1 // SPDX-License-Identifier: GPL-2.0-only 2 #include "cgroup-internal.h" 3 4 #include <linux/ctype.h> 5 #include <linux/kmod.h> 6 #include <linux/sort.h> 7 #include <linux/delay.h> 8 #include <linux/mm.h> 9 #include <linux/sched/signal.h> 10 #include <linux/sched/task.h> 11 #include <linux/magic.h> 12 #include <linux/slab.h> 13 #include <linux/vmalloc.h> 14 #include <linux/delayacct.h> 15 #include <linux/pid_namespace.h> 16 #include <linux/cgroupstats.h> 17 #include <linux/fs_parser.h> 18 19 #include <trace/events/cgroup.h> 20 21 /* 22 * pidlists linger the following amount before being destroyed. The goal 23 * is avoiding frequent destruction in the middle of consecutive read calls 24 * Expiring in the middle is a performance problem not a correctness one. 25 * 1 sec should be enough. 26 */ 27 #define CGROUP_PIDLIST_DESTROY_DELAY HZ 28 29 /* Controllers blocked by the commandline in v1 */ 30 static u16 cgroup_no_v1_mask; 31 32 /* disable named v1 mounts */ 33 static bool cgroup_no_v1_named; 34 35 /* 36 * pidlist destructions need to be flushed on cgroup destruction. Use a 37 * separate workqueue as flush domain. 38 */ 39 static struct workqueue_struct *cgroup_pidlist_destroy_wq; 40 41 /* protects cgroup_subsys->release_agent_path */ 42 static DEFINE_SPINLOCK(release_agent_path_lock); 43 cgroup1_ssid_disabled(int ssid)44 bool cgroup1_ssid_disabled(int ssid) 45 { 46 return cgroup_no_v1_mask & (1 << ssid); 47 } 48 cgroup1_subsys_absent(struct cgroup_subsys * ss)49 static bool cgroup1_subsys_absent(struct cgroup_subsys *ss) 50 { 51 /* Check also dfl_cftypes for file-less controllers, i.e. perf_event */ 52 return ss->legacy_cftypes == NULL && ss->dfl_cftypes; 53 } 54 55 /** 56 * cgroup_attach_task_all - attach task 'tsk' to all cgroups of task 'from' 57 * @from: attach to all cgroups of a given task 58 * @tsk: the task to be attached 59 * 60 * Return: %0 on success or a negative errno code on failure 61 */ cgroup_attach_task_all(struct task_struct * from,struct task_struct * tsk)62 int cgroup_attach_task_all(struct task_struct *from, struct task_struct *tsk) 63 { 64 struct cgroup_root *root; 65 int retval = 0; 66 67 cgroup_lock(); 68 cgroup_attach_lock(true); 69 for_each_root(root) { 70 struct cgroup *from_cgrp; 71 72 spin_lock_irq(&css_set_lock); 73 from_cgrp = task_cgroup_from_root(from, root); 74 spin_unlock_irq(&css_set_lock); 75 76 retval = cgroup_attach_task(from_cgrp, tsk, false); 77 if (retval) 78 break; 79 } 80 cgroup_attach_unlock(true); 81 cgroup_unlock(); 82 83 return retval; 84 } 85 EXPORT_SYMBOL_GPL(cgroup_attach_task_all); 86 87 /** 88 * cgroup_transfer_tasks - move tasks from one cgroup to another 89 * @to: cgroup to which the tasks will be moved 90 * @from: cgroup in which the tasks currently reside 91 * 92 * Locking rules between cgroup_post_fork() and the migration path 93 * guarantee that, if a task is forking while being migrated, the new child 94 * is guaranteed to be either visible in the source cgroup after the 95 * parent's migration is complete or put into the target cgroup. No task 96 * can slip out of migration through forking. 97 * 98 * Return: %0 on success or a negative errno code on failure 99 */ cgroup_transfer_tasks(struct cgroup * to,struct cgroup * from)100 int cgroup_transfer_tasks(struct cgroup *to, struct cgroup *from) 101 { 102 DEFINE_CGROUP_MGCTX(mgctx); 103 struct cgrp_cset_link *link; 104 struct css_task_iter it; 105 struct task_struct *task; 106 int ret; 107 108 if (cgroup_on_dfl(to)) 109 return -EINVAL; 110 111 ret = cgroup_migrate_vet_dst(to); 112 if (ret) 113 return ret; 114 115 cgroup_lock(); 116 117 cgroup_attach_lock(true); 118 119 /* all tasks in @from are being moved, all csets are source */ 120 spin_lock_irq(&css_set_lock); 121 list_for_each_entry(link, &from->cset_links, cset_link) 122 cgroup_migrate_add_src(link->cset, to, &mgctx); 123 spin_unlock_irq(&css_set_lock); 124 125 ret = cgroup_migrate_prepare_dst(&mgctx); 126 if (ret) 127 goto out_err; 128 129 /* 130 * Migrate tasks one-by-one until @from is empty. This fails iff 131 * ->can_attach() fails. 132 */ 133 do { 134 css_task_iter_start(&from->self, 0, &it); 135 136 do { 137 task = css_task_iter_next(&it); 138 } while (task && (task->flags & PF_EXITING)); 139 140 if (task) 141 get_task_struct(task); 142 css_task_iter_end(&it); 143 144 if (task) { 145 ret = cgroup_migrate(task, false, &mgctx); 146 if (!ret) 147 TRACE_CGROUP_PATH(transfer_tasks, to, task, false); 148 put_task_struct(task); 149 } 150 } while (task && !ret); 151 out_err: 152 cgroup_migrate_finish(&mgctx); 153 cgroup_attach_unlock(true); 154 cgroup_unlock(); 155 return ret; 156 } 157 158 /* 159 * Stuff for reading the 'tasks'/'procs' files. 160 * 161 * Reading this file can return large amounts of data if a cgroup has 162 * *lots* of attached tasks. So it may need several calls to read(), 163 * but we cannot guarantee that the information we produce is correct 164 * unless we produce it entirely atomically. 165 * 166 */ 167 168 /* which pidlist file are we talking about? */ 169 enum cgroup_filetype { 170 CGROUP_FILE_PROCS, 171 CGROUP_FILE_TASKS, 172 }; 173 174 /* 175 * A pidlist is a list of pids that virtually represents the contents of one 176 * of the cgroup files ("procs" or "tasks"). We keep a list of such pidlists, 177 * a pair (one each for procs, tasks) for each pid namespace that's relevant 178 * to the cgroup. 179 */ 180 struct cgroup_pidlist { 181 /* 182 * used to find which pidlist is wanted. doesn't change as long as 183 * this particular list stays in the list. 184 */ 185 struct { enum cgroup_filetype type; struct pid_namespace *ns; } key; 186 /* array of xids */ 187 pid_t *list; 188 /* how many elements the above list has */ 189 int length; 190 /* each of these stored in a list by its cgroup */ 191 struct list_head links; 192 /* pointer to the cgroup we belong to, for list removal purposes */ 193 struct cgroup *owner; 194 /* for delayed destruction */ 195 struct delayed_work destroy_dwork; 196 }; 197 198 /* 199 * Used to destroy all pidlists lingering waiting for destroy timer. None 200 * should be left afterwards. 201 */ cgroup1_pidlist_destroy_all(struct cgroup * cgrp)202 void cgroup1_pidlist_destroy_all(struct cgroup *cgrp) 203 { 204 struct cgroup_pidlist *l, *tmp_l; 205 206 mutex_lock(&cgrp->pidlist_mutex); 207 list_for_each_entry_safe(l, tmp_l, &cgrp->pidlists, links) 208 mod_delayed_work(cgroup_pidlist_destroy_wq, &l->destroy_dwork, 0); 209 mutex_unlock(&cgrp->pidlist_mutex); 210 211 flush_workqueue(cgroup_pidlist_destroy_wq); 212 BUG_ON(!list_empty(&cgrp->pidlists)); 213 } 214 cgroup_pidlist_destroy_work_fn(struct work_struct * work)215 static void cgroup_pidlist_destroy_work_fn(struct work_struct *work) 216 { 217 struct delayed_work *dwork = to_delayed_work(work); 218 struct cgroup_pidlist *l = container_of(dwork, struct cgroup_pidlist, 219 destroy_dwork); 220 struct cgroup_pidlist *tofree = NULL; 221 222 mutex_lock(&l->owner->pidlist_mutex); 223 224 /* 225 * Destroy iff we didn't get queued again. The state won't change 226 * as destroy_dwork can only be queued while locked. 227 */ 228 if (!delayed_work_pending(dwork)) { 229 list_del(&l->links); 230 kvfree(l->list); 231 put_pid_ns(l->key.ns); 232 tofree = l; 233 } 234 235 mutex_unlock(&l->owner->pidlist_mutex); 236 kfree(tofree); 237 } 238 239 /* 240 * pidlist_uniq - given a kmalloc()ed list, strip out all duplicate entries 241 * Returns the number of unique elements. 242 */ pidlist_uniq(pid_t * list,int length)243 static int pidlist_uniq(pid_t *list, int length) 244 { 245 int src, dest = 1; 246 247 /* 248 * we presume the 0th element is unique, so i starts at 1. trivial 249 * edge cases first; no work needs to be done for either 250 */ 251 if (length == 0 || length == 1) 252 return length; 253 /* src and dest walk down the list; dest counts unique elements */ 254 for (src = 1; src < length; src++) { 255 /* find next unique element */ 256 while (list[src] == list[src-1]) { 257 src++; 258 if (src == length) 259 goto after; 260 } 261 /* dest always points to where the next unique element goes */ 262 list[dest] = list[src]; 263 dest++; 264 } 265 after: 266 return dest; 267 } 268 269 /* 270 * The two pid files - task and cgroup.procs - guaranteed that the result 271 * is sorted, which forced this whole pidlist fiasco. As pid order is 272 * different per namespace, each namespace needs differently sorted list, 273 * making it impossible to use, for example, single rbtree of member tasks 274 * sorted by task pointer. As pidlists can be fairly large, allocating one 275 * per open file is dangerous, so cgroup had to implement shared pool of 276 * pidlists keyed by cgroup and namespace. 277 */ cmppid(const void * a,const void * b)278 static int cmppid(const void *a, const void *b) 279 { 280 return *(pid_t *)a - *(pid_t *)b; 281 } 282 cgroup_pidlist_find(struct cgroup * cgrp,enum cgroup_filetype type)283 static struct cgroup_pidlist *cgroup_pidlist_find(struct cgroup *cgrp, 284 enum cgroup_filetype type) 285 { 286 struct cgroup_pidlist *l; 287 /* don't need task_nsproxy() if we're looking at ourself */ 288 struct pid_namespace *ns = task_active_pid_ns(current); 289 290 lockdep_assert_held(&cgrp->pidlist_mutex); 291 292 list_for_each_entry(l, &cgrp->pidlists, links) 293 if (l->key.type == type && l->key.ns == ns) 294 return l; 295 return NULL; 296 } 297 298 /* 299 * find the appropriate pidlist for our purpose (given procs vs tasks) 300 * returns with the lock on that pidlist already held, and takes care 301 * of the use count, or returns NULL with no locks held if we're out of 302 * memory. 303 */ cgroup_pidlist_find_create(struct cgroup * cgrp,enum cgroup_filetype type)304 static struct cgroup_pidlist *cgroup_pidlist_find_create(struct cgroup *cgrp, 305 enum cgroup_filetype type) 306 { 307 struct cgroup_pidlist *l; 308 309 lockdep_assert_held(&cgrp->pidlist_mutex); 310 311 l = cgroup_pidlist_find(cgrp, type); 312 if (l) 313 return l; 314 315 /* entry not found; create a new one */ 316 l = kzalloc(sizeof(struct cgroup_pidlist), GFP_KERNEL); 317 if (!l) 318 return l; 319 320 INIT_DELAYED_WORK(&l->destroy_dwork, cgroup_pidlist_destroy_work_fn); 321 l->key.type = type; 322 /* don't need task_nsproxy() if we're looking at ourself */ 323 l->key.ns = get_pid_ns(task_active_pid_ns(current)); 324 l->owner = cgrp; 325 list_add(&l->links, &cgrp->pidlists); 326 return l; 327 } 328 329 /* 330 * Load a cgroup's pidarray with either procs' tgids or tasks' pids 331 */ pidlist_array_load(struct cgroup * cgrp,enum cgroup_filetype type,struct cgroup_pidlist ** lp)332 static int pidlist_array_load(struct cgroup *cgrp, enum cgroup_filetype type, 333 struct cgroup_pidlist **lp) 334 { 335 pid_t *array; 336 int length; 337 int pid, n = 0; /* used for populating the array */ 338 struct css_task_iter it; 339 struct task_struct *tsk; 340 struct cgroup_pidlist *l; 341 342 lockdep_assert_held(&cgrp->pidlist_mutex); 343 344 /* 345 * If cgroup gets more users after we read count, we won't have 346 * enough space - tough. This race is indistinguishable to the 347 * caller from the case that the additional cgroup users didn't 348 * show up until sometime later on. 349 */ 350 length = cgroup_task_count(cgrp); 351 array = kvmalloc_array(length, sizeof(pid_t), GFP_KERNEL); 352 if (!array) 353 return -ENOMEM; 354 /* now, populate the array */ 355 css_task_iter_start(&cgrp->self, 0, &it); 356 while ((tsk = css_task_iter_next(&it))) { 357 if (unlikely(n == length)) 358 break; 359 /* get tgid or pid for procs or tasks file respectively */ 360 if (type == CGROUP_FILE_PROCS) 361 pid = task_tgid_vnr(tsk); 362 else 363 pid = task_pid_vnr(tsk); 364 if (pid > 0) /* make sure to only use valid results */ 365 array[n++] = pid; 366 } 367 css_task_iter_end(&it); 368 length = n; 369 /* now sort & strip out duplicates (tgids or recycled thread PIDs) */ 370 sort(array, length, sizeof(pid_t), cmppid, NULL); 371 length = pidlist_uniq(array, length); 372 373 l = cgroup_pidlist_find_create(cgrp, type); 374 if (!l) { 375 kvfree(array); 376 return -ENOMEM; 377 } 378 379 /* store array, freeing old if necessary */ 380 kvfree(l->list); 381 l->list = array; 382 l->length = length; 383 *lp = l; 384 return 0; 385 } 386 387 /* 388 * seq_file methods for the tasks/procs files. The seq_file position is the 389 * next pid to display; the seq_file iterator is a pointer to the pid 390 * in the cgroup->l->list array. 391 */ 392 cgroup_pidlist_start(struct seq_file * s,loff_t * pos)393 static void *cgroup_pidlist_start(struct seq_file *s, loff_t *pos) 394 { 395 /* 396 * Initially we receive a position value that corresponds to 397 * one more than the last pid shown (or 0 on the first call or 398 * after a seek to the start). Use a binary-search to find the 399 * next pid to display, if any 400 */ 401 struct kernfs_open_file *of = s->private; 402 struct cgroup_file_ctx *ctx = of->priv; 403 struct cgroup *cgrp = seq_css(s)->cgroup; 404 struct cgroup_pidlist *l; 405 enum cgroup_filetype type = seq_cft(s)->private; 406 int index = 0, pid = *pos; 407 int *iter, ret; 408 409 mutex_lock(&cgrp->pidlist_mutex); 410 411 /* 412 * !NULL @ctx->procs1.pidlist indicates that this isn't the first 413 * start() after open. If the matching pidlist is around, we can use 414 * that. Look for it. Note that @ctx->procs1.pidlist can't be used 415 * directly. It could already have been destroyed. 416 */ 417 if (ctx->procs1.pidlist) 418 ctx->procs1.pidlist = cgroup_pidlist_find(cgrp, type); 419 420 /* 421 * Either this is the first start() after open or the matching 422 * pidlist has been destroyed inbetween. Create a new one. 423 */ 424 if (!ctx->procs1.pidlist) { 425 ret = pidlist_array_load(cgrp, type, &ctx->procs1.pidlist); 426 if (ret) 427 return ERR_PTR(ret); 428 } 429 l = ctx->procs1.pidlist; 430 431 if (pid) { 432 int end = l->length; 433 434 while (index < end) { 435 int mid = (index + end) / 2; 436 if (l->list[mid] == pid) { 437 index = mid; 438 break; 439 } else if (l->list[mid] < pid) 440 index = mid + 1; 441 else 442 end = mid; 443 } 444 } 445 /* If we're off the end of the array, we're done */ 446 if (index >= l->length) 447 return NULL; 448 /* Update the abstract position to be the actual pid that we found */ 449 iter = l->list + index; 450 *pos = *iter; 451 return iter; 452 } 453 cgroup_pidlist_stop(struct seq_file * s,void * v)454 static void cgroup_pidlist_stop(struct seq_file *s, void *v) 455 { 456 struct kernfs_open_file *of = s->private; 457 struct cgroup_file_ctx *ctx = of->priv; 458 struct cgroup_pidlist *l = ctx->procs1.pidlist; 459 460 if (l) 461 mod_delayed_work(cgroup_pidlist_destroy_wq, &l->destroy_dwork, 462 CGROUP_PIDLIST_DESTROY_DELAY); 463 mutex_unlock(&seq_css(s)->cgroup->pidlist_mutex); 464 } 465 cgroup_pidlist_next(struct seq_file * s,void * v,loff_t * pos)466 static void *cgroup_pidlist_next(struct seq_file *s, void *v, loff_t *pos) 467 { 468 struct kernfs_open_file *of = s->private; 469 struct cgroup_file_ctx *ctx = of->priv; 470 struct cgroup_pidlist *l = ctx->procs1.pidlist; 471 pid_t *p = v; 472 pid_t *end = l->list + l->length; 473 /* 474 * Advance to the next pid in the array. If this goes off the 475 * end, we're done 476 */ 477 p++; 478 if (p >= end) { 479 (*pos)++; 480 return NULL; 481 } else { 482 *pos = *p; 483 return p; 484 } 485 } 486 cgroup_pidlist_show(struct seq_file * s,void * v)487 static int cgroup_pidlist_show(struct seq_file *s, void *v) 488 { 489 seq_printf(s, "%d\n", *(int *)v); 490 491 return 0; 492 } 493 __cgroup1_procs_write(struct kernfs_open_file * of,char * buf,size_t nbytes,loff_t off,bool threadgroup)494 static ssize_t __cgroup1_procs_write(struct kernfs_open_file *of, 495 char *buf, size_t nbytes, loff_t off, 496 bool threadgroup) 497 { 498 struct cgroup *cgrp; 499 struct task_struct *task; 500 const struct cred *cred, *tcred; 501 ssize_t ret; 502 bool locked; 503 504 cgrp = cgroup_kn_lock_live(of->kn, false); 505 if (!cgrp) 506 return -ENODEV; 507 508 task = cgroup_procs_write_start(buf, threadgroup, &locked); 509 ret = PTR_ERR_OR_ZERO(task); 510 if (ret) 511 goto out_unlock; 512 513 /* 514 * Even if we're attaching all tasks in the thread group, we only need 515 * to check permissions on one of them. Check permissions using the 516 * credentials from file open to protect against inherited fd attacks. 517 */ 518 cred = of->file->f_cred; 519 tcred = get_task_cred(task); 520 if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) && 521 !uid_eq(cred->euid, tcred->uid) && 522 !uid_eq(cred->euid, tcred->suid)) 523 ret = -EACCES; 524 put_cred(tcred); 525 if (ret) 526 goto out_finish; 527 528 ret = cgroup_attach_task(cgrp, task, threadgroup); 529 530 out_finish: 531 cgroup_procs_write_finish(task, locked); 532 out_unlock: 533 cgroup_kn_unlock(of->kn); 534 535 return ret ?: nbytes; 536 } 537 cgroup1_procs_write(struct kernfs_open_file * of,char * buf,size_t nbytes,loff_t off)538 static ssize_t cgroup1_procs_write(struct kernfs_open_file *of, 539 char *buf, size_t nbytes, loff_t off) 540 { 541 return __cgroup1_procs_write(of, buf, nbytes, off, true); 542 } 543 cgroup1_tasks_write(struct kernfs_open_file * of,char * buf,size_t nbytes,loff_t off)544 static ssize_t cgroup1_tasks_write(struct kernfs_open_file *of, 545 char *buf, size_t nbytes, loff_t off) 546 { 547 return __cgroup1_procs_write(of, buf, nbytes, off, false); 548 } 549 cgroup_release_agent_write(struct kernfs_open_file * of,char * buf,size_t nbytes,loff_t off)550 static ssize_t cgroup_release_agent_write(struct kernfs_open_file *of, 551 char *buf, size_t nbytes, loff_t off) 552 { 553 struct cgroup *cgrp; 554 struct cgroup_file_ctx *ctx; 555 556 BUILD_BUG_ON(sizeof(cgrp->root->release_agent_path) < PATH_MAX); 557 558 /* 559 * Release agent gets called with all capabilities, 560 * require capabilities to set release agent. 561 */ 562 ctx = of->priv; 563 if ((ctx->ns->user_ns != &init_user_ns) || 564 !file_ns_capable(of->file, &init_user_ns, CAP_SYS_ADMIN)) 565 return -EPERM; 566 567 cgrp = cgroup_kn_lock_live(of->kn, false); 568 if (!cgrp) 569 return -ENODEV; 570 spin_lock(&release_agent_path_lock); 571 strscpy(cgrp->root->release_agent_path, strstrip(buf), 572 sizeof(cgrp->root->release_agent_path)); 573 spin_unlock(&release_agent_path_lock); 574 cgroup_kn_unlock(of->kn); 575 return nbytes; 576 } 577 cgroup_release_agent_show(struct seq_file * seq,void * v)578 static int cgroup_release_agent_show(struct seq_file *seq, void *v) 579 { 580 struct cgroup *cgrp = seq_css(seq)->cgroup; 581 582 spin_lock(&release_agent_path_lock); 583 seq_puts(seq, cgrp->root->release_agent_path); 584 spin_unlock(&release_agent_path_lock); 585 seq_putc(seq, '\n'); 586 return 0; 587 } 588 cgroup_sane_behavior_show(struct seq_file * seq,void * v)589 static int cgroup_sane_behavior_show(struct seq_file *seq, void *v) 590 { 591 seq_puts(seq, "0\n"); 592 return 0; 593 } 594 cgroup_read_notify_on_release(struct cgroup_subsys_state * css,struct cftype * cft)595 static u64 cgroup_read_notify_on_release(struct cgroup_subsys_state *css, 596 struct cftype *cft) 597 { 598 return notify_on_release(css->cgroup); 599 } 600 cgroup_write_notify_on_release(struct cgroup_subsys_state * css,struct cftype * cft,u64 val)601 static int cgroup_write_notify_on_release(struct cgroup_subsys_state *css, 602 struct cftype *cft, u64 val) 603 { 604 if (val) 605 set_bit(CGRP_NOTIFY_ON_RELEASE, &css->cgroup->flags); 606 else 607 clear_bit(CGRP_NOTIFY_ON_RELEASE, &css->cgroup->flags); 608 return 0; 609 } 610 cgroup_clone_children_read(struct cgroup_subsys_state * css,struct cftype * cft)611 static u64 cgroup_clone_children_read(struct cgroup_subsys_state *css, 612 struct cftype *cft) 613 { 614 return test_bit(CGRP_CPUSET_CLONE_CHILDREN, &css->cgroup->flags); 615 } 616 cgroup_clone_children_write(struct cgroup_subsys_state * css,struct cftype * cft,u64 val)617 static int cgroup_clone_children_write(struct cgroup_subsys_state *css, 618 struct cftype *cft, u64 val) 619 { 620 if (val) 621 set_bit(CGRP_CPUSET_CLONE_CHILDREN, &css->cgroup->flags); 622 else 623 clear_bit(CGRP_CPUSET_CLONE_CHILDREN, &css->cgroup->flags); 624 return 0; 625 } 626 627 /* cgroup core interface files for the legacy hierarchies */ 628 struct cftype cgroup1_base_files[] = { 629 { 630 .name = "cgroup.procs", 631 .seq_start = cgroup_pidlist_start, 632 .seq_next = cgroup_pidlist_next, 633 .seq_stop = cgroup_pidlist_stop, 634 .seq_show = cgroup_pidlist_show, 635 .private = CGROUP_FILE_PROCS, 636 .write = cgroup1_procs_write, 637 }, 638 { 639 .name = "cgroup.clone_children", 640 .read_u64 = cgroup_clone_children_read, 641 .write_u64 = cgroup_clone_children_write, 642 }, 643 { 644 .name = "cgroup.sane_behavior", 645 .flags = CFTYPE_ONLY_ON_ROOT, 646 .seq_show = cgroup_sane_behavior_show, 647 }, 648 { 649 .name = "tasks", 650 .seq_start = cgroup_pidlist_start, 651 .seq_next = cgroup_pidlist_next, 652 .seq_stop = cgroup_pidlist_stop, 653 .seq_show = cgroup_pidlist_show, 654 .private = CGROUP_FILE_TASKS, 655 .write = cgroup1_tasks_write, 656 }, 657 { 658 .name = "notify_on_release", 659 .read_u64 = cgroup_read_notify_on_release, 660 .write_u64 = cgroup_write_notify_on_release, 661 }, 662 { 663 .name = "release_agent", 664 .flags = CFTYPE_ONLY_ON_ROOT, 665 .seq_show = cgroup_release_agent_show, 666 .write = cgroup_release_agent_write, 667 .max_write_len = PATH_MAX - 1, 668 }, 669 { } /* terminate */ 670 }; 671 672 /* Display information about each subsystem and each hierarchy */ proc_cgroupstats_show(struct seq_file * m,void * v)673 int proc_cgroupstats_show(struct seq_file *m, void *v) 674 { 675 struct cgroup_subsys *ss; 676 int i; 677 678 seq_puts(m, "#subsys_name\thierarchy\tnum_cgroups\tenabled\n"); 679 /* 680 * Grab the subsystems state racily. No need to add avenue to 681 * cgroup_mutex contention. 682 */ 683 684 for_each_subsys(ss, i) { 685 if (cgroup1_subsys_absent(ss)) 686 continue; 687 seq_printf(m, "%s\t%d\t%d\t%d\n", 688 ss->legacy_name, ss->root->hierarchy_id, 689 atomic_read(&ss->root->nr_cgrps), 690 cgroup_ssid_enabled(i)); 691 } 692 693 return 0; 694 } 695 696 /** 697 * cgroupstats_build - build and fill cgroupstats 698 * @stats: cgroupstats to fill information into 699 * @dentry: A dentry entry belonging to the cgroup for which stats have 700 * been requested. 701 * 702 * Build and fill cgroupstats so that taskstats can export it to user 703 * space. 704 * 705 * Return: %0 on success or a negative errno code on failure 706 */ cgroupstats_build(struct cgroupstats * stats,struct dentry * dentry)707 int cgroupstats_build(struct cgroupstats *stats, struct dentry *dentry) 708 { 709 struct kernfs_node *kn = kernfs_node_from_dentry(dentry); 710 struct cgroup *cgrp; 711 struct css_task_iter it; 712 struct task_struct *tsk; 713 714 /* it should be kernfs_node belonging to cgroupfs and is a directory */ 715 if (dentry->d_sb->s_type != &cgroup_fs_type || !kn || 716 kernfs_type(kn) != KERNFS_DIR) 717 return -EINVAL; 718 719 /* 720 * We aren't being called from kernfs and there's no guarantee on 721 * @kn->priv's validity. For this and css_tryget_online_from_dir(), 722 * @kn->priv is RCU safe. Let's do the RCU dancing. 723 */ 724 rcu_read_lock(); 725 cgrp = rcu_dereference(*(void __rcu __force **)&kn->priv); 726 if (!cgrp || !cgroup_tryget(cgrp)) { 727 rcu_read_unlock(); 728 return -ENOENT; 729 } 730 rcu_read_unlock(); 731 732 css_task_iter_start(&cgrp->self, 0, &it); 733 while ((tsk = css_task_iter_next(&it))) { 734 switch (READ_ONCE(tsk->__state)) { 735 case TASK_RUNNING: 736 stats->nr_running++; 737 break; 738 case TASK_INTERRUPTIBLE: 739 stats->nr_sleeping++; 740 break; 741 case TASK_UNINTERRUPTIBLE: 742 stats->nr_uninterruptible++; 743 break; 744 case TASK_STOPPED: 745 stats->nr_stopped++; 746 break; 747 default: 748 if (tsk->in_iowait) 749 stats->nr_io_wait++; 750 break; 751 } 752 } 753 css_task_iter_end(&it); 754 755 cgroup_put(cgrp); 756 return 0; 757 } 758 cgroup1_check_for_release(struct cgroup * cgrp)759 void cgroup1_check_for_release(struct cgroup *cgrp) 760 { 761 if (notify_on_release(cgrp) && !cgroup_is_populated(cgrp) && 762 !css_has_online_children(&cgrp->self) && !cgroup_is_dead(cgrp)) 763 schedule_work(&cgrp->release_agent_work); 764 } 765 766 /* 767 * Notify userspace when a cgroup is released, by running the 768 * configured release agent with the name of the cgroup (path 769 * relative to the root of cgroup file system) as the argument. 770 * 771 * Most likely, this user command will try to rmdir this cgroup. 772 * 773 * This races with the possibility that some other task will be 774 * attached to this cgroup before it is removed, or that some other 775 * user task will 'mkdir' a child cgroup of this cgroup. That's ok. 776 * The presumed 'rmdir' will fail quietly if this cgroup is no longer 777 * unused, and this cgroup will be reprieved from its death sentence, 778 * to continue to serve a useful existence. Next time it's released, 779 * we will get notified again, if it still has 'notify_on_release' set. 780 * 781 * The final arg to call_usermodehelper() is UMH_WAIT_EXEC, which 782 * means only wait until the task is successfully execve()'d. The 783 * separate release agent task is forked by call_usermodehelper(), 784 * then control in this thread returns here, without waiting for the 785 * release agent task. We don't bother to wait because the caller of 786 * this routine has no use for the exit status of the release agent 787 * task, so no sense holding our caller up for that. 788 */ cgroup1_release_agent(struct work_struct * work)789 void cgroup1_release_agent(struct work_struct *work) 790 { 791 struct cgroup *cgrp = 792 container_of(work, struct cgroup, release_agent_work); 793 char *pathbuf, *agentbuf; 794 char *argv[3], *envp[3]; 795 int ret; 796 797 /* snoop agent path and exit early if empty */ 798 if (!cgrp->root->release_agent_path[0]) 799 return; 800 801 /* prepare argument buffers */ 802 pathbuf = kmalloc(PATH_MAX, GFP_KERNEL); 803 agentbuf = kmalloc(PATH_MAX, GFP_KERNEL); 804 if (!pathbuf || !agentbuf) 805 goto out_free; 806 807 spin_lock(&release_agent_path_lock); 808 strscpy(agentbuf, cgrp->root->release_agent_path, PATH_MAX); 809 spin_unlock(&release_agent_path_lock); 810 if (!agentbuf[0]) 811 goto out_free; 812 813 ret = cgroup_path_ns(cgrp, pathbuf, PATH_MAX, &init_cgroup_ns); 814 if (ret < 0) 815 goto out_free; 816 817 argv[0] = agentbuf; 818 argv[1] = pathbuf; 819 argv[2] = NULL; 820 821 /* minimal command environment */ 822 envp[0] = "HOME=/"; 823 envp[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin"; 824 envp[2] = NULL; 825 826 call_usermodehelper(argv[0], argv, envp, UMH_WAIT_EXEC); 827 out_free: 828 kfree(agentbuf); 829 kfree(pathbuf); 830 } 831 832 /* 833 * cgroup_rename - Only allow simple rename of directories in place. 834 */ cgroup1_rename(struct kernfs_node * kn,struct kernfs_node * new_parent,const char * new_name_str)835 static int cgroup1_rename(struct kernfs_node *kn, struct kernfs_node *new_parent, 836 const char *new_name_str) 837 { 838 struct cgroup *cgrp = kn->priv; 839 int ret; 840 841 /* do not accept '\n' to prevent making /proc/<pid>/cgroup unparsable */ 842 if (strchr(new_name_str, '\n')) 843 return -EINVAL; 844 845 if (kernfs_type(kn) != KERNFS_DIR) 846 return -ENOTDIR; 847 if (kn->parent != new_parent) 848 return -EIO; 849 850 /* 851 * We're gonna grab cgroup_mutex which nests outside kernfs 852 * active_ref. kernfs_rename() doesn't require active_ref 853 * protection. Break them before grabbing cgroup_mutex. 854 */ 855 kernfs_break_active_protection(new_parent); 856 kernfs_break_active_protection(kn); 857 858 cgroup_lock(); 859 860 ret = kernfs_rename(kn, new_parent, new_name_str); 861 if (!ret) 862 TRACE_CGROUP_PATH(rename, cgrp); 863 864 cgroup_unlock(); 865 866 kernfs_unbreak_active_protection(kn); 867 kernfs_unbreak_active_protection(new_parent); 868 return ret; 869 } 870 cgroup1_show_options(struct seq_file * seq,struct kernfs_root * kf_root)871 static int cgroup1_show_options(struct seq_file *seq, struct kernfs_root *kf_root) 872 { 873 struct cgroup_root *root = cgroup_root_from_kf(kf_root); 874 struct cgroup_subsys *ss; 875 int ssid; 876 877 for_each_subsys(ss, ssid) 878 if (root->subsys_mask & (1 << ssid)) 879 seq_show_option(seq, ss->legacy_name, NULL); 880 if (root->flags & CGRP_ROOT_NOPREFIX) 881 seq_puts(seq, ",noprefix"); 882 if (root->flags & CGRP_ROOT_XATTR) 883 seq_puts(seq, ",xattr"); 884 if (root->flags & CGRP_ROOT_CPUSET_V2_MODE) 885 seq_puts(seq, ",cpuset_v2_mode"); 886 if (root->flags & CGRP_ROOT_FAVOR_DYNMODS) 887 seq_puts(seq, ",favordynmods"); 888 889 spin_lock(&release_agent_path_lock); 890 if (strlen(root->release_agent_path)) 891 seq_show_option(seq, "release_agent", 892 root->release_agent_path); 893 spin_unlock(&release_agent_path_lock); 894 895 if (test_bit(CGRP_CPUSET_CLONE_CHILDREN, &root->cgrp.flags)) 896 seq_puts(seq, ",clone_children"); 897 if (strlen(root->name)) 898 seq_show_option(seq, "name", root->name); 899 return 0; 900 } 901 902 enum cgroup1_param { 903 Opt_all, 904 Opt_clone_children, 905 Opt_cpuset_v2_mode, 906 Opt_name, 907 Opt_none, 908 Opt_noprefix, 909 Opt_release_agent, 910 Opt_xattr, 911 Opt_favordynmods, 912 Opt_nofavordynmods, 913 }; 914 915 const struct fs_parameter_spec cgroup1_fs_parameters[] = { 916 fsparam_flag ("all", Opt_all), 917 fsparam_flag ("clone_children", Opt_clone_children), 918 fsparam_flag ("cpuset_v2_mode", Opt_cpuset_v2_mode), 919 fsparam_string("name", Opt_name), 920 fsparam_flag ("none", Opt_none), 921 fsparam_flag ("noprefix", Opt_noprefix), 922 fsparam_string("release_agent", Opt_release_agent), 923 fsparam_flag ("xattr", Opt_xattr), 924 fsparam_flag ("favordynmods", Opt_favordynmods), 925 fsparam_flag ("nofavordynmods", Opt_nofavordynmods), 926 {} 927 }; 928 cgroup1_parse_param(struct fs_context * fc,struct fs_parameter * param)929 int cgroup1_parse_param(struct fs_context *fc, struct fs_parameter *param) 930 { 931 struct cgroup_fs_context *ctx = cgroup_fc2context(fc); 932 struct cgroup_subsys *ss; 933 struct fs_parse_result result; 934 int opt, i; 935 936 opt = fs_parse(fc, cgroup1_fs_parameters, param, &result); 937 if (opt == -ENOPARAM) { 938 int ret; 939 940 ret = vfs_parse_fs_param_source(fc, param); 941 if (ret != -ENOPARAM) 942 return ret; 943 for_each_subsys(ss, i) { 944 if (strcmp(param->key, ss->legacy_name) || 945 cgroup1_subsys_absent(ss)) 946 continue; 947 if (!cgroup_ssid_enabled(i) || cgroup1_ssid_disabled(i)) 948 return invalfc(fc, "Disabled controller '%s'", 949 param->key); 950 ctx->subsys_mask |= (1 << i); 951 return 0; 952 } 953 return invalfc(fc, "Unknown subsys name '%s'", param->key); 954 } 955 if (opt < 0) 956 return opt; 957 958 switch (opt) { 959 case Opt_none: 960 /* Explicitly have no subsystems */ 961 ctx->none = true; 962 break; 963 case Opt_all: 964 ctx->all_ss = true; 965 break; 966 case Opt_noprefix: 967 ctx->flags |= CGRP_ROOT_NOPREFIX; 968 break; 969 case Opt_clone_children: 970 ctx->cpuset_clone_children = true; 971 break; 972 case Opt_cpuset_v2_mode: 973 ctx->flags |= CGRP_ROOT_CPUSET_V2_MODE; 974 break; 975 case Opt_xattr: 976 ctx->flags |= CGRP_ROOT_XATTR; 977 break; 978 case Opt_favordynmods: 979 ctx->flags |= CGRP_ROOT_FAVOR_DYNMODS; 980 break; 981 case Opt_nofavordynmods: 982 ctx->flags &= ~CGRP_ROOT_FAVOR_DYNMODS; 983 break; 984 case Opt_release_agent: 985 /* Specifying two release agents is forbidden */ 986 if (ctx->release_agent) 987 return invalfc(fc, "release_agent respecified"); 988 /* 989 * Release agent gets called with all capabilities, 990 * require capabilities to set release agent. 991 */ 992 if ((fc->user_ns != &init_user_ns) || !capable(CAP_SYS_ADMIN)) 993 return invalfc(fc, "Setting release_agent not allowed"); 994 ctx->release_agent = param->string; 995 param->string = NULL; 996 break; 997 case Opt_name: 998 /* blocked by boot param? */ 999 if (cgroup_no_v1_named) 1000 return -ENOENT; 1001 /* Can't specify an empty name */ 1002 if (!param->size) 1003 return invalfc(fc, "Empty name"); 1004 if (param->size > MAX_CGROUP_ROOT_NAMELEN - 1) 1005 return invalfc(fc, "Name too long"); 1006 /* Must match [\w.-]+ */ 1007 for (i = 0; i < param->size; i++) { 1008 char c = param->string[i]; 1009 if (isalnum(c)) 1010 continue; 1011 if ((c == '.') || (c == '-') || (c == '_')) 1012 continue; 1013 return invalfc(fc, "Invalid name"); 1014 } 1015 /* Specifying two names is forbidden */ 1016 if (ctx->name) 1017 return invalfc(fc, "name respecified"); 1018 ctx->name = param->string; 1019 param->string = NULL; 1020 break; 1021 } 1022 return 0; 1023 } 1024 check_cgroupfs_options(struct fs_context * fc)1025 static int check_cgroupfs_options(struct fs_context *fc) 1026 { 1027 struct cgroup_fs_context *ctx = cgroup_fc2context(fc); 1028 u16 mask = U16_MAX; 1029 u16 enabled = 0; 1030 struct cgroup_subsys *ss; 1031 int i; 1032 1033 #ifdef CONFIG_CPUSETS 1034 mask = ~((u16)1 << cpuset_cgrp_id); 1035 #endif 1036 for_each_subsys(ss, i) 1037 if (cgroup_ssid_enabled(i) && !cgroup1_ssid_disabled(i) && 1038 !cgroup1_subsys_absent(ss)) 1039 enabled |= 1 << i; 1040 1041 ctx->subsys_mask &= enabled; 1042 1043 /* 1044 * In absence of 'none', 'name=' and subsystem name options, 1045 * let's default to 'all'. 1046 */ 1047 if (!ctx->subsys_mask && !ctx->none && !ctx->name) 1048 ctx->all_ss = true; 1049 1050 if (ctx->all_ss) { 1051 /* Mutually exclusive option 'all' + subsystem name */ 1052 if (ctx->subsys_mask) 1053 return invalfc(fc, "subsys name conflicts with all"); 1054 /* 'all' => select all the subsystems */ 1055 ctx->subsys_mask = enabled; 1056 } 1057 1058 /* 1059 * We either have to specify by name or by subsystems. (So all 1060 * empty hierarchies must have a name). 1061 */ 1062 if (!ctx->subsys_mask && !ctx->name) 1063 return invalfc(fc, "Need name or subsystem set"); 1064 1065 /* 1066 * Option noprefix was introduced just for backward compatibility 1067 * with the old cpuset, so we allow noprefix only if mounting just 1068 * the cpuset subsystem. 1069 */ 1070 if ((ctx->flags & CGRP_ROOT_NOPREFIX) && (ctx->subsys_mask & mask)) 1071 return invalfc(fc, "noprefix used incorrectly"); 1072 1073 /* Can't specify "none" and some subsystems */ 1074 if (ctx->subsys_mask && ctx->none) 1075 return invalfc(fc, "none used incorrectly"); 1076 1077 return 0; 1078 } 1079 cgroup1_reconfigure(struct fs_context * fc)1080 int cgroup1_reconfigure(struct fs_context *fc) 1081 { 1082 struct cgroup_fs_context *ctx = cgroup_fc2context(fc); 1083 struct kernfs_root *kf_root = kernfs_root_from_sb(fc->root->d_sb); 1084 struct cgroup_root *root = cgroup_root_from_kf(kf_root); 1085 int ret = 0; 1086 u16 added_mask, removed_mask; 1087 1088 cgroup_lock_and_drain_offline(&cgrp_dfl_root.cgrp); 1089 1090 /* See what subsystems are wanted */ 1091 ret = check_cgroupfs_options(fc); 1092 if (ret) 1093 goto out_unlock; 1094 1095 if (ctx->subsys_mask != root->subsys_mask || ctx->release_agent) 1096 pr_warn("option changes via remount are deprecated (pid=%d comm=%s)\n", 1097 task_tgid_nr(current), current->comm); 1098 1099 added_mask = ctx->subsys_mask & ~root->subsys_mask; 1100 removed_mask = root->subsys_mask & ~ctx->subsys_mask; 1101 1102 /* Don't allow flags or name to change at remount */ 1103 if ((ctx->flags ^ root->flags) || 1104 (ctx->name && strcmp(ctx->name, root->name))) { 1105 errorfc(fc, "option or name mismatch, new: 0x%x \"%s\", old: 0x%x \"%s\"", 1106 ctx->flags, ctx->name ?: "", root->flags, root->name); 1107 ret = -EINVAL; 1108 goto out_unlock; 1109 } 1110 1111 /* remounting is not allowed for populated hierarchies */ 1112 if (!list_empty(&root->cgrp.self.children)) { 1113 ret = -EBUSY; 1114 goto out_unlock; 1115 } 1116 1117 ret = rebind_subsystems(root, added_mask); 1118 if (ret) 1119 goto out_unlock; 1120 1121 WARN_ON(rebind_subsystems(&cgrp_dfl_root, removed_mask)); 1122 1123 if (ctx->release_agent) { 1124 spin_lock(&release_agent_path_lock); 1125 strcpy(root->release_agent_path, ctx->release_agent); 1126 spin_unlock(&release_agent_path_lock); 1127 } 1128 1129 trace_cgroup_remount(root); 1130 1131 out_unlock: 1132 cgroup_unlock(); 1133 return ret; 1134 } 1135 1136 struct kernfs_syscall_ops cgroup1_kf_syscall_ops = { 1137 .rename = cgroup1_rename, 1138 .show_options = cgroup1_show_options, 1139 .mkdir = cgroup_mkdir, 1140 .rmdir = cgroup_rmdir, 1141 .show_path = cgroup_show_path, 1142 }; 1143 1144 /* 1145 * The guts of cgroup1 mount - find or create cgroup_root to use. 1146 * Called with cgroup_mutex held; returns 0 on success, -E... on 1147 * error and positive - in case when the candidate is busy dying. 1148 * On success it stashes a reference to cgroup_root into given 1149 * cgroup_fs_context; that reference is *NOT* counting towards the 1150 * cgroup_root refcount. 1151 */ cgroup1_root_to_use(struct fs_context * fc)1152 static int cgroup1_root_to_use(struct fs_context *fc) 1153 { 1154 struct cgroup_fs_context *ctx = cgroup_fc2context(fc); 1155 struct cgroup_root *root; 1156 struct cgroup_subsys *ss; 1157 int i, ret; 1158 1159 /* First find the desired set of subsystems */ 1160 ret = check_cgroupfs_options(fc); 1161 if (ret) 1162 return ret; 1163 1164 /* 1165 * Destruction of cgroup root is asynchronous, so subsystems may 1166 * still be dying after the previous unmount. Let's drain the 1167 * dying subsystems. We just need to ensure that the ones 1168 * unmounted previously finish dying and don't care about new ones 1169 * starting. Testing ref liveliness is good enough. 1170 */ 1171 for_each_subsys(ss, i) { 1172 if (!(ctx->subsys_mask & (1 << i)) || 1173 ss->root == &cgrp_dfl_root) 1174 continue; 1175 1176 if (!percpu_ref_tryget_live(&ss->root->cgrp.self.refcnt)) 1177 return 1; /* restart */ 1178 cgroup_put(&ss->root->cgrp); 1179 } 1180 1181 for_each_root(root) { 1182 bool name_match = false; 1183 1184 if (root == &cgrp_dfl_root) 1185 continue; 1186 1187 /* 1188 * If we asked for a name then it must match. Also, if 1189 * name matches but sybsys_mask doesn't, we should fail. 1190 * Remember whether name matched. 1191 */ 1192 if (ctx->name) { 1193 if (strcmp(ctx->name, root->name)) 1194 continue; 1195 name_match = true; 1196 } 1197 1198 /* 1199 * If we asked for subsystems (or explicitly for no 1200 * subsystems) then they must match. 1201 */ 1202 if ((ctx->subsys_mask || ctx->none) && 1203 (ctx->subsys_mask != root->subsys_mask)) { 1204 if (!name_match) 1205 continue; 1206 return -EBUSY; 1207 } 1208 1209 if (root->flags ^ ctx->flags) 1210 pr_warn("new mount options do not match the existing superblock, will be ignored\n"); 1211 1212 ctx->root = root; 1213 return 0; 1214 } 1215 1216 /* 1217 * No such thing, create a new one. name= matching without subsys 1218 * specification is allowed for already existing hierarchies but we 1219 * can't create new one without subsys specification. 1220 */ 1221 if (!ctx->subsys_mask && !ctx->none) 1222 return invalfc(fc, "No subsys list or none specified"); 1223 1224 /* Hierarchies may only be created in the initial cgroup namespace. */ 1225 if (ctx->ns != &init_cgroup_ns) 1226 return -EPERM; 1227 1228 root = kzalloc(sizeof(*root), GFP_KERNEL); 1229 if (!root) 1230 return -ENOMEM; 1231 1232 ctx->root = root; 1233 init_cgroup_root(ctx); 1234 1235 ret = cgroup_setup_root(root, ctx->subsys_mask); 1236 if (!ret) 1237 cgroup_favor_dynmods(root, ctx->flags & CGRP_ROOT_FAVOR_DYNMODS); 1238 else 1239 cgroup_free_root(root); 1240 1241 return ret; 1242 } 1243 cgroup1_get_tree(struct fs_context * fc)1244 int cgroup1_get_tree(struct fs_context *fc) 1245 { 1246 struct cgroup_fs_context *ctx = cgroup_fc2context(fc); 1247 int ret; 1248 1249 /* Check if the caller has permission to mount. */ 1250 if (!ns_capable(ctx->ns->user_ns, CAP_SYS_ADMIN)) 1251 return -EPERM; 1252 1253 cgroup_lock_and_drain_offline(&cgrp_dfl_root.cgrp); 1254 1255 ret = cgroup1_root_to_use(fc); 1256 if (!ret && !percpu_ref_tryget_live(&ctx->root->cgrp.self.refcnt)) 1257 ret = 1; /* restart */ 1258 1259 cgroup_unlock(); 1260 1261 if (!ret) 1262 ret = cgroup_do_get_tree(fc); 1263 1264 if (!ret && percpu_ref_is_dying(&ctx->root->cgrp.self.refcnt)) { 1265 fc_drop_locked(fc); 1266 ret = 1; 1267 } 1268 1269 if (unlikely(ret > 0)) { 1270 msleep(10); 1271 return restart_syscall(); 1272 } 1273 return ret; 1274 } 1275 1276 /** 1277 * task_get_cgroup1 - Acquires the associated cgroup of a task within a 1278 * specific cgroup1 hierarchy. The cgroup1 hierarchy is identified by its 1279 * hierarchy ID. 1280 * @tsk: The target task 1281 * @hierarchy_id: The ID of a cgroup1 hierarchy 1282 * 1283 * On success, the cgroup is returned. On failure, ERR_PTR is returned. 1284 * We limit it to cgroup1 only. 1285 */ task_get_cgroup1(struct task_struct * tsk,int hierarchy_id)1286 struct cgroup *task_get_cgroup1(struct task_struct *tsk, int hierarchy_id) 1287 { 1288 struct cgroup *cgrp = ERR_PTR(-ENOENT); 1289 struct cgroup_root *root; 1290 unsigned long flags; 1291 1292 rcu_read_lock(); 1293 for_each_root(root) { 1294 /* cgroup1 only*/ 1295 if (root == &cgrp_dfl_root) 1296 continue; 1297 if (root->hierarchy_id != hierarchy_id) 1298 continue; 1299 spin_lock_irqsave(&css_set_lock, flags); 1300 cgrp = task_cgroup_from_root(tsk, root); 1301 if (!cgrp || !cgroup_tryget(cgrp)) 1302 cgrp = ERR_PTR(-ENOENT); 1303 spin_unlock_irqrestore(&css_set_lock, flags); 1304 break; 1305 } 1306 rcu_read_unlock(); 1307 return cgrp; 1308 } 1309 cgroup1_wq_init(void)1310 static int __init cgroup1_wq_init(void) 1311 { 1312 /* 1313 * Used to destroy pidlists and separate to serve as flush domain. 1314 * Cap @max_active to 1 too. 1315 */ 1316 cgroup_pidlist_destroy_wq = alloc_workqueue("cgroup_pidlist_destroy", 1317 0, 1); 1318 BUG_ON(!cgroup_pidlist_destroy_wq); 1319 return 0; 1320 } 1321 core_initcall(cgroup1_wq_init); 1322 cgroup_no_v1(char * str)1323 static int __init cgroup_no_v1(char *str) 1324 { 1325 struct cgroup_subsys *ss; 1326 char *token; 1327 int i; 1328 1329 while ((token = strsep(&str, ",")) != NULL) { 1330 if (!*token) 1331 continue; 1332 1333 if (!strcmp(token, "all")) { 1334 cgroup_no_v1_mask = U16_MAX; 1335 continue; 1336 } 1337 1338 if (!strcmp(token, "named")) { 1339 cgroup_no_v1_named = true; 1340 continue; 1341 } 1342 1343 for_each_subsys(ss, i) { 1344 if (strcmp(token, ss->name) && 1345 strcmp(token, ss->legacy_name)) 1346 continue; 1347 1348 cgroup_no_v1_mask |= 1 << i; 1349 break; 1350 } 1351 } 1352 return 1; 1353 } 1354 __setup("cgroup_no_v1=", cgroup_no_v1); 1355