/*
 *  Generic process-grouping system.
 *
 *  Based originally on the cpuset system, extracted by Paul Menage
 *  Copyright (C) 2006 Google, Inc
 *
 *  Notifications support
 *  Copyright (C) 2009 Nokia Corporation
 *  Author: Kirill A. Shutemov
 *
 *  Copyright notices from the original cpuset code:
 *  --------------------------------------------------
 *  Copyright (C) 2003 BULL SA.
 *  Copyright (C) 2004-2006 Silicon Graphics, Inc.
 *
 *  Portions derived from Patrick Mochel's sysfs code.
 *  sysfs is Copyright (c) 2001-3 Patrick Mochel
 *
 *  2003-10-10 Written by Simon Derr.
 *  2003-10-22 Updates by Stephen Hemminger.
 *  2004 May-July Rework by Paul Jackson.
 *  ---------------------------------------------------
 *
 *  This file is subject to the terms and conditions of the GNU General Public
 *  License.  See the file COPYING in the main directory of the Linux
 *  distribution for more details.
 */

#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt

#include "cgroup-internal.h"

#include <linux/cred.h>
#include <linux/errno.h>
#include <linux/init_task.h>
#include <linux/kernel.h>
#include <linux/magic.h>
#include <linux/mutex.h>
#include <linux/mount.h>
#include <linux/pagemap.h>
#include <linux/proc_fs.h>
#include <linux/rcupdate.h>
#include <linux/sched.h>
#include <linux/sched/task.h>
#include <linux/slab.h>
#include <linux/spinlock.h>
#include <linux/percpu-rwsem.h>
#include <linux/string.h>
#include <linux/hashtable.h>
#include <linux/idr.h>
#include <linux/kthread.h>
#include <linux/atomic.h>
#include <linux/cpuset.h>
#include <linux/proc_ns.h>
#include <linux/nsproxy.h>
#include <linux/file.h>
#include <net/sock.h>

#define CREATE_TRACE_POINTS
#include <trace/events/cgroup.h>

#define CGROUP_FILE_NAME_MAX            (MAX_CGROUP_TYPE_NAMELEN +      \
                                         MAX_CFTYPE_NAME + 2)

/*
 * cgroup_mutex is the master lock.  Any modification to cgroup or its
 * hierarchy must be performed while holding it.
 *
 * css_set_lock protects task->cgroups pointer, the list of css_set
 * objects, and the chain of tasks off each css_set.
 *
 * These locks are exported if CONFIG_PROVE_RCU so that accessors in
 * cgroup.h can use them for lockdep annotations.
 */
DEFINE_MUTEX(cgroup_mutex);
DEFINE_SPINLOCK(css_set_lock);

#ifdef CONFIG_PROVE_RCU
EXPORT_SYMBOL_GPL(cgroup_mutex);
EXPORT_SYMBOL_GPL(css_set_lock);
#endif

/*
 * Protects cgroup_idr and css_idr so that IDs can be released without
 * grabbing cgroup_mutex.
 */
static DEFINE_SPINLOCK(cgroup_idr_lock);

/*
 * Protects cgroup_file->kn for !self csses.  It synchronizes notifications
 * against file removal/re-creation across css hiding.
 */
static DEFINE_SPINLOCK(cgroup_file_kn_lock);

struct percpu_rw_semaphore cgroup_threadgroup_rwsem;

#define cgroup_assert_mutex_or_rcu_locked()                             \
        RCU_LOCKDEP_WARN(!rcu_read_lock_held() &&                       \
                           !lockdep_is_held(&cgroup_mutex),             \
                           "cgroup_mutex or RCU read lock required");

/*
 * cgroup destruction makes heavy use of work items and there can be a lot
 * of concurrent destructions.  Use a separate workqueue so that cgroup
 * destruction work items don't end up filling up max_active of system_wq
 * which may lead to deadlock.
 */
static struct workqueue_struct *cgroup_destroy_wq;

/* generate an array of cgroup subsystem pointers */
#define SUBSYS(_x) [_x ## _cgrp_id] = &_x ## _cgrp_subsys,
struct cgroup_subsys *cgroup_subsys[] = {
#include <linux/cgroup_subsys.h>
};
#undef SUBSYS

/* array of cgroup subsystem names */
#define SUBSYS(_x) [_x ## _cgrp_id] = #_x,
static const char *cgroup_subsys_name[] = {
#include <linux/cgroup_subsys.h>
};
#undef SUBSYS

/* array of static_keys for cgroup_subsys_enabled() and cgroup_subsys_on_dfl() */
#define SUBSYS(_x)                                                              \
        DEFINE_STATIC_KEY_TRUE(_x ## _cgrp_subsys_enabled_key);                 \
        DEFINE_STATIC_KEY_TRUE(_x ## _cgrp_subsys_on_dfl_key);                  \
        EXPORT_SYMBOL_GPL(_x ## _cgrp_subsys_enabled_key);                      \
        EXPORT_SYMBOL_GPL(_x ## _cgrp_subsys_on_dfl_key);
#include <linux/cgroup_subsys.h>
#undef SUBSYS

#define SUBSYS(_x) [_x ## _cgrp_id] = &_x ## _cgrp_subsys_enabled_key,
static struct static_key_true *cgroup_subsys_enabled_key[] = {
#include <linux/cgroup_subsys.h>
};
#undef SUBSYS

#define SUBSYS(_x) [_x ## _cgrp_id] = &_x ## _cgrp_subsys_on_dfl_key,
static struct static_key_true *cgroup_subsys_on_dfl_key[] = {
#include <linux/cgroup_subsys.h>
};
#undef SUBSYS

/*
 * The default hierarchy, reserved for the subsystems that are otherwise
 * unattached - it never has more than a single cgroup, and all tasks are
 * part of that cgroup.
 */
struct cgroup_root cgrp_dfl_root;
EXPORT_SYMBOL_GPL(cgrp_dfl_root);

/*
 * The default hierarchy always exists but is hidden until mounted for the
 * first time.  This is for backward compatibility.
 */
static bool cgrp_dfl_visible;

/* some controllers are not supported in the default hierarchy */
static u16 cgrp_dfl_inhibit_ss_mask;

/* some controllers are implicitly enabled on the default hierarchy */
static u16 cgrp_dfl_implicit_ss_mask;

/* The list of hierarchy roots */
LIST_HEAD(cgroup_roots);
static int cgroup_root_count;

/* hierarchy ID allocation and mapping, protected by cgroup_mutex */
static DEFINE_IDR(cgroup_hierarchy_idr);

/*
 * Assign a monotonically increasing serial number to csses.  It guarantees
 * cgroups with bigger numbers are newer than those with smaller numbers.
 * Also, as csses are always appended to the parent's ->children list, it
 * guarantees that sibling csses are always sorted in the ascending serial
 * number order on the list.  Protected by cgroup_mutex.
 */
static u64 css_serial_nr_next = 1;

/*
 * These bitmasks identify subsystems with specific features to avoid
 * having to do iterative checks repeatedly.
 */
static u16 have_fork_callback __read_mostly;
static u16 have_exit_callback __read_mostly;
static u16 have_free_callback __read_mostly;
static u16 have_canfork_callback __read_mostly;

/* cgroup namespace for init task */
struct cgroup_namespace init_cgroup_ns = {
        .count          = REFCOUNT_INIT(2),
        .user_ns        = &init_user_ns,
        .ns.ops         = &cgroupns_operations,
        .ns.inum        = PROC_CGROUP_INIT_INO,
        .root_cset      = &init_css_set,
};

static struct file_system_type cgroup2_fs_type;
static struct cftype cgroup_base_files[];

static int cgroup_apply_control(struct cgroup *cgrp);
static void cgroup_finalize_control(struct cgroup *cgrp, int ret);
static void css_task_iter_advance(struct css_task_iter *it);
static int cgroup_destroy_locked(struct cgroup *cgrp);
static struct cgroup_subsys_state *css_create(struct cgroup *cgrp,
                                              struct cgroup_subsys *ss);
static void css_release(struct percpu_ref *ref);
static void kill_css(struct cgroup_subsys_state *css);
static int cgroup_addrm_files(struct cgroup_subsys_state *css,
                              struct cgroup *cgrp, struct cftype cfts[],
                              bool is_add);

/**
 * cgroup_ssid_enabled - cgroup subsys enabled test by subsys ID
 * @ssid: subsys ID of interest
 *
 * cgroup_subsys_enabled() can only be used with literal subsys names which
 * is fine for individual subsystems but unsuitable for cgroup core.  This
 * is slower static_key_enabled() based test indexed by @ssid.
 */
bool cgroup_ssid_enabled(int ssid)
{
        if (CGROUP_SUBSYS_COUNT == 0)
                return false;

        return static_key_enabled(cgroup_subsys_enabled_key[ssid]);
}

/**
 * cgroup_on_dfl - test whether a cgroup is on the default hierarchy
 * @cgrp: the cgroup of interest
 *
 * The default hierarchy is the v2 interface of cgroup and this function
 * can be used to test whether a cgroup is on the default hierarchy for
 * cases where a subsystem should behave differnetly depending on the
 * interface version.
 *
 * The set of behaviors which change on the default hierarchy are still
 * being determined and the mount option is prefixed with __DEVEL__.
 *
 * List of changed behaviors:
 *
 * - Mount options "noprefix", "xattr", "clone_children", "release_agent"
 *   and "name" are disallowed.
 *
 * - When mounting an existing superblock, mount options should match.
 *
 * - Remount is disallowed.
 *
 * - rename(2) is disallowed.
 *
 * - "tasks" is removed.  Everything should be at process granularity.  Use
 *   "cgroup.procs" instead.
 *
 * - "cgroup.procs" is not sorted.  pids will be unique unless they got
 *   recycled inbetween reads.
 *
 * - "release_agent" and "notify_on_release" are removed.  Replacement
 *   notification mechanism will be implemented.
 *
 * - "cgroup.clone_children" is removed.
 *
 * - "cgroup.subtree_populated" is available.  Its value is 0 if the cgroup
 *   and its descendants contain no task; otherwise, 1.  The file also
 *   generates kernfs notification which can be monitored through poll and
 *   [di]notify when the value of the file changes.
 *
 * - cpuset: tasks will be kept in empty cpusets when hotplug happens and
 *   take masks of ancestors with non-empty cpus/mems, instead of being
 *   moved to an ancestor.
 *
 * - cpuset: a task can be moved into an empty cpuset, and again it takes
 *   masks of ancestors.
 *
 * - memcg: use_hierarchy is on by default and the cgroup file for the flag
 *   is not created.
 *
 * - blkcg: blk-throttle becomes properly hierarchical.
 *
 * - debug: disallowed on the default hierarchy.
 */
bool cgroup_on_dfl(const struct cgroup *cgrp)
{
        return cgrp->root == &cgrp_dfl_root;
}

/* IDR wrappers which synchronize using cgroup_idr_lock */
static int cgroup_idr_alloc(struct idr *idr, void *ptr, int start, int end,
                            gfp_t gfp_mask)
{
        int ret;

        idr_preload(gfp_mask);
        spin_lock_bh(&cgroup_idr_lock);
        ret = idr_alloc(idr, ptr, start, end, gfp_mask & ~__GFP_DIRECT_RECLAIM);
        spin_unlock_bh(&cgroup_idr_lock);
        idr_preload_end();
        return ret;
}

static void *cgroup_idr_replace(struct idr *idr, void *ptr, int id)
{
        void *ret;

        spin_lock_bh(&cgroup_idr_lock);
        ret = idr_replace(idr, ptr, id);
        spin_unlock_bh(&cgroup_idr_lock);
        return ret;
}

static void cgroup_idr_remove(struct idr *idr, int id)
{
        spin_lock_bh(&cgroup_idr_lock);
        idr_remove(idr, id);
        spin_unlock_bh(&cgroup_idr_lock);
}

static struct cgroup *cgroup_parent(struct cgroup *cgrp)
{
        struct cgroup_subsys_state *parent_css = cgrp->self.parent;

        if (parent_css)
                return container_of(parent_css, struct cgroup, self);
        return NULL;
}

/* subsystems visibly enabled on a cgroup */
static u16 cgroup_control(struct cgroup *cgrp)
{
        struct cgroup *parent = cgroup_parent(cgrp);
        u16 root_ss_mask = cgrp->root->subsys_mask;

        if (parent)
                return parent->subtree_control;

        if (cgroup_on_dfl(cgrp))
                root_ss_mask &= ~(cgrp_dfl_inhibit_ss_mask |
                                  cgrp_dfl_implicit_ss_mask);
        return root_ss_mask;
}

/* subsystems enabled on a cgroup */
static u16 cgroup_ss_mask(struct cgroup *cgrp)
{
        struct cgroup *parent = cgroup_parent(cgrp);

        if (parent)
                return parent->subtree_ss_mask;

        return cgrp->root->subsys_mask;
}

/**
 * cgroup_css - obtain a cgroup's css for the specified subsystem
 * @cgrp: the cgroup of interest
 * @ss: the subsystem of interest (%NULL returns @cgrp->self)
 *
 * Return @cgrp's css (cgroup_subsys_state) associated with @ss.  This
 * function must be called either under cgroup_mutex or rcu_read_lock() and
 * the caller is responsible for pinning the returned css if it wants to
 * keep accessing it outside the said locks.  This function may return
 * %NULL if @cgrp doesn't have @subsys_id enabled.
 */
static struct cgroup_subsys_state *cgroup_css(struct cgroup *cgrp,
                                              struct cgroup_subsys *ss)
{
        if (ss)
                return rcu_dereference_check(cgrp->subsys[ss->id],
                                        lockdep_is_held(&cgroup_mutex));
        else
                return &cgrp->self;
}

/**
 * cgroup_e_css - obtain a cgroup's effective css for the specified subsystem
 * @cgrp: the cgroup of interest
 * @ss: the subsystem of interest (%NULL returns @cgrp->self)
 *
 * Similar to cgroup_css() but returns the effective css, which is defined
 * as the matching css of the nearest ancestor including self which has @ss
 * enabled.  If @ss is associated with the hierarchy @cgrp is on, this
 * function is guaranteed to return non-NULL css.
 */
static struct cgroup_subsys_state *cgroup_e_css(struct cgroup *cgrp,
                                                struct cgroup_subsys *ss)
{
        lockdep_assert_held(&cgroup_mutex);

        if (!ss)
                return &cgrp->self;

        /*
         * This function is used while updating css associations and thus
         * can't test the csses directly.  Test ss_mask.
         */
        while (!(cgroup_ss_mask(cgrp) & (1 << ss->id))) {
                cgrp = cgroup_parent(cgrp);
                if (!cgrp)
                        return NULL;
        }

        return cgroup_css(cgrp, ss);
}

/**
 * cgroup_get_e_css - get a cgroup's effective css for the specified subsystem
 * @cgrp: the cgroup of interest
 * @ss: the subsystem of interest
 *
 * Find and get the effective css of @cgrp for @ss.  The effective css is
 * defined as the matching css of the nearest ancestor including self which
 * has @ss enabled.  If @ss is not mounted on the hierarchy @cgrp is on,
 * the root css is returned, so this function always returns a valid css.
 * The returned css must be put using css_put().
 */
struct cgroup_subsys_state *cgroup_get_e_css(struct cgroup *cgrp,
                                             struct cgroup_subsys *ss)
{
        struct cgroup_subsys_state *css;

        rcu_read_lock();

        do {
                css = cgroup_css(cgrp, ss);

                if (css && css_tryget_online(css))
                        goto out_unlock;
                cgrp = cgroup_parent(cgrp);
        } while (cgrp);

        css = init_css_set.subsys[ss->id];
        css_get(css);
out_unlock:
        rcu_read_unlock();
        return css;
}

static void __maybe_unused cgroup_get(struct cgroup *cgrp)
{
        css_get(&cgrp->self);
}

static void cgroup_get_live(struct cgroup *cgrp)
{
        WARN_ON_ONCE(cgroup_is_dead(cgrp));
        css_get(&cgrp->self);
}

static bool cgroup_tryget(struct cgroup *cgrp)
{
        return css_tryget(&cgrp->self);
}

struct cgroup_subsys_state *of_css(struct kernfs_open_file *of)
{
        struct cgroup *cgrp = of->kn->parent->priv;
        struct cftype *cft = of_cft(of);

        /*
         * This is open and unprotected implementation of cgroup_css().
         * seq_css() is only called from a kernfs file operation which has
         * an active reference on the file.  Because all the subsystem
         * files are drained before a css is disassociated with a cgroup,
         * the matching css from the cgroup's subsys table is guaranteed to
         * be and stay valid until the enclosing operation is complete.
         */
        if (cft->ss)
                return rcu_dereference_raw(cgrp->subsys[cft->ss->id]);
        else
                return &cgrp->self;
}
EXPORT_SYMBOL_GPL(of_css);

/**
 * for_each_css - iterate all css's of a cgroup
 * @css: the iteration cursor
 * @ssid: the index of the subsystem, CGROUP_SUBSYS_COUNT after reaching the end
 * @cgrp: the target cgroup to iterate css's of
 *
 * Should be called under cgroup_[tree_]mutex.
 */
#define for_each_css(css, ssid, cgrp)                                   \
        for ((ssid) = 0; (ssid) < CGROUP_SUBSYS_COUNT; (ssid)++)        \
                if (!((css) = rcu_dereference_check(                    \
                                (cgrp)->subsys[(ssid)],                 \
                                lockdep_is_held(&cgroup_mutex)))) { }   \
                else

/**
 * for_each_e_css - iterate all effective css's of a cgroup
 * @css: the iteration cursor
 * @ssid: the index of the subsystem, CGROUP_SUBSYS_COUNT after reaching the end
 * @cgrp: the target cgroup to iterate css's of
 *
 * Should be called under cgroup_[tree_]mutex.
 */
#define for_each_e_css(css, ssid, cgrp)                                 \
        for ((ssid) = 0; (ssid) < CGROUP_SUBSYS_COUNT; (ssid)++)        \
                if (!((css) = cgroup_e_css(cgrp, cgroup_subsys[(ssid)]))) \
                        ;                                               \
                else

/**
 * do_each_subsys_mask - filter for_each_subsys with a bitmask
 * @ss: the iteration cursor
 * @ssid: the index of @ss, CGROUP_SUBSYS_COUNT after reaching the end
 * @ss_mask: the bitmask
 *
 * The block will only run for cases where the ssid-th bit (1 << ssid) of
 * @ss_mask is set.
 */
#define do_each_subsys_mask(ss, ssid, ss_mask) do {                     \
        unsigned long __ss_mask = (ss_mask);                            \
        if (!CGROUP_SUBSYS_COUNT) { /* to avoid spurious gcc warning */ \
                (ssid) = 0;                                             \
                break;                                                  \
        }                                                               \
        for_each_set_bit(ssid, &__ss_mask, CGROUP_SUBSYS_COUNT) {       \
                (ss) = cgroup_subsys[ssid];                             \
                {

#define while_each_subsys_mask()                                        \
                }                                                       \
        }                                                               \
} while (false)

/* iterate over child cgrps, lock should be held throughout iteration */
#define cgroup_for_each_live_child(child, cgrp)                         \
        list_for_each_entry((child), &(cgrp)->self.children, self.sibling) \
                if (({ lockdep_assert_held(&cgroup_mutex);              \
                       cgroup_is_dead(child); }))                       \
                        ;                                               \
                else

/* walk live descendants in preorder */
#define cgroup_for_each_live_descendant_pre(dsct, d_css, cgrp)          \
        css_for_each_descendant_pre((d_css), cgroup_css((cgrp), NULL))  \
                if (({ lockdep_assert_held(&cgroup_mutex);              \
                       (dsct) = (d_css)->cgroup;                        \
                       cgroup_is_dead(dsct); }))                        \
                        ;                                               \
                else

/* walk live descendants in postorder */
#define cgroup_for_each_live_descendant_post(dsct, d_css, cgrp)         \
        css_for_each_descendant_post((d_css), cgroup_css((cgrp), NULL)) \
                if (({ lockdep_assert_held(&cgroup_mutex);              \
                       (dsct) = (d_css)->cgroup;                        \
                       cgroup_is_dead(dsct); }))                        \
                        ;                                               \
                else

/*
 * The default css_set - used by init and its children prior to any
 * hierarchies being mounted. It contains a pointer to the root state
 * for each subsystem. Also used to anchor the list of css_sets. Not
 * reference-counted, to improve performance when child cgroups
 * haven't been created.
 */
struct css_set init_css_set = {
        .refcount               = REFCOUNT_INIT(1),
        .tasks                  = LIST_HEAD_INIT(init_css_set.tasks),
        .mg_tasks               = LIST_HEAD_INIT(init_css_set.mg_tasks),
        .task_iters             = LIST_HEAD_INIT(init_css_set.task_iters),
        .cgrp_links             = LIST_HEAD_INIT(init_css_set.cgrp_links),
        .mg_preload_node        = LIST_HEAD_INIT(init_css_set.mg_preload_node),
        .mg_node                = LIST_HEAD_INIT(init_css_set.mg_node),
};

static int css_set_count        = 1;    /* 1 for init_css_set */

/**
 * css_set_populated - does a css_set contain any tasks?
 * @cset: target css_set
 *
 * css_set_populated() should be the same as !!cset->nr_tasks at steady
 * state. However, css_set_populated() can be called while a task is being
 * added to or removed from the linked list before the nr_tasks is
 * properly updated. Hence, we can't just look at ->nr_tasks here.
 */
static bool css_set_populated(struct css_set *cset)
{
        lockdep_assert_held(&css_set_lock);

        return !list_empty(&cset->tasks) || !list_empty(&cset->mg_tasks);
}

/**
 * cgroup_update_populated - updated populated count of a cgroup
 * @cgrp: the target cgroup
 * @populated: inc or dec populated count
 *
 * One of the css_sets associated with @cgrp is either getting its first
 * task or losing the last.  Update @cgrp->populated_cnt accordingly.  The
 * count is propagated towards root so that a given cgroup's populated_cnt
 * is zero iff the cgroup and all its descendants don't contain any tasks.
 *
 * @cgrp's interface file "cgroup.populated" is zero if
 * @cgrp->populated_cnt is zero and 1 otherwise.  When @cgrp->populated_cnt
 * changes from or to zero, userland is notified that the content of the
 * interface file has changed.  This can be used to detect when @cgrp and
 * its descendants become populated or empty.
 */
static void cgroup_update_populated(struct cgroup *cgrp, bool populated)
{
        lockdep_assert_held(&css_set_lock);

        do {
                bool trigger;

                if (populated)
                        trigger = !cgrp->populated_cnt++;
                else
                        trigger = !--cgrp->populated_cnt;

                if (!trigger)
                        break;

                cgroup1_check_for_release(cgrp);
                cgroup_file_notify(&cgrp->events_file);

                cgrp = cgroup_parent(cgrp);
        } while (cgrp);
}

/**
 * css_set_update_populated - update populated state of a css_set
 * @cset: target css_set
 * @populated: whether @cset is populated or depopulated
 *
 * @cset is either getting the first task or losing the last.  Update the
 * ->populated_cnt of all associated cgroups accordingly.
 */
static void css_set_update_populated(struct css_set *cset, bool populated)
{
        struct cgrp_cset_link *link;

        lockdep_assert_held(&css_set_lock);

        list_for_each_entry(link, &cset->cgrp_links, cgrp_link)
                cgroup_update_populated(link->cgrp, populated);
}

/**
 * css_set_move_task - move a task from one css_set to another
 * @task: task being moved
 * @from_cset: css_set @task currently belongs to (may be NULL)
 * @to_cset: new css_set @task is being moved to (may be NULL)
 * @use_mg_tasks: move to @to_cset->mg_tasks instead of ->tasks
 *
 * Move @task from @from_cset to @to_cset.  If @task didn't belong to any
 * css_set, @from_cset can be NULL.  If @task is being disassociated
 * instead of moved, @to_cset can be NULL.
 *
 * This function automatically handles populated_cnt updates and
 * css_task_iter adjustments but the caller is responsible for managing
 * @from_cset and @to_cset's reference counts.
 */
static void css_set_move_task(struct task_struct *task,
                              struct css_set *from_cset, struct css_set *to_cset,
                              bool use_mg_tasks)
{
        lockdep_assert_held(&css_set_lock);

        if (to_cset && !css_set_populated(to_cset))
                css_set_update_populated(to_cset, true);

        if (from_cset) {
                struct css_task_iter *it, *pos;

                WARN_ON_ONCE(list_empty(&task->cg_list));

                /*
                 * @task is leaving, advance task iterators which are
                 * pointing to it so that they can resume at the next
                 * position.  Advancing an iterator might remove it from
                 * the list, use safe walk.  See css_task_iter_advance*()
                 * for details.
                 */
                list_for_each_entry_safe(it, pos, &from_cset->task_iters,
                                         iters_node)
                        if (it->task_pos == &task->cg_list)
                                css_task_iter_advance(it);

                list_del_init(&task->cg_list);
                if (!css_set_populated(from_cset))
                        css_set_update_populated(from_cset, false);
        } else {
                WARN_ON_ONCE(!list_empty(&task->cg_list));
        }

        if (to_cset) {
                /*
                 * We are synchronized through cgroup_threadgroup_rwsem
                 * against PF_EXITING setting such that we can't race
                 * against cgroup_exit() changing the css_set to
                 * init_css_set and dropping the old one.
                 */
                WARN_ON_ONCE(task->flags & PF_EXITING);

                rcu_assign_pointer(task->cgroups, to_cset);
                list_add_tail(&task->cg_list, use_mg_tasks ? &to_cset->mg_tasks :
                                                             &to_cset->tasks);
        }
}

/*
 * hash table for cgroup groups. This improves the performance to find
 * an existing css_set. This hash doesn't (currently) take into
 * account cgroups in empty hierarchies.
 */
#define CSS_SET_HASH_BITS       7
static DEFINE_HASHTABLE(css_set_table, CSS_SET_HASH_BITS);

static unsigned long css_set_hash(struct cgroup_subsys_state *css[])
{
        unsigned long key = 0UL;
        struct cgroup_subsys *ss;
        int i;

        for_each_subsys(ss, i)
                key += (unsigned long)css[i];
        key = (key >> 16) ^ key;

        return key;
}

void put_css_set_locked(struct css_set *cset)
{
        struct cgrp_cset_link *link, *tmp_link;
        struct cgroup_subsys *ss;
        int ssid;

        lockdep_assert_held(&css_set_lock);

        if (!refcount_dec_and_test(&cset->refcount))
                return;

        /* This css_set is dead. unlink it and release cgroup and css refs */
        for_each_subsys(ss, ssid) {
                list_del(&cset->e_cset_node[ssid]);
                css_put(cset->subsys[ssid]);
        }
        hash_del(&cset->hlist);
        css_set_count--;

        list_for_each_entry_safe(link, tmp_link, &cset->cgrp_links, cgrp_link) {
                list_del(&link->cset_link);
                list_del(&link->cgrp_link);
                if (cgroup_parent(link->cgrp))
                        cgroup_put(link->cgrp);
                kfree(link);
        }

        kfree_rcu(cset, rcu_head);
}

/**
 * compare_css_sets - helper function for find_existing_css_set().
 * @cset: candidate css_set being tested
 * @old_cset: existing css_set for a task
 * @new_cgrp: cgroup that's being entered by the task
 * @template: desired set of css pointers in css_set (pre-calculated)
 *
 * Returns true if "cset" matches "old_cset" except for the hierarchy
 * which "new_cgrp" belongs to, for which it should match "new_cgrp".
 */
static bool compare_css_sets(struct css_set *cset,
                             struct css_set *old_cset,
                             struct cgroup *new_cgrp,
                             struct cgroup_subsys_state *template[])
{
        struct list_head *l1, *l2;

        /*
         * On the default hierarchy, there can be csets which are
         * associated with the same set of cgroups but different csses.
         * Let's first ensure that csses match.
         */
        if (memcmp(template, cset->subsys, sizeof(cset->subsys)))
                return false;

        /*
         * Compare cgroup pointers in order to distinguish between
         * different cgroups in hierarchies.  As different cgroups may
         * share the same effective css, this comparison is always
         * necessary.
         */
        l1 = &cset->cgrp_links;
        l2 = &old_cset->cgrp_links;
        while (1) {
                struct cgrp_cset_link *link1, *link2;
                struct cgroup *cgrp1, *cgrp2;

                l1 = l1->next;
                l2 = l2->next;
                /* See if we reached the end - both lists are equal length. */
                if (l1 == &cset->cgrp_links) {
                        BUG_ON(l2 != &old_cset->cgrp_links);
                        break;
                } else {
                        BUG_ON(l2 == &old_cset->cgrp_links);
                }
                /* Locate the cgroups associated with these links. */
                link1 = list_entry(l1, struct cgrp_cset_link, cgrp_link);
                link2 = list_entry(l2, struct cgrp_cset_link, cgrp_link);
                cgrp1 = link1->cgrp;
                cgrp2 = link2->cgrp;
                /* Hierarchies should be linked in the same order. */
                BUG_ON(cgrp1->root != cgrp2->root);

                /*
                 * If this hierarchy is the hierarchy of the cgroup
                 * that's changing, then we need to check that this
                 * css_set points to the new cgroup; if it's any other
                 * hierarchy, then this css_set should point to the
                 * same cgroup as the old css_set.
                 */
                if (cgrp1->root == new_cgrp->root) {
                        if (cgrp1 != new_cgrp)
                                return false;
                } else {
                        if (cgrp1 != cgrp2)
                                return false;
                }
        }
        return true;
}

/**
 * find_existing_css_set - init css array and find the matching css_set
 * @old_cset: the css_set that we're using before the cgroup transition
 * @cgrp: the cgroup that we're moving into
 * @template: out param for the new set of csses, should be clear on entry
 */
static struct css_set *find_existing_css_set(struct css_set *old_cset,
                                        struct cgroup *cgrp,
                                        struct cgroup_subsys_state *template[])
{
        struct cgroup_root *root = cgrp->root;
        struct cgroup_subsys *ss;
        struct css_set *cset;
        unsigned long key;
        int i;

        /*
         * Build the set of subsystem state objects that we want to see in the
         * new css_set. while subsystems can change globally, the entries here
         * won't change, so no need for locking.
         */
        for_each_subsys(ss, i) {
                if (root->subsys_mask & (1UL << i)) {
                        /*
                         * @ss is in this hierarchy, so we want the
                         * effective css from @cgrp.
                         */
                        template[i] = cgroup_e_css(cgrp, ss);
                } else {
                        /*
                         * @ss is not in this hierarchy, so we don't want
                         * to change the css.
                         */
                        template[i] = old_cset->subsys[i];
                }
        }

        key = css_set_hash(template);
        hash_for_each_possible(css_set_table, cset, hlist, key) {
                if (!compare_css_sets(cset, old_cset, cgrp, template))
                        continue;

                /* This css_set matches what we need */
                return cset;
        }

        /* No existing cgroup group matched */
        return NULL;
}

static void free_cgrp_cset_links(struct list_head *links_to_free)
{
        struct cgrp_cset_link *link, *tmp_link;

        list_for_each_entry_safe(link, tmp_link, links_to_free, cset_link) {
                list_del(&link->cset_link);
                kfree(link);
        }
}

/**
 * allocate_cgrp_cset_links - allocate cgrp_cset_links
 * @count: the number of links to allocate
 * @tmp_links: list_head the allocated links are put on
 *
 * Allocate @count cgrp_cset_link structures and chain them on @tmp_links
 * through ->cset_link.  Returns 0 on success or -errno.
 */
static int allocate_cgrp_cset_links(int count, struct list_head *tmp_links)
{
        struct cgrp_cset_link *link;
        int i;

        INIT_LIST_HEAD(tmp_links);

        for (i = 0; i < count; i++) {
                link = kzalloc(sizeof(*link), GFP_KERNEL);
                if (!link) {
                        free_cgrp_cset_links(tmp_links);
                        return -ENOMEM;
                }
                list_add(&link->cset_link, tmp_links);
        }
        return 0;
}

/**
 * link_css_set - a helper function to link a css_set to a cgroup
 * @tmp_links: cgrp_cset_link objects allocated by allocate_cgrp_cset_links()
 * @cset: the css_set to be linked
 * @cgrp: the destination cgroup
 */
static void link_css_set(struct list_head *tmp_links, struct css_set *cset,
                         struct cgroup *cgrp)
{
        struct cgrp_cset_link *link;

        BUG_ON(list_empty(tmp_links));

        if (cgroup_on_dfl(cgrp))
                cset->dfl_cgrp = cgrp;

        link = list_first_entry(tmp_links, struct cgrp_cset_link, cset_link);
        link->cset = cset;
        link->cgrp = cgrp;

        /*
         * Always add links to the tail of the lists so that the lists are
         * in choronological order.
         */
        list_move_tail(&link->cset_link, &cgrp->cset_links);
        list_add_tail(&link->cgrp_link, &cset->cgrp_links);

        if (cgroup_parent(cgrp))
                cgroup_get_live(cgrp);
}

/**
 * find_css_set - return a new css_set with one cgroup updated
 * @old_cset: the baseline css_set
 * @cgrp: the cgroup to be updated
 *
 * Return a new css_set that's equivalent to @old_cset, but with @cgrp
 * substituted into the appropriate hierarchy.
 */
static struct css_set *find_css_set(struct css_set *old_cset,
                                    struct cgroup *cgrp)
{
        struct cgroup_subsys_state *template[CGROUP_SUBSYS_COUNT] = { };
        struct css_set *cset;
        struct list_head tmp_links;
        struct cgrp_cset_link *link;
        struct cgroup_subsys *ss;
        unsigned long key;
        int ssid;

        lockdep_assert_held(&cgroup_mutex);

        /* First see if we already have a cgroup group that matches
         * the desired set */
        spin_lock_irq(&css_set_lock);
        cset = find_existing_css_set(old_cset, cgrp, template);
        if (cset)
                get_css_set(cset);
        spin_unlock_irq(&css_set_lock);

        if (cset)
                return cset;

        cset = kzalloc(sizeof(*cset), GFP_KERNEL);
        if (!cset)
                return NULL;

        /* Allocate all the cgrp_cset_link objects that we'll need */
        if (allocate_cgrp_cset_links(cgroup_root_count, &tmp_links) < 0) {
                kfree(cset);
                return NULL;
        }

        refcount_set(&cset->refcount, 1);
        INIT_LIST_HEAD(&cset->tasks);
        INIT_LIST_HEAD(&cset->mg_tasks);
        INIT_LIST_HEAD(&cset->task_iters);
        INIT_HLIST_NODE(&cset->hlist);
        INIT_LIST_HEAD(&cset->cgrp_links);
        INIT_LIST_HEAD(&cset->mg_preload_node);
        INIT_LIST_HEAD(&cset->mg_node);

        /* Copy the set of subsystem state objects generated in
         * find_existing_css_set() */

        memcpy(cset->subsys, template, sizeof(cset->subsys));

        spin_lock_irq(&css_set_lock);
        /* Add reference counts and links from the new css_set. */
        list_for_each_entry(link, &old_cset->cgrp_links, cgrp_link) {
                struct cgroup *c = link->cgrp;

                if (c->root == cgrp->root)
                        c = cgrp;
                link_css_set(&tmp_links, cset, c);
        }

        BUG_ON(!list_empty(&tmp_links));

        css_set_count++;

        /* Add @cset to the hash table */
        key = css_set_hash(cset->subsys);
        hash_add(css_set_table, &cset->hlist, key);

        for_each_subsys(ss, ssid) {
                struct cgroup_subsys_state *css = cset->subsys[ssid];

                list_add_tail(&cset->e_cset_node[ssid],
                              &css->cgroup->e_csets[ssid]);
                css_get(css);
        }

        spin_unlock_irq(&css_set_lock);

        return cset;
}

struct cgroup_root *cgroup_root_from_kf(struct kernfs_root *kf_root)
{
        struct cgroup *root_cgrp = kf_root->kn->priv;

        return root_cgrp->root;
}

static int cgroup_init_root_id(struct cgroup_root *root)
{
        int id;

        lockdep_assert_held(&cgroup_mutex);

        id = idr_alloc_cyclic(&cgroup_hierarchy_idr, root, 0, 0, GFP_KERNEL);
        if (id < 0)
                return id;

        root->hierarchy_id = id;
        return 0;
}

static void cgroup_exit_root_id(struct cgroup_root *root)
{
        lockdep_assert_held(&cgroup_mutex);

        idr_remove(&cgroup_hierarchy_idr, root->hierarchy_id);
}

void cgroup_free_root(struct cgroup_root *root)
{
        if (root) {
                idr_destroy(&root->cgroup_idr);
                kfree(root);
        }
}

static void cgroup_destroy_root(struct cgroup_root *root)
{
        struct cgroup *cgrp = &root->cgrp;
        struct cgrp_cset_link *link, *tmp_link;

        trace_cgroup_destroy_root(root);

        cgroup_lock_and_drain_offline(&cgrp_dfl_root.cgrp);

        BUG_ON(atomic_read(&root->nr_cgrps));
        BUG_ON(!list_empty(&cgrp->self.children));

        /* Rebind all subsystems back to the default hierarchy */
        WARN_ON(rebind_subsystems(&cgrp_dfl_root, root->subsys_mask));

        /*
         * Release all the links from cset_links to this hierarchy's
         * root cgroup
         */
        spin_lock_irq(&css_set_lock);

        list_for_each_entry_safe(link, tmp_link, &cgrp->cset_links, cset_link) {
                list_del(&link->cset_link);
                list_del(&link->cgrp_link);
                kfree(link);
        }

        spin_unlock_irq(&css_set_lock);

        if (!list_empty(&root->root_list)) {
                list_del(&root->root_list);
                cgroup_root_count--;
        }

        cgroup_exit_root_id(root);

        mutex_unlock(&cgroup_mutex);

        kernfs_destroy_root(root->kf_root);
        cgroup_free_root(root);
}

/*
 * look up cgroup associated with current task's cgroup namespace on the
 * specified hierarchy
 */
static struct cgroup *
current_cgns_cgroup_from_root(struct cgroup_root *root)
{
        struct cgroup *res = NULL;
        struct css_set *cset;

        lockdep_assert_held(&css_set_lock);

        rcu_read_lock();

        cset = current->nsproxy->cgroup_ns->root_cset;
        if (cset == &init_css_set) {
                res = &root->cgrp;
        } else {
                struct cgrp_cset_link *link;

                list_for_each_entry(link, &cset->cgrp_links, cgrp_link) {
                        struct cgroup *c = link->cgrp;

                        if (c->root == root) {
                                res = c;
                                break;
                        }
                }
        }
        rcu_read_unlock();

        BUG_ON(!res);
        return res;
}

/* look up cgroup associated with given css_set on the specified hierarchy */
static struct cgroup *cset_cgroup_from_root(struct css_set *cset,
                                            struct cgroup_root *root)
{
        struct cgroup *res = NULL;

        lockdep_assert_held(&cgroup_mutex);
        lockdep_assert_held(&css_set_lock);

        if (cset == &init_css_set) {
                res = &root->cgrp;
        } else {
                struct cgrp_cset_link *link;

                list_for_each_entry(link, &cset->cgrp_links, cgrp_link) {
                        struct cgroup *c = link->cgrp;

                        if (c->root == root) {
                                res = c;
                                break;
                        }
                }
        }

        BUG_ON(!res);
        return res;
}

/*
 * Return the cgroup for "task" from the given hierarchy. Must be
 * called with cgroup_mutex and css_set_lock held.
 */
struct cgroup *task_cgroup_from_root(struct task_struct *task,
                                     struct cgroup_root *root)
{
        /*
         * No need to lock the task - since we hold cgroup_mutex the
         * task can't change groups, so the only thing that can happen
         * is that it exits and its css is set back to init_css_set.
         */
        return cset_cgroup_from_root(task_css_set(task), root);
}

/*
 * A task must hold cgroup_mutex to modify cgroups.
 *
 * Any task can increment and decrement the count field without lock.
 * So in general, code holding cgroup_mutex can't rely on the count
 * field not changing.  However, if the count goes to zero, then only
 * cgroup_attach_task() can increment it again.  Because a count of zero
 * means that no tasks are currently attached, therefore there is no
 * way a task attached to that cgroup can fork (the other way to
 * increment the count).  So code holding cgroup_mutex can safely
 * assume that if the count is zero, it will stay zero. Similarly, if
 * a task holds cgroup_mutex on a cgroup with zero count, it
 * knows that the cgroup won't be removed, as cgroup_rmdir()
 * needs that mutex.
 *
 * A cgroup can only be deleted if both its 'count' of using tasks
 * is zero, and its list of 'children' cgroups is empty.  Since all
 * tasks in the system use _some_ cgroup, and since there is always at
 * least one task in the system (init, pid == 1), therefore, root cgroup
 * always has either children cgroups and/or using tasks.  So we don't
 * need a special hack to ensure that root cgroup cannot be deleted.
 *
 * P.S.  One more locking exception.  RCU is used to guard the
 * update of a tasks cgroup pointer by cgroup_attach_task()
 */

static struct kernfs_syscall_ops cgroup_kf_syscall_ops;

static char *cgroup_file_name(struct cgroup *cgrp, const struct cftype *cft,
                              char *buf)
{
        struct cgroup_subsys *ss = cft->ss;

        if (cft->ss && !(cft->flags & CFTYPE_NO_PREFIX) &&
            !(cgrp->root->flags & CGRP_ROOT_NOPREFIX))
                snprintf(buf, CGROUP_FILE_NAME_MAX, "%s.%s",
                         cgroup_on_dfl(cgrp) ? ss->name : ss->legacy_name,
                         cft->name);
        else
                strncpy(buf, cft->name, CGROUP_FILE_NAME_MAX);
        return buf;
}

/**
 * cgroup_file_mode - deduce file mode of a control file
 * @cft: the control file in question
 *
 * S_IRUGO for read, S_IWUSR for write.
 */
static umode_t cgroup_file_mode(const struct cftype *cft)
{
        umode_t mode = 0;

        if (cft->read_u64 || cft->read_s64 || cft->seq_show)
                mode |= S_IRUGO;

        if (cft->write_u64 || cft->write_s64 || cft->write) {
                if (cft->flags & CFTYPE_WORLD_WRITABLE)
                        mode |= S_IWUGO;
                else
                        mode |= S_IWUSR;
        }

        return mode;
}

/**
 * cgroup_calc_subtree_ss_mask - calculate subtree_ss_mask
 * @subtree_control: the new subtree_control mask to consider
 * @this_ss_mask: available subsystems
 *
 * On the default hierarchy, a subsystem may request other subsystems to be
 * enabled together through its ->depends_on mask.  In such cases, more
 * subsystems than specified in "cgroup.subtree_control" may be enabled.
 *
 * This function calculates which subsystems need to be enabled if
 * @subtree_control is to be applied while restricted to @this_ss_mask.
 */
static u16 cgroup_calc_subtree_ss_mask(u16 subtree_control, u16 this_ss_mask)
{
        u16 cur_ss_mask = subtree_control;
        struct cgroup_subsys *ss;
        int ssid;

        lockdep_assert_held(&cgroup_mutex);

        cur_ss_mask |= cgrp_dfl_implicit_ss_mask;

        while (true) {
                u16 new_ss_mask = cur_ss_mask;

                do_each_subsys_mask(ss, ssid, cur_ss_mask) {
                        new_ss_mask |= ss->depends_on;
                } while_each_subsys_mask();

                /*
                 * Mask out subsystems which aren't available.  This can
                 * happen only if some depended-upon subsystems were bound
                 * to non-default hierarchies.
                 */
                new_ss_mask &= this_ss_mask;

                if (new_ss_mask == cur_ss_mask)
                        break;
                cur_ss_mask = new_ss_mask;
        }

        return cur_ss_mask;
}

/**
 * cgroup_kn_unlock - unlocking helper for cgroup kernfs methods
 * @kn: the kernfs_node being serviced
 *
 * This helper undoes cgroup_kn_lock_live() and should be invoked before
 * the method finishes if locking succeeded.  Note that once this function
 * returns the cgroup returned by cgroup_kn_lock_live() may become
 * inaccessible any time.  If the caller intends to continue to access the
 * cgroup, it should pin it before invoking this function.
 */
void cgroup_kn_unlock(struct kernfs_node *kn)
{
        struct cgroup *cgrp;

        if (kernfs_type(kn) == KERNFS_DIR)
                cgrp = kn->priv;
        else
                cgrp = kn->parent->priv;

        mutex_unlock(&cgroup_mutex);

        kernfs_unbreak_active_protection(kn);
        cgroup_put(cgrp);
}

/**
 * cgroup_kn_lock_live - locking helper for cgroup kernfs methods
 * @kn: the kernfs_node being serviced
 * @drain_offline: perform offline draining on the cgroup
 *
 * This helper is to be used by a cgroup kernfs method currently servicing
 * @kn.  It breaks the active protection, performs cgroup locking and
 * verifies that the associated cgroup is alive.  Returns the cgroup if
 * alive; otherwise, %NULL.  A successful return should be undone by a
 * matching cgroup_kn_unlock() invocation.  If @drain_offline is %true, the
 * cgroup is drained of offlining csses before return.
 *
 * Any cgroup kernfs method implementation which requires locking the
 * associated cgroup should use this helper.  It avoids nesting cgroup
 * locking under kernfs active protection and allows all kernfs operations
 * including self-removal.
 */
struct cgroup *cgroup_kn_lock_live(struct kernfs_node *kn, bool drain_offline)
{
        struct cgroup *cgrp;

        if (kernfs_type(kn) == KERNFS_DIR)
                cgrp = kn->priv;
        else
                cgrp = kn->parent->priv;

        /*
         * We're gonna grab cgroup_mutex which nests outside kernfs
         * active_ref.  cgroup liveliness check alone provides enough
         * protection against removal.  Ensure @cgrp stays accessible and
         * break the active_ref protection.
         */
        if (!cgroup_tryget(cgrp))
                return NULL;
        kernfs_break_active_protection(kn);

        if (drain_offline)
                cgroup_lock_and_drain_offline(cgrp);
        else
                mutex_lock(&cgroup_mutex);

        if (!cgroup_is_dead(cgrp))
                return cgrp;

        cgroup_kn_unlock(kn);
        return NULL;
}

static void cgroup_rm_file(struct cgroup *cgrp, const struct cftype *cft)
{
        char name[CGROUP_FILE_NAME_MAX];

        lockdep_assert_held(&cgroup_mutex);

        if (cft->file_offset) {
                struct cgroup_subsys_state *css = cgroup_css(cgrp, cft->ss);
                struct cgroup_file *cfile = (void *)css + cft->file_offset;

                spin_lock_irq(&cgroup_file_kn_lock);
                cfile->kn = NULL;
                spin_unlock_irq(&cgroup_file_kn_lock);
        }

        kernfs_remove_by_name(cgrp->kn, cgroup_file_name(cgrp, cft, name));
}

/**
 * css_clear_dir - remove subsys files in a cgroup directory
 * @css: taget css
 */
static void css_clear_dir(struct cgroup_subsys_state *css)
{
        struct cgroup *cgrp = css->cgroup;
        struct cftype *cfts;

        if (!(css->flags & CSS_VISIBLE))
                return;

        css->flags &= ~CSS_VISIBLE;

        list_for_each_entry(cfts, &css->ss->cfts, node)
                cgroup_addrm_files(css, cgrp, cfts, false);
}

/**
 * css_populate_dir - create subsys files in a cgroup directory
 * @css: target css
 *
 * On failure, no file is added.
 */
static int css_populate_dir(struct cgroup_subsys_state *css)
{
        struct cgroup *cgrp = css->cgroup;
        struct cftype *cfts, *failed_cfts;
        int ret;

        if ((css->flags & CSS_VISIBLE) || !cgrp->kn)
                return 0;

        if (!css->ss) {
                if (cgroup_on_dfl(cgrp))
                        cfts = cgroup_base_files;
                else
                        cfts = cgroup1_base_files;

                return cgroup_addrm_files(&cgrp->self, cgrp, cfts, true);
        }

        list_for_each_entry(cfts, &css->ss->cfts, node) {
                ret = cgroup_addrm_files(css, cgrp, cfts, true);
                if (ret < 0) {
                        failed_cfts = cfts;
                        goto err;
                }
        }

        css->flags |= CSS_VISIBLE;

        return 0;
err:
        list_for_each_entry(cfts, &css->ss->cfts, node) {
                if (cfts == failed_cfts)
                        break;
                cgroup_addrm_files(css, cgrp, cfts, false);
        }
        return ret;
}

int rebind_subsystems(struct cgroup_root *dst_root, u16 ss_mask)
{
        struct cgroup *dcgrp = &dst_root->cgrp;
        struct cgroup_subsys *ss;
        int ssid, i, ret;

        lockdep_assert_held(&cgroup_mutex);

        do_each_subsys_mask(ss, ssid, ss_mask) {
                /*
                 * If @ss has non-root csses attached to it, can't move.
                 * If @ss is an implicit controller, it is exempt from this
                 * rule and can be stolen.
                 */
                if (css_next_child(NULL, cgroup_css(&ss->root->cgrp, ss)) &&
                    !ss->implicit_on_dfl)
                        return -EBUSY;

                /* can't move between two non-dummy roots either */
                if (ss->root != &cgrp_dfl_root && dst_root != &cgrp_dfl_root)
                        return -EBUSY;
        } while_each_subsys_mask();

        do_each_subsys_mask(ss, ssid, ss_mask) {
                struct cgroup_root *src_root = ss->root;
                struct cgroup *scgrp = &src_root->cgrp;
                struct cgroup_subsys_state *css = cgroup_css(scgrp, ss);
                struct css_set *cset;

                WARN_ON(!css || cgroup_css(dcgrp, ss));

                /* disable from the source */
                src_root->subsys_mask &= ~(1 << ssid);
                WARN_ON(cgroup_apply_control(scgrp));
                cgroup_finalize_control(scgrp, 0);

                /* rebind */
                RCU_INIT_POINTER(scgrp->subsys[ssid], NULL);
                rcu_assign_pointer(dcgrp->subsys[ssid], css);
                ss->root = dst_root;
                css->cgroup = dcgrp;

                spin_lock_irq(&css_set_lock);
                hash_for_each(css_set_table, i, cset, hlist)
                        list_move_tail(&cset->e_cset_node[ss->id],
                                       &dcgrp->e_csets[ss->id]);
                spin_unlock_irq(&css_set_lock);

                /* default hierarchy doesn't enable controllers by default */
                dst_root->subsys_mask |= 1 << ssid;
                if (dst_root == &cgrp_dfl_root) {
                        static_branch_enable(cgroup_subsys_on_dfl_key[ssid]);
                } else {
                        dcgrp->subtree_control |= 1 << ssid;
                        static_branch_disable(cgroup_subsys_on_dfl_key[ssid]);
                }

                ret = cgroup_apply_control(dcgrp);
                if (ret)
                        pr_warn("partial failure to rebind %s controller (err=%d)\n",
                                ss->name, ret);

                if (ss->bind)
                        ss->bind(css);
        } while_each_subsys_mask();

        kernfs_activate(dcgrp->kn);
        return 0;
}

int cgroup_show_path(struct seq_file *sf, struct kernfs_node *kf_node,
                     struct kernfs_root *kf_root)
{
        int len = 0;
        char *buf = NULL;
        struct cgroup_root *kf_cgroot = cgroup_root_from_kf(kf_root);
        struct cgroup *ns_cgroup;

        buf = kmalloc(PATH_MAX, GFP_KERNEL);
        if (!buf)
                return -ENOMEM;

        spin_lock_irq(&css_set_lock);
        ns_cgroup = current_cgns_cgroup_from_root(kf_cgroot);
        len = kernfs_path_from_node(kf_node, ns_cgroup->kn, buf, PATH_MAX);
        spin_unlock_irq(&css_set_lock);

        if (len >= PATH_MAX)
                len = -ERANGE;
        else if (len > 0) {
                seq_escape(sf, buf, " \t\n\\");
                len = 0;
        }
        kfree(buf);
        return len;
}

static int parse_cgroup_root_flags(char *data, unsigned int *root_flags)
{
        char *token;

        *root_flags = 0;

        if (!data)
                return 0;

        while ((token = strsep(&data, ",")) != NULL) {
                if (!strcmp(token, "nsdelegate")) {
                        *root_flags |= CGRP_ROOT_NS_DELEGATE;
                        continue;
                }

                pr_err("cgroup2: unknown option \"%s\"\n", token);
                return -EINVAL;
        }

        return 0;
}

static void apply_cgroup_root_flags(unsigned int root_flags)
{
        if (current->nsproxy->cgroup_ns == &init_cgroup_ns) {
                if (root_flags & CGRP_ROOT_NS_DELEGATE)
                        cgrp_dfl_root.flags |= CGRP_ROOT_NS_DELEGATE;
                else
                        cgrp_dfl_root.flags &= ~CGRP_ROOT_NS_DELEGATE;
        }
}

static int cgroup_show_options(struct seq_file *seq, struct kernfs_root *kf_root)
{
        if (cgrp_dfl_root.flags & CGRP_ROOT_NS_DELEGATE)
                seq_puts(seq, ",nsdelegate");
        return 0;
}

static int cgroup_remount(struct kernfs_root *kf_root, int *flags, char *data)
{
        unsigned int root_flags;
        int ret;

        ret = parse_cgroup_root_flags(data, &root_flags);
        if (ret)
                return ret;

        apply_cgroup_root_flags(root_flags);
        return 0;
}

/*
 * To reduce the fork() overhead for systems that are not actually using
 * their cgroups capability, we don't maintain the lists running through
 * each css_set to its tasks until we see the list actually used - in other
 * words after the first mount.
 */
static bool use_task_css_set_links __read_mostly;

static void cgroup_enable_task_cg_lists(void)
{
        struct task_struct *p, *g;

        spin_lock_irq(&css_set_lock);

        if (use_task_css_set_links)
                goto out_unlock;

        use_task_css_set_links = true;

        /*
         * We need tasklist_lock because RCU is not safe against
         * while_each_thread(). Besides, a forking task that has passed
         * cgroup_post_fork() without seeing use_task_css_set_links = 1
         * is not guaranteed to have its child immediately visible in the
         * tasklist if we walk through it with RCU.
         */
        read_lock(&tasklist_lock);
        do_each_thread(g, p) {
                WARN_ON_ONCE(!list_empty(&p->cg_list) ||
                             task_css_set(p) != &init_css_set);

                /*
                 * We should check if the process is exiting, otherwise
                 * it will race with cgroup_exit() in that the list
                 * entry won't be deleted though the process has exited.
                 * Do it while holding siglock so that we don't end up
                 * racing against cgroup_exit().
                 *
                 * Interrupts were already disabled while acquiring
                 * the css_set_lock, so we do not need to disable it
                 * again when acquiring the sighand->siglock here.
                 */
                spin_lock(&p->sighand->siglock);
                if (!(p->flags & PF_EXITING)) {
                        struct css_set *cset = task_css_set(p);

                        if (!css_set_populated(cset))
                                css_set_update_populated(cset, true);
                        list_add_tail(&p->cg_list, &cset->tasks);
                        get_css_set(cset);
                        cset->nr_tasks++;
                }
                spin_unlock(&p->sighand->siglock);
        } while_each_thread(g, p);
        read_unlock(&tasklist_lock);
out_unlock:
        spin_unlock_irq(&css_set_lock);
}

static void init_cgroup_housekeeping(struct cgroup *cgrp)
{
        struct cgroup_subsys *ss;
        int ssid;

        INIT_LIST_HEAD(&cgrp->self.sibling);
        INIT_LIST_HEAD(&cgrp->self.children);
        INIT_LIST_HEAD(&cgrp->cset_links);
        INIT_LIST_HEAD(&cgrp->pidlists);
        mutex_init(&cgrp->pidlist_mutex);
        cgrp->self.cgroup = cgrp;
        cgrp->self.flags |= CSS_ONLINE;

        for_each_subsys(ss, ssid)
                INIT_LIST_HEAD(&cgrp->e_csets[ssid]);

        init_waitqueue_head(&cgrp->offline_waitq);
        INIT_WORK(&cgrp->release_agent_work, cgroup1_release_agent);
}

void init_cgroup_root(struct cgroup_root *root, struct cgroup_sb_opts *opts)
{
        struct cgroup *cgrp = &root->cgrp;

        INIT_LIST_HEAD(&root->root_list);
        atomic_set(&root->nr_cgrps, 1);
        cgrp->root = root;
        init_cgroup_housekeeping(cgrp);
        idr_init(&root->cgroup_idr);

        root->flags = opts->flags;
        if (opts->release_agent)
                strcpy(root->release_agent_path, opts->release_agent);
        if (opts->name)
                strcpy(root->name, opts->name);
        if (opts->cpuset_clone_children)
                set_bit(CGRP_CPUSET_CLONE_CHILDREN, &root->cgrp.flags);
}

int cgroup_setup_root(struct cgroup_root *root, u16 ss_mask, int ref_flags)
{
        LIST_HEAD(tmp_links);
        struct cgroup *root_cgrp = &root->cgrp;
        struct kernfs_syscall_ops *kf_sops;
        struct css_set *cset;
        int i, ret;

        lockdep_assert_held(&cgroup_mutex);

        ret = cgroup_idr_alloc(&root->cgroup_idr, root_cgrp, 1, 2, GFP_KERNEL);
        if (ret < 0)
                goto out;
        root_cgrp->id = ret;
        root_cgrp->ancestor_ids[0] = ret;

        ret = percpu_ref_init(&root_cgrp->self.refcnt, css_release,
                              ref_flags, GFP_KERNEL);
        if (ret)
                goto out;

        /*
         * We're accessing css_set_count without locking css_set_lock here,
         * but that's OK - it can only be increased by someone holding
         * cgroup_lock, and that's us.  Later rebinding may disable
         * controllers on the default hierarchy and thus create new csets,
         * which can't be more than the existing ones.  Allocate 2x.
         */
        ret = allocate_cgrp_cset_links(2 * css_set_count, &tmp_links);
        if (ret)
                goto cancel_ref;

        ret = cgroup_init_root_id(root);
        if (ret)
                goto cancel_ref;

        kf_sops = root == &cgrp_dfl_root ?
                &cgroup_kf_syscall_ops : &cgroup1_kf_syscall_ops;

        root->kf_root = kernfs_create_root(kf_sops,
                                           KERNFS_ROOT_CREATE_DEACTIVATED,
                                           root_cgrp);
        if (IS_ERR(root->kf_root)) {
                ret = PTR_ERR(root->kf_root);
                goto exit_root_id;
        }
        root_cgrp->kn = root->kf_root->kn;

        ret = css_populate_dir(&root_cgrp->self);
        if (ret)
                goto destroy_root;

        ret = rebind_subsystems(root, ss_mask);
        if (ret)
                goto destroy_root;

        trace_cgroup_setup_root(root);

        /*
         * There must be no failure case after here, since rebinding takes
         * care of subsystems' refcounts, which are explicitly dropped in
         * the failure exit path.
         */
        list_add(&root->root_list, &cgroup_roots);
        cgroup_root_count++;

        /*
         * Link the root cgroup in this hierarchy into all the css_set
         * objects.
         */
        spin_lock_irq(&css_set_lock);
        hash_for_each(css_set_table, i, cset, hlist) {
                link_css_set(&tmp_links, cset, root_cgrp);
                if (css_set_populated(cset))
                        cgroup_update_populated(root_cgrp, true);
        }
        spin_unlock_irq(&css_set_lock);

        BUG_ON(!list_empty(&root_cgrp->self.children));
        BUG_ON(atomic_read(&root->nr_cgrps) != 1);

        kernfs_activate(root_cgrp->kn);
        ret = 0;
        goto out;

destroy_root:
        kernfs_destroy_root(root->kf_root);
        root->kf_root = NULL;
exit_root_id:
        cgroup_exit_root_id(root);
cancel_ref:
        percpu_ref_exit(&root_cgrp->self.refcnt);
out:
        free_cgrp_cset_links(&tmp_links);
        return ret;
}

struct dentry *cgroup_do_mount(struct file_system_type *fs_type, int flags,
                               struct cgroup_root *root, unsigned long magic,
                               struct cgroup_namespace *ns)
{
        struct dentry *dentry;
        bool new_sb;

        dentry = kernfs_mount(fs_type, flags, root->kf_root, magic, &new_sb);

        /*
         * In non-init cgroup namespace, instead of root cgroup's dentry,
         * we return the dentry corresponding to the cgroupns->root_cgrp.
         */
        if (!IS_ERR(dentry) && ns != &init_cgroup_ns) {
                struct dentry *nsdentry;
                struct cgroup *cgrp;

                mutex_lock(&cgroup_mutex);
                spin_lock_irq(&css_set_lock);

                cgrp = cset_cgroup_from_root(ns->root_cset, root);

                spin_unlock_irq(&css_set_lock);
                mutex_unlock(&cgroup_mutex);

                nsdentry = kernfs_node_dentry(cgrp->kn, dentry->d_sb);
                dput(dentry);
                dentry = nsdentry;
        }

        if (IS_ERR(dentry) || !new_sb)
                cgroup_put(&root->cgrp);

        return dentry;
}

static struct dentry *cgroup_mount(struct file_system_type *fs_type,
                         int flags, const char *unused_dev_name,
                         void *data)
{
        struct cgroup_namespace *ns = current->nsproxy->cgroup_ns;
        struct dentry *dentry;
        int ret;

        get_cgroup_ns(ns);

        /* Check if the caller has permission to mount. */
        if (!ns_capable(ns->user_ns, CAP_SYS_ADMIN)) {
                put_cgroup_ns(ns);
                return ERR_PTR(-EPERM);
        }

        /*
         * The first time anyone tries to mount a cgroup, enable the list
         * linking each css_set to its tasks and fix up all existing tasks.
         */
        if (!use_task_css_set_links)
                cgroup_enable_task_cg_lists();

        if (fs_type == &cgroup2_fs_type) {
                unsigned int root_flags;

                ret = parse_cgroup_root_flags(data, &root_flags);
                if (ret) {
                        put_cgroup_ns(ns);
                        return ERR_PTR(ret);
                }

                cgrp_dfl_visible = true;
                cgroup_get_live(&cgrp_dfl_root.cgrp);

                dentry = cgroup_do_mount(&cgroup2_fs_type, flags, &cgrp_dfl_root,
                                         CGROUP2_SUPER_MAGIC, ns);
                if (!IS_ERR(dentry))
                        apply_cgroup_root_flags(root_flags);
        } else {
                dentry = cgroup1_mount(&cgroup_fs_type, flags, data,
                                       CGROUP_SUPER_MAGIC, ns);
        }

        put_cgroup_ns(ns);
        return dentry;
}

static void cgroup_kill_sb(struct super_block *sb)
{
        struct kernfs_root *kf_root = kernfs_root_from_sb(sb);
        struct cgroup_root *root = cgroup_root_from_kf(kf_root);

        /*
         * If @root doesn't have any mounts or children, start killing it.
         * This prevents new mounts by disabling percpu_ref_tryget_live().
         * cgroup_mount() may wait for @root's release.
         *
         * And don't kill the default root.
         */
        if (!list_empty(&root->cgrp.self.children) ||
            root == &cgrp_dfl_root)
                cgroup_put(&root->cgrp);
        else
                percpu_ref_kill(&root->cgrp.self.refcnt);

        kernfs_kill_sb(sb);
}

struct file_system_type cgroup_fs_type = {
        .name = "cgroup",
        .mount = cgroup_mount,
        .kill_sb = cgroup_kill_sb,
        .fs_flags = FS_USERNS_MOUNT,
};

static struct file_system_type cgroup2_fs_type = {
        .name = "cgroup2",
        .mount = cgroup_mount,
        .kill_sb = cgroup_kill_sb,
        .fs_flags = FS_USERNS_MOUNT,
};

int cgroup_path_ns_locked(struct cgroup *cgrp, char *buf, size_t buflen,
                          struct cgroup_namespace *ns)
{
        struct cgroup *root = cset_cgroup_from_root(ns->root_cset, cgrp->root);

        return kernfs_path_from_node(cgrp->kn, root->kn, buf, buflen);
}

int cgroup_path_ns(struct cgroup *cgrp, char *buf, size_t buflen,
                   struct cgroup_namespace *ns)
{
        int ret;

        mutex_lock(&cgroup_mutex);
        spin_lock_irq(&css_set_lock);

        ret = cgroup_path_ns_locked(cgrp, buf, buflen, ns);

        spin_unlock_irq(&css_set_lock);
        mutex_unlock(&cgroup_mutex);

        return ret;
}
EXPORT_SYMBOL_GPL(cgroup_path_ns);

/**
 * task_cgroup_path - cgroup path of a task in the first cgroup hierarchy
 * @task: target task
 * @buf: the buffer to write the path into
 * @buflen: the length of the buffer
 *
 * Determine @task's cgroup on the first (the one with the lowest non-zero
 * hierarchy_id) cgroup hierarchy and copy its path into @buf.  This
 * function grabs cgroup_mutex and shouldn't be used inside locks used by
 * cgroup controller callbacks.
 *
 * Return value is the same as kernfs_path().
 */
int task_cgroup_path(struct task_struct *task, char *buf, size_t buflen)
{
        struct cgroup_root *root;
        struct cgroup *cgrp;
        int hierarchy_id = 1;
        int ret;

        mutex_lock(&cgroup_mutex);
        spin_lock_irq(&css_set_lock);

        root = idr_get_next(&cgroup_hierarchy_idr, &hierarchy_id);

        if (root) {
                cgrp = task_cgroup_from_root(task, root);
                ret = cgroup_path_ns_locked(cgrp, buf, buflen, &init_cgroup_ns);
        } else {
                /* if no hierarchy exists, everyone is in "/" */
                ret = strlcpy(buf, "/", buflen);
        }

        spin_unlock_irq(&css_set_lock);
        mutex_unlock(&cgroup_mutex);
        return ret;
}
EXPORT_SYMBOL_GPL(task_cgroup_path);

/**
 * cgroup_migrate_add_task - add a migration target task to a migration context
 * @task: target task
 * @mgctx: target migration context
 *
 * Add @task, which is a migration target, to @mgctx->tset.  This function
 * becomes noop if @task doesn't need to be migrated.  @task's css_set
 * should have been added as a migration source and @task->cg_list will be
 * moved from the css_set's tasks list to mg_tasks one.
 */
static void cgroup_migrate_add_task(struct task_struct *task,
                                    struct cgroup_mgctx *mgctx)
{
        struct css_set *cset;

        lockdep_assert_held(&css_set_lock);

        /* @task either already exited or can't exit until the end */
        if (task->flags & PF_EXITING)
                return;

        /* leave @task alone if post_fork() hasn't linked it yet */
        if (list_empty(&task->cg_list))
                return;

        cset = task_css_set(task);
        if (!cset->mg_src_cgrp)
                return;

        mgctx->tset.nr_tasks++;

        list_move_tail(&task->cg_list, &cset->mg_tasks);
        if (list_empty(&cset->mg_node))
                list_add_tail(&cset->mg_node,
                              &mgctx->tset.src_csets);
        if (list_empty(&cset->mg_dst_cset->mg_node))
                list_add_tail(&cset->mg_dst_cset->mg_node,
                              &mgctx->tset.dst_csets);
}

/**
 * cgroup_taskset_first - reset taskset and return the first task
 * @tset: taskset of interest
 * @dst_cssp: output variable for the destination css
 *
 * @tset iteration is initialized and the first task is returned.
 */
struct task_struct *cgroup_taskset_first(struct cgroup_taskset *tset,
                                         struct cgroup_subsys_state **dst_cssp)
{
        tset->cur_cset = list_first_entry(tset->csets, struct css_set, mg_node);
        tset->cur_task = NULL;

        return cgroup_taskset_next(tset, dst_cssp);
}

/**
 * cgroup_taskset_next - iterate to the next task in taskset
 * @tset: taskset of interest
 * @dst_cssp: output variable for the destination css
 *
 * Return the next task in @tset.  Iteration must have been initialized
 * with cgroup_taskset_first().
 */
struct task_struct *cgroup_taskset_next(struct cgroup_taskset *tset,
                                        struct cgroup_subsys_state **dst_cssp)
{
        struct css_set *cset = tset->cur_cset;
        struct task_struct *task = tset->cur_task;

        while (&cset->mg_node != tset->csets) {
                if (!task)
                        task = list_first_entry(&cset->mg_tasks,
                                                struct task_struct, cg_list);
                else
                        task = list_next_entry(task, cg_list);

                if (&task->cg_list != &cset->mg_tasks) {
                        tset->cur_cset = cset;
                        tset->cur_task = task;

                        /*
                         * This function may be called both before and
                         * after cgroup_taskset_migrate().  The two cases
                         * can be distinguished by looking at whether @cset
                         * has its ->mg_dst_cset set.
                         */
                        if (cset->mg_dst_cset)
                                *dst_cssp = cset->mg_dst_cset->subsys[tset->ssid];
                        else
                                *dst_cssp = cset->subsys[tset->ssid];

                        return task;
                }

                cset = list_next_entry(cset, mg_node);
                task = NULL;
        }

        return NULL;
}

/**
 * cgroup_taskset_migrate - migrate a taskset
 * @mgctx: migration context
 *
 * Migrate tasks in @mgctx as setup by migration preparation functions.
 * This function fails iff one of the ->can_attach callbacks fails and
 * guarantees that either all or none of the tasks in @mgctx are migrated.
 * @mgctx is consumed regardless of success.
 */
static int cgroup_migrate_execute(struct cgroup_mgctx *mgctx)
{
        struct cgroup_taskset *tset = &mgctx->tset;
        struct cgroup_subsys *ss;
        struct task_struct *task, *tmp_task;
        struct css_set *cset, *tmp_cset;
        int ssid, failed_ssid, ret;

        /* check that we can legitimately attach to the cgroup */
        if (tset->nr_tasks) {
                do_each_subsys_mask(ss, ssid, mgctx->ss_mask) {
                        if (ss->can_attach) {
                                tset->ssid = ssid;
                                ret = ss->can_attach(tset);
                                if (ret) {
                                        failed_ssid = ssid;
                                        goto out_cancel_attach;
                                }
                        }
                } while_each_subsys_mask();
        }

        /*
         * Now that we're guaranteed success, proceed to move all tasks to
         * the new cgroup.  There are no failure cases after here, so this
         * is the commit point.
         */
        spin_lock_irq(&css_set_lock);
        list_for_each_entry(cset, &tset->src_csets, mg_node) {
                list_for_each_entry_safe(task, tmp_task, &cset->mg_tasks, cg_list) {
                        struct css_set *from_cset = task_css_set(task);
                        struct css_set *to_cset = cset->mg_dst_cset;

                        get_css_set(to_cset);
                        to_cset->nr_tasks++;
                        css_set_move_task(task, from_cset, to_cset, true);
                        put_css_set_locked(from_cset);
                        from_cset->nr_tasks--;
                }
        }
        spin_unlock_irq(&css_set_lock);

        /*
         * Migration is committed, all target tasks are now on dst_csets.
         * Nothing is sensitive to fork() after this point.  Notify
         * controllers that migration is complete.
         */
        tset->csets = &tset->dst_csets;

        if (tset->nr_tasks) {
                do_each_subsys_mask(ss, ssid, mgctx->ss_mask) {
                        if (ss->attach) {
                                tset->ssid = ssid;
                                ss->attach(tset);
                        }
                } while_each_subsys_mask();
        }

        ret = 0;
        goto out_release_tset;

out_cancel_attach:
        if (tset->nr_tasks) {
                do_each_subsys_mask(ss, ssid, mgctx->ss_mask) {
                        if (ssid == failed_ssid)
                                break;
                        if (ss->cancel_attach) {
                                tset->ssid = ssid;
                                ss->cancel_attach(tset);
                        }
                } while_each_subsys_mask();
        }
out_release_tset:
        spin_lock_irq(&css_set_lock);
        list_splice_init(&tset->dst_csets, &tset->src_csets);
        list_for_each_entry_safe(cset, tmp_cset, &tset->src_csets, mg_node) {
                list_splice_tail_init(&cset->mg_tasks, &cset->tasks);
                list_del_init(&cset->mg_node);
        }
        spin_unlock_irq(&css_set_lock);
        return ret;
}

/**
 * cgroup_may_migrate_to - verify whether a cgroup can be migration destination
 * @dst_cgrp: destination cgroup to test
 *
 * On the default hierarchy, except for the root, subtree_control must be
 * zero for migration destination cgroups with tasks so that child cgroups
 * don't compete against tasks.
 */
bool cgroup_may_migrate_to(struct cgroup *dst_cgrp)
{
        return !cgroup_on_dfl(dst_cgrp) || !cgroup_parent(dst_cgrp) ||
                !dst_cgrp->subtree_control;
}

/**
 * cgroup_migrate_finish - cleanup after attach
 * @mgctx: migration context
 *
 * Undo cgroup_migrate_add_src() and cgroup_migrate_prepare_dst().  See
 * those functions for details.
 */
void cgroup_migrate_finish(struct cgroup_mgctx *mgctx)
{
        LIST_HEAD(preloaded);
        struct css_set *cset, *tmp_cset;

        lockdep_assert_held(&cgroup_mutex);

        spin_lock_irq(&css_set_lock);

        list_splice_tail_init(&mgctx->preloaded_src_csets, &preloaded);
        list_splice_tail_init(&mgctx->preloaded_dst_csets, &preloaded);

        list_for_each_entry_safe(cset, tmp_cset, &preloaded, mg_preload_node) {
                cset->mg_src_cgrp = NULL;
                cset->mg_dst_cgrp = NULL;
                cset->mg_dst_cset = NULL;
                list_del_init(&cset->mg_preload_node);
                put_css_set_locked(cset);
        }

        spin_unlock_irq(&css_set_lock);
}

/**
 * cgroup_migrate_add_src - add a migration source css_set
 * @src_cset: the source css_set to add
 * @dst_cgrp: the destination cgroup
 * @mgctx: migration context
 *
 * Tasks belonging to @src_cset are about to be migrated to @dst_cgrp.  Pin
 * @src_cset and add it to @mgctx->src_csets, which should later be cleaned
 * up by cgroup_migrate_finish().
 *
 * This function may be called without holding cgroup_threadgroup_rwsem
 * even if the target is a process.  Threads may be created and destroyed
 * but as long as cgroup_mutex is not dropped, no new css_set can be put
 * into play and the preloaded css_sets are guaranteed to cover all
 * migrations.
 */
void cgroup_migrate_add_src(struct css_set *src_cset,
                            struct cgroup *dst_cgrp,
                            struct cgroup_mgctx *mgctx)
{
        struct cgroup *src_cgrp;

        lockdep_assert_held(&cgroup_mutex);
        lockdep_assert_held(&css_set_lock);

        /*
         * If ->dead, @src_set is associated with one or more dead cgroups
         * and doesn't contain any migratable tasks.  Ignore it early so
         * that the rest of migration path doesn't get confused by it.
         */
        if (src_cset->dead)
                return;

        src_cgrp = cset_cgroup_from_root(src_cset, dst_cgrp->root);

        if (!list_empty(&src_cset->mg_preload_node))
                return;

        WARN_ON(src_cset->mg_src_cgrp);
        WARN_ON(src_cset->mg_dst_cgrp);
        WARN_ON(!list_empty(&src_cset->mg_tasks));
        WARN_ON(!list_empty(&src_cset->mg_node));

        src_cset->mg_src_cgrp = src_cgrp;
        src_cset->mg_dst_cgrp = dst_cgrp;
        get_css_set(src_cset);
        list_add_tail(&src_cset->mg_preload_node, &mgctx->preloaded_src_csets);
}

/**
 * cgroup_migrate_prepare_dst - prepare destination css_sets for migration
 * @mgctx: migration context
 *
 * Tasks are about to be moved and all the source css_sets have been
 * preloaded to @mgctx->preloaded_src_csets.  This function looks up and
 * pins all destination css_sets, links each to its source, and append them
 * to @mgctx->preloaded_dst_csets.
 *
 * This function must be called after cgroup_migrate_add_src() has been
 * called on each migration source css_set.  After migration is performed
 * using cgroup_migrate(), cgroup_migrate_finish() must be called on
 * @mgctx.
 */
int cgroup_migrate_prepare_dst(struct cgroup_mgctx *mgctx)
{
        struct css_set *src_cset, *tmp_cset;

        lockdep_assert_held(&cgroup_mutex);

        /* look up the dst cset for each src cset and link it to src */
        list_for_each_entry_safe(src_cset, tmp_cset, &mgctx->preloaded_src_csets,
                                 mg_preload_node) {
                struct css_set *dst_cset;
                struct cgroup_subsys *ss;
                int ssid;

                dst_cset = find_css_set(src_cset, src_cset->mg_dst_cgrp);
                if (!dst_cset)
                        goto err;

                WARN_ON_ONCE(src_cset->mg_dst_cset || dst_cset->mg_dst_cset);

                /*
                 * If src cset equals dst, it's noop.  Drop the src.
                 * cgroup_migrate() will skip the cset too.  Note that we
                 * can't handle src == dst as some nodes are used by both.
                 */
                if (src_cset == dst_cset) {
                        src_cset->mg_src_cgrp = NULL;
                        src_cset->mg_dst_cgrp = NULL;
                        list_del_init(&src_cset->mg_preload_node);
                        put_css_set(src_cset);
                        put_css_set(dst_cset);
                        continue;
                }

                src_cset->mg_dst_cset = dst_cset;

                if (list_empty(&dst_cset->mg_preload_node))
                        list_add_tail(&dst_cset->mg_preload_node,
                                      &mgctx->preloaded_dst_csets);
                else
                        put_css_set(dst_cset);

                for_each_subsys(ss, ssid)
                        if (src_cset->subsys[ssid] != dst_cset->subsys[ssid])
                                mgctx->ss_mask |= 1 << ssid;
        }

        return 0;
err:
        cgroup_migrate_finish(mgctx);
        return -ENOMEM;
}

/**
 * cgroup_migrate - migrate a process or task to a cgroup
 * @leader: the leader of the process or the task to migrate
 * @threadgroup: whether @leader points to the whole process or a single task
 * @mgctx: migration context
 *
 * Migrate a process or task denoted by @leader.  If migrating a process,
 * the caller must be holding cgroup_threadgroup_rwsem.  The caller is also
 * responsible for invoking cgroup_migrate_add_src() and
 * cgroup_migrate_prepare_dst() on the targets before invoking this
 * function and following up with cgroup_migrate_finish().
 *
 * As long as a controller's ->can_attach() doesn't fail, this function is
 * guaranteed to succeed.  This means that, excluding ->can_attach()
 * failure, when migrating multiple targets, the success or failure can be
 * decided for all targets by invoking group_migrate_prepare_dst() before
 * actually starting migrating.
 */
int cgroup_migrate(struct task_struct *leader, bool threadgroup,
                   struct cgroup_mgctx *mgctx)
{
        struct task_struct *task;

        /*
         * Prevent freeing of tasks while we take a snapshot. Tasks that are
         * already PF_EXITING could be freed from underneath us unless we
         * take an rcu_read_lock.
         */
        spin_lock_irq(&css_set_lock);
        rcu_read_lock();
        task = leader;
        do {
                cgroup_migrate_add_task(task, mgctx);
                if (!threadgroup)
                        break;
        } while_each_thread(leader, task);
        rcu_read_unlock();
        spin_unlock_irq(&css_set_lock);

        return cgroup_migrate_execute(mgctx);
}

/**
 * cgroup_attach_task - attach a task or a whole threadgroup to a cgroup
 * @dst_cgrp: the cgroup to attach to
 * @leader: the task or the leader of the threadgroup to be attached
 * @threadgroup: attach the whole threadgroup?
 *
 * Call holding cgroup_mutex and cgroup_threadgroup_rwsem.
 */
int cgroup_attach_task(struct cgroup *dst_cgrp, struct task_struct *leader,
                       bool threadgroup)
{
        DEFINE_CGROUP_MGCTX(mgctx);
        struct task_struct *task;
        int ret;

        if (!cgroup_may_migrate_to(dst_cgrp))
                return -EBUSY;

        /* look up all src csets */
        spin_lock_irq(&css_set_lock);
        rcu_read_lock();
        task = leader;
        do {
                cgroup_migrate_add_src(task_css_set(task), dst_cgrp, &mgctx);
                if (!threadgroup)
                        break;
        } while_each_thread(leader, task);
        rcu_read_unlock();
        spin_unlock_irq(&css_set_lock);

        /* prepare dst csets and commit */
        ret = cgroup_migrate_prepare_dst(&mgctx);
        if (!ret)
                ret = cgroup_migrate(leader, threadgroup, &mgctx);

        cgroup_migrate_finish(&mgctx);

        if (!ret)
                trace_cgroup_attach_task(dst_cgrp, leader, threadgroup);

        return ret;
}

static int cgroup_procs_write_permission(struct task_struct *task,
                                         struct cgroup *dst_cgrp,
                                         struct kernfs_open_file *of)
{
        struct super_block *sb = of->file->f_path.dentry->d_sb;
        struct cgroup_namespace *ns = current->nsproxy->cgroup_ns;
        struct cgroup *root_cgrp = ns->root_cset->dfl_cgrp;
        struct cgroup *src_cgrp, *com_cgrp;
        struct inode *inode;
        int ret;

        if (!cgroup_on_dfl(dst_cgrp)) {
                const struct cred *cred = current_cred();
                const struct cred *tcred = get_task_cred(task);

                /*
                 * even if we're attaching all tasks in the thread group,
                 * we only need to check permissions on one of them.
                 */
                if (uid_eq(cred->euid, GLOBAL_ROOT_UID) ||
                    uid_eq(cred->euid, tcred->uid) ||
                    uid_eq(cred->euid, tcred->suid))
                        ret = 0;
                else
                        ret = -EACCES;

                put_cred(tcred);
                return ret;
        }

        /* find the source cgroup */
        spin_lock_irq(&css_set_lock);
        src_cgrp = task_cgroup_from_root(task, &cgrp_dfl_root);
        spin_unlock_irq(&css_set_lock);

        /* and the common ancestor */
        com_cgrp = src_cgrp;
        while (!cgroup_is_descendant(dst_cgrp, com_cgrp))
                com_cgrp = cgroup_parent(com_cgrp);

        /* %current should be authorized to migrate to the common ancestor */
        inode = kernfs_get_inode(sb, com_cgrp->procs_file.kn);
        if (!inode)
                return -ENOMEM;

        ret = inode_permission(inode, MAY_WRITE);
        iput(inode);
        if (ret)
                return ret;

        /*
         * If namespaces are delegation boundaries, %current must be able
         * to see both source and destination cgroups from its namespace.
         */
        if ((cgrp_dfl_root.flags & CGRP_ROOT_NS_DELEGATE) &&
            (!cgroup_is_descendant(src_cgrp, root_cgrp) ||
             !cgroup_is_descendant(dst_cgrp, root_cgrp)))
                return -ENOENT;

        return 0;
}

/*
 * Find the task_struct of the task to attach by vpid and pass it along to the
 * function to attach either it or all tasks in its threadgroup. Will lock
 * cgroup_mutex and threadgroup.
 */
ssize_t __cgroup_procs_write(struct kernfs_open_file *of, char *buf,
                             size_t nbytes, loff_t off, bool threadgroup)
{
        struct task_struct *tsk;
        struct cgroup_subsys *ss;
        struct cgroup *cgrp;
        pid_t pid;
        int ssid, ret;

        if (kstrtoint(strstrip(buf), 0, &pid) || pid < 0)
                return -EINVAL;

        cgrp = cgroup_kn_lock_live(of->kn, false);
        if (!cgrp)
                return -ENODEV;

        percpu_down_write(&cgroup_threadgroup_rwsem);
        rcu_read_lock();
        if (pid) {
                tsk = find_task_by_vpid(pid);
                if (!tsk) {
                        ret = -ESRCH;
                        goto out_unlock_rcu;
                }
        } else {
                tsk = current;
        }

        if (threadgroup)
                tsk = tsk->group_leader;

        /*
         * kthreads may acquire PF_NO_SETAFFINITY during initialization.
         * If userland migrates such a kthread to a non-root cgroup, it can
         * become trapped in a cpuset, or RT kthread may be born in a
         * cgroup with no rt_runtime allocated.  Just say no.
         */
        if (tsk->no_cgroup_migration || (tsk->flags & PF_NO_SETAFFINITY)) {
                ret = -EINVAL;
                goto out_unlock_rcu;
        }

        get_task_struct(tsk);
        rcu_read_unlock();

        ret = cgroup_procs_write_permission(tsk, cgrp, of);
        if (!ret)
                ret = cgroup_attach_task(cgrp, tsk, threadgroup);

        put_task_struct(tsk);
        goto out_unlock_threadgroup;

out_unlock_rcu:
        rcu_read_unlock();
out_unlock_threadgroup:
        percpu_up_write(&cgroup_threadgroup_rwsem);
        for_each_subsys(ss, ssid)
                if (ss->post_attach)
                        ss->post_attach();
        cgroup_kn_unlock(of->kn);
        return ret ?: nbytes;
}

ssize_t cgroup_procs_write(struct kernfs_open_file *of, char *buf, size_t nbytes,
                           loff_t off)
{
        return __cgroup_procs_write(of, buf, nbytes, off, true);
}

static void cgroup_print_ss_mask(struct seq_file *seq, u16 ss_mask)
{
        struct cgroup_subsys *ss;
        bool printed = false;
        int ssid;

        do_each_subsys_mask(ss, ssid, ss_mask) {
                if (printed)
                        seq_putc(seq, ' ');
                seq_printf(seq, "%s", ss->name);
                printed = true;
        } while_each_subsys_mask();
        if (printed)
                seq_putc(seq, '\n');
}

/* show controllers which are enabled from the parent */
static int cgroup_controllers_show(struct seq_file *seq, void *v)
{
        struct cgroup *cgrp = seq_css(seq)->cgroup;

        cgroup_print_ss_mask(seq, cgroup_control(cgrp));
        return 0;
}

/* show controllers which are enabled for a given cgroup's children */
static int cgroup_subtree_control_show(struct seq_file *seq, void *v)
{
        struct cgroup *cgrp = seq_css(seq)->cgroup;

        cgroup_print_ss_mask(seq, cgrp->subtree_control);
        return 0;
}

/**
 * cgroup_update_dfl_csses - update css assoc of a subtree in default hierarchy
 * @cgrp: root of the subtree to update csses for
 *
 * @cgrp's control masks have changed and its subtree's css associations
 * need to be updated accordingly.  This function looks up all css_sets
 * which are attached to the subtree, creates the matching updated css_sets
 * and migrates the tasks to the new ones.
 */
static int cgroup_update_dfl_csses(struct cgroup *cgrp)
{
        DEFINE_CGROUP_MGCTX(mgctx);
        struct cgroup_subsys_state *d_css;
        struct cgroup *dsct;
        struct css_set *src_cset;
        int ret;

        lockdep_assert_held(&cgroup_mutex);

        percpu_down_write(&cgroup_threadgroup_rwsem);

        /* look up all csses currently attached to @cgrp's subtree */
        spin_lock_irq(&css_set_lock);
        cgroup_for_each_live_descendant_pre(dsct, d_css, cgrp) {
                struct cgrp_cset_link *link;

                list_for_each_entry(link, &dsct->cset_links, cset_link)
                        cgroup_migrate_add_src(link->cset, dsct, &mgctx);
        }
        spin_unlock_irq(&css_set_lock);

        /* NULL dst indicates self on default hierarchy */
        ret = cgroup_migrate_prepare_dst(&mgctx);
        if (ret)
                goto out_finish;

        spin_lock_irq(&css_set_lock);
        list_for_each_entry(src_cset, &mgctx.preloaded_src_csets, mg_preload_node) {
                struct task_struct *task, *ntask;

                /* all tasks in src_csets need to be migrated */
                list_for_each_entry_safe(task, ntask, &src_cset->tasks, cg_list)
                        cgroup_migrate_add_task(task, &mgctx);
        }
        spin_unlock_irq(&css_set_lock);

        ret = cgroup_migrate_execute(&mgctx);
out_finish:
        cgroup_migrate_finish(&mgctx);
        percpu_up_write(&cgroup_threadgroup_rwsem);
        return ret;
}

/**
 * cgroup_lock_and_drain_offline - lock cgroup_mutex and drain offlined csses
 * @cgrp: root of the target subtree
 *
 * Because css offlining is asynchronous, userland may try to re-enable a
 * controller while the previous css is still around.  This function grabs
 * cgroup_mutex and drains the previous css instances of @cgrp's subtree.
 */
void cgroup_lock_and_drain_offline(struct cgroup *cgrp)
        __acquires(&cgroup_mutex)
{
        struct cgroup *dsct;
        struct cgroup_subsys_state *d_css;
        struct cgroup_subsys *ss;
        int ssid;

restart:
        mutex_lock(&cgroup_mutex);

        cgroup_for_each_live_descendant_post(dsct, d_css, cgrp) {
                for_each_subsys(ss, ssid) {
                        struct cgroup_subsys_state *css = cgroup_css(dsct, ss);
                        DEFINE_WAIT(wait);

                        if (!css || !percpu_ref_is_dying(&css->refcnt))
                                continue;

                        cgroup_get_live(dsct);
                        prepare_to_wait(&dsct->offline_waitq, &wait,
                                        TASK_UNINTERRUPTIBLE);

                        mutex_unlock(&cgroup_mutex);
                        schedule();
                        finish_wait(&dsct->offline_waitq, &wait);

                        cgroup_put(dsct);
                        goto restart;
                }
        }
}

/**
 * cgroup_save_control - save control masks of a subtree
 * @cgrp: root of the target subtree
 *
 * Save ->subtree_control and ->subtree_ss_mask to the respective old_
 * prefixed fields for @cgrp's subtree including @cgrp itself.
 */
static void cgroup_save_control(struct cgroup *cgrp)
{
        struct cgroup *dsct;
        struct cgroup_subsys_state *d_css;

        cgroup_for_each_live_descendant_pre(dsct, d_css, cgrp) {
                dsct->old_subtree_control = dsct->subtree_control;
                dsct->old_subtree_ss_mask = dsct->subtree_ss_mask;
        }
}

/**
 * cgroup_propagate_control - refresh control masks of a subtree
 * @cgrp: root of the target subtree
 *
 * For @cgrp and its subtree, ensure ->subtree_ss_mask matches
 * ->subtree_control and propagate controller availability through the
 * subtree so that descendants don't have unavailable controllers enabled.
 */
static void cgroup_propagate_control(struct cgroup *cgrp)
{
        struct cgroup *dsct;
        struct cgroup_subsys_state *d_css;

        cgroup_for_each_live_descendant_pre(dsct, d_css, cgrp) {
                dsct->subtree_control &= cgroup_control(dsct);
                dsct->subtree_ss_mask =
                        cgroup_calc_subtree_ss_mask(dsct->subtree_control,
                                                    cgroup_ss_mask(dsct));
        }
}

/**
 * cgroup_restore_control - restore control masks of a subtree
 * @cgrp: root of the target subtree
 *
 * Restore ->subtree_control and ->subtree_ss_mask from the respective old_
 * prefixed fields for @cgrp's subtree including @cgrp itself.
 */
static void cgroup_restore_control(struct cgroup *cgrp)
{
        struct cgroup *dsct;
        struct cgroup_subsys_state *d_css;

        cgroup_for_each_live_descendant_post(dsct, d_css, cgrp) {
                dsct->subtree_control = dsct->old_subtree_control;
                dsct->subtree_ss_mask = dsct->old_subtree_ss_mask;
        }
}

static bool css_visible(struct cgroup_subsys_state *css)
{
        struct cgroup_subsys *ss = css->ss;
        struct cgroup *cgrp = css->cgroup;

        if (cgroup_control(cgrp) & (1 << ss->id))
                return true;
        if (!(cgroup_ss_mask(cgrp) & (1 << ss->id)))
                return false;
        return cgroup_on_dfl(cgrp) && ss->implicit_on_dfl;
}

/**
 * cgroup_apply_control_enable - enable or show csses according to control
 * @cgrp: root of the target subtree
 *
 * Walk @cgrp's subtree and create new csses or make the existing ones
 * visible.  A css is created invisible if it's being implicitly enabled
 * through dependency.  An invisible css is made visible when the userland
 * explicitly enables it.
 *
 * Returns 0 on success, -errno on failure.  On failure, csses which have
 * been processed already aren't cleaned up.  The caller is responsible for
 * cleaning up with cgroup_apply_control_disable().
 */
static int cgroup_apply_control_enable(struct cgroup *cgrp)
{
        struct cgroup *dsct;
        struct cgroup_subsys_state *d_css;
        struct cgroup_subsys *ss;
        int ssid, ret;

        cgroup_for_each_live_descendant_pre(dsct, d_css, cgrp) {
                for_each_subsys(ss, ssid) {
                        struct cgroup_subsys_state *css = cgroup_css(dsct, ss);

                        WARN_ON_ONCE(css && percpu_ref_is_dying(&css->refcnt));

                        if (!(cgroup_ss_mask(dsct) & (1 << ss->id)))
                                continue;

                        if (!css) {
                                css = css_create(dsct, ss);
                                if (IS_ERR(css))
                                        return PTR_ERR(css);
                        }

                        if (css_visible(css)) {
                                ret = css_populate_dir(css);
                                if (ret)
                                        return ret;
                        }
                }
        }

        return 0;
}

/**
 * cgroup_apply_control_disable - kill or hide csses according to control
 * @cgrp: root of the target subtree
 *
 * Walk @cgrp's subtree and kill and hide csses so that they match
 * cgroup_ss_mask() and cgroup_visible_mask().
 *
 * A css is hidden when the userland requests it to be disabled while other
 * subsystems are still depending on it.  The css must not actively control
 * resources and be in the vanilla state if it's made visible again later.
 * Controllers which may be depended upon should provide ->css_reset() for
 * this purpose.
 */
static void cgroup_apply_control_disable(struct cgroup *cgrp)
{
        struct cgroup *dsct;
        struct cgroup_subsys_state *d_css;
        struct cgroup_subsys *ss;
        int ssid;

        cgroup_for_each_live_descendant_post(dsct, d_css, cgrp) {
                for_each_subsys(ss, ssid) {
                        struct cgroup_subsys_state *css = cgroup_css(dsct, ss);

                        WARN_ON_ONCE(css && percpu_ref_is_dying(&css->refcnt));

                        if (!css)
                                continue;

                        if (css->parent &&
                            !(cgroup_ss_mask(dsct) & (1 << ss->id))) {
                                kill_css(css);
                        } else if (!css_visible(css)) {
                                css_clear_dir(css);
                                if (ss->css_reset)
                                        ss->css_reset(css);
                        }
                }
        }
}

/**
 * cgroup_apply_control - apply control mask updates to the subtree
 * @cgrp: root of the target subtree
 *
 * subsystems can be enabled and disabled in a subtree using the following
 * steps.
 *
 * 1. Call cgroup_save_control() to stash the current state.
 * 2. Update ->subtree_control masks in the subtree as desired.
 * 3. Call cgroup_apply_control() to apply the changes.
 * 4. Optionally perform other related operations.
 * 5. Call cgroup_finalize_control() to finish up.
 *
 * This function implements step 3 and propagates the mask changes
 * throughout @cgrp's subtree, updates csses accordingly and perform
 * process migrations.
 */
static int cgroup_apply_control(struct cgroup *cgrp)
{
        int ret;

        cgroup_propagate_control(cgrp);

        ret = cgroup_apply_control_enable(cgrp);
        if (ret)
                return ret;

        /*
         * At this point, cgroup_e_css() results reflect the new csses
         * making the following cgroup_update_dfl_csses() properly update
         * css associations of all tasks in the subtree.
         */
        ret = cgroup_update_dfl_csses(cgrp);
        if (ret)
                return ret;

        return 0;
}

/**
 * cgroup_finalize_control - finalize control mask update
 * @cgrp: root of the target subtree
 * @ret: the result of the update
 *
 * Finalize control mask update.  See cgroup_apply_control() for more info.
 */
static void cgroup_finalize_control(struct cgroup *cgrp, int ret)
{
        if (ret) {
                cgroup_restore_control(cgrp);
                cgroup_propagate_control(cgrp);
        }

        cgroup_apply_control_disable(cgrp);
}

/* change the enabled child controllers for a cgroup in the default hierarchy */
static ssize_t cgroup_subtree_control_write(struct kernfs_open_file *of,
                                            char *buf, size_t nbytes,
                                            loff_t off)
{
        u16 enable = 0, disable = 0;
        struct cgroup *cgrp, *child;
        struct cgroup_subsys *ss;
        char *tok;
        int ssid, ret;

        /*
         * Parse input - space separated list of subsystem names prefixed
         * with either + or -.
         */
        buf = strstrip(buf);
        while ((tok = strsep(&buf, " "))) {
                if (tok[0] == '\0')
                        continue;
                do_each_subsys_mask(ss, ssid, ~cgrp_dfl_inhibit_ss_mask) {
                        if (!cgroup_ssid_enabled(ssid) ||
                            strcmp(tok + 1, ss->name))
                                continue;

                        if (*tok == '+') {
                                enable |= 1 << ssid;
                                disable &= ~(1 << ssid);
                        } else if (*tok == '-') {
                                disable |= 1 << ssid;
                                enable &= ~(1 << ssid);
                        } else {
                                return -EINVAL;
                        }
                        break;
                } while_each_subsys_mask();
                if (ssid == CGROUP_SUBSYS_COUNT)
                        return -EINVAL;
        }

        cgrp = cgroup_kn_lock_live(of->kn, true);
        if (!cgrp)
                return -ENODEV;

        for_each_subsys(ss, ssid) {
                if (enable & (1 << ssid)) {
                        if (cgrp->subtree_control & (1 << ssid)) {
                                enable &= ~(1 << ssid);
                                continue;
                        }

                        if (!(cgroup_control(cgrp) & (1 << ssid))) {
                                ret = -ENOENT;
                                goto out_unlock;
                        }
                } else if (disable & (1 << ssid)) {
                        if (!(cgrp->subtree_control & (1 << ssid))) {
                                disable &= ~(1 << ssid);
                                continue;
                        }

                        /* a child has it enabled? */
                        cgroup_for_each_live_child(child, cgrp) {
                                if (child->subtree_control & (1 << ssid)) {
                                        ret = -EBUSY;
                                        goto out_unlock;
                                }
                        }
                }
        }

        if (!enable && !disable) {
                ret = 0;
                goto out_unlock;
        }

        /*
         * Except for the root, subtree_control must be zero for a cgroup
         * with tasks so that child cgroups don't compete against tasks.
         */
        if (enable && cgroup_parent(cgrp)) {
                struct cgrp_cset_link *link;

                /*
                 * Because namespaces pin csets too, @cgrp->cset_links
                 * might not be empty even when @cgrp is empty.  Walk and
                 * verify each cset.
                 */
                spin_lock_irq(&css_set_lock);

                ret = 0;
                list_for_each_entry(link, &cgrp->cset_links, cset_link) {
                        if (css_set_populated(link->cset)) {
                                ret = -EBUSY;
                                break;
                        }
                }

                spin_unlock_irq(&css_set_lock);

                if (ret)
                        goto out_unlock;
        }

        /* save and update control masks and prepare csses */
        cgroup_save_control(cgrp);

        cgrp->subtree_control |= enable;

        cgrp->subtree_control &= ~disable;

        ret = cgroup_apply_control(cgrp);
        cgroup_finalize_control(cgrp, ret);
        if (ret)
                goto out_unlock;

        kernfs_activate(cgrp->kn);
out_unlock:
        cgroup_kn_unlock(of->kn);
        return ret ?: nbytes;
}

static int cgroup_events_show(struct seq_file *seq, void *v)
{
        seq_printf(seq, "populated %d\n",
                   cgroup_is_populated(seq_css(seq)->cgroup));
        return 0;
}

static int cgroup_file_open(struct kernfs_open_file *of)
{
        struct cftype *cft = of->kn->priv;

        if (cft->open)
                return cft->open(of);
        return 0;
}

static void cgroup_file_release(struct kernfs_open_file *of)
{
        struct cftype *cft = of->kn->priv;

        if (cft->release)
                cft->release(of);
}

static ssize_t cgroup_file_write(struct kernfs_open_file *of, char *buf,
                                 size_t nbytes, loff_t off)
{
        struct cgroup_namespace *ns = current->nsproxy->cgroup_ns;
        struct cgroup *cgrp = of->kn->parent->priv;
        struct cftype *cft = of->kn->priv;
        struct cgroup_subsys_state *css;
        int ret;

        /*
         * If namespaces are delegation boundaries, disallow writes to
         * files in an non-init namespace root from inside the namespace
         * except for the files explicitly marked delegatable -
         * cgroup.procs and cgroup.subtree_control.
         */
        if ((cgrp->root->flags & CGRP_ROOT_NS_DELEGATE) &&
            !(cft->flags & CFTYPE_NS_DELEGATABLE) &&
            ns != &init_cgroup_ns && ns->root_cset->dfl_cgrp == cgrp)
                return -EPERM;

        if (cft->write)
                return cft->write(of, buf, nbytes, off);

        /*
         * kernfs guarantees that a file isn't deleted with operations in
         * flight, which means that the matching css is and stays alive and
         * doesn't need to be pinned.  The RCU locking is not necessary
         * either.  It's just for the convenience of using cgroup_css().
         */
        rcu_read_lock();
        css = cgroup_css(cgrp, cft->ss);
        rcu_read_unlock();

        if (cft->write_u64) {
                unsigned long long v;
                ret = kstrtoull(buf, 0, &v);
                if (!ret)
                        ret = cft->write_u64(css, cft, v);
        } else if (cft->write_s64) {
                long long v;
                ret = kstrtoll(buf, 0, &v);
                if (!ret)
                        ret = cft->write_s64(css, cft, v);
        } else {
                ret = -EINVAL;
        }

        return ret ?: nbytes;
}

static void *cgroup_seqfile_start(struct seq_file *seq, loff_t *ppos)
{
        return seq_cft(seq)->seq_start(seq, ppos);
}

static void *cgroup_seqfile_next(struct seq_file *seq, void *v, loff_t *ppos)
{
        return seq_cft(seq)->seq_next(seq, v, ppos);
}

static void cgroup_seqfile_stop(struct seq_file *seq, void *v)
{
        if (seq_cft(seq)->seq_stop)
                seq_cft(seq)->seq_stop(seq, v);
}

static int cgroup_seqfile_show(struct seq_file *m, void *arg)
{
        struct cftype *cft = seq_cft(m);
        struct cgroup_subsys_state *css = seq_css(m);

        if (cft->seq_show)
                return cft->seq_show(m, arg);

        if (cft->read_u64)
                seq_printf(m, "%llu\n", cft->read_u64(css, cft));
        else if (cft->read_s64)
                seq_printf(m, "%lld\n", cft->read_s64(css, cft));
        else
                return -EINVAL;
        return 0;
}

static struct kernfs_ops cgroup_kf_single_ops = {
        .atomic_write_len       = PAGE_SIZE,
        .open                   = cgroup_file_open,
        .release                = cgroup_file_release,
        .write                  = cgroup_file_write,
        .seq_show               = cgroup_seqfile_show,
};

static struct kernfs_ops cgroup_kf_ops = {
        .atomic_write_len       = PAGE_SIZE,
        .open                   = cgroup_file_open,
        .release                = cgroup_file_release,
        .write                  = cgroup_file_write,
        .seq_start              = cgroup_seqfile_start,
        .seq_next               = cgroup_seqfile_next,
        .seq_stop               = cgroup_seqfile_stop,
        .seq_show               = cgroup_seqfile_show,
};

/* set uid and gid of cgroup dirs and files to that of the creator */
static int cgroup_kn_set_ugid(struct kernfs_node *kn)
{
        struct iattr iattr = { .ia_valid = ATTR_UID | ATTR_GID,
                               .ia_uid = current_fsuid(),
                               .ia_gid = current_fsgid(), };

        if (uid_eq(iattr.ia_uid, GLOBAL_ROOT_UID) &&
            gid_eq(iattr.ia_gid, GLOBAL_ROOT_GID))
                return 0;

        return kernfs_setattr(kn, &iattr);
}

static int cgroup_add_file(struct cgroup_subsys_state *css, struct cgroup *cgrp,
                           struct cftype *cft)
{
        char name[CGROUP_FILE_NAME_MAX];
        struct kernfs_node *kn;
        struct lock_class_key *key = NULL;
        int ret;

#ifdef CONFIG_DEBUG_LOCK_ALLOC
        key = &cft->lockdep_key;
#endif
        kn = __kernfs_create_file(cgrp->kn, cgroup_file_name(cgrp, cft, name),
                                  cgroup_file_mode(cft), 0, cft->kf_ops, cft,
                                  NULL, key);
        if (IS_ERR(kn))
                return PTR_ERR(kn);

        ret = cgroup_kn_set_ugid(kn);
        if (ret) {
                kernfs_remove(kn);
                return ret;
        }

        if (cft->file_offset) {
                struct cgroup_file *cfile = (void *)css + cft->file_offset;

                spin_lock_irq(&cgroup_file_kn_lock);
                cfile->kn = kn;
                spin_unlock_irq(&cgroup_file_kn_lock);
        }

        return 0;
}

/**
 * cgroup_addrm_files - add or remove files to a cgroup directory
 * @css: the target css
 * @cgrp: the target cgroup (usually css->cgroup)
 * @cfts: array of cftypes to be added
 * @is_add: whether to add or remove
 *
 * Depending on @is_add, add or remove files defined by @cfts on @cgrp.
 * For removals, this function never fails.
 */
static int cgroup_addrm_files(struct cgroup_subsys_state *css,
                              struct cgroup *cgrp, struct cftype cfts[],
                              bool is_add)
{
        struct cftype *cft, *cft_end = NULL;
        int ret = 0;

        lockdep_assert_held(&cgroup_mutex);

restart:
        for (cft = cfts; cft != cft_end && cft->name[0] != '\0'; cft++) {
                /* does cft->flags tell us to skip this file on @cgrp? */
                if ((cft->flags & __CFTYPE_ONLY_ON_DFL) && !cgroup_on_dfl(cgrp))
                        continue;
                if ((cft->flags & __CFTYPE_NOT_ON_DFL) && cgroup_on_dfl(cgrp))
                        continue;
                if ((cft->flags & CFTYPE_NOT_ON_ROOT) && !cgroup_parent(cgrp))
                        continue;
                if ((cft->flags & CFTYPE_ONLY_ON_ROOT) && cgroup_parent(cgrp))
                        continue;

                if (is_add) {
                        ret = cgroup_add_file(css, cgrp, cft);
                        if (ret) {
                                pr_warn("%s: failed to add %s, err=%d\n",
                                        __func__, cft->name, ret);
                                cft_end = cft;
                                is_add = false;
                                goto restart;
                        }
                } else {
                        cgroup_rm_file(cgrp, cft);
                }
        }
        return ret;
}

static int cgroup_apply_cftypes(struct cftype *cfts, bool is_add)
{
        LIST_HEAD(pending);
        struct cgroup_subsys *ss = cfts[0].ss;
        struct cgroup *root = &ss->root->cgrp;
        struct cgroup_subsys_state *css;
        int ret = 0;

        lockdep_assert_held(&cgroup_mutex);

        /* add/rm files for all cgroups created before */
        css_for_each_descendant_pre(css, cgroup_css(root, ss)) {
                struct cgroup *cgrp = css->cgroup;

                if (!(css->flags & CSS_VISIBLE))
                        continue;

                ret = cgroup_addrm_files(css, cgrp, cfts, is_add);
                if (ret)
                        break;
        }

        if (is_add && !ret)
                kernfs_activate(root->kn);
        return ret;
}

static void cgroup_exit_cftypes(struct cftype *cfts)
{
        struct cftype *cft;

        for (cft = cfts; cft->name[0] != '\0'; cft++) {
                /* free copy for custom atomic_write_len, see init_cftypes() */
                if (cft->max_write_len && cft->max_write_len != PAGE_SIZE)
                        kfree(cft->kf_ops);
                cft->kf_ops = NULL;
                cft->ss = NULL;

                /* revert flags set by cgroup core while adding @cfts */
                cft->flags &= ~(__CFTYPE_ONLY_ON_DFL | __CFTYPE_NOT_ON_DFL);
        }
}

static int cgroup_init_cftypes(struct cgroup_subsys *ss, struct cftype *cfts)
{
        struct cftype *cft;

        for (cft = cfts; cft->name[0] != '\0'; cft++) {
                struct kernfs_ops *kf_ops;

                WARN_ON(cft->ss || cft->kf_ops);

                if (cft->seq_start)
                        kf_ops = &cgroup_kf_ops;
                else
                        kf_ops = &cgroup_kf_single_ops;

                /*
                 * Ugh... if @cft wants a custom max_write_len, we need to
                 * make a copy of kf_ops to set its atomic_write_len.
                 */
                if (cft->max_write_len && cft->max_write_len != PAGE_SIZE) {
                        kf_ops = kmemdup(kf_ops, sizeof(*kf_ops), GFP_KERNEL);
                        if (!kf_ops) {
                                cgroup_exit_cftypes(cfts);
                                return -ENOMEM;
                        }
                        kf_ops->atomic_write_len = cft->max_write_len;
                }

                cft->kf_ops = kf_ops;
                cft->ss = ss;
        }

        return 0;
}

static int cgroup_rm_cftypes_locked(struct cftype *cfts)
{
        lockdep_assert_held(&cgroup_mutex);

        if (!cfts || !cfts[0].ss)
                return -ENOENT;

        list_del(&cfts->node);
        cgroup_apply_cftypes(cfts, false);
        cgroup_exit_cftypes(cfts);
        return 0;
}

/**
 * cgroup_rm_cftypes - remove an array of cftypes from a subsystem
 * @cfts: zero-length name terminated array of cftypes
 *
 * Unregister @cfts.  Files described by @cfts are removed from all
 * existing cgroups and all future cgroups won't have them either.  This
 * function can be called anytime whether @cfts' subsys is attached or not.
 *
 * Returns 0 on successful unregistration, -ENOENT if @cfts is not
 * registered.
 */
int cgroup_rm_cftypes(struct cftype *cfts)
{
        int ret;

        mutex_lock(&cgroup_mutex);
        ret = cgroup_rm_cftypes_locked(cfts);
        mutex_unlock(&cgroup_mutex);
        return ret;
}

/**
 * cgroup_add_cftypes - add an array of cftypes to a subsystem
 * @ss: target cgroup subsystem
 * @cfts: zero-length name terminated array of cftypes
 *
 * Register @cfts to @ss.  Files described by @cfts are created for all
 * existing cgroups to which @ss is attached and all future cgroups will
 * have them too.  This function can be called anytime whether @ss is
 * attached or not.
 *
 * Returns 0 on successful registration, -errno on failure.  Note that this
 * function currently returns 0 as long as @cfts registration is successful
 * even if some file creation attempts on existing cgroups fail.
 */
static int cgroup_add_cftypes(struct cgroup_subsys *ss, struct cftype *cfts)
{
        int ret;

        if (!cgroup_ssid_enabled(ss->id))
                return 0;

        if (!cfts || cfts[0].name[0] == '\0')
                return 0;

        ret = cgroup_init_cftypes(ss, cfts);
        if (ret)
                return ret;

        mutex_lock(&cgroup_mutex);

        list_add_tail(&cfts->node, &ss->cfts);
        ret = cgroup_apply_cftypes(cfts, true);
        if (ret)
                cgroup_rm_cftypes_locked(cfts);

        mutex_unlock(&cgroup_mutex);
        return ret;
}

/**
 * cgroup_add_dfl_cftypes - add an array of cftypes for default hierarchy
 * @ss: target cgroup subsystem
 * @cfts: zero-length name terminated array of cftypes
 *
 * Similar to cgroup_add_cftypes() but the added files are only used for
 * the default hierarchy.
 */
int cgroup_add_dfl_cftypes(struct cgroup_subsys *ss, struct cftype *cfts)
{
        struct cftype *cft;

        for (cft = cfts; cft && cft->name[0] != '\0'; cft++)
                cft->flags |= __CFTYPE_ONLY_ON_DFL;
        return cgroup_add_cftypes(ss, cfts);
}

/**
 * cgroup_add_legacy_cftypes - add an array of cftypes for legacy hierarchies
 * @ss: target cgroup subsystem
 * @cfts: zero-length name terminated array of cftypes
 *
 * Similar to cgroup_add_cftypes() but the added files are only used for
 * the legacy hierarchies.
 */
int cgroup_add_legacy_cftypes(struct cgroup_subsys *ss, struct cftype *cfts)
{
        struct cftype *cft;

        for (cft = cfts; cft && cft->name[0] != '\0'; cft++)
                cft->flags |= __CFTYPE_NOT_ON_DFL;
        return cgroup_add_cftypes(ss, cfts);
}

/**
 * cgroup_file_notify - generate a file modified event for a cgroup_file
 * @cfile: target cgroup_file
 *
 * @cfile must have been obtained by setting cftype->file_offset.
 */
void cgroup_file_notify(struct cgroup_file *cfile)
{
        unsigned long flags;

        spin_lock_irqsave(&cgroup_file_kn_lock, flags);
        if (cfile->kn)
                kernfs_notify(cfile->kn);
        spin_unlock_irqrestore(&cgroup_file_kn_lock, flags);
}

/**
 * css_next_child - find the next child of a given css
 * @pos: the current position (%NULL to initiate traversal)
 * @parent: css whose children to walk
 *
 * This function returns the next child of @parent and should be called
 * under either cgroup_mutex or RCU read lock.  The only requirement is
 * that @parent and @pos are accessible.  The next sibling is guaranteed to
 * be returned regardless of their states.
 *
 * If a subsystem synchronizes ->css_online() and the start of iteration, a
 * css which finished ->css_online() is guaranteed to be visible in the
 * future iterations and will stay visible until the last reference is put.
 * A css which hasn't finished ->css_online() or already finished
 * ->css_offline() may show up during traversal.  It's each subsystem's
 * responsibility to synchronize against on/offlining.
 */
struct cgroup_subsys_state *css_next_child(struct cgroup_subsys_state *pos,
                                           struct cgroup_subsys_state *parent)
{
        struct cgroup_subsys_state *next;

        cgroup_assert_mutex_or_rcu_locked();

        /*
         * @pos could already have been unlinked from the sibling list.
         * Once a cgroup is removed, its ->sibling.next is no longer
         * updated when its next sibling changes.  CSS_RELEASED is set when
         * @pos is taken off list, at which time its next pointer is valid,
         * and, as releases are serialized, the one pointed to by the next
         * pointer is guaranteed to not have started release yet.  This
         * implies that if we observe !CSS_RELEASED on @pos in this RCU
         * critical section, the one pointed to by its next pointer is
         * guaranteed to not have finished its RCU grace period even if we
         * have dropped rcu_read_lock() inbetween iterations.
         *
         * If @pos has CSS_RELEASED set, its next pointer can't be
         * dereferenced; however, as each css is given a monotonically
         * increasing unique serial number and always appended to the
         * sibling list, the next one can be found by walking the parent's
         * children until the first css with higher serial number than
         * @pos's.  While this path can be slower, it happens iff iteration
         * races against release and the race window is very small.
         */
        if (!pos) {
                next = list_entry_rcu(parent->children.next, struct cgroup_subsys_state, sibling);
        } else if (likely(!(pos->flags & CSS_RELEASED))) {
                next = list_entry_rcu(pos->sibling.next, struct cgroup_subsys_state, sibling);
        } else {
                list_for_each_entry_rcu(next, &parent->children, sibling)
                        if (next->serial_nr > pos->serial_nr)
                                break;
        }

        /*
         * @next, if not pointing to the head, can be dereferenced and is
         * the next sibling.
         */
        if (&next->sibling != &parent->children)
                return next;
        return NULL;
}

/**
 * css_next_descendant_pre - find the next descendant for pre-order walk
 * @pos: the current position (%NULL to initiate traversal)
 * @root: css whose descendants to walk
 *
 * To be used by css_for_each_descendant_pre().  Find the next descendant
 * to visit for pre-order traversal of @root's descendants.  @root is
 * included in the iteration and the first node to be visited.
 *
 * While this function requires cgroup_mutex or RCU read locking, it
 * doesn't require the whole traversal to be contained in a single critical
 * section.  This function will return the correct next descendant as long
 * as both @pos and @root are accessible and @pos is a descendant of @root.
 *
 * If a subsystem synchronizes ->css_online() and the start of iteration, a
 * css which finished ->css_online() is guaranteed to be visible in the
 * future iterations and will stay visible until the last reference is put.
 * A css which hasn't finished ->css_online() or already finished
 * ->css_offline() may show up during traversal.  It's each subsystem's
 * responsibility to synchronize against on/offlining.
 */
struct cgroup_subsys_state *
css_next_descendant_pre(struct cgroup_subsys_state *pos,
                        struct cgroup_subsys_state *root)
{
        struct cgroup_subsys_state *next;

        cgroup_assert_mutex_or_rcu_locked();

        /* if first iteration, visit @root */
        if (!pos)
                return root;

        /* visit the first child if exists */
        next = css_next_child(NULL, pos);
        if (next)
                return next;

        /* no child, visit my or the closest ancestor's next sibling */
        while (pos != root) {
                next = css_next_child(pos, pos->parent);
                if (next)
                        return next;
                pos = pos->parent;
        }

        return NULL;
}

/**
 * css_rightmost_descendant - return the rightmost descendant of a css
 * @pos: css of interest
 *
 * Return the rightmost descendant of @pos.  If there's no descendant, @pos
 * is returned.  This can be used during pre-order traversal to skip
 * subtree of @pos.
 *
 * While this function requires cgroup_mutex or RCU read locking, it
 * doesn't require the whole traversal to be contained in a single critical
 * section.  This function will return the correct rightmost descendant as
 * long as @pos is accessible.
 */
struct cgroup_subsys_state *
css_rightmost_descendant(struct cgroup_subsys_state *pos)
{
        struct cgroup_subsys_state *last, *tmp;

        cgroup_assert_mutex_or_rcu_locked();

        do {
                last = pos;
                /* ->prev isn't RCU safe, walk ->next till the end */
                pos = NULL;
                css_for_each_child(tmp, last)
                        pos = tmp;
        } while (pos);

        return last;
}

static struct cgroup_subsys_state *
css_leftmost_descendant(struct cgroup_subsys_state *pos)
{
        struct cgroup_subsys_state *last;

        do {
                last = pos;
                pos = css_next_child(NULL, pos);
        } while (pos);

        return last;
}

/**
 * css_next_descendant_post - find the next descendant for post-order walk
 * @pos: the current position (%NULL to initiate traversal)
 * @root: css whose descendants to walk
 *
 * To be used by css_for_each_descendant_post().  Find the next descendant
 * to visit for post-order traversal of @root's descendants.  @root is
 * included in the iteration and the last node to be visited.
 *
 * While this function requires cgroup_mutex or RCU read locking, it
 * doesn't require the whole traversal to be contained in a single critical
 * section.  This function will return the correct next descendant as long
 * as both @pos and @cgroup are accessible and @pos is a descendant of
 * @cgroup.
 *
 * If a subsystem synchronizes ->css_online() and the start of iteration, a
 * css which finished ->css_online() is guaranteed to be visible in the
 * future iterations and will stay visible until the last reference is put.
 * A css which hasn't finished ->css_online() or already finished
 * ->css_offline() may show up during traversal.  It's each subsystem's
 * responsibility to synchronize against on/offlining.
 */
struct cgroup_subsys_state *
css_next_descendant_post(struct cgroup_subsys_state *pos,
                         struct cgroup_subsys_state *root)
{
        struct cgroup_subsys_state *next;

        cgroup_assert_mutex_or_rcu_locked();

        /* if first iteration, visit leftmost descendant which may be @root */
        if (!pos)
                return css_leftmost_descendant(root);

        /* if we visited @root, we're done */
        if (pos == root)
                return NULL;

        /* if there's an unvisited sibling, visit its leftmost descendant */
        next = css_next_child(pos, pos->parent);
        if (next)
                return css_leftmost_descendant(next);

        /* no sibling left, visit parent */
        return pos->parent;
}

/**
 * css_has_online_children - does a css have online children
 * @css: the target css
 *
 * Returns %true if @css has any online children; otherwise, %false.  This
 * function can be called from any context but the caller is responsible
 * for synchronizing against on/offlining as necessary.
 */
bool css_has_online_children(struct cgroup_subsys_state *css)
{
        struct cgroup_subsys_state *child;
        bool ret = false;

        rcu_read_lock();
        css_for_each_child(child, css) {
                if (child->flags & CSS_ONLINE) {
                        ret = true;
                        break;
                }
        }
        rcu_read_unlock();
        return ret;
}

/**
 * css_task_iter_advance_css_set - advance a task itererator to the next css_set
 * @it: the iterator to advance
 *
 * Advance @it to the next css_set to walk.
 */
static void css_task_iter_advance_css_set(struct css_task_iter *it)
{
        struct list_head *l = it->cset_pos;
        struct cgrp_cset_link *link;
        struct css_set *cset;

        lockdep_assert_held(&css_set_lock);

        /* Advance to the next non-empty css_set */
        do {
                l = l->next;
                if (l == it->cset_head) {
                        it->cset_pos = NULL;
                        it->task_pos = NULL;
                        return;
                }

                if (it->ss) {
                        cset = container_of(l, struct css_set,
                                            e_cset_node[it->ss->id]);
                } else {
                        link = list_entry(l, struct cgrp_cset_link, cset_link);
                        cset = link->cset;
                }
        } while (!css_set_populated(cset));

        it->cset_pos = l;

        if (!list_empty(&cset->tasks))
                it->task_pos = cset->tasks.next;
        else
                it->task_pos = cset->mg_tasks.next;

        it->tasks_head = &cset->tasks;
        it->mg_tasks_head = &cset->mg_tasks;

        /*
         * We don't keep css_sets locked across iteration steps and thus
         * need to take steps to ensure that iteration can be resumed after
         * the lock is re-acquired.  Iteration is performed at two levels -
         * css_sets and tasks in them.
         *
         * Once created, a css_set never leaves its cgroup lists, so a
         * pinned css_set is guaranteed to stay put and we can resume
         * iteration afterwards.
         *
         * Tasks may leave @cset across iteration steps.  This is resolved
         * by registering each iterator with the css_set currently being
         * walked and making css_set_move_task() advance iterators whose
         * next task is leaving.
         */
        if (it->cur_cset) {
                list_del(&it->iters_node);
                put_css_set_locked(it->cur_cset);
        }
        get_css_set(cset);
        it->cur_cset = cset;
        list_add(&it->iters_node, &cset->task_iters);
}

static void css_task_iter_advance(struct css_task_iter *it)
{
        struct list_head *l = it->task_pos;

        lockdep_assert_held(&css_set_lock);
        WARN_ON_ONCE(!l);

        /*
         * Advance iterator to find next entry.  cset->tasks is consumed
         * first and then ->mg_tasks.  After ->mg_tasks, we move onto the
         * next cset.
         */
        l = l->next;

        if (l == it->tasks_head)
                l = it->mg_tasks_head->next;

        if (l == it->mg_tasks_head)
                css_task_iter_advance_css_set(it);
        else
                it->task_pos = l;
}

/**
 * css_task_iter_start - initiate task iteration
 * @css: the css to walk tasks of
 * @it: the task iterator to use
 *
 * Initiate iteration through the tasks of @css.  The caller can call
 * css_task_iter_next() to walk through the tasks until the function
 * returns NULL.  On completion of iteration, css_task_iter_end() must be
 * called.
 */
void css_task_iter_start(struct cgroup_subsys_state *css,
                         struct css_task_iter *it)
{
        /* no one should try to iterate before mounting cgroups */
        WARN_ON_ONCE(!use_task_css_set_links);

        memset(it, 0, sizeof(*it));

        spin_lock_irq(&css_set_lock);

        it->ss = css->ss;

        if (it->ss)
                it->cset_pos = &css->cgroup->e_csets[css->ss->id];
        else
                it->cset_pos = &css->cgroup->cset_links;

        it->cset_head = it->cset_pos;

        css_task_iter_advance_css_set(it);

        spin_unlock_irq(&css_set_lock);
}

/**
 * css_task_iter_next - return the next task for the iterator
 * @it: the task iterator being iterated
 *
 * The "next" function for task iteration.  @it should have been
 * initialized via css_task_iter_start().  Returns NULL when the iteration
 * reaches the end.
 */
struct task_struct *css_task_iter_next(struct css_task_iter *it)
{
        if (it->cur_task) {
                put_task_struct(it->cur_task);
                it->cur_task = NULL;
        }

        spin_lock_irq(&css_set_lock);

        if (it->task_pos) {
                it->cur_task = list_entry(it->task_pos, struct task_struct,
                                          cg_list);
                get_task_struct(it->cur_task);
                css_task_iter_advance(it);
        }

        spin_unlock_irq(&css_set_lock);

        return it->cur_task;
}

/**
 * css_task_iter_end - finish task iteration
 * @it: the task iterator to finish
 *
 * Finish task iteration started by css_task_iter_start().
 */
void css_task_iter_end(struct css_task_iter *it)
{
        if (it->cur_cset) {
                spin_lock_irq(&css_set_lock);
                list_del(&it->iters_node);
                put_css_set_locked(it->cur_cset);
                spin_unlock_irq(&css_set_lock);
        }

        if (it->cur_task)
                put_task_struct(it->cur_task);
}

static void cgroup_procs_release(struct kernfs_open_file *of)
{
        if (of->priv) {
                css_task_iter_end(of->priv);
                kfree(of->priv);
        }
}

static void *cgroup_procs_next(struct seq_file *s, void *v, loff_t *pos)
{
        struct kernfs_open_file *of = s->private;
        struct css_task_iter *it = of->priv;
        struct task_struct *task;

        do {
                task = css_task_iter_next(it);
        } while (task && !thread_group_leader(task));

        return task;
}

static void *cgroup_procs_start(struct seq_file *s, loff_t *pos)
{
        struct kernfs_open_file *of = s->private;
        struct cgroup *cgrp = seq_css(s)->cgroup;
        struct css_task_iter *it = of->priv;

        /*
         * When a seq_file is seeked, it's always traversed sequentially
         * from position 0, so we can simply keep iterating on !0 *pos.
         */
        if (!it) {
                if (WARN_ON_ONCE((*pos)++))
                        return ERR_PTR(-EINVAL);

                it = kzalloc(sizeof(*it), GFP_KERNEL);
                if (!it)
                        return ERR_PTR(-ENOMEM);
                of->priv = it;
                css_task_iter_start(&cgrp->self, it);
        } else if (!(*pos)++) {
                css_task_iter_end(it);
                css_task_iter_start(&cgrp->self, it);
        }

        return cgroup_procs_next(s, NULL, NULL);
}

static int cgroup_procs_show(struct seq_file *s, void *v)
{
        seq_printf(s, "%d\n", task_tgid_vnr(v));
        return 0;
}

/* cgroup core interface files for the default hierarchy */
static struct cftype cgroup_base_files[] = {
        {
                .name = "cgroup.procs",
                .flags = CFTYPE_NS_DELEGATABLE,
                .file_offset = offsetof(struct cgroup, procs_file),
                .release = cgroup_procs_release,
                .seq_start = cgroup_procs_start,
                .seq_next = cgroup_procs_next,
                .seq_show = cgroup_procs_show,
                .write = cgroup_procs_write,
        },
        {
                .name = "cgroup.controllers",
                .seq_show = cgroup_controllers_show,
        },
        {
                .name = "cgroup.subtree_control",
                .flags = CFTYPE_NS_DELEGATABLE,
                .seq_show = cgroup_subtree_control_show,
                .write = cgroup_subtree_control_write,
        },
        {
                .name = "cgroup.events",
                .flags = CFTYPE_NOT_ON_ROOT,
                .file_offset = offsetof(struct cgroup, events_file),
                .seq_show = cgroup_events_show,
        },
        { }     /* terminate */
};

/*
 * css destruction is four-stage process.
 *
 * 1. Destruction starts.  Killing of the percpu_ref is initiated.
 *    Implemented in kill_css().
 *
 * 2. When the percpu_ref is confirmed to be visible as killed on all CPUs
 *    and thus css_tryget_online() is guaranteed to fail, the css can be
 *    offlined by invoking offline_css().  After offlining, the base ref is
 *    put.  Implemented in css_killed_work_fn().
 *
 * 3. When the percpu_ref reaches zero, the only possible remaining
 *    accessors are inside RCU read sections.  css_release() schedules the
 *    RCU callback.
 *
 * 4. After the grace period, the css can be freed.  Implemented in
 *    css_free_work_fn().
 *
 * It is actually hairier because both step 2 and 4 require process context
 * and thus involve punting to css->destroy_work adding two additional
 * steps to the already complex sequence.
 */
static void css_free_work_fn(struct work_struct *work)
{
        struct cgroup_subsys_state *css =
                container_of(work, struct cgroup_subsys_state, destroy_work);
        struct cgroup_subsys *ss = css->ss;
        struct cgroup *cgrp = css->cgroup;

        percpu_ref_exit(&css->refcnt);

        if (ss) {
                /* css free path */
                struct cgroup_subsys_state *parent = css->parent;
                int id = css->id;

                ss->css_free(css);
                cgroup_idr_remove(&ss->css_idr, id);
                cgroup_put(cgrp);

                if (parent)
                        css_put(parent);
        } else {
                /* cgroup free path */
                atomic_dec(&cgrp->root->nr_cgrps);
                cgroup1_pidlist_destroy_all(cgrp);
                cancel_work_sync(&cgrp->release_agent_work);

                if (cgroup_parent(cgrp)) {
                        /*
                         * We get a ref to the parent, and put the ref when
                         * this cgroup is being freed, so it's guaranteed
                         * that the parent won't be destroyed before its
                         * children.
                         */
                        cgroup_put(cgroup_parent(cgrp));
                        kernfs_put(cgrp->kn);
                        kfree(cgrp);
                } else {
                        /*
                         * This is root cgroup's refcnt reaching zero,
                         * which indicates that the root should be
                         * released.
                         */
                        cgroup_destroy_root(cgrp->root);
                }
        }
}

static void css_free_rcu_fn(struct rcu_head *rcu_head)
{
        struct cgroup_subsys_state *css =
                container_of(rcu_head, struct cgroup_subsys_state, rcu_head);

        INIT_WORK(&css->destroy_work, css_free_work_fn);
        queue_work(cgroup_destroy_wq, &css->destroy_work);
}

static void css_release_work_fn(struct work_struct *work)
{
        struct cgroup_subsys_state *css =
                container_of(work, struct cgroup_subsys_state, destroy_work);
        struct cgroup_subsys *ss = css->ss;