cgroup: Add generic cgroup subsystem permission checks.
[linux-2.6.git] / kernel / cgroup_freezer.c
1 /*
2  * cgroup_freezer.c -  control group freezer subsystem
3  *
4  * Copyright IBM Corporation, 2007
5  *
6  * Author : Cedric Le Goater <clg@fr.ibm.com>
7  *
8  * This program is free software; you can redistribute it and/or modify it
9  * under the terms of version 2.1 of the GNU Lesser General Public License
10  * as published by the Free Software Foundation.
11  *
12  * This program is distributed in the hope that it would be useful, but
13  * WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
15  */
16
17 #include <linux/module.h>
18 #include <linux/slab.h>
19 #include <linux/cgroup.h>
20 #include <linux/fs.h>
21 #include <linux/uaccess.h>
22 #include <linux/freezer.h>
23 #include <linux/seq_file.h>
24
25 enum freezer_state {
26         CGROUP_THAWED = 0,
27         CGROUP_FREEZING,
28         CGROUP_FROZEN,
29 };
30
31 struct freezer {
32         struct cgroup_subsys_state css;
33         enum freezer_state state;
34         spinlock_t lock; /* protects _writes_ to state */
35 };
36
37 static inline struct freezer *cgroup_freezer(
38                 struct cgroup *cgroup)
39 {
40         return container_of(
41                 cgroup_subsys_state(cgroup, freezer_subsys_id),
42                 struct freezer, css);
43 }
44
45 static inline struct freezer *task_freezer(struct task_struct *task)
46 {
47         return container_of(task_subsys_state(task, freezer_subsys_id),
48                             struct freezer, css);
49 }
50
51 static inline int __cgroup_freezing_or_frozen(struct task_struct *task)
52 {
53         enum freezer_state state = task_freezer(task)->state;
54         return (state == CGROUP_FREEZING) || (state == CGROUP_FROZEN);
55 }
56
57 int cgroup_freezing_or_frozen(struct task_struct *task)
58 {
59         int result;
60         task_lock(task);
61         result = __cgroup_freezing_or_frozen(task);
62         task_unlock(task);
63         return result;
64 }
65
66 /*
67  * cgroups_write_string() limits the size of freezer state strings to
68  * CGROUP_LOCAL_BUFFER_SIZE
69  */
70 static const char *freezer_state_strs[] = {
71         "THAWED",
72         "FREEZING",
73         "FROZEN",
74 };
75
76 /*
77  * State diagram
78  * Transitions are caused by userspace writes to the freezer.state file.
79  * The values in parenthesis are state labels. The rest are edge labels.
80  *
81  * (THAWED) --FROZEN--> (FREEZING) --FROZEN--> (FROZEN)
82  *    ^ ^                    |                     |
83  *    | \_______THAWED_______/                     |
84  *    \__________________________THAWED____________/
85  */
86
87 struct cgroup_subsys freezer_subsys;
88
89 /* Locks taken and their ordering
90  * ------------------------------
91  * cgroup_mutex (AKA cgroup_lock)
92  * freezer->lock
93  * css_set_lock
94  * task->alloc_lock (AKA task_lock)
95  * task->sighand->siglock
96  *
97  * cgroup code forces css_set_lock to be taken before task->alloc_lock
98  *
99  * freezer_create(), freezer_destroy():
100  * cgroup_mutex [ by cgroup core ]
101  *
102  * freezer_can_attach():
103  * cgroup_mutex (held by caller of can_attach)
104  *
105  * cgroup_freezing_or_frozen():
106  * task->alloc_lock (to get task's cgroup)
107  *
108  * freezer_fork() (preserving fork() performance means can't take cgroup_mutex):
109  * freezer->lock
110  *  sighand->siglock (if the cgroup is freezing)
111  *
112  * freezer_read():
113  * cgroup_mutex
114  *  freezer->lock
115  *   write_lock css_set_lock (cgroup iterator start)
116  *    task->alloc_lock
117  *   read_lock css_set_lock (cgroup iterator start)
118  *
119  * freezer_write() (freeze):
120  * cgroup_mutex
121  *  freezer->lock
122  *   write_lock css_set_lock (cgroup iterator start)
123  *    task->alloc_lock
124  *   read_lock css_set_lock (cgroup iterator start)
125  *    sighand->siglock (fake signal delivery inside freeze_task())
126  *
127  * freezer_write() (unfreeze):
128  * cgroup_mutex
129  *  freezer->lock
130  *   write_lock css_set_lock (cgroup iterator start)
131  *    task->alloc_lock
132  *   read_lock css_set_lock (cgroup iterator start)
133  *    task->alloc_lock (inside thaw_process(), prevents race with refrigerator())
134  *     sighand->siglock
135  */
136 static struct cgroup_subsys_state *freezer_create(struct cgroup_subsys *ss,
137                                                   struct cgroup *cgroup)
138 {
139         struct freezer *freezer;
140
141         freezer = kzalloc(sizeof(struct freezer), GFP_KERNEL);
142         if (!freezer)
143                 return ERR_PTR(-ENOMEM);
144
145         spin_lock_init(&freezer->lock);
146         freezer->state = CGROUP_THAWED;
147         return &freezer->css;
148 }
149
150 static void freezer_destroy(struct cgroup_subsys *ss,
151                             struct cgroup *cgroup)
152 {
153         kfree(cgroup_freezer(cgroup));
154 }
155
156 /*
157  * The call to cgroup_lock() in the freezer.state write method prevents
158  * a write to that file racing against an attach, and hence the
159  * can_attach() result will remain valid until the attach completes.
160  */
161 static int freezer_can_attach(struct cgroup_subsys *ss,
162                               struct cgroup *new_cgroup,
163                               struct task_struct *task)
164 {
165         struct freezer *freezer;
166
167         if ((current != task) && (!capable(CAP_SYS_ADMIN))) {
168                 const struct cred *cred = current_cred(), *tcred;
169
170                 tcred = __task_cred(task);
171                 if (cred->euid != tcred->uid && cred->euid != tcred->suid)
172                         return -EPERM;
173         }
174
175         /*
176          * Anything frozen can't move or be moved to/from.
177          */
178
179         freezer = cgroup_freezer(new_cgroup);
180         if (freezer->state != CGROUP_THAWED)
181                 return -EBUSY;
182
183         return 0;
184 }
185
186 static int freezer_can_attach_task(struct cgroup *cgrp, struct task_struct *tsk)
187 {
188         rcu_read_lock();
189         if (__cgroup_freezing_or_frozen(tsk)) {
190                 rcu_read_unlock();
191                 return -EBUSY;
192         }
193         rcu_read_unlock();
194         return 0;
195 }
196
197 static void freezer_fork(struct cgroup_subsys *ss, struct task_struct *task)
198 {
199         struct freezer *freezer;
200
201         /*
202          * No lock is needed, since the task isn't on tasklist yet,
203          * so it can't be moved to another cgroup, which means the
204          * freezer won't be removed and will be valid during this
205          * function call.  Nevertheless, apply RCU read-side critical
206          * section to suppress RCU lockdep false positives.
207          */
208         rcu_read_lock();
209         freezer = task_freezer(task);
210         rcu_read_unlock();
211
212         /*
213          * The root cgroup is non-freezable, so we can skip the
214          * following check.
215          */
216         if (!freezer->css.cgroup->parent)
217                 return;
218
219         spin_lock_irq(&freezer->lock);
220         BUG_ON(freezer->state == CGROUP_FROZEN);
221
222         /* Locking avoids race with FREEZING -> THAWED transitions. */
223         if (freezer->state == CGROUP_FREEZING)
224                 freeze_task(task, true);
225         spin_unlock_irq(&freezer->lock);
226 }
227
228 /*
229  * caller must hold freezer->lock
230  */
231 static void update_if_frozen(struct cgroup *cgroup,
232                                  struct freezer *freezer)
233 {
234         struct cgroup_iter it;
235         struct task_struct *task;
236         unsigned int nfrozen = 0, ntotal = 0;
237         enum freezer_state old_state = freezer->state;
238
239         cgroup_iter_start(cgroup, &it);
240         while ((task = cgroup_iter_next(cgroup, &it))) {
241                 ntotal++;
242                 if (frozen(task))
243                         nfrozen++;
244         }
245
246         if (old_state == CGROUP_THAWED) {
247                 BUG_ON(nfrozen > 0);
248         } else if (old_state == CGROUP_FREEZING) {
249                 if (nfrozen == ntotal)
250                         freezer->state = CGROUP_FROZEN;
251         } else { /* old_state == CGROUP_FROZEN */
252                 BUG_ON(nfrozen != ntotal);
253         }
254
255         cgroup_iter_end(cgroup, &it);
256 }
257
258 static int freezer_read(struct cgroup *cgroup, struct cftype *cft,
259                         struct seq_file *m)
260 {
261         struct freezer *freezer;
262         enum freezer_state state;
263
264         if (!cgroup_lock_live_group(cgroup))
265                 return -ENODEV;
266
267         freezer = cgroup_freezer(cgroup);
268         spin_lock_irq(&freezer->lock);
269         state = freezer->state;
270         if (state == CGROUP_FREEZING) {
271                 /* We change from FREEZING to FROZEN lazily if the cgroup was
272                  * only partially frozen when we exitted write. */
273                 update_if_frozen(cgroup, freezer);
274                 state = freezer->state;
275         }
276         spin_unlock_irq(&freezer->lock);
277         cgroup_unlock();
278
279         seq_puts(m, freezer_state_strs[state]);
280         seq_putc(m, '\n');
281         return 0;
282 }
283
284 static int try_to_freeze_cgroup(struct cgroup *cgroup, struct freezer *freezer)
285 {
286         struct cgroup_iter it;
287         struct task_struct *task;
288         unsigned int num_cant_freeze_now = 0;
289
290         freezer->state = CGROUP_FREEZING;
291         cgroup_iter_start(cgroup, &it);
292         while ((task = cgroup_iter_next(cgroup, &it))) {
293                 if (!freeze_task(task, true))
294                         continue;
295                 if (frozen(task))
296                         continue;
297                 if (!freezing(task) && !freezer_should_skip(task))
298                         num_cant_freeze_now++;
299         }
300         cgroup_iter_end(cgroup, &it);
301
302         return num_cant_freeze_now ? -EBUSY : 0;
303 }
304
305 static void unfreeze_cgroup(struct cgroup *cgroup, struct freezer *freezer)
306 {
307         struct cgroup_iter it;
308         struct task_struct *task;
309
310         cgroup_iter_start(cgroup, &it);
311         while ((task = cgroup_iter_next(cgroup, &it))) {
312                 thaw_process(task);
313         }
314         cgroup_iter_end(cgroup, &it);
315
316         freezer->state = CGROUP_THAWED;
317 }
318
319 static int freezer_change_state(struct cgroup *cgroup,
320                                 enum freezer_state goal_state)
321 {
322         struct freezer *freezer;
323         int retval = 0;
324
325         freezer = cgroup_freezer(cgroup);
326
327         spin_lock_irq(&freezer->lock);
328
329         update_if_frozen(cgroup, freezer);
330         if (goal_state == freezer->state)
331                 goto out;
332
333         switch (goal_state) {
334         case CGROUP_THAWED:
335                 unfreeze_cgroup(cgroup, freezer);
336                 break;
337         case CGROUP_FROZEN:
338                 retval = try_to_freeze_cgroup(cgroup, freezer);
339                 break;
340         default:
341                 BUG();
342         }
343 out:
344         spin_unlock_irq(&freezer->lock);
345
346         return retval;
347 }
348
349 static int freezer_write(struct cgroup *cgroup,
350                          struct cftype *cft,
351                          const char *buffer)
352 {
353         int retval;
354         enum freezer_state goal_state;
355
356         if (strcmp(buffer, freezer_state_strs[CGROUP_THAWED]) == 0)
357                 goal_state = CGROUP_THAWED;
358         else if (strcmp(buffer, freezer_state_strs[CGROUP_FROZEN]) == 0)
359                 goal_state = CGROUP_FROZEN;
360         else
361                 return -EINVAL;
362
363         if (!cgroup_lock_live_group(cgroup))
364                 return -ENODEV;
365         retval = freezer_change_state(cgroup, goal_state);
366         cgroup_unlock();
367         return retval;
368 }
369
370 static struct cftype files[] = {
371         {
372                 .name = "state",
373                 .read_seq_string = freezer_read,
374                 .write_string = freezer_write,
375         },
376 };
377
378 static int freezer_populate(struct cgroup_subsys *ss, struct cgroup *cgroup)
379 {
380         if (!cgroup->parent)
381                 return 0;
382         return cgroup_add_files(cgroup, ss, files, ARRAY_SIZE(files));
383 }
384
385 struct cgroup_subsys freezer_subsys = {
386         .name           = "freezer",
387         .create         = freezer_create,
388         .destroy        = freezer_destroy,
389         .populate       = freezer_populate,
390         .subsys_id      = freezer_subsys_id,
391         .can_attach     = freezer_can_attach,
392         .can_attach_task = freezer_can_attach_task,
393         .pre_attach     = NULL,
394         .attach_task    = NULL,
395         .attach         = NULL,
396         .fork           = freezer_fork,
397         .exit           = NULL,
398 };