1/* SPDX-License-Identifier: GPL-2.0 */
2/*
3 * linux/cgroup-defs.h - basic definitions for cgroup
4 *
5 * This file provides basic type and interface. Include this file directly
6 * only if necessary to avoid cyclic dependencies.
7 */
8#ifndef _LINUX_CGROUP_DEFS_H
9#define _LINUX_CGROUP_DEFS_H
10
11#include <linux/limits.h>
12#include <linux/list.h>
13#include <linux/idr.h>
14#include <linux/wait.h>
15#include <linux/mutex.h>
16#include <linux/rcupdate.h>
17#include <linux/refcount.h>
18#include <linux/percpu-refcount.h>
19#include <linux/percpu-rwsem.h>
20#include <linux/u64_stats_sync.h>
21#include <linux/workqueue.h>
22#include <linux/bpf-cgroup.h>
23
24#ifdef CONFIG_CGROUPS
25
26struct cgroup;
27struct cgroup_root;
28struct cgroup_subsys;
29struct cgroup_taskset;
30struct kernfs_node;
31struct kernfs_ops;
32struct kernfs_open_file;
33struct seq_file;
34
35#define MAX_CGROUP_TYPE_NAMELEN 32
36#define MAX_CGROUP_ROOT_NAMELEN 64
37#define MAX_CFTYPE_NAME 64
38
39/* define the enumeration of all cgroup subsystems */
40#define SUBSYS(_x) _x ## _cgrp_id,
41enum cgroup_subsys_id {
42#include <linux/cgroup_subsys.h>
43 CGROUP_SUBSYS_COUNT,
44};
45#undef SUBSYS
46
47/* bits in struct cgroup_subsys_state flags field */
48enum {
49 CSS_NO_REF = (1 << 0), /* no reference counting for this css */
50 CSS_ONLINE = (1 << 1), /* between ->css_online() and ->css_offline() */
51 CSS_RELEASED = (1 << 2), /* refcnt reached zero, released */
52 CSS_VISIBLE = (1 << 3), /* css is visible to userland */
53 CSS_DYING = (1 << 4), /* css is dying */
54};
55
56/* bits in struct cgroup flags field */
57enum {
58 /* Control Group requires release notifications to userspace */
59 CGRP_NOTIFY_ON_RELEASE,
60 /*
61 * Clone the parent's configuration when creating a new child
62 * cpuset cgroup. For historical reasons, this option can be
63 * specified at mount time and thus is implemented here.
64 */
65 CGRP_CPUSET_CLONE_CHILDREN,
66};
67
68/* cgroup_root->flags */
69enum {
70 CGRP_ROOT_NOPREFIX = (1 << 1), /* mounted subsystems have no named prefix */
71 CGRP_ROOT_XATTR = (1 << 2), /* supports extended attributes */
72
73 /*
74 * Consider namespaces as delegation boundaries. If this flag is
75 * set, controller specific interface files in a namespace root
76 * aren't writeable from inside the namespace.
77 */
78 CGRP_ROOT_NS_DELEGATE = (1 << 3),
79
80 /*
81 * Enable cpuset controller in v1 cgroup to use v2 behavior.
82 */
83 CGRP_ROOT_CPUSET_V2_MODE = (1 << 4),
84};
85
86/* cftype->flags */
87enum {
88 CFTYPE_ONLY_ON_ROOT = (1 << 0), /* only create on root cgrp */
89 CFTYPE_NOT_ON_ROOT = (1 << 1), /* don't create on root cgrp */
90 CFTYPE_NS_DELEGATABLE = (1 << 2), /* writeable beyond delegation boundaries */
91
92 CFTYPE_NO_PREFIX = (1 << 3), /* (DON'T USE FOR NEW FILES) no subsys prefix */
93 CFTYPE_WORLD_WRITABLE = (1 << 4), /* (DON'T USE FOR NEW FILES) S_IWUGO */
94
95 /* internal flags, do not use outside cgroup core proper */
96 __CFTYPE_ONLY_ON_DFL = (1 << 16), /* only on default hierarchy */
97 __CFTYPE_NOT_ON_DFL = (1 << 17), /* not on default hierarchy */
98};
99
100/*
101 * cgroup_file is the handle for a file instance created in a cgroup which
102 * is used, for example, to generate file changed notifications. This can
103 * be obtained by setting cftype->file_offset.
104 */
105struct cgroup_file {
106 /* do not access any fields from outside cgroup core */
107 struct kernfs_node *kn;
108 unsigned long notified_at;
109 struct timer_list notify_timer;
110};
111
112/*
113 * Per-subsystem/per-cgroup state maintained by the system. This is the
114 * fundamental structural building block that controllers deal with.
115 *
116 * Fields marked with "PI:" are public and immutable and may be accessed
117 * directly without synchronization.
118 */
119struct cgroup_subsys_state {
120 /* PI: the cgroup that this css is attached to */
121 struct cgroup *cgroup;
122
123 /* PI: the cgroup subsystem that this css is attached to */
124 struct cgroup_subsys *ss;
125
126 /* reference count - access via css_[try]get() and css_put() */
127 struct percpu_ref refcnt;
128
129 /* siblings list anchored at the parent's ->children */
130 struct list_head sibling;
131 struct list_head children;
132
133 /* flush target list anchored at cgrp->rstat_css_list */
134 struct list_head rstat_css_node;
135
136 /*
137 * PI: Subsys-unique ID. 0 is unused and root is always 1. The
138 * matching css can be looked up using css_from_id().
139 */
140 int id;
141
142 unsigned int flags;
143
144 /*
145 * Monotonically increasing unique serial number which defines a
146 * uniform order among all csses. It's guaranteed that all
147 * ->children lists are in the ascending order of ->serial_nr and
148 * used to allow interrupting and resuming iterations.
149 */
150 u64 serial_nr;
151
152 /*
153 * Incremented by online self and children. Used to guarantee that
154 * parents are not offlined before their children.
155 */
156 atomic_t online_cnt;
157
158 /* percpu_ref killing and RCU release */
159 struct work_struct destroy_work;
160 struct rcu_work destroy_rwork;
161
162 /*
163 * PI: the parent css. Placed here for cache proximity to following
164 * fields of the containing structure.
165 */
166 struct cgroup_subsys_state *parent;
167};
168
169/*
170 * A css_set is a structure holding pointers to a set of
171 * cgroup_subsys_state objects. This saves space in the task struct
172 * object and speeds up fork()/exit(), since a single inc/dec and a
173 * list_add()/del() can bump the reference count on the entire cgroup
174 * set for a task.
175 */
176struct css_set {
177 /*
178 * Set of subsystem states, one for each subsystem. This array is
179 * immutable after creation apart from the init_css_set during
180 * subsystem registration (at boot time).
181 */
182 struct cgroup_subsys_state *subsys[CGROUP_SUBSYS_COUNT];
183
184 /* reference count */
185 refcount_t refcount;
186
187 /*
188 * For a domain cgroup, the following points to self. If threaded,
189 * to the matching cset of the nearest domain ancestor. The
190 * dom_cset provides access to the domain cgroup and its csses to
191 * which domain level resource consumptions should be charged.
192 */
193 struct css_set *dom_cset;
194
195 /* the default cgroup associated with this css_set */
196 struct cgroup *dfl_cgrp;
197
198 /* internal task count, protected by css_set_lock */
199 int nr_tasks;
200
201 /*
202 * Lists running through all tasks using this cgroup group.
203 * mg_tasks lists tasks which belong to this cset but are in the
204 * process of being migrated out or in. Protected by
205 * css_set_rwsem, but, during migration, once tasks are moved to
206 * mg_tasks, it can be read safely while holding cgroup_mutex.
207 */
208 struct list_head tasks;
209 struct list_head mg_tasks;
210
211 /* all css_task_iters currently walking this cset */
212 struct list_head task_iters;
213
214 /*
215 * On the default hierarhcy, ->subsys[ssid] may point to a css
216 * attached to an ancestor instead of the cgroup this css_set is
217 * associated with. The following node is anchored at
218 * ->subsys[ssid]->cgroup->e_csets[ssid] and provides a way to
219 * iterate through all css's attached to a given cgroup.
220 */
221 struct list_head e_cset_node[CGROUP_SUBSYS_COUNT];
222
223 /* all threaded csets whose ->dom_cset points to this cset */
224 struct list_head threaded_csets;
225 struct list_head threaded_csets_node;
226
227 /*
228 * List running through all cgroup groups in the same hash
229 * slot. Protected by css_set_lock
230 */
231 struct hlist_node hlist;
232
233 /*
234 * List of cgrp_cset_links pointing at cgroups referenced from this
235 * css_set. Protected by css_set_lock.
236 */
237 struct list_head cgrp_links;
238
239 /*
240 * List of csets participating in the on-going migration either as
241 * source or destination. Protected by cgroup_mutex.
242 */
243 struct list_head mg_preload_node;
244 struct list_head mg_node;
245
246 /*
247 * If this cset is acting as the source of migration the following
248 * two fields are set. mg_src_cgrp and mg_dst_cgrp are
249 * respectively the source and destination cgroups of the on-going
250 * migration. mg_dst_cset is the destination cset the target tasks
251 * on this cset should be migrated to. Protected by cgroup_mutex.
252 */
253 struct cgroup *mg_src_cgrp;
254 struct cgroup *mg_dst_cgrp;
255 struct css_set *mg_dst_cset;
256
257 /* dead and being drained, ignore for migration */
258 bool dead;
259
260 /* For RCU-protected deletion */
261 struct rcu_head rcu_head;
262};
263
264struct cgroup_base_stat {
265 struct task_cputime cputime;
266};
267
268/*
269 * rstat - cgroup scalable recursive statistics. Accounting is done
270 * per-cpu in cgroup_rstat_cpu which is then lazily propagated up the
271 * hierarchy on reads.
272 *
273 * When a stat gets updated, the cgroup_rstat_cpu and its ancestors are
274 * linked into the updated tree. On the following read, propagation only
275 * considers and consumes the updated tree. This makes reading O(the
276 * number of descendants which have been active since last read) instead of
277 * O(the total number of descendants).
278 *
279 * This is important because there can be a lot of (draining) cgroups which
280 * aren't active and stat may be read frequently. The combination can
281 * become very expensive. By propagating selectively, increasing reading
282 * frequency decreases the cost of each read.
283 *
284 * This struct hosts both the fields which implement the above -
285 * updated_children and updated_next - and the fields which track basic
286 * resource statistics on top of it - bsync, bstat and last_bstat.
287 */
288struct cgroup_rstat_cpu {
289 /*
290 * ->bsync protects ->bstat. These are the only fields which get
291 * updated in the hot path.
292 */
293 struct u64_stats_sync bsync;
294 struct cgroup_base_stat bstat;
295
296 /*
297 * Snapshots at the last reading. These are used to calculate the
298 * deltas to propagate to the global counters.
299 */
300 struct cgroup_base_stat last_bstat;
301
302 /*
303 * Child cgroups with stat updates on this cpu since the last read
304 * are linked on the parent's ->updated_children through
305 * ->updated_next.
306 *
307 * In addition to being more compact, singly-linked list pointing
308 * to the cgroup makes it unnecessary for each per-cpu struct to
309 * point back to the associated cgroup.
310 *
311 * Protected by per-cpu cgroup_rstat_cpu_lock.
312 */
313 struct cgroup *updated_children; /* terminated by self cgroup */
314 struct cgroup *updated_next; /* NULL iff not on the list */
315};
316
317struct cgroup {
318 /* self css with NULL ->ss, points back to this cgroup */
319 struct cgroup_subsys_state self;
320
321 unsigned long flags; /* "unsigned long" so bitops work */
322
323 /*
324 * idr allocated in-hierarchy ID.
325 *
326 * ID 0 is not used, the ID of the root cgroup is always 1, and a
327 * new cgroup will be assigned with a smallest available ID.
328 *
329 * Allocating/Removing ID must be protected by cgroup_mutex.
330 */
331 int id;
332
333 /*
334 * The depth this cgroup is at. The root is at depth zero and each
335 * step down the hierarchy increments the level. This along with
336 * ancestor_ids[] can determine whether a given cgroup is a
337 * descendant of another without traversing the hierarchy.
338 */
339 int level;
340
341 /* Maximum allowed descent tree depth */
342 int max_depth;
343
344 /*
345 * Keep track of total numbers of visible and dying descent cgroups.
346 * Dying cgroups are cgroups which were deleted by a user,
347 * but are still existing because someone else is holding a reference.
348 * max_descendants is a maximum allowed number of descent cgroups.
349 */
350 int nr_descendants;
351 int nr_dying_descendants;
352 int max_descendants;
353
354 /*
355 * Each non-empty css_set associated with this cgroup contributes
356 * one to nr_populated_csets. The counter is zero iff this cgroup
357 * doesn't have any tasks.
358 *
359 * All children which have non-zero nr_populated_csets and/or
360 * nr_populated_children of their own contribute one to either
361 * nr_populated_domain_children or nr_populated_threaded_children
362 * depending on their type. Each counter is zero iff all cgroups
363 * of the type in the subtree proper don't have any tasks.
364 */
365 int nr_populated_csets;
366 int nr_populated_domain_children;
367 int nr_populated_threaded_children;
368
369 int nr_threaded_children; /* # of live threaded child cgroups */
370
371 struct kernfs_node *kn; /* cgroup kernfs entry */
372 struct cgroup_file procs_file; /* handle for "cgroup.procs" */
373 struct cgroup_file events_file; /* handle for "cgroup.events" */
374
375 /*
376 * The bitmask of subsystems enabled on the child cgroups.
377 * ->subtree_control is the one configured through
378 * "cgroup.subtree_control" while ->child_ss_mask is the effective
379 * one which may have more subsystems enabled. Controller knobs
380 * are made available iff it's enabled in ->subtree_control.
381 */
382 u16 subtree_control;
383 u16 subtree_ss_mask;
384 u16 old_subtree_control;
385 u16 old_subtree_ss_mask;
386
387 /* Private pointers for each registered subsystem */
388 struct cgroup_subsys_state __rcu *subsys[CGROUP_SUBSYS_COUNT];
389
390 struct cgroup_root *root;
391
392 /*
393 * List of cgrp_cset_links pointing at css_sets with tasks in this
394 * cgroup. Protected by css_set_lock.
395 */
396 struct list_head cset_links;
397
398 /*
399 * On the default hierarchy, a css_set for a cgroup with some
400 * susbsys disabled will point to css's which are associated with
401 * the closest ancestor which has the subsys enabled. The
402 * following lists all css_sets which point to this cgroup's css
403 * for the given subsystem.
404 */
405 struct list_head e_csets[CGROUP_SUBSYS_COUNT];
406
407 /*
408 * If !threaded, self. If threaded, it points to the nearest
409 * domain ancestor. Inside a threaded subtree, cgroups are exempt
410 * from process granularity and no-internal-task constraint.
411 * Domain level resource consumptions which aren't tied to a
412 * specific task are charged to the dom_cgrp.
413 */
414 struct cgroup *dom_cgrp;
415
416 /* per-cpu recursive resource statistics */
417 struct cgroup_rstat_cpu __percpu *rstat_cpu;
418 struct list_head rstat_css_list;
419
420 /* cgroup basic resource statistics */
421 struct cgroup_base_stat pending_bstat; /* pending from children */
422 struct cgroup_base_stat bstat;
423 struct prev_cputime prev_cputime; /* for printing out cputime */
424
425 /*
426 * list of pidlists, up to two for each namespace (one for procs, one
427 * for tasks); created on demand.
428 */
429 struct list_head pidlists;
430 struct mutex pidlist_mutex;
431
432 /* used to wait for offlining of csses */
433 wait_queue_head_t offline_waitq;
434
435 /* used to schedule release agent */
436 struct work_struct release_agent_work;
437
438 /* used to store eBPF programs */
439 struct cgroup_bpf bpf;
440
441 /* If there is block congestion on this cgroup. */
442 atomic_t congestion_count;
443
444 /* ids of the ancestors at each level including self */
445 int ancestor_ids[];
446};
447
448/*
449 * A cgroup_root represents the root of a cgroup hierarchy, and may be
450 * associated with a kernfs_root to form an active hierarchy. This is
451 * internal to cgroup core. Don't access directly from controllers.
452 */
453struct cgroup_root {
454 struct kernfs_root *kf_root;
455
456 /* The bitmask of subsystems attached to this hierarchy */
457 unsigned int subsys_mask;
458
459 /* Unique id for this hierarchy. */
460 int hierarchy_id;
461
462 /* The root cgroup. Root is destroyed on its release. */
463 struct cgroup cgrp;
464
465 /* for cgrp->ancestor_ids[0] */
466 int cgrp_ancestor_id_storage;
467
468 /* Number of cgroups in the hierarchy, used only for /proc/cgroups */
469 atomic_t nr_cgrps;
470
471 /* A list running through the active hierarchies */
472 struct list_head root_list;
473
474 /* Hierarchy-specific flags */
475 unsigned int flags;
476
477 /* IDs for cgroups in this hierarchy */
478 struct idr cgroup_idr;
479
480 /* The path to use for release notifications. */
481 char release_agent_path[PATH_MAX];
482
483 /* The name for this hierarchy - may be empty */
484 char name[MAX_CGROUP_ROOT_NAMELEN];
485};
486
487/*
488 * struct cftype: handler definitions for cgroup control files
489 *
490 * When reading/writing to a file:
491 * - the cgroup to use is file->f_path.dentry->d_parent->d_fsdata
492 * - the 'cftype' of the file is file->f_path.dentry->d_fsdata
493 */
494struct cftype {
495 /*
496 * By convention, the name should begin with the name of the
497 * subsystem, followed by a period. Zero length string indicates
498 * end of cftype array.
499 */
500 char name[MAX_CFTYPE_NAME];
501 unsigned long private;
502
503 /*
504 * The maximum length of string, excluding trailing nul, that can
505 * be passed to write. If < PAGE_SIZE-1, PAGE_SIZE-1 is assumed.
506 */
507 size_t max_write_len;
508
509 /* CFTYPE_* flags */
510 unsigned int flags;
511
512 /*
513 * If non-zero, should contain the offset from the start of css to
514 * a struct cgroup_file field. cgroup will record the handle of
515 * the created file into it. The recorded handle can be used as
516 * long as the containing css remains accessible.
517 */
518 unsigned int file_offset;
519
520 /*
521 * Fields used for internal bookkeeping. Initialized automatically
522 * during registration.
523 */
524 struct cgroup_subsys *ss; /* NULL for cgroup core files */
525 struct list_head node; /* anchored at ss->cfts */
526 struct kernfs_ops *kf_ops;
527
528 int (*open)(struct kernfs_open_file *of);
529 void (*release)(struct kernfs_open_file *of);
530
531 /*
532 * read_u64() is a shortcut for the common case of returning a
533 * single integer. Use it in place of read()
534 */
535 u64 (*read_u64)(struct cgroup_subsys_state *css, struct cftype *cft);
536 /*
537 * read_s64() is a signed version of read_u64()
538 */
539 s64 (*read_s64)(struct cgroup_subsys_state *css, struct cftype *cft);
540
541 /* generic seq_file read interface */
542 int (*seq_show)(struct seq_file *sf, void *v);
543
544 /* optional ops, implement all or none */
545 void *(*seq_start)(struct seq_file *sf, loff_t *ppos);
546 void *(*seq_next)(struct seq_file *sf, void *v, loff_t *ppos);
547 void (*seq_stop)(struct seq_file *sf, void *v);
548
549 /*
550 * write_u64() is a shortcut for the common case of accepting
551 * a single integer (as parsed by simple_strtoull) from
552 * userspace. Use in place of write(); return 0 or error.
553 */
554 int (*write_u64)(struct cgroup_subsys_state *css, struct cftype *cft,
555 u64 val);
556 /*
557 * write_s64() is a signed version of write_u64()
558 */
559 int (*write_s64)(struct cgroup_subsys_state *css, struct cftype *cft,
560 s64 val);
561
562 /*
563 * write() is the generic write callback which maps directly to
564 * kernfs write operation and overrides all other operations.
565 * Maximum write size is determined by ->max_write_len. Use
566 * of_css/cft() to access the associated css and cft.
567 */
568 ssize_t (*write)(struct kernfs_open_file *of,
569 char *buf, size_t nbytes, loff_t off);
570
571#ifdef CONFIG_DEBUG_LOCK_ALLOC
572 struct lock_class_key lockdep_key;
573#endif
574};
575
576/*
577 * Control Group subsystem type.
578 * See Documentation/cgroup-v1/cgroups.txt for details
579 */
580struct cgroup_subsys {
581 struct cgroup_subsys_state *(*css_alloc)(struct cgroup_subsys_state *parent_css);
582 int (*css_online)(struct cgroup_subsys_state *css);
583 void (*css_offline)(struct cgroup_subsys_state *css);
584 void (*css_released)(struct cgroup_subsys_state *css);
585 void (*css_free)(struct cgroup_subsys_state *css);
586 void (*css_reset)(struct cgroup_subsys_state *css);
587 void (*css_rstat_flush)(struct cgroup_subsys_state *css, int cpu);
588 int (*css_extra_stat_show)(struct seq_file *seq,
589 struct cgroup_subsys_state *css);
590
591 int (*can_attach)(struct cgroup_taskset *tset);
592 void (*cancel_attach)(struct cgroup_taskset *tset);
593 void (*attach)(struct cgroup_taskset *tset);
594 void (*post_attach)(void);
595 int (*can_fork)(struct task_struct *task);
596 void (*cancel_fork)(struct task_struct *task);
597 void (*fork)(struct task_struct *task);
598 void (*exit)(struct task_struct *task);
599 void (*free)(struct task_struct *task);
600 void (*bind)(struct cgroup_subsys_state *root_css);
601
602 bool early_init:1;
603
604 /*
605 * If %true, the controller, on the default hierarchy, doesn't show
606 * up in "cgroup.controllers" or "cgroup.subtree_control", is
607 * implicitly enabled on all cgroups on the default hierarchy, and
608 * bypasses the "no internal process" constraint. This is for
609 * utility type controllers which is transparent to userland.
610 *
611 * An implicit controller can be stolen from the default hierarchy
612 * anytime and thus must be okay with offline csses from previous
613 * hierarchies coexisting with csses for the current one.
614 */
615 bool implicit_on_dfl:1;
616
617 /*
618 * If %true, the controller, supports threaded mode on the default
619 * hierarchy. In a threaded subtree, both process granularity and
620 * no-internal-process constraint are ignored and a threaded
621 * controllers should be able to handle that.
622 *
623 * Note that as an implicit controller is automatically enabled on
624 * all cgroups on the default hierarchy, it should also be
625 * threaded. implicit && !threaded is not supported.
626 */
627 bool threaded:1;
628
629 /*
630 * If %false, this subsystem is properly hierarchical -
631 * configuration, resource accounting and restriction on a parent
632 * cgroup cover those of its children. If %true, hierarchy support
633 * is broken in some ways - some subsystems ignore hierarchy
634 * completely while others are only implemented half-way.
635 *
636 * It's now disallowed to create nested cgroups if the subsystem is
637 * broken and cgroup core will emit a warning message on such
638 * cases. Eventually, all subsystems will be made properly
639 * hierarchical and this will go away.
640 */
641 bool broken_hierarchy:1;
642 bool warned_broken_hierarchy:1;
643
644 /* the following two fields are initialized automtically during boot */
645 int id;
646 const char *name;
647
648 /* optional, initialized automatically during boot if not set */
649 const char *legacy_name;
650
651 /* link to parent, protected by cgroup_lock() */
652 struct cgroup_root *root;
653
654 /* idr for css->id */
655 struct idr css_idr;
656
657 /*
658 * List of cftypes. Each entry is the first entry of an array
659 * terminated by zero length name.
660 */
661 struct list_head cfts;
662
663 /*
664 * Base cftypes which are automatically registered. The two can
665 * point to the same array.
666 */
667 struct cftype *dfl_cftypes; /* for the default hierarchy */
668 struct cftype *legacy_cftypes; /* for the legacy hierarchies */
669
670 /*
671 * A subsystem may depend on other subsystems. When such subsystem
672 * is enabled on a cgroup, the depended-upon subsystems are enabled
673 * together if available. Subsystems enabled due to dependency are
674 * not visible to userland until explicitly enabled. The following
675 * specifies the mask of subsystems that this one depends on.
676 */
677 unsigned int depends_on;
678};
679
680extern struct percpu_rw_semaphore cgroup_threadgroup_rwsem;
681
682/**
683 * cgroup_threadgroup_change_begin - threadgroup exclusion for cgroups
684 * @tsk: target task
685 *
686 * Allows cgroup operations to synchronize against threadgroup changes
687 * using a percpu_rw_semaphore.
688 */
689static inline void cgroup_threadgroup_change_begin(struct task_struct *tsk)
690{
691 percpu_down_read(&cgroup_threadgroup_rwsem);
692}
693
694/**
695 * cgroup_threadgroup_change_end - threadgroup exclusion for cgroups
696 * @tsk: target task
697 *
698 * Counterpart of cgroup_threadcgroup_change_begin().
699 */
700static inline void cgroup_threadgroup_change_end(struct task_struct *tsk)
701{
702 percpu_up_read(&cgroup_threadgroup_rwsem);
703}
704
705#else /* CONFIG_CGROUPS */
706
707#define CGROUP_SUBSYS_COUNT 0
708
709static inline void cgroup_threadgroup_change_begin(struct task_struct *tsk)
710{
711 might_sleep();
712}
713
714static inline void cgroup_threadgroup_change_end(struct task_struct *tsk) {}
715
716#endif /* CONFIG_CGROUPS */
717
718#ifdef CONFIG_SOCK_CGROUP_DATA
719
720/*
721 * sock_cgroup_data is embedded at sock->sk_cgrp_data and contains
722 * per-socket cgroup information except for memcg association.
723 *
724 * On legacy hierarchies, net_prio and net_cls controllers directly set
725 * attributes on each sock which can then be tested by the network layer.
726 * On the default hierarchy, each sock is associated with the cgroup it was
727 * created in and the networking layer can match the cgroup directly.
728 *
729 * To avoid carrying all three cgroup related fields separately in sock,
730 * sock_cgroup_data overloads (prioidx, classid) and the cgroup pointer.
731 * On boot, sock_cgroup_data records the cgroup that the sock was created
732 * in so that cgroup2 matches can be made; however, once either net_prio or
733 * net_cls starts being used, the area is overriden to carry prioidx and/or
734 * classid. The two modes are distinguished by whether the lowest bit is
735 * set. Clear bit indicates cgroup pointer while set bit prioidx and
736 * classid.
737 *
738 * While userland may start using net_prio or net_cls at any time, once
739 * either is used, cgroup2 matching no longer works. There is no reason to
740 * mix the two and this is in line with how legacy and v2 compatibility is
741 * handled. On mode switch, cgroup references which are already being
742 * pointed to by socks may be leaked. While this can be remedied by adding
743 * synchronization around sock_cgroup_data, given that the number of leaked
744 * cgroups is bound and highly unlikely to be high, this seems to be the
745 * better trade-off.
746 */
747struct sock_cgroup_data {
748 union {
749#ifdef __LITTLE_ENDIAN
750 struct {
751 u8 is_data;
752 u8 padding;
753 u16 prioidx;
754 u32 classid;
755 } __packed;
756#else
757 struct {
758 u32 classid;
759 u16 prioidx;
760 u8 padding;
761 u8 is_data;
762 } __packed;
763#endif
764 u64 val;
765 };
766};
767
768/*
769 * There's a theoretical window where the following accessors race with
770 * updaters and return part of the previous pointer as the prioidx or
771 * classid. Such races are short-lived and the result isn't critical.
772 */
773static inline u16 sock_cgroup_prioidx(const struct sock_cgroup_data *skcd)
774{
775 /* fallback to 1 which is always the ID of the root cgroup */
776 return (skcd->is_data & 1) ? skcd->prioidx : 1;
777}
778
779static inline u32 sock_cgroup_classid(const struct sock_cgroup_data *skcd)
780{
781 /* fallback to 0 which is the unconfigured default classid */
782 return (skcd->is_data & 1) ? skcd->classid : 0;
783}
784
785/*
786 * If invoked concurrently, the updaters may clobber each other. The
787 * caller is responsible for synchronization.
788 */
789static inline void sock_cgroup_set_prioidx(struct sock_cgroup_data *skcd,
790 u16 prioidx)
791{
792 struct sock_cgroup_data skcd_buf = {{ .val = READ_ONCE(skcd->val) }};
793
794 if (sock_cgroup_prioidx(&skcd_buf) == prioidx)
795 return;
796
797 if (!(skcd_buf.is_data & 1)) {
798 skcd_buf.val = 0;
799 skcd_buf.is_data = 1;
800 }
801
802 skcd_buf.prioidx = prioidx;
803 WRITE_ONCE(skcd->val, skcd_buf.val); /* see sock_cgroup_ptr() */
804}
805
806static inline void sock_cgroup_set_classid(struct sock_cgroup_data *skcd,
807 u32 classid)
808{
809 struct sock_cgroup_data skcd_buf = {{ .val = READ_ONCE(skcd->val) }};
810
811 if (sock_cgroup_classid(&skcd_buf) == classid)
812 return;
813
814 if (!(skcd_buf.is_data & 1)) {
815 skcd_buf.val = 0;
816 skcd_buf.is_data = 1;
817 }
818
819 skcd_buf.classid = classid;
820 WRITE_ONCE(skcd->val, skcd_buf.val); /* see sock_cgroup_ptr() */
821}
822
823#else /* CONFIG_SOCK_CGROUP_DATA */
824
825struct sock_cgroup_data {
826};
827
828#endif /* CONFIG_SOCK_CGROUP_DATA */
829
830#endif /* _LINUX_CGROUP_DEFS_H */
831