732 3733

err:
	return ret;
}

3734

3735
/*
3736
 * seq_file methods for the tasks/procs files. The seq_file position is the
3737
 * next pid to display; the seq_file iterator is a pointer to the pid
3738
 * in the cgroup->l->list array.
3739
 */
3740

3741
static void *cgroup_pidlist_start(struct seq_file *s, loff_t *pos)
3742
{
3743 3744 3745 3746 3747 3748
	/*
	 * Initially we receive a position value that corresponds to
	 * one more than the last pid shown (or 0 on the first call or
	 * after a seek to the start). Use a binary-search to find the
	 * next pid to display, if any
	 */
3749 3750
	struct cgroup_pidlist_open_file *of = s->private;
	struct cgroup_pidlist *l = of->pidlist;
3751 3752 3753
	int index = 0, pid = *pos;
	int *iter;

L
Li Zefan 已提交
3754
	down_read(&l->rwsem);
3755
	if (pid) {
3756
		int end = l->length;
S
Stephen Rothwell 已提交
3757

3758 3759
		while (index < end) {
			int mid = (index + end) / 2;
3760
			if (l->list[mid] == pid) {
3761 3762
				index = mid;
				break;
3763
			} else if (l->list[mid] <= pid)
3764 3765 3766 3767 3768 3769
				index = mid + 1;
			else
				end = mid;
		}
	}
	/* If we're off the end of the array, we're done */
3770
	if (index >= l->length)
3771 3772
		return NULL;
	/* Update the abstract position to be the actual pid that we found */
3773
	iter = l->list + index;
3774 3775 3776 3777
	*pos = *iter;
	return iter;
}

3778
static void cgroup_pidlist_stop(struct seq_file *s, void *v)
3779
{
3780 3781 3782
	struct cgroup_pidlist_open_file *of = s->private;

	up_read(&of->pidlist->rwsem);
3783 3784
}

3785
static void *cgroup_pidlist_next(struct seq_file *s, void *v, loff_t *pos)
3786
{
3787 3788
	struct cgroup_pidlist_open_file *of = s->private;
	struct cgroup_pidlist *l = of->pidlist;
3789 3790
	pid_t *p = v;
	pid_t *end = l->list + l->length;
3791 3792 3793 3794 3795 3796 3797 3798 3799 3800 3801 3802 3803
	/*
	 * Advance to the next pid in the array. If this goes off the
	 * end, we're done
	 */
	p++;
	if (p >= end) {
		return NULL;
	} else {
		*pos = *p;
		return p;
	}
}

3804
static int cgroup_pidlist_show(struct seq_file *s, void *v)
3805 3806 3807
{
	return seq_printf(s, "%d\n", *(int *)v);
}
3808

3809 3810 3811 3812 3813 3814 3815 3816 3817
/*
 * seq_operations functions for iterating on pidlists through seq_file -
 * independent of whether it's tasks or procs
 */
static const struct seq_operations cgroup_pidlist_seq_operations = {
	.start = cgroup_pidlist_start,
	.stop = cgroup_pidlist_stop,
	.next = cgroup_pidlist_next,
	.show = cgroup_pidlist_show,
3818 3819
};

3820
static void cgroup_release_pid_array(struct cgroup_pidlist *l)
3821
{
L
Li Zefan 已提交
3822
	down_write(&l->rwsem);
3823
	BUG_ON(!l->use_count);
3824 3825 3826 3827
	/* if the last user, arm the destroy work */
	if (!--l->use_count)
		mod_delayed_work(cgroup_pidlist_destroy_wq, &l->destroy_dwork,
				 CGROUP_PIDLIST_DESTROY_DELAY);
L
Li Zefan 已提交
3828
	up_write(&l->rwsem);
3829 3830
}

3831
static int cgroup_pidlist_release(struct inode *inode, struct file *file)
3832
{
3833
	struct cgroup_pidlist_open_file *of;
3834

3835 3836 3837
	of = ((struct seq_file *)file->private_data)->private;
	cgroup_release_pid_array(of->pidlist);
	return seq_release_private(inode, file);
3838 3839
}

3840
static const struct file_operations cgroup_pidlist_operations = {
3841 3842 3843
	.read = seq_read,
	.llseek = seq_lseek,
	.write = cgroup_file_write,
3844
	.release = cgroup_pidlist_release,
3845 3846
};

3847
/*
3848 3849 3850
 * The following functions handle opens on a file that displays a pidlist
 * (tasks or procs). Prepare an array of the process/thread IDs of whoever's
 * in the cgroup.
3851
 */
3852
/* helper function for the two below it */
3853
static int cgroup_pidlist_open(struct file *file, enum cgroup_filetype type)
3854
{
3855
	struct cgroup *cgrp = __d_cgrp(file->f_dentry->d_parent);
3856
	struct cgroup_pidlist_open_file *of;
3857
	struct cgroup_pidlist *l;
3858
	int retval;
3859

3860
	/* have the array populated */
3861
	retval = pidlist_array_load(cgrp, type, &l);
3862 3863 3864 3865
	if (retval)
		return retval;
	/* configure file information */
	file->f_op = &cgroup_pidlist_operations;
3866

3867 3868 3869
	of = __seq_open_private(file, &cgroup_pidlist_seq_operations,
				sizeof(*of));
	if (!of) {
3870
		cgroup_release_pid_array(l);
3871
		return -ENOMEM;
3872
	}
3873 3874 3875 3876

	of->type = type;
	of->cgrp = cgrp;
	of->pidlist = l;
3877 3878
	return 0;
}
3879 3880
static int cgroup_tasks_open(struct inode *unused, struct file *file)
{
3881
	return cgroup_pidlist_open(file, CGROUP_FILE_TASKS);
3882 3883 3884
}
static int cgroup_procs_open(struct inode *unused, struct file *file)
{
3885
	return cgroup_pidlist_open(file, CGROUP_FILE_PROCS);
3886
}
3887

3888 3889
static u64 cgroup_read_notify_on_release(struct cgroup_subsys_state *css,
					 struct cftype *cft)
3890
{
3891
	return notify_on_release(css->cgroup);
3892 3893
}

3894 3895
static int cgroup_write_notify_on_release(struct cgroup_subsys_state *css,
					  struct cftype *cft, u64 val)
3896
{
3897
	clear_bit(CGRP_RELEASABLE, &css->cgroup->flags);
3898
	if (val)
3899
		set_bit(CGRP_NOTIFY_ON_RELEASE, &css->cgroup->flags);
3900
	else
3901
		clear_bit(CGRP_NOTIFY_ON_RELEASE, &css->cgroup->flags);
3902 3903 3904
	return 0;
}

3905 3906 3907 3908 3909 3910 3911 3912 3913 3914 3915 3916 3917 3918 3919 3920 3921
/*
 * When dput() is called asynchronously, if umount has been done and
 * then deactivate_super() in cgroup_free_fn() kills the superblock,
 * there's a small window that vfs will see the root dentry with non-zero
 * refcnt and trigger BUG().
 *
 * That's why we hold a reference before dput() and drop it right after.
 */
static void cgroup_dput(struct cgroup *cgrp)
{
	struct super_block *sb = cgrp->root->sb;

	atomic_inc(&sb->s_active);
	dput(cgrp->dentry);
	deactivate_super(sb);
}

3922 3923
static u64 cgroup_clone_children_read(struct cgroup_subsys_state *css,
				      struct cftype *cft)
3924
{
3925
	return test_bit(CGRP_CPUSET_CLONE_CHILDREN, &css->cgroup->flags);
3926 3927
}

3928 3929
static int cgroup_clone_children_write(struct cgroup_subsys_state *css,
				       struct cftype *cft, u64 val)
3930 3931
{
	if (val)
3932
		set_bit(CGRP_CPUSET_CLONE_CHILDREN, &css->cgroup->flags);
3933
	else
3934
		clear_bit(CGRP_CPUSET_CLONE_CHILDREN, &css->cgroup->flags);
3935 3936 3937
	return 0;
}

3938
static struct cftype cgroup_base_files[] = {
3939
	{
3940
		.name = "cgroup.procs",
3941
		.open = cgroup_procs_open,
B
Ben Blum 已提交
3942 3943
		.write_u64 = cgroup_procs_write,
		.mode = S_IRUGO | S_IWUSR,
3944
	},
3945 3946
	{
		.name = "cgroup.clone_children",
3947
		.flags = CFTYPE_INSANE,
3948 3949 3950
		.read_u64 = cgroup_clone_children_read,
		.write_u64 = cgroup_clone_children_write,
	},
3951 3952 3953 3954 3955
	{
		.name = "cgroup.sane_behavior",
		.flags = CFTYPE_ONLY_ON_ROOT,
		.read_seq_string = cgroup_sane_behavior_show,
	},
3956 3957 3958 3959 3960 3961 3962 3963 3964 3965 3966 3967 3968 3969 3970 3971 3972 3973 3974

	/*
	 * Historical crazy stuff.  These don't have "cgroup."  prefix and
	 * don't exist if sane_behavior.  If you're depending on these, be
	 * prepared to be burned.
	 */
	{
		.name = "tasks",
		.flags = CFTYPE_INSANE,		/* use "procs" instead */
		.open = cgroup_tasks_open,
		.write_u64 = cgroup_tasks_write,
		.mode = S_IRUGO | S_IWUSR,
	},
	{
		.name = "notify_on_release",
		.flags = CFTYPE_INSANE,
		.read_u64 = cgroup_read_notify_on_release,
		.write_u64 = cgroup_write_notify_on_release,
	},
3975 3976
	{
		.name = "release_agent",
3977
		.flags = CFTYPE_INSANE | CFTYPE_ONLY_ON_ROOT,
3978 3979 3980 3981
		.read_seq_string = cgroup_release_agent_show,
		.write_string = cgroup_release_agent_write,
		.max_write_len = PATH_MAX,
	},
T
Tejun Heo 已提交
3982
	{ }	/* terminate */
3983 3984
};

3985
/**
3986
 * cgroup_populate_dir - create subsys files in a cgroup directory
3987 3988
 * @cgrp: target cgroup
 * @subsys_mask: mask of the subsystem ids whose files should be added
3989 3990
 *
 * On failure, no file is added.
3991
 */
3992
static int cgroup_populate_dir(struct cgroup *cgrp, unsigned long subsys_mask)
3993 3994
{
	struct cgroup_subsys *ss;
3995
	int i, ret = 0;
3996

3997
	/* process cftsets of each subsystem */
3998
	for_each_subsys(ss, i) {
3999
		struct cftype_set *set;
4000 4001

		if (!test_bit(i, &subsys_mask))
4002
			continue;
4003

4004
		list_for_each_entry(set, &ss->cftsets, node) {
4005
			ret = cgroup_addrm_files(cgrp, set->cfts, true);
4006 4007 4008
			if (ret < 0)
				goto err;
		}
4009 4010
	}
	return 0;
4011 4012 4013
err:
	cgroup_clear_dir(cgrp, subsys_mask);
	return ret;
4014 4015
}

4016 4017 4018 4019 4020 4021 4022 4023 4024 4025 4026 4027 4028 4029 4030 4031 4032 4033 4034 4035 4036 4037
/*
 * css destruction is four-stage process.
 *
 * 1. Destruction starts.  Killing of the percpu_ref is initiated.
 *    Implemented in kill_css().
 *
 * 2. When the percpu_ref is confirmed to be visible as killed on all CPUs
 *    and thus css_tryget() is guaranteed to fail, the css can be offlined
 *    by invoking offline_css().  After offlining, the base ref is put.
 *    Implemented in css_killed_work_fn().
 *
 * 3. When the percpu_ref reaches zero, the only possible remaining
 *    accessors are inside RCU read sections.  css_release() schedules the
 *    RCU callback.
 *
 * 4. After the grace period, the css can be freed.  Implemented in
 *    css_free_work_fn().
 *
 * It is actually hairier because both step 2 and 4 require process context
 * and thus involve punting to css->destroy_work adding two additional
 * steps to the already complex sequence.
 */
4038
static void css_free_work_fn(struct work_struct *work)
4039 4040
{
	struct cgroup_subsys_state *css =
4041
		container_of(work, struct cgroup_subsys_state, destroy_work);
4042
	struct cgroup *cgrp = css->cgroup;
4043

4044 4045 4046
	if (css->parent)
		css_put(css->parent);

4047 4048
	css->ss->css_free(css);
	cgroup_dput(cgrp);
4049 4050
}

4051
static void css_free_rcu_fn(struct rcu_head *rcu_head)
4052 4053
{
	struct cgroup_subsys_state *css =
4054
		container_of(rcu_head, struct cgroup_subsys_state, rcu_head);
4055

4056 4057
	/*
	 * css holds an extra ref to @cgrp->dentry which is put on the last
4058
	 * css_put().  dput() requires process context which we don't have.
4059 4060
	 */
	INIT_WORK(&css->destroy_work, css_free_work_fn);
4061
	queue_work(cgroup_destroy_wq, &css->destroy_work);
4062 4063
}

4064 4065 4066 4067 4068
static void css_release(struct percpu_ref *ref)
{
	struct cgroup_subsys_state *css =
		container_of(ref, struct cgroup_subsys_state, refcnt);

4069
	call_rcu(&css->rcu_head, css_free_rcu_fn);
4070 4071
}

4072 4073
static void init_css(struct cgroup_subsys_state *css, struct cgroup_subsys *ss,
		     struct cgroup *cgrp)
4074
{
4075
	css->cgroup = cgrp;
4076
	css->ss = ss;
4077
	css->flags = 0;
4078 4079

	if (cgrp->parent)
4080
		css->parent = cgroup_css(cgrp->parent, ss);
4081
	else
4082
		css->flags |= CSS_ROOT;
4083

4084
	BUG_ON(cgroup_css(cgrp, ss));
4085 4086
}

4087
/* invoke ->css_online() on a new CSS and mark it online if successful */
4088
static int online_css(struct cgroup_subsys_state *css)
4089
{
4090
	struct cgroup_subsys *ss = css->ss;
T
Tejun Heo 已提交
4091 4092
	int ret = 0;

4093 4094
	lockdep_assert_held(&cgroup_mutex);

4095
	if (ss->css_online)
4096
		ret = ss->css_online(css);
4097
	if (!ret) {
4098
		css->flags |= CSS_ONLINE;
4099
		css->cgroup->nr_css++;
4100 4101
		rcu_assign_pointer(css->cgroup->subsys[ss->subsys_id], css);
	}
T
Tejun Heo 已提交
4102
	return ret;
4103 4104
}

4105
/* if the CSS is online, invoke ->css_offline() on it and mark it offline */
4106
static void offline_css(struct cgroup_subsys_state *css)
4107
{
4108
	struct cgroup_subsys *ss = css->ss;
4109 4110 4111 4112 4113 4114

	lockdep_assert_held(&cgroup_mutex);

	if (!(css->flags & CSS_ONLINE))
		return;

4115
	if (ss->css_offline)
4116
		ss->css_offline(css);
4117

4118
	css->flags &= ~CSS_ONLINE;
4119
	css->cgroup->nr_css--;
4120
	RCU_INIT_POINTER(css->cgroup->subsys[ss->subsys_id], css);
4121 4122
}

4123
/*
L
Li Zefan 已提交
4124 4125 4126 4127
 * cgroup_create - create a cgroup
 * @parent: cgroup that will be parent of the new cgroup
 * @dentry: dentry of the new cgroup
 * @mode: mode to set on new inode
4128
 *
L
Li Zefan 已提交
4129
 * Must be called with the mutex on the parent inode held
4130 4131
 */
static long cgroup_create(struct cgroup *parent, struct dentry *dentry,
A
Al Viro 已提交
4132
			     umode_t mode)
4133
{
4134
	struct cgroup_subsys_state *css_ar[CGROUP_SUBSYS_COUNT] = { };
4135
	struct cgroup *cgrp;
4136
	struct cgroup_name *name;
4137 4138 4139 4140 4141
	struct cgroupfs_root *root = parent->root;
	int err = 0;
	struct cgroup_subsys *ss;
	struct super_block *sb = root->sb;

T
Tejun Heo 已提交
4142
	/* allocate the cgroup and its ID, 0 is reserved for the root */
4143 4144
	cgrp = kzalloc(sizeof(*cgrp), GFP_KERNEL);
	if (!cgrp)
4145 4146
		return -ENOMEM;

4147 4148 4149 4150 4151
	name = cgroup_alloc_name(dentry);
	if (!name)
		goto err_free_cgrp;
	rcu_assign_pointer(cgrp->name, name);

4152 4153 4154 4155 4156
	/*
	 * Temporarily set the pointer to NULL, so idr_find() won't return
	 * a half-baked cgroup.
	 */
	cgrp->id = idr_alloc(&root->cgroup_idr, NULL, 1, 0, GFP_KERNEL);
T
Tejun Heo 已提交
4157
	if (cgrp->id < 0)
4158
		goto err_free_name;
T
Tejun Heo 已提交
4159

4160 4161 4162 4163 4164 4165 4166 4167 4168
	/*
	 * Only live parents can have children.  Note that the liveliness
	 * check isn't strictly necessary because cgroup_mkdir() and
	 * cgroup_rmdir() are fully synchronized by i_mutex; however, do it
	 * anyway so that locking is contained inside cgroup proper and we
	 * don't get nasty surprises if we ever grow another caller.
	 */
	if (!cgroup_lock_live_group(parent)) {
		err = -ENODEV;
T
Tejun Heo 已提交
4169
		goto err_free_id;
4170 4171
	}

4172 4173 4174 4175 4176 4177 4178
	/* Grab a reference on the superblock so the hierarchy doesn't
	 * get deleted on unmount if there are child cgroups.  This
	 * can be done outside cgroup_mutex, since the sb can't
	 * disappear while someone has an open control file on the
	 * fs */
	atomic_inc(&sb->s_active);

4179
	init_cgroup_housekeeping(cgrp);
4180

4181 4182 4183
	dentry->d_fsdata = cgrp;
	cgrp->dentry = dentry;

4184
	cgrp->parent = parent;
4185
	cgrp->dummy_css.parent = &parent->dummy_css;
4186
	cgrp->root = parent->root;
4187

4188 4189 4190
	if (notify_on_release(parent))
		set_bit(CGRP_NOTIFY_ON_RELEASE, &cgrp->flags);

4191 4192
	if (test_bit(CGRP_CPUSET_CLONE_CHILDREN, &parent->flags))
		set_bit(CGRP_CPUSET_CLONE_CHILDREN, &cgrp->flags);
4193

4194
	for_each_root_subsys(root, ss) {
4195
		struct cgroup_subsys_state *css;
4196

4197
		css = ss->css_alloc(cgroup_css(parent, ss));
4198 4199
		if (IS_ERR(css)) {
			err = PTR_ERR(css);
4200
			goto err_free_all;
4201
		}
4202
		css_ar[ss->subsys_id] = css;
4203 4204

		err = percpu_ref_init(&css->refcnt, css_release);
4205
		if (err)
4206 4207
			goto err_free_all;

4208
		init_css(css, ss, cgrp);
4209 4210
	}

4211 4212 4213 4214 4215
	/*
	 * Create directory.  cgroup_create_file() returns with the new
	 * directory locked on success so that it can be populated without
	 * dropping cgroup_mutex.
	 */
T
Tejun Heo 已提交
4216
	err = cgroup_create_file(dentry, S_IFDIR | mode, sb);
4217
	if (err < 0)
4218
		goto err_free_all;
4219
	lockdep_assert_held(&dentry->d_inode->i_mutex);
4220

4221
	cgrp->serial_nr = cgroup_serial_nr_next++;
4222

4223 4224 4225
	/* allocation complete, commit to creation */
	list_add_tail_rcu(&cgrp->sibling, &cgrp->parent->children);
	root->number_of_cgroups++;
T
Tejun Heo 已提交
4226

4227 4228
	/* each css holds a ref to the cgroup's dentry and the parent css */
	for_each_root_subsys(root, ss) {
4229
		struct cgroup_subsys_state *css = css_ar[ss->subsys_id];
4230

4231
		dget(dentry);
4232
		css_get(css->parent);
4233
	}
4234

4235 4236 4237
	/* hold a ref to the parent's dentry */
	dget(parent->dentry);

T
Tejun Heo 已提交
4238
	/* creation succeeded, notify subsystems */
4239
	for_each_root_subsys(root, ss) {
4240
		struct cgroup_subsys_state *css = css_ar[ss->subsys_id];
4241 4242

		err = online_css(css);
T
Tejun Heo 已提交
4243 4244
		if (err)
			goto err_destroy;
4245 4246 4247 4248 4249 4250 4251 4252 4253

		if (ss->broken_hierarchy && !ss->warned_broken_hierarchy &&
		    parent->parent) {
			pr_warning("cgroup: %s (%d) created nested cgroup for controller \"%s\" which has incomplete hierarchy support. Nested cgroups may change behavior in the future.\n",
				   current->comm, current->pid, ss->name);
			if (!strcmp(ss->name, "memory"))
				pr_warning("cgroup: \"memory\" requires setting use_hierarchy to 1 on the root.\n");
			ss->warned_broken_hierarchy = true;
		}
4254 4255
	}

4256 4257
	idr_replace(&root->cgroup_idr, cgrp, cgrp->id);

4258
	err = cgroup_addrm_files(cgrp, cgroup_base_files, true);
4259 4260 4261 4262
	if (err)
		goto err_destroy;

	err = cgroup_populate_dir(cgrp, root->subsys_mask);
4263 4264
	if (err)
		goto err_destroy;
4265 4266

	mutex_unlock(&cgroup_mutex);
4267
	mutex_unlock(&cgrp->dentry->d_inode->i_mutex);
4268 4269 4270

	return 0;

4271
err_free_all:
4272
	for_each_root_subsys(root, ss) {
4273
		struct cgroup_subsys_state *css = css_ar[ss->subsys_id];
4274 4275 4276

		if (css) {
			percpu_ref_cancel_init(&css->refcnt);
4277
			ss->css_free(css);
4278
		}
4279 4280 4281 4282
	}
	mutex_unlock(&cgroup_mutex);
	/* Release the reference count that we took on the superblock */
	deactivate_super(sb);
T
Tejun Heo 已提交
4283
err_free_id:
4284
	idr_remove(&root->cgroup_idr, cgrp->id);
4285 4286
err_free_name:
	kfree(rcu_dereference_raw(cgrp->name));
4287
err_free_cgrp:
4288
	kfree(cgrp);
4289
	return err;
4290 4291 4292 4293 4294 4295

err_destroy:
	cgroup_destroy_locked(cgrp);
	mutex_unlock(&cgroup_mutex);
	mutex_unlock(&dentry->d_inode->i_mutex);
	return err;
4296 4297
}

4298
static int cgroup_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
4299 4300 4301 4302 4303 4304 4305
{
	struct cgroup *c_parent = dentry->d_parent->d_fsdata;

	/* the vfs holds inode->i_mutex already */
	return cgroup_create(c_parent, dentry, mode | S_IFDIR);
}

4306 4307 4308 4309 4310
/*
 * This is called when the refcnt of a css is confirmed to be killed.
 * css_tryget() is now guaranteed to fail.
 */
static void css_killed_work_fn(struct work_struct *work)
4311
{
4312 4313 4314
	struct cgroup_subsys_state *css =
		container_of(work, struct cgroup_subsys_state, destroy_work);
	struct cgroup *cgrp = css->cgroup;
4315

4316 4317
	mutex_lock(&cgroup_mutex);

4318 4319 4320 4321 4322 4323
	/*
	 * css_tryget() is guaranteed to fail now.  Tell subsystems to
	 * initate destruction.
	 */
	offline_css(css);

4324 4325 4326 4327 4328
	/*
	 * If @cgrp is marked dead, it's waiting for refs of all css's to
	 * be disabled before proceeding to the second phase of cgroup
	 * destruction.  If we are the last one, kick it off.
	 */
4329
	if (!cgrp->nr_css && cgroup_is_dead(cgrp))
4330 4331 4332
		cgroup_destroy_css_killed(cgrp);

	mutex_unlock(&cgroup_mutex);
4333 4334 4335 4336 4337 4338 4339 4340 4341

	/*
	 * Put the css refs from kill_css().  Each css holds an extra
	 * reference to the cgroup's dentry and cgroup removal proceeds
	 * regardless of css refs.  On the last put of each css, whenever
	 * that may be, the extra dentry ref is put so that dentry
	 * destruction happens only after all css's are released.
	 */
	css_put(css);
4342 4343
}

4344 4345
/* css kill confirmation processing requires process context, bounce */
static void css_killed_ref_fn(struct percpu_ref *ref)
4346 4347 4348 4349
{
	struct cgroup_subsys_state *css =
		container_of(ref, struct cgroup_subsys_state, refcnt);

4350
	INIT_WORK(&css->destroy_work, css_killed_work_fn);
4351
	queue_work(cgroup_destroy_wq, &css->destroy_work);
4352 4353
}

T
Tejun Heo 已提交
4354 4355 4356 4357
/**
 * kill_css - destroy a css
 * @css: css to destroy
 *
4358 4359 4360 4361
 * This function initiates destruction of @css by removing cgroup interface
 * files and putting its base reference.  ->css_offline() will be invoked
 * asynchronously once css_tryget() is guaranteed to fail and when the
 * reference count reaches zero, @css will be released.
T
Tejun Heo 已提交
4362 4363 4364
 */
static void kill_css(struct cgroup_subsys_state *css)
{
4365 4366
	cgroup_clear_dir(css->cgroup, 1 << css->ss->subsys_id);

T
Tejun Heo 已提交
4367 4368 4369 4370 4371 4372 4373 4374 4375 4376 4377 4378 4379 4380 4381 4382 4383
	/*
	 * Killing would put the base ref, but we need to keep it alive
	 * until after ->css_offline().
	 */
	css_get(css);

	/*
	 * cgroup core guarantees that, by the time ->css_offline() is
	 * invoked, no new css reference will be given out via
	 * css_tryget().  We can't simply call percpu_ref_kill() and
	 * proceed to offlining css's because percpu_ref_kill() doesn't
	 * guarantee that the ref is seen as killed on all CPUs on return.
	 *
	 * Use percpu_ref_kill_and_confirm() to get notifications as each
	 * css is confirmed to be seen as killed on all CPUs.
	 */
	percpu_ref_kill_and_confirm(&css->refcnt, css_killed_ref_fn);
4384 4385 4386 4387 4388 4389 4390 4391 4392 4393 4394 4395 4396 4397 4398 4399 4400 4401 4402 4403 4404 4405 4406 4407 4408 4409
}

/**
 * cgroup_destroy_locked - the first stage of cgroup destruction
 * @cgrp: cgroup to be destroyed
 *
 * css's make use of percpu refcnts whose killing latency shouldn't be
 * exposed to userland and are RCU protected.  Also, cgroup core needs to
 * guarantee that css_tryget() won't succeed by the time ->css_offline() is
 * invoked.  To satisfy all the requirements, destruction is implemented in
 * the following two steps.
 *
 * s1. Verify @cgrp can be destroyed and mark it dying.  Remove all
 *     userland visible parts and start killing the percpu refcnts of
 *     css's.  Set up so that the next stage will be kicked off once all
 *     the percpu refcnts are confirmed to be killed.
 *
 * s2. Invoke ->css_offline(), mark the cgroup dead and proceed with the
 *     rest of destruction.  Once all cgroup references are gone, the
 *     cgroup is RCU-freed.
 *
 * This function implements s1.  After this step, @cgrp is gone as far as
 * the userland is concerned and a new cgroup with the same name may be
 * created.  As cgroup doesn't care about the names internally, this
 * doesn't cause any problem.
 */
4410 4411
static int cgroup_destroy_locked(struct cgroup *cgrp)
	__releases(&cgroup_mutex) __acquires(&cgroup_mutex)
4412
{
4413
	struct dentry *d = cgrp->dentry;
4414
	struct cgroup_subsys *ss;
4415
	struct cgroup *child;
4416
	bool empty;
4417

4418 4419 4420
	lockdep_assert_held(&d->d_inode->i_mutex);
	lockdep_assert_held(&cgroup_mutex);

4421
	/*
T
Tejun Heo 已提交
4422 4423
	 * css_set_lock synchronizes access to ->cset_links and prevents
	 * @cgrp from being removed while __put_css_set() is in progress.
4424 4425
	 */
	read_lock(&css_set_lock);
4426
	empty = list_empty(&cgrp->cset_links);
4427 4428
	read_unlock(&css_set_lock);
	if (!empty)
4429
		return -EBUSY;
L
Li Zefan 已提交
4430

4431 4432 4433 4434 4435 4436 4437 4438 4439 4440 4441 4442 4443 4444 4445 4446
	/*
	 * Make sure there's no live children.  We can't test ->children
	 * emptiness as dead children linger on it while being destroyed;
	 * otherwise, "rmdir parent/child parent" may fail with -EBUSY.
	 */
	empty = true;
	rcu_read_lock();
	list_for_each_entry_rcu(child, &cgrp->children, sibling) {
		empty = cgroup_is_dead(child);
		if (!empty)
			break;
	}
	rcu_read_unlock();
	if (!empty)
		return -EBUSY;

4447
	/*
T
Tejun Heo 已提交
4448 4449 4450
	 * Initiate massacre of all css's.  cgroup_destroy_css_killed()
	 * will be invoked to perform the rest of destruction once the
	 * percpu refs of all css's are confirmed to be killed.
4451
	 */
T
Tejun Heo 已提交
4452
	for_each_root_subsys(cgrp->root, ss)
4453
		kill_css(cgroup_css(cgrp, ss));
4454 4455 4456 4457

	/*
	 * Mark @cgrp dead.  This prevents further task migration and child
	 * creation by disabling cgroup_lock_live_group().  Note that
4458
	 * CGRP_DEAD assertion is depended upon by css_next_child() to
4459
	 * resume iteration after dropping RCU read lock.  See
4460
	 * css_next_child() for details.
4461
	 */
4462
	set_bit(CGRP_DEAD, &cgrp->flags);
4463

4464 4465 4466 4467 4468 4469 4470
	/* CGRP_DEAD is set, remove from ->release_list for the last time */
	raw_spin_lock(&release_list_lock);
	if (!list_empty(&cgrp->release_list))
		list_del_init(&cgrp->release_list);
	raw_spin_unlock(&release_list_lock);

	/*
4471 4472 4473 4474 4475 4476 4477 4478
	 * If @cgrp has css's attached, the second stage of cgroup
	 * destruction is kicked off from css_killed_work_fn() after the
	 * refs of all attached css's are killed.  If @cgrp doesn't have
	 * any css, we kick it off here.
	 */
	if (!cgrp->nr_css)
		cgroup_destroy_css_killed(cgrp);

4479
	/*
4480 4481 4482
	 * Clear the base files and remove @cgrp directory.  The removal
	 * puts the base ref but we aren't quite done with @cgrp yet, so
	 * hold onto it.
4483
	 */
4484
	cgroup_addrm_files(cgrp, cgroup_base_files, false);
4485 4486 4487
	dget(d);
	cgroup_d_remove_dir(d);

4488 4489 4490
	return 0;
};

4491
/**
4492
 * cgroup_destroy_css_killed - the second step of cgroup destruction
4493 4494 4495
 * @work: cgroup->destroy_free_work
 *
 * This function is invoked from a work item for a cgroup which is being
4496 4497 4498
 * destroyed after all css's are offlined and performs the rest of
 * destruction.  This is the second step of destruction described in the
 * comment above cgroup_destroy_locked().
4499
 */
4500
static void cgroup_destroy_css_killed(struct cgroup *cgrp)
4501 4502 4503 4504
{
	struct cgroup *parent = cgrp->parent;
	struct dentry *d = cgrp->dentry;

4505
	lockdep_assert_held(&cgroup_mutex);
4506

4507
	/* delete this cgroup from parent->children */
4508
	list_del_rcu(&cgrp->sibling);
4509 4510

	/*
4511 4512 4513
	 * We should remove the cgroup object from idr before its grace
	 * period starts, so we won't be looking up a cgroup while the
	 * cgroup is being freed.
4514
	 */
4515 4516
	idr_remove(&cgrp->root->cgroup_idr, cgrp->id);
	cgrp->id = -1;
4517

4518 4519
	dput(d);

4520
	set_bit(CGRP_RELEASABLE, &parent->flags);
4521
	check_for_release(parent);
4522 4523
}

4524 4525 4526 4527 4528 4529 4530 4531 4532 4533 4534
static int cgroup_rmdir(struct inode *unused_dir, struct dentry *dentry)
{
	int ret;

	mutex_lock(&cgroup_mutex);
	ret = cgroup_destroy_locked(dentry->d_fsdata);
	mutex_unlock(&cgroup_mutex);

	return ret;
}

4535 4536 4537 4538 4539 4540 4541 4542 4543
static void __init_or_module cgroup_init_cftsets(struct cgroup_subsys *ss)
{
	INIT_LIST_HEAD(&ss->cftsets);

	/*
	 * base_cftset is embedded in subsys itself, no need to worry about
	 * deregistration.
	 */
	if (ss->base_cftypes) {
4544 4545 4546 4547 4548
		struct cftype *cft;

		for (cft = ss->base_cftypes; cft->name[0] != '\0'; cft++)
			cft->ss = ss;

4549 4550 4551 4552 4553
		ss->base_cftset.cfts = ss->base_cftypes;
		list_add_tail(&ss->base_cftset.node, &ss->cftsets);
	}
}

4554
static void __init cgroup_init_subsys(struct cgroup_subsys *ss)
4555 4556
{
	struct cgroup_subsys_state *css;
D
Diego Calleja 已提交
4557 4558

	printk(KERN_INFO "Initializing cgroup subsys %s\n", ss->name);
4559

4560 4561
	mutex_lock(&cgroup_mutex);

4562 4563 4564
	/* init base cftset */
	cgroup_init_cftsets(ss);

4565
	/* Create the top cgroup state for this subsystem */
4566 4567
	list_add(&ss->sibling, &cgroup_dummy_root.subsys_list);
	ss->root = &cgroup_dummy_root;
4568
	css = ss->css_alloc(cgroup_css(cgroup_dummy_top, ss));
4569 4570
	/* We don't handle early failures gracefully */
	BUG_ON(IS_ERR(css));
4571
	init_css(css, ss, cgroup_dummy_top);
4572

L
Li Zefan 已提交
4573
	/* Update the init_css_set to contain a subsys
4574
	 * pointer to this state - since the subsystem is
L
Li Zefan 已提交
4575 4576
	 * newly registered, all tasks and hence the
	 * init_css_set is in the subsystem's top cgroup. */
4577
	init_css_set.subsys[ss->subsys_id] = css;
4578 4579 4580

	need_forkexit_callback |= ss->fork || ss->exit;

L
Li Zefan 已提交
4581 4582 4583 4584 4585
	/* At system boot, before all subsystems have been
	 * registered, no tasks have been forked, so we don't
	 * need to invoke fork callbacks here. */
	BUG_ON(!list_empty(&init_task.tasks));

4586
	BUG_ON(online_css(css));
4587

4588 4589
	mutex_unlock(&cgroup_mutex);

4590 4591 4592 4593 4594 4595 4596 4597 4598 4599
	/* this function shouldn't be used with modular subsystems, since they
	 * need to register a subsys_id, among other things */
	BUG_ON(ss->module);
}

/**
 * cgroup_load_subsys: load and register a modular subsystem at runtime
 * @ss: the subsystem to load
 *
 * This function should be called in a modular subsystem's initcall. If the
T
Thomas Weber 已提交
4600
 * subsystem is built as a module, it will be assigned a new subsys_id and set
4601 4602 4603 4604 4605 4606
 * up for use. If the subsystem is built-in anyway, work is delegated to the
 * simpler cgroup_init_subsys.
 */
int __init_or_module cgroup_load_subsys(struct cgroup_subsys *ss)
{
	struct cgroup_subsys_state *css;
4607
	int i, ret;
4608
	struct hlist_node *tmp;
4609
	struct css_set *cset;
4610
	unsigned long key;
4611 4612 4613

	/* check name and function validity */
	if (ss->name == NULL || strlen(ss->name) > MAX_CGROUP_TYPE_NAMELEN ||
4614
	    ss->css_alloc == NULL || ss->css_free == NULL)
4615 4616 4617 4618 4619 4620 4621 4622 4623 4624 4625 4626 4627 4628 4629 4630
		return -EINVAL;

	/*
	 * we don't support callbacks in modular subsystems. this check is
	 * before the ss->module check for consistency; a subsystem that could
	 * be a module should still have no callbacks even if the user isn't
	 * compiling it as one.
	 */
	if (ss->fork || ss->exit)
		return -EINVAL;

	/*
	 * an optionally modular subsystem is built-in: we want to do nothing,
	 * since cgroup_init_subsys will have already taken care of it.
	 */
	if (ss->module == NULL) {
4631
		/* a sanity check */
4632
		BUG_ON(cgroup_subsys[ss->subsys_id] != ss);
4633 4634 4635
		return 0;
	}

4636 4637 4638
	/* init base cftset */
	cgroup_init_cftsets(ss);

4639
	mutex_lock(&cgroup_mutex);
4640
	cgroup_subsys[ss->subsys_id] = ss;
4641 4642

	/*
4643
	 * no ss->css_alloc seems to need anything important in the ss
4644
	 * struct, so this can happen first (i.e. before the dummy root
4645
	 * attachment).
4646
	 */
4647
	css = ss->css_alloc(cgroup_css(cgroup_dummy_top, ss));
4648
	if (IS_ERR(css)) {
4649 4650
		/* failure case - need to deassign the cgroup_subsys[] slot. */
		cgroup_subsys[ss->subsys_id] = NULL;
4651 4652 4653 4654
		mutex_unlock(&cgroup_mutex);
		return PTR_ERR(css);
	}

4655 4656
	list_add(&ss->sibling, &cgroup_dummy_root.subsys_list);
	ss->root = &cgroup_dummy_root;
4657 4658

	/* our new subsystem will be attached to the dummy hierarchy. */
4659
	init_css(css, ss, cgroup_dummy_top);
4660 4661 4662 4663 4664 4665 4666 4667 4668 4669

	/*
	 * Now we need to entangle the css into the existing css_sets. unlike
	 * in cgroup_init_subsys, there are now multiple css_sets, so each one
	 * will need a new pointer to it; done by iterating the css_set_table.
	 * furthermore, modifying the existing css_sets will corrupt the hash
	 * table state, so each changed css_set will need its hash recomputed.
	 * this is all done under the css_set_lock.
	 */
	write_lock(&css_set_lock);
4670
	hash_for_each_safe(css_set_table, i, tmp, cset, hlist) {
4671
		/* skip entries that we already rehashed */
4672
		if (cset->subsys[ss->subsys_id])
4673 4674
			continue;
		/* remove existing entry */
4675
		hash_del(&cset->hlist);
4676
		/* set new value */
4677
		cset->subsys[ss->subsys_id] = css;
4678
		/* recompute hash and restore entry */
4679 4680
		key = css_set_hash(cset->subsys);
		hash_add(css_set_table, &cset->hlist, key);
4681 4682 4683
	}
	write_unlock(&css_set_lock);

4684
	ret = online_css(css);
T
Tejun Heo 已提交
4685 4686
	if (ret)
		goto err_unload;
4687

4688 4689 4690
	/* success! */
	mutex_unlock(&cgroup_mutex);
	return 0;
4691 4692 4693 4694 4695 4696

err_unload:
	mutex_unlock(&cgroup_mutex);
	/* @ss can't be mounted here as try_module_get() would fail */
	cgroup_unload_subsys(ss);
	return ret;
4697
}
4698
EXPORT_SYMBOL_GPL(cgroup_load_subsys);
4699

B
Ben Blum 已提交
4700 4701 4702 4703 4704 4705 4706 4707 4708 4709
/**
 * cgroup_unload_subsys: unload a modular subsystem
 * @ss: the subsystem to unload
 *
 * This function should be called in a modular subsystem's exitcall. When this
 * function is invoked, the refcount on the subsystem's module will be 0, so
 * the subsystem will not be attached to any hierarchy.
 */
void cgroup_unload_subsys(struct cgroup_subsys *ss)
{
4710
	struct cgrp_cset_link *link;
B
Ben Blum 已提交
4711 4712 4713 4714 4715

	BUG_ON(ss->module == NULL);

	/*
	 * we shouldn't be called if the subsystem is in use, and the use of
4716
	 * try_module_get() in rebind_subsystems() should ensure that it
B
Ben Blum 已提交
4717 4718
	 * doesn't start being used while we're killing it off.
	 */
4719
	BUG_ON(ss->root != &cgroup_dummy_root);
B
Ben Blum 已提交
4720 4721

	mutex_lock(&cgroup_mutex);
4722

4723
	offline_css(cgroup_css(cgroup_dummy_top, ss));
4724

B
Ben Blum 已提交
4725
	/* deassign the subsys_id */
4726
	cgroup_subsys[ss->subsys_id] = NULL;
B
Ben Blum 已提交
4727

4728
	/* remove subsystem from the dummy root's list of subsystems */
4729
	list_del_init(&ss->sibling);
B
Ben Blum 已提交
4730 4731

	/*
4732 4733 4734
	 * disentangle the css from all css_sets attached to the dummy
	 * top. as in loading, we need to pay our respects to the hashtable
	 * gods.
B
Ben Blum 已提交
4735 4736
	 */
	write_lock(&css_set_lock);
4737
	list_for_each_entry(link, &cgroup_dummy_top->cset_links, cset_link) {
4738
		struct css_set *cset = link->cset;
4739
		unsigned long key;
B
Ben Blum 已提交
4740

4741 4742 4743 4744
		hash_del(&cset->hlist);
		cset->subsys[ss->subsys_id] = NULL;
		key = css_set_hash(cset->subsys);
		hash_add(css_set_table, &cset->hlist, key);
B
Ben Blum 已提交
4745 4746 4747 4748
	}
	write_unlock(&css_set_lock);

	/*
4749 4750
	 * remove subsystem's css from the cgroup_dummy_top and free it -
	 * need to free before marking as null because ss->css_free needs
L
Li Zefan 已提交
4751
	 * the cgrp->subsys pointer to find their state.
B
Ben Blum 已提交
4752
	 */
4753
	ss->css_free(cgroup_css(cgroup_dummy_top, ss));
4754
	RCU_INIT_POINTER(cgroup_dummy_top->subsys[ss->subsys_id], NULL);
B
Ben Blum 已提交
4755 4756 4757 4758 4759

	mutex_unlock(&cgroup_mutex);
}
EXPORT_SYMBOL_GPL(cgroup_unload_subsys);

4760
/**
L
Li Zefan 已提交
4761 4762 4763 4764
 * cgroup_init_early - cgroup initialization at system boot
 *
 * Initialize cgroups at system boot, and initialize any
 * subsystems that request early init.
4765 4766 4767
 */
int __init cgroup_init_early(void)
{
4768
	struct cgroup_subsys *ss;
4769
	int i;
4770

4771
	atomic_set(&init_css_set.refcount, 1);
4772
	INIT_LIST_HEAD(&init_css_set.cgrp_links);
4773
	INIT_LIST_HEAD(&init_css_set.tasks);
4774
	INIT_HLIST_NODE(&init_css_set.hlist);
4775
	css_set_count = 1;
4776 4777
	init_cgroup_root(&cgroup_dummy_root);
	cgroup_root_count = 1;
4778
	RCU_INIT_POINTER(init_task.cgroups, &init_css_set);
4779

4780
	init_cgrp_cset_link.cset = &init_css_set;
4781 4782
	init_cgrp_cset_link.cgrp = cgroup_dummy_top;
	list_add(&init_cgrp_cset_link.cset_link, &cgroup_dummy_top->cset_links);
4783
	list_add(&init_cgrp_cset_link.cgrp_link, &init_css_set.cgrp_links);
4784

4785 4786
	/* at bootup time, we don't worry about modular subsystems */
	for_each_builtin_subsys(ss, i) {
4787 4788
		BUG_ON(!ss->name);
		BUG_ON(strlen(ss->name) > MAX_CGROUP_TYPE_NAMELEN);
4789 4790
		BUG_ON(!ss->css_alloc);
		BUG_ON(!ss->css_free);
4791
		if (ss->subsys_id != i) {
D
Diego Calleja 已提交
4792
			printk(KERN_ERR "cgroup: Subsys %s id == %d\n",
4793 4794 4795 4796 4797 4798 4799 4800 4801 4802 4803
			       ss->name, ss->subsys_id);
			BUG();
		}

		if (ss->early_init)
			cgroup_init_subsys(ss);
	}
	return 0;
}

/**
L
Li Zefan 已提交
4804 4805 4806 4807
 * cgroup_init - cgroup initialization
 *
 * Register cgroup filesystem and /proc file, and initialize
 * any subsystems that didn't request early init.
4808 4809 4810
 */
int __init cgroup_init(void)
{
4811
	struct cgroup_subsys *ss;
4812
	unsigned long key;
4813
	int i, err;
4814 4815 4816 4817

	err = bdi_init(&cgroup_backing_dev_info);
	if (err)
		return err;
4818

4819
	for_each_builtin_subsys(ss, i) {
4820 4821 4822 4823
		if (!ss->early_init)
			cgroup_init_subsys(ss);
	}

4824
	/* allocate id for the dummy hierarchy */
T
Tejun Heo 已提交
4825 4826 4827
	mutex_lock(&cgroup_mutex);
	mutex_lock(&cgroup_root_mutex);

4828 4829 4830 4831
	/* Add init_css_set to the hash table */
	key = css_set_hash(init_css_set.subsys);
	hash_add(css_set_table, &init_css_set.hlist, key);

4832
	BUG_ON(cgroup_init_root_id(&cgroup_dummy_root, 0, 1));
4833

4834 4835 4836 4837
	err = idr_alloc(&cgroup_dummy_root.cgroup_idr, cgroup_dummy_top,
			0, 1, GFP_KERNEL);
	BUG_ON(err < 0);

T
Tejun Heo 已提交
4838 4839 4840
	mutex_unlock(&cgroup_root_mutex);
	mutex_unlock(&cgroup_mutex);

4841 4842 4843 4844 4845 4846
	cgroup_kobj = kobject_create_and_add("cgroup", fs_kobj);
	if (!cgroup_kobj) {
		err = -ENOMEM;
		goto out;
	}

4847
	err = register_filesystem(&cgroup_fs_type);
4848 4849
	if (err < 0) {
		kobject_put(cgroup_kobj);
4850
		goto out;
4851
	}
4852

L
Li Zefan 已提交
4853
	proc_create("cgroups", 0, NULL, &proc_cgroupstats_operations);
4854

4855
out:
4856 4857 4858
	if (err)
		bdi_destroy(&cgroup_backing_dev_info);

4859 4860
	return err;
}
4861

4862 4863 4864 4865 4866 4867 4868 4869 4870 4871 4872 4873
static int __init cgroup_wq_init(void)
{
	/*
	 * There isn't much point in executing destruction path in
	 * parallel.  Good chunk is serialized with cgroup_mutex anyway.
	 * Use 1 for @max_active.
	 *
	 * We would prefer to do this in cgroup_init() above, but that
	 * is called before init_workqueues(): so leave this until after.
	 */
	cgroup_destroy_wq = alloc_workqueue("cgroup_destroy", 0, 1);
	BUG_ON(!cgroup_destroy_wq);
4874 4875 4876 4877 4878 4879 4880 4881 4882

	/*
	 * Used to destroy pidlists and separate to serve as flush domain.
	 * Cap @max_active to 1 too.
	 */
	cgroup_pidlist_destroy_wq = alloc_workqueue("cgroup_pidlist_destroy",
						    0, 1);
	BUG_ON(!cgroup_pidlist_destroy_wq);

4883 4884 4885 4886
	return 0;
}
core_initcall(cgroup_wq_init);

4887 4888 4889 4890 4891 4892
/*
 * proc_cgroup_show()
 *  - Print task's cgroup paths into seq_file, one line for each hierarchy
 *  - Used for /proc/<pid>/cgroup.
 *  - No need to task_lock(tsk) on this tsk->cgroup reference, as it
 *    doesn't really matter if tsk->cgroup changes after we read it,
4893
 *    and we take cgroup_mutex, keeping cgroup_attach_task() from changing it
4894 4895 4896 4897 4898 4899
 *    anyway.  No need to check that tsk->cgroup != NULL, thanks to
 *    the_top_cgroup_hack in cgroup_exit(), which sets an exiting tasks
 *    cgroup to top_cgroup.
 */

/* TODO: Use a proper seq_file iterator */
4900
int proc_cgroup_show(struct seq_file *m, void *v)
4901 4902 4903 4904 4905 4906 4907 4908 4909 4910 4911 4912 4913 4914 4915 4916 4917 4918 4919 4920 4921 4922
{
	struct pid *pid;
	struct task_struct *tsk;
	char *buf;
	int retval;
	struct cgroupfs_root *root;

	retval = -ENOMEM;
	buf = kmalloc(PAGE_SIZE, GFP_KERNEL);
	if (!buf)
		goto out;

	retval = -ESRCH;
	pid = m->private;
	tsk = get_pid_task(pid, PIDTYPE_PID);
	if (!tsk)
		goto out_free;

	retval = 0;

	mutex_lock(&cgroup_mutex);

4923
	for_each_active_root(root) {
4924
		struct cgroup_subsys *ss;
4925
		struct cgroup *cgrp;
4926 4927
		int count = 0;

4928
		seq_printf(m, "%d:", root->hierarchy_id);
4929
		for_each_root_subsys(root, ss)
4930
			seq_printf(m, "%s%s", count++ ? "," : "", ss->name);
4931 4932 4933
		if (strlen(root->name))
			seq_printf(m, "%sname=%s", count ? "," : "",
				   root->name);
4934
		seq_putc(m, ':');
4935
		cgrp = task_cgroup_from_root(tsk, root);
4936
		retval = cgroup_path(cgrp, buf, PAGE_SIZE);
4937 4938 4939 4940 4941 4942 4943 4944 4945 4946 4947 4948 4949 4950 4951 4952 4953 4954
		if (retval < 0)
			goto out_unlock;
		seq_puts(m, buf);
		seq_putc(m, '\n');
	}

out_unlock:
	mutex_unlock(&cgroup_mutex);
	put_task_struct(tsk);
out_free:
	kfree(buf);
out:
	return retval;
}

/* Display information about each subsystem and each hierarchy */
static int proc_cgroupstats_show(struct seq_file *m, void *v)
{
4955
	struct cgroup_subsys *ss;
4956 4957
	int i;

4958
	seq_puts(m, "#subsys_name\thierarchy\tnum_cgroups\tenabled\n");
B
Ben Blum 已提交
4959 4960 4961 4962 4963
	/*
	 * ideally we don't want subsystems moving around while we do this.
	 * cgroup_mutex is also necessary to guarantee an atomic snapshot of
	 * subsys/hierarchy state.
	 */
4964
	mutex_lock(&cgroup_mutex);
4965 4966

	for_each_subsys(ss, i)
4967 4968
		seq_printf(m, "%s\t%d\t%d\t%d\n",
			   ss->name, ss->root->hierarchy_id,
4969
			   ss->root->number_of_cgroups, !ss->disabled);
4970

4971 4972 4973 4974 4975 4976
	mutex_unlock(&cgroup_mutex);
	return 0;
}

static int cgroupstats_open(struct inode *inode, struct file *file)
{
A
Al Viro 已提交
4977
	return single_open(file, proc_cgroupstats_show, NULL);
4978 4979
}

4980
static const struct file_operations proc_cgroupstats_operations = {
4981 4982 4983 4984 4985 4986
	.open = cgroupstats_open,
	.read = seq_read,
	.llseek = seq_lseek,
	.release = single_release,
};

4987 4988
/**
 * cgroup_fork - attach newly forked task to its parents cgroup.
L
Li Zefan 已提交
4989
 * @child: pointer to task_struct of forking parent process.
4990 4991 4992 4993 4994
 *
 * Description: A task inherits its parent's cgroup at fork().
 *
 * A pointer to the shared css_set was automatically copied in
 * fork.c by dup_task_struct().  However, we ignore that copy, since
4995 4996 4997 4998
 * it was not made under the protection of RCU or cgroup_mutex, so
 * might no longer be a valid cgroup pointer.  cgroup_attach_task() might
 * have already changed current->cgroups, allowing the previously
 * referenced cgroup group to be removed and freed.
4999 5000 5001 5002 5003 5004
 *
 * At the point that cgroup_fork() is called, 'current' is the parent
 * task, and the passed argument 'child' points to the child task.
 */
void cgroup_fork(struct task_struct *child)
{
5005
	task_lock(current);
5006
	get_css_set(task_css_set(current));
5007
	child->cgroups = current->cgroups;
5008
	task_unlock(current);
5009
	INIT_LIST_HEAD(&child->cg_list);
5010 5011
}

5012
/**
L
Li Zefan 已提交
5013 5014 5015
 * cgroup_post_fork - called on a new task after adding it to the task list
 * @child: the task in question
 *
5016 5017 5018
 * Adds the task to the list running through its css_set if necessary and
 * call the subsystem fork() callbacks.  Has to be after the task is
 * visible on the task list in case we race with the first call to
5019
 * cgroup_task_iter_start() - to guarantee that the new task ends up on its
5020
 * list.
L
Li Zefan 已提交
5021
 */
5022 5023
void cgroup_post_fork(struct task_struct *child)
{
5024
	struct cgroup_subsys *ss;
5025 5026
	int i;

5027 5028 5029 5030 5031 5032 5033 5034 5035 5036 5037
	/*
	 * use_task_css_set_links is set to 1 before we walk the tasklist
	 * under the tasklist_lock and we read it here after we added the child
	 * to the tasklist under the tasklist_lock as well. If the child wasn't
	 * yet in the tasklist when we walked through it from
	 * cgroup_enable_task_cg_lists(), then use_task_css_set_links value
	 * should be visible now due to the paired locking and barriers implied
	 * by LOCK/UNLOCK: it is written before the tasklist_lock unlock
	 * in cgroup_enable_task_cg_lists() and read here after the tasklist_lock
	 * lock on fork.
	 */
5038 5039
	if (use_task_css_set_links) {
		write_lock(&css_set_lock);
5040 5041
		task_lock(child);
		if (list_empty(&child->cg_list))
5042
			list_add(&child->cg_list, &task_css_set(child)->tasks);
5043
		task_unlock(child);
5044 5045
		write_unlock(&css_set_lock);
	}
5046 5047 5048 5049 5050 5051 5052

	/*
	 * Call ss->fork().  This must happen after @child is linked on
	 * css_set; otherwise, @child might change state between ->fork()
	 * and addition to css_set.
	 */
	if (need_forkexit_callback) {
5053 5054 5055 5056 5057 5058 5059 5060
		/*
		 * fork/exit callbacks are supported only for builtin
		 * subsystems, and the builtin section of the subsys
		 * array is immutable, so we don't need to lock the
		 * subsys array here. On the other hand, modular section
		 * of the array can be freed at module unload, so we
		 * can't touch that.
		 */
5061
		for_each_builtin_subsys(ss, i)
5062 5063 5064
			if (ss->fork)
				ss->fork(child);
	}
5065
}
5066

5067 5068 5069
/**
 * cgroup_exit - detach cgroup from exiting task
 * @tsk: pointer to task_struct of exiting process
L
Li Zefan 已提交
5070
 * @run_callback: run exit callbacks?
5071 5072 5073 5074 5075 5076 5077 5078 5079 5080 5081 5082 5083 5084 5085 5086 5087 5088 5089 5090 5091 5092 5093 5094 5095 5096 5097 5098
 *
 * Description: Detach cgroup from @tsk and release it.
 *
 * Note that cgroups marked notify_on_release force every task in
 * them to take the global cgroup_mutex mutex when exiting.
 * This could impact scaling on very large systems.  Be reluctant to
 * use notify_on_release cgroups where very high task exit scaling
 * is required on large systems.
 *
 * the_top_cgroup_hack:
 *
 *    Set the exiting tasks cgroup to the root cgroup (top_cgroup).
 *
 *    We call cgroup_exit() while the task is still competent to
 *    handle notify_on_release(), then leave the task attached to the
 *    root cgroup in each hierarchy for the remainder of its exit.
 *
 *    To do this properly, we would increment the reference count on
 *    top_cgroup, and near the very end of the kernel/exit.c do_exit()
 *    code we would add a second cgroup function call, to drop that
 *    reference.  This would just create an unnecessary hot spot on
 *    the top_cgroup reference count, to no avail.
 *
 *    Normally, holding a reference to a cgroup without bumping its
 *    count is unsafe.   The cgroup could go away, or someone could
 *    attach us to a different cgroup, decrementing the count on
 *    the first cgroup that we never incremented.  But in this case,
 *    top_cgroup isn't going away, and either task has PF_EXITING set,
5099 5100
 *    which wards off any cgroup_attach_task() attempts, or task is a failed
 *    fork, never visible to cgroup_attach_task.
5101 5102 5103
 */
void cgroup_exit(struct task_struct *tsk, int run_callbacks)
{
5104
	struct cgroup_subsys *ss;
5105
	struct css_set *cset;
5106
	int i;
5107 5108 5109 5110 5111 5112 5113 5114 5115

	/*
	 * Unlink from the css_set task list if necessary.
	 * Optimistically check cg_list before taking
	 * css_set_lock
	 */
	if (!list_empty(&tsk->cg_list)) {
		write_lock(&css_set_lock);
		if (!list_empty(&tsk->cg_list))
5116
			list_del_init(&tsk->cg_list);
5117 5118 5119
		write_unlock(&css_set_lock);
	}

5120 5121
	/* Reassign the task to the init_css_set. */
	task_lock(tsk);
5122 5123
	cset = task_css_set(tsk);
	RCU_INIT_POINTER(tsk->cgroups, &init_css_set);
5124 5125

	if (run_callbacks && need_forkexit_callback) {
5126 5127 5128 5129
		/*
		 * fork/exit callbacks are supported only for builtin
		 * subsystems, see cgroup_post_fork() for details.
		 */
5130
		for_each_builtin_subsys(ss, i) {
5131
			if (ss->exit) {
5132 5133
				struct cgroup_subsys_state *old_css = cset->subsys[i];
				struct cgroup_subsys_state *css = task_css(tsk, i);
5134

5135
				ss->exit(css, old_css, tsk);
5136 5137 5138
			}
		}
	}
5139
	task_unlock(tsk);
5140

5141
	put_css_set_taskexit(cset);
5142
}
5143

5144
static void check_for_release(struct cgroup *cgrp)
5145
{
5146
	if (cgroup_is_releasable(cgrp) &&
T
Tejun Heo 已提交
5147
	    list_empty(&cgrp->cset_links) && list_empty(&cgrp->children)) {
5148 5149
		/*
		 * Control Group is currently removeable. If it's not
5150
		 * already queued for a userspace notification, queue
5151 5152
		 * it now
		 */
5153
		int need_schedule_work = 0;
5154

5155
		raw_spin_lock(&release_list_lock);
5156
		if (!cgroup_is_dead(cgrp) &&
5157 5158
		    list_empty(&cgrp->release_list)) {
			list_add(&cgrp->release_list, &release_list);
5159 5160
			need_schedule_work = 1;
		}
5161
		raw_spin_unlock(&release_list_lock);
5162 5163 5164 5165 5166 5167 5168 5169 5170 5171 5172 5173 5174 5175 5176 5177 5178 5179 5180 5181 5182 5183 5184 5185 5186 5187 5188 5189 5190 5191 5192 5193
		if (need_schedule_work)
			schedule_work(&release_agent_work);
	}
}

/*
 * Notify userspace when a cgroup is released, by running the
 * configured release agent with the name of the cgroup (path
 * relative to the root of cgroup file system) as the argument.
 *
 * Most likely, this user command will try to rmdir this cgroup.
 *
 * This races with the possibility that some other task will be
 * attached to this cgroup before it is removed, or that some other
 * user task will 'mkdir' a child cgroup of this cgroup.  That's ok.
 * The presumed 'rmdir' will fail quietly if this cgroup is no longer
 * unused, and this cgroup will be reprieved from its death sentence,
 * to continue to serve a useful existence.  Next time it's released,
 * we will get notified again, if it still has 'notify_on_release' set.
 *
 * The final arg to call_usermodehelper() is UMH_WAIT_EXEC, which
 * means only wait until the task is successfully execve()'d.  The
 * separate release agent task is forked by call_usermodehelper(),
 * then control in this thread returns here, without waiting for the
 * release agent task.  We don't bother to wait because the caller of
 * this routine has no use for the exit status of the release agent
 * task, so no sense holding our caller up for that.
 */
static void cgroup_release_agent(struct work_struct *work)
{
	BUG_ON(work != &release_agent_work);
	mutex_lock(&cgroup_mutex);
5194
	raw_spin_lock(&release_list_lock);
5195 5196 5197
	while (!list_empty(&release_list)) {
		char *argv[3], *envp[3];
		int i;
5198
		char *pathbuf = NULL, *agentbuf = NULL;
5199
		struct cgroup *cgrp = list_entry(release_list.next,
5200 5201
						    struct cgroup,
						    release_list);
5202
		list_del_init(&cgrp->release_list);
5203
		raw_spin_unlock(&release_list_lock);
5204
		pathbuf = kmalloc(PAGE_SIZE, GFP_KERNEL);
5205 5206 5207 5208 5209 5210 5211
		if (!pathbuf)
			goto continue_free;
		if (cgroup_path(cgrp, pathbuf, PAGE_SIZE) < 0)
			goto continue_free;
		agentbuf = kstrdup(cgrp->root->release_agent_path, GFP_KERNEL);
		if (!agentbuf)
			goto continue_free;
5212 5213

		i = 0;
5214 5215
		argv[i++] = agentbuf;
		argv[i++] = pathbuf;
5216 5217 5218 5219 5220 5221 5222 5223 5224 5225 5226 5227 5228 5229
		argv[i] = NULL;

		i = 0;
		/* minimal command environment */
		envp[i++] = "HOME=/";
		envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
		envp[i] = NULL;

		/* Drop the lock while we invoke the usermode helper,
		 * since the exec could involve hitting disk and hence
		 * be a slow process */
		mutex_unlock(&cgroup_mutex);
		call_usermodehelper(argv[0], argv, envp, UMH_WAIT_EXEC);
		mutex_lock(&cgroup_mutex);
5230 5231 5232
 continue_free:
		kfree(pathbuf);
		kfree(agentbuf);
5233
		raw_spin_lock(&release_list_lock);
5234
	}
5235
	raw_spin_unlock(&release_list_lock);
5236 5237
	mutex_unlock(&cgroup_mutex);
}
5238 5239 5240

static int __init cgroup_disable(char *str)
{
5241
	struct cgroup_subsys *ss;
5242
	char *token;
5243
	int i;
5244 5245 5246 5247

	while ((token = strsep(&str, ",")) != NULL) {
		if (!*token)
			continue;
5248

5249 5250 5251 5252 5253
		/*
		 * cgroup_disable, being at boot time, can't know about
		 * module subsystems, so we don't worry about them.
		 */
		for_each_builtin_subsys(ss, i) {
5254 5255 5256 5257 5258 5259 5260 5261 5262 5263 5264
			if (!strcmp(token, ss->name)) {
				ss->disabled = 1;
				printk(KERN_INFO "Disabling %s control group"
					" subsystem\n", ss->name);
				break;
			}
		}
	}
	return 1;
}
__setup("cgroup_disable=", cgroup_disable);
K
KAMEZAWA Hiroyuki 已提交
5265

5266
/**
5267 5268 5269
 * css_from_dir - get corresponding css from the dentry of a cgroup dir
 * @dentry: directory dentry of interest
 * @ss: subsystem of interest
5270 5271 5272 5273
 *
 * Must be called under RCU read lock.  The caller is responsible for
 * pinning the returned css if it needs to be accessed outside the RCU
 * critical section.
S
Stephane Eranian 已提交
5274
 */
5275 5276
struct cgroup_subsys_state *css_from_dir(struct dentry *dentry,
					 struct cgroup_subsys *ss)
S
Stephane Eranian 已提交
5277 5278 5279
{
	struct cgroup *cgrp;

5280 5281
	WARN_ON_ONCE(!rcu_read_lock_held());

5282 5283 5284
	/* is @dentry a cgroup dir? */
	if (!dentry->d_inode ||
	    dentry->d_inode->i_op != &cgroup_dir_inode_operations)
S
Stephane Eranian 已提交
5285 5286
		return ERR_PTR(-EBADF);

5287
	cgrp = __d_cgrp(dentry);
5288
	return cgroup_css(cgrp, ss) ?: ERR_PTR(-ENOENT);
S
Stephane Eranian 已提交
5289 5290
}

5291 5292 5293 5294 5295 5296 5297 5298 5299 5300 5301 5302 5303 5304 5305 5306 5307 5308
/**
 * css_from_id - lookup css by id
 * @id: the cgroup id
 * @ss: cgroup subsys to be looked into
 *
 * Returns the css if there's valid one with @id, otherwise returns NULL.
 * Should be called under rcu_read_lock().
 */
struct cgroup_subsys_state *css_from_id(int id, struct cgroup_subsys *ss)
{
	struct cgroup *cgrp;

	rcu_lockdep_assert(rcu_read_lock_held() ||
			   lockdep_is_held(&cgroup_mutex),
			   "css_from_id() needs proper protection");

	cgrp = idr_find(&ss->root->cgroup_idr, id);
	if (cgrp)
5309
		return cgroup_css(cgrp, ss);
5310
	return NULL;
S
Stephane Eranian 已提交
5311 5312
}

5313
#ifdef CONFIG_CGROUP_DEBUG
5314 5315
static struct cgroup_subsys_state *
debug_css_alloc(struct cgroup_subsys_state *parent_css)
5316 5317 5318 5319 5320 5321 5322 5323 5324
{
	struct cgroup_subsys_state *css = kzalloc(sizeof(*css), GFP_KERNEL);

	if (!css)
		return ERR_PTR(-ENOMEM);

	return css;
}

5325
static void debug_css_free(struct cgroup_subsys_state *css)
5326
{
5327
	kfree(css);
5328 5329
}

5330 5331
static u64 debug_taskcount_read(struct cgroup_subsys_state *css,
				struct cftype *cft)
5332
{
5333
	return cgroup_task_count(css->cgroup);
5334 5335
}

5336 5337
static u64 current_css_set_read(struct cgroup_subsys_state *css,
				struct cftype *cft)
5338 5339 5340 5341
{
	return (u64)(unsigned long)current->cgroups;
}

5342
static u64 current_css_set_refcount_read(struct cgroup_subsys_state *css,
L
Li Zefan 已提交
5343
					 struct cftype *cft)
5344 5345 5346 5347
{
	u64 count;

	rcu_read_lock();
5348
	count = atomic_read(&task_css_set(current)->refcount);
5349 5350 5351 5352
	rcu_read_unlock();
	return count;
}

5353
static int current_css_set_cg_links_read(struct cgroup_subsys_state *css,
5354 5355 5356
					 struct cftype *cft,
					 struct seq_file *seq)
{
5357
	struct cgrp_cset_link *link;
5358
	struct css_set *cset;
5359 5360 5361

	read_lock(&css_set_lock);
	rcu_read_lock();
5362
	cset = rcu_dereference(current->cgroups);
5363
	list_for_each_entry(link, &cset->cgrp_links, cgrp_link) {
5364 5365 5366 5367 5368 5369 5370
		struct cgroup *c = link->cgrp;
		const char *name;

		if (c->dentry)
			name = c->dentry->d_name.name;
		else
			name = "?";
5371 5372
		seq_printf(seq, "Root %d group %s\n",
			   c->root->hierarchy_id, name);
5373 5374 5375 5376 5377 5378 5379
	}
	rcu_read_unlock();
	read_unlock(&css_set_lock);
	return 0;
}

#define MAX_TASKS_SHOWN_PER_CSS 25
5380 5381
static int cgroup_css_links_read(struct cgroup_subsys_state *css,
				 struct cftype *cft, struct seq_file *seq)
5382
{
5383
	struct cgrp_cset_link *link;
5384 5385

	read_lock(&css_set_lock);
5386
	list_for_each_entry(link, &css->cgroup->cset_links, cset_link) {
5387
		struct css_set *cset = link->cset;
5388 5389
		struct task_struct *task;
		int count = 0;
5390 5391
		seq_printf(seq, "css_set %p\n", cset);
		list_for_each_entry(task, &cset->tasks, cg_list) {
5392 5393 5394 5395 5396 5397 5398 5399 5400 5401 5402 5403 5404
			if (count++ > MAX_TASKS_SHOWN_PER_CSS) {
				seq_puts(seq, "  ...\n");
				break;
			} else {
				seq_printf(seq, "  task %d\n",
					   task_pid_vnr(task));
			}
		}
	}
	read_unlock(&css_set_lock);
	return 0;
}

5405
static u64 releasable_read(struct cgroup_subsys_state *css, struct cftype *cft)
5406
{
5407
	return test_bit(CGRP_RELEASABLE, &css->cgroup->flags);
5408 5409 5410 5411 5412 5413 5414 5415 5416 5417 5418 5419 5420 5421 5422 5423 5424 5425
}

static struct cftype debug_files[] =  {
	{
		.name = "taskcount",
		.read_u64 = debug_taskcount_read,
	},

	{
		.name = "current_css_set",
		.read_u64 = current_css_set_read,
	},

	{
		.name = "current_css_set_refcount",
		.read_u64 = current_css_set_refcount_read,
	},

5426 5427 5428 5429 5430 5431 5432 5433 5434 5435
	{
		.name = "current_css_set_cg_links",
		.read_seq_string = current_css_set_cg_links_read,
	},

	{
		.name = "cgroup_css_links",
		.read_seq_string = cgroup_css_links_read,
	},

5436 5437 5438 5439 5440
	{
		.name = "releasable",
		.read_u64 = releasable_read,
	},

5441 5442
	{ }	/* terminate */
};
5443 5444 5445

struct cgroup_subsys debug_subsys = {
	.name = "debug",
5446 5447
	.css_alloc = debug_css_alloc,
	.css_free = debug_css_free,
5448
	.subsys_id = debug_subsys_id,
5449
	.base_cftypes = debug_files,
5450 5451
};
#endif /* CONFIG_CGROUP_DEBUG */