1/* SPDX-License-Identifier: GPL-2.0 */
2/*
3 * linux/cgroup-defs.h - basic definitions for cgroup
4 *
5 * This file provides basic type and interface. Include this file directly
6 * only if necessary to avoid cyclic dependencies.
7 */
8#ifndef _LINUX_CGROUP_DEFS_H
9#define _LINUX_CGROUP_DEFS_H
10
11#include <linux/limits.h>
12#include <linux/list.h>
13#include <linux/idr.h>
14#include <linux/wait.h>
15#include <linux/mutex.h>
16#include <linux/rcupdate.h>
17#include <linux/refcount.h>
18#include <linux/percpu-refcount.h>
19#include <linux/percpu-rwsem.h>
20#include <linux/u64_stats_sync.h>
21#include <linux/workqueue.h>
22#include <linux/bpf-cgroup.h>
23#include <linux/psi_types.h>
24
25#ifdef CONFIG_CGROUPS
26
27struct cgroup;
28struct cgroup_root;
29struct cgroup_subsys;
30struct cgroup_taskset;
31struct kernfs_node;
32struct kernfs_ops;
33struct kernfs_open_file;
34struct seq_file;
35struct poll_table_struct;
36
37#define MAX_CGROUP_TYPE_NAMELEN 32
38#define MAX_CGROUP_ROOT_NAMELEN 64
39#define MAX_CFTYPE_NAME 64
40
41/* define the enumeration of all cgroup subsystems */
42#define SUBSYS(_x) _x ## _cgrp_id,
43enum cgroup_subsys_id {
44#include <linux/cgroup_subsys.h>
45 CGROUP_SUBSYS_COUNT,
46};
47#undef SUBSYS
48
49/* bits in struct cgroup_subsys_state flags field */
50enum {
51 CSS_NO_REF = (1 << 0), /* no reference counting for this css */
52 CSS_ONLINE = (1 << 1), /* between ->css_online() and ->css_offline() */
53 CSS_RELEASED = (1 << 2), /* refcnt reached zero, released */
54 CSS_VISIBLE = (1 << 3), /* css is visible to userland */
55 CSS_DYING = (1 << 4), /* css is dying */
56};
57
58/* bits in struct cgroup flags field */
59enum {
60 /* Control Group requires release notifications to userspace */
61 CGRP_NOTIFY_ON_RELEASE,
62 /*
63 * Clone the parent's configuration when creating a new child
64 * cpuset cgroup. For historical reasons, this option can be
65 * specified at mount time and thus is implemented here.
66 */
67 CGRP_CPUSET_CLONE_CHILDREN,
68};
69
70/* cgroup_root->flags */
71enum {
72 CGRP_ROOT_NOPREFIX = (1 << 1), /* mounted subsystems have no named prefix */
73 CGRP_ROOT_XATTR = (1 << 2), /* supports extended attributes */
74
75 /*
76 * Consider namespaces as delegation boundaries. If this flag is
77 * set, controller specific interface files in a namespace root
78 * aren't writeable from inside the namespace.
79 */
80 CGRP_ROOT_NS_DELEGATE = (1 << 3),
81
82 /*
83 * Enable cpuset controller in v1 cgroup to use v2 behavior.
84 */
85 CGRP_ROOT_CPUSET_V2_MODE = (1 << 4),
86};
87
88/* cftype->flags */
89enum {
90 CFTYPE_ONLY_ON_ROOT = (1 << 0), /* only create on root cgrp */
91 CFTYPE_NOT_ON_ROOT = (1 << 1), /* don't create on root cgrp */
92 CFTYPE_NS_DELEGATABLE = (1 << 2), /* writeable beyond delegation boundaries */
93
94 CFTYPE_NO_PREFIX = (1 << 3), /* (DON'T USE FOR NEW FILES) no subsys prefix */
95 CFTYPE_WORLD_WRITABLE = (1 << 4), /* (DON'T USE FOR NEW FILES) S_IWUGO */
96 CFTYPE_DEBUG = (1 << 5), /* create when cgroup_debug */
97
98 /* internal flags, do not use outside cgroup core proper */
99 __CFTYPE_ONLY_ON_DFL = (1 << 16), /* only on default hierarchy */
100 __CFTYPE_NOT_ON_DFL = (1 << 17), /* not on default hierarchy */
101};
102
103/*
104 * cgroup_file is the handle for a file instance created in a cgroup which
105 * is used, for example, to generate file changed notifications. This can
106 * be obtained by setting cftype->file_offset.
107 */
108struct cgroup_file {
109 /* do not access any fields from outside cgroup core */
110 struct kernfs_node *kn;
111 unsigned long notified_at;
112 struct timer_list notify_timer;
113};
114
115/*
116 * Per-subsystem/per-cgroup state maintained by the system. This is the
117 * fundamental structural building block that controllers deal with.
118 *
119 * Fields marked with "PI:" are public and immutable and may be accessed
120 * directly without synchronization.
121 */
122struct cgroup_subsys_state {
123 /* PI: the cgroup that this css is attached to */
124 struct cgroup *cgroup;
125
126 /* PI: the cgroup subsystem that this css is attached to */
127 struct cgroup_subsys *ss;
128
129 /* reference count - access via css_[try]get() and css_put() */
130 struct percpu_ref refcnt;
131
132 /* siblings list anchored at the parent's ->children */
133 struct list_head sibling;
134 struct list_head children;
135
136 /* flush target list anchored at cgrp->rstat_css_list */
137 struct list_head rstat_css_node;
138
139 /*
140 * PI: Subsys-unique ID. 0 is unused and root is always 1. The
141 * matching css can be looked up using css_from_id().
142 */
143 int id;
144
145 unsigned int flags;
146
147 /*
148 * Monotonically increasing unique serial number which defines a
149 * uniform order among all csses. It's guaranteed that all
150 * ->children lists are in the ascending order of ->serial_nr and
151 * used to allow interrupting and resuming iterations.
152 */
153 u64 serial_nr;
154
155 /*
156 * Incremented by online self and children. Used to guarantee that
157 * parents are not offlined before their children.
158 */
159 atomic_t online_cnt;
160
161 /* percpu_ref killing and RCU release */
162 struct work_struct destroy_work;
163 struct rcu_work destroy_rwork;
164
165 /*
166 * PI: the parent css. Placed here for cache proximity to following
167 * fields of the containing structure.
168 */
169 struct cgroup_subsys_state *parent;
170};
171
172/*
173 * A css_set is a structure holding pointers to a set of
174 * cgroup_subsys_state objects. This saves space in the task struct
175 * object and speeds up fork()/exit(), since a single inc/dec and a
176 * list_add()/del() can bump the reference count on the entire cgroup
177 * set for a task.
178 */
179struct css_set {
180 /*
181 * Set of subsystem states, one for each subsystem. This array is
182 * immutable after creation apart from the init_css_set during
183 * subsystem registration (at boot time).
184 */
185 struct cgroup_subsys_state *subsys[CGROUP_SUBSYS_COUNT];
186
187 /* reference count */
188 refcount_t refcount;
189
190 /*
191 * For a domain cgroup, the following points to self. If threaded,
192 * to the matching cset of the nearest domain ancestor. The
193 * dom_cset provides access to the domain cgroup and its csses to
194 * which domain level resource consumptions should be charged.
195 */
196 struct css_set *dom_cset;
197
198 /* the default cgroup associated with this css_set */
199 struct cgroup *dfl_cgrp;
200
201 /* internal task count, protected by css_set_lock */
202 int nr_tasks;
203
204 /*
205 * Lists running through all tasks using this cgroup group.
206 * mg_tasks lists tasks which belong to this cset but are in the
207 * process of being migrated out or in. Protected by
208 * css_set_rwsem, but, during migration, once tasks are moved to
209 * mg_tasks, it can be read safely while holding cgroup_mutex.
210 */
211 struct list_head tasks;
212 struct list_head mg_tasks;
213
214 /* all css_task_iters currently walking this cset */
215 struct list_head task_iters;
216
217 /*
218 * On the default hierarhcy, ->subsys[ssid] may point to a css
219 * attached to an ancestor instead of the cgroup this css_set is
220 * associated with. The following node is anchored at
221 * ->subsys[ssid]->cgroup->e_csets[ssid] and provides a way to
222 * iterate through all css's attached to a given cgroup.
223 */
224 struct list_head e_cset_node[CGROUP_SUBSYS_COUNT];
225
226 /* all threaded csets whose ->dom_cset points to this cset */
227 struct list_head threaded_csets;
228 struct list_head threaded_csets_node;
229
230 /*
231 * List running through all cgroup groups in the same hash
232 * slot. Protected by css_set_lock
233 */
234 struct hlist_node hlist;
235
236 /*
237 * List of cgrp_cset_links pointing at cgroups referenced from this
238 * css_set. Protected by css_set_lock.
239 */
240 struct list_head cgrp_links;
241
242 /*
243 * List of csets participating in the on-going migration either as
244 * source or destination. Protected by cgroup_mutex.
245 */
246 struct list_head mg_preload_node;
247 struct list_head mg_node;
248
249 /*
250 * If this cset is acting as the source of migration the following
251 * two fields are set. mg_src_cgrp and mg_dst_cgrp are
252 * respectively the source and destination cgroups of the on-going
253 * migration. mg_dst_cset is the destination cset the target tasks
254 * on this cset should be migrated to. Protected by cgroup_mutex.
255 */
256 struct cgroup *mg_src_cgrp;
257 struct cgroup *mg_dst_cgrp;
258 struct css_set *mg_dst_cset;
259
260 /* dead and being drained, ignore for migration */
261 bool dead;
262
263 /* For RCU-protected deletion */
264 struct rcu_head rcu_head;
265};
266
267struct cgroup_base_stat {
268 struct task_cputime cputime;
269};
270
271/*
272 * rstat - cgroup scalable recursive statistics. Accounting is done
273 * per-cpu in cgroup_rstat_cpu which is then lazily propagated up the
274 * hierarchy on reads.
275 *
276 * When a stat gets updated, the cgroup_rstat_cpu and its ancestors are
277 * linked into the updated tree. On the following read, propagation only
278 * considers and consumes the updated tree. This makes reading O(the
279 * number of descendants which have been active since last read) instead of
280 * O(the total number of descendants).
281 *
282 * This is important because there can be a lot of (draining) cgroups which
283 * aren't active and stat may be read frequently. The combination can
284 * become very expensive. By propagating selectively, increasing reading
285 * frequency decreases the cost of each read.
286 *
287 * This struct hosts both the fields which implement the above -
288 * updated_children and updated_next - and the fields which track basic
289 * resource statistics on top of it - bsync, bstat and last_bstat.
290 */
291struct cgroup_rstat_cpu {
292 /*
293 * ->bsync protects ->bstat. These are the only fields which get
294 * updated in the hot path.
295 */
296 struct u64_stats_sync bsync;
297 struct cgroup_base_stat bstat;
298
299 /*
300 * Snapshots at the last reading. These are used to calculate the
301 * deltas to propagate to the global counters.
302 */
303 struct cgroup_base_stat last_bstat;
304
305 /*
306 * Child cgroups with stat updates on this cpu since the last read
307 * are linked on the parent's ->updated_children through
308 * ->updated_next.
309 *
310 * In addition to being more compact, singly-linked list pointing
311 * to the cgroup makes it unnecessary for each per-cpu struct to
312 * point back to the associated cgroup.
313 *
314 * Protected by per-cpu cgroup_rstat_cpu_lock.
315 */
316 struct cgroup *updated_children; /* terminated by self cgroup */
317 struct cgroup *updated_next; /* NULL iff not on the list */
318};
319
320struct cgroup {
321 /* self css with NULL ->ss, points back to this cgroup */
322 struct cgroup_subsys_state self;
323
324 unsigned long flags; /* "unsigned long" so bitops work */
325
326 /*
327 * idr allocated in-hierarchy ID.
328 *
329 * ID 0 is not used, the ID of the root cgroup is always 1, and a
330 * new cgroup will be assigned with a smallest available ID.
331 *
332 * Allocating/Removing ID must be protected by cgroup_mutex.
333 */
334 int id;
335
336 /*
337 * The depth this cgroup is at. The root is at depth zero and each
338 * step down the hierarchy increments the level. This along with
339 * ancestor_ids[] can determine whether a given cgroup is a
340 * descendant of another without traversing the hierarchy.
341 */
342 int level;
343
344 /* Maximum allowed descent tree depth */
345 int max_depth;
346
347 /*
348 * Keep track of total numbers of visible and dying descent cgroups.
349 * Dying cgroups are cgroups which were deleted by a user,
350 * but are still existing because someone else is holding a reference.
351 * max_descendants is a maximum allowed number of descent cgroups.
352 */
353 int nr_descendants;
354 int nr_dying_descendants;
355 int max_descendants;
356
357 /*
358 * Each non-empty css_set associated with this cgroup contributes
359 * one to nr_populated_csets. The counter is zero iff this cgroup
360 * doesn't have any tasks.
361 *
362 * All children which have non-zero nr_populated_csets and/or
363 * nr_populated_children of their own contribute one to either
364 * nr_populated_domain_children or nr_populated_threaded_children
365 * depending on their type. Each counter is zero iff all cgroups
366 * of the type in the subtree proper don't have any tasks.
367 */
368 int nr_populated_csets;
369 int nr_populated_domain_children;
370 int nr_populated_threaded_children;
371
372 int nr_threaded_children; /* # of live threaded child cgroups */
373
374 struct kernfs_node *kn; /* cgroup kernfs entry */
375 struct cgroup_file procs_file; /* handle for "cgroup.procs" */
376 struct cgroup_file events_file; /* handle for "cgroup.events" */
377
378 /*
379 * The bitmask of subsystems enabled on the child cgroups.
380 * ->subtree_control is the one configured through
381 * "cgroup.subtree_control" while ->child_ss_mask is the effective
382 * one which may have more subsystems enabled. Controller knobs
383 * are made available iff it's enabled in ->subtree_control.
384 */
385 u16 subtree_control;
386 u16 subtree_ss_mask;
387 u16 old_subtree_control;
388 u16 old_subtree_ss_mask;
389
390 /* Private pointers for each registered subsystem */
391 struct cgroup_subsys_state __rcu *subsys[CGROUP_SUBSYS_COUNT];
392
393 struct cgroup_root *root;
394
395 /*
396 * List of cgrp_cset_links pointing at css_sets with tasks in this
397 * cgroup. Protected by css_set_lock.
398 */
399 struct list_head cset_links;
400
401 /*
402 * On the default hierarchy, a css_set for a cgroup with some
403 * susbsys disabled will point to css's which are associated with
404 * the closest ancestor which has the subsys enabled. The
405 * following lists all css_sets which point to this cgroup's css
406 * for the given subsystem.
407 */
408 struct list_head e_csets[CGROUP_SUBSYS_COUNT];
409
410 /*
411 * If !threaded, self. If threaded, it points to the nearest
412 * domain ancestor. Inside a threaded subtree, cgroups are exempt
413 * from process granularity and no-internal-task constraint.
414 * Domain level resource consumptions which aren't tied to a
415 * specific task are charged to the dom_cgrp.
416 */
417 struct cgroup *dom_cgrp;
418 struct cgroup *old_dom_cgrp; /* used while enabling threaded */
419
420 /* per-cpu recursive resource statistics */
421 struct cgroup_rstat_cpu __percpu *rstat_cpu;
422 struct list_head rstat_css_list;
423
424 /* cgroup basic resource statistics */
425 struct cgroup_base_stat pending_bstat; /* pending from children */
426 struct cgroup_base_stat bstat;
427 struct prev_cputime prev_cputime; /* for printing out cputime */
428
429 /*
430 * list of pidlists, up to two for each namespace (one for procs, one
431 * for tasks); created on demand.
432 */
433 struct list_head pidlists;
434 struct mutex pidlist_mutex;
435
436 /* used to wait for offlining of csses */
437 wait_queue_head_t offline_waitq;
438
439 /* used to schedule release agent */
440 struct work_struct release_agent_work;
441
442 /* used to track pressure stalls */
443 struct psi_group psi;
444
445 /* used to store eBPF programs */
446 struct cgroup_bpf bpf;
447
448 /* If there is block congestion on this cgroup. */
449 atomic_t congestion_count;
450
451 /* ids of the ancestors at each level including self */
452 int ancestor_ids[];
453};
454
455/*
456 * A cgroup_root represents the root of a cgroup hierarchy, and may be
457 * associated with a kernfs_root to form an active hierarchy. This is
458 * internal to cgroup core. Don't access directly from controllers.
459 */
460struct cgroup_root {
461 struct kernfs_root *kf_root;
462
463 /* The bitmask of subsystems attached to this hierarchy */
464 unsigned int subsys_mask;
465
466 /* Unique id for this hierarchy. */
467 int hierarchy_id;
468
469 /* The root cgroup. Root is destroyed on its release. */
470 struct cgroup cgrp;
471
472 /* for cgrp->ancestor_ids[0] */
473 int cgrp_ancestor_id_storage;
474
475 /* Number of cgroups in the hierarchy, used only for /proc/cgroups */
476 atomic_t nr_cgrps;
477
478 /* A list running through the active hierarchies */
479 struct list_head root_list;
480
481 /* Hierarchy-specific flags */
482 unsigned int flags;
483
484 /* IDs for cgroups in this hierarchy */
485 struct idr cgroup_idr;
486
487 /* The path to use for release notifications. */
488 char release_agent_path[PATH_MAX];
489
490 /* The name for this hierarchy - may be empty */
491 char name[MAX_CGROUP_ROOT_NAMELEN];
492};
493
494/*
495 * struct cftype: handler definitions for cgroup control files
496 *
497 * When reading/writing to a file:
498 * - the cgroup to use is file->f_path.dentry->d_parent->d_fsdata
499 * - the 'cftype' of the file is file->f_path.dentry->d_fsdata
500 */
501struct cftype {
502 /*
503 * By convention, the name should begin with the name of the
504 * subsystem, followed by a period. Zero length string indicates
505 * end of cftype array.
506 */
507 char name[MAX_CFTYPE_NAME];
508 unsigned long private;
509
510 /*
511 * The maximum length of string, excluding trailing nul, that can
512 * be passed to write. If < PAGE_SIZE-1, PAGE_SIZE-1 is assumed.
513 */
514 size_t max_write_len;
515
516 /* CFTYPE_* flags */
517 unsigned int flags;
518
519 /*
520 * If non-zero, should contain the offset from the start of css to
521 * a struct cgroup_file field. cgroup will record the handle of
522 * the created file into it. The recorded handle can be used as
523 * long as the containing css remains accessible.
524 */
525 unsigned int file_offset;
526
527 /*
528 * Fields used for internal bookkeeping. Initialized automatically
529 * during registration.
530 */
531 struct cgroup_subsys *ss; /* NULL for cgroup core files */
532 struct list_head node; /* anchored at ss->cfts */
533 struct kernfs_ops *kf_ops;
534
535 int (*open)(struct kernfs_open_file *of);
536 void (*release)(struct kernfs_open_file *of);
537
538 /*
539 * read_u64() is a shortcut for the common case of returning a
540 * single integer. Use it in place of read()
541 */
542 u64 (*read_u64)(struct cgroup_subsys_state *css, struct cftype *cft);
543 /*
544 * read_s64() is a signed version of read_u64()
545 */
546 s64 (*read_s64)(struct cgroup_subsys_state *css, struct cftype *cft);
547
548 /* generic seq_file read interface */
549 int (*seq_show)(struct seq_file *sf, void *v);
550
551 /* optional ops, implement all or none */
552 void *(*seq_start)(struct seq_file *sf, loff_t *ppos);
553 void *(*seq_next)(struct seq_file *sf, void *v, loff_t *ppos);
554 void (*seq_stop)(struct seq_file *sf, void *v);
555
556 /*
557 * write_u64() is a shortcut for the common case of accepting
558 * a single integer (as parsed by simple_strtoull) from
559 * userspace. Use in place of write(); return 0 or error.
560 */
561 int (*write_u64)(struct cgroup_subsys_state *css, struct cftype *cft,
562 u64 val);
563 /*
564 * write_s64() is a signed version of write_u64()
565 */
566 int (*write_s64)(struct cgroup_subsys_state *css, struct cftype *cft,
567 s64 val);
568
569 /*
570 * write() is the generic write callback which maps directly to
571 * kernfs write operation and overrides all other operations.
572 * Maximum write size is determined by ->max_write_len. Use
573 * of_css/cft() to access the associated css and cft.
574 */
575 ssize_t (*write)(struct kernfs_open_file *of,
576 char *buf, size_t nbytes, loff_t off);
577
578 __poll_t (*poll)(struct kernfs_open_file *of,
579 struct poll_table_struct *pt);
580
581#ifdef CONFIG_DEBUG_LOCK_ALLOC
582 struct lock_class_key lockdep_key;
583#endif
584};
585
586/*
587 * Control Group subsystem type.
588 * See Documentation/cgroup-v1/cgroups.txt for details
589 */
590struct cgroup_subsys {
591 struct cgroup_subsys_state *(*css_alloc)(struct cgroup_subsys_state *parent_css);
592 int (*css_online)(struct cgroup_subsys_state *css);
593 void (*css_offline)(struct cgroup_subsys_state *css);
594 void (*css_released)(struct cgroup_subsys_state *css);
595 void (*css_free)(struct cgroup_subsys_state *css);
596 void (*css_reset)(struct cgroup_subsys_state *css);
597 void (*css_rstat_flush)(struct cgroup_subsys_state *css, int cpu);
598 int (*css_extra_stat_show)(struct seq_file *seq,
599 struct cgroup_subsys_state *css);
600
601 int (*can_attach)(struct cgroup_taskset *tset);
602 void (*cancel_attach)(struct cgroup_taskset *tset);
603 void (*attach)(struct cgroup_taskset *tset);
604 void (*post_attach)(void);
605 int (*can_fork)(struct task_struct *task);
606 void (*cancel_fork)(struct task_struct *task);
607 void (*fork)(struct task_struct *task);
608 void (*exit)(struct task_struct *task);
609 void (*release)(struct task_struct *task);
610 void (*bind)(struct cgroup_subsys_state *root_css);
611
612 bool early_init:1;
613
614 /*
615 * If %true, the controller, on the default hierarchy, doesn't show
616 * up in "cgroup.controllers" or "cgroup.subtree_control", is
617 * implicitly enabled on all cgroups on the default hierarchy, and
618 * bypasses the "no internal process" constraint. This is for
619 * utility type controllers which is transparent to userland.
620 *
621 * An implicit controller can be stolen from the default hierarchy
622 * anytime and thus must be okay with offline csses from previous
623 * hierarchies coexisting with csses for the current one.
624 */
625 bool implicit_on_dfl:1;
626
627 /*
628 * If %true, the controller, supports threaded mode on the default
629 * hierarchy. In a threaded subtree, both process granularity and
630 * no-internal-process constraint are ignored and a threaded
631 * controllers should be able to handle that.
632 *
633 * Note that as an implicit controller is automatically enabled on
634 * all cgroups on the default hierarchy, it should also be
635 * threaded. implicit && !threaded is not supported.
636 */
637 bool threaded:1;
638
639 /*
640 * If %false, this subsystem is properly hierarchical -
641 * configuration, resource accounting and restriction on a parent
642 * cgroup cover those of its children. If %true, hierarchy support
643 * is broken in some ways - some subsystems ignore hierarchy
644 * completely while others are only implemented half-way.
645 *
646 * It's now disallowed to create nested cgroups if the subsystem is
647 * broken and cgroup core will emit a warning message on such
648 * cases. Eventually, all subsystems will be made properly
649 * hierarchical and this will go away.
650 */
651 bool broken_hierarchy:1;
652 bool warned_broken_hierarchy:1;
653
654 /* the following two fields are initialized automtically during boot */
655 int id;
656 const char *name;
657
658 /* optional, initialized automatically during boot if not set */
659 const char *legacy_name;
660
661 /* link to parent, protected by cgroup_lock() */
662 struct cgroup_root *root;
663
664 /* idr for css->id */
665 struct idr css_idr;
666
667 /*
668 * List of cftypes. Each entry is the first entry of an array
669 * terminated by zero length name.
670 */
671 struct list_head cfts;
672
673 /*
674 * Base cftypes which are automatically registered. The two can
675 * point to the same array.
676 */
677 struct cftype *dfl_cftypes; /* for the default hierarchy */
678 struct cftype *legacy_cftypes; /* for the legacy hierarchies */
679
680 /*
681 * A subsystem may depend on other subsystems. When such subsystem
682 * is enabled on a cgroup, the depended-upon subsystems are enabled
683 * together if available. Subsystems enabled due to dependency are
684 * not visible to userland until explicitly enabled. The following
685 * specifies the mask of subsystems that this one depends on.
686 */
687 unsigned int depends_on;
688};
689
690extern struct percpu_rw_semaphore cgroup_threadgroup_rwsem;
691
692/**
693 * cgroup_threadgroup_change_begin - threadgroup exclusion for cgroups
694 * @tsk: target task
695 *
696 * Allows cgroup operations to synchronize against threadgroup changes
697 * using a percpu_rw_semaphore.
698 */
699static inline void cgroup_threadgroup_change_begin(struct task_struct *tsk)
700{
701 percpu_down_read(&cgroup_threadgroup_rwsem);
702}
703
704/**
705 * cgroup_threadgroup_change_end - threadgroup exclusion for cgroups
706 * @tsk: target task
707 *
708 * Counterpart of cgroup_threadcgroup_change_begin().
709 */
710static inline void cgroup_threadgroup_change_end(struct task_struct *tsk)
711{
712 percpu_up_read(&cgroup_threadgroup_rwsem);
713}
714
715#else /* CONFIG_CGROUPS */
716
717#define CGROUP_SUBSYS_COUNT 0
718
719static inline void cgroup_threadgroup_change_begin(struct task_struct *tsk)
720{
721 might_sleep();
722}
723
724static inline void cgroup_threadgroup_change_end(struct task_struct *tsk) {}
725
726#endif /* CONFIG_CGROUPS */
727
728#ifdef CONFIG_SOCK_CGROUP_DATA
729
730/*
731 * sock_cgroup_data is embedded at sock->sk_cgrp_data and contains
732 * per-socket cgroup information except for memcg association.
733 *
734 * On legacy hierarchies, net_prio and net_cls controllers directly set
735 * attributes on each sock which can then be tested by the network layer.
736 * On the default hierarchy, each sock is associated with the cgroup it was
737 * created in and the networking layer can match the cgroup directly.
738 *
739 * To avoid carrying all three cgroup related fields separately in sock,
740 * sock_cgroup_data overloads (prioidx, classid) and the cgroup pointer.
741 * On boot, sock_cgroup_data records the cgroup that the sock was created
742 * in so that cgroup2 matches can be made; however, once either net_prio or
743 * net_cls starts being used, the area is overriden to carry prioidx and/or
744 * classid. The two modes are distinguished by whether the lowest bit is
745 * set. Clear bit indicates cgroup pointer while set bit prioidx and
746 * classid.
747 *
748 * While userland may start using net_prio or net_cls at any time, once
749 * either is used, cgroup2 matching no longer works. There is no reason to
750 * mix the two and this is in line with how legacy and v2 compatibility is
751 * handled. On mode switch, cgroup references which are already being
752 * pointed to by socks may be leaked. While this can be remedied by adding
753 * synchronization around sock_cgroup_data, given that the number of leaked
754 * cgroups is bound and highly unlikely to be high, this seems to be the
755 * better trade-off.
756 */
757struct sock_cgroup_data {
758 union {
759#ifdef __LITTLE_ENDIAN
760 struct {
761 u8 is_data;
762 u8 padding;
763 u16 prioidx;
764 u32 classid;
765 } __packed;
766#else
767 struct {
768 u32 classid;
769 u16 prioidx;
770 u8 padding;
771 u8 is_data;
772 } __packed;
773#endif
774 u64 val;
775 };
776};
777
778/*
779 * There's a theoretical window where the following accessors race with
780 * updaters and return part of the previous pointer as the prioidx or
781 * classid. Such races are short-lived and the result isn't critical.
782 */
783static inline u16 sock_cgroup_prioidx(const struct sock_cgroup_data *skcd)
784{
785 /* fallback to 1 which is always the ID of the root cgroup */
786 return (skcd->is_data & 1) ? skcd->prioidx : 1;
787}
788
789static inline u32 sock_cgroup_classid(const struct sock_cgroup_data *skcd)
790{
791 /* fallback to 0 which is the unconfigured default classid */
792 return (skcd->is_data & 1) ? skcd->classid : 0;
793}
794
795/*
796 * If invoked concurrently, the updaters may clobber each other. The
797 * caller is responsible for synchronization.
798 */
799static inline void sock_cgroup_set_prioidx(struct sock_cgroup_data *skcd,
800 u16 prioidx)
801{
802 struct sock_cgroup_data skcd_buf = {{ .val = READ_ONCE(skcd->val) }};
803
804 if (sock_cgroup_prioidx(&skcd_buf) == prioidx)
805 return;
806
807 if (!(skcd_buf.is_data & 1)) {
808 skcd_buf.val = 0;
809 skcd_buf.is_data = 1;
810 }
811
812 skcd_buf.prioidx = prioidx;
813 WRITE_ONCE(skcd->val, skcd_buf.val); /* see sock_cgroup_ptr() */
814}
815
816static inline void sock_cgroup_set_classid(struct sock_cgroup_data *skcd,
817 u32 classid)
818{
819 struct sock_cgroup_data skcd_buf = {{ .val = READ_ONCE(skcd->val) }};
820
821 if (sock_cgroup_classid(&skcd_buf) == classid)
822 return;
823
824 if (!(skcd_buf.is_data & 1)) {
825 skcd_buf.val = 0;
826 skcd_buf.is_data = 1;
827 }
828
829 skcd_buf.classid = classid;
830 WRITE_ONCE(skcd->val, skcd_buf.val); /* see sock_cgroup_ptr() */
831}
832
833#else /* CONFIG_SOCK_CGROUP_DATA */
834
835struct sock_cgroup_data {
836};
837
838#endif /* CONFIG_SOCK_CGROUP_DATA */
839
840#endif /* _LINUX_CGROUP_DEFS_H */
841