cgroup.c 124.2 KB
Newer Older
1 2 3 4 5 6
/*
 *  Generic process-grouping system.
 *
 *  Based originally on the cpuset system, extracted by Paul Menage
 *  Copyright (C) 2006 Google, Inc
 *
7 8 9 10
 *  Notifications support
 *  Copyright (C) 2009 Nokia Corporation
 *  Author: Kirill A. Shutemov
 *
11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
 *  Copyright notices from the original cpuset code:
 *  --------------------------------------------------
 *  Copyright (C) 2003 BULL SA.
 *  Copyright (C) 2004-2006 Silicon Graphics, Inc.
 *
 *  Portions derived from Patrick Mochel's sysfs code.
 *  sysfs is Copyright (c) 2001-3 Patrick Mochel
 *
 *  2003-10-10 Written by Simon Derr.
 *  2003-10-22 Updates by Stephen Hemminger.
 *  2004 May-July Rework by Paul Jackson.
 *  ---------------------------------------------------
 *
 *  This file is subject to the terms and conditions of the GNU General Public
 *  License.  See the file COPYING in the main directory of the Linux
 *  distribution for more details.
 */

#include <linux/cgroup.h>
30
#include <linux/cred.h>
31
#include <linux/ctype.h>
32
#include <linux/errno.h>
33
#include <linux/init_task.h>
34 35 36 37 38 39
#include <linux/kernel.h>
#include <linux/list.h>
#include <linux/mm.h>
#include <linux/mutex.h>
#include <linux/mount.h>
#include <linux/pagemap.h>
40
#include <linux/proc_fs.h>
41 42 43 44
#include <linux/rcupdate.h>
#include <linux/sched.h>
#include <linux/slab.h>
#include <linux/spinlock.h>
45
#include <linux/rwsem.h>
46
#include <linux/string.h>
47
#include <linux/sort.h>
48
#include <linux/kmod.h>
B
Balbir Singh 已提交
49 50
#include <linux/delayacct.h>
#include <linux/cgroupstats.h>
51
#include <linux/hashtable.h>
L
Li Zefan 已提交
52
#include <linux/pid_namespace.h>
53
#include <linux/idr.h>
54
#include <linux/vmalloc.h> /* TODO: replace with more sophisticated array */
55
#include <linux/kthread.h>
T
Tejun Heo 已提交
56
#include <linux/delay.h>
B
Balbir Singh 已提交
57

A
Arun Sharma 已提交
58
#include <linux/atomic.h>
59

60 61 62 63 64 65 66 67
/*
 * pidlists linger the following amount before being destroyed.  The goal
 * is avoiding frequent destruction in the middle of consecutive read calls
 * Expiring in the middle is a performance problem not a correctness one.
 * 1 sec should be enough.
 */
#define CGROUP_PIDLIST_DESTROY_DELAY	HZ

T
Tejun Heo 已提交
68 69 70
#define CGROUP_FILE_NAME_MAX		(MAX_CGROUP_TYPE_NAMELEN +	\
					 MAX_CFTYPE_NAME + 2)

T
Tejun Heo 已提交
71 72 73 74 75 76 77 78 79
/*
 * cgroup_tree_mutex nests above cgroup_mutex and protects cftypes, file
 * creation/removal and hierarchy changing operations including cgroup
 * creation, removal, css association and controller rebinding.  This outer
 * lock is needed mainly to resolve the circular dependency between kernfs
 * active ref and cgroup_mutex.  cgroup_tree_mutex nests above both.
 */
static DEFINE_MUTEX(cgroup_tree_mutex);

T
Tejun Heo 已提交
80 81 82 83
/*
 * cgroup_mutex is the master lock.  Any modification to cgroup or its
 * hierarchy must be performed while holding it.
 */
T
Tejun Heo 已提交
84 85
#ifdef CONFIG_PROVE_RCU
DEFINE_MUTEX(cgroup_mutex);
86
EXPORT_SYMBOL_GPL(cgroup_mutex);	/* only for lockdep */
T
Tejun Heo 已提交
87
#else
88
static DEFINE_MUTEX(cgroup_mutex);
T
Tejun Heo 已提交
89 90
#endif

91 92 93 94 95 96
/*
 * Protects cgroup_subsys->release_agent_path.  Modifying it also requires
 * cgroup_mutex.  Reading requires either cgroup_mutex or this spinlock.
 */
static DEFINE_SPINLOCK(release_agent_path_lock);

T
Tejun Heo 已提交
97
#define cgroup_assert_mutexes_or_rcu_locked()				\
98
	rcu_lockdep_assert(rcu_read_lock_held() ||			\
T
Tejun Heo 已提交
99
			   lockdep_is_held(&cgroup_tree_mutex) ||	\
100
			   lockdep_is_held(&cgroup_mutex),		\
T
Tejun Heo 已提交
101
			   "cgroup_[tree_]mutex or RCU read lock required");
102

103 104 105 106 107 108 109 110
/*
 * cgroup destruction makes heavy use of work items and there can be a lot
 * of concurrent destructions.  Use a separate workqueue so that cgroup
 * destruction work items don't end up filling up max_active of system_wq
 * which may lead to deadlock.
 */
static struct workqueue_struct *cgroup_destroy_wq;

111 112 113 114 115 116
/*
 * pidlist destructions need to be flushed on cgroup destruction.  Use a
 * separate workqueue as flush domain.
 */
static struct workqueue_struct *cgroup_pidlist_destroy_wq;

T
Tejun Heo 已提交
117
/* generate an array of cgroup subsystem pointers */
118
#define SUBSYS(_x) [_x ## _cgrp_id] = &_x ## _cgrp_subsys,
T
Tejun Heo 已提交
119
static struct cgroup_subsys *cgroup_subsys[] = {
120 121
#include <linux/cgroup_subsys.h>
};
122 123 124 125 126 127 128 129
#undef SUBSYS

/* array of cgroup subsystem names */
#define SUBSYS(_x) [_x ## _cgrp_id] = #_x,
static const char *cgroup_subsys_name[] = {
#include <linux/cgroup_subsys.h>
};
#undef SUBSYS
130 131

/*
132 133 134
 * The dummy hierarchy, reserved for the subsystems that are otherwise
 * unattached - it never has more than a single cgroup, and all tasks are
 * part of that cgroup.
135
 */
136 137 138 139
static struct cgroupfs_root cgroup_dummy_root;

/* dummy_top is a shorthand for the dummy hierarchy's top cgroup */
static struct cgroup * const cgroup_dummy_top = &cgroup_dummy_root.top_cgroup;
140 141 142

/* The list of hierarchy roots */

143 144
static LIST_HEAD(cgroup_roots);
static int cgroup_root_count;
145

T
Tejun Heo 已提交
146
/* hierarchy ID allocation and mapping, protected by cgroup_mutex */
147
static DEFINE_IDR(cgroup_hierarchy_idr);
148

149 150 151 152 153
/*
 * Assign a monotonically increasing serial number to cgroups.  It
 * guarantees cgroups with bigger numbers are newer than those with smaller
 * numbers.  Also, as cgroups are always appended to the parent's
 * ->children list, it guarantees that sibling cgroups are always sorted in
154 155
 * the ascending serial number order on the list.  Protected by
 * cgroup_mutex.
156
 */
157
static u64 cgroup_serial_nr_next = 1;
158

159
/* This flag indicates whether tasks in the fork and exit paths should
L
Li Zefan 已提交
160 161 162
 * check for fork/exit handlers to call. This avoids us having to do
 * extra work in the fork/exit path if none of the subsystems need to
 * be called.
163
 */
164
static int need_forkexit_callback __read_mostly;
165

166 167
static struct cftype cgroup_base_files[];

168
static void cgroup_put(struct cgroup *cgrp);
169 170
static int rebind_subsystems(struct cgroupfs_root *root,
			     unsigned long added_mask, unsigned removed_mask);
171
static void cgroup_destroy_css_killed(struct cgroup *cgrp);
172
static int cgroup_destroy_locked(struct cgroup *cgrp);
173 174
static int cgroup_addrm_files(struct cgroup *cgrp, struct cftype cfts[],
			      bool is_add);
175
static void cgroup_pidlist_destroy_all(struct cgroup *cgrp);
176

T
Tejun Heo 已提交
177 178 179
/**
 * cgroup_css - obtain a cgroup's css for the specified subsystem
 * @cgrp: the cgroup of interest
180
 * @ss: the subsystem of interest (%NULL returns the dummy_css)
T
Tejun Heo 已提交
181
 *
182 183 184 185 186
 * Return @cgrp's css (cgroup_subsys_state) associated with @ss.  This
 * function must be called either under cgroup_mutex or rcu_read_lock() and
 * the caller is responsible for pinning the returned css if it wants to
 * keep accessing it outside the said locks.  This function may return
 * %NULL if @cgrp doesn't have @subsys_id enabled.
T
Tejun Heo 已提交
187 188
 */
static struct cgroup_subsys_state *cgroup_css(struct cgroup *cgrp,
189
					      struct cgroup_subsys *ss)
T
Tejun Heo 已提交
190
{
191
	if (ss)
192
		return rcu_dereference_check(cgrp->subsys[ss->id],
T
Tejun Heo 已提交
193 194
					lockdep_is_held(&cgroup_tree_mutex) ||
					lockdep_is_held(&cgroup_mutex));
195 196
	else
		return &cgrp->dummy_css;
T
Tejun Heo 已提交
197
}
198

199
/* convenient tests for these bits */
200
static inline bool cgroup_is_dead(const struct cgroup *cgrp)
201
{
202
	return test_bit(CGRP_DEAD, &cgrp->flags);
203 204
}

205 206
struct cgroup_subsys_state *seq_css(struct seq_file *seq)
{
T
Tejun Heo 已提交
207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222
	struct kernfs_open_file *of = seq->private;
	struct cgroup *cgrp = of->kn->parent->priv;
	struct cftype *cft = seq_cft(seq);

	/*
	 * This is open and unprotected implementation of cgroup_css().
	 * seq_css() is only called from a kernfs file operation which has
	 * an active reference on the file.  Because all the subsystem
	 * files are drained before a css is disassociated with a cgroup,
	 * the matching css from the cgroup's subsys table is guaranteed to
	 * be and stay valid until the enclosing operation is complete.
	 */
	if (cft->ss)
		return rcu_dereference_raw(cgrp->subsys[cft->ss->id]);
	else
		return &cgrp->dummy_css;
223 224 225
}
EXPORT_SYMBOL_GPL(seq_css);

226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243
/**
 * cgroup_is_descendant - test ancestry
 * @cgrp: the cgroup to be tested
 * @ancestor: possible ancestor of @cgrp
 *
 * Test whether @cgrp is a descendant of @ancestor.  It also returns %true
 * if @cgrp == @ancestor.  This function is safe to call as long as @cgrp
 * and @ancestor are accessible.
 */
bool cgroup_is_descendant(struct cgroup *cgrp, struct cgroup *ancestor)
{
	while (cgrp) {
		if (cgrp == ancestor)
			return true;
		cgrp = cgrp->parent;
	}
	return false;
}
244

245
static int cgroup_is_releasable(const struct cgroup *cgrp)
246 247
{
	const int bits =
248 249 250
		(1 << CGRP_RELEASABLE) |
		(1 << CGRP_NOTIFY_ON_RELEASE);
	return (cgrp->flags & bits) == bits;
251 252
}

253
static int notify_on_release(const struct cgroup *cgrp)
254
{
255
	return test_bit(CGRP_NOTIFY_ON_RELEASE, &cgrp->flags);
256 257
}

T
Tejun Heo 已提交
258 259 260 261 262 263 264 265 266 267 268 269
/**
 * for_each_css - iterate all css's of a cgroup
 * @css: the iteration cursor
 * @ssid: the index of the subsystem, CGROUP_SUBSYS_COUNT after reaching the end
 * @cgrp: the target cgroup to iterate css's of
 *
 * Should be called under cgroup_mutex.
 */
#define for_each_css(css, ssid, cgrp)					\
	for ((ssid) = 0; (ssid) < CGROUP_SUBSYS_COUNT; (ssid)++)	\
		if (!((css) = rcu_dereference_check(			\
				(cgrp)->subsys[(ssid)],			\
T
Tejun Heo 已提交
270
				lockdep_is_held(&cgroup_tree_mutex) ||	\
T
Tejun Heo 已提交
271 272 273
				lockdep_is_held(&cgroup_mutex)))) { }	\
		else

274
/**
T
Tejun Heo 已提交
275
 * for_each_subsys - iterate all enabled cgroup subsystems
276
 * @ss: the iteration cursor
277
 * @ssid: the index of @ss, CGROUP_SUBSYS_COUNT after reaching the end
278
 */
279
#define for_each_subsys(ss, ssid)					\
T
Tejun Heo 已提交
280 281
	for ((ssid) = 0; (ssid) < CGROUP_SUBSYS_COUNT &&		\
	     (((ss) = cgroup_subsys[ssid]) || true); (ssid)++)
282

283 284 285
/* iterate across the active hierarchies */
#define for_each_active_root(root)					\
	list_for_each_entry((root), &cgroup_roots, root_list)
286

287 288 289 290
/**
 * cgroup_lock_live_group - take cgroup_mutex and check that cgrp is alive.
 * @cgrp: the cgroup to be checked for liveness
 *
T
Tejun Heo 已提交
291 292
 * On success, returns true; the mutex should be later unlocked.  On
 * failure returns false with no lock held.
293
 */
294
static bool cgroup_lock_live_group(struct cgroup *cgrp)
295 296
{
	mutex_lock(&cgroup_mutex);
297
	if (cgroup_is_dead(cgrp)) {
298 299 300 301 302 303
		mutex_unlock(&cgroup_mutex);
		return false;
	}
	return true;
}

304 305 306
/* the list of cgroups eligible for automatic release. Protected by
 * release_list_lock */
static LIST_HEAD(release_list);
307
static DEFINE_RAW_SPINLOCK(release_list_lock);
308 309
static void cgroup_release_agent(struct work_struct *work);
static DECLARE_WORK(release_agent_work, cgroup_release_agent);
310
static void check_for_release(struct cgroup *cgrp);
311

312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329
/*
 * A cgroup can be associated with multiple css_sets as different tasks may
 * belong to different cgroups on different hierarchies.  In the other
 * direction, a css_set is naturally associated with multiple cgroups.
 * This M:N relationship is represented by the following link structure
 * which exists for each association and allows traversing the associations
 * from both sides.
 */
struct cgrp_cset_link {
	/* the cgroup and css_set this link associates */
	struct cgroup		*cgrp;
	struct css_set		*cset;

	/* list of cgrp_cset_links anchored at cgrp->cset_links */
	struct list_head	cset_link;

	/* list of cgrp_cset_links anchored at css_set->cgrp_links */
	struct list_head	cgrp_link;
330 331 332 333 334 335 336 337 338 339
};

/* The default css_set - used by init and its children prior to any
 * hierarchies being mounted. It contains a pointer to the root state
 * for each subsystem. Also used to anchor the list of css_sets. Not
 * reference-counted, to improve performance when child cgroups
 * haven't been created.
 */

static struct css_set init_css_set;
340
static struct cgrp_cset_link init_cgrp_cset_link;
341

342
/*
343 344
 * css_set_rwsem protects the list of css_set objects, and the chain of
 * tasks off each css_set.
345
 */
346
static DECLARE_RWSEM(css_set_rwsem);
347 348
static int css_set_count;

349 350 351 352 353
/*
 * hash table for cgroup groups. This improves the performance to find
 * an existing css_set. This hash doesn't (currently) take into
 * account cgroups in empty hierarchies.
 */
354
#define CSS_SET_HASH_BITS	7
355
static DEFINE_HASHTABLE(css_set_table, CSS_SET_HASH_BITS);
356

357
static unsigned long css_set_hash(struct cgroup_subsys_state *css[])
358
{
359
	unsigned long key = 0UL;
360 361
	struct cgroup_subsys *ss;
	int i;
362

363
	for_each_subsys(ss, i)
364 365
		key += (unsigned long)css[i];
	key = (key >> 16) ^ key;
366

367
	return key;
368 369
}

370
static void put_css_set_locked(struct css_set *cset, bool taskexit)
371
{
372
	struct cgrp_cset_link *link, *tmp_link;
373

374 375 376
	lockdep_assert_held(&css_set_rwsem);

	if (!atomic_dec_and_test(&cset->refcount))
377
		return;
378

379
	/* This css_set is dead. unlink it and release cgroup refcounts */
380
	hash_del(&cset->hlist);
381 382
	css_set_count--;

383
	list_for_each_entry_safe(link, tmp_link, &cset->cgrp_links, cgrp_link) {
384
		struct cgroup *cgrp = link->cgrp;
385

386 387
		list_del(&link->cset_link);
		list_del(&link->cgrp_link);
L
Li Zefan 已提交
388

389
		/* @cgrp can't go away while we're holding css_set_rwsem */
T
Tejun Heo 已提交
390
		if (list_empty(&cgrp->cset_links) && notify_on_release(cgrp)) {
391
			if (taskexit)
392 393
				set_bit(CGRP_RELEASABLE, &cgrp->flags);
			check_for_release(cgrp);
394
		}
395 396

		kfree(link);
397
	}
398

399
	kfree_rcu(cset, rcu_head);
400 401
}

402 403 404 405 406 407 408 409 410 411 412 413 414 415 416
static void put_css_set(struct css_set *cset, bool taskexit)
{
	/*
	 * Ensure that the refcount doesn't hit zero while any readers
	 * can see it. Similar to atomic_dec_and_lock(), but for an
	 * rwlock
	 */
	if (atomic_add_unless(&cset->refcount, -1, 1))
		return;

	down_write(&css_set_rwsem);
	put_css_set_locked(cset, taskexit);
	up_write(&css_set_rwsem);
}

417 418 419
/*
 * refcounted get/put for css_set objects
 */
420
static inline void get_css_set(struct css_set *cset)
421
{
422
	atomic_inc(&cset->refcount);
423 424
}

425
/**
426
 * compare_css_sets - helper function for find_existing_css_set().
427 428
 * @cset: candidate css_set being tested
 * @old_cset: existing css_set for a task
429 430 431
 * @new_cgrp: cgroup that's being entered by the task
 * @template: desired set of css pointers in css_set (pre-calculated)
 *
L
Li Zefan 已提交
432
 * Returns true if "cset" matches "old_cset" except for the hierarchy
433 434
 * which "new_cgrp" belongs to, for which it should match "new_cgrp".
 */
435 436
static bool compare_css_sets(struct css_set *cset,
			     struct css_set *old_cset,
437 438 439 440 441
			     struct cgroup *new_cgrp,
			     struct cgroup_subsys_state *template[])
{
	struct list_head *l1, *l2;

442
	if (memcmp(template, cset->subsys, sizeof(cset->subsys))) {
443 444 445 446 447 448 449 450 451 452 453 454 455
		/* Not all subsystems matched */
		return false;
	}

	/*
	 * Compare cgroup pointers in order to distinguish between
	 * different cgroups in heirarchies with no subsystems. We
	 * could get by with just this check alone (and skip the
	 * memcmp above) but on most setups the memcmp check will
	 * avoid the need for this more expensive check on almost all
	 * candidates.
	 */

456 457
	l1 = &cset->cgrp_links;
	l2 = &old_cset->cgrp_links;
458
	while (1) {
459
		struct cgrp_cset_link *link1, *link2;
460
		struct cgroup *cgrp1, *cgrp2;
461 462 463 464

		l1 = l1->next;
		l2 = l2->next;
		/* See if we reached the end - both lists are equal length. */
465 466
		if (l1 == &cset->cgrp_links) {
			BUG_ON(l2 != &old_cset->cgrp_links);
467 468
			break;
		} else {
469
			BUG_ON(l2 == &old_cset->cgrp_links);
470 471
		}
		/* Locate the cgroups associated with these links. */
472 473 474 475
		link1 = list_entry(l1, struct cgrp_cset_link, cgrp_link);
		link2 = list_entry(l2, struct cgrp_cset_link, cgrp_link);
		cgrp1 = link1->cgrp;
		cgrp2 = link2->cgrp;
476
		/* Hierarchies should be linked in the same order. */
477
		BUG_ON(cgrp1->root != cgrp2->root);
478 479 480 481 482 483 484 485

		/*
		 * If this hierarchy is the hierarchy of the cgroup
		 * that's changing, then we need to check that this
		 * css_set points to the new cgroup; if it's any other
		 * hierarchy, then this css_set should point to the
		 * same cgroup as the old css_set.
		 */
486 487
		if (cgrp1->root == new_cgrp->root) {
			if (cgrp1 != new_cgrp)
488 489
				return false;
		} else {
490
			if (cgrp1 != cgrp2)
491 492 493 494 495 496
				return false;
		}
	}
	return true;
}

497 498 499 500 501
/**
 * find_existing_css_set - init css array and find the matching css_set
 * @old_cset: the css_set that we're using before the cgroup transition
 * @cgrp: the cgroup that we're moving into
 * @template: out param for the new set of csses, should be clear on entry
502
 */
503 504 505
static struct css_set *find_existing_css_set(struct css_set *old_cset,
					struct cgroup *cgrp,
					struct cgroup_subsys_state *template[])
506
{
507
	struct cgroupfs_root *root = cgrp->root;
508
	struct cgroup_subsys *ss;
509
	struct css_set *cset;
510
	unsigned long key;
511
	int i;
512

B
Ben Blum 已提交
513 514 515 516 517
	/*
	 * Build the set of subsystem state objects that we want to see in the
	 * new css_set. while subsystems can change globally, the entries here
	 * won't change, so no need for locking.
	 */
518
	for_each_subsys(ss, i) {
519
		if (root->subsys_mask & (1UL << i)) {
520 521 522
			/* Subsystem is in this hierarchy. So we want
			 * the subsystem state from the new
			 * cgroup */
523
			template[i] = cgroup_css(cgrp, ss);
524 525 526
		} else {
			/* Subsystem is not in this hierarchy, so we
			 * don't want to change the subsystem state */
527
			template[i] = old_cset->subsys[i];
528 529 530
		}
	}

531
	key = css_set_hash(template);
532 533
	hash_for_each_possible(css_set_table, cset, hlist, key) {
		if (!compare_css_sets(cset, old_cset, cgrp, template))
534 535 536
			continue;

		/* This css_set matches what we need */
537
		return cset;
538
	}
539 540 541 542 543

	/* No existing cgroup group matched */
	return NULL;
}

544
static void free_cgrp_cset_links(struct list_head *links_to_free)
545
{
546
	struct cgrp_cset_link *link, *tmp_link;
547

548 549
	list_for_each_entry_safe(link, tmp_link, links_to_free, cset_link) {
		list_del(&link->cset_link);
550 551 552 553
		kfree(link);
	}
}

554 555 556 557 558 559 560
/**
 * allocate_cgrp_cset_links - allocate cgrp_cset_links
 * @count: the number of links to allocate
 * @tmp_links: list_head the allocated links are put on
 *
 * Allocate @count cgrp_cset_link structures and chain them on @tmp_links
 * through ->cset_link.  Returns 0 on success or -errno.
561
 */
562
static int allocate_cgrp_cset_links(int count, struct list_head *tmp_links)
563
{
564
	struct cgrp_cset_link *link;
565
	int i;
566 567 568

	INIT_LIST_HEAD(tmp_links);

569
	for (i = 0; i < count; i++) {
570
		link = kzalloc(sizeof(*link), GFP_KERNEL);
571
		if (!link) {
572
			free_cgrp_cset_links(tmp_links);
573 574
			return -ENOMEM;
		}
575
		list_add(&link->cset_link, tmp_links);
576 577 578 579
	}
	return 0;
}

580 581
/**
 * link_css_set - a helper function to link a css_set to a cgroup
582
 * @tmp_links: cgrp_cset_link objects allocated by allocate_cgrp_cset_links()
583
 * @cset: the css_set to be linked
584 585
 * @cgrp: the destination cgroup
 */
586 587
static void link_css_set(struct list_head *tmp_links, struct css_set *cset,
			 struct cgroup *cgrp)
588
{
589
	struct cgrp_cset_link *link;
590

591 592 593
	BUG_ON(list_empty(tmp_links));
	link = list_first_entry(tmp_links, struct cgrp_cset_link, cset_link);
	link->cset = cset;
594
	link->cgrp = cgrp;
595
	list_move(&link->cset_link, &cgrp->cset_links);
596 597 598 599
	/*
	 * Always add links to the tail of the list so that the list
	 * is sorted by order of hierarchy creation
	 */
600
	list_add_tail(&link->cgrp_link, &cset->cgrp_links);
601 602
}

603 604 605 606 607 608 609
/**
 * find_css_set - return a new css_set with one cgroup updated
 * @old_cset: the baseline css_set
 * @cgrp: the cgroup to be updated
 *
 * Return a new css_set that's equivalent to @old_cset, but with @cgrp
 * substituted into the appropriate hierarchy.
610
 */
611 612
static struct css_set *find_css_set(struct css_set *old_cset,
				    struct cgroup *cgrp)
613
{
614
	struct cgroup_subsys_state *template[CGROUP_SUBSYS_COUNT] = { };
615
	struct css_set *cset;
616 617
	struct list_head tmp_links;
	struct cgrp_cset_link *link;
618
	unsigned long key;
619

620 621
	lockdep_assert_held(&cgroup_mutex);

622 623
	/* First see if we already have a cgroup group that matches
	 * the desired set */
624
	down_read(&css_set_rwsem);
625 626 627
	cset = find_existing_css_set(old_cset, cgrp, template);
	if (cset)
		get_css_set(cset);
628
	up_read(&css_set_rwsem);
629

630 631
	if (cset)
		return cset;
632

633
	cset = kzalloc(sizeof(*cset), GFP_KERNEL);
634
	if (!cset)
635 636
		return NULL;

637
	/* Allocate all the cgrp_cset_link objects that we'll need */
638
	if (allocate_cgrp_cset_links(cgroup_root_count, &tmp_links) < 0) {
639
		kfree(cset);
640 641 642
		return NULL;
	}

643
	atomic_set(&cset->refcount, 1);
644
	INIT_LIST_HEAD(&cset->cgrp_links);
645
	INIT_LIST_HEAD(&cset->tasks);
T
Tejun Heo 已提交
646
	INIT_LIST_HEAD(&cset->mg_tasks);
647
	INIT_LIST_HEAD(&cset->mg_node);
648
	INIT_HLIST_NODE(&cset->hlist);
649 650 651

	/* Copy the set of subsystem state objects generated in
	 * find_existing_css_set() */
652
	memcpy(cset->subsys, template, sizeof(cset->subsys));
653

654
	down_write(&css_set_rwsem);
655
	/* Add reference counts and links from the new css_set. */
656
	list_for_each_entry(link, &old_cset->cgrp_links, cgrp_link) {
657
		struct cgroup *c = link->cgrp;
658

659 660
		if (c->root == cgrp->root)
			c = cgrp;
661
		link_css_set(&tmp_links, cset, c);
662
	}
663

664
	BUG_ON(!list_empty(&tmp_links));
665 666

	css_set_count++;
667 668

	/* Add this cgroup group to the hash table */
669 670
	key = css_set_hash(cset->subsys);
	hash_add(css_set_table, &cset->hlist, key);
671

672
	up_write(&css_set_rwsem);
673

674
	return cset;
675 676
}

T
Tejun Heo 已提交
677 678 679 680 681 682 683
static struct cgroupfs_root *cgroup_root_from_kf(struct kernfs_root *kf_root)
{
	struct cgroup *top_cgrp = kf_root->kn->priv;

	return top_cgrp->root;
}

684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719
static int cgroup_init_root_id(struct cgroupfs_root *root, int start, int end)
{
	int id;

	lockdep_assert_held(&cgroup_mutex);

	id = idr_alloc_cyclic(&cgroup_hierarchy_idr, root, start, end,
			      GFP_KERNEL);
	if (id < 0)
		return id;

	root->hierarchy_id = id;
	return 0;
}

static void cgroup_exit_root_id(struct cgroupfs_root *root)
{
	lockdep_assert_held(&cgroup_mutex);

	if (root->hierarchy_id) {
		idr_remove(&cgroup_hierarchy_idr, root->hierarchy_id);
		root->hierarchy_id = 0;
	}
}

static void cgroup_free_root(struct cgroupfs_root *root)
{
	if (root) {
		/* hierarhcy ID shoulid already have been released */
		WARN_ON_ONCE(root->hierarchy_id);

		idr_destroy(&root->cgroup_idr);
		kfree(root);
	}
}

T
Tejun Heo 已提交
720
static void cgroup_destroy_root(struct cgroupfs_root *root)
721
{
722 723 724
	struct cgroup *cgrp = &root->top_cgroup;
	struct cgrp_cset_link *link, *tmp_link;

T
Tejun Heo 已提交
725 726
	mutex_lock(&cgroup_tree_mutex);
	mutex_lock(&cgroup_mutex);
727

T
Tejun Heo 已提交
728
	BUG_ON(atomic_read(&root->nr_cgrps));
729 730 731
	BUG_ON(!list_empty(&cgrp->children));

	/* Rebind all subsystems back to the default hierarchy */
T
Tejun Heo 已提交
732
	WARN_ON(rebind_subsystems(root, 0, root->subsys_mask));
733 734 735 736 737

	/*
	 * Release all the links from cset_links to this hierarchy's
	 * root cgroup
	 */
738
	down_write(&css_set_rwsem);
739 740 741 742 743 744

	list_for_each_entry_safe(link, tmp_link, &cgrp->cset_links, cset_link) {
		list_del(&link->cset_link);
		list_del(&link->cgrp_link);
		kfree(link);
	}
745
	up_write(&css_set_rwsem);
746 747 748 749 750 751 752 753 754 755 756

	if (!list_empty(&root->root_list)) {
		list_del(&root->root_list);
		cgroup_root_count--;
	}

	cgroup_exit_root_id(root);

	mutex_unlock(&cgroup_mutex);
	mutex_unlock(&cgroup_tree_mutex);

T
Tejun Heo 已提交
757
	kernfs_destroy_root(root->kf_root);
758 759 760
	cgroup_free_root(root);
}

761 762
/*
 * Return the cgroup for "task" from the given hierarchy. Must be
763
 * called with cgroup_mutex and css_set_rwsem held.
764 765 766 767
 */
static struct cgroup *task_cgroup_from_root(struct task_struct *task,
					    struct cgroupfs_root *root)
{
768
	struct css_set *cset;
769 770
	struct cgroup *res = NULL;

771 772 773
	lockdep_assert_held(&cgroup_mutex);
	lockdep_assert_held(&css_set_rwsem);

774 775 776 777 778
	/*
	 * No need to lock the task - since we hold cgroup_mutex the
	 * task can't change groups, so the only thing that can happen
	 * is that it exits and its css is set back to init_css_set.
	 */
779
	cset = task_css_set(task);
780
	if (cset == &init_css_set) {
781 782
		res = &root->top_cgroup;
	} else {
783 784 785
		struct cgrp_cset_link *link;

		list_for_each_entry(link, &cset->cgrp_links, cgrp_link) {
786
			struct cgroup *c = link->cgrp;
787

788 789 790 791 792 793
			if (c->root == root) {
				res = c;
				break;
			}
		}
	}
794

795 796 797 798
	BUG_ON(!res);
	return res;
}

799 800 801 802 803 804 805 806 807 808
/*
 * There is one global cgroup mutex. We also require taking
 * task_lock() when dereferencing a task's cgroup subsys pointers.
 * See "The task_lock() exception", at the end of this comment.
 *
 * A task must hold cgroup_mutex to modify cgroups.
 *
 * Any task can increment and decrement the count field without lock.
 * So in general, code holding cgroup_mutex can't rely on the count
 * field not changing.  However, if the count goes to zero, then only
809
 * cgroup_attach_task() can increment it again.  Because a count of zero
810 811 812 813 814 815 816 817 818 819 820 821 822
 * means that no tasks are currently attached, therefore there is no
 * way a task attached to that cgroup can fork (the other way to
 * increment the count).  So code holding cgroup_mutex can safely
 * assume that if the count is zero, it will stay zero. Similarly, if
 * a task holds cgroup_mutex on a cgroup with zero count, it
 * knows that the cgroup won't be removed, as cgroup_rmdir()
 * needs that mutex.
 *
 * The fork and exit callbacks cgroup_fork() and cgroup_exit(), don't
 * (usually) take cgroup_mutex.  These are the two most performance
 * critical pieces of code here.  The exception occurs on cgroup_exit(),
 * when a task in a notify_on_release cgroup exits.  Then cgroup_mutex
 * is taken, and if the cgroup count is zero, a usermode call made
L
Li Zefan 已提交
823 824
 * to the release agent with the name of the cgroup (path relative to
 * the root of cgroup file system) as the argument.
825 826 827 828 829 830 831 832 833 834 835
 *
 * A cgroup can only be deleted if both its 'count' of using tasks
 * is zero, and its list of 'children' cgroups is empty.  Since all
 * tasks in the system use _some_ cgroup, and since there is always at
 * least one task in the system (init, pid == 1), therefore, top_cgroup
 * always has either children cgroups and/or using tasks.  So we don't
 * need a special hack to ensure that top_cgroup cannot be deleted.
 *
 *	The task_lock() exception
 *
 * The need for this exception arises from the action of
836
 * cgroup_attach_task(), which overwrites one task's cgroup pointer with
L
Li Zefan 已提交
837
 * another.  It does so using cgroup_mutex, however there are
838 839 840
 * several performance critical places that need to reference
 * task->cgroup without the expense of grabbing a system global
 * mutex.  Therefore except as noted below, when dereferencing or, as
841
 * in cgroup_attach_task(), modifying a task's cgroup pointer we use
842 843 844 845
 * task_lock(), which acts on a spinlock (task->alloc_lock) already in
 * the task_struct routinely used for such matters.
 *
 * P.S.  One more locking exception.  RCU is used to guard the
846
 * update of a tasks cgroup pointer by cgroup_attach_task()
847 848
 */

849
static int cgroup_populate_dir(struct cgroup *cgrp, unsigned long subsys_mask);
T
Tejun Heo 已提交
850
static struct kernfs_syscall_ops cgroup_kf_syscall_ops;
851
static const struct file_operations proc_cgroupstats_operations;
852

T
Tejun Heo 已提交
853 854 855 856 857 858 859 860 861 862 863 864
static char *cgroup_file_name(struct cgroup *cgrp, const struct cftype *cft,
			      char *buf)
{
	if (cft->ss && !(cft->flags & CFTYPE_NO_PREFIX) &&
	    !(cgrp->root->flags & CGRP_ROOT_NOPREFIX))
		snprintf(buf, CGROUP_FILE_NAME_MAX, "%s.%s",
			 cft->ss->name, cft->name);
	else
		strncpy(buf, cft->name, CGROUP_FILE_NAME_MAX);
	return buf;
}

865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890
/**
 * cgroup_file_mode - deduce file mode of a control file
 * @cft: the control file in question
 *
 * returns cft->mode if ->mode is not 0
 * returns S_IRUGO|S_IWUSR if it has both a read and a write handler
 * returns S_IRUGO if it has only a read handler
 * returns S_IWUSR if it has only a write hander
 */
static umode_t cgroup_file_mode(const struct cftype *cft)
{
	umode_t mode = 0;

	if (cft->mode)
		return cft->mode;

	if (cft->read_u64 || cft->read_s64 || cft->seq_show)
		mode |= S_IRUGO;

	if (cft->write_u64 || cft->write_s64 || cft->write_string ||
	    cft->trigger)
		mode |= S_IWUSR;

	return mode;
}

891 892
static void cgroup_free_fn(struct work_struct *work)
{
893
	struct cgroup *cgrp = container_of(work, struct cgroup, destroy_work);
894

895
	atomic_dec(&cgrp->root->nr_cgrps);
896
	cgroup_pidlist_destroy_all(cgrp);
897

T
Tejun Heo 已提交
898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913
	if (cgrp->parent) {
		/*
		 * We get a ref to the parent, and put the ref when this
		 * cgroup is being freed, so it's guaranteed that the
		 * parent won't be destroyed before its children.
		 */
		cgroup_put(cgrp->parent);
		kernfs_put(cgrp->kn);
		kfree(cgrp);
	} else {
		/*
		 * This is top cgroup's refcnt reaching zero, which
		 * indicates that the root should be released.
		 */
		cgroup_destroy_root(cgrp->root);
	}
914 915 916 917 918 919
}

static void cgroup_free_rcu(struct rcu_head *head)
{
	struct cgroup *cgrp = container_of(head, struct cgroup, rcu_head);

920
	INIT_WORK(&cgrp->destroy_work, cgroup_free_fn);
921
	queue_work(cgroup_destroy_wq, &cgrp->destroy_work);
922 923
}

924 925
static void cgroup_get(struct cgroup *cgrp)
{
T
Tejun Heo 已提交
926 927 928
	WARN_ON_ONCE(cgroup_is_dead(cgrp));
	WARN_ON_ONCE(atomic_read(&cgrp->refcnt) <= 0);
	atomic_inc(&cgrp->refcnt);
929 930
}

931 932
static void cgroup_put(struct cgroup *cgrp)
{
T
Tejun Heo 已提交
933 934
	if (!atomic_dec_and_test(&cgrp->refcnt))
		return;
T
Tejun Heo 已提交
935
	if (WARN_ON_ONCE(cgrp->parent && !cgroup_is_dead(cgrp)))
T
Tejun Heo 已提交
936
		return;
937

T
Tejun Heo 已提交
938 939 940 941 942 943 944 945 946 947
	/*
	 * XXX: cgrp->id is only used to look up css's.  As cgroup and
	 * css's lifetimes will be decoupled, it should be made
	 * per-subsystem and moved to css->id so that lookups are
	 * successful until the target css is released.
	 */
	mutex_lock(&cgroup_mutex);
	idr_remove(&cgrp->root->cgroup_idr, cgrp->id);
	mutex_unlock(&cgroup_mutex);
	cgrp->id = -1;
948

T
Tejun Heo 已提交
949
	call_rcu(&cgrp->rcu_head, cgroup_free_rcu);
950 951
}

952
static void cgroup_rm_file(struct cgroup *cgrp, const struct cftype *cft)
T
Tejun Heo 已提交
953
{
T
Tejun Heo 已提交
954
	char name[CGROUP_FILE_NAME_MAX];
T
Tejun Heo 已提交
955

T
Tejun Heo 已提交
956
	lockdep_assert_held(&cgroup_tree_mutex);
T
Tejun Heo 已提交
957
	kernfs_remove_by_name(cgrp->kn, cgroup_file_name(cgrp, cft, name));
T
Tejun Heo 已提交
958 959
}

960
/**
961
 * cgroup_clear_dir - remove subsys files in a cgroup directory
962
 * @cgrp: target cgroup
963 964
 * @subsys_mask: mask of the subsystem ids whose files should be removed
 */
965
static void cgroup_clear_dir(struct cgroup *cgrp, unsigned long subsys_mask)
T
Tejun Heo 已提交
966
{
967
	struct cgroup_subsys *ss;
968
	int i;
T
Tejun Heo 已提交
969

970
	for_each_subsys(ss, i) {
T
Tejun Heo 已提交
971
		struct cftype *cfts;
972 973

		if (!test_bit(i, &subsys_mask))
974
			continue;
T
Tejun Heo 已提交
975 976
		list_for_each_entry(cfts, &ss->cfts, node)
			cgroup_addrm_files(cgrp, cfts, false);
977
	}
978 979 980
}

static int rebind_subsystems(struct cgroupfs_root *root,
981
			     unsigned long added_mask, unsigned removed_mask)
982
{
983
	struct cgroup *cgrp = &root->top_cgroup;
984
	struct cgroup_subsys *ss;
985
	int i, ret;
986

T
Tejun Heo 已提交
987 988
	lockdep_assert_held(&cgroup_tree_mutex);
	lockdep_assert_held(&cgroup_mutex);
B
Ben Blum 已提交
989

990
	/* Check that any added subsystems are currently free */
T
Tejun Heo 已提交
991 992 993
	for_each_subsys(ss, i)
		if ((added_mask & (1 << i)) && ss->root != &cgroup_dummy_root)
			return -EBUSY;
994

995 996
	ret = cgroup_populate_dir(cgrp, added_mask);
	if (ret)
T
Tejun Heo 已提交
997
		return ret;
998 999 1000 1001 1002

	/*
	 * Nothing can fail from this point on.  Remove files for the
	 * removed subsystems and rebind each subsystem.
	 */
1003
	mutex_unlock(&cgroup_mutex);
1004
	cgroup_clear_dir(cgrp, removed_mask);
1005
	mutex_lock(&cgroup_mutex);
1006

1007
	for_each_subsys(ss, i) {
1008
		unsigned long bit = 1UL << i;
1009

1010
		if (bit & added_mask) {
1011
			/* We're binding this subsystem to this hierarchy */
1012 1013 1014
			BUG_ON(cgroup_css(cgrp, ss));
			BUG_ON(!cgroup_css(cgroup_dummy_top, ss));
			BUG_ON(cgroup_css(cgroup_dummy_top, ss)->cgroup != cgroup_dummy_top);
1015

1016
			rcu_assign_pointer(cgrp->subsys[i],
1017 1018
					   cgroup_css(cgroup_dummy_top, ss));
			cgroup_css(cgrp, ss)->cgroup = cgrp;
1019

1020
			ss->root = root;
1021
			if (ss->bind)
1022
				ss->bind(cgroup_css(cgrp, ss));
1023

B
Ben Blum 已提交
1024
			/* refcount was already taken, and we're keeping it */
1025
			root->subsys_mask |= bit;
1026
		} else if (bit & removed_mask) {
1027
			/* We're removing this subsystem */
1028 1029
			BUG_ON(cgroup_css(cgrp, ss) != cgroup_css(cgroup_dummy_top, ss));
			BUG_ON(cgroup_css(cgrp, ss)->cgroup != cgrp);
1030

1031
			if (ss->bind)
1032
				ss->bind(cgroup_css(cgroup_dummy_top, ss));
1033

1034
			cgroup_css(cgroup_dummy_top, ss)->cgroup = cgroup_dummy_top;
1035 1036
			RCU_INIT_POINTER(cgrp->subsys[i], NULL);

1037
			cgroup_subsys[i]->root = &cgroup_dummy_root;
1038
			root->subsys_mask &= ~bit;
1039 1040 1041
		}
	}

T
Tejun Heo 已提交
1042
	kernfs_activate(cgrp->kn);
1043 1044 1045
	return 0;
}

T
Tejun Heo 已提交
1046 1047
static int cgroup_show_options(struct seq_file *seq,
			       struct kernfs_root *kf_root)
1048
{
T
Tejun Heo 已提交
1049
	struct cgroupfs_root *root = cgroup_root_from_kf(kf_root);
1050
	struct cgroup_subsys *ss;
T
Tejun Heo 已提交
1051
	int ssid;
1052

T
Tejun Heo 已提交
1053 1054 1055
	for_each_subsys(ss, ssid)
		if (root->subsys_mask & (1 << ssid))
			seq_printf(seq, ",%s", ss->name);
1056 1057
	if (root->flags & CGRP_ROOT_SANE_BEHAVIOR)
		seq_puts(seq, ",sane_behavior");
1058
	if (root->flags & CGRP_ROOT_NOPREFIX)
1059
		seq_puts(seq, ",noprefix");
1060
	if (root->flags & CGRP_ROOT_XATTR)
A
Aristeu Rozanski 已提交
1061
		seq_puts(seq, ",xattr");
1062 1063

	spin_lock(&release_agent_path_lock);
1064 1065
	if (strlen(root->release_agent_path))
		seq_printf(seq, ",release_agent=%s", root->release_agent_path);
1066 1067
	spin_unlock(&release_agent_path_lock);

1068
	if (test_bit(CGRP_CPUSET_CLONE_CHILDREN, &root->top_cgroup.flags))
1069
		seq_puts(seq, ",clone_children");
1070 1071
	if (strlen(root->name))
		seq_printf(seq, ",name=%s", root->name);
1072 1073 1074 1075
	return 0;
}

struct cgroup_sb_opts {
1076
	unsigned long subsys_mask;
1077
	unsigned long flags;
1078
	char *release_agent;
1079
	bool cpuset_clone_children;
1080
	char *name;
1081 1082
	/* User explicitly requested empty subsystem */
	bool none;
1083 1084
};

B
Ben Blum 已提交
1085
/*
1086 1087 1088 1089
 * Convert a hierarchy specifier into a bitmask of subsystems and
 * flags. Call with cgroup_mutex held to protect the cgroup_subsys[]
 * array. This function takes refcounts on subsystems to be used, unless it
 * returns error, in which case no refcounts are taken.
B
Ben Blum 已提交
1090
 */
B
Ben Blum 已提交
1091
static int parse_cgroupfs_options(char *data, struct cgroup_sb_opts *opts)
1092
{
1093 1094
	char *token, *o = data;
	bool all_ss = false, one_ss = false;
1095
	unsigned long mask = (unsigned long)-1;
1096 1097
	struct cgroup_subsys *ss;
	int i;
1098

B
Ben Blum 已提交
1099 1100
	BUG_ON(!mutex_is_locked(&cgroup_mutex));

1101
#ifdef CONFIG_CPUSETS
1102
	mask = ~(1UL << cpuset_cgrp_id);
1103
#endif
1104

1105
	memset(opts, 0, sizeof(*opts));
1106 1107 1108 1109

	while ((token = strsep(&o, ",")) != NULL) {
		if (!*token)
			return -EINVAL;
1110
		if (!strcmp(token, "none")) {
1111 1112
			/* Explicitly have no subsystems */
			opts->none = true;
1113 1114 1115 1116 1117 1118 1119 1120 1121
			continue;
		}
		if (!strcmp(token, "all")) {
			/* Mutually exclusive option 'all' + subsystem name */
			if (one_ss)
				return -EINVAL;
			all_ss = true;
			continue;
		}
1122 1123 1124 1125
		if (!strcmp(token, "__DEVEL__sane_behavior")) {
			opts->flags |= CGRP_ROOT_SANE_BEHAVIOR;
			continue;
		}
1126
		if (!strcmp(token, "noprefix")) {
1127
			opts->flags |= CGRP_ROOT_NOPREFIX;
1128 1129 1130
			continue;
		}
		if (!strcmp(token, "clone_children")) {
1131
			opts->cpuset_clone_children = true;
1132 1133
			continue;
		}
A
Aristeu Rozanski 已提交
1134
		if (!strcmp(token, "xattr")) {
1135
			opts->flags |= CGRP_ROOT_XATTR;
A
Aristeu Rozanski 已提交
1136 1137
			continue;
		}
1138
		if (!strncmp(token, "release_agent=", 14)) {
1139 1140 1141
			/* Specifying two release agents is forbidden */
			if (opts->release_agent)
				return -EINVAL;
1142
			opts->release_agent =
1143
				kstrndup(token + 14, PATH_MAX - 1, GFP_KERNEL);
1144 1145
			if (!opts->release_agent)
				return -ENOMEM;
1146 1147 1148
			continue;
		}
		if (!strncmp(token, "name=", 5)) {
1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165
			const char *name = token + 5;
			/* Can't specify an empty name */
			if (!strlen(name))
				return -EINVAL;
			/* Must match [\w.-]+ */
			for (i = 0; i < strlen(name); i++) {
				char c = name[i];
				if (isalnum(c))
					continue;
				if ((c == '.') || (c == '-') || (c == '_'))
					continue;
				return -EINVAL;
			}
			/* Specifying two names is forbidden */
			if (opts->name)
				return -EINVAL;
			opts->name = kstrndup(name,
1166
					      MAX_CGROUP_ROOT_NAMELEN - 1,
1167 1168 1169
					      GFP_KERNEL);
			if (!opts->name)
				return -ENOMEM;
1170 1171 1172 1173

			continue;
		}

1174
		for_each_subsys(ss, i) {
1175 1176 1177 1178 1179 1180 1181 1182
			if (strcmp(token, ss->name))
				continue;
			if (ss->disabled)
				continue;

			/* Mutually exclusive option 'all' + subsystem name */
			if (all_ss)
				return -EINVAL;
1183
			set_bit(i, &opts->subsys_mask);
1184 1185 1186 1187 1188 1189 1190 1191 1192 1193
			one_ss = true;

			break;
		}
		if (i == CGROUP_SUBSYS_COUNT)
			return -ENOENT;
	}

	/*
	 * If the 'all' option was specified select all the subsystems,
1194 1195
	 * otherwise if 'none', 'name=' and a subsystem name options
	 * were not specified, let's default to 'all'
1196
	 */
1197 1198 1199 1200
	if (all_ss || (!one_ss && !opts->none && !opts->name))
		for_each_subsys(ss, i)
			if (!ss->disabled)
				set_bit(i, &opts->subsys_mask);
1201

1202 1203
	/* Consistency checks */

1204 1205 1206
	if (opts->flags & CGRP_ROOT_SANE_BEHAVIOR) {
		pr_warning("cgroup: sane_behavior: this is still under development and its behaviors will change, proceed at your own risk\n");

1207 1208 1209 1210
		if ((opts->flags & (CGRP_ROOT_NOPREFIX | CGRP_ROOT_XATTR)) ||
		    opts->cpuset_clone_children || opts->release_agent ||
		    opts->name) {
			pr_err("cgroup: sane_behavior: noprefix, xattr, clone_children, release_agent and name are not allowed\n");
1211 1212 1213 1214
			return -EINVAL;
		}
	}

1215 1216 1217 1218 1219
	/*
	 * Option noprefix was introduced just for backward compatibility
	 * with the old cpuset, so we allow noprefix only if mounting just
	 * the cpuset subsystem.
	 */
1220
	if ((opts->flags & CGRP_ROOT_NOPREFIX) && (opts->subsys_mask & mask))
1221 1222
		return -EINVAL;

1223 1224

	/* Can't specify "none" and some subsystems */
1225
	if (opts->subsys_mask && opts->none)
1226 1227 1228 1229 1230 1231
		return -EINVAL;

	/*
	 * We either have to specify by name or by subsystems. (So all
	 * empty hierarchies must have a name).
	 */
1232
	if (!opts->subsys_mask && !opts->name)
1233 1234 1235 1236 1237
		return -EINVAL;

	return 0;
}

T
Tejun Heo 已提交
1238
static int cgroup_remount(struct kernfs_root *kf_root, int *flags, char *data)
1239 1240
{
	int ret = 0;
T
Tejun Heo 已提交
1241
	struct cgroupfs_root *root = cgroup_root_from_kf(kf_root);
1242
	struct cgroup_sb_opts opts;
1243
	unsigned long added_mask, removed_mask;
1244

1245 1246 1247 1248 1249
	if (root->flags & CGRP_ROOT_SANE_BEHAVIOR) {
		pr_err("cgroup: sane_behavior: remount is not allowed\n");
		return -EINVAL;
	}

T
Tejun Heo 已提交
1250
	mutex_lock(&cgroup_tree_mutex);
1251 1252 1253 1254 1255 1256 1257
	mutex_lock(&cgroup_mutex);

	/* See what subsystems are wanted */
	ret = parse_cgroupfs_options(data, &opts);
	if (ret)
		goto out_unlock;

1258
	if (opts.subsys_mask != root->subsys_mask || opts.release_agent)
1259 1260 1261
		pr_warning("cgroup: option changes via remount are deprecated (pid=%d comm=%s)\n",
			   task_tgid_nr(current), current->comm);

1262 1263
	added_mask = opts.subsys_mask & ~root->subsys_mask;
	removed_mask = root->subsys_mask & ~opts.subsys_mask;
1264

B
Ben Blum 已提交
1265
	/* Don't allow flags or name to change at remount */
1266
	if (((opts.flags ^ root->flags) & CGRP_ROOT_OPTION_MASK) ||
B
Ben Blum 已提交
1267
	    (opts.name && strcmp(opts.name, root->name))) {
1268 1269 1270
		pr_err("cgroup: option or name mismatch, new: 0x%lx \"%s\", old: 0x%lx \"%s\"\n",
		       opts.flags & CGRP_ROOT_OPTION_MASK, opts.name ?: "",
		       root->flags & CGRP_ROOT_OPTION_MASK, root->name);
1271 1272 1273 1274
		ret = -EINVAL;
		goto out_unlock;
	}

1275
	/* remounting is not allowed for populated hierarchies */
1276
	if (!list_empty(&root->top_cgroup.children)) {
1277
		ret = -EBUSY;
1278
		goto out_unlock;
B
Ben Blum 已提交
1279
	}
1280

1281
	ret = rebind_subsystems(root, added_mask, removed_mask);
1282
	if (ret)
1283
		goto out_unlock;
1284

1285 1286
	if (opts.release_agent) {
		spin_lock(&release_agent_path_lock);
1287
		strcpy(root->release_agent_path, opts.release_agent);
1288 1289
		spin_unlock(&release_agent_path_lock);
	}
1290
 out_unlock:
1291
	kfree(opts.release_agent);
1292
	kfree(opts.name);
1293
	mutex_unlock(&cgroup_mutex);
T
Tejun Heo 已提交
1294
	mutex_unlock(&cgroup_tree_mutex);
1295 1296 1297
	return ret;
}

1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309
/*
 * To reduce the fork() overhead for systems that are not actually using
 * their cgroups capability, we don't maintain the lists running through
 * each css_set to its tasks until we see the list actually used - in other
 * words after the first mount.
 */
static bool use_task_css_set_links __read_mostly;

static void cgroup_enable_task_cg_lists(void)
{
	struct task_struct *p, *g;

1310
	down_write(&css_set_rwsem);
1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334

	if (use_task_css_set_links)
		goto out_unlock;

	use_task_css_set_links = true;

	/*
	 * We need tasklist_lock because RCU is not safe against
	 * while_each_thread(). Besides, a forking task that has passed
	 * cgroup_post_fork() without seeing use_task_css_set_links = 1
	 * is not guaranteed to have its child immediately visible in the
	 * tasklist if we walk through it with RCU.
	 */
	read_lock(&tasklist_lock);
	do_each_thread(g, p) {
		task_lock(p);

		WARN_ON_ONCE(!list_empty(&p->cg_list) ||
			     task_css_set(p) != &init_css_set);

		/*
		 * We should check if the process is exiting, otherwise
		 * it will race with cgroup_exit() in that the list
		 * entry won't be deleted though the process has exited.
1335 1336
		 * Do it while holding siglock so that we don't end up
		 * racing against cgroup_exit().
1337
		 */
1338
		spin_lock_irq(&p->sighand->siglock);
1339 1340
		if (!(p->flags & PF_EXITING))
			list_add(&p->cg_list, &task_css_set(p)->tasks);
1341
		spin_unlock_irq(&p->sighand->siglock);
1342 1343 1344 1345 1346

		task_unlock(p);
	} while_each_thread(g, p);
	read_unlock(&tasklist_lock);
out_unlock:
1347
	up_write(&css_set_rwsem);
1348 1349
}

1350 1351
static void init_cgroup_housekeeping(struct cgroup *cgrp)
{
T
Tejun Heo 已提交
1352
	atomic_set(&cgrp->refcnt, 1);
1353 1354
	INIT_LIST_HEAD(&cgrp->sibling);
	INIT_LIST_HEAD(&cgrp->children);
1355
	INIT_LIST_HEAD(&cgrp->cset_links);
1356
	INIT_LIST_HEAD(&cgrp->release_list);
1357 1358
	INIT_LIST_HEAD(&cgrp->pidlists);
	mutex_init(&cgrp->pidlist_mutex);
T
Tejun Heo 已提交
1359
	cgrp->dummy_css.cgroup = cgrp;
1360
}
1361

1362 1363
static void init_cgroup_root(struct cgroupfs_root *root)
{
1364
	struct cgroup *cgrp = &root->top_cgroup;
1365

1366
	INIT_LIST_HEAD(&root->root_list);
1367
	atomic_set(&root->nr_cgrps, 1);
1368
	cgrp->root = root;
1369
	init_cgroup_housekeeping(cgrp);
1370
	idr_init(&root->cgroup_idr);
1371 1372
}

1373 1374 1375 1376
static struct cgroupfs_root *cgroup_root_from_opts(struct cgroup_sb_opts *opts)
{
	struct cgroupfs_root *root;

1377
	if (!opts->subsys_mask && !opts->none)
T
Tejun Heo 已提交
1378
		return ERR_PTR(-EINVAL);
1379 1380 1381 1382 1383 1384

	root = kzalloc(sizeof(*root), GFP_KERNEL);
	if (!root)
		return ERR_PTR(-ENOMEM);

	init_cgroup_root(root);
1385

1386 1387 1388 1389 1390
	root->flags = opts->flags;
	if (opts->release_agent)
		strcpy(root->release_agent_path, opts->release_agent);
	if (opts->name)
		strcpy(root->name, opts->name);
1391 1392
	if (opts->cpuset_clone_children)
		set_bit(CGRP_CPUSET_CLONE_CHILDREN, &root->top_cgroup.flags);
1393 1394 1395
	return root;
}

T
Tejun Heo 已提交
1396
static int cgroup_setup_root(struct cgroupfs_root *root, unsigned long ss_mask)
1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407
{
	LIST_HEAD(tmp_links);
	struct cgroup *root_cgrp = &root->top_cgroup;
	struct css_set *cset;
	int i, ret;

	lockdep_assert_held(&cgroup_tree_mutex);
	lockdep_assert_held(&cgroup_mutex);

	ret = idr_alloc(&root->cgroup_idr, root_cgrp, 0, 1, GFP_KERNEL);
	if (ret < 0)
T
Tejun Heo 已提交
1408
		goto out;
1409 1410 1411
	root_cgrp->id = ret;

	/*
1412
	 * We're accessing css_set_count without locking css_set_rwsem here,
1413 1414 1415 1416 1417 1418
	 * but that's OK - it can only be increased by someone holding
	 * cgroup_lock, and that's us. The worst that can happen is that we
	 * have some link structures left over
	 */
	ret = allocate_cgrp_cset_links(css_set_count, &tmp_links);
	if (ret)
T
Tejun Heo 已提交
1419
		goto out;
1420 1421 1422 1423

	/* ID 0 is reserved for dummy root, 1 for unified hierarchy */
	ret = cgroup_init_root_id(root, 2, 0);
	if (ret)
T
Tejun Heo 已提交
1424
		goto out;
1425

T
Tejun Heo 已提交
1426 1427 1428 1429 1430 1431 1432 1433
	root->kf_root = kernfs_create_root(&cgroup_kf_syscall_ops,
					   KERNFS_ROOT_CREATE_DEACTIVATED,
					   root_cgrp);
	if (IS_ERR(root->kf_root)) {
		ret = PTR_ERR(root->kf_root);
		goto exit_root_id;
	}
	root_cgrp->kn = root->kf_root->kn;
1434 1435 1436

	ret = cgroup_addrm_files(root_cgrp, cgroup_base_files, true);
	if (ret)
T
Tejun Heo 已提交
1437
		goto destroy_root;
1438

T
Tejun Heo 已提交
1439
	ret = rebind_subsystems(root, ss_mask, 0);
1440
	if (ret)
T
Tejun Heo 已提交
1441
		goto destroy_root;
1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454

	/*
	 * There must be no failure case after here, since rebinding takes
	 * care of subsystems' refcounts, which are explicitly dropped in
	 * the failure exit path.
	 */
	list_add(&root->root_list, &cgroup_roots);
	cgroup_root_count++;

	/*
	 * Link the top cgroup in this hierarchy into all the css_set
	 * objects.
	 */
1455
	down_write(&css_set_rwsem);
1456 1457
	hash_for_each(css_set_table, i, cset, hlist)
		link_css_set(&tmp_links, cset, root_cgrp);
1458
	up_write(&css_set_rwsem);
1459 1460

	BUG_ON(!list_empty(&root_cgrp->children));
1461
	BUG_ON(atomic_read(&root->nr_cgrps) != 1);
1462

T
Tejun Heo 已提交
1463
	kernfs_activate(root_cgrp->kn);
1464
	ret = 0;
T
Tejun Heo 已提交
1465
	goto out;
1466

T
Tejun Heo 已提交
1467 1468 1469 1470
destroy_root:
	kernfs_destroy_root(root->kf_root);
	root->kf_root = NULL;
exit_root_id:
1471
	cgroup_exit_root_id(root);
T
Tejun Heo 已提交
1472
out:
1473 1474 1475 1476
	free_cgrp_cset_links(&tmp_links);
	return ret;
}

A
Al Viro 已提交
1477
static struct dentry *cgroup_mount(struct file_system_type *fs_type,
1478
			 int flags, const char *unused_dev_name,
A
Al Viro 已提交
1479
			 void *data)
1480
{
T
Tejun Heo 已提交
1481
	struct cgroupfs_root *root;
1482
	struct cgroup_sb_opts opts;
T
Tejun Heo 已提交
1483
	struct dentry *dentry;
1484
	int ret;
1485 1486 1487 1488 1489 1490 1491

	/*
	 * The first time anyone tries to mount a cgroup, enable the list
	 * linking each css_set to its tasks and fix up all existing tasks.
	 */
	if (!use_task_css_set_links)
		cgroup_enable_task_cg_lists();
T
Tejun Heo 已提交
1492
retry:
1493
	mutex_lock(&cgroup_tree_mutex);
B
Ben Blum 已提交
1494
	mutex_lock(&cgroup_mutex);
1495 1496

	/* First find the desired set of subsystems */
1497
	ret = parse_cgroupfs_options(data, &opts);
1498
	if (ret)
1499
		goto out_unlock;
1500

T
Tejun Heo 已提交
1501 1502 1503
	/* look for a matching existing root */
	for_each_active_root(root) {
		bool name_match = false;
1504

T
Tejun Heo 已提交
1505 1506 1507 1508 1509 1510 1511 1512 1513 1514
		/*
		 * If we asked for a name then it must match.  Also, if
		 * name matches but sybsys_mask doesn't, we should fail.
		 * Remember whether name matched.
		 */
		if (opts.name) {
			if (strcmp(opts.name, root->name))
				continue;
			name_match = true;
		}
1515

1516
		/*
T
Tejun Heo 已提交
1517 1518
		 * If we asked for subsystems (or explicitly for no
		 * subsystems) then they must match.
1519
		 */
T
Tejun Heo 已提交
1520 1521 1522 1523 1524 1525 1526
		if ((opts.subsys_mask || opts.none) &&
		    (opts.subsys_mask != root->subsys_mask)) {
			if (!name_match)
				continue;
			ret = -EBUSY;
			goto out_unlock;
		}
1527

1528
		if ((root->flags ^ opts.flags) & CGRP_ROOT_OPTION_MASK) {
1529 1530 1531
			if ((root->flags | opts.flags) & CGRP_ROOT_SANE_BEHAVIOR) {
				pr_err("cgroup: sane_behavior: new mount options should match the existing superblock\n");
				ret = -EINVAL;
1532
				goto out_unlock;
1533 1534 1535
			} else {
				pr_warning("cgroup: new mount options do not match the existing superblock, will be ignored\n");
			}
1536
		}
T
Tejun Heo 已提交
1537

T
Tejun Heo 已提交
1538 1539 1540 1541 1542 1543 1544 1545 1546 1547
		/*
		 * A root's lifetime is governed by its top cgroup.  Zero
		 * ref indicate that the root is being destroyed.  Wait for
		 * destruction to complete so that the subsystems are free.
		 * We can use wait_queue for the wait but this path is
		 * super cold.  Let's just sleep for a bit and retry.
		 */
		if (!atomic_inc_not_zero(&root->top_cgroup.refcnt)) {
			mutex_unlock(&cgroup_mutex);
			mutex_unlock(&cgroup_tree_mutex);
1548 1549
			kfree(opts.release_agent);
			kfree(opts.name);
T
Tejun Heo 已提交
1550 1551 1552 1553 1554
			msleep(10);
			goto retry;
		}

		ret = 0;
T
Tejun Heo 已提交
1555
		goto out_unlock;
1556 1557
	}

T
Tejun Heo 已提交
1558 1559 1560 1561 1562 1563 1564
	/* no such thing, create a new one */
	root = cgroup_root_from_opts(&opts);
	if (IS_ERR(root)) {
		ret = PTR_ERR(root);
		goto out_unlock;
	}

T
Tejun Heo 已提交
1565
	ret = cgroup_setup_root(root, opts.subsys_mask);
T
Tejun Heo 已提交
1566 1567 1568
	if (ret)
		cgroup_free_root(root);

1569
out_unlock:
T
Tejun Heo 已提交
1570
	mutex_unlock(&cgroup_mutex);
T
Tejun Heo 已提交
1571
	mutex_unlock(&cgroup_tree_mutex);
1572

1573 1574
	kfree(opts.release_agent);
	kfree(opts.name);
1575

T
Tejun Heo 已提交
1576
	if (ret)
1577
		return ERR_PTR(ret);
T
Tejun Heo 已提交
1578 1579 1580

	dentry = kernfs_mount(fs_type, flags, root->kf_root);
	if (IS_ERR(dentry))
T
Tejun Heo 已提交
1581
		cgroup_put(&root->top_cgroup);
T
Tejun Heo 已提交
1582 1583 1584 1585 1586 1587 1588 1589
	return dentry;
}

static void cgroup_kill_sb(struct super_block *sb)
{
	struct kernfs_root *kf_root = kernfs_root_from_sb(sb);
	struct cgroupfs_root *root = cgroup_root_from_kf(kf_root);

T
Tejun Heo 已提交
1590
	cgroup_put(&root->top_cgroup);
T
Tejun Heo 已提交
1591
	kernfs_kill_sb(sb);
1592 1593 1594 1595
}

static struct file_system_type cgroup_fs_type = {
	.name = "cgroup",
A
Al Viro 已提交
1596
	.mount = cgroup_mount,
1597 1598 1599
	.kill_sb = cgroup_kill_sb,
};

1600 1601
static struct kobject *cgroup_kobj;

1602
/**
1603
 * task_cgroup_path - cgroup path of a task in the first cgroup hierarchy
1604 1605 1606 1607
 * @task: target task
 * @buf: the buffer to write the path into
 * @buflen: the length of the buffer
 *
1608 1609 1610 1611 1612
 * Determine @task's cgroup on the first (the one with the lowest non-zero
 * hierarchy_id) cgroup hierarchy and copy its path into @buf.  This
 * function grabs cgroup_mutex and shouldn't be used inside locks used by
 * cgroup controller callbacks.
 *
T
Tejun Heo 已提交
1613
 * Return value is the same as kernfs_path().
1614
 */
T
Tejun Heo 已提交
1615
char *task_cgroup_path(struct task_struct *task, char *buf, size_t buflen)
1616 1617
{
	struct cgroupfs_root *root;
1618
	struct cgroup *cgrp;
T
Tejun Heo 已提交
1619 1620
	int hierarchy_id = 1;
	char *path = NULL;
1621 1622

	mutex_lock(&cgroup_mutex);
1623
	down_read(&css_set_rwsem);
1624

1625 1626
	root = idr_get_next(&cgroup_hierarchy_idr, &hierarchy_id);

1627 1628
	if (root) {
		cgrp = task_cgroup_from_root(task, root);
T
Tejun Heo 已提交
1629
		path = cgroup_path(cgrp, buf, buflen);
1630 1631
	} else {
		/* if no hierarchy exists, everyone is in "/" */
T
Tejun Heo 已提交
1632 1633
		if (strlcpy(buf, "/", buflen) < buflen)
			path = buf;
1634 1635
	}

1636
	up_read(&css_set_rwsem);
1637
	mutex_unlock(&cgroup_mutex);
T
Tejun Heo 已提交
1638
	return path;
1639
}
1640
EXPORT_SYMBOL_GPL(task_cgroup_path);
1641

1642
/* used to track tasks and other necessary states during migration */
1643
struct cgroup_taskset {
1644 1645 1646 1647 1648 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661
	/* the src and dst cset list running through cset->mg_node */
	struct list_head	src_csets;
	struct list_head	dst_csets;

	/*
	 * Fields for cgroup_taskset_*() iteration.
	 *
	 * Before migration is committed, the target migration tasks are on
	 * ->mg_tasks of the csets on ->src_csets.  After, on ->mg_tasks of
	 * the csets on ->dst_csets.  ->csets point to either ->src_csets
	 * or ->dst_csets depending on whether migration is committed.
	 *
	 * ->cur_csets and ->cur_task point to the current task position
	 * during iteration.
	 */
	struct list_head	*csets;
	struct css_set		*cur_cset;
	struct task_struct	*cur_task;
1662 1663 1664 1665 1666 1667 1668 1669 1670 1671
};

/**
 * cgroup_taskset_first - reset taskset and return the first task
 * @tset: taskset of interest
 *
 * @tset iteration is initialized and the first task is returned.
 */
struct task_struct *cgroup_taskset_first(struct cgroup_taskset *tset)
{
1672 1673 1674 1675
	tset->cur_cset = list_first_entry(tset->csets, struct css_set, mg_node);
	tset->cur_task = NULL;

	return cgroup_taskset_next(tset);
1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686
}

/**
 * cgroup_taskset_next - iterate to the next task in taskset
 * @tset: taskset of interest
 *
 * Return the next task in @tset.  Iteration must have been initialized
 * with cgroup_taskset_first().
 */
struct task_struct *cgroup_taskset_next(struct cgroup_taskset *tset)
{
1687 1688
	struct css_set *cset = tset->cur_cset;
	struct task_struct *task = tset->cur_task;
1689

1690 1691 1692 1693 1694 1695
	while (&cset->mg_node != tset->csets) {
		if (!task)
			task = list_first_entry(&cset->mg_tasks,
						struct task_struct, cg_list);
		else
			task = list_next_entry(task, cg_list);
1696

1697 1698 1699 1700 1701 1702 1703 1704 1705 1706 1707
		if (&task->cg_list != &cset->mg_tasks) {
			tset->cur_cset = cset;
			tset->cur_task = task;
			return task;
		}

		cset = list_next_entry(cset, mg_node);
		task = NULL;
	}

	return NULL;
1708 1709
}

1710
/**
B
Ben Blum 已提交
1711
 * cgroup_task_migrate - move a task from one cgroup to another.
1712 1713 1714
 * @old_cgrp; the cgroup @tsk is being migrated from
 * @tsk: the task being migrated
 * @new_cset: the new css_set @tsk is being attached to
B
Ben Blum 已提交
1715
 *
1716
 * Must be called with cgroup_mutex, threadgroup and css_set_rwsem locked.
B
Ben Blum 已提交
1717
 */
1718 1719 1720
static void cgroup_task_migrate(struct cgroup *old_cgrp,
				struct task_struct *tsk,
				struct css_set *new_cset)
B
Ben Blum 已提交
1721
{
1722
	struct css_set *old_cset;
B
Ben Blum 已提交
1723

1724 1725 1726
	lockdep_assert_held(&cgroup_mutex);
	lockdep_assert_held(&css_set_rwsem);

B
Ben Blum 已提交
1727
	/*
1728 1729 1730
	 * We are synchronized through threadgroup_lock() against PF_EXITING
	 * setting such that we can't race against cgroup_exit() changing the
	 * css_set to init_css_set and dropping the old one.
B
Ben Blum 已提交
1731
	 */
1732
	WARN_ON_ONCE(tsk->flags & PF_EXITING);
1733
	old_cset = task_css_set(tsk);
B
Ben Blum 已提交
1734

1735 1736
	get_css_set(new_cset);

B
Ben Blum 已提交
1737
	task_lock(tsk);
1738
	rcu_assign_pointer(tsk->cgroups, new_cset);
B
Ben Blum 已提交
1739 1740
	task_unlock(tsk);

1741
	list_move(&tsk->cg_list, &new_cset->mg_tasks);
B
Ben Blum 已提交
1742 1743

	/*
1744 1745 1746
	 * We just gained a reference on old_cset by taking it from the
	 * task. As trading it for new_cset is protected by cgroup_mutex,
	 * we're safe to drop it here; it will be freed under RCU.
B
Ben Blum 已提交
1747
	 */
1748
	set_bit(CGRP_RELEASABLE, &old_cgrp->flags);
1749
	put_css_set_locked(old_cset, false);
B
Ben Blum 已提交
1750 1751
}

L
Li Zefan 已提交
1752
/**
1753
 * cgroup_attach_task - attach a task or a whole threadgroup to a cgroup
B
Ben Blum 已提交
1754
 * @cgrp: the cgroup to attach to
1755
 * @leader: the task or the leader of the threadgroup to be attached
1756
 * @threadgroup: attach the whole threadgroup?
B
Ben Blum 已提交
1757
 *
1758
 * Call holding cgroup_mutex and the group_rwsem of the leader. Will take
1759
 * task_lock of @tsk or each thread in the threadgroup individually in turn.
B
Ben Blum 已提交
1760
 */
1761
static int cgroup_attach_task(struct cgroup *cgrp, struct task_struct *leader,
T
Tejun Heo 已提交
1762
			      bool threadgroup)
B
Ben Blum 已提交
1763
{
1764 1765 1766 1767 1768
	struct cgroup_taskset tset = {
		.src_csets	= LIST_HEAD_INIT(tset.src_csets),
		.dst_csets	= LIST_HEAD_INIT(tset.dst_csets),
		.csets		= &tset.src_csets,
	};
T
Tejun Heo 已提交
1769
	struct cgroup_subsys_state *css, *failed_css = NULL;
1770 1771 1772
	struct css_set *cset, *tmp_cset;
	struct task_struct *task, *tmp_task;
	int i, ret;
B
Ben Blum 已提交
1773

1774 1775 1776 1777 1778
	/*
	 * Prevent freeing of tasks while we take a snapshot. Tasks that are
	 * already PF_EXITING could be freed from underneath us unless we
	 * take an rcu_read_lock.
	 */
1779
	down_write(&css_set_rwsem);
1780
	rcu_read_lock();
1781
	task = leader;
B
Ben Blum 已提交
1782
	do {
1783
		struct cgroup *src_cgrp;
1784

1785 1786
		/* @task either already exited or can't exit until the end */
		if (task->flags & PF_EXITING)
1787
			goto next;
1788

1789 1790 1791
		cset = task_css_set(task);
		src_cgrp = task_cgroup_from_root(task, cgrp->root);

1792
		/* nothing to do if this task is already in the cgroup */
1793
		if (src_cgrp == cgrp)
1794
			goto next;
1795 1796 1797 1798 1799 1800 1801 1802 1803 1804 1805

		if (!cset->mg_src_cgrp) {
			WARN_ON(!list_empty(&cset->mg_tasks));
			WARN_ON(!list_empty(&cset->mg_node));

			cset->mg_src_cgrp = src_cgrp;
			list_add(&cset->mg_node, &tset.src_csets);
			get_css_set(cset);
		}

		list_move(&task->cg_list, &cset->mg_tasks);
1806
	next:
1807 1808
		if (!threadgroup)
			break;
1809
	} while_each_thread(leader, task);
1810
	rcu_read_unlock();
1811
	up_write(&css_set_rwsem);
B
Ben Blum 已提交
1812

1813
	/* methods shouldn't be called if no task is actually migrating */
1814 1815
	if (list_empty(&tset.src_csets))
		return 0;
1816

B
Ben Blum 已提交
1817 1818 1819
	/*
	 * step 1: check that we can legitimately attach to the cgroup.
	 */
T
Tejun Heo 已提交
1820 1821
	for_each_css(css, i, cgrp) {
		if (css->ss->can_attach) {
1822 1823
			ret = css->ss->can_attach(css, &tset);
			if (ret) {
T
Tejun Heo 已提交
1824
				failed_css = css;
B
Ben Blum 已提交
1825 1826 1827 1828 1829 1830 1831 1832 1833
				goto out_cancel_attach;
			}
		}
	}

	/*
	 * step 2: make sure css_sets exist for all threads to be migrated.
	 * we use find_css_set, which allocates a new one if necessary.
	 */
1834 1835
	list_for_each_entry(cset, &tset.src_csets, mg_node) {
		struct css_set *dst_cset;
1836

1837 1838
		dst_cset = find_css_set(cset, cgrp);
		if (!dst_cset) {
1839
			ret = -ENOMEM;
1840
			goto out_release_tset;
B
Ben Blum 已提交
1841
		}
1842 1843 1844 1845 1846 1847 1848

		if (list_empty(&dst_cset->mg_node))
			list_add(&dst_cset->mg_node, &tset.dst_csets);
		else
			put_css_set(dst_cset, false);

		cset->mg_dst_cset = dst_cset;
B
Ben Blum 已提交
1849 1850 1851
	}

	/*
1852 1853 1854
	 * step 3: now that we're guaranteed success wrt the css_sets,
	 * proceed to move all tasks to the new cgroup.  There are no
	 * failure cases after here, so this is the commit point.
B
Ben Blum 已提交
1855
	 */
1856
	down_write(&css_set_rwsem);
1857 1858 1859 1860
	list_for_each_entry(cset, &tset.src_csets, mg_node) {
		list_for_each_entry_safe(task, tmp_task, &cset->mg_tasks, cg_list)
			cgroup_task_migrate(cset->mg_src_cgrp, task,
					    cset->mg_dst_cset);
B
Ben Blum 已提交
1861
	}
1862
	up_write(&css_set_rwsem);
1863 1864 1865 1866 1867

	/* migration is committed, all target tasks are now on dst_csets */
	tset.csets = &tset.dst_csets;

	/* nothing is sensitive to fork() after this point */
B
Ben Blum 已提交
1868 1869

	/*
1870
	 * step 4: do subsystem attach callbacks.
B
Ben Blum 已提交
1871
	 */
T
Tejun Heo 已提交
1872 1873 1874
	for_each_css(css, i, cgrp)
		if (css->ss->attach)
			css->ss->attach(css, &tset);
B
Ben Blum 已提交
1875

1876
	ret = 0;
1877 1878
	goto out_release_tset;

B
Ben Blum 已提交
1879
out_cancel_attach:
1880 1881 1882 1883 1884
	for_each_css(css, i, cgrp) {
		if (css == failed_css)
			break;
		if (css->ss->cancel_attach)
			css->ss->cancel_attach(css, &tset);
B
Ben Blum 已提交
1885
	}
1886 1887 1888 1889 1890 1891 1892 1893 1894 1895 1896
out_release_tset:
	down_write(&css_set_rwsem);
	list_splice_init(&tset.dst_csets, &tset.src_csets);
	list_for_each_entry_safe(cset, tmp_cset, &tset.src_csets, mg_node) {
		list_splice_init(&cset->mg_tasks, &cset->tasks);
		cset->mg_dst_cset = NULL;
		cset->mg_src_cgrp = NULL;
		list_del_init(&cset->mg_node);
		put_css_set_locked(cset, false);
	}
	up_write(&css_set_rwsem);
1897
	return ret;
B
Ben Blum 已提交
1898 1899 1900 1901
}

/*
 * Find the task_struct of the task to attach by vpid and pass it along to the
1902 1903
 * function to attach either it or all tasks in its threadgroup. Will lock
 * cgroup_mutex and threadgroup; may take task_lock of task.
1904
 */
B
Ben Blum 已提交
1905
static int attach_task_by_pid(struct cgroup *cgrp, u64 pid, bool threadgroup)
1906 1907
{
	struct task_struct *tsk;
1908
	const struct cred *cred = current_cred(), *tcred;
1909 1910
	int ret;

B
Ben Blum 已提交
1911 1912 1913
	if (!cgroup_lock_live_group(cgrp))
		return -ENODEV;

1914 1915
retry_find_task:
	rcu_read_lock();
1916
	if (pid) {
1917
		tsk = find_task_by_vpid(pid);
B
Ben Blum 已提交
1918 1919
		if (!tsk) {
			rcu_read_unlock();
S
SeongJae Park 已提交
1920
			ret = -ESRCH;
1921
			goto out_unlock_cgroup;
1922
		}
B
Ben Blum 已提交
1923 1924 1925 1926
		/*
		 * even if we're attaching all tasks in the thread group, we
		 * only need to check permissions on one of them.
		 */
1927
		tcred = __task_cred(tsk);
1928 1929 1930
		if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
		    !uid_eq(cred->euid, tcred->uid) &&
		    !uid_eq(cred->euid, tcred->suid)) {
1931
			rcu_read_unlock();
1932 1933
			ret = -EACCES;
			goto out_unlock_cgroup;
1934
		}
1935 1936
	} else
		tsk = current;
1937 1938

	if (threadgroup)
1939
		tsk = tsk->group_leader;
1940 1941

	/*
1942
	 * Workqueue threads may acquire PF_NO_SETAFFINITY and become
1943 1944 1945
	 * trapped in a cpuset, or RT worker may be born in a cgroup
	 * with no rt_runtime allocated.  Just say no.
	 */
1946
	if (tsk == kthreadd_task || (tsk->flags & PF_NO_SETAFFINITY)) {
1947 1948 1949 1950 1951
		ret = -EINVAL;
		rcu_read_unlock();
		goto out_unlock_cgroup;
	}

1952 1953 1954 1955 1956 1957 1958 1959 1960 1961 1962 1963 1964 1965 1966 1967 1968
	get_task_struct(tsk);
	rcu_read_unlock();

	threadgroup_lock(tsk);
	if (threadgroup) {
		if (!thread_group_leader(tsk)) {
			/*
			 * a race with de_thread from another thread's exec()
			 * may strip us of our leadership, if this happens,
			 * there is no choice but to throw this task away and
			 * try again; this is
			 * "double-double-toil-and-trouble-check locking".
			 */
			threadgroup_unlock(tsk);
			put_task_struct(tsk);
			goto retry_find_task;
		}
1969 1970 1971 1972
	}

	ret = cgroup_attach_task(cgrp, tsk, threadgroup);

1973 1974
	threadgroup_unlock(tsk);

1975
	put_task_struct(tsk);
1976
out_unlock_cgroup:
T
Tejun Heo 已提交
1977
	mutex_unlock(&cgroup_mutex);
1978 1979 1980
	return ret;
}

1981 1982 1983 1984 1985 1986 1987 1988 1989 1990
/**
 * cgroup_attach_task_all - attach task 'tsk' to all cgroups of task 'from'
 * @from: attach to all cgroups of a given task
 * @tsk: the task to be attached
 */
int cgroup_attach_task_all(struct task_struct *from, struct task_struct *tsk)
{
	struct cgroupfs_root *root;
	int retval = 0;

T
Tejun Heo 已提交
1991
	mutex_lock(&cgroup_mutex);
1992
	for_each_active_root(root) {
1993 1994 1995 1996 1997
		struct cgroup *from_cgrp;

		down_read(&css_set_rwsem);
		from_cgrp = task_cgroup_from_root(from, root);
		up_read(&css_set_rwsem);
1998

L
Li Zefan 已提交
1999
		retval = cgroup_attach_task(from_cgrp, tsk, false);
2000 2001 2002
		if (retval)
			break;
	}
T
Tejun Heo 已提交
2003
	mutex_unlock(&cgroup_mutex);
2004 2005 2006 2007 2008

	return retval;
}
EXPORT_SYMBOL_GPL(cgroup_attach_task_all);

2009 2010
static int cgroup_tasks_write(struct cgroup_subsys_state *css,
			      struct cftype *cft, u64 pid)
B
Ben Blum 已提交
2011
{
2012
	return attach_task_by_pid(css->cgroup, pid, false);
B
Ben Blum 已提交
2013 2014
}

2015 2016
static int cgroup_procs_write(struct cgroup_subsys_state *css,
			      struct cftype *cft, u64 tgid)
2017
{
2018
	return attach_task_by_pid(css->cgroup, tgid, true);
2019 2020
}

2021 2022
static int cgroup_release_agent_write(struct cgroup_subsys_state *css,
				      struct cftype *cft, const char *buffer)
2023
{
2024 2025 2026
	struct cgroupfs_root *root = css->cgroup->root;

	BUILD_BUG_ON(sizeof(root->release_agent_path) < PATH_MAX);
2027
	if (!cgroup_lock_live_group(css->cgroup))
2028
		return -ENODEV;
2029
	spin_lock(&release_agent_path_lock);
2030 2031
	strlcpy(root->release_agent_path, buffer,
		sizeof(root->release_agent_path));
2032
	spin_unlock(&release_agent_path_lock);
T
Tejun Heo 已提交
2033
	mutex_unlock(&cgroup_mutex);
2034 2035 2036
	return 0;
}

2037
static int cgroup_release_agent_show(struct seq_file *seq, void *v)
2038
{
2039
	struct cgroup *cgrp = seq_css(seq)->cgroup;
2040

2041 2042 2043 2044
	if (!cgroup_lock_live_group(cgrp))
		return -ENODEV;
	seq_puts(seq, cgrp->root->release_agent_path);
	seq_putc(seq, '\n');
T
Tejun Heo 已提交
2045
	mutex_unlock(&cgroup_mutex);
2046 2047 2048
	return 0;
}

2049
static int cgroup_sane_behavior_show(struct seq_file *seq, void *v)
2050
{
2051 2052 2053
	struct cgroup *cgrp = seq_css(seq)->cgroup;

	seq_printf(seq, "%d\n", cgroup_sane_behavior(cgrp));
2054 2055 2056
	return 0;
}

T
Tejun Heo 已提交
2057 2058
static ssize_t cgroup_file_write(struct kernfs_open_file *of, char *buf,
				 size_t nbytes, loff_t off)
2059
{
T
Tejun Heo 已提交
2060 2061 2062
	struct cgroup *cgrp = of->kn->parent->priv;
	struct cftype *cft = of->kn->priv;
	struct cgroup_subsys_state *css;
2063
	int ret;
2064

T
Tejun Heo 已提交
2065 2066 2067 2068 2069 2070 2071 2072 2073
	/*
	 * kernfs guarantees that a file isn't deleted with operations in
	 * flight, which means that the matching css is and stays alive and
	 * doesn't need to be pinned.  The RCU locking is not necessary
	 * either.  It's just for the convenience of using cgroup_css().
	 */
	rcu_read_lock();
	css = cgroup_css(cgrp, cft->ss);
	rcu_read_unlock();
2074 2075 2076 2077 2078 2079 2080 2081 2082 2083 2084 2085 2086 2087 2088

	if (cft->write_string) {
		ret = cft->write_string(css, cft, strstrip(buf));
	} else if (cft->write_u64) {
		unsigned long long v;
		ret = kstrtoull(buf, 0, &v);
		if (!ret)
			ret = cft->write_u64(css, cft, v);
	} else if (cft->write_s64) {
		long long v;
		ret = kstrtoll(buf, 0, &v);
		if (!ret)
			ret = cft->write_s64(css, cft, v);
	} else if (cft->trigger) {
		ret = cft->trigger(css, (unsigned int)cft->private);
2089
	} else {
2090
		ret = -EINVAL;
2091
	}
T
Tejun Heo 已提交
2092

2093
	return ret ?: nbytes;
2094 2095
}

2096
static void *cgroup_seqfile_start(struct seq_file *seq, loff_t *ppos)
2097
{
T
Tejun Heo 已提交
2098
	return seq_cft(seq)->seq_start(seq, ppos);
2099 2100
}

2101
static void *cgroup_seqfile_next(struct seq_file *seq, void *v, loff_t *ppos)
2102
{
T
Tejun Heo 已提交
2103
	return seq_cft(seq)->seq_next(seq, v, ppos);
2104 2105
}

2106
static void cgroup_seqfile_stop(struct seq_file *seq, void *v)
2107
{
T
Tejun Heo 已提交
2108
	seq_cft(seq)->seq_stop(seq, v);
2109 2110
}

2111
static int cgroup_seqfile_show(struct seq_file *m, void *arg)
2112
{
2113 2114
	struct cftype *cft = seq_cft(m);
	struct cgroup_subsys_state *css = seq_css(m);
2115

2116 2117
	if (cft->seq_show)
		return cft->seq_show(m, arg);
2118

2119
	if (cft->read_u64)
2120 2121 2122 2123 2124 2125
		seq_printf(m, "%llu\n", cft->read_u64(css, cft));
	else if (cft->read_s64)
		seq_printf(m, "%lld\n", cft->read_s64(css, cft));
	else
		return -EINVAL;
	return 0;
2126 2127
}

T
Tejun Heo 已提交
2128 2129 2130 2131
static struct kernfs_ops cgroup_kf_single_ops = {
	.atomic_write_len	= PAGE_SIZE,
	.write			= cgroup_file_write,
	.seq_show		= cgroup_seqfile_show,
2132 2133
};

T
Tejun Heo 已提交
2134 2135 2136 2137 2138 2139 2140 2141
static struct kernfs_ops cgroup_kf_ops = {
	.atomic_write_len	= PAGE_SIZE,
	.write			= cgroup_file_write,
	.seq_start		= cgroup_seqfile_start,
	.seq_next		= cgroup_seqfile_next,
	.seq_stop		= cgroup_seqfile_stop,
	.seq_show		= cgroup_seqfile_show,
};
2142 2143 2144 2145

/*
 * cgroup_rename - Only allow simple rename of directories in place.
 */
T
Tejun Heo 已提交
2146 2147
static int cgroup_rename(struct kernfs_node *kn, struct kernfs_node *new_parent,
			 const char *new_name_str)
2148
{
T
Tejun Heo 已提交
2149 2150
	struct cgroup *cgrp = kn->priv;
	int ret;
2151

T
Tejun Heo 已提交
2152
	if (kernfs_type(kn) != KERNFS_DIR)
2153
		return -ENOTDIR;
T
Tejun Heo 已提交
2154
	if (kn->parent != new_parent)
2155
		return -EIO;
2156

2157 2158 2159 2160 2161 2162 2163
	/*
	 * This isn't a proper migration and its usefulness is very
	 * limited.  Disallow if sane_behavior.
	 */
	if (cgroup_sane_behavior(cgrp))
		return -EPERM;

T
Tejun Heo 已提交
2164 2165 2166 2167
	mutex_lock(&cgroup_tree_mutex);
	mutex_lock(&cgroup_mutex);

	ret = kernfs_rename(kn, new_parent, new_name_str);
2168

T
Tejun Heo 已提交
2169 2170 2171
	mutex_unlock(&cgroup_mutex);
	mutex_unlock(&cgroup_tree_mutex);
	return ret;
2172 2173
}

2174
static int cgroup_add_file(struct cgroup *cgrp, struct cftype *cft)
2175
{
T
Tejun Heo 已提交
2176
	char name[CGROUP_FILE_NAME_MAX];
T
Tejun Heo 已提交
2177 2178
	struct kernfs_node *kn;
	struct lock_class_key *key = NULL;
T
Tejun Heo 已提交
2179

T
Tejun Heo 已提交
2180 2181 2182 2183 2184 2185
#ifdef CONFIG_DEBUG_LOCK_ALLOC
	key = &cft->lockdep_key;
#endif
	kn = __kernfs_create_file(cgrp->kn, cgroup_file_name(cgrp, cft, name),
				  cgroup_file_mode(cft), 0, cft->kf_ops, cft,
				  NULL, false, key);
F
Fengguang Wu 已提交
2186
	return PTR_ERR_OR_ZERO(kn);
2187 2188
}

2189 2190 2191 2192 2193 2194 2195
/**
 * cgroup_addrm_files - add or remove files to a cgroup directory
 * @cgrp: the target cgroup
 * @cfts: array of cftypes to be added
 * @is_add: whether to add or remove
 *
 * Depending on @is_add, add or remove files defined by @cfts on @cgrp.
2196 2197 2198
 * For removals, this function never fails.  If addition fails, this
 * function doesn't remove files already added.  The caller is responsible
 * for cleaning up.
2199
 */
2200 2201
static int cgroup_addrm_files(struct cgroup *cgrp, struct cftype cfts[],
			      bool is_add)
2202
{
A
Aristeu Rozanski 已提交
2203
	struct cftype *cft;
2204 2205
	int ret;

T
Tejun Heo 已提交
2206
	lockdep_assert_held(&cgroup_tree_mutex);
T
Tejun Heo 已提交
2207 2208

	for (cft = cfts; cft->name[0] != '\0'; cft++) {
2209
		/* does cft->flags tell us to skip this file on @cgrp? */
2210 2211
		if ((cft->flags & CFTYPE_INSANE) && cgroup_sane_behavior(cgrp))
			continue;
2212 2213 2214 2215 2216
		if ((cft->flags & CFTYPE_NOT_ON_ROOT) && !cgrp->parent)
			continue;
		if ((cft->flags & CFTYPE_ONLY_ON_ROOT) && cgrp->parent)
			continue;

2217
		if (is_add) {
2218
			ret = cgroup_add_file(cgrp, cft);
2219
			if (ret) {
2220
				pr_warn("cgroup_addrm_files: failed to add %s, err=%d\n",
2221 2222 2223
					cft->name, ret);
				return ret;
			}
2224 2225
		} else {
			cgroup_rm_file(cgrp, cft);
T
Tejun Heo 已提交
2226
		}
2227
	}
2228
	return 0;
2229 2230
}

2231
static int cgroup_apply_cftypes(struct cftype *cfts, bool is_add)
2232 2233
{
	LIST_HEAD(pending);
2234
	struct cgroup_subsys *ss = cfts[0].ss;
2235 2236
	struct cgroup *root = &ss->root->top_cgroup;
	struct cgroup_subsys_state *css;
2237
	int ret = 0;
2238

2239
	lockdep_assert_held(&cgroup_tree_mutex);
2240

2241 2242
	/* don't bother if @ss isn't attached */
	if (ss->root == &cgroup_dummy_root)
2243
		return 0;
2244 2245

	/* add/rm files for all cgroups created before */
2246
	css_for_each_descendant_pre(css, cgroup_css(root, ss)) {
2247 2248
		struct cgroup *cgrp = css->cgroup;

2249 2250 2251
		if (cgroup_is_dead(cgrp))
			continue;

2252
		ret = cgroup_addrm_files(cgrp, cfts, is_add);
2253 2254
		if (ret)
			break;
2255
	}
2256 2257 2258

	if (is_add && !ret)
		kernfs_activate(root->kn);
2259
	return ret;
2260 2261
}

2262 2263 2264 2265
static void cgroup_exit_cftypes(struct cftype *cfts)
{
	struct cftype *cft;

T
Tejun Heo 已提交
2266 2267 2268 2269 2270
	for (cft = cfts; cft->name[0] != '\0'; cft++) {
		/* free copy for custom atomic_write_len, see init_cftypes() */
		if (cft->max_write_len && cft->max_write_len != PAGE_SIZE)
			kfree(cft->kf_ops);
		cft->kf_ops = NULL;
2271
		cft->ss = NULL;
T
Tejun Heo 已提交
2272
	}
2273 2274
}

T
Tejun Heo 已提交
2275
static int cgroup_init_cftypes(struct cgroup_subsys *ss, struct cftype *cfts)
2276 2277 2278
{
	struct cftype *cft;

T
Tejun Heo 已提交
2279 2280 2281
	for (cft = cfts; cft->name[0] != '\0'; cft++) {
		struct kernfs_ops *kf_ops;

T
Tejun Heo 已提交
2282 2283
		WARN_ON(cft->ss || cft->kf_ops);

T
Tejun Heo 已提交
2284 2285 2286 2287 2288 2289 2290 2291 2292 2293 2294 2295 2296 2297 2298 2299 2300 2301 2302
		if (cft->seq_start)
			kf_ops = &cgroup_kf_ops;
		else
			kf_ops = &cgroup_kf_single_ops;

		/*
		 * Ugh... if @cft wants a custom max_write_len, we need to
		 * make a copy of kf_ops to set its atomic_write_len.
		 */
		if (cft->max_write_len && cft->max_write_len != PAGE_SIZE) {
			kf_ops = kmemdup(kf_ops, sizeof(*kf_ops), GFP_KERNEL);
			if (!kf_ops) {
				cgroup_exit_cftypes(cfts);
				return -ENOMEM;
			}
			kf_ops->atomic_write_len = cft->max_write_len;
		}

		cft->kf_ops = kf_ops;
2303
		cft->ss = ss;
T
Tejun Heo 已提交
2304 2305 2306
	}

	return 0;
2307 2308
}

2309 2310 2311 2312 2313 2314 2315 2316 2317 2318 2319 2320 2321
static int cgroup_rm_cftypes_locked(struct cftype *cfts)
{
	lockdep_assert_held(&cgroup_tree_mutex);

	if (!cfts || !cfts[0].ss)
		return -ENOENT;

	list_del(&cfts->node);
	cgroup_apply_cftypes(cfts, false);
	cgroup_exit_cftypes(cfts);
	return 0;
}

T
Tejun Heo 已提交
2322 2323 2324 2325 2326 2327 2328 2329 2330 2331 2332 2333 2334
/**
 * cgroup_rm_cftypes - remove an array of cftypes from a subsystem
 * @cfts: zero-length name terminated array of cftypes
 *
 * Unregister @cfts.  Files described by @cfts are removed from all
 * existing cgroups and all future cgroups won't have them either.  This
 * function can be called anytime whether @cfts' subsys is attached or not.
 *
 * Returns 0 on successful unregistration, -ENOENT if @cfts is not
 * registered.
 */
int cgroup_rm_cftypes(struct cftype *cfts)
{
2335
	int ret;
T
Tejun Heo 已提交
2336

2337 2338 2339 2340
	mutex_lock(&cgroup_tree_mutex);
	ret = cgroup_rm_cftypes_locked(cfts);
	mutex_unlock(&cgroup_tree_mutex);
	return ret;
T
Tejun Heo 已提交
2341 2342
}

2343 2344 2345 2346 2347 2348 2349 2350 2351 2352 2353 2354 2355 2356
/**
 * cgroup_add_cftypes - add an array of cftypes to a subsystem
 * @ss: target cgroup subsystem
 * @cfts: zero-length name terminated array of cftypes
 *
 * Register @cfts to @ss.  Files described by @cfts are created for all
 * existing cgroups to which @ss is attached and all future cgroups will
 * have them too.  This function can be called anytime whether @ss is
 * attached or not.
 *
 * Returns 0 on successful registration, -errno on failure.  Note that this
 * function currently returns 0 as long as @cfts registration is successful
 * even if some file creation attempts on existing cgroups fail.
 */
A
Aristeu Rozanski 已提交
2357
int cgroup_add_cftypes(struct cgroup_subsys *ss, struct cftype *cfts)
2358
{
2359
	int ret;
2360

2361 2362 2363
	if (!cfts || cfts[0].name[0] == '\0')
		return 0;

T
Tejun Heo 已提交
2364 2365 2366
	ret = cgroup_init_cftypes(ss, cfts);
	if (ret)
		return ret;
2367

2368 2369
	mutex_lock(&cgroup_tree_mutex);

T
Tejun Heo 已提交
2370
	list_add_tail(&cfts->node, &ss->cfts);
2371
	ret = cgroup_apply_cftypes(cfts, true);
2372
	if (ret)
2373 2374 2375
		cgroup_rm_cftypes_locked(cfts);

	mutex_unlock(&cgroup_tree_mutex);
2376
	return ret;
2377 2378
}

L
Li Zefan 已提交
2379 2380 2381 2382 2383 2384
/**
 * cgroup_task_count - count the number of tasks in a cgroup.
 * @cgrp: the cgroup in question
 *
 * Return the number of tasks in the cgroup.
 */
2385
static int cgroup_task_count(const struct cgroup *cgrp)
2386 2387
{
	int count = 0;
2388
	struct cgrp_cset_link *link;
2389

2390
	down_read(&css_set_rwsem);
2391 2392
	list_for_each_entry(link, &cgrp->cset_links, cset_link)
		count += atomic_read(&link->cset->refcount);
2393
	up_read(&css_set_rwsem);
2394 2395 2396
	return count;
}

2397
/**
2398 2399 2400
 * css_next_child - find the next child of a given css
 * @pos_css: the current position (%NULL to initiate traversal)
 * @parent_css: css whose children to walk
2401
 *
2402
 * This function returns the next child of @parent_css and should be called
2403 2404 2405
 * under either cgroup_mutex or RCU read lock.  The only requirement is
 * that @parent_css and @pos_css are accessible.  The next sibling is
 * guaranteed to be returned regardless of their states.
2406
 */
2407 2408 2409
struct cgroup_subsys_state *
css_next_child(struct cgroup_subsys_state *pos_css,
	       struct cgroup_subsys_state *parent_css)
2410
{
2411 2412
	struct cgroup *pos = pos_css ? pos_css->cgroup : NULL;
	struct cgroup *cgrp = parent_css->cgroup;
2413 2414
	struct cgroup *next;

T
Tejun Heo 已提交
2415
	cgroup_assert_mutexes_or_rcu_locked();
2416 2417 2418 2419

	/*
	 * @pos could already have been removed.  Once a cgroup is removed,
	 * its ->sibling.next is no longer updated when its next sibling
2420 2421 2422 2423 2424 2425 2426
	 * changes.  As CGRP_DEAD assertion is serialized and happens
	 * before the cgroup is taken off the ->sibling list, if we see it
	 * unasserted, it's guaranteed that the next sibling hasn't
	 * finished its grace period even if it's already removed, and thus
	 * safe to dereference from this RCU critical section.  If
	 * ->sibling.next is inaccessible, cgroup_is_dead() is guaranteed
	 * to be visible as %true here.
2427 2428 2429 2430 2431 2432 2433 2434
	 *
	 * If @pos is dead, its next pointer can't be dereferenced;
	 * however, as each cgroup is given a monotonically increasing
	 * unique serial number and always appended to the sibling list,
	 * the next one can be found by walking the parent's children until
	 * we see a cgroup with higher serial number than @pos's.  While
	 * this path can be slower, it's taken only when either the current
	 * cgroup is removed or iteration and removal race.
2435
	 */
2436 2437 2438
	if (!pos) {
		next = list_entry_rcu(cgrp->children.next, struct cgroup, sibling);
	} else if (likely(!cgroup_is_dead(pos))) {
2439
		next = list_entry_rcu(pos->sibling.next, struct cgroup, sibling);
2440 2441 2442 2443
	} else {
		list_for_each_entry_rcu(next, &cgrp->children, sibling)
			if (next->serial_nr > pos->serial_nr)
				break;
2444 2445
	}

2446 2447 2448
	if (&next->sibling == &cgrp->children)
		return NULL;

2449
	return cgroup_css(next, parent_css->ss);
2450 2451
}

2452
/**
2453
 * css_next_descendant_pre - find the next descendant for pre-order walk
2454
 * @pos: the current position (%NULL to initiate traversal)
2455
 * @root: css whose descendants to walk
2456
 *
2457
 * To be used by css_for_each_descendant_pre().  Find the next descendant
2458 2459
 * to visit for pre-order traversal of @root's descendants.  @root is
 * included in the iteration and the first node to be visited.
2460
 *
2461 2462 2463 2464
 * While this function requires cgroup_mutex or RCU read locking, it
 * doesn't require the whole traversal to be contained in a single critical
 * section.  This function will return the correct next descendant as long
 * as both @pos and @root are accessible and @pos is a descendant of @root.
2465
 */
2466 2467 2468
struct cgroup_subsys_state *
css_next_descendant_pre(struct cgroup_subsys_state *pos,
			struct cgroup_subsys_state *root)
2469
{
2470
	struct cgroup_subsys_state *next;
2471

T
Tejun Heo 已提交
2472
	cgroup_assert_mutexes_or_rcu_locked();
2473

2474
	/* if first iteration, visit @root */
2475
	if (!pos)
2476
		return root;
2477 2478

	/* visit the first child if exists */
2479
	next = css_next_child(NULL, pos);
2480 2481 2482 2483
	if (next)
		return next;

	/* no child, visit my or the closest ancestor's next sibling */
2484 2485
	while (pos != root) {
		next = css_next_child(pos, css_parent(pos));
2486
		if (next)
2487
			return next;
2488
		pos = css_parent(pos);
2489
	}
2490 2491 2492 2493

	return NULL;
}

2494
/**
2495 2496
 * css_rightmost_descendant - return the rightmost descendant of a css
 * @pos: css of interest
2497
 *
2498 2499
 * Return the rightmost descendant of @pos.  If there's no descendant, @pos
 * is returned.  This can be used during pre-order traversal to skip
2500
 * subtree of @pos.
2501
 *
2502 2503 2504 2505
 * While this function requires cgroup_mutex or RCU read locking, it
 * doesn't require the whole traversal to be contained in a single critical
 * section.  This function will return the correct rightmost descendant as
 * long as @pos is accessible.
2506
 */
2507 2508
struct cgroup_subsys_state *
css_rightmost_descendant(struct cgroup_subsys_state *pos)
2509
{
2510
	struct cgroup_subsys_state *last, *tmp;
2511

T
Tejun Heo 已提交
2512
	cgroup_assert_mutexes_or_rcu_locked();
2513 2514 2515 2516 2517

	do {
		last = pos;
		/* ->prev isn't RCU safe, walk ->next till the end */
		pos = NULL;
2518
		css_for_each_child(tmp, last)
2519 2520 2521 2522 2523 2524
			pos = tmp;
	} while (pos);

	return last;
}

2525 2526
static struct cgroup_subsys_state *
css_leftmost_descendant(struct cgroup_subsys_state *pos)
2527
{
2528
	struct cgroup_subsys_state *last;
2529 2530 2531

	do {
		last = pos;
2532
		pos = css_next_child(NULL, pos);
2533 2534 2535 2536 2537 2538
	} while (pos);

	return last;
}

/**
2539
 * css_next_descendant_post - find the next descendant for post-order walk
2540
 * @pos: the current position (%NULL to initiate traversal)
2541
 * @root: css whose descendants to walk
2542
 *
2543
 * To be used by css_for_each_descendant_post().  Find the next descendant
2544 2545
 * to visit for post-order traversal of @root's descendants.  @root is
 * included in the iteration and the last node to be visited.
2546
 *
2547 2548 2549 2550 2551
 * While this function requires cgroup_mutex or RCU read locking, it
 * doesn't require the whole traversal to be contained in a single critical
 * section.  This function will return the correct next descendant as long
 * as both @pos and @cgroup are accessible and @pos is a descendant of
 * @cgroup.
2552
 */
2553 2554 2555
struct cgroup_subsys_state *
css_next_descendant_post(struct cgroup_subsys_state *pos,
			 struct cgroup_subsys_state *root)
2556
{
2557
	struct cgroup_subsys_state *next;
2558

T
Tejun Heo 已提交
2559
	cgroup_assert_mutexes_or_rcu_locked();
2560

2561 2562 2563
	/* if first iteration, visit leftmost descendant which may be @root */
	if (!pos)
		return css_leftmost_descendant(root);
2564

2565 2566 2567 2568
	/* if we visited @root, we're done */
	if (pos == root)
		return NULL;

2569
	/* if there's an unvisited sibling, visit its leftmost descendant */
2570
	next = css_next_child(pos, css_parent(pos));
2571
	if (next)
2572
		return css_leftmost_descendant(next);
2573 2574

	/* no sibling left, visit parent */
2575
	return css_parent(pos);
2576 2577
}

2578
/**
2579
 * css_advance_task_iter - advance a task itererator to the next css_set
2580 2581 2582
 * @it: the iterator to advance
 *
 * Advance @it to the next css_set to walk.
2583
 */
2584
static void css_advance_task_iter(struct css_task_iter *it)
2585 2586 2587 2588 2589 2590 2591 2592
{
	struct list_head *l = it->cset_link;
	struct cgrp_cset_link *link;
	struct css_set *cset;

	/* Advance to the next non-empty css_set */
	do {
		l = l->next;
2593
		if (l == &it->origin_css->cgroup->cset_links) {
2594 2595 2596 2597 2598
			it->cset_link = NULL;
			return;
		}
		link = list_entry(l, struct cgrp_cset_link, cset_link);
		cset = link->cset;
T
Tejun Heo 已提交
2599 2600
	} while (list_empty(&cset->tasks) && list_empty(&cset->mg_tasks));

2601
	it->cset_link = l;
T
Tejun Heo 已提交
2602 2603 2604 2605 2606

	if (!list_empty(&cset->tasks))
		it->task = cset->tasks.next;
	else
		it->task = cset->mg_tasks.next;
2607 2608
}

2609
/**
2610 2611
 * css_task_iter_start - initiate task iteration
 * @css: the css to walk tasks of
2612 2613
 * @it: the task iterator to use
 *
2614 2615 2616 2617
 * Initiate iteration through the tasks of @css.  The caller can call
 * css_task_iter_next() to walk through the tasks until the function
 * returns NULL.  On completion of iteration, css_task_iter_end() must be
 * called.
2618 2619 2620 2621 2622
 *
 * Note that this function acquires a lock which is released when the
 * iteration finishes.  The caller can't sleep while iteration is in
 * progress.
 */
2623 2624
void css_task_iter_start(struct cgroup_subsys_state *css,
			 struct css_task_iter *it)
2625
	__acquires(css_set_rwsem)
2626
{
2627 2628
	/* no one should try to iterate before mounting cgroups */
	WARN_ON_ONCE(!use_task_css_set_links);
2629

2630
	down_read(&css_set_rwsem);
2631

2632 2633
	it->origin_css = css;
	it->cset_link = &css->cgroup->cset_links;
2634

2635
	css_advance_task_iter(it);
2636 2637
}

2638
/**
2639
 * css_task_iter_next - return the next task for the iterator
2640 2641 2642
 * @it: the task iterator being iterated
 *
 * The "next" function for task iteration.  @it should have been
2643 2644
 * initialized via css_task_iter_start().  Returns NULL when the iteration
 * reaches the end.
2645
 */
2646
struct task_struct *css_task_iter_next(struct css_task_iter *it)
2647 2648 2649
{
	struct task_struct *res;
	struct list_head *l = it->task;
T
Tejun Heo 已提交
2650 2651
	struct cgrp_cset_link *link = list_entry(it->cset_link,
					struct cgrp_cset_link, cset_link);
2652 2653

	/* If the iterator cg is NULL, we have no tasks */
2654
	if (!it->cset_link)
2655 2656
		return NULL;
	res = list_entry(l, struct task_struct, cg_list);
T
Tejun Heo 已提交
2657 2658 2659 2660 2661 2662

	/*
	 * Advance iterator to find next entry.  cset->tasks is consumed
	 * first and then ->mg_tasks.  After ->mg_tasks, we move onto the
	 * next cset.
	 */
2663
	l = l->next;
T
Tejun Heo 已提交
2664 2665 2666 2667 2668

	if (l == &link->cset->tasks)
		l = link->cset->mg_tasks.next;

	if (l == &link->cset->mg_tasks)
2669
		css_advance_task_iter(it);
T
Tejun Heo 已提交
2670
	else
2671
		it->task = l;
T
Tejun Heo 已提交
2672

2673 2674 2675
	return res;
}

2676
/**
2677
 * css_task_iter_end - finish task iteration
2678 2679
 * @it: the task iterator to finish
 *
2680
 * Finish task iteration started by css_task_iter_start().
2681
 */
2682
void css_task_iter_end(struct css_task_iter *it)
2683
	__releases(css_set_rwsem)
2684
{
2685
	up_read(&css_set_rwsem);
2686 2687
}

2688 2689 2690 2691 2692 2693 2694
/**
 * cgroup_trasnsfer_tasks - move tasks from one cgroup to another
 * @to: cgroup to which the tasks will be moved
 * @from: cgroup in which the tasks currently reside
 */
int cgroup_transfer_tasks(struct cgroup *to, struct cgroup *from)
{
2695 2696 2697 2698 2699 2700 2701 2702 2703 2704 2705 2706 2707 2708 2709 2710 2711 2712 2713 2714
	struct css_task_iter it;
	struct task_struct *task;
	int ret = 0;

	do {
		css_task_iter_start(&from->dummy_css, &it);
		task = css_task_iter_next(&it);
		if (task)
			get_task_struct(task);
		css_task_iter_end(&it);

		if (task) {
			mutex_lock(&cgroup_mutex);
			ret = cgroup_attach_task(to, task, false);
			mutex_unlock(&cgroup_mutex);
			put_task_struct(task);
		}
	} while (task && !ret);

	return ret;
2715 2716
}

2717
/*
2718
 * Stuff for reading the 'tasks'/'procs' files.
2719 2720 2721 2722 2723 2724 2725 2726
 *
 * Reading this file can return large amounts of data if a cgroup has
 * *lots* of attached tasks. So it may need several calls to read(),
 * but we cannot guarantee that the information we produce is correct
 * unless we produce it entirely atomically.
 *
 */

2727 2728 2729 2730 2731 2732 2733 2734 2735 2736 2737 2738 2739 2740 2741 2742 2743 2744 2745 2746 2747 2748 2749 2750 2751 2752
/* which pidlist file are we talking about? */
enum cgroup_filetype {
	CGROUP_FILE_PROCS,
	CGROUP_FILE_TASKS,
};

/*
 * A pidlist is a list of pids that virtually represents the contents of one
 * of the cgroup files ("procs" or "tasks"). We keep a list of such pidlists,
 * a pair (one each for procs, tasks) for each pid namespace that's relevant
 * to the cgroup.
 */
struct cgroup_pidlist {
	/*
	 * used to find which pidlist is wanted. doesn't change as long as
	 * this particular list stays in the list.
	*/
	struct { enum cgroup_filetype type; struct pid_namespace *ns; } key;
	/* array of xids */
	pid_t *list;
	/* how many elements the above list has */
	int length;
	/* each of these stored in a list by its cgroup */
	struct list_head links;
	/* pointer to the cgroup we belong to, for list removal purposes */
	struct cgroup *owner;
2753 2754
	/* for delayed destruction */
	struct delayed_work destroy_dwork;
2755 2756
};

2757 2758 2759 2760 2761 2762 2763 2764 2765 2766 2767 2768 2769
/*
 * The following two functions "fix" the issue where there are more pids
 * than kmalloc will give memory for; in such cases, we use vmalloc/vfree.
 * TODO: replace with a kernel-wide solution to this problem
 */
#define PIDLIST_TOO_LARGE(c) ((c) * sizeof(pid_t) > (PAGE_SIZE * 2))
static void *pidlist_allocate(int count)
{
	if (PIDLIST_TOO_LARGE(count))
		return vmalloc(count * sizeof(pid_t));
	else
		return kmalloc(count * sizeof(pid_t), GFP_KERNEL);
}
2770

2771 2772 2773 2774 2775 2776 2777 2778
static void pidlist_free(void *p)
{
	if (is_vmalloc_addr(p))
		vfree(p);
	else
		kfree(p);
}

2779 2780 2781 2782 2783 2784 2785 2786 2787 2788 2789 2790 2791 2792 2793 2794 2795 2796 2797 2798 2799 2800 2801 2802 2803 2804 2805
/*
 * Used to destroy all pidlists lingering waiting for destroy timer.  None
 * should be left afterwards.
 */
static void cgroup_pidlist_destroy_all(struct cgroup *cgrp)
{
	struct cgroup_pidlist *l, *tmp_l;

	mutex_lock(&cgrp->pidlist_mutex);
	list_for_each_entry_safe(l, tmp_l, &cgrp->pidlists, links)
		mod_delayed_work(cgroup_pidlist_destroy_wq, &l->destroy_dwork, 0);
	mutex_unlock(&cgrp->pidlist_mutex);

	flush_workqueue(cgroup_pidlist_destroy_wq);
	BUG_ON(!list_empty(&cgrp->pidlists));
}

static void cgroup_pidlist_destroy_work_fn(struct work_struct *work)
{
	struct delayed_work *dwork = to_delayed_work(work);
	struct cgroup_pidlist *l = container_of(dwork, struct cgroup_pidlist,
						destroy_dwork);
	struct cgroup_pidlist *tofree = NULL;

	mutex_lock(&l->owner->pidlist_mutex);

	/*
2806 2807
	 * Destroy iff we didn't get queued again.  The state won't change
	 * as destroy_dwork can only be queued while locked.
2808
	 */
2809
	if (!delayed_work_pending(dwork)) {
2810 2811 2812 2813 2814 2815 2816 2817 2818 2819
		list_del(&l->links);
		pidlist_free(l->list);
		put_pid_ns(l->key.ns);
		tofree = l;
	}

	mutex_unlock(&l->owner->pidlist_mutex);
	kfree(tofree);
}

2820
/*
2821
 * pidlist_uniq - given a kmalloc()ed list, strip out all duplicate entries
2822
 * Returns the number of unique elements.
2823
 */
2824
static int pidlist_uniq(pid_t *list, int length)
2825
{
2826 2827 2828 2829 2830 2831 2832 2833 2834 2835 2836 2837 2838 2839 2840 2841 2842 2843 2844 2845 2846 2847 2848 2849
	int src, dest = 1;

	/*
	 * we presume the 0th element is unique, so i starts at 1. trivial
	 * edge cases first; no work needs to be done for either
	 */
	if (length == 0 || length == 1)
		return length;
	/* src and dest walk down the list; dest counts unique elements */
	for (src = 1; src < length; src++) {
		/* find next unique element */
		while (list[src] == list[src-1]) {
			src++;
			if (src == length)
				goto after;
		}
		/* dest always points to where the next unique element goes */
		list[dest] = list[src];
		dest++;
	}
after:
	return dest;
}

2850 2851 2852 2853 2854 2855 2856 2857 2858 2859 2860 2861 2862 2863 2864 2865 2866 2867 2868 2869 2870 2871 2872 2873 2874 2875 2876 2877 2878 2879 2880 2881 2882
/*
 * The two pid files - task and cgroup.procs - guaranteed that the result
 * is sorted, which forced this whole pidlist fiasco.  As pid order is
 * different per namespace, each namespace needs differently sorted list,
 * making it impossible to use, for example, single rbtree of member tasks
 * sorted by task pointer.  As pidlists can be fairly large, allocating one
 * per open file is dangerous, so cgroup had to implement shared pool of
 * pidlists keyed by cgroup and namespace.
 *
 * All this extra complexity was caused by the original implementation
 * committing to an entirely unnecessary property.  In the long term, we
 * want to do away with it.  Explicitly scramble sort order if
 * sane_behavior so that no such expectation exists in the new interface.
 *
 * Scrambling is done by swapping every two consecutive bits, which is
 * non-identity one-to-one mapping which disturbs sort order sufficiently.
 */
static pid_t pid_fry(pid_t pid)
{
	unsigned a = pid & 0x55555555;
	unsigned b = pid & 0xAAAAAAAA;

	return (a << 1) | (b >> 1);
}

static pid_t cgroup_pid_fry(struct cgroup *cgrp, pid_t pid)
{
	if (cgroup_sane_behavior(cgrp))
		return pid_fry(pid);
	else
		return pid;
}

2883 2884 2885 2886 2887
static int cmppid(const void *a, const void *b)
{
	return *(pid_t *)a - *(pid_t *)b;
}

2888 2889 2890 2891 2892
static int fried_cmppid(const void *a, const void *b)
{
	return pid_fry(*(pid_t *)a) - pid_fry(*(pid_t *)b);
}

T
Tejun Heo 已提交
2893 2894 2895 2896 2897 2898 2899 2900 2901 2902 2903 2904 2905 2906 2907
static struct cgroup_pidlist *cgroup_pidlist_find(struct cgroup *cgrp,
						  enum cgroup_filetype type)
{
	struct cgroup_pidlist *l;
	/* don't need task_nsproxy() if we're looking at ourself */
	struct pid_namespace *ns = task_active_pid_ns(current);

	lockdep_assert_held(&cgrp->pidlist_mutex);

	list_for_each_entry(l, &cgrp->pidlists, links)
		if (l->key.type == type && l->key.ns == ns)
			return l;
	return NULL;
}

2908 2909 2910 2911 2912 2913
/*
 * find the appropriate pidlist for our purpose (given procs vs tasks)
 * returns with the lock on that pidlist already held, and takes care
 * of the use count, or returns NULL with no locks held if we're out of
 * memory.
 */
T
Tejun Heo 已提交
2914 2915
static struct cgroup_pidlist *cgroup_pidlist_find_create(struct cgroup *cgrp,
						enum cgroup_filetype type)
2916 2917
{
	struct cgroup_pidlist *l;
2918

T
Tejun Heo 已提交
2919 2920 2921 2922 2923 2924
	lockdep_assert_held(&cgrp->pidlist_mutex);

	l = cgroup_pidlist_find(cgrp, type);
	if (l)
		return l;

2925
	/* entry not found; create a new one */
2926
	l = kzalloc(sizeof(struct cgroup_pidlist), GFP_KERNEL);
T
Tejun Heo 已提交
2927
	if (!l)
2928
		return l;
T
Tejun Heo 已提交
2929

2930
	INIT_DELAYED_WORK(&l->destroy_dwork, cgroup_pidlist_destroy_work_fn);
2931
	l->key.type = type;
T
Tejun Heo 已提交
2932 2933
	/* don't need task_nsproxy() if we're looking at ourself */
	l->key.ns = get_pid_ns(task_active_pid_ns(current));
2934 2935 2936 2937 2938
	l->owner = cgrp;
	list_add(&l->links, &cgrp->pidlists);
	return l;
}

2939 2940 2941
/*
 * Load a cgroup's pidarray with either procs' tgids or tasks' pids
 */
2942 2943
static int pidlist_array_load(struct cgroup *cgrp, enum cgroup_filetype type,
			      struct cgroup_pidlist **lp)
2944 2945 2946 2947
{
	pid_t *array;
	int length;
	int pid, n = 0; /* used for populating the array */
2948
	struct css_task_iter it;
2949
	struct task_struct *tsk;
2950 2951
	struct cgroup_pidlist *l;

2952 2953
	lockdep_assert_held(&cgrp->pidlist_mutex);

2954 2955 2956 2957 2958 2959 2960
	/*
	 * If cgroup gets more users after we read count, we won't have
	 * enough space - tough.  This race is indistinguishable to the
	 * caller from the case that the additional cgroup users didn't
	 * show up until sometime later on.
	 */
	length = cgroup_task_count(cgrp);
2961
	array = pidlist_allocate(length);
2962 2963 2964
	if (!array)
		return -ENOMEM;
	/* now, populate the array */
2965 2966
	css_task_iter_start(&cgrp->dummy_css, &it);
	while ((tsk = css_task_iter_next(&it))) {
2967
		if (unlikely(n == length))
2968
			break;
2969
		/* get tgid or pid for procs or tasks file respectively */
2970 2971 2972 2973
		if (type == CGROUP_FILE_PROCS)
			pid = task_tgid_vnr(tsk);
		else
			pid = task_pid_vnr(tsk);
2974 2975
		if (pid > 0) /* make sure to only use valid results */
			array[n++] = pid;
2976
	}
2977
	css_task_iter_end(&it);
2978 2979
	length = n;
	/* now sort & (if procs) strip out duplicates */
2980 2981 2982 2983
	if (cgroup_sane_behavior(cgrp))
		sort(array, length, sizeof(pid_t), fried_cmppid, NULL);
	else
		sort(array, length, sizeof(pid_t), cmppid, NULL);
2984
	if (type == CGROUP_FILE_PROCS)
2985
		length = pidlist_uniq(array, length);
T
Tejun Heo 已提交
2986 2987

	l = cgroup_pidlist_find_create(cgrp, type);
2988
	if (!l) {
T
Tejun Heo 已提交
2989
		mutex_unlock(&cgrp->pidlist_mutex);
2990
		pidlist_free(array);
2991
		return -ENOMEM;
2992
	}
T
Tejun Heo 已提交
2993 2994

	/* store array, freeing old if necessary */
2995
	pidlist_free(l->list);
2996 2997
	l->list = array;
	l->length = length;
2998
	*lp = l;
2999
	return 0;
3000 3001
}

B
Balbir Singh 已提交
3002
/**
L
Li Zefan 已提交
3003
 * cgroupstats_build - build and fill cgroupstats
B
Balbir Singh 已提交
3004 3005 3006
 * @stats: cgroupstats to fill information into
 * @dentry: A dentry entry belonging to the cgroup for which stats have
 * been requested.
L
Li Zefan 已提交
3007 3008 3009
 *
 * Build and fill cgroupstats so that taskstats can export it to user
 * space.
B
Balbir Singh 已提交
3010 3011 3012
 */
int cgroupstats_build(struct cgroupstats *stats, struct dentry *dentry)
{
T
Tejun Heo 已提交
3013
	struct kernfs_node *kn = kernfs_node_from_dentry(dentry);
3014
	struct cgroup *cgrp;
3015
	struct css_task_iter it;
B
Balbir Singh 已提交
3016
	struct task_struct *tsk;
3017

T
Tejun Heo 已提交
3018 3019 3020 3021 3022
	/* it should be kernfs_node belonging to cgroupfs and is a directory */
	if (dentry->d_sb->s_type != &cgroup_fs_type || !kn ||
	    kernfs_type(kn) != KERNFS_DIR)
		return -EINVAL;

3023 3024
	mutex_lock(&cgroup_mutex);

B
Balbir Singh 已提交
3025
	/*
T
Tejun Heo 已提交
3026 3027 3028
	 * We aren't being called from kernfs and there's no guarantee on
	 * @kn->priv's validity.  For this and css_tryget_from_dir(),
	 * @kn->priv is RCU safe.  Let's do the RCU dancing.
B
Balbir Singh 已提交
3029
	 */
T
Tejun Heo 已提交
3030 3031
	rcu_read_lock();
	cgrp = rcu_dereference(kn->priv);
3032
	if (!cgrp || cgroup_is_dead(cgrp)) {
T
Tejun Heo 已提交
3033
		rcu_read_unlock();
3034
		mutex_unlock(&cgroup_mutex);
T
Tejun Heo 已提交
3035 3036
		return -ENOENT;
	}
3037
	rcu_read_unlock();
B
Balbir Singh 已提交
3038

3039 3040
	css_task_iter_start(&cgrp->dummy_css, &it);
	while ((tsk = css_task_iter_next(&it))) {
B
Balbir Singh 已提交
3041 3042 3043 3044 3045 3046 3047 3048 3049 3050 3051 3052 3053 3054 3055 3056 3057 3058 3059
		switch (tsk->state) {
		case TASK_RUNNING:
			stats->nr_running++;
			break;
		case TASK_INTERRUPTIBLE:
			stats->nr_sleeping++;
			break;
		case TASK_UNINTERRUPTIBLE:
			stats->nr_uninterruptible++;
			break;
		case TASK_STOPPED:
			stats->nr_stopped++;
			break;
		default:
			if (delayacct_is_task_waiting_on_io(tsk))
				stats->nr_io_wait++;
			break;
		}
	}
3060
	css_task_iter_end(&it);
B
Balbir Singh 已提交
3061

3062
	mutex_unlock(&cgroup_mutex);
T
Tejun Heo 已提交
3063
	return 0;
B
Balbir Singh 已提交
3064 3065
}

3066

3067
/*
3068
 * seq_file methods for the tasks/procs files. The seq_file position is the
3069
 * next pid to display; the seq_file iterator is a pointer to the pid
3070
 * in the cgroup->l->list array.
3071
 */
3072

3073
static void *cgroup_pidlist_start(struct seq_file *s, loff_t *pos)
3074
{
3075 3076 3077 3078 3079 3080
	/*
	 * Initially we receive a position value that corresponds to
	 * one more than the last pid shown (or 0 on the first call or
	 * after a seek to the start). Use a binary-search to find the
	 * next pid to display, if any
	 */
T
Tejun Heo 已提交
3081
	struct kernfs_open_file *of = s->private;
3082
	struct cgroup *cgrp = seq_css(s)->cgroup;
3083
	struct cgroup_pidlist *l;
3084
	enum cgroup_filetype type = seq_cft(s)->private;
3085
	int index = 0, pid = *pos;
3086 3087 3088 3089 3090
	int *iter, ret;

	mutex_lock(&cgrp->pidlist_mutex);

	/*
3091
	 * !NULL @of->priv indicates that this isn't the first start()
3092
	 * after open.  If the matching pidlist is around, we can use that.
3093
	 * Look for it.  Note that @of->priv can't be used directly.  It
3094 3095
	 * could already have been destroyed.
	 */
3096 3097
	if (of->priv)
		of->priv = cgroup_pidlist_find(cgrp, type);
3098 3099 3100 3101 3102

	/*
	 * Either this is the first start() after open or the matching
	 * pidlist has been destroyed inbetween.  Create a new one.
	 */
3103 3104 3105
	if (!of->priv) {
		ret = pidlist_array_load(cgrp, type,
					 (struct cgroup_pidlist **)&of->priv);
3106 3107 3108
		if (ret)
			return ERR_PTR(ret);
	}
3109
	l = of->priv;
3110 3111

	if (pid) {
3112
		int end = l->length;
S
Stephen Rothwell 已提交
3113

3114 3115
		while (index < end) {
			int mid = (index + end) / 2;
3116
			if (cgroup_pid_fry(cgrp, l->list[mid]) == pid) {
3117 3118
				index = mid;
				break;
3119
			} else if (cgroup_pid_fry(cgrp, l->list[mid]) <= pid)
3120 3121 3122 3123 3124 3125
				index = mid + 1;
			else
				end = mid;
		}
	}
	/* If we're off the end of the array, we're done */
3126
	if (index >= l->length)
3127 3128
		return NULL;
	/* Update the abstract position to be the actual pid that we found */
3129
	iter = l->list + index;
3130
	*pos = cgroup_pid_fry(cgrp, *iter);
3131 3132 3133
	return iter;
}

3134
static void cgroup_pidlist_stop(struct seq_file *s, void *v)
3135
{
T
Tejun Heo 已提交
3136
	struct kernfs_open_file *of = s->private;
3137
	struct cgroup_pidlist *l = of->priv;
3138

3139 3140
	if (l)
		mod_delayed_work(cgroup_pidlist_destroy_wq, &l->destroy_dwork,
3141
				 CGROUP_PIDLIST_DESTROY_DELAY);
3142
	mutex_unlock(&seq_css(s)->cgroup->pidlist_mutex);
3143 3144
}

3145
static void *cgroup_pidlist_next(struct seq_file *s, void *v, loff_t *pos)
3146
{
T
Tejun Heo 已提交
3147
	struct kernfs_open_file *of = s->private;
3148
	struct cgroup_pidlist *l = of->priv;
3149 3150
	pid_t *p = v;
	pid_t *end = l->list + l->length;
3151 3152 3153 3154 3155 3156 3157 3158
	/*
	 * Advance to the next pid in the array. If this goes off the
	 * end, we're done
	 */
	p++;
	if (p >= end) {
		return NULL;
	} else {
3159
		*pos = cgroup_pid_fry(seq_css(s)->cgroup, *p);
3160 3161 3162 3163
		return p;
	}
}

3164
static int cgroup_pidlist_show(struct seq_file *s, void *v)
3165 3166 3167
{
	return seq_printf(s, "%d\n", *(int *)v);
}
3168

3169 3170 3171 3172 3173 3174 3175 3176 3177
/*
 * seq_operations functions for iterating on pidlists through seq_file -
 * independent of whether it's tasks or procs
 */
static const struct seq_operations cgroup_pidlist_seq_operations = {
	.start = cgroup_pidlist_start,
	.stop = cgroup_pidlist_stop,
	.next = cgroup_pidlist_next,
	.show = cgroup_pidlist_show,
3178 3179
};

3180 3181
static u64 cgroup_read_notify_on_release(struct cgroup_subsys_state *css,
					 struct cftype *cft)
3182
{
3183
	return notify_on_release(css->cgroup);
3184 3185
}

3186 3187
static int cgroup_write_notify_on_release(struct cgroup_subsys_state *css,
					  struct cftype *cft, u64 val)
3188
{
3189
	clear_bit(CGRP_RELEASABLE, &css->cgroup->flags);
3190
	if (val)
3191
		set_bit(CGRP_NOTIFY_ON_RELEASE, &css->cgroup->flags);
3192
	else
3193
		clear_bit(CGRP_NOTIFY_ON_RELEASE, &css->cgroup->flags);
3194 3195 3196
	return 0;
}

3197 3198
static u64 cgroup_clone_children_read(struct cgroup_subsys_state *css,
				      struct cftype *cft)
3199
{
3200
	return test_bit(CGRP_CPUSET_CLONE_CHILDREN, &css->cgroup->flags);
3201 3202
}

3203 3204
static int cgroup_clone_children_write(struct cgroup_subsys_state *css,
				       struct cftype *cft, u64 val)
3205 3206
{
	if (val)
3207
		set_bit(CGRP_CPUSET_CLONE_CHILDREN, &css->cgroup->flags);
3208
	else
3209
		clear_bit(CGRP_CPUSET_CLONE_CHILDREN, &css->cgroup->flags);
3210 3211 3212
	return 0;
}

3213
static struct cftype cgroup_base_files[] = {
3214
	{
3215
		.name = "cgroup.procs",
3216 3217 3218 3219
		.seq_start = cgroup_pidlist_start,
		.seq_next = cgroup_pidlist_next,
		.seq_stop = cgroup_pidlist_stop,
		.seq_show = cgroup_pidlist_show,
3220
		.private = CGROUP_FILE_PROCS,
B
Ben Blum 已提交
3221 3222
		.write_u64 = cgroup_procs_write,
		.mode = S_IRUGO | S_IWUSR,
3223
	},
3224 3225
	{
		.name = "cgroup.clone_children",
3226
		.flags = CFTYPE_INSANE,
3227 3228 3229
		.read_u64 = cgroup_clone_children_read,
		.write_u64 = cgroup_clone_children_write,
	},
3230 3231 3232
	{
		.name = "cgroup.sane_behavior",
		.flags = CFTYPE_ONLY_ON_ROOT,
3233
		.seq_show = cgroup_sane_behavior_show,
3234
	},
3235 3236 3237 3238 3239 3240 3241 3242 3243

	/*
	 * Historical crazy stuff.  These don't have "cgroup."  prefix and
	 * don't exist if sane_behavior.  If you're depending on these, be
	 * prepared to be burned.
	 */
	{
		.name = "tasks",
		.flags = CFTYPE_INSANE,		/* use "procs" instead */
3244 3245 3246 3247
		.seq_start = cgroup_pidlist_start,
		.seq_next = cgroup_pidlist_next,
		.seq_stop = cgroup_pidlist_stop,
		.seq_show = cgroup_pidlist_show,
3248
		.private = CGROUP_FILE_TASKS,
3249 3250 3251 3252 3253 3254 3255 3256 3257
		.write_u64 = cgroup_tasks_write,
		.mode = S_IRUGO | S_IWUSR,
	},
	{
		.name = "notify_on_release",
		.flags = CFTYPE_INSANE,
		.read_u64 = cgroup_read_notify_on_release,
		.write_u64 = cgroup_write_notify_on_release,
	},
3258 3259
	{
		.name = "release_agent",
3260
		.flags = CFTYPE_INSANE | CFTYPE_ONLY_ON_ROOT,
3261
		.seq_show = cgroup_release_agent_show,
3262
		.write_string = cgroup_release_agent_write,
3263
		.max_write_len = PATH_MAX - 1,
3264
	},
T
Tejun Heo 已提交
3265
	{ }	/* terminate */
3266 3267
};

3268
/**
3269
 * cgroup_populate_dir - create subsys files in a cgroup directory
3270 3271
 * @cgrp: target cgroup
 * @subsys_mask: mask of the subsystem ids whose files should be added
3272 3273
 *
 * On failure, no file is added.
3274
 */
3275
static int cgroup_populate_dir(struct cgroup *cgrp, unsigned long subsys_mask)
3276 3277
{
	struct cgroup_subsys *ss;
3278
	int i, ret = 0;
3279

3280
	/* process cftsets of each subsystem */
3281
	for_each_subsys(ss, i) {
T
Tejun Heo 已提交
3282
		struct cftype *cfts;
3283 3284

		if (!test_bit(i, &subsys_mask))
3285
			continue;
3286

T
Tejun Heo 已提交
3287 3288
		list_for_each_entry(cfts, &ss->cfts, node) {
			ret = cgroup_addrm_files(cgrp, cfts, true);
3289 3290 3291
			if (ret < 0)
				goto err;
		}
3292 3293
	}
	return 0;
3294 3295 3296
err:
	cgroup_clear_dir(cgrp, subsys_mask);
	return ret;
3297 3298
}

3299 3300 3301 3302 3303 3304 3305 3306 3307 3308 3309 3310 3311 3312 3313 3314 3315 3316 3317 3318 3319 3320
/*
 * css destruction is four-stage process.
 *
 * 1. Destruction starts.  Killing of the percpu_ref is initiated.
 *    Implemented in kill_css().
 *
 * 2. When the percpu_ref is confirmed to be visible as killed on all CPUs
 *    and thus css_tryget() is guaranteed to fail, the css can be offlined
 *    by invoking offline_css().  After offlining, the base ref is put.
 *    Implemented in css_killed_work_fn().
 *
 * 3. When the percpu_ref reaches zero, the only possible remaining
 *    accessors are inside RCU read sections.  css_release() schedules the
 *    RCU callback.
 *
 * 4. After the grace period, the css can be freed.  Implemented in
 *    css_free_work_fn().
 *
 * It is actually hairier because both step 2 and 4 require process context
 * and thus involve punting to css->destroy_work adding two additional
 * steps to the already complex sequence.
 */
3321
static void css_free_work_fn(struct work_struct *work)
3322 3323
{
	struct cgroup_subsys_state *css =
3324
		container_of(work, struct cgroup_subsys_state, destroy_work);
3325
	struct cgroup *cgrp = css->cgroup;
3326

3327 3328 3329
	if (css->parent)
		css_put(css->parent);

3330
	css->ss->css_free(css);
T
Tejun Heo 已提交
3331
	cgroup_put(cgrp);
3332 3333
}

3334
static void css_free_rcu_fn(struct rcu_head *rcu_head)
3335 3336
{
	struct cgroup_subsys_state *css =
3337
		container_of(rcu_head, struct cgroup_subsys_state, rcu_head);
3338

3339
	INIT_WORK(&css->destroy_work, css_free_work_fn);
3340
	queue_work(cgroup_destroy_wq, &css->destroy_work);
3341 3342
}

3343 3344 3345 3346 3347
static void css_release(struct percpu_ref *ref)
{
	struct cgroup_subsys_state *css =
		container_of(ref, struct cgroup_subsys_state, refcnt);

3348
	rcu_assign_pointer(css->cgroup->subsys[css->ss->id], NULL);
3349
	call_rcu(&css->rcu_head, css_free_rcu_fn);
3350 3351
}

3352 3353
static void init_css(struct cgroup_subsys_state *css, struct cgroup_subsys *ss,
		     struct cgroup *cgrp)
3354
{
3355
	css->cgroup = cgrp;
3356
	css->ss = ss;
3357
	css->flags = 0;
3358 3359

	if (cgrp->parent)
3360
		css->parent = cgroup_css(cgrp->parent, ss);
3361
	else
3362
		css->flags |= CSS_ROOT;
3363

3364
	BUG_ON(cgroup_css(cgrp, ss));
3365 3366
}

3367
/* invoke ->css_online() on a new CSS and mark it online if successful */
3368
static int online_css(struct cgroup_subsys_state *css)
3369
{
3370
	struct cgroup_subsys *ss = css->ss;
T
Tejun Heo 已提交
3371 3372
	int ret = 0;

T
Tejun Heo 已提交
3373
	lockdep_assert_held(&cgroup_tree_mutex);
3374 3375
	lockdep_assert_held(&cgroup_mutex);

3376
	if (ss->css_online)
3377
		ret = ss->css_online(css);
3378
	if (!ret) {
3379
		css->flags |= CSS_ONLINE;
3380
		css->cgroup->nr_css++;
3381
		rcu_assign_pointer(css->cgroup->subsys[ss->id], css);
3382
	}
T
Tejun Heo 已提交
3383
	return ret;
3384 3385
}

3386
/* if the CSS is online, invoke ->css_offline() on it and mark it offline */
3387
static void offline_css(struct cgroup_subsys_state *css)
3388
{
3389
	struct cgroup_subsys *ss = css->ss;
3390

T
Tejun Heo 已提交
3391
	lockdep_assert_held(&cgroup_tree_mutex);
3392 3393 3394 3395 3396
	lockdep_assert_held(&cgroup_mutex);

	if (!(css->flags & CSS_ONLINE))
		return;

3397
	if (ss->css_offline)
3398
		ss->css_offline(css);
3399

3400
	css->flags &= ~CSS_ONLINE;
3401
	css->cgroup->nr_css--;
3402
	RCU_INIT_POINTER(css->cgroup->subsys[ss->id], css);
3403 3404
}

3405 3406 3407 3408 3409 3410 3411 3412 3413 3414 3415 3416 3417 3418 3419 3420 3421 3422 3423 3424 3425 3426 3427 3428 3429 3430 3431
/**
 * create_css - create a cgroup_subsys_state
 * @cgrp: the cgroup new css will be associated with
 * @ss: the subsys of new css
 *
 * Create a new css associated with @cgrp - @ss pair.  On success, the new
 * css is online and installed in @cgrp with all interface files created.
 * Returns 0 on success, -errno on failure.
 */
static int create_css(struct cgroup *cgrp, struct cgroup_subsys *ss)
{
	struct cgroup *parent = cgrp->parent;
	struct cgroup_subsys_state *css;
	int err;

	lockdep_assert_held(&cgroup_mutex);

	css = ss->css_alloc(cgroup_css(parent, ss));
	if (IS_ERR(css))
		return PTR_ERR(css);

	err = percpu_ref_init(&css->refcnt, css_release);
	if (err)
		goto err_free;

	init_css(css, ss, cgrp);

3432
	err = cgroup_populate_dir(cgrp, 1 << ss->id);
3433 3434 3435 3436 3437 3438 3439
	if (err)
		goto err_free;

	err = online_css(css);
	if (err)
		goto err_free;

3440
	cgroup_get(cgrp);
3441 3442 3443 3444 3445 3446 3447 3448 3449 3450 3451 3452 3453 3454 3455 3456 3457 3458 3459
	css_get(css->parent);

	if (ss->broken_hierarchy && !ss->warned_broken_hierarchy &&
	    parent->parent) {
		pr_warning("cgroup: %s (%d) created nested cgroup for controller \"%s\" which has incomplete hierarchy support. Nested cgroups may change behavior in the future.\n",
			   current->comm, current->pid, ss->name);
		if (!strcmp(ss->name, "memory"))
			pr_warning("cgroup: \"memory\" requires setting use_hierarchy to 1 on the root.\n");
		ss->warned_broken_hierarchy = true;
	}

	return 0;

err_free:
	percpu_ref_cancel_init(&css->refcnt);
	ss->css_free(css);
	return err;
}

T
Tejun Heo 已提交
3460
/**
L
Li Zefan 已提交
3461 3462
 * cgroup_create - create a cgroup
 * @parent: cgroup that will be parent of the new cgroup
T
Tejun Heo 已提交
3463
 * @name: name of the new cgroup
T
Tejun Heo 已提交
3464
 * @mode: mode to set on new cgroup
3465
 */
T
Tejun Heo 已提交
3466
static long cgroup_create(struct cgroup *parent, const char *name,
T
Tejun Heo 已提交
3467
			  umode_t mode)
3468
{
3469
	struct cgroup *cgrp;
3470
	struct cgroupfs_root *root = parent->root;
3471
	int ssid, err;
3472
	struct cgroup_subsys *ss;
T
Tejun Heo 已提交
3473
	struct kernfs_node *kn;
3474

T
Tejun Heo 已提交
3475
	/* allocate the cgroup and its ID, 0 is reserved for the root */
3476 3477
	cgrp = kzalloc(sizeof(*cgrp), GFP_KERNEL);
	if (!cgrp)
3478 3479
		return -ENOMEM;

T
Tejun Heo 已提交
3480 3481
	mutex_lock(&cgroup_tree_mutex);

3482 3483 3484 3485 3486 3487 3488 3489 3490
	/*
	 * Only live parents can have children.  Note that the liveliness
	 * check isn't strictly necessary because cgroup_mkdir() and
	 * cgroup_rmdir() are fully synchronized by i_mutex; however, do it
	 * anyway so that locking is contained inside cgroup proper and we
	 * don't get nasty surprises if we ever grow another caller.
	 */
	if (!cgroup_lock_live_group(parent)) {
		err = -ENODEV;
T
Tejun Heo 已提交
3491
		goto err_unlock_tree;
3492 3493 3494 3495 3496 3497 3498 3499 3500 3501
	}

	/*
	 * Temporarily set the pointer to NULL, so idr_find() won't return
	 * a half-baked cgroup.
	 */
	cgrp->id = idr_alloc(&root->cgroup_idr, NULL, 1, 0, GFP_KERNEL);
	if (cgrp->id < 0) {
		err = -ENOMEM;
		goto err_unlock;
3502 3503
	}

3504
	init_cgroup_housekeeping(cgrp);
3505

3506
	cgrp->parent = parent;
3507
	cgrp->dummy_css.parent = &parent->dummy_css;
3508
	cgrp->root = parent->root;
3509

3510 3511 3512
	if (notify_on_release(parent))
		set_bit(CGRP_NOTIFY_ON_RELEASE, &cgrp->flags);

3513 3514
	if (test_bit(CGRP_CPUSET_CLONE_CHILDREN, &parent->flags))
		set_bit(CGRP_CPUSET_CLONE_CHILDREN, &cgrp->flags);
3515

T
Tejun Heo 已提交
3516
	/* create the directory */
T
Tejun Heo 已提交
3517
	kn = kernfs_create_dir(parent->kn, name, mode, cgrp);
T
Tejun Heo 已提交
3518 3519
	if (IS_ERR(kn)) {
		err = PTR_ERR(kn);
3520
		goto err_free_id;
T
Tejun Heo 已提交
3521 3522
	}
	cgrp->kn = kn;
3523

3524 3525 3526 3527 3528 3529
	/*
	 * This extra ref will be put in cgroup_free_fn() and guarantees
	 * that @cgrp->kn is always accessible.
	 */
	kernfs_get(kn);

3530
	cgrp->serial_nr = cgroup_serial_nr_next++;
3531

3532 3533
	/* allocation complete, commit to creation */
	list_add_tail_rcu(&cgrp->sibling, &cgrp->parent->children);
3534
	atomic_inc(&root->nr_cgrps);
3535
	cgroup_get(parent);
3536

3537 3538 3539 3540
	/*
	 * @cgrp is now fully operational.  If something fails after this
	 * point, it'll be released via the normal destruction path.
	 */
3541 3542
	idr_replace(&root->cgroup_idr, cgrp, cgrp->id);

3543
	err = cgroup_addrm_files(cgrp, cgroup_base_files, true);
3544 3545 3546
	if (err)
		goto err_destroy;

3547
	/* let's create and online css's */
T
Tejun Heo 已提交
3548 3549 3550 3551 3552 3553
	for_each_subsys(ss, ssid) {
		if (root->subsys_mask & (1 << ssid)) {
			err = create_css(cgrp, ss);
			if (err)
				goto err_destroy;
		}
3554
	}
3555

T
Tejun Heo 已提交
3556 3557
	kernfs_activate(kn);

3558
	mutex_unlock(&cgroup_mutex);
T
Tejun Heo 已提交
3559
	mutex_unlock(&cgroup_tree_mutex);
3560 3561 3562

	return 0;

T
Tejun Heo 已提交
3563
err_free_id:
3564
	idr_remove(&root->cgroup_idr, cgrp->id);
3565 3566
err_unlock:
	mutex_unlock(&cgroup_mutex);
T
Tejun Heo 已提交
3567 3568
err_unlock_tree:
	mutex_unlock(&cgroup_tree_mutex);
3569
	kfree(cgrp);
3570
	return err;
3571 3572 3573 3574

err_destroy:
	cgroup_destroy_locked(cgrp);
	mutex_unlock(&cgroup_mutex);
T
Tejun Heo 已提交
3575
	mutex_unlock(&cgroup_tree_mutex);
3576
	return err;
3577 3578
}

T
Tejun Heo 已提交
3579 3580
static int cgroup_mkdir(struct kernfs_node *parent_kn, const char *name,
			umode_t mode)
3581
{
T
Tejun Heo 已提交
3582
	struct cgroup *parent = parent_kn->priv;
3583

T
Tejun Heo 已提交
3584
	return cgroup_create(parent, name, mode);
3585 3586
}

3587 3588 3589 3590 3591
/*
 * This is called when the refcnt of a css is confirmed to be killed.
 * css_tryget() is now guaranteed to fail.
 */
static void css_killed_work_fn(struct work_struct *work)
3592
{
3593 3594 3595
	struct cgroup_subsys_state *css =
		container_of(work, struct cgroup_subsys_state, destroy_work);
	struct cgroup *cgrp = css->cgroup;
3596

T
Tejun Heo 已提交
3597
	mutex_lock(&cgroup_tree_mutex);
3598 3599
	mutex_lock(&cgroup_mutex);

3600 3601 3602 3603 3604 3605
	/*
	 * css_tryget() is guaranteed to fail now.  Tell subsystems to
	 * initate destruction.
	 */
	offline_css(css);

3606 3607 3608 3609 3610
	/*
	 * If @cgrp is marked dead, it's waiting for refs of all css's to
	 * be disabled before proceeding to the second phase of cgroup
	 * destruction.  If we are the last one, kick it off.
	 */
3611
	if (!cgrp->nr_css && cgroup_is_dead(cgrp))
3612 3613 3614
		cgroup_destroy_css_killed(cgrp);

	mutex_unlock(&cgroup_mutex);
T
Tejun Heo 已提交
3615
	mutex_unlock(&cgroup_tree_mutex);
3616 3617 3618 3619 3620 3621 3622 3623 3624

	/*
	 * Put the css refs from kill_css().  Each css holds an extra
	 * reference to the cgroup's dentry and cgroup removal proceeds
	 * regardless of css refs.  On the last put of each css, whenever
	 * that may be, the extra dentry ref is put so that dentry
	 * destruction happens only after all css's are released.
	 */
	css_put(css);
3625 3626
}

3627 3628
/* css kill confirmation processing requires process context, bounce */
static void css_killed_ref_fn(struct percpu_ref *ref)
3629 3630 3631 3632
{
	struct cgroup_subsys_state *css =
		container_of(ref, struct cgroup_subsys_state, refcnt);

3633
	INIT_WORK(&css->destroy_work, css_killed_work_fn);
3634
	queue_work(cgroup_destroy_wq, &css->destroy_work);
3635 3636
}

T
Tejun Heo 已提交
3637 3638 3639 3640
/**
 * kill_css - destroy a css
 * @css: css to destroy
 *
3641 3642 3643 3644
 * This function initiates destruction of @css by removing cgroup interface
 * files and putting its base reference.  ->css_offline() will be invoked
 * asynchronously once css_tryget() is guaranteed to fail and when the
 * reference count reaches zero, @css will be released.
T
Tejun Heo 已提交
3645 3646 3647
 */
static void kill_css(struct cgroup_subsys_state *css)
{
T
Tejun Heo 已提交
3648 3649 3650 3651
	/*
	 * This must happen before css is disassociated with its cgroup.
	 * See seq_css() for details.
	 */
3652
	cgroup_clear_dir(css->cgroup, 1 << css->ss->id);
3653

T
Tejun Heo 已提交
3654 3655 3656 3657 3658 3659 3660 3661 3662 3663 3664 3665 3666 3667 3668 3669 3670
	/*
	 * Killing would put the base ref, but we need to keep it alive
	 * until after ->css_offline().
	 */
	css_get(css);

	/*
	 * cgroup core guarantees that, by the time ->css_offline() is
	 * invoked, no new css reference will be given out via
	 * css_tryget().  We can't simply call percpu_ref_kill() and
	 * proceed to offlining css's because percpu_ref_kill() doesn't
	 * guarantee that the ref is seen as killed on all CPUs on return.
	 *
	 * Use percpu_ref_kill_and_confirm() to get notifications as each
	 * css is confirmed to be seen as killed on all CPUs.
	 */
	percpu_ref_kill_and_confirm(&css->refcnt, css_killed_ref_fn);
3671 3672 3673 3674 3675 3676 3677 3678 3679 3680 3681 3682 3683 3684 3685 3686 3687 3688 3689 3690 3691 3692 3693 3694 3695 3696
}

/**
 * cgroup_destroy_locked - the first stage of cgroup destruction
 * @cgrp: cgroup to be destroyed
 *
 * css's make use of percpu refcnts whose killing latency shouldn't be
 * exposed to userland and are RCU protected.  Also, cgroup core needs to
 * guarantee that css_tryget() won't succeed by the time ->css_offline() is
 * invoked.  To satisfy all the requirements, destruction is implemented in
 * the following two steps.
 *
 * s1. Verify @cgrp can be destroyed and mark it dying.  Remove all
 *     userland visible parts and start killing the percpu refcnts of
 *     css's.  Set up so that the next stage will be kicked off once all
 *     the percpu refcnts are confirmed to be killed.
 *
 * s2. Invoke ->css_offline(), mark the cgroup dead and proceed with the
 *     rest of destruction.  Once all cgroup references are gone, the
 *     cgroup is RCU-freed.
 *
 * This function implements s1.  After this step, @cgrp is gone as far as
 * the userland is concerned and a new cgroup with the same name may be
 * created.  As cgroup doesn't care about the names internally, this
 * doesn't cause any problem.
 */
3697 3698
static int cgroup_destroy_locked(struct cgroup *cgrp)
	__releases(&cgroup_mutex) __acquires(&cgroup_mutex)
3699
{
3700
	struct cgroup *child;
T
Tejun Heo 已提交
3701
	struct cgroup_subsys_state *css;
3702
	bool empty;
T
Tejun Heo 已提交
3703
	int ssid;
3704

T
Tejun Heo 已提交
3705
	lockdep_assert_held(&cgroup_tree_mutex);
3706 3707
	lockdep_assert_held(&cgroup_mutex);

3708
	/*
3709
	 * css_set_rwsem synchronizes access to ->cset_links and prevents
3710
	 * @cgrp from being removed while put_css_set() is in progress.
3711
	 */
3712
	down_read(&css_set_rwsem);
3713
	empty = list_empty(&cgrp->cset_links);
3714
	up_read(&css_set_rwsem);
3715
	if (!empty)
3716
		return -EBUSY;
L
Li Zefan 已提交
3717

3718 3719 3720 3721 3722 3723 3724 3725 3726 3727 3728 3729 3730 3731 3732 3733
	/*
	 * Make sure there's no live children.  We can't test ->children
	 * emptiness as dead children linger on it while being destroyed;
	 * otherwise, "rmdir parent/child parent" may fail with -EBUSY.
	 */
	empty = true;
	rcu_read_lock();
	list_for_each_entry_rcu(child, &cgrp->children, sibling) {
		empty = cgroup_is_dead(child);
		if (!empty)
			break;
	}
	rcu_read_unlock();
	if (!empty)
		return -EBUSY;

3734
	/*
T
Tejun Heo 已提交
3735 3736
	 * Initiate massacre of all css's.  cgroup_destroy_css_killed()
	 * will be invoked to perform the rest of destruction once the
3737 3738
	 * percpu refs of all css's are confirmed to be killed.  This
	 * involves removing the subsystem's files, drop cgroup_mutex.
3739
	 */
3740
	mutex_unlock(&cgroup_mutex);
T
Tejun Heo 已提交
3741 3742
	for_each_css(css, ssid, cgrp)
		kill_css(css);
3743
	mutex_lock(&cgroup_mutex);
3744 3745 3746 3747

	/*
	 * Mark @cgrp dead.  This prevents further task migration and child
	 * creation by disabling cgroup_lock_live_group().  Note that
3748
	 * CGRP_DEAD assertion is depended upon by css_next_child() to
3749
	 * resume iteration after dropping RCU read lock.  See
3750
	 * css_next_child() for details.
3751
	 */
3752
	set_bit(CGRP_DEAD, &cgrp->flags);
3753

3754 3755 3756 3757 3758 3759 3760
	/* CGRP_DEAD is set, remove from ->release_list for the last time */
	raw_spin_lock(&release_list_lock);
	if (!list_empty(&cgrp->release_list))
		list_del_init(&cgrp->release_list);
	raw_spin_unlock(&release_list_lock);

	/*
3761 3762 3763 3764 3765 3766 3767 3768
	 * If @cgrp has css's attached, the second stage of cgroup
	 * destruction is kicked off from css_killed_work_fn() after the
	 * refs of all attached css's are killed.  If @cgrp doesn't have
	 * any css, we kick it off here.
	 */
	if (!cgrp->nr_css)
		cgroup_destroy_css_killed(cgrp);

T
Tejun Heo 已提交
3769 3770 3771
	/* remove @cgrp directory along with the base files */
	mutex_unlock(&cgroup_mutex);

3772
	/*
T
Tejun Heo 已提交
3773 3774 3775 3776 3777
	 * There are two control paths which try to determine cgroup from
	 * dentry without going through kernfs - cgroupstats_build() and
	 * css_tryget_from_dir().  Those are supported by RCU protecting
	 * clearing of cgrp->kn->priv backpointer, which should happen
	 * after all files under it have been removed.
3778
	 */
3779
	kernfs_remove(cgrp->kn);	/* @cgrp has an extra ref on its kn */
T
Tejun Heo 已提交
3780 3781
	RCU_INIT_POINTER(*(void __rcu __force **)&cgrp->kn->priv, NULL);

3782
	mutex_lock(&cgroup_mutex);
3783

3784 3785 3786
	return 0;
};

3787
/**
3788
 * cgroup_destroy_css_killed - the second step of cgroup destruction
3789 3790 3791
 * @work: cgroup->destroy_free_work
 *
 * This function is invoked from a work item for a cgroup which is being
3792 3793 3794
 * destroyed after all css's are offlined and performs the rest of
 * destruction.  This is the second step of destruction described in the
 * comment above cgroup_destroy_locked().
3795
 */
3796
static void cgroup_destroy_css_killed(struct cgroup *cgrp)
3797 3798 3799
{
	struct cgroup *parent = cgrp->parent;

T
Tejun Heo 已提交
3800
	lockdep_assert_held(&cgroup_tree_mutex);
3801
	lockdep_assert_held(&cgroup_mutex);
3802

3803
	/* delete this cgroup from parent->children */
3804
	list_del_rcu(&cgrp->sibling);
3805

3806
	cgroup_put(cgrp);
3807

3808
	set_bit(CGRP_RELEASABLE, &parent->flags);
3809
	check_for_release(parent);
3810 3811
}

T
Tejun Heo 已提交
3812
static int cgroup_rmdir(struct kernfs_node *kn)
3813
{
T
Tejun Heo 已提交
3814 3815 3816 3817 3818 3819 3820 3821 3822 3823 3824
	struct cgroup *cgrp = kn->priv;
	int ret = 0;

	/*
	 * This is self-destruction but @kn can't be removed while this
	 * callback is in progress.  Let's break active protection.  Once
	 * the protection is broken, @cgrp can be destroyed at any point.
	 * Pin it so that it stays accessible.
	 */
	cgroup_get(cgrp);
	kernfs_break_active_protection(kn);
3825

T
Tejun Heo 已提交
3826
	mutex_lock(&cgroup_tree_mutex);
3827
	mutex_lock(&cgroup_mutex);
T
Tejun Heo 已提交
3828 3829 3830 3831 3832 3833 3834 3835

	/*
	 * @cgrp might already have been destroyed while we're trying to
	 * grab the mutexes.
	 */
	if (!cgroup_is_dead(cgrp))
		ret = cgroup_destroy_locked(cgrp);

3836
	mutex_unlock(&cgroup_mutex);
T
Tejun Heo 已提交
3837
	mutex_unlock(&cgroup_tree_mutex);
3838

T
Tejun Heo 已提交
3839 3840
	kernfs_unbreak_active_protection(kn);
	cgroup_put(cgrp);
3841 3842 3843
	return ret;
}

T
Tejun Heo 已提交
3844 3845 3846 3847 3848 3849 3850 3851
static struct kernfs_syscall_ops cgroup_kf_syscall_ops = {
	.remount_fs		= cgroup_remount,
	.show_options		= cgroup_show_options,
	.mkdir			= cgroup_mkdir,
	.rmdir			= cgroup_rmdir,
	.rename			= cgroup_rename,
};

3852
static void __init cgroup_init_subsys(struct cgroup_subsys *ss)
3853 3854
{
	struct cgroup_subsys_state *css;
D
Diego Calleja 已提交
3855 3856

	printk(KERN_INFO "Initializing cgroup subsys %s\n", ss->name);
3857

T
Tejun Heo 已提交
3858
	mutex_lock(&cgroup_tree_mutex);
3859 3860
	mutex_lock(&cgroup_mutex);

T
Tejun Heo 已提交
3861
	INIT_LIST_HEAD(&ss->cfts);
3862

3863
	/* Create the top cgroup state for this subsystem */
3864
	ss->root = &cgroup_dummy_root;
3865
	css = ss->css_alloc(cgroup_css(cgroup_dummy_top, ss));
3866 3867
	/* We don't handle early failures gracefully */
	BUG_ON(IS_ERR(css));
3868
	init_css(css, ss, cgroup_dummy_top);
3869

L
Li Zefan 已提交
3870
	/* Update the init_css_set to contain a subsys
3871
	 * pointer to this state - since the subsystem is
L
Li Zefan 已提交
3872 3873
	 * newly registered, all tasks and hence the
	 * init_css_set is in the subsystem's top cgroup. */
3874
	init_css_set.subsys[ss->id] = css;
3875 3876 3877

	need_forkexit_callback |= ss->fork || ss->exit;

L
Li Zefan 已提交
3878 3879 3880 3881 3882
	/* At system boot, before all subsystems have been
	 * registered, no tasks have been forked, so we don't
	 * need to invoke fork callbacks here. */
	BUG_ON(!list_empty(&init_task.tasks));

3883
	BUG_ON(online_css(css));
3884

3885
	mutex_unlock(&cgroup_mutex);
T
Tejun Heo 已提交
3886
	mutex_unlock(&cgroup_tree_mutex);
3887 3888
}

3889
/**
L
Li Zefan 已提交
3890 3891 3892 3893
 * cgroup_init_early - cgroup initialization at system boot
 *
 * Initialize cgroups at system boot, and initialize any
 * subsystems that request early init.
3894 3895 3896
 */
int __init cgroup_init_early(void)
{
3897
	struct cgroup_subsys *ss;
3898
	int i;
3899

3900
	atomic_set(&init_css_set.refcount, 1);
3901
	INIT_LIST_HEAD(&init_css_set.cgrp_links);
3902
	INIT_LIST_HEAD(&init_css_set.tasks);
3903 3904
	INIT_LIST_HEAD(&init_css_set.mg_tasks);
	INIT_LIST_HEAD(&init_css_set.mg_node);
3905
	INIT_HLIST_NODE(&init_css_set.hlist);
3906
	css_set_count = 1;
3907 3908
	init_cgroup_root(&cgroup_dummy_root);
	cgroup_root_count = 1;
3909
	RCU_INIT_POINTER(init_task.cgroups, &init_css_set);
3910

3911
	init_cgrp_cset_link.cset = &init_css_set;
3912 3913
	init_cgrp_cset_link.cgrp = cgroup_dummy_top;
	list_add(&init_cgrp_cset_link.cset_link, &cgroup_dummy_top->cset_links);
3914
	list_add(&init_cgrp_cset_link.cgrp_link, &init_css_set.cgrp_links);
3915

T
Tejun Heo 已提交
3916
	for_each_subsys(ss, i) {
3917
		WARN(!ss->css_alloc || !ss->css_free || ss->name || ss->id,
3918 3919
		     "invalid cgroup_subsys %d:%s css_alloc=%p css_free=%p name:id=%d:%s\n",
		     i, cgroup_subsys_name[i], ss->css_alloc, ss->css_free,
3920
		     ss->id, ss->name);
3921 3922 3923
		WARN(strlen(cgroup_subsys_name[i]) > MAX_CGROUP_TYPE_NAMELEN,
		     "cgroup_subsys_name %s too long\n", cgroup_subsys_name[i]);

3924
		ss->id = i;
3925
		ss->name = cgroup_subsys_name[i];
3926 3927 3928 3929 3930 3931 3932 3933

		if (ss->early_init)
			cgroup_init_subsys(ss);
	}
	return 0;
}

/**
L
Li Zefan 已提交
3934 3935 3936 3937
 * cgroup_init - cgroup initialization
 *
 * Register cgroup filesystem and /proc file, and initialize
 * any subsystems that didn't request early init.
3938 3939 3940
 */
int __init cgroup_init(void)
{
3941
	struct cgroup_subsys *ss;
3942
	unsigned long key;
3943
	int i, err;
3944

T
Tejun Heo 已提交
3945
	BUG_ON(cgroup_init_cftypes(NULL, cgroup_base_files));
3946

T
Tejun Heo 已提交
3947
	for_each_subsys(ss, i) {
3948 3949
		if (!ss->early_init)
			cgroup_init_subsys(ss);
3950 3951 3952 3953 3954 3955 3956

		/*
		 * cftype registration needs kmalloc and can't be done
		 * during early_init.  Register base cftypes separately.
		 */
		if (ss->base_cftypes)
			WARN_ON(cgroup_add_cftypes(ss, ss->base_cftypes));
3957 3958
	}

3959
	/* allocate id for the dummy hierarchy */
T
Tejun Heo 已提交
3960 3961
	mutex_lock(&cgroup_mutex);

3962 3963 3964 3965
	/* Add init_css_set to the hash table */
	key = css_set_hash(init_css_set.subsys);
	hash_add(css_set_table, &init_css_set.hlist, key);

3966
	BUG_ON(cgroup_init_root_id(&cgroup_dummy_root, 0, 1));
3967

3968 3969 3970 3971
	err = idr_alloc(&cgroup_dummy_root.cgroup_idr, cgroup_dummy_top,
			0, 1, GFP_KERNEL);
	BUG_ON(err < 0);

T
Tejun Heo 已提交
3972 3973
	mutex_unlock(&cgroup_mutex);

3974
	cgroup_kobj = kobject_create_and_add("cgroup", fs_kobj);
T
Tejun Heo 已提交
3975 3976
	if (!cgroup_kobj)
		return -ENOMEM;
3977

3978
	err = register_filesystem(&cgroup_fs_type);
3979 3980
	if (err < 0) {
		kobject_put(cgroup_kobj);
T
Tejun Heo 已提交
3981
		return err;
3982
	}
3983

L
Li Zefan 已提交
3984
	proc_create("cgroups", 0, NULL, &proc_cgroupstats_operations);
T
Tejun Heo 已提交
3985
	return 0;
3986
}
3987

3988 3989 3990 3991 3992
static int __init cgroup_wq_init(void)
{
	/*
	 * There isn't much point in executing destruction path in
	 * parallel.  Good chunk is serialized with cgroup_mutex anyway.
3993
	 * Use 1 for @max_active.
3994 3995 3996 3997
	 *
	 * We would prefer to do this in cgroup_init() above, but that
	 * is called before init_workqueues(): so leave this until after.
	 */
3998
	cgroup_destroy_wq = alloc_workqueue("cgroup_destroy", 0, 1);
3999
	BUG_ON(!cgroup_destroy_wq);
4000 4001 4002 4003 4004 4005 4006 4007 4008

	/*
	 * Used to destroy pidlists and separate to serve as flush domain.
	 * Cap @max_active to 1 too.
	 */
	cgroup_pidlist_destroy_wq = alloc_workqueue("cgroup_pidlist_destroy",
						    0, 1);
	BUG_ON(!cgroup_pidlist_destroy_wq);

4009 4010 4011 4012
	return 0;
}
core_initcall(cgroup_wq_init);

4013 4014 4015 4016 4017 4018
/*
 * proc_cgroup_show()
 *  - Print task's cgroup paths into seq_file, one line for each hierarchy
 *  - Used for /proc/<pid>/cgroup.
 *  - No need to task_lock(tsk) on this tsk->cgroup reference, as it
 *    doesn't really matter if tsk->cgroup changes after we read it,
4019
 *    and we take cgroup_mutex, keeping cgroup_attach_task() from changing it
4020 4021 4022 4023 4024 4025
 *    anyway.  No need to check that tsk->cgroup != NULL, thanks to
 *    the_top_cgroup_hack in cgroup_exit(), which sets an exiting tasks
 *    cgroup to top_cgroup.
 */

/* TODO: Use a proper seq_file iterator */
4026
int proc_cgroup_show(struct seq_file *m, void *v)
4027 4028 4029
{
	struct pid *pid;
	struct task_struct *tsk;
T
Tejun Heo 已提交
4030
	char *buf, *path;
4031 4032 4033 4034
	int retval;
	struct cgroupfs_root *root;

	retval = -ENOMEM;
T
Tejun Heo 已提交
4035
	buf = kmalloc(PATH_MAX, GFP_KERNEL);
4036 4037 4038 4039 4040 4041 4042 4043 4044 4045 4046 4047
	if (!buf)
		goto out;

	retval = -ESRCH;
	pid = m->private;
	tsk = get_pid_task(pid, PIDTYPE_PID);
	if (!tsk)
		goto out_free;

	retval = 0;

	mutex_lock(&cgroup_mutex);
4048
	down_read(&css_set_rwsem);
4049

4050
	for_each_active_root(root) {
4051
		struct cgroup_subsys *ss;
4052
		struct cgroup *cgrp;
T
Tejun Heo 已提交
4053
		int ssid, count = 0;
4054

4055
		seq_printf(m, "%d:", root->hierarchy_id);
T
Tejun Heo 已提交
4056 4057 4058
		for_each_subsys(ss, ssid)
			if (root->subsys_mask & (1 << ssid))
				seq_printf(m, "%s%s", count++ ? "," : "", ss->name);
4059 4060 4061
		if (strlen(root->name))
			seq_printf(m, "%sname=%s", count ? "," : "",
				   root->name);
4062
		seq_putc(m, ':');
4063
		cgrp = task_cgroup_from_root(tsk, root);
T
Tejun Heo 已提交
4064 4065 4066
		path = cgroup_path(cgrp, buf, PATH_MAX);
		if (!path) {
			retval = -ENAMETOOLONG;
4067
			goto out_unlock;
T
Tejun Heo 已提交
4068 4069
		}
		seq_puts(m, path);
4070 4071 4072 4073
		seq_putc(m, '\n');
	}

out_unlock:
4074
	up_read(&css_set_rwsem);
4075 4076 4077 4078 4079 4080 4081 4082 4083 4084 4085
	mutex_unlock(&cgroup_mutex);
	put_task_struct(tsk);
out_free:
	kfree(buf);
out:
	return retval;
}

/* Display information about each subsystem and each hierarchy */
static int proc_cgroupstats_show(struct seq_file *m, void *v)
{
4086
	struct cgroup_subsys *ss;
4087 4088
	int i;

4089
	seq_puts(m, "#subsys_name\thierarchy\tnum_cgroups\tenabled\n");
B
Ben Blum 已提交
4090 4091 4092 4093 4094
	/*
	 * ideally we don't want subsystems moving around while we do this.
	 * cgroup_mutex is also necessary to guarantee an atomic snapshot of
	 * subsys/hierarchy state.
	 */
4095
	mutex_lock(&cgroup_mutex);
4096 4097

	for_each_subsys(ss, i)
4098 4099
		seq_printf(m, "%s\t%d\t%d\t%d\n",
			   ss->name, ss->root->hierarchy_id,
4100
			   atomic_read(&ss->root->nr_cgrps), !ss->disabled);
4101

4102 4103 4104 4105 4106 4107
	mutex_unlock(&cgroup_mutex);
	return 0;
}

static int cgroupstats_open(struct inode *inode, struct file *file)
{
A
Al Viro 已提交
4108
	return single_open(file, proc_cgroupstats_show, NULL);
4109 4110
}

4111
static const struct file_operations proc_cgroupstats_operations = {
4112 4113 4114 4115 4116 4117
	.open = cgroupstats_open,
	.read = seq_read,
	.llseek = seq_lseek,
	.release = single_release,
};

4118 4119
/**
 * cgroup_fork - attach newly forked task to its parents cgroup.
L
Li Zefan 已提交
4120
 * @child: pointer to task_struct of forking parent process.
4121 4122 4123 4124 4125
 *
 * Description: A task inherits its parent's cgroup at fork().
 *
 * A pointer to the shared css_set was automatically copied in
 * fork.c by dup_task_struct().  However, we ignore that copy, since
4126 4127 4128 4129
 * it was not made under the protection of RCU or cgroup_mutex, so
 * might no longer be a valid cgroup pointer.  cgroup_attach_task() might
 * have already changed current->cgroups, allowing the previously
 * referenced cgroup group to be removed and freed.
4130 4131 4132 4133 4134 4135
 *
 * At the point that cgroup_fork() is called, 'current' is the parent
 * task, and the passed argument 'child' points to the child task.
 */
void cgroup_fork(struct task_struct *child)
{
4136
	task_lock(current);
4137
	get_css_set(task_css_set(current));
4138
	child->cgroups = current->cgroups;
4139
	task_unlock(current);
4140
	INIT_LIST_HEAD(&child->cg_list);
4141 4142
}

4143
/**
L
Li Zefan 已提交
4144 4145 4146
 * cgroup_post_fork - called on a new task after adding it to the task list
 * @child: the task in question
 *
4147 4148 4149
 * Adds the task to the list running through its css_set if necessary and
 * call the subsystem fork() callbacks.  Has to be after the task is
 * visible on the task list in case we race with the first call to
4150
 * cgroup_task_iter_start() - to guarantee that the new task ends up on its
4151
 * list.
L
Li Zefan 已提交
4152
 */
4153 4154
void cgroup_post_fork(struct task_struct *child)
{
4155
	struct cgroup_subsys *ss;
4156 4157
	int i;

4158 4159 4160 4161 4162 4163 4164 4165 4166 4167 4168
	/*
	 * use_task_css_set_links is set to 1 before we walk the tasklist
	 * under the tasklist_lock and we read it here after we added the child
	 * to the tasklist under the tasklist_lock as well. If the child wasn't
	 * yet in the tasklist when we walked through it from
	 * cgroup_enable_task_cg_lists(), then use_task_css_set_links value
	 * should be visible now due to the paired locking and barriers implied
	 * by LOCK/UNLOCK: it is written before the tasklist_lock unlock
	 * in cgroup_enable_task_cg_lists() and read here after the tasklist_lock
	 * lock on fork.
	 */
4169
	if (use_task_css_set_links) {
4170
		down_write(&css_set_rwsem);
4171 4172
		task_lock(child);
		if (list_empty(&child->cg_list))
4173
			list_add(&child->cg_list, &task_css_set(child)->tasks);
4174
		task_unlock(child);
4175
		up_write(&css_set_rwsem);
4176
	}
4177 4178 4179 4180 4181 4182 4183

	/*
	 * Call ss->fork().  This must happen after @child is linked on
	 * css_set; otherwise, @child might change state between ->fork()
	 * and addition to css_set.
	 */
	if (need_forkexit_callback) {
T
Tejun Heo 已提交
4184
		for_each_subsys(ss, i)
4185 4186 4187
			if (ss->fork)
				ss->fork(child);
	}
4188
}
4189

4190 4191 4192
/**
 * cgroup_exit - detach cgroup from exiting task
 * @tsk: pointer to task_struct of exiting process
L
Li Zefan 已提交
4193
 * @run_callback: run exit callbacks?
4194 4195 4196 4197 4198 4199 4200 4201 4202 4203 4204 4205 4206 4207 4208 4209 4210 4211 4212 4213 4214 4215 4216 4217 4218 4219 4220 4221
 *
 * Description: Detach cgroup from @tsk and release it.
 *
 * Note that cgroups marked notify_on_release force every task in
 * them to take the global cgroup_mutex mutex when exiting.
 * This could impact scaling on very large systems.  Be reluctant to
 * use notify_on_release cgroups where very high task exit scaling
 * is required on large systems.
 *
 * the_top_cgroup_hack:
 *
 *    Set the exiting tasks cgroup to the root cgroup (top_cgroup).
 *
 *    We call cgroup_exit() while the task is still competent to
 *    handle notify_on_release(), then leave the task attached to the
 *    root cgroup in each hierarchy for the remainder of its exit.
 *
 *    To do this properly, we would increment the reference count on
 *    top_cgroup, and near the very end of the kernel/exit.c do_exit()
 *    code we would add a second cgroup function call, to drop that
 *    reference.  This would just create an unnecessary hot spot on
 *    the top_cgroup reference count, to no avail.
 *
 *    Normally, holding a reference to a cgroup without bumping its
 *    count is unsafe.   The cgroup could go away, or someone could
 *    attach us to a different cgroup, decrementing the count on
 *    the first cgroup that we never incremented.  But in this case,
 *    top_cgroup isn't going away, and either task has PF_EXITING set,
4222 4223
 *    which wards off any cgroup_attach_task() attempts, or task is a failed
 *    fork, never visible to cgroup_attach_task.
4224 4225 4226
 */
void cgroup_exit(struct task_struct *tsk, int run_callbacks)
{
4227
	struct cgroup_subsys *ss;
4228
	struct css_set *cset;
4229
	int i;
4230 4231

	/*
4232 4233
	 * Unlink from the css_set task list if necessary.  Optimistically
	 * check cg_list before taking css_set_rwsem.
4234 4235
	 */
	if (!list_empty(&tsk->cg_list)) {
4236
		down_write(&css_set_rwsem);
4237
		if (!list_empty(&tsk->cg_list))
4238
			list_del_init(&tsk->cg_list);
4239
		up_write(&css_set_rwsem);
4240 4241
	}

4242 4243
	/* Reassign the task to the init_css_set. */
	task_lock(tsk);
4244 4245
	cset = task_css_set(tsk);
	RCU_INIT_POINTER(tsk->cgroups, &init_css_set);
4246 4247

	if (run_callbacks && need_forkexit_callback) {
T
Tejun Heo 已提交
4248 4249
		/* see cgroup_post_fork() for details */
		for_each_subsys(ss, i) {
4250
			if (ss->exit) {
4251 4252
				struct cgroup_subsys_state *old_css = cset->subsys[i];
				struct cgroup_subsys_state *css = task_css(tsk, i);
4253

4254
				ss->exit(css, old_css, tsk);
4255 4256 4257
			}
		}
	}
4258
	task_unlock(tsk);
4259

4260
	put_css_set(cset, true);
4261
}
4262

4263
static void check_for_release(struct cgroup *cgrp)
4264
{
4265
	if (cgroup_is_releasable(cgrp) &&
T
Tejun Heo 已提交
4266
	    list_empty(&cgrp->cset_links) && list_empty(&cgrp->children)) {
4267 4268
		/*
		 * Control Group is currently removeable. If it's not
4269
		 * already queued for a userspace notification, queue
4270 4271
		 * it now
		 */
4272
		int need_schedule_work = 0;
4273

4274
		raw_spin_lock(&release_list_lock);
4275
		if (!cgroup_is_dead(cgrp) &&
4276 4277
		    list_empty(&cgrp->release_list)) {
			list_add(&cgrp->release_list, &release_list);
4278 4279
			need_schedule_work = 1;
		}
4280
		raw_spin_unlock(&release_list_lock);
4281 4282 4283 4284 4285 4286 4287 4288 4289 4290 4291 4292 4293 4294 4295 4296 4297 4298 4299 4300 4301 4302 4303 4304 4305 4306 4307 4308 4309 4310 4311 4312
		if (need_schedule_work)
			schedule_work(&release_agent_work);
	}
}

/*
 * Notify userspace when a cgroup is released, by running the
 * configured release agent with the name of the cgroup (path
 * relative to the root of cgroup file system) as the argument.
 *
 * Most likely, this user command will try to rmdir this cgroup.
 *
 * This races with the possibility that some other task will be
 * attached to this cgroup before it is removed, or that some other
 * user task will 'mkdir' a child cgroup of this cgroup.  That's ok.
 * The presumed 'rmdir' will fail quietly if this cgroup is no longer
 * unused, and this cgroup will be reprieved from its death sentence,
 * to continue to serve a useful existence.  Next time it's released,
 * we will get notified again, if it still has 'notify_on_release' set.
 *
 * The final arg to call_usermodehelper() is UMH_WAIT_EXEC, which
 * means only wait until the task is successfully execve()'d.  The
 * separate release agent task is forked by call_usermodehelper(),
 * then control in this thread returns here, without waiting for the
 * release agent task.  We don't bother to wait because the caller of
 * this routine has no use for the exit status of the release agent
 * task, so no sense holding our caller up for that.
 */
static void cgroup_release_agent(struct work_struct *work)
{
	BUG_ON(work != &release_agent_work);
	mutex_lock(&cgroup_mutex);
4313
	raw_spin_lock(&release_list_lock);
4314 4315 4316
	while (!list_empty(&release_list)) {
		char *argv[3], *envp[3];
		int i;
T
Tejun Heo 已提交
4317
		char *pathbuf = NULL, *agentbuf = NULL, *path;
4318
		struct cgroup *cgrp = list_entry(release_list.next,
4319 4320
						    struct cgroup,
						    release_list);
4321
		list_del_init(&cgrp->release_list);
4322
		raw_spin_unlock(&release_list_lock);
T
Tejun Heo 已提交
4323
		pathbuf = kmalloc(PATH_MAX, GFP_KERNEL);
4324 4325
		if (!pathbuf)
			goto continue_free;
T
Tejun Heo 已提交
4326 4327
		path = cgroup_path(cgrp, pathbuf, PATH_MAX);
		if (!path)
4328 4329 4330 4331
			goto continue_free;
		agentbuf = kstrdup(cgrp->root->release_agent_path, GFP_KERNEL);
		if (!agentbuf)
			goto continue_free;
4332 4333

		i = 0;
4334
		argv[i++] = agentbuf;
T
Tejun Heo 已提交
4335
		argv[i++] = path;
4336 4337 4338 4339 4340 4341 4342 4343 4344 4345 4346 4347 4348 4349
		argv[i] = NULL;

		i = 0;
		/* minimal command environment */
		envp[i++] = "HOME=/";
		envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
		envp[i] = NULL;

		/* Drop the lock while we invoke the usermode helper,
		 * since the exec could involve hitting disk and hence
		 * be a slow process */
		mutex_unlock(&cgroup_mutex);
		call_usermodehelper(argv[0], argv, envp, UMH_WAIT_EXEC);
		mutex_lock(&cgroup_mutex);
4350 4351 4352
 continue_free:
		kfree(pathbuf);
		kfree(agentbuf);
4353
		raw_spin_lock(&release_list_lock);
4354
	}
4355
	raw_spin_unlock(&release_list_lock);
4356 4357
	mutex_unlock(&cgroup_mutex);
}
4358 4359 4360

static int __init cgroup_disable(char *str)
{
4361
	struct cgroup_subsys *ss;
4362
	char *token;
4363
	int i;
4364 4365 4366 4367

	while ((token = strsep(&str, ",")) != NULL) {
		if (!*token)
			continue;
4368

T
Tejun Heo 已提交
4369
		for_each_subsys(ss, i) {
4370 4371 4372 4373 4374 4375 4376 4377 4378 4379 4380
			if (!strcmp(token, ss->name)) {
				ss->disabled = 1;
				printk(KERN_INFO "Disabling %s control group"
					" subsystem\n", ss->name);
				break;
			}
		}
	}
	return 1;
}
__setup("cgroup_disable=", cgroup_disable);
K
KAMEZAWA Hiroyuki 已提交
4381

4382
/**
4383
 * css_tryget_from_dir - get corresponding css from the dentry of a cgroup dir
4384 4385
 * @dentry: directory dentry of interest
 * @ss: subsystem of interest
4386
 *
4387 4388 4389
 * If @dentry is a directory for a cgroup which has @ss enabled on it, try
 * to get the corresponding css and return it.  If such css doesn't exist
 * or can't be pinned, an ERR_PTR value is returned.
S
Stephane Eranian 已提交
4390
 */
4391 4392
struct cgroup_subsys_state *css_tryget_from_dir(struct dentry *dentry,
						struct cgroup_subsys *ss)
S
Stephane Eranian 已提交
4393
{
T
Tejun Heo 已提交
4394 4395
	struct kernfs_node *kn = kernfs_node_from_dentry(dentry);
	struct cgroup_subsys_state *css = NULL;
S
Stephane Eranian 已提交
4396
	struct cgroup *cgrp;
4397

4398
	/* is @dentry a cgroup dir? */
T
Tejun Heo 已提交
4399 4400
	if (dentry->d_sb->s_type != &cgroup_fs_type || !kn ||
	    kernfs_type(kn) != KERNFS_DIR)
S
Stephane Eranian 已提交
4401 4402
		return ERR_PTR(-EBADF);

4403 4404
	rcu_read_lock();

T
Tejun Heo 已提交
4405 4406 4407 4408 4409 4410 4411 4412
	/*
	 * This path doesn't originate from kernfs and @kn could already
	 * have been or be removed at any point.  @kn->priv is RCU
	 * protected for this access.  See destroy_locked() for details.
	 */
	cgrp = rcu_dereference(kn->priv);
	if (cgrp)
		css = cgroup_css(cgrp, ss);
4413 4414 4415 4416 4417 4418

	if (!css || !css_tryget(css))
		css = ERR_PTR(-ENOENT);

	rcu_read_unlock();
	return css;
S
Stephane Eranian 已提交
4419 4420
}

4421 4422 4423 4424 4425 4426 4427 4428 4429 4430 4431 4432
/**
 * css_from_id - lookup css by id
 * @id: the cgroup id
 * @ss: cgroup subsys to be looked into
 *
 * Returns the css if there's valid one with @id, otherwise returns NULL.
 * Should be called under rcu_read_lock().
 */
struct cgroup_subsys_state *css_from_id(int id, struct cgroup_subsys *ss)
{
	struct cgroup *cgrp;

T
Tejun Heo 已提交
4433
	cgroup_assert_mutexes_or_rcu_locked();
4434 4435 4436

	cgrp = idr_find(&ss->root->cgroup_idr, id);
	if (cgrp)
4437
		return cgroup_css(cgrp, ss);
4438
	return NULL;
S
Stephane Eranian 已提交
4439 4440
}

4441
#ifdef CONFIG_CGROUP_DEBUG
4442 4443
static struct cgroup_subsys_state *
debug_css_alloc(struct cgroup_subsys_state *parent_css)
4444 4445 4446 4447 4448 4449 4450 4451 4452
{
	struct cgroup_subsys_state *css = kzalloc(sizeof(*css), GFP_KERNEL);

	if (!css)
		return ERR_PTR(-ENOMEM);

	return css;
}

4453
static void debug_css_free(struct cgroup_subsys_state *css)
4454
{
4455
	kfree(css);
4456 4457
}

4458 4459
static u64 debug_taskcount_read(struct cgroup_subsys_state *css,
				struct cftype *cft)
4460
{
4461
	return cgroup_task_count(css->cgroup);
4462 4463
}

4464 4465
static u64 current_css_set_read(struct cgroup_subsys_state *css,
				struct cftype *cft)
4466 4467 4468 4469
{
	return (u64)(unsigned long)current->cgroups;
}

4470
static u64 current_css_set_refcount_read(struct cgroup_subsys_state *css,
L
Li Zefan 已提交
4471
					 struct cftype *cft)
4472 4473 4474 4475
{
	u64 count;

	rcu_read_lock();
4476
	count = atomic_read(&task_css_set(current)->refcount);
4477 4478 4479 4480
	rcu_read_unlock();
	return count;
}

4481
static int current_css_set_cg_links_read(struct seq_file *seq, void *v)
4482
{
4483
	struct cgrp_cset_link *link;
4484
	struct css_set *cset;
T
Tejun Heo 已提交
4485 4486 4487 4488 4489
	char *name_buf;

	name_buf = kmalloc(NAME_MAX + 1, GFP_KERNEL);
	if (!name_buf)
		return -ENOMEM;
4490

4491
	down_read(&css_set_rwsem);
4492
	rcu_read_lock();
4493
	cset = rcu_dereference(current->cgroups);
4494
	list_for_each_entry(link, &cset->cgrp_links, cgrp_link) {
4495
		struct cgroup *c = link->cgrp;
4496 4497
		const char *name = "?";

T
Tejun Heo 已提交
4498 4499 4500 4501
		if (c != cgroup_dummy_top) {
			cgroup_name(c, name_buf, NAME_MAX + 1);
			name = name_buf;
		}
4502

4503 4504
		seq_printf(seq, "Root %d group %s\n",
			   c->root->hierarchy_id, name);
4505 4506
	}
	rcu_read_unlock();
4507
	up_read(&css_set_rwsem);
T
Tejun Heo 已提交
4508
	kfree(name_buf);
4509 4510 4511 4512
	return 0;
}

#define MAX_TASKS_SHOWN_PER_CSS 25
4513
static int cgroup_css_links_read(struct seq_file *seq, void *v)
4514
{
4515
	struct cgroup_subsys_state *css = seq_css(seq);
4516
	struct cgrp_cset_link *link;
4517

4518
	down_read(&css_set_rwsem);
4519
	list_for_each_entry(link, &css->cgroup->cset_links, cset_link) {
4520
		struct css_set *cset = link->cset;
4521 4522
		struct task_struct *task;
		int count = 0;
T
Tejun Heo 已提交
4523

4524
		seq_printf(seq, "css_set %p\n", cset);
T
Tejun Heo 已提交
4525

4526
		list_for_each_entry(task, &cset->tasks, cg_list) {
T
Tejun Heo 已提交
4527 4528 4529 4530 4531 4532 4533 4534 4535
			if (count++ > MAX_TASKS_SHOWN_PER_CSS)
				goto overflow;
			seq_printf(seq, "  task %d\n", task_pid_vnr(task));
		}

		list_for_each_entry(task, &cset->mg_tasks, cg_list) {
			if (count++ > MAX_TASKS_SHOWN_PER_CSS)
				goto overflow;
			seq_printf(seq, "  task %d\n", task_pid_vnr(task));
4536
		}
T
Tejun Heo 已提交
4537 4538 4539
		continue;
	overflow:
		seq_puts(seq, "  ...\n");
4540
	}
4541
	up_read(&css_set_rwsem);
4542 4543 4544
	return 0;
}

4545
static u64 releasable_read(struct cgroup_subsys_state *css, struct cftype *cft)
4546
{
4547
	return test_bit(CGRP_RELEASABLE, &css->cgroup->flags);
4548 4549 4550 4551 4552 4553 4554 4555 4556 4557 4558 4559 4560 4561 4562 4563 4564 4565
}

static struct cftype debug_files[] =  {
	{
		.name = "taskcount",
		.read_u64 = debug_taskcount_read,
	},

	{
		.name = "current_css_set",
		.read_u64 = current_css_set_read,
	},

	{
		.name = "current_css_set_refcount",
		.read_u64 = current_css_set_refcount_read,
	},

4566 4567
	{
		.name = "current_css_set_cg_links",
4568
		.seq_show = current_css_set_cg_links_read,
4569 4570 4571 4572
	},

	{
		.name = "cgroup_css_links",
4573
		.seq_show = cgroup_css_links_read,
4574 4575
	},

4576 4577 4578 4579 4580
	{
		.name = "releasable",
		.read_u64 = releasable_read,
	},

4581 4582
	{ }	/* terminate */
};
4583

4584
struct cgroup_subsys debug_cgrp_subsys = {
4585 4586
	.css_alloc = debug_css_alloc,
	.css_free = debug_css_free,
4587
	.base_cftypes = debug_files,
4588 4589
};
#endif /* CONFIG_CGROUP_DEBUG */