2015-05-14 03:38:40 +08:00
|
|
|
/*
|
|
|
|
* linux/cgroup-defs.h - basic definitions for cgroup
|
|
|
|
*
|
|
|
|
* This file provides basic type and interface. Include this file directly
|
|
|
|
* only if necessary to avoid cyclic dependencies.
|
|
|
|
*/
|
|
|
|
#ifndef _LINUX_CGROUP_DEFS_H
|
|
|
|
#define _LINUX_CGROUP_DEFS_H
|
|
|
|
|
|
|
|
#include <linux/limits.h>
|
|
|
|
#include <linux/list.h>
|
|
|
|
#include <linux/idr.h>
|
|
|
|
#include <linux/wait.h>
|
|
|
|
#include <linux/mutex.h>
|
|
|
|
#include <linux/rcupdate.h>
|
2017-03-08 16:00:40 +08:00
|
|
|
#include <linux/refcount.h>
|
2015-05-14 03:38:40 +08:00
|
|
|
#include <linux/percpu-refcount.h>
|
2015-05-14 04:35:16 +08:00
|
|
|
#include <linux/percpu-rwsem.h>
|
2015-05-14 03:38:40 +08:00
|
|
|
#include <linux/workqueue.h>
|
2016-11-23 23:52:26 +08:00
|
|
|
#include <linux/bpf-cgroup.h>
|
2015-05-14 03:38:40 +08:00
|
|
|
|
|
|
|
#ifdef CONFIG_CGROUPS
|
|
|
|
|
|
|
|
struct cgroup;
|
|
|
|
struct cgroup_root;
|
|
|
|
struct cgroup_subsys;
|
|
|
|
struct cgroup_taskset;
|
|
|
|
struct kernfs_node;
|
|
|
|
struct kernfs_ops;
|
|
|
|
struct kernfs_open_file;
|
2015-05-29 16:52:59 +08:00
|
|
|
struct seq_file;
|
2015-05-14 03:38:40 +08:00
|
|
|
|
|
|
|
#define MAX_CGROUP_TYPE_NAMELEN 32
|
|
|
|
#define MAX_CGROUP_ROOT_NAMELEN 64
|
|
|
|
#define MAX_CFTYPE_NAME 64
|
|
|
|
|
|
|
|
/* define the enumeration of all cgroup subsystems */
|
|
|
|
#define SUBSYS(_x) _x ## _cgrp_id,
|
|
|
|
enum cgroup_subsys_id {
|
|
|
|
#include <linux/cgroup_subsys.h>
|
|
|
|
CGROUP_SUBSYS_COUNT,
|
|
|
|
};
|
|
|
|
#undef SUBSYS
|
|
|
|
|
|
|
|
/* bits in struct cgroup_subsys_state flags field */
|
|
|
|
enum {
|
|
|
|
CSS_NO_REF = (1 << 0), /* no reference counting for this css */
|
|
|
|
CSS_ONLINE = (1 << 1), /* between ->css_online() and ->css_offline() */
|
|
|
|
CSS_RELEASED = (1 << 2), /* refcnt reached zero, released */
|
2016-03-03 22:57:58 +08:00
|
|
|
CSS_VISIBLE = (1 << 3), /* css is visible to userland */
|
2017-05-15 21:34:06 +08:00
|
|
|
CSS_DYING = (1 << 4), /* css is dying */
|
2015-05-14 03:38:40 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
/* bits in struct cgroup flags field */
|
|
|
|
enum {
|
|
|
|
/* Control Group requires release notifications to userspace */
|
|
|
|
CGRP_NOTIFY_ON_RELEASE,
|
|
|
|
/*
|
|
|
|
* Clone the parent's configuration when creating a new child
|
|
|
|
* cpuset cgroup. For historical reasons, this option can be
|
|
|
|
* specified at mount time and thus is implemented here.
|
|
|
|
*/
|
|
|
|
CGRP_CPUSET_CLONE_CHILDREN,
|
|
|
|
};
|
|
|
|
|
|
|
|
/* cgroup_root->flags */
|
|
|
|
enum {
|
|
|
|
CGRP_ROOT_NOPREFIX = (1 << 1), /* mounted subsystems have no named prefix */
|
|
|
|
CGRP_ROOT_XATTR = (1 << 2), /* supports extended attributes */
|
2017-06-28 02:30:28 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Consider namespaces as delegation boundaries. If this flag is
|
|
|
|
* set, controller specific interface files in a namespace root
|
|
|
|
* aren't writeable from inside the namespace.
|
|
|
|
*/
|
|
|
|
CGRP_ROOT_NS_DELEGATE = (1 << 3),
|
2015-05-14 03:38:40 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
/* cftype->flags */
|
|
|
|
enum {
|
|
|
|
CFTYPE_ONLY_ON_ROOT = (1 << 0), /* only create on root cgrp */
|
|
|
|
CFTYPE_NOT_ON_ROOT = (1 << 1), /* don't create on root cgrp */
|
2017-06-28 02:30:28 +08:00
|
|
|
CFTYPE_NS_DELEGATABLE = (1 << 2), /* writeable beyond delegation boundaries */
|
|
|
|
|
2015-05-14 03:38:40 +08:00
|
|
|
CFTYPE_NO_PREFIX = (1 << 3), /* (DON'T USE FOR NEW FILES) no subsys prefix */
|
2015-09-19 05:54:23 +08:00
|
|
|
CFTYPE_WORLD_WRITABLE = (1 << 4), /* (DON'T USE FOR NEW FILES) S_IWUGO */
|
2015-05-14 03:38:40 +08:00
|
|
|
|
|
|
|
/* internal flags, do not use outside cgroup core proper */
|
|
|
|
__CFTYPE_ONLY_ON_DFL = (1 << 16), /* only on default hierarchy */
|
|
|
|
__CFTYPE_NOT_ON_DFL = (1 << 17), /* not on default hierarchy */
|
|
|
|
};
|
|
|
|
|
2015-09-19 05:54:23 +08:00
|
|
|
/*
|
|
|
|
* cgroup_file is the handle for a file instance created in a cgroup which
|
|
|
|
* is used, for example, to generate file changed notifications. This can
|
|
|
|
* be obtained by setting cftype->file_offset.
|
|
|
|
*/
|
|
|
|
struct cgroup_file {
|
|
|
|
/* do not access any fields from outside cgroup core */
|
|
|
|
struct kernfs_node *kn;
|
|
|
|
};
|
|
|
|
|
2015-05-14 03:38:40 +08:00
|
|
|
/*
|
|
|
|
* Per-subsystem/per-cgroup state maintained by the system. This is the
|
|
|
|
* fundamental structural building block that controllers deal with.
|
|
|
|
*
|
|
|
|
* Fields marked with "PI:" are public and immutable and may be accessed
|
|
|
|
* directly without synchronization.
|
|
|
|
*/
|
|
|
|
struct cgroup_subsys_state {
|
|
|
|
/* PI: the cgroup that this css is attached to */
|
|
|
|
struct cgroup *cgroup;
|
|
|
|
|
|
|
|
/* PI: the cgroup subsystem that this css is attached to */
|
|
|
|
struct cgroup_subsys *ss;
|
|
|
|
|
|
|
|
/* reference count - access via css_[try]get() and css_put() */
|
|
|
|
struct percpu_ref refcnt;
|
|
|
|
|
|
|
|
/* siblings list anchored at the parent's ->children */
|
|
|
|
struct list_head sibling;
|
|
|
|
struct list_head children;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* PI: Subsys-unique ID. 0 is unused and root is always 1. The
|
|
|
|
* matching css can be looked up using css_from_id().
|
|
|
|
*/
|
|
|
|
int id;
|
|
|
|
|
|
|
|
unsigned int flags;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Monotonically increasing unique serial number which defines a
|
|
|
|
* uniform order among all csses. It's guaranteed that all
|
|
|
|
* ->children lists are in the ascending order of ->serial_nr and
|
|
|
|
* used to allow interrupting and resuming iterations.
|
|
|
|
*/
|
|
|
|
u64 serial_nr;
|
|
|
|
|
2016-01-22 04:31:11 +08:00
|
|
|
/*
|
|
|
|
* Incremented by online self and children. Used to guarantee that
|
|
|
|
* parents are not offlined before their children.
|
|
|
|
*/
|
|
|
|
atomic_t online_cnt;
|
|
|
|
|
2015-05-14 03:38:40 +08:00
|
|
|
/* percpu_ref killing and RCU release */
|
|
|
|
struct rcu_head rcu_head;
|
|
|
|
struct work_struct destroy_work;
|
2017-04-07 09:47:57 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* PI: the parent css. Placed here for cache proximity to following
|
|
|
|
* fields of the containing structure.
|
|
|
|
*/
|
|
|
|
struct cgroup_subsys_state *parent;
|
2015-05-14 03:38:40 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
/*
|
|
|
|
* A css_set is a structure holding pointers to a set of
|
|
|
|
* cgroup_subsys_state objects. This saves space in the task struct
|
|
|
|
* object and speeds up fork()/exit(), since a single inc/dec and a
|
|
|
|
* list_add()/del() can bump the reference count on the entire cgroup
|
|
|
|
* set for a task.
|
|
|
|
*/
|
|
|
|
struct css_set {
|
|
|
|
/*
|
2016-12-28 03:49:05 +08:00
|
|
|
* Set of subsystem states, one for each subsystem. This array is
|
|
|
|
* immutable after creation apart from the init_css_set during
|
|
|
|
* subsystem registration (at boot time).
|
2015-05-14 03:38:40 +08:00
|
|
|
*/
|
2016-12-28 03:49:05 +08:00
|
|
|
struct cgroup_subsys_state *subsys[CGROUP_SUBSYS_COUNT];
|
|
|
|
|
|
|
|
/* reference count */
|
2017-03-08 16:00:40 +08:00
|
|
|
refcount_t refcount;
|
2016-12-28 03:49:05 +08:00
|
|
|
|
2017-05-15 21:34:02 +08:00
|
|
|
/*
|
|
|
|
* For a domain cgroup, the following points to self. If threaded,
|
|
|
|
* to the matching cset of the nearest domain ancestor. The
|
|
|
|
* dom_cset provides access to the domain cgroup and its csses to
|
|
|
|
* which domain level resource consumptions should be charged.
|
|
|
|
*/
|
|
|
|
struct css_set *dom_cset;
|
|
|
|
|
2016-12-28 03:49:05 +08:00
|
|
|
/* the default cgroup associated with this css_set */
|
|
|
|
struct cgroup *dfl_cgrp;
|
2015-05-14 03:38:40 +08:00
|
|
|
|
2017-06-14 05:18:01 +08:00
|
|
|
/* internal task count, protected by css_set_lock */
|
|
|
|
int nr_tasks;
|
|
|
|
|
2015-05-14 03:38:40 +08:00
|
|
|
/*
|
|
|
|
* Lists running through all tasks using this cgroup group.
|
|
|
|
* mg_tasks lists tasks which belong to this cset but are in the
|
|
|
|
* process of being migrated out or in. Protected by
|
|
|
|
* css_set_rwsem, but, during migration, once tasks are moved to
|
|
|
|
* mg_tasks, it can be read safely while holding cgroup_mutex.
|
|
|
|
*/
|
|
|
|
struct list_head tasks;
|
|
|
|
struct list_head mg_tasks;
|
|
|
|
|
2016-12-28 03:49:05 +08:00
|
|
|
/* all css_task_iters currently walking this cset */
|
|
|
|
struct list_head task_iters;
|
|
|
|
|
2015-05-14 03:38:40 +08:00
|
|
|
/*
|
2016-12-28 03:49:05 +08:00
|
|
|
* On the default hierarhcy, ->subsys[ssid] may point to a css
|
|
|
|
* attached to an ancestor instead of the cgroup this css_set is
|
|
|
|
* associated with. The following node is anchored at
|
|
|
|
* ->subsys[ssid]->cgroup->e_csets[ssid] and provides a way to
|
|
|
|
* iterate through all css's attached to a given cgroup.
|
2015-05-14 03:38:40 +08:00
|
|
|
*/
|
2016-12-28 03:49:05 +08:00
|
|
|
struct list_head e_cset_node[CGROUP_SUBSYS_COUNT];
|
2015-05-14 03:38:40 +08:00
|
|
|
|
2017-05-15 21:34:02 +08:00
|
|
|
/* all threaded csets whose ->dom_cset points to this cset */
|
|
|
|
struct list_head threaded_csets;
|
|
|
|
struct list_head threaded_csets_node;
|
|
|
|
|
2016-12-28 03:49:05 +08:00
|
|
|
/*
|
|
|
|
* List running through all cgroup groups in the same hash
|
|
|
|
* slot. Protected by css_set_lock
|
|
|
|
*/
|
|
|
|
struct hlist_node hlist;
|
2015-05-14 03:38:40 +08:00
|
|
|
|
|
|
|
/*
|
2016-12-28 03:49:05 +08:00
|
|
|
* List of cgrp_cset_links pointing at cgroups referenced from this
|
|
|
|
* css_set. Protected by css_set_lock.
|
2015-05-14 03:38:40 +08:00
|
|
|
*/
|
2016-12-28 03:49:05 +08:00
|
|
|
struct list_head cgrp_links;
|
2015-05-14 03:38:40 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* List of csets participating in the on-going migration either as
|
|
|
|
* source or destination. Protected by cgroup_mutex.
|
|
|
|
*/
|
|
|
|
struct list_head mg_preload_node;
|
|
|
|
struct list_head mg_node;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If this cset is acting as the source of migration the following
|
2016-03-09 00:51:26 +08:00
|
|
|
* two fields are set. mg_src_cgrp and mg_dst_cgrp are
|
|
|
|
* respectively the source and destination cgroups of the on-going
|
|
|
|
* migration. mg_dst_cset is the destination cset the target tasks
|
|
|
|
* on this cset should be migrated to. Protected by cgroup_mutex.
|
2015-05-14 03:38:40 +08:00
|
|
|
*/
|
|
|
|
struct cgroup *mg_src_cgrp;
|
2016-03-09 00:51:26 +08:00
|
|
|
struct cgroup *mg_dst_cgrp;
|
2015-05-14 03:38:40 +08:00
|
|
|
struct css_set *mg_dst_cset;
|
|
|
|
|
cgroup: ignore css_sets associated with dead cgroups during migration
Before 2e91fa7f6d45 ("cgroup: keep zombies associated with their
original cgroups"), all dead tasks were associated with init_css_set.
If a zombie task is requested for migration, while migration prep
operations would still be performed on init_css_set, the actual
migration would ignore zombie tasks. As init_css_set is always valid,
this worked fine.
However, after 2e91fa7f6d45, zombie tasks stay with the css_set it was
associated with at the time of death. Let's say a task T associated
with cgroup A on hierarchy H-1 and cgroup B on hiearchy H-2. After T
becomes a zombie, it would still remain associated with A and B. If A
only contains zombie tasks, it can be removed. On removal, A gets
marked offline but stays pinned until all zombies are drained. At
this point, if migration is initiated on T to a cgroup C on hierarchy
H-2, migration path would try to prepare T's css_set for migration and
trigger the following.
WARNING: CPU: 0 PID: 1576 at kernel/cgroup.c:474 cgroup_get+0x121/0x160()
CPU: 0 PID: 1576 Comm: bash Not tainted 4.4.0-work+ #289
...
Call Trace:
[<ffffffff8127e63c>] dump_stack+0x4e/0x82
[<ffffffff810445e8>] warn_slowpath_common+0x78/0xb0
[<ffffffff810446d5>] warn_slowpath_null+0x15/0x20
[<ffffffff810c33e1>] cgroup_get+0x121/0x160
[<ffffffff810c349b>] link_css_set+0x7b/0x90
[<ffffffff810c4fbc>] find_css_set+0x3bc/0x5e0
[<ffffffff810c5269>] cgroup_migrate_prepare_dst+0x89/0x1f0
[<ffffffff810c7547>] cgroup_attach_task+0x157/0x230
[<ffffffff810c7a17>] __cgroup_procs_write+0x2b7/0x470
[<ffffffff810c7bdc>] cgroup_tasks_write+0xc/0x10
[<ffffffff810c4790>] cgroup_file_write+0x30/0x1b0
[<ffffffff811c68fc>] kernfs_fop_write+0x13c/0x180
[<ffffffff81151673>] __vfs_write+0x23/0xe0
[<ffffffff81152494>] vfs_write+0xa4/0x1a0
[<ffffffff811532d4>] SyS_write+0x44/0xa0
[<ffffffff814af2d7>] entry_SYSCALL_64_fastpath+0x12/0x6f
It doesn't make sense to prepare migration for css_sets pointing to
dead cgroups as they are guaranteed to contain only zombies which are
ignored later during migration. This patch makes cgroup destruction
path mark all affected css_sets as dead and updates the migration path
to ignore them during preparation.
Signed-off-by: Tejun Heo <tj@kernel.org>
Fixes: 2e91fa7f6d45 ("cgroup: keep zombies associated with their original cgroups")
Cc: stable@vger.kernel.org # v4.4+
2016-03-16 08:43:04 +08:00
|
|
|
/* dead and being drained, ignore for migration */
|
|
|
|
bool dead;
|
|
|
|
|
2015-05-14 03:38:40 +08:00
|
|
|
/* For RCU-protected deletion */
|
|
|
|
struct rcu_head rcu_head;
|
|
|
|
};
|
|
|
|
|
|
|
|
struct cgroup {
|
|
|
|
/* self css with NULL ->ss, points back to this cgroup */
|
|
|
|
struct cgroup_subsys_state self;
|
|
|
|
|
|
|
|
unsigned long flags; /* "unsigned long" so bitops work */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* idr allocated in-hierarchy ID.
|
|
|
|
*
|
|
|
|
* ID 0 is not used, the ID of the root cgroup is always 1, and a
|
|
|
|
* new cgroup will be assigned with a smallest available ID.
|
|
|
|
*
|
|
|
|
* Allocating/Removing ID must be protected by cgroup_mutex.
|
|
|
|
*/
|
|
|
|
int id;
|
|
|
|
|
2015-11-21 04:55:52 +08:00
|
|
|
/*
|
|
|
|
* The depth this cgroup is at. The root is at depth zero and each
|
|
|
|
* step down the hierarchy increments the level. This along with
|
|
|
|
* ancestor_ids[] can determine whether a given cgroup is a
|
|
|
|
* descendant of another without traversing the hierarchy.
|
|
|
|
*/
|
|
|
|
int level;
|
|
|
|
|
2015-05-14 03:38:40 +08:00
|
|
|
/*
|
2015-10-16 04:41:49 +08:00
|
|
|
* Each non-empty css_set associated with this cgroup contributes
|
2017-07-17 09:43:33 +08:00
|
|
|
* one to nr_populated_csets. The counter is zero iff this cgroup
|
|
|
|
* doesn't have any tasks.
|
|
|
|
*
|
|
|
|
* All children which have non-zero nr_populated_csets and/or
|
2017-05-15 21:34:02 +08:00
|
|
|
* nr_populated_children of their own contribute one to either
|
|
|
|
* nr_populated_domain_children or nr_populated_threaded_children
|
|
|
|
* depending on their type. Each counter is zero iff all cgroups
|
|
|
|
* of the type in the subtree proper don't have any tasks.
|
2015-05-14 03:38:40 +08:00
|
|
|
*/
|
2017-07-17 09:43:33 +08:00
|
|
|
int nr_populated_csets;
|
2017-05-15 21:34:02 +08:00
|
|
|
int nr_populated_domain_children;
|
|
|
|
int nr_populated_threaded_children;
|
|
|
|
|
|
|
|
int nr_threaded_children; /* # of live threaded child cgroups */
|
2015-05-14 03:38:40 +08:00
|
|
|
|
|
|
|
struct kernfs_node *kn; /* cgroup kernfs entry */
|
2015-09-19 05:54:23 +08:00
|
|
|
struct cgroup_file procs_file; /* handle for "cgroup.procs" */
|
|
|
|
struct cgroup_file events_file; /* handle for "cgroup.events" */
|
2015-05-14 03:38:40 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* The bitmask of subsystems enabled on the child cgroups.
|
|
|
|
* ->subtree_control is the one configured through
|
2016-02-23 11:25:46 +08:00
|
|
|
* "cgroup.subtree_control" while ->child_ss_mask is the effective
|
|
|
|
* one which may have more subsystems enabled. Controller knobs
|
|
|
|
* are made available iff it's enabled in ->subtree_control.
|
2015-05-14 03:38:40 +08:00
|
|
|
*/
|
2016-02-23 11:25:47 +08:00
|
|
|
u16 subtree_control;
|
|
|
|
u16 subtree_ss_mask;
|
2016-03-03 22:57:59 +08:00
|
|
|
u16 old_subtree_control;
|
|
|
|
u16 old_subtree_ss_mask;
|
2015-05-14 03:38:40 +08:00
|
|
|
|
|
|
|
/* Private pointers for each registered subsystem */
|
|
|
|
struct cgroup_subsys_state __rcu *subsys[CGROUP_SUBSYS_COUNT];
|
|
|
|
|
|
|
|
struct cgroup_root *root;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* List of cgrp_cset_links pointing at css_sets with tasks in this
|
|
|
|
* cgroup. Protected by css_set_lock.
|
|
|
|
*/
|
|
|
|
struct list_head cset_links;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* On the default hierarchy, a css_set for a cgroup with some
|
|
|
|
* susbsys disabled will point to css's which are associated with
|
|
|
|
* the closest ancestor which has the subsys enabled. The
|
|
|
|
* following lists all css_sets which point to this cgroup's css
|
|
|
|
* for the given subsystem.
|
|
|
|
*/
|
|
|
|
struct list_head e_csets[CGROUP_SUBSYS_COUNT];
|
|
|
|
|
2017-05-15 21:34:02 +08:00
|
|
|
/*
|
|
|
|
* If !threaded, self. If threaded, it points to the nearest
|
|
|
|
* domain ancestor. Inside a threaded subtree, cgroups are exempt
|
|
|
|
* from process granularity and no-internal-task constraint.
|
|
|
|
* Domain level resource consumptions which aren't tied to a
|
|
|
|
* specific task are charged to the dom_cgrp.
|
|
|
|
*/
|
|
|
|
struct cgroup *dom_cgrp;
|
|
|
|
|
2015-05-14 03:38:40 +08:00
|
|
|
/*
|
|
|
|
* list of pidlists, up to two for each namespace (one for procs, one
|
|
|
|
* for tasks); created on demand.
|
|
|
|
*/
|
|
|
|
struct list_head pidlists;
|
|
|
|
struct mutex pidlist_mutex;
|
|
|
|
|
|
|
|
/* used to wait for offlining of csses */
|
|
|
|
wait_queue_head_t offline_waitq;
|
|
|
|
|
|
|
|
/* used to schedule release agent */
|
|
|
|
struct work_struct release_agent_work;
|
2015-11-21 04:55:52 +08:00
|
|
|
|
2016-11-23 23:52:26 +08:00
|
|
|
/* used to store eBPF programs */
|
|
|
|
struct cgroup_bpf bpf;
|
|
|
|
|
2015-11-21 04:55:52 +08:00
|
|
|
/* ids of the ancestors at each level including self */
|
|
|
|
int ancestor_ids[];
|
2015-05-14 03:38:40 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
/*
|
|
|
|
* A cgroup_root represents the root of a cgroup hierarchy, and may be
|
|
|
|
* associated with a kernfs_root to form an active hierarchy. This is
|
|
|
|
* internal to cgroup core. Don't access directly from controllers.
|
|
|
|
*/
|
|
|
|
struct cgroup_root {
|
|
|
|
struct kernfs_root *kf_root;
|
|
|
|
|
|
|
|
/* The bitmask of subsystems attached to this hierarchy */
|
|
|
|
unsigned int subsys_mask;
|
|
|
|
|
|
|
|
/* Unique id for this hierarchy. */
|
|
|
|
int hierarchy_id;
|
|
|
|
|
|
|
|
/* The root cgroup. Root is destroyed on its release. */
|
|
|
|
struct cgroup cgrp;
|
|
|
|
|
2015-11-21 04:55:52 +08:00
|
|
|
/* for cgrp->ancestor_ids[0] */
|
|
|
|
int cgrp_ancestor_id_storage;
|
|
|
|
|
2015-05-14 03:38:40 +08:00
|
|
|
/* Number of cgroups in the hierarchy, used only for /proc/cgroups */
|
|
|
|
atomic_t nr_cgrps;
|
|
|
|
|
|
|
|
/* A list running through the active hierarchies */
|
|
|
|
struct list_head root_list;
|
|
|
|
|
|
|
|
/* Hierarchy-specific flags */
|
|
|
|
unsigned int flags;
|
|
|
|
|
|
|
|
/* IDs for cgroups in this hierarchy */
|
|
|
|
struct idr cgroup_idr;
|
|
|
|
|
|
|
|
/* The path to use for release notifications. */
|
|
|
|
char release_agent_path[PATH_MAX];
|
|
|
|
|
|
|
|
/* The name for this hierarchy - may be empty */
|
|
|
|
char name[MAX_CGROUP_ROOT_NAMELEN];
|
|
|
|
};
|
|
|
|
|
|
|
|
/*
|
|
|
|
* struct cftype: handler definitions for cgroup control files
|
|
|
|
*
|
|
|
|
* When reading/writing to a file:
|
|
|
|
* - the cgroup to use is file->f_path.dentry->d_parent->d_fsdata
|
|
|
|
* - the 'cftype' of the file is file->f_path.dentry->d_fsdata
|
|
|
|
*/
|
|
|
|
struct cftype {
|
|
|
|
/*
|
|
|
|
* By convention, the name should begin with the name of the
|
|
|
|
* subsystem, followed by a period. Zero length string indicates
|
|
|
|
* end of cftype array.
|
|
|
|
*/
|
|
|
|
char name[MAX_CFTYPE_NAME];
|
2015-08-12 01:35:42 +08:00
|
|
|
unsigned long private;
|
2015-05-14 03:38:40 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* The maximum length of string, excluding trailing nul, that can
|
|
|
|
* be passed to write. If < PAGE_SIZE-1, PAGE_SIZE-1 is assumed.
|
|
|
|
*/
|
|
|
|
size_t max_write_len;
|
|
|
|
|
|
|
|
/* CFTYPE_* flags */
|
|
|
|
unsigned int flags;
|
|
|
|
|
2015-09-19 05:54:23 +08:00
|
|
|
/*
|
|
|
|
* If non-zero, should contain the offset from the start of css to
|
|
|
|
* a struct cgroup_file field. cgroup will record the handle of
|
|
|
|
* the created file into it. The recorded handle can be used as
|
|
|
|
* long as the containing css remains accessible.
|
|
|
|
*/
|
|
|
|
unsigned int file_offset;
|
|
|
|
|
2015-05-14 03:38:40 +08:00
|
|
|
/*
|
|
|
|
* Fields used for internal bookkeeping. Initialized automatically
|
|
|
|
* during registration.
|
|
|
|
*/
|
|
|
|
struct cgroup_subsys *ss; /* NULL for cgroup core files */
|
|
|
|
struct list_head node; /* anchored at ss->cfts */
|
|
|
|
struct kernfs_ops *kf_ops;
|
|
|
|
|
2016-12-28 03:49:03 +08:00
|
|
|
int (*open)(struct kernfs_open_file *of);
|
|
|
|
void (*release)(struct kernfs_open_file *of);
|
|
|
|
|
2015-05-14 03:38:40 +08:00
|
|
|
/*
|
|
|
|
* read_u64() is a shortcut for the common case of returning a
|
|
|
|
* single integer. Use it in place of read()
|
|
|
|
*/
|
|
|
|
u64 (*read_u64)(struct cgroup_subsys_state *css, struct cftype *cft);
|
|
|
|
/*
|
|
|
|
* read_s64() is a signed version of read_u64()
|
|
|
|
*/
|
|
|
|
s64 (*read_s64)(struct cgroup_subsys_state *css, struct cftype *cft);
|
|
|
|
|
|
|
|
/* generic seq_file read interface */
|
|
|
|
int (*seq_show)(struct seq_file *sf, void *v);
|
|
|
|
|
|
|
|
/* optional ops, implement all or none */
|
|
|
|
void *(*seq_start)(struct seq_file *sf, loff_t *ppos);
|
|
|
|
void *(*seq_next)(struct seq_file *sf, void *v, loff_t *ppos);
|
|
|
|
void (*seq_stop)(struct seq_file *sf, void *v);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* write_u64() is a shortcut for the common case of accepting
|
|
|
|
* a single integer (as parsed by simple_strtoull) from
|
|
|
|
* userspace. Use in place of write(); return 0 or error.
|
|
|
|
*/
|
|
|
|
int (*write_u64)(struct cgroup_subsys_state *css, struct cftype *cft,
|
|
|
|
u64 val);
|
|
|
|
/*
|
|
|
|
* write_s64() is a signed version of write_u64()
|
|
|
|
*/
|
|
|
|
int (*write_s64)(struct cgroup_subsys_state *css, struct cftype *cft,
|
|
|
|
s64 val);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* write() is the generic write callback which maps directly to
|
|
|
|
* kernfs write operation and overrides all other operations.
|
|
|
|
* Maximum write size is determined by ->max_write_len. Use
|
|
|
|
* of_css/cft() to access the associated css and cft.
|
|
|
|
*/
|
|
|
|
ssize_t (*write)(struct kernfs_open_file *of,
|
|
|
|
char *buf, size_t nbytes, loff_t off);
|
|
|
|
|
|
|
|
#ifdef CONFIG_DEBUG_LOCK_ALLOC
|
|
|
|
struct lock_class_key lockdep_key;
|
|
|
|
#endif
|
|
|
|
};
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Control Group subsystem type.
|
|
|
|
* See Documentation/cgroups/cgroups.txt for details
|
|
|
|
*/
|
|
|
|
struct cgroup_subsys {
|
|
|
|
struct cgroup_subsys_state *(*css_alloc)(struct cgroup_subsys_state *parent_css);
|
|
|
|
int (*css_online)(struct cgroup_subsys_state *css);
|
|
|
|
void (*css_offline)(struct cgroup_subsys_state *css);
|
|
|
|
void (*css_released)(struct cgroup_subsys_state *css);
|
|
|
|
void (*css_free)(struct cgroup_subsys_state *css);
|
|
|
|
void (*css_reset)(struct cgroup_subsys_state *css);
|
|
|
|
|
cgroup: fix handling of multi-destination migration from subtree_control enabling
Consider the following v2 hierarchy.
P0 (+memory) --- P1 (-memory) --- A
\- B
P0 has memory enabled in its subtree_control while P1 doesn't. If
both A and B contain processes, they would belong to the memory css of
P1. Now if memory is enabled on P1's subtree_control, memory csses
should be created on both A and B and A's processes should be moved to
the former and B's processes the latter. IOW, enabling controllers
can cause atomic migrations into different csses.
The core cgroup migration logic has been updated accordingly but the
controller migration methods haven't and still assume that all tasks
migrate to a single target css; furthermore, the methods were fed the
css in which subtree_control was updated which is the parent of the
target csses. pids controller depends on the migration methods to
move charges and this made the controller attribute charges to the
wrong csses often triggering the following warning by driving a
counter negative.
WARNING: CPU: 1 PID: 1 at kernel/cgroup_pids.c:97 pids_cancel.constprop.6+0x31/0x40()
Modules linked in:
CPU: 1 PID: 1 Comm: systemd Not tainted 4.4.0-rc1+ #29
...
ffffffff81f65382 ffff88007c043b90 ffffffff81551ffc 0000000000000000
ffff88007c043bc8 ffffffff810de202 ffff88007a752000 ffff88007a29ab00
ffff88007c043c80 ffff88007a1d8400 0000000000000001 ffff88007c043bd8
Call Trace:
[<ffffffff81551ffc>] dump_stack+0x4e/0x82
[<ffffffff810de202>] warn_slowpath_common+0x82/0xc0
[<ffffffff810de2fa>] warn_slowpath_null+0x1a/0x20
[<ffffffff8118e031>] pids_cancel.constprop.6+0x31/0x40
[<ffffffff8118e0fd>] pids_can_attach+0x6d/0xf0
[<ffffffff81188a4c>] cgroup_taskset_migrate+0x6c/0x330
[<ffffffff81188e05>] cgroup_migrate+0xf5/0x190
[<ffffffff81189016>] cgroup_attach_task+0x176/0x200
[<ffffffff8118949d>] __cgroup_procs_write+0x2ad/0x460
[<ffffffff81189684>] cgroup_procs_write+0x14/0x20
[<ffffffff811854e5>] cgroup_file_write+0x35/0x1c0
[<ffffffff812e26f1>] kernfs_fop_write+0x141/0x190
[<ffffffff81265f88>] __vfs_write+0x28/0xe0
[<ffffffff812666fc>] vfs_write+0xac/0x1a0
[<ffffffff81267019>] SyS_write+0x49/0xb0
[<ffffffff81bcef32>] entry_SYSCALL_64_fastpath+0x12/0x76
This patch fixes the bug by removing @css parameter from the three
migration methods, ->can_attach, ->cancel_attach() and ->attach() and
updating cgroup_taskset iteration helpers also return the destination
css in addition to the task being migrated. All controllers are
updated accordingly.
* Controllers which don't care whether there are one or multiple
target csses can be converted trivially. cpu, io, freezer, perf,
netclassid and netprio fall in this category.
* cpuset's current implementation assumes that there's single source
and destination and thus doesn't support v2 hierarchy already. The
only change made by this patchset is how that single destination css
is obtained.
* memory migration path already doesn't do anything on v2. How the
single destination css is obtained is updated and the prep stage of
mem_cgroup_can_attach() is reordered to accomodate the change.
* pids is the only controller which was affected by this bug. It now
correctly handles multi-destination migrations and no longer causes
counter underflow from incorrect accounting.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-and-tested-by: Daniel Wagner <daniel.wagner@bmw-carit.de>
Cc: Aleksa Sarai <cyphar@cyphar.com>
2015-12-03 23:18:21 +08:00
|
|
|
int (*can_attach)(struct cgroup_taskset *tset);
|
|
|
|
void (*cancel_attach)(struct cgroup_taskset *tset);
|
|
|
|
void (*attach)(struct cgroup_taskset *tset);
|
2016-04-22 07:06:48 +08:00
|
|
|
void (*post_attach)(void);
|
2015-12-03 23:24:08 +08:00
|
|
|
int (*can_fork)(struct task_struct *task);
|
|
|
|
void (*cancel_fork)(struct task_struct *task);
|
|
|
|
void (*fork)(struct task_struct *task);
|
2015-10-16 04:41:53 +08:00
|
|
|
void (*exit)(struct task_struct *task);
|
2015-10-16 04:41:53 +08:00
|
|
|
void (*free)(struct task_struct *task);
|
2015-05-14 03:38:40 +08:00
|
|
|
void (*bind)(struct cgroup_subsys_state *root_css);
|
|
|
|
|
2016-02-23 23:00:50 +08:00
|
|
|
bool early_init:1;
|
2015-05-14 03:38:40 +08:00
|
|
|
|
2016-03-09 00:51:26 +08:00
|
|
|
/*
|
|
|
|
* If %true, the controller, on the default hierarchy, doesn't show
|
|
|
|
* up in "cgroup.controllers" or "cgroup.subtree_control", is
|
|
|
|
* implicitly enabled on all cgroups on the default hierarchy, and
|
|
|
|
* bypasses the "no internal process" constraint. This is for
|
|
|
|
* utility type controllers which is transparent to userland.
|
|
|
|
*
|
|
|
|
* An implicit controller can be stolen from the default hierarchy
|
|
|
|
* anytime and thus must be okay with offline csses from previous
|
|
|
|
* hierarchies coexisting with csses for the current one.
|
|
|
|
*/
|
|
|
|
bool implicit_on_dfl:1;
|
|
|
|
|
2015-05-14 03:38:40 +08:00
|
|
|
/*
|
|
|
|
* If %false, this subsystem is properly hierarchical -
|
|
|
|
* configuration, resource accounting and restriction on a parent
|
|
|
|
* cgroup cover those of its children. If %true, hierarchy support
|
|
|
|
* is broken in some ways - some subsystems ignore hierarchy
|
|
|
|
* completely while others are only implemented half-way.
|
|
|
|
*
|
|
|
|
* It's now disallowed to create nested cgroups if the subsystem is
|
|
|
|
* broken and cgroup core will emit a warning message on such
|
|
|
|
* cases. Eventually, all subsystems will be made properly
|
|
|
|
* hierarchical and this will go away.
|
|
|
|
*/
|
2016-02-23 23:00:50 +08:00
|
|
|
bool broken_hierarchy:1;
|
|
|
|
bool warned_broken_hierarchy:1;
|
2015-05-14 03:38:40 +08:00
|
|
|
|
|
|
|
/* the following two fields are initialized automtically during boot */
|
|
|
|
int id;
|
|
|
|
const char *name;
|
|
|
|
|
2015-08-19 04:58:16 +08:00
|
|
|
/* optional, initialized automatically during boot if not set */
|
|
|
|
const char *legacy_name;
|
|
|
|
|
2015-05-14 03:38:40 +08:00
|
|
|
/* link to parent, protected by cgroup_lock() */
|
|
|
|
struct cgroup_root *root;
|
|
|
|
|
|
|
|
/* idr for css->id */
|
|
|
|
struct idr css_idr;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* List of cftypes. Each entry is the first entry of an array
|
|
|
|
* terminated by zero length name.
|
|
|
|
*/
|
|
|
|
struct list_head cfts;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Base cftypes which are automatically registered. The two can
|
|
|
|
* point to the same array.
|
|
|
|
*/
|
|
|
|
struct cftype *dfl_cftypes; /* for the default hierarchy */
|
|
|
|
struct cftype *legacy_cftypes; /* for the legacy hierarchies */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* A subsystem may depend on other subsystems. When such subsystem
|
|
|
|
* is enabled on a cgroup, the depended-upon subsystems are enabled
|
|
|
|
* together if available. Subsystems enabled due to dependency are
|
|
|
|
* not visible to userland until explicitly enabled. The following
|
|
|
|
* specifies the mask of subsystems that this one depends on.
|
|
|
|
*/
|
|
|
|
unsigned int depends_on;
|
|
|
|
};
|
|
|
|
|
2015-09-17 00:53:17 +08:00
|
|
|
extern struct percpu_rw_semaphore cgroup_threadgroup_rwsem;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* cgroup_threadgroup_change_begin - threadgroup exclusion for cgroups
|
|
|
|
* @tsk: target task
|
|
|
|
*
|
2017-02-02 18:50:56 +08:00
|
|
|
* Allows cgroup operations to synchronize against threadgroup changes
|
|
|
|
* using a percpu_rw_semaphore.
|
2015-09-17 00:53:17 +08:00
|
|
|
*/
|
|
|
|
static inline void cgroup_threadgroup_change_begin(struct task_struct *tsk)
|
|
|
|
{
|
|
|
|
percpu_down_read(&cgroup_threadgroup_rwsem);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* cgroup_threadgroup_change_end - threadgroup exclusion for cgroups
|
|
|
|
* @tsk: target task
|
|
|
|
*
|
2017-02-02 18:50:56 +08:00
|
|
|
* Counterpart of cgroup_threadcgroup_change_begin().
|
2015-09-17 00:53:17 +08:00
|
|
|
*/
|
|
|
|
static inline void cgroup_threadgroup_change_end(struct task_struct *tsk)
|
|
|
|
{
|
|
|
|
percpu_up_read(&cgroup_threadgroup_rwsem);
|
|
|
|
}
|
2015-05-14 04:35:16 +08:00
|
|
|
|
|
|
|
#else /* CONFIG_CGROUPS */
|
|
|
|
|
2015-06-06 08:02:14 +08:00
|
|
|
#define CGROUP_SUBSYS_COUNT 0
|
|
|
|
|
2017-02-02 18:50:56 +08:00
|
|
|
static inline void cgroup_threadgroup_change_begin(struct task_struct *tsk)
|
|
|
|
{
|
|
|
|
might_sleep();
|
|
|
|
}
|
|
|
|
|
2015-05-14 04:35:16 +08:00
|
|
|
static inline void cgroup_threadgroup_change_end(struct task_struct *tsk) {}
|
|
|
|
|
2015-05-14 03:38:40 +08:00
|
|
|
#endif /* CONFIG_CGROUPS */
|
2015-05-14 04:35:16 +08:00
|
|
|
|
2015-12-08 06:38:52 +08:00
|
|
|
#ifdef CONFIG_SOCK_CGROUP_DATA
|
|
|
|
|
sock, cgroup: add sock->sk_cgroup
In cgroup v1, dealing with cgroup membership was difficult because the
number of membership associations was unbound. As a result, cgroup v1
grew several controllers whose primary purpose is either tagging
membership or pull in configuration knobs from other subsystems so
that cgroup membership test can be avoided.
net_cls and net_prio controllers are examples of the latter. They
allow configuring network-specific attributes from cgroup side so that
network subsystem can avoid testing cgroup membership; unfortunately,
these are not only cumbersome but also problematic.
Both net_cls and net_prio aren't properly hierarchical. Both inherit
configuration from the parent on creation but there's no interaction
afterwards. An ancestor doesn't restrict the behavior in its subtree
in anyway and configuration changes aren't propagated downwards.
Especially when combined with cgroup delegation, this is problematic
because delegatees can mess up whatever network configuration
implemented at the system level. net_prio would allow the delegatees
to set whatever priority value regardless of CAP_NET_ADMIN and net_cls
the same for classid.
While it is possible to solve these issues from controller side by
implementing hierarchical allowable ranges in both controllers, it
would involve quite a bit of complexity in the controllers and further
obfuscate network configuration as it becomes even more difficult to
tell what's actually being configured looking from the network side.
While not much can be done for v1 at this point, as membership
handling is sane on cgroup v2, it'd be better to make cgroup matching
behave like other network matches and classifiers than introducing
further complications.
In preparation, this patch updates sock->sk_cgrp_data handling so that
it points to the v2 cgroup that sock was created in until either
net_prio or net_cls is used. Once either of the two is used,
sock->sk_cgrp_data reverts to its previous role of carrying prioidx
and classid. This is to avoid adding yet another cgroup related field
to struct sock.
As the mode switching can happen at most once per boot, the switching
mechanism is aimed at lowering hot path overhead. It may leak a
finite, likely small, number of cgroup refs and report spurious
prioidx or classid on switching; however, dynamic updates of prioidx
and classid have always been racy and lossy - socks between creation
and fd installation are never updated, config changes don't update
existing sockets at all, and prioidx may index with dead and recycled
cgroup IDs. Non-critical inaccuracies from small race windows won't
make any noticeable difference.
This patch doesn't make use of the pointer yet. The following patch
will implement netfilter match for cgroup2 membership.
v2: Use sock_cgroup_data to avoid inflating struct sock w/ another
cgroup specific field.
v3: Add comments explaining why sock_data_prioidx() and
sock_data_classid() use different fallback values.
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Daniel Wagner <daniel.wagner@bmw-carit.de>
CC: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-08 06:38:53 +08:00
|
|
|
/*
|
|
|
|
* sock_cgroup_data is embedded at sock->sk_cgrp_data and contains
|
|
|
|
* per-socket cgroup information except for memcg association.
|
|
|
|
*
|
|
|
|
* On legacy hierarchies, net_prio and net_cls controllers directly set
|
|
|
|
* attributes on each sock which can then be tested by the network layer.
|
|
|
|
* On the default hierarchy, each sock is associated with the cgroup it was
|
|
|
|
* created in and the networking layer can match the cgroup directly.
|
|
|
|
*
|
|
|
|
* To avoid carrying all three cgroup related fields separately in sock,
|
|
|
|
* sock_cgroup_data overloads (prioidx, classid) and the cgroup pointer.
|
|
|
|
* On boot, sock_cgroup_data records the cgroup that the sock was created
|
|
|
|
* in so that cgroup2 matches can be made; however, once either net_prio or
|
|
|
|
* net_cls starts being used, the area is overriden to carry prioidx and/or
|
|
|
|
* classid. The two modes are distinguished by whether the lowest bit is
|
|
|
|
* set. Clear bit indicates cgroup pointer while set bit prioidx and
|
|
|
|
* classid.
|
|
|
|
*
|
|
|
|
* While userland may start using net_prio or net_cls at any time, once
|
|
|
|
* either is used, cgroup2 matching no longer works. There is no reason to
|
|
|
|
* mix the two and this is in line with how legacy and v2 compatibility is
|
|
|
|
* handled. On mode switch, cgroup references which are already being
|
|
|
|
* pointed to by socks may be leaked. While this can be remedied by adding
|
|
|
|
* synchronization around sock_cgroup_data, given that the number of leaked
|
|
|
|
* cgroups is bound and highly unlikely to be high, this seems to be the
|
|
|
|
* better trade-off.
|
|
|
|
*/
|
2015-12-08 06:38:52 +08:00
|
|
|
struct sock_cgroup_data {
|
sock, cgroup: add sock->sk_cgroup
In cgroup v1, dealing with cgroup membership was difficult because the
number of membership associations was unbound. As a result, cgroup v1
grew several controllers whose primary purpose is either tagging
membership or pull in configuration knobs from other subsystems so
that cgroup membership test can be avoided.
net_cls and net_prio controllers are examples of the latter. They
allow configuring network-specific attributes from cgroup side so that
network subsystem can avoid testing cgroup membership; unfortunately,
these are not only cumbersome but also problematic.
Both net_cls and net_prio aren't properly hierarchical. Both inherit
configuration from the parent on creation but there's no interaction
afterwards. An ancestor doesn't restrict the behavior in its subtree
in anyway and configuration changes aren't propagated downwards.
Especially when combined with cgroup delegation, this is problematic
because delegatees can mess up whatever network configuration
implemented at the system level. net_prio would allow the delegatees
to set whatever priority value regardless of CAP_NET_ADMIN and net_cls
the same for classid.
While it is possible to solve these issues from controller side by
implementing hierarchical allowable ranges in both controllers, it
would involve quite a bit of complexity in the controllers and further
obfuscate network configuration as it becomes even more difficult to
tell what's actually being configured looking from the network side.
While not much can be done for v1 at this point, as membership
handling is sane on cgroup v2, it'd be better to make cgroup matching
behave like other network matches and classifiers than introducing
further complications.
In preparation, this patch updates sock->sk_cgrp_data handling so that
it points to the v2 cgroup that sock was created in until either
net_prio or net_cls is used. Once either of the two is used,
sock->sk_cgrp_data reverts to its previous role of carrying prioidx
and classid. This is to avoid adding yet another cgroup related field
to struct sock.
As the mode switching can happen at most once per boot, the switching
mechanism is aimed at lowering hot path overhead. It may leak a
finite, likely small, number of cgroup refs and report spurious
prioidx or classid on switching; however, dynamic updates of prioidx
and classid have always been racy and lossy - socks between creation
and fd installation are never updated, config changes don't update
existing sockets at all, and prioidx may index with dead and recycled
cgroup IDs. Non-critical inaccuracies from small race windows won't
make any noticeable difference.
This patch doesn't make use of the pointer yet. The following patch
will implement netfilter match for cgroup2 membership.
v2: Use sock_cgroup_data to avoid inflating struct sock w/ another
cgroup specific field.
v3: Add comments explaining why sock_data_prioidx() and
sock_data_classid() use different fallback values.
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Daniel Wagner <daniel.wagner@bmw-carit.de>
CC: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-08 06:38:53 +08:00
|
|
|
union {
|
|
|
|
#ifdef __LITTLE_ENDIAN
|
|
|
|
struct {
|
|
|
|
u8 is_data;
|
|
|
|
u8 padding;
|
|
|
|
u16 prioidx;
|
|
|
|
u32 classid;
|
|
|
|
} __packed;
|
|
|
|
#else
|
|
|
|
struct {
|
|
|
|
u32 classid;
|
|
|
|
u16 prioidx;
|
|
|
|
u8 padding;
|
|
|
|
u8 is_data;
|
|
|
|
} __packed;
|
|
|
|
#endif
|
|
|
|
u64 val;
|
|
|
|
};
|
2015-12-08 06:38:52 +08:00
|
|
|
};
|
|
|
|
|
sock, cgroup: add sock->sk_cgroup
In cgroup v1, dealing with cgroup membership was difficult because the
number of membership associations was unbound. As a result, cgroup v1
grew several controllers whose primary purpose is either tagging
membership or pull in configuration knobs from other subsystems so
that cgroup membership test can be avoided.
net_cls and net_prio controllers are examples of the latter. They
allow configuring network-specific attributes from cgroup side so that
network subsystem can avoid testing cgroup membership; unfortunately,
these are not only cumbersome but also problematic.
Both net_cls and net_prio aren't properly hierarchical. Both inherit
configuration from the parent on creation but there's no interaction
afterwards. An ancestor doesn't restrict the behavior in its subtree
in anyway and configuration changes aren't propagated downwards.
Especially when combined with cgroup delegation, this is problematic
because delegatees can mess up whatever network configuration
implemented at the system level. net_prio would allow the delegatees
to set whatever priority value regardless of CAP_NET_ADMIN and net_cls
the same for classid.
While it is possible to solve these issues from controller side by
implementing hierarchical allowable ranges in both controllers, it
would involve quite a bit of complexity in the controllers and further
obfuscate network configuration as it becomes even more difficult to
tell what's actually being configured looking from the network side.
While not much can be done for v1 at this point, as membership
handling is sane on cgroup v2, it'd be better to make cgroup matching
behave like other network matches and classifiers than introducing
further complications.
In preparation, this patch updates sock->sk_cgrp_data handling so that
it points to the v2 cgroup that sock was created in until either
net_prio or net_cls is used. Once either of the two is used,
sock->sk_cgrp_data reverts to its previous role of carrying prioidx
and classid. This is to avoid adding yet another cgroup related field
to struct sock.
As the mode switching can happen at most once per boot, the switching
mechanism is aimed at lowering hot path overhead. It may leak a
finite, likely small, number of cgroup refs and report spurious
prioidx or classid on switching; however, dynamic updates of prioidx
and classid have always been racy and lossy - socks between creation
and fd installation are never updated, config changes don't update
existing sockets at all, and prioidx may index with dead and recycled
cgroup IDs. Non-critical inaccuracies from small race windows won't
make any noticeable difference.
This patch doesn't make use of the pointer yet. The following patch
will implement netfilter match for cgroup2 membership.
v2: Use sock_cgroup_data to avoid inflating struct sock w/ another
cgroup specific field.
v3: Add comments explaining why sock_data_prioidx() and
sock_data_classid() use different fallback values.
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Daniel Wagner <daniel.wagner@bmw-carit.de>
CC: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-08 06:38:53 +08:00
|
|
|
/*
|
|
|
|
* There's a theoretical window where the following accessors race with
|
|
|
|
* updaters and return part of the previous pointer as the prioidx or
|
|
|
|
* classid. Such races are short-lived and the result isn't critical.
|
|
|
|
*/
|
2015-12-08 06:38:52 +08:00
|
|
|
static inline u16 sock_cgroup_prioidx(struct sock_cgroup_data *skcd)
|
|
|
|
{
|
sock, cgroup: add sock->sk_cgroup
In cgroup v1, dealing with cgroup membership was difficult because the
number of membership associations was unbound. As a result, cgroup v1
grew several controllers whose primary purpose is either tagging
membership or pull in configuration knobs from other subsystems so
that cgroup membership test can be avoided.
net_cls and net_prio controllers are examples of the latter. They
allow configuring network-specific attributes from cgroup side so that
network subsystem can avoid testing cgroup membership; unfortunately,
these are not only cumbersome but also problematic.
Both net_cls and net_prio aren't properly hierarchical. Both inherit
configuration from the parent on creation but there's no interaction
afterwards. An ancestor doesn't restrict the behavior in its subtree
in anyway and configuration changes aren't propagated downwards.
Especially when combined with cgroup delegation, this is problematic
because delegatees can mess up whatever network configuration
implemented at the system level. net_prio would allow the delegatees
to set whatever priority value regardless of CAP_NET_ADMIN and net_cls
the same for classid.
While it is possible to solve these issues from controller side by
implementing hierarchical allowable ranges in both controllers, it
would involve quite a bit of complexity in the controllers and further
obfuscate network configuration as it becomes even more difficult to
tell what's actually being configured looking from the network side.
While not much can be done for v1 at this point, as membership
handling is sane on cgroup v2, it'd be better to make cgroup matching
behave like other network matches and classifiers than introducing
further complications.
In preparation, this patch updates sock->sk_cgrp_data handling so that
it points to the v2 cgroup that sock was created in until either
net_prio or net_cls is used. Once either of the two is used,
sock->sk_cgrp_data reverts to its previous role of carrying prioidx
and classid. This is to avoid adding yet another cgroup related field
to struct sock.
As the mode switching can happen at most once per boot, the switching
mechanism is aimed at lowering hot path overhead. It may leak a
finite, likely small, number of cgroup refs and report spurious
prioidx or classid on switching; however, dynamic updates of prioidx
and classid have always been racy and lossy - socks between creation
and fd installation are never updated, config changes don't update
existing sockets at all, and prioidx may index with dead and recycled
cgroup IDs. Non-critical inaccuracies from small race windows won't
make any noticeable difference.
This patch doesn't make use of the pointer yet. The following patch
will implement netfilter match for cgroup2 membership.
v2: Use sock_cgroup_data to avoid inflating struct sock w/ another
cgroup specific field.
v3: Add comments explaining why sock_data_prioidx() and
sock_data_classid() use different fallback values.
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Daniel Wagner <daniel.wagner@bmw-carit.de>
CC: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-08 06:38:53 +08:00
|
|
|
/* fallback to 1 which is always the ID of the root cgroup */
|
|
|
|
return (skcd->is_data & 1) ? skcd->prioidx : 1;
|
2015-12-08 06:38:52 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static inline u32 sock_cgroup_classid(struct sock_cgroup_data *skcd)
|
|
|
|
{
|
sock, cgroup: add sock->sk_cgroup
In cgroup v1, dealing with cgroup membership was difficult because the
number of membership associations was unbound. As a result, cgroup v1
grew several controllers whose primary purpose is either tagging
membership or pull in configuration knobs from other subsystems so
that cgroup membership test can be avoided.
net_cls and net_prio controllers are examples of the latter. They
allow configuring network-specific attributes from cgroup side so that
network subsystem can avoid testing cgroup membership; unfortunately,
these are not only cumbersome but also problematic.
Both net_cls and net_prio aren't properly hierarchical. Both inherit
configuration from the parent on creation but there's no interaction
afterwards. An ancestor doesn't restrict the behavior in its subtree
in anyway and configuration changes aren't propagated downwards.
Especially when combined with cgroup delegation, this is problematic
because delegatees can mess up whatever network configuration
implemented at the system level. net_prio would allow the delegatees
to set whatever priority value regardless of CAP_NET_ADMIN and net_cls
the same for classid.
While it is possible to solve these issues from controller side by
implementing hierarchical allowable ranges in both controllers, it
would involve quite a bit of complexity in the controllers and further
obfuscate network configuration as it becomes even more difficult to
tell what's actually being configured looking from the network side.
While not much can be done for v1 at this point, as membership
handling is sane on cgroup v2, it'd be better to make cgroup matching
behave like other network matches and classifiers than introducing
further complications.
In preparation, this patch updates sock->sk_cgrp_data handling so that
it points to the v2 cgroup that sock was created in until either
net_prio or net_cls is used. Once either of the two is used,
sock->sk_cgrp_data reverts to its previous role of carrying prioidx
and classid. This is to avoid adding yet another cgroup related field
to struct sock.
As the mode switching can happen at most once per boot, the switching
mechanism is aimed at lowering hot path overhead. It may leak a
finite, likely small, number of cgroup refs and report spurious
prioidx or classid on switching; however, dynamic updates of prioidx
and classid have always been racy and lossy - socks between creation
and fd installation are never updated, config changes don't update
existing sockets at all, and prioidx may index with dead and recycled
cgroup IDs. Non-critical inaccuracies from small race windows won't
make any noticeable difference.
This patch doesn't make use of the pointer yet. The following patch
will implement netfilter match for cgroup2 membership.
v2: Use sock_cgroup_data to avoid inflating struct sock w/ another
cgroup specific field.
v3: Add comments explaining why sock_data_prioidx() and
sock_data_classid() use different fallback values.
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Daniel Wagner <daniel.wagner@bmw-carit.de>
CC: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-08 06:38:53 +08:00
|
|
|
/* fallback to 0 which is the unconfigured default classid */
|
|
|
|
return (skcd->is_data & 1) ? skcd->classid : 0;
|
2015-12-08 06:38:52 +08:00
|
|
|
}
|
|
|
|
|
sock, cgroup: add sock->sk_cgroup
In cgroup v1, dealing with cgroup membership was difficult because the
number of membership associations was unbound. As a result, cgroup v1
grew several controllers whose primary purpose is either tagging
membership or pull in configuration knobs from other subsystems so
that cgroup membership test can be avoided.
net_cls and net_prio controllers are examples of the latter. They
allow configuring network-specific attributes from cgroup side so that
network subsystem can avoid testing cgroup membership; unfortunately,
these are not only cumbersome but also problematic.
Both net_cls and net_prio aren't properly hierarchical. Both inherit
configuration from the parent on creation but there's no interaction
afterwards. An ancestor doesn't restrict the behavior in its subtree
in anyway and configuration changes aren't propagated downwards.
Especially when combined with cgroup delegation, this is problematic
because delegatees can mess up whatever network configuration
implemented at the system level. net_prio would allow the delegatees
to set whatever priority value regardless of CAP_NET_ADMIN and net_cls
the same for classid.
While it is possible to solve these issues from controller side by
implementing hierarchical allowable ranges in both controllers, it
would involve quite a bit of complexity in the controllers and further
obfuscate network configuration as it becomes even more difficult to
tell what's actually being configured looking from the network side.
While not much can be done for v1 at this point, as membership
handling is sane on cgroup v2, it'd be better to make cgroup matching
behave like other network matches and classifiers than introducing
further complications.
In preparation, this patch updates sock->sk_cgrp_data handling so that
it points to the v2 cgroup that sock was created in until either
net_prio or net_cls is used. Once either of the two is used,
sock->sk_cgrp_data reverts to its previous role of carrying prioidx
and classid. This is to avoid adding yet another cgroup related field
to struct sock.
As the mode switching can happen at most once per boot, the switching
mechanism is aimed at lowering hot path overhead. It may leak a
finite, likely small, number of cgroup refs and report spurious
prioidx or classid on switching; however, dynamic updates of prioidx
and classid have always been racy and lossy - socks between creation
and fd installation are never updated, config changes don't update
existing sockets at all, and prioidx may index with dead and recycled
cgroup IDs. Non-critical inaccuracies from small race windows won't
make any noticeable difference.
This patch doesn't make use of the pointer yet. The following patch
will implement netfilter match for cgroup2 membership.
v2: Use sock_cgroup_data to avoid inflating struct sock w/ another
cgroup specific field.
v3: Add comments explaining why sock_data_prioidx() and
sock_data_classid() use different fallback values.
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Daniel Wagner <daniel.wagner@bmw-carit.de>
CC: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-08 06:38:53 +08:00
|
|
|
/*
|
|
|
|
* If invoked concurrently, the updaters may clobber each other. The
|
|
|
|
* caller is responsible for synchronization.
|
|
|
|
*/
|
2015-12-08 06:38:52 +08:00
|
|
|
static inline void sock_cgroup_set_prioidx(struct sock_cgroup_data *skcd,
|
|
|
|
u16 prioidx)
|
|
|
|
{
|
2015-12-10 01:30:46 +08:00
|
|
|
struct sock_cgroup_data skcd_buf = {{ .val = READ_ONCE(skcd->val) }};
|
sock, cgroup: add sock->sk_cgroup
In cgroup v1, dealing with cgroup membership was difficult because the
number of membership associations was unbound. As a result, cgroup v1
grew several controllers whose primary purpose is either tagging
membership or pull in configuration knobs from other subsystems so
that cgroup membership test can be avoided.
net_cls and net_prio controllers are examples of the latter. They
allow configuring network-specific attributes from cgroup side so that
network subsystem can avoid testing cgroup membership; unfortunately,
these are not only cumbersome but also problematic.
Both net_cls and net_prio aren't properly hierarchical. Both inherit
configuration from the parent on creation but there's no interaction
afterwards. An ancestor doesn't restrict the behavior in its subtree
in anyway and configuration changes aren't propagated downwards.
Especially when combined with cgroup delegation, this is problematic
because delegatees can mess up whatever network configuration
implemented at the system level. net_prio would allow the delegatees
to set whatever priority value regardless of CAP_NET_ADMIN and net_cls
the same for classid.
While it is possible to solve these issues from controller side by
implementing hierarchical allowable ranges in both controllers, it
would involve quite a bit of complexity in the controllers and further
obfuscate network configuration as it becomes even more difficult to
tell what's actually being configured looking from the network side.
While not much can be done for v1 at this point, as membership
handling is sane on cgroup v2, it'd be better to make cgroup matching
behave like other network matches and classifiers than introducing
further complications.
In preparation, this patch updates sock->sk_cgrp_data handling so that
it points to the v2 cgroup that sock was created in until either
net_prio or net_cls is used. Once either of the two is used,
sock->sk_cgrp_data reverts to its previous role of carrying prioidx
and classid. This is to avoid adding yet another cgroup related field
to struct sock.
As the mode switching can happen at most once per boot, the switching
mechanism is aimed at lowering hot path overhead. It may leak a
finite, likely small, number of cgroup refs and report spurious
prioidx or classid on switching; however, dynamic updates of prioidx
and classid have always been racy and lossy - socks between creation
and fd installation are never updated, config changes don't update
existing sockets at all, and prioidx may index with dead and recycled
cgroup IDs. Non-critical inaccuracies from small race windows won't
make any noticeable difference.
This patch doesn't make use of the pointer yet. The following patch
will implement netfilter match for cgroup2 membership.
v2: Use sock_cgroup_data to avoid inflating struct sock w/ another
cgroup specific field.
v3: Add comments explaining why sock_data_prioidx() and
sock_data_classid() use different fallback values.
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Daniel Wagner <daniel.wagner@bmw-carit.de>
CC: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-08 06:38:53 +08:00
|
|
|
|
|
|
|
if (sock_cgroup_prioidx(&skcd_buf) == prioidx)
|
|
|
|
return;
|
|
|
|
|
|
|
|
if (!(skcd_buf.is_data & 1)) {
|
|
|
|
skcd_buf.val = 0;
|
|
|
|
skcd_buf.is_data = 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
skcd_buf.prioidx = prioidx;
|
|
|
|
WRITE_ONCE(skcd->val, skcd_buf.val); /* see sock_cgroup_ptr() */
|
2015-12-08 06:38:52 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static inline void sock_cgroup_set_classid(struct sock_cgroup_data *skcd,
|
|
|
|
u32 classid)
|
|
|
|
{
|
2015-12-10 01:30:46 +08:00
|
|
|
struct sock_cgroup_data skcd_buf = {{ .val = READ_ONCE(skcd->val) }};
|
sock, cgroup: add sock->sk_cgroup
In cgroup v1, dealing with cgroup membership was difficult because the
number of membership associations was unbound. As a result, cgroup v1
grew several controllers whose primary purpose is either tagging
membership or pull in configuration knobs from other subsystems so
that cgroup membership test can be avoided.
net_cls and net_prio controllers are examples of the latter. They
allow configuring network-specific attributes from cgroup side so that
network subsystem can avoid testing cgroup membership; unfortunately,
these are not only cumbersome but also problematic.
Both net_cls and net_prio aren't properly hierarchical. Both inherit
configuration from the parent on creation but there's no interaction
afterwards. An ancestor doesn't restrict the behavior in its subtree
in anyway and configuration changes aren't propagated downwards.
Especially when combined with cgroup delegation, this is problematic
because delegatees can mess up whatever network configuration
implemented at the system level. net_prio would allow the delegatees
to set whatever priority value regardless of CAP_NET_ADMIN and net_cls
the same for classid.
While it is possible to solve these issues from controller side by
implementing hierarchical allowable ranges in both controllers, it
would involve quite a bit of complexity in the controllers and further
obfuscate network configuration as it becomes even more difficult to
tell what's actually being configured looking from the network side.
While not much can be done for v1 at this point, as membership
handling is sane on cgroup v2, it'd be better to make cgroup matching
behave like other network matches and classifiers than introducing
further complications.
In preparation, this patch updates sock->sk_cgrp_data handling so that
it points to the v2 cgroup that sock was created in until either
net_prio or net_cls is used. Once either of the two is used,
sock->sk_cgrp_data reverts to its previous role of carrying prioidx
and classid. This is to avoid adding yet another cgroup related field
to struct sock.
As the mode switching can happen at most once per boot, the switching
mechanism is aimed at lowering hot path overhead. It may leak a
finite, likely small, number of cgroup refs and report spurious
prioidx or classid on switching; however, dynamic updates of prioidx
and classid have always been racy and lossy - socks between creation
and fd installation are never updated, config changes don't update
existing sockets at all, and prioidx may index with dead and recycled
cgroup IDs. Non-critical inaccuracies from small race windows won't
make any noticeable difference.
This patch doesn't make use of the pointer yet. The following patch
will implement netfilter match for cgroup2 membership.
v2: Use sock_cgroup_data to avoid inflating struct sock w/ another
cgroup specific field.
v3: Add comments explaining why sock_data_prioidx() and
sock_data_classid() use different fallback values.
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Daniel Wagner <daniel.wagner@bmw-carit.de>
CC: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-08 06:38:53 +08:00
|
|
|
|
|
|
|
if (sock_cgroup_classid(&skcd_buf) == classid)
|
|
|
|
return;
|
|
|
|
|
|
|
|
if (!(skcd_buf.is_data & 1)) {
|
|
|
|
skcd_buf.val = 0;
|
|
|
|
skcd_buf.is_data = 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
skcd_buf.classid = classid;
|
|
|
|
WRITE_ONCE(skcd->val, skcd_buf.val); /* see sock_cgroup_ptr() */
|
2015-12-08 06:38:52 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
#else /* CONFIG_SOCK_CGROUP_DATA */
|
|
|
|
|
|
|
|
struct sock_cgroup_data {
|
|
|
|
};
|
|
|
|
|
|
|
|
#endif /* CONFIG_SOCK_CGROUP_DATA */
|
|
|
|
|
2015-05-14 03:38:40 +08:00
|
|
|
#endif /* _LINUX_CGROUP_DEFS_H */
|