]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/basic/cgroup-util.c
grypt-util: drop two emacs modelines
[thirdparty/systemd.git] / src / basic / cgroup-util.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2 /***
3 Copyright 2010 Lennart Poettering
4 ***/
5
6 #include <dirent.h>
7 #include <errno.h>
8 #include <ftw.h>
9 #include <limits.h>
10 #include <signal.h>
11 #include <stddef.h>
12 #include <stdio_ext.h>
13 #include <stdlib.h>
14 #include <string.h>
15 #include <sys/stat.h>
16 #include <sys/statfs.h>
17 #include <sys/types.h>
18 #include <sys/xattr.h>
19 #include <unistd.h>
20
21 #include "alloc-util.h"
22 #include "cgroup-util.h"
23 #include "def.h"
24 #include "dirent-util.h"
25 #include "extract-word.h"
26 #include "fd-util.h"
27 #include "fileio.h"
28 #include "format-util.h"
29 #include "fs-util.h"
30 #include "log.h"
31 #include "login-util.h"
32 #include "macro.h"
33 #include "missing.h"
34 #include "mkdir.h"
35 #include "parse-util.h"
36 #include "path-util.h"
37 #include "proc-cmdline.h"
38 #include "process-util.h"
39 #include "set.h"
40 #include "special.h"
41 #include "stat-util.h"
42 #include "stdio-util.h"
43 #include "string-table.h"
44 #include "string-util.h"
45 #include "strv.h"
46 #include "unit-name.h"
47 #include "user-util.h"
48
49 int cg_enumerate_processes(const char *controller, const char *path, FILE **_f) {
50 _cleanup_free_ char *fs = NULL;
51 FILE *f;
52 int r;
53
54 assert(_f);
55
56 r = cg_get_path(controller, path, "cgroup.procs", &fs);
57 if (r < 0)
58 return r;
59
60 f = fopen(fs, "re");
61 if (!f)
62 return -errno;
63
64 *_f = f;
65 return 0;
66 }
67
68 int cg_read_pid(FILE *f, pid_t *_pid) {
69 unsigned long ul;
70
71 /* Note that the cgroup.procs might contain duplicates! See
72 * cgroups.txt for details. */
73
74 assert(f);
75 assert(_pid);
76
77 errno = 0;
78 if (fscanf(f, "%lu", &ul) != 1) {
79
80 if (feof(f))
81 return 0;
82
83 return errno > 0 ? -errno : -EIO;
84 }
85
86 if (ul <= 0)
87 return -EIO;
88
89 *_pid = (pid_t) ul;
90 return 1;
91 }
92
93 int cg_read_event(
94 const char *controller,
95 const char *path,
96 const char *event,
97 char **val) {
98
99 _cleanup_free_ char *events = NULL, *content = NULL;
100 char *p, *line;
101 int r;
102
103 r = cg_get_path(controller, path, "cgroup.events", &events);
104 if (r < 0)
105 return r;
106
107 r = read_full_file(events, &content, NULL);
108 if (r < 0)
109 return r;
110
111 p = content;
112 while ((line = strsep(&p, "\n"))) {
113 char *key;
114
115 key = strsep(&line, " ");
116 if (!key || !line)
117 return -EINVAL;
118
119 if (strcmp(key, event))
120 continue;
121
122 *val = strdup(line);
123 return 0;
124 }
125
126 return -ENOENT;
127 }
128
129 bool cg_ns_supported(void) {
130 static thread_local int enabled = -1;
131
132 if (enabled >= 0)
133 return enabled;
134
135 if (access("/proc/self/ns/cgroup", F_OK) == 0)
136 enabled = 1;
137 else
138 enabled = 0;
139
140 return enabled;
141 }
142
143 int cg_enumerate_subgroups(const char *controller, const char *path, DIR **_d) {
144 _cleanup_free_ char *fs = NULL;
145 int r;
146 DIR *d;
147
148 assert(_d);
149
150 /* This is not recursive! */
151
152 r = cg_get_path(controller, path, NULL, &fs);
153 if (r < 0)
154 return r;
155
156 d = opendir(fs);
157 if (!d)
158 return -errno;
159
160 *_d = d;
161 return 0;
162 }
163
164 int cg_read_subgroup(DIR *d, char **fn) {
165 struct dirent *de;
166
167 assert(d);
168 assert(fn);
169
170 FOREACH_DIRENT_ALL(de, d, return -errno) {
171 char *b;
172
173 if (de->d_type != DT_DIR)
174 continue;
175
176 if (dot_or_dot_dot(de->d_name))
177 continue;
178
179 b = strdup(de->d_name);
180 if (!b)
181 return -ENOMEM;
182
183 *fn = b;
184 return 1;
185 }
186
187 return 0;
188 }
189
190 int cg_rmdir(const char *controller, const char *path) {
191 _cleanup_free_ char *p = NULL;
192 int r;
193
194 r = cg_get_path(controller, path, NULL, &p);
195 if (r < 0)
196 return r;
197
198 r = rmdir(p);
199 if (r < 0 && errno != ENOENT)
200 return -errno;
201
202 r = cg_hybrid_unified();
203 if (r < 0)
204 return r;
205 if (r == 0)
206 return 0;
207
208 if (streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
209 r = cg_rmdir(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path);
210 if (r < 0)
211 log_warning_errno(r, "Failed to remove compat systemd cgroup %s: %m", path);
212 }
213
214 return 0;
215 }
216
217 int cg_kill(
218 const char *controller,
219 const char *path,
220 int sig,
221 CGroupFlags flags,
222 Set *s,
223 cg_kill_log_func_t log_kill,
224 void *userdata) {
225
226 _cleanup_set_free_ Set *allocated_set = NULL;
227 bool done = false;
228 int r, ret = 0;
229 pid_t my_pid;
230
231 assert(sig >= 0);
232
233 /* Don't send SIGCONT twice. Also, SIGKILL always works even when process is suspended, hence don't send
234 * SIGCONT on SIGKILL. */
235 if (IN_SET(sig, SIGCONT, SIGKILL))
236 flags &= ~CGROUP_SIGCONT;
237
238 /* This goes through the tasks list and kills them all. This
239 * is repeated until no further processes are added to the
240 * tasks list, to properly handle forking processes */
241
242 if (!s) {
243 s = allocated_set = set_new(NULL);
244 if (!s)
245 return -ENOMEM;
246 }
247
248 my_pid = getpid_cached();
249
250 do {
251 _cleanup_fclose_ FILE *f = NULL;
252 pid_t pid = 0;
253 done = true;
254
255 r = cg_enumerate_processes(controller, path, &f);
256 if (r < 0) {
257 if (ret >= 0 && r != -ENOENT)
258 return r;
259
260 return ret;
261 }
262
263 while ((r = cg_read_pid(f, &pid)) > 0) {
264
265 if ((flags & CGROUP_IGNORE_SELF) && pid == my_pid)
266 continue;
267
268 if (set_get(s, PID_TO_PTR(pid)) == PID_TO_PTR(pid))
269 continue;
270
271 if (log_kill)
272 log_kill(pid, sig, userdata);
273
274 /* If we haven't killed this process yet, kill
275 * it */
276 if (kill(pid, sig) < 0) {
277 if (ret >= 0 && errno != ESRCH)
278 ret = -errno;
279 } else {
280 if (flags & CGROUP_SIGCONT)
281 (void) kill(pid, SIGCONT);
282
283 if (ret == 0)
284 ret = 1;
285 }
286
287 done = false;
288
289 r = set_put(s, PID_TO_PTR(pid));
290 if (r < 0) {
291 if (ret >= 0)
292 return r;
293
294 return ret;
295 }
296 }
297
298 if (r < 0) {
299 if (ret >= 0)
300 return r;
301
302 return ret;
303 }
304
305 /* To avoid racing against processes which fork
306 * quicker than we can kill them we repeat this until
307 * no new pids need to be killed. */
308
309 } while (!done);
310
311 return ret;
312 }
313
314 int cg_kill_recursive(
315 const char *controller,
316 const char *path,
317 int sig,
318 CGroupFlags flags,
319 Set *s,
320 cg_kill_log_func_t log_kill,
321 void *userdata) {
322
323 _cleanup_set_free_ Set *allocated_set = NULL;
324 _cleanup_closedir_ DIR *d = NULL;
325 int r, ret;
326 char *fn;
327
328 assert(path);
329 assert(sig >= 0);
330
331 if (!s) {
332 s = allocated_set = set_new(NULL);
333 if (!s)
334 return -ENOMEM;
335 }
336
337 ret = cg_kill(controller, path, sig, flags, s, log_kill, userdata);
338
339 r = cg_enumerate_subgroups(controller, path, &d);
340 if (r < 0) {
341 if (ret >= 0 && r != -ENOENT)
342 return r;
343
344 return ret;
345 }
346
347 while ((r = cg_read_subgroup(d, &fn)) > 0) {
348 _cleanup_free_ char *p = NULL;
349
350 p = strjoin(path, "/", fn);
351 free(fn);
352 if (!p)
353 return -ENOMEM;
354
355 r = cg_kill_recursive(controller, p, sig, flags, s, log_kill, userdata);
356 if (r != 0 && ret >= 0)
357 ret = r;
358 }
359 if (ret >= 0 && r < 0)
360 ret = r;
361
362 if (flags & CGROUP_REMOVE) {
363 r = cg_rmdir(controller, path);
364 if (r < 0 && ret >= 0 && !IN_SET(r, -ENOENT, -EBUSY))
365 return r;
366 }
367
368 return ret;
369 }
370
371 int cg_migrate(
372 const char *cfrom,
373 const char *pfrom,
374 const char *cto,
375 const char *pto,
376 CGroupFlags flags) {
377
378 bool done = false;
379 _cleanup_set_free_ Set *s = NULL;
380 int r, ret = 0;
381 pid_t my_pid;
382
383 assert(cfrom);
384 assert(pfrom);
385 assert(cto);
386 assert(pto);
387
388 s = set_new(NULL);
389 if (!s)
390 return -ENOMEM;
391
392 my_pid = getpid_cached();
393
394 do {
395 _cleanup_fclose_ FILE *f = NULL;
396 pid_t pid = 0;
397 done = true;
398
399 r = cg_enumerate_processes(cfrom, pfrom, &f);
400 if (r < 0) {
401 if (ret >= 0 && r != -ENOENT)
402 return r;
403
404 return ret;
405 }
406
407 while ((r = cg_read_pid(f, &pid)) > 0) {
408
409 /* This might do weird stuff if we aren't a
410 * single-threaded program. However, we
411 * luckily know we are not */
412 if ((flags & CGROUP_IGNORE_SELF) && pid == my_pid)
413 continue;
414
415 if (set_get(s, PID_TO_PTR(pid)) == PID_TO_PTR(pid))
416 continue;
417
418 /* Ignore kernel threads. Since they can only
419 * exist in the root cgroup, we only check for
420 * them there. */
421 if (cfrom &&
422 empty_or_root(pfrom) &&
423 is_kernel_thread(pid) > 0)
424 continue;
425
426 r = cg_attach(cto, pto, pid);
427 if (r < 0) {
428 if (ret >= 0 && r != -ESRCH)
429 ret = r;
430 } else if (ret == 0)
431 ret = 1;
432
433 done = false;
434
435 r = set_put(s, PID_TO_PTR(pid));
436 if (r < 0) {
437 if (ret >= 0)
438 return r;
439
440 return ret;
441 }
442 }
443
444 if (r < 0) {
445 if (ret >= 0)
446 return r;
447
448 return ret;
449 }
450 } while (!done);
451
452 return ret;
453 }
454
455 int cg_migrate_recursive(
456 const char *cfrom,
457 const char *pfrom,
458 const char *cto,
459 const char *pto,
460 CGroupFlags flags) {
461
462 _cleanup_closedir_ DIR *d = NULL;
463 int r, ret = 0;
464 char *fn;
465
466 assert(cfrom);
467 assert(pfrom);
468 assert(cto);
469 assert(pto);
470
471 ret = cg_migrate(cfrom, pfrom, cto, pto, flags);
472
473 r = cg_enumerate_subgroups(cfrom, pfrom, &d);
474 if (r < 0) {
475 if (ret >= 0 && r != -ENOENT)
476 return r;
477
478 return ret;
479 }
480
481 while ((r = cg_read_subgroup(d, &fn)) > 0) {
482 _cleanup_free_ char *p = NULL;
483
484 p = strjoin(pfrom, "/", fn);
485 free(fn);
486 if (!p)
487 return -ENOMEM;
488
489 r = cg_migrate_recursive(cfrom, p, cto, pto, flags);
490 if (r != 0 && ret >= 0)
491 ret = r;
492 }
493
494 if (r < 0 && ret >= 0)
495 ret = r;
496
497 if (flags & CGROUP_REMOVE) {
498 r = cg_rmdir(cfrom, pfrom);
499 if (r < 0 && ret >= 0 && !IN_SET(r, -ENOENT, -EBUSY))
500 return r;
501 }
502
503 return ret;
504 }
505
506 int cg_migrate_recursive_fallback(
507 const char *cfrom,
508 const char *pfrom,
509 const char *cto,
510 const char *pto,
511 CGroupFlags flags) {
512
513 int r;
514
515 assert(cfrom);
516 assert(pfrom);
517 assert(cto);
518 assert(pto);
519
520 r = cg_migrate_recursive(cfrom, pfrom, cto, pto, flags);
521 if (r < 0) {
522 char prefix[strlen(pto) + 1];
523
524 /* This didn't work? Then let's try all prefixes of the destination */
525
526 PATH_FOREACH_PREFIX(prefix, pto) {
527 int q;
528
529 q = cg_migrate_recursive(cfrom, pfrom, cto, prefix, flags);
530 if (q >= 0)
531 return q;
532 }
533 }
534
535 return r;
536 }
537
538 static const char *controller_to_dirname(const char *controller) {
539 const char *e;
540
541 assert(controller);
542
543 /* Converts a controller name to the directory name below
544 * /sys/fs/cgroup/ we want to mount it to. Effectively, this
545 * just cuts off the name= prefixed used for named
546 * hierarchies, if it is specified. */
547
548 if (streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
549 if (cg_hybrid_unified() > 0)
550 controller = SYSTEMD_CGROUP_CONTROLLER_HYBRID;
551 else
552 controller = SYSTEMD_CGROUP_CONTROLLER_LEGACY;
553 }
554
555 e = startswith(controller, "name=");
556 if (e)
557 return e;
558
559 return controller;
560 }
561
562 static int join_path_legacy(const char *controller, const char *path, const char *suffix, char **fs) {
563 const char *dn;
564 char *t = NULL;
565
566 assert(fs);
567 assert(controller);
568
569 dn = controller_to_dirname(controller);
570
571 if (isempty(path) && isempty(suffix))
572 t = strappend("/sys/fs/cgroup/", dn);
573 else if (isempty(path))
574 t = strjoin("/sys/fs/cgroup/", dn, "/", suffix);
575 else if (isempty(suffix))
576 t = strjoin("/sys/fs/cgroup/", dn, "/", path);
577 else
578 t = strjoin("/sys/fs/cgroup/", dn, "/", path, "/", suffix);
579 if (!t)
580 return -ENOMEM;
581
582 *fs = t;
583 return 0;
584 }
585
586 static int join_path_unified(const char *path, const char *suffix, char **fs) {
587 char *t;
588
589 assert(fs);
590
591 if (isempty(path) && isempty(suffix))
592 t = strdup("/sys/fs/cgroup");
593 else if (isempty(path))
594 t = strappend("/sys/fs/cgroup/", suffix);
595 else if (isempty(suffix))
596 t = strappend("/sys/fs/cgroup/", path);
597 else
598 t = strjoin("/sys/fs/cgroup/", path, "/", suffix);
599 if (!t)
600 return -ENOMEM;
601
602 *fs = t;
603 return 0;
604 }
605
606 int cg_get_path(const char *controller, const char *path, const char *suffix, char **fs) {
607 int r;
608
609 assert(fs);
610
611 if (!controller) {
612 char *t;
613
614 /* If no controller is specified, we return the path
615 * *below* the controllers, without any prefix. */
616
617 if (!path && !suffix)
618 return -EINVAL;
619
620 if (!suffix)
621 t = strdup(path);
622 else if (!path)
623 t = strdup(suffix);
624 else
625 t = strjoin(path, "/", suffix);
626 if (!t)
627 return -ENOMEM;
628
629 *fs = path_simplify(t, false);
630 return 0;
631 }
632
633 if (!cg_controller_is_valid(controller))
634 return -EINVAL;
635
636 r = cg_all_unified();
637 if (r < 0)
638 return r;
639 if (r > 0)
640 r = join_path_unified(path, suffix, fs);
641 else
642 r = join_path_legacy(controller, path, suffix, fs);
643 if (r < 0)
644 return r;
645
646 path_simplify(*fs, false);
647 return 0;
648 }
649
650 static int controller_is_accessible(const char *controller) {
651 int r;
652
653 assert(controller);
654
655 /* Checks whether a specific controller is accessible,
656 * i.e. its hierarchy mounted. In the unified hierarchy all
657 * controllers are considered accessible, except for the named
658 * hierarchies */
659
660 if (!cg_controller_is_valid(controller))
661 return -EINVAL;
662
663 r = cg_all_unified();
664 if (r < 0)
665 return r;
666 if (r > 0) {
667 /* We don't support named hierarchies if we are using
668 * the unified hierarchy. */
669
670 if (streq(controller, SYSTEMD_CGROUP_CONTROLLER))
671 return 0;
672
673 if (startswith(controller, "name="))
674 return -EOPNOTSUPP;
675
676 } else {
677 const char *cc, *dn;
678
679 dn = controller_to_dirname(controller);
680 cc = strjoina("/sys/fs/cgroup/", dn);
681
682 if (laccess(cc, F_OK) < 0)
683 return -errno;
684 }
685
686 return 0;
687 }
688
689 int cg_get_path_and_check(const char *controller, const char *path, const char *suffix, char **fs) {
690 int r;
691
692 assert(controller);
693 assert(fs);
694
695 /* Check if the specified controller is actually accessible */
696 r = controller_is_accessible(controller);
697 if (r < 0)
698 return r;
699
700 return cg_get_path(controller, path, suffix, fs);
701 }
702
703 static int trim_cb(const char *path, const struct stat *sb, int typeflag, struct FTW *ftwbuf) {
704 assert(path);
705 assert(sb);
706 assert(ftwbuf);
707
708 if (typeflag != FTW_DP)
709 return 0;
710
711 if (ftwbuf->level < 1)
712 return 0;
713
714 (void) rmdir(path);
715 return 0;
716 }
717
718 int cg_trim(const char *controller, const char *path, bool delete_root) {
719 _cleanup_free_ char *fs = NULL;
720 int r = 0, q;
721
722 assert(path);
723
724 r = cg_get_path(controller, path, NULL, &fs);
725 if (r < 0)
726 return r;
727
728 errno = 0;
729 if (nftw(fs, trim_cb, 64, FTW_DEPTH|FTW_MOUNT|FTW_PHYS) != 0) {
730 if (errno == ENOENT)
731 r = 0;
732 else if (errno > 0)
733 r = -errno;
734 else
735 r = -EIO;
736 }
737
738 if (delete_root) {
739 if (rmdir(fs) < 0 && errno != ENOENT)
740 return -errno;
741 }
742
743 q = cg_hybrid_unified();
744 if (q < 0)
745 return q;
746 if (q > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
747 q = cg_trim(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, delete_root);
748 if (q < 0)
749 log_warning_errno(q, "Failed to trim compat systemd cgroup %s: %m", path);
750 }
751
752 return r;
753 }
754
755 /* Create a cgroup in the hierarchy of controller.
756 * Returns 0 if the group already existed, 1 on success, negative otherwise.
757 */
758 int cg_create(const char *controller, const char *path) {
759 _cleanup_free_ char *fs = NULL;
760 int r;
761
762 r = cg_get_path_and_check(controller, path, NULL, &fs);
763 if (r < 0)
764 return r;
765
766 r = mkdir_parents(fs, 0755);
767 if (r < 0)
768 return r;
769
770 r = mkdir_errno_wrapper(fs, 0755);
771 if (r == -EEXIST)
772 return 0;
773 if (r < 0)
774 return r;
775
776 r = cg_hybrid_unified();
777 if (r < 0)
778 return r;
779
780 if (r > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
781 r = cg_create(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path);
782 if (r < 0)
783 log_warning_errno(r, "Failed to create compat systemd cgroup %s: %m", path);
784 }
785
786 return 1;
787 }
788
789 int cg_create_and_attach(const char *controller, const char *path, pid_t pid) {
790 int r, q;
791
792 assert(pid >= 0);
793
794 r = cg_create(controller, path);
795 if (r < 0)
796 return r;
797
798 q = cg_attach(controller, path, pid);
799 if (q < 0)
800 return q;
801
802 /* This does not remove the cgroup on failure */
803 return r;
804 }
805
806 int cg_attach(const char *controller, const char *path, pid_t pid) {
807 _cleanup_free_ char *fs = NULL;
808 char c[DECIMAL_STR_MAX(pid_t) + 2];
809 int r;
810
811 assert(path);
812 assert(pid >= 0);
813
814 r = cg_get_path_and_check(controller, path, "cgroup.procs", &fs);
815 if (r < 0)
816 return r;
817
818 if (pid == 0)
819 pid = getpid_cached();
820
821 xsprintf(c, PID_FMT "\n", pid);
822
823 r = write_string_file(fs, c, 0);
824 if (r < 0)
825 return r;
826
827 r = cg_hybrid_unified();
828 if (r < 0)
829 return r;
830
831 if (r > 0 && streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
832 r = cg_attach(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, pid);
833 if (r < 0)
834 log_warning_errno(r, "Failed to attach "PID_FMT" to compat systemd cgroup %s: %m", pid, path);
835 }
836
837 return 0;
838 }
839
840 int cg_attach_fallback(const char *controller, const char *path, pid_t pid) {
841 int r;
842
843 assert(controller);
844 assert(path);
845 assert(pid >= 0);
846
847 r = cg_attach(controller, path, pid);
848 if (r < 0) {
849 char prefix[strlen(path) + 1];
850
851 /* This didn't work? Then let's try all prefixes of
852 * the destination */
853
854 PATH_FOREACH_PREFIX(prefix, path) {
855 int q;
856
857 q = cg_attach(controller, prefix, pid);
858 if (q >= 0)
859 return q;
860 }
861 }
862
863 return r;
864 }
865
866 int cg_set_access(
867 const char *controller,
868 const char *path,
869 uid_t uid,
870 gid_t gid) {
871
872 struct Attribute {
873 const char *name;
874 bool fatal;
875 };
876
877 /* cgroupsv1, aka legacy/non-unified */
878 static const struct Attribute legacy_attributes[] = {
879 { "cgroup.procs", true },
880 { "tasks", false },
881 { "cgroup.clone_children", false },
882 {},
883 };
884
885 /* cgroupsv2, aka unified */
886 static const struct Attribute unified_attributes[] = {
887 { "cgroup.procs", true },
888 { "cgroup.subtree_control", true },
889 { "cgroup.threads", false },
890 {},
891 };
892
893 static const struct Attribute* const attributes[] = {
894 [false] = legacy_attributes,
895 [true] = unified_attributes,
896 };
897
898 _cleanup_free_ char *fs = NULL;
899 const struct Attribute *i;
900 int r, unified;
901
902 assert(path);
903
904 if (uid == UID_INVALID && gid == GID_INVALID)
905 return 0;
906
907 unified = cg_unified_controller(controller);
908 if (unified < 0)
909 return unified;
910
911 /* Configure access to the cgroup itself */
912 r = cg_get_path(controller, path, NULL, &fs);
913 if (r < 0)
914 return r;
915
916 r = chmod_and_chown(fs, 0755, uid, gid);
917 if (r < 0)
918 return r;
919
920 /* Configure access to the cgroup's attributes */
921 for (i = attributes[unified]; i->name; i++) {
922 fs = mfree(fs);
923
924 r = cg_get_path(controller, path, i->name, &fs);
925 if (r < 0)
926 return r;
927
928 r = chmod_and_chown(fs, 0644, uid, gid);
929 if (r < 0) {
930 if (i->fatal)
931 return r;
932
933 log_debug_errno(r, "Failed to set access on cgroup %s, ignoring: %m", fs);
934 }
935 }
936
937 if (streq(controller, SYSTEMD_CGROUP_CONTROLLER)) {
938 r = cg_hybrid_unified();
939 if (r < 0)
940 return r;
941 if (r > 0) {
942 /* Always propagate access mode from unified to legacy controller */
943 r = cg_set_access(SYSTEMD_CGROUP_CONTROLLER_LEGACY, path, uid, gid);
944 if (r < 0)
945 log_debug_errno(r, "Failed to set access on compatibility systemd cgroup %s, ignoring: %m", path);
946 }
947 }
948
949 return 0;
950 }
951
952 int cg_set_xattr(const char *controller, const char *path, const char *name, const void *value, size_t size, int flags) {
953 _cleanup_free_ char *fs = NULL;
954 int r;
955
956 assert(path);
957 assert(name);
958 assert(value || size <= 0);
959
960 r = cg_get_path(controller, path, NULL, &fs);
961 if (r < 0)
962 return r;
963
964 if (setxattr(fs, name, value, size, flags) < 0)
965 return -errno;
966
967 return 0;
968 }
969
970 int cg_get_xattr(const char *controller, const char *path, const char *name, void *value, size_t size) {
971 _cleanup_free_ char *fs = NULL;
972 ssize_t n;
973 int r;
974
975 assert(path);
976 assert(name);
977
978 r = cg_get_path(controller, path, NULL, &fs);
979 if (r < 0)
980 return r;
981
982 n = getxattr(fs, name, value, size);
983 if (n < 0)
984 return -errno;
985
986 return (int) n;
987 }
988
989 int cg_pid_get_path(const char *controller, pid_t pid, char **path) {
990 _cleanup_fclose_ FILE *f = NULL;
991 char line[LINE_MAX];
992 const char *fs, *controller_str;
993 size_t cs = 0;
994 int unified;
995
996 assert(path);
997 assert(pid >= 0);
998
999 if (controller) {
1000 if (!cg_controller_is_valid(controller))
1001 return -EINVAL;
1002 } else
1003 controller = SYSTEMD_CGROUP_CONTROLLER;
1004
1005 unified = cg_unified_controller(controller);
1006 if (unified < 0)
1007 return unified;
1008 if (unified == 0) {
1009 if (streq(controller, SYSTEMD_CGROUP_CONTROLLER))
1010 controller_str = SYSTEMD_CGROUP_CONTROLLER_LEGACY;
1011 else
1012 controller_str = controller;
1013
1014 cs = strlen(controller_str);
1015 }
1016
1017 fs = procfs_file_alloca(pid, "cgroup");
1018 f = fopen(fs, "re");
1019 if (!f)
1020 return errno == ENOENT ? -ESRCH : -errno;
1021
1022 (void) __fsetlocking(f, FSETLOCKING_BYCALLER);
1023
1024 FOREACH_LINE(line, f, return -errno) {
1025 char *e, *p;
1026
1027 truncate_nl(line);
1028
1029 if (unified) {
1030 e = startswith(line, "0:");
1031 if (!e)
1032 continue;
1033
1034 e = strchr(e, ':');
1035 if (!e)
1036 continue;
1037 } else {
1038 char *l;
1039 size_t k;
1040 const char *word, *state;
1041 bool found = false;
1042
1043 l = strchr(line, ':');
1044 if (!l)
1045 continue;
1046
1047 l++;
1048 e = strchr(l, ':');
1049 if (!e)
1050 continue;
1051
1052 *e = 0;
1053 FOREACH_WORD_SEPARATOR(word, k, l, ",", state)
1054 if (k == cs && memcmp(word, controller_str, cs) == 0) {
1055 found = true;
1056 break;
1057 }
1058 if (!found)
1059 continue;
1060 }
1061
1062 p = strdup(e + 1);
1063 if (!p)
1064 return -ENOMEM;
1065
1066 /* Truncate suffix indicating the process is a zombie */
1067 e = endswith(p, " (deleted)");
1068 if (e)
1069 *e = 0;
1070
1071 *path = p;
1072 return 0;
1073 }
1074
1075 return -ENODATA;
1076 }
1077
1078 int cg_install_release_agent(const char *controller, const char *agent) {
1079 _cleanup_free_ char *fs = NULL, *contents = NULL;
1080 const char *sc;
1081 int r;
1082
1083 assert(agent);
1084
1085 r = cg_unified_controller(controller);
1086 if (r < 0)
1087 return r;
1088 if (r > 0) /* doesn't apply to unified hierarchy */
1089 return -EOPNOTSUPP;
1090
1091 r = cg_get_path(controller, NULL, "release_agent", &fs);
1092 if (r < 0)
1093 return r;
1094
1095 r = read_one_line_file(fs, &contents);
1096 if (r < 0)
1097 return r;
1098
1099 sc = strstrip(contents);
1100 if (isempty(sc)) {
1101 r = write_string_file(fs, agent, 0);
1102 if (r < 0)
1103 return r;
1104 } else if (!path_equal(sc, agent))
1105 return -EEXIST;
1106
1107 fs = mfree(fs);
1108 r = cg_get_path(controller, NULL, "notify_on_release", &fs);
1109 if (r < 0)
1110 return r;
1111
1112 contents = mfree(contents);
1113 r = read_one_line_file(fs, &contents);
1114 if (r < 0)
1115 return r;
1116
1117 sc = strstrip(contents);
1118 if (streq(sc, "0")) {
1119 r = write_string_file(fs, "1", 0);
1120 if (r < 0)
1121 return r;
1122
1123 return 1;
1124 }
1125
1126 if (!streq(sc, "1"))
1127 return -EIO;
1128
1129 return 0;
1130 }
1131
1132 int cg_uninstall_release_agent(const char *controller) {
1133 _cleanup_free_ char *fs = NULL;
1134 int r;
1135
1136 r = cg_unified_controller(controller);
1137 if (r < 0)
1138 return r;
1139 if (r > 0) /* Doesn't apply to unified hierarchy */
1140 return -EOPNOTSUPP;
1141
1142 r = cg_get_path(controller, NULL, "notify_on_release", &fs);
1143 if (r < 0)
1144 return r;
1145
1146 r = write_string_file(fs, "0", 0);
1147 if (r < 0)
1148 return r;
1149
1150 fs = mfree(fs);
1151
1152 r = cg_get_path(controller, NULL, "release_agent", &fs);
1153 if (r < 0)
1154 return r;
1155
1156 r = write_string_file(fs, "", 0);
1157 if (r < 0)
1158 return r;
1159
1160 return 0;
1161 }
1162
1163 int cg_is_empty(const char *controller, const char *path) {
1164 _cleanup_fclose_ FILE *f = NULL;
1165 pid_t pid;
1166 int r;
1167
1168 assert(path);
1169
1170 r = cg_enumerate_processes(controller, path, &f);
1171 if (r == -ENOENT)
1172 return 1;
1173 if (r < 0)
1174 return r;
1175
1176 r = cg_read_pid(f, &pid);
1177 if (r < 0)
1178 return r;
1179
1180 return r == 0;
1181 }
1182
1183 int cg_is_empty_recursive(const char *controller, const char *path) {
1184 int r;
1185
1186 assert(path);
1187
1188 /* The root cgroup is always populated */
1189 if (controller && empty_or_root(path))
1190 return false;
1191
1192 r = cg_unified_controller(controller);
1193 if (r < 0)
1194 return r;
1195 if (r > 0) {
1196 _cleanup_free_ char *t = NULL;
1197
1198 /* On the unified hierarchy we can check empty state
1199 * via the "populated" attribute of "cgroup.events". */
1200
1201 r = cg_read_event(controller, path, "populated", &t);
1202 if (r < 0)
1203 return r;
1204
1205 return streq(t, "0");
1206 } else {
1207 _cleanup_closedir_ DIR *d = NULL;
1208 char *fn;
1209
1210 r = cg_is_empty(controller, path);
1211 if (r <= 0)
1212 return r;
1213
1214 r = cg_enumerate_subgroups(controller, path, &d);
1215 if (r == -ENOENT)
1216 return 1;
1217 if (r < 0)
1218 return r;
1219
1220 while ((r = cg_read_subgroup(d, &fn)) > 0) {
1221 _cleanup_free_ char *p = NULL;
1222
1223 p = strjoin(path, "/", fn);
1224 free(fn);
1225 if (!p)
1226 return -ENOMEM;
1227
1228 r = cg_is_empty_recursive(controller, p);
1229 if (r <= 0)
1230 return r;
1231 }
1232 if (r < 0)
1233 return r;
1234
1235 return true;
1236 }
1237 }
1238
1239 int cg_split_spec(const char *spec, char **controller, char **path) {
1240 char *t = NULL, *u = NULL;
1241 const char *e;
1242
1243 assert(spec);
1244
1245 if (*spec == '/') {
1246 if (!path_is_normalized(spec))
1247 return -EINVAL;
1248
1249 if (path) {
1250 t = strdup(spec);
1251 if (!t)
1252 return -ENOMEM;
1253
1254 *path = path_simplify(t, false);
1255 }
1256
1257 if (controller)
1258 *controller = NULL;
1259
1260 return 0;
1261 }
1262
1263 e = strchr(spec, ':');
1264 if (!e) {
1265 if (!cg_controller_is_valid(spec))
1266 return -EINVAL;
1267
1268 if (controller) {
1269 t = strdup(spec);
1270 if (!t)
1271 return -ENOMEM;
1272
1273 *controller = t;
1274 }
1275
1276 if (path)
1277 *path = NULL;
1278
1279 return 0;
1280 }
1281
1282 t = strndup(spec, e-spec);
1283 if (!t)
1284 return -ENOMEM;
1285 if (!cg_controller_is_valid(t)) {
1286 free(t);
1287 return -EINVAL;
1288 }
1289
1290 if (isempty(e+1))
1291 u = NULL;
1292 else {
1293 u = strdup(e+1);
1294 if (!u) {
1295 free(t);
1296 return -ENOMEM;
1297 }
1298
1299 if (!path_is_normalized(u) ||
1300 !path_is_absolute(u)) {
1301 free(t);
1302 free(u);
1303 return -EINVAL;
1304 }
1305
1306 path_simplify(u, false);
1307 }
1308
1309 if (controller)
1310 *controller = t;
1311 else
1312 free(t);
1313
1314 if (path)
1315 *path = u;
1316 else
1317 free(u);
1318
1319 return 0;
1320 }
1321
1322 int cg_mangle_path(const char *path, char **result) {
1323 _cleanup_free_ char *c = NULL, *p = NULL;
1324 char *t;
1325 int r;
1326
1327 assert(path);
1328 assert(result);
1329
1330 /* First, check if it already is a filesystem path */
1331 if (path_startswith(path, "/sys/fs/cgroup")) {
1332
1333 t = strdup(path);
1334 if (!t)
1335 return -ENOMEM;
1336
1337 *result = path_simplify(t, false);
1338 return 0;
1339 }
1340
1341 /* Otherwise, treat it as cg spec */
1342 r = cg_split_spec(path, &c, &p);
1343 if (r < 0)
1344 return r;
1345
1346 return cg_get_path(c ?: SYSTEMD_CGROUP_CONTROLLER, p ?: "/", NULL, result);
1347 }
1348
1349 int cg_get_root_path(char **path) {
1350 char *p, *e;
1351 int r;
1352
1353 assert(path);
1354
1355 r = cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, 1, &p);
1356 if (r < 0)
1357 return r;
1358
1359 e = endswith(p, "/" SPECIAL_INIT_SCOPE);
1360 if (!e)
1361 e = endswith(p, "/" SPECIAL_SYSTEM_SLICE); /* legacy */
1362 if (!e)
1363 e = endswith(p, "/system"); /* even more legacy */
1364 if (e)
1365 *e = 0;
1366
1367 *path = p;
1368 return 0;
1369 }
1370
1371 int cg_shift_path(const char *cgroup, const char *root, const char **shifted) {
1372 _cleanup_free_ char *rt = NULL;
1373 char *p;
1374 int r;
1375
1376 assert(cgroup);
1377 assert(shifted);
1378
1379 if (!root) {
1380 /* If the root was specified let's use that, otherwise
1381 * let's determine it from PID 1 */
1382
1383 r = cg_get_root_path(&rt);
1384 if (r < 0)
1385 return r;
1386
1387 root = rt;
1388 }
1389
1390 p = path_startswith(cgroup, root);
1391 if (p && p > cgroup)
1392 *shifted = p - 1;
1393 else
1394 *shifted = cgroup;
1395
1396 return 0;
1397 }
1398
1399 int cg_pid_get_path_shifted(pid_t pid, const char *root, char **cgroup) {
1400 _cleanup_free_ char *raw = NULL;
1401 const char *c;
1402 int r;
1403
1404 assert(pid >= 0);
1405 assert(cgroup);
1406
1407 r = cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, pid, &raw);
1408 if (r < 0)
1409 return r;
1410
1411 r = cg_shift_path(raw, root, &c);
1412 if (r < 0)
1413 return r;
1414
1415 if (c == raw)
1416 *cgroup = TAKE_PTR(raw);
1417 else {
1418 char *n;
1419
1420 n = strdup(c);
1421 if (!n)
1422 return -ENOMEM;
1423
1424 *cgroup = n;
1425 }
1426
1427 return 0;
1428 }
1429
1430 int cg_path_decode_unit(const char *cgroup, char **unit) {
1431 char *c, *s;
1432 size_t n;
1433
1434 assert(cgroup);
1435 assert(unit);
1436
1437 n = strcspn(cgroup, "/");
1438 if (n < 3)
1439 return -ENXIO;
1440
1441 c = strndupa(cgroup, n);
1442 c = cg_unescape(c);
1443
1444 if (!unit_name_is_valid(c, UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE))
1445 return -ENXIO;
1446
1447 s = strdup(c);
1448 if (!s)
1449 return -ENOMEM;
1450
1451 *unit = s;
1452 return 0;
1453 }
1454
1455 static bool valid_slice_name(const char *p, size_t n) {
1456
1457 if (!p)
1458 return false;
1459
1460 if (n < STRLEN("x.slice"))
1461 return false;
1462
1463 if (memcmp(p + n - 6, ".slice", 6) == 0) {
1464 char buf[n+1], *c;
1465
1466 memcpy(buf, p, n);
1467 buf[n] = 0;
1468
1469 c = cg_unescape(buf);
1470
1471 return unit_name_is_valid(c, UNIT_NAME_PLAIN);
1472 }
1473
1474 return false;
1475 }
1476
1477 static const char *skip_slices(const char *p) {
1478 assert(p);
1479
1480 /* Skips over all slice assignments */
1481
1482 for (;;) {
1483 size_t n;
1484
1485 p += strspn(p, "/");
1486
1487 n = strcspn(p, "/");
1488 if (!valid_slice_name(p, n))
1489 return p;
1490
1491 p += n;
1492 }
1493 }
1494
1495 int cg_path_get_unit(const char *path, char **ret) {
1496 const char *e;
1497 char *unit;
1498 int r;
1499
1500 assert(path);
1501 assert(ret);
1502
1503 e = skip_slices(path);
1504
1505 r = cg_path_decode_unit(e, &unit);
1506 if (r < 0)
1507 return r;
1508
1509 /* We skipped over the slices, don't accept any now */
1510 if (endswith(unit, ".slice")) {
1511 free(unit);
1512 return -ENXIO;
1513 }
1514
1515 *ret = unit;
1516 return 0;
1517 }
1518
1519 int cg_pid_get_unit(pid_t pid, char **unit) {
1520 _cleanup_free_ char *cgroup = NULL;
1521 int r;
1522
1523 assert(unit);
1524
1525 r = cg_pid_get_path_shifted(pid, NULL, &cgroup);
1526 if (r < 0)
1527 return r;
1528
1529 return cg_path_get_unit(cgroup, unit);
1530 }
1531
1532 /**
1533 * Skip session-*.scope, but require it to be there.
1534 */
1535 static const char *skip_session(const char *p) {
1536 size_t n;
1537
1538 if (isempty(p))
1539 return NULL;
1540
1541 p += strspn(p, "/");
1542
1543 n = strcspn(p, "/");
1544 if (n < STRLEN("session-x.scope"))
1545 return NULL;
1546
1547 if (memcmp(p, "session-", 8) == 0 && memcmp(p + n - 6, ".scope", 6) == 0) {
1548 char buf[n - 8 - 6 + 1];
1549
1550 memcpy(buf, p + 8, n - 8 - 6);
1551 buf[n - 8 - 6] = 0;
1552
1553 /* Note that session scopes never need unescaping,
1554 * since they cannot conflict with the kernel's own
1555 * names, hence we don't need to call cg_unescape()
1556 * here. */
1557
1558 if (!session_id_valid(buf))
1559 return false;
1560
1561 p += n;
1562 p += strspn(p, "/");
1563 return p;
1564 }
1565
1566 return NULL;
1567 }
1568
1569 /**
1570 * Skip user@*.service, but require it to be there.
1571 */
1572 static const char *skip_user_manager(const char *p) {
1573 size_t n;
1574
1575 if (isempty(p))
1576 return NULL;
1577
1578 p += strspn(p, "/");
1579
1580 n = strcspn(p, "/");
1581 if (n < STRLEN("user@x.service"))
1582 return NULL;
1583
1584 if (memcmp(p, "user@", 5) == 0 && memcmp(p + n - 8, ".service", 8) == 0) {
1585 char buf[n - 5 - 8 + 1];
1586
1587 memcpy(buf, p + 5, n - 5 - 8);
1588 buf[n - 5 - 8] = 0;
1589
1590 /* Note that user manager services never need unescaping,
1591 * since they cannot conflict with the kernel's own
1592 * names, hence we don't need to call cg_unescape()
1593 * here. */
1594
1595 if (parse_uid(buf, NULL) < 0)
1596 return NULL;
1597
1598 p += n;
1599 p += strspn(p, "/");
1600
1601 return p;
1602 }
1603
1604 return NULL;
1605 }
1606
1607 static const char *skip_user_prefix(const char *path) {
1608 const char *e, *t;
1609
1610 assert(path);
1611
1612 /* Skip slices, if there are any */
1613 e = skip_slices(path);
1614
1615 /* Skip the user manager, if it's in the path now... */
1616 t = skip_user_manager(e);
1617 if (t)
1618 return t;
1619
1620 /* Alternatively skip the user session if it is in the path... */
1621 return skip_session(e);
1622 }
1623
1624 int cg_path_get_user_unit(const char *path, char **ret) {
1625 const char *t;
1626
1627 assert(path);
1628 assert(ret);
1629
1630 t = skip_user_prefix(path);
1631 if (!t)
1632 return -ENXIO;
1633
1634 /* And from here on it looks pretty much the same as for a
1635 * system unit, hence let's use the same parser from here
1636 * on. */
1637 return cg_path_get_unit(t, ret);
1638 }
1639
1640 int cg_pid_get_user_unit(pid_t pid, char **unit) {
1641 _cleanup_free_ char *cgroup = NULL;
1642 int r;
1643
1644 assert(unit);
1645
1646 r = cg_pid_get_path_shifted(pid, NULL, &cgroup);
1647 if (r < 0)
1648 return r;
1649
1650 return cg_path_get_user_unit(cgroup, unit);
1651 }
1652
1653 int cg_path_get_machine_name(const char *path, char **machine) {
1654 _cleanup_free_ char *u = NULL;
1655 const char *sl;
1656 int r;
1657
1658 r = cg_path_get_unit(path, &u);
1659 if (r < 0)
1660 return r;
1661
1662 sl = strjoina("/run/systemd/machines/unit:", u);
1663 return readlink_malloc(sl, machine);
1664 }
1665
1666 int cg_pid_get_machine_name(pid_t pid, char **machine) {
1667 _cleanup_free_ char *cgroup = NULL;
1668 int r;
1669
1670 assert(machine);
1671
1672 r = cg_pid_get_path_shifted(pid, NULL, &cgroup);
1673 if (r < 0)
1674 return r;
1675
1676 return cg_path_get_machine_name(cgroup, machine);
1677 }
1678
1679 int cg_path_get_session(const char *path, char **session) {
1680 _cleanup_free_ char *unit = NULL;
1681 char *start, *end;
1682 int r;
1683
1684 assert(path);
1685
1686 r = cg_path_get_unit(path, &unit);
1687 if (r < 0)
1688 return r;
1689
1690 start = startswith(unit, "session-");
1691 if (!start)
1692 return -ENXIO;
1693 end = endswith(start, ".scope");
1694 if (!end)
1695 return -ENXIO;
1696
1697 *end = 0;
1698 if (!session_id_valid(start))
1699 return -ENXIO;
1700
1701 if (session) {
1702 char *rr;
1703
1704 rr = strdup(start);
1705 if (!rr)
1706 return -ENOMEM;
1707
1708 *session = rr;
1709 }
1710
1711 return 0;
1712 }
1713
1714 int cg_pid_get_session(pid_t pid, char **session) {
1715 _cleanup_free_ char *cgroup = NULL;
1716 int r;
1717
1718 r = cg_pid_get_path_shifted(pid, NULL, &cgroup);
1719 if (r < 0)
1720 return r;
1721
1722 return cg_path_get_session(cgroup, session);
1723 }
1724
1725 int cg_path_get_owner_uid(const char *path, uid_t *uid) {
1726 _cleanup_free_ char *slice = NULL;
1727 char *start, *end;
1728 int r;
1729
1730 assert(path);
1731
1732 r = cg_path_get_slice(path, &slice);
1733 if (r < 0)
1734 return r;
1735
1736 start = startswith(slice, "user-");
1737 if (!start)
1738 return -ENXIO;
1739 end = endswith(start, ".slice");
1740 if (!end)
1741 return -ENXIO;
1742
1743 *end = 0;
1744 if (parse_uid(start, uid) < 0)
1745 return -ENXIO;
1746
1747 return 0;
1748 }
1749
1750 int cg_pid_get_owner_uid(pid_t pid, uid_t *uid) {
1751 _cleanup_free_ char *cgroup = NULL;
1752 int r;
1753
1754 r = cg_pid_get_path_shifted(pid, NULL, &cgroup);
1755 if (r < 0)
1756 return r;
1757
1758 return cg_path_get_owner_uid(cgroup, uid);
1759 }
1760
1761 int cg_path_get_slice(const char *p, char **slice) {
1762 const char *e = NULL;
1763
1764 assert(p);
1765 assert(slice);
1766
1767 /* Finds the right-most slice unit from the beginning, but
1768 * stops before we come to the first non-slice unit. */
1769
1770 for (;;) {
1771 size_t n;
1772
1773 p += strspn(p, "/");
1774
1775 n = strcspn(p, "/");
1776 if (!valid_slice_name(p, n)) {
1777
1778 if (!e) {
1779 char *s;
1780
1781 s = strdup(SPECIAL_ROOT_SLICE);
1782 if (!s)
1783 return -ENOMEM;
1784
1785 *slice = s;
1786 return 0;
1787 }
1788
1789 return cg_path_decode_unit(e, slice);
1790 }
1791
1792 e = p;
1793 p += n;
1794 }
1795 }
1796
1797 int cg_pid_get_slice(pid_t pid, char **slice) {
1798 _cleanup_free_ char *cgroup = NULL;
1799 int r;
1800
1801 assert(slice);
1802
1803 r = cg_pid_get_path_shifted(pid, NULL, &cgroup);
1804 if (r < 0)
1805 return r;
1806
1807 return cg_path_get_slice(cgroup, slice);
1808 }
1809
1810 int cg_path_get_user_slice(const char *p, char **slice) {
1811 const char *t;
1812 assert(p);
1813 assert(slice);
1814
1815 t = skip_user_prefix(p);
1816 if (!t)
1817 return -ENXIO;
1818
1819 /* And now it looks pretty much the same as for a system
1820 * slice, so let's just use the same parser from here on. */
1821 return cg_path_get_slice(t, slice);
1822 }
1823
1824 int cg_pid_get_user_slice(pid_t pid, char **slice) {
1825 _cleanup_free_ char *cgroup = NULL;
1826 int r;
1827
1828 assert(slice);
1829
1830 r = cg_pid_get_path_shifted(pid, NULL, &cgroup);
1831 if (r < 0)
1832 return r;
1833
1834 return cg_path_get_user_slice(cgroup, slice);
1835 }
1836
1837 char *cg_escape(const char *p) {
1838 bool need_prefix = false;
1839
1840 /* This implements very minimal escaping for names to be used
1841 * as file names in the cgroup tree: any name which might
1842 * conflict with a kernel name or is prefixed with '_' is
1843 * prefixed with a '_'. That way, when reading cgroup names it
1844 * is sufficient to remove a single prefixing underscore if
1845 * there is one. */
1846
1847 /* The return value of this function (unlike cg_unescape())
1848 * needs free()! */
1849
1850 if (IN_SET(p[0], 0, '_', '.') ||
1851 streq(p, "notify_on_release") ||
1852 streq(p, "release_agent") ||
1853 streq(p, "tasks") ||
1854 startswith(p, "cgroup."))
1855 need_prefix = true;
1856 else {
1857 const char *dot;
1858
1859 dot = strrchr(p, '.');
1860 if (dot) {
1861 CGroupController c;
1862 size_t l = dot - p;
1863
1864 for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
1865 const char *n;
1866
1867 n = cgroup_controller_to_string(c);
1868
1869 if (l != strlen(n))
1870 continue;
1871
1872 if (memcmp(p, n, l) != 0)
1873 continue;
1874
1875 need_prefix = true;
1876 break;
1877 }
1878 }
1879 }
1880
1881 if (need_prefix)
1882 return strappend("_", p);
1883
1884 return strdup(p);
1885 }
1886
1887 char *cg_unescape(const char *p) {
1888 assert(p);
1889
1890 /* The return value of this function (unlike cg_escape())
1891 * doesn't need free()! */
1892
1893 if (p[0] == '_')
1894 return (char*) p+1;
1895
1896 return (char*) p;
1897 }
1898
1899 #define CONTROLLER_VALID \
1900 DIGITS LETTERS \
1901 "_"
1902
1903 bool cg_controller_is_valid(const char *p) {
1904 const char *t, *s;
1905
1906 if (!p)
1907 return false;
1908
1909 if (streq(p, SYSTEMD_CGROUP_CONTROLLER))
1910 return true;
1911
1912 s = startswith(p, "name=");
1913 if (s)
1914 p = s;
1915
1916 if (IN_SET(*p, 0, '_'))
1917 return false;
1918
1919 for (t = p; *t; t++)
1920 if (!strchr(CONTROLLER_VALID, *t))
1921 return false;
1922
1923 if (t - p > FILENAME_MAX)
1924 return false;
1925
1926 return true;
1927 }
1928
1929 int cg_slice_to_path(const char *unit, char **ret) {
1930 _cleanup_free_ char *p = NULL, *s = NULL, *e = NULL;
1931 const char *dash;
1932 int r;
1933
1934 assert(unit);
1935 assert(ret);
1936
1937 if (streq(unit, SPECIAL_ROOT_SLICE)) {
1938 char *x;
1939
1940 x = strdup("");
1941 if (!x)
1942 return -ENOMEM;
1943 *ret = x;
1944 return 0;
1945 }
1946
1947 if (!unit_name_is_valid(unit, UNIT_NAME_PLAIN))
1948 return -EINVAL;
1949
1950 if (!endswith(unit, ".slice"))
1951 return -EINVAL;
1952
1953 r = unit_name_to_prefix(unit, &p);
1954 if (r < 0)
1955 return r;
1956
1957 dash = strchr(p, '-');
1958
1959 /* Don't allow initial dashes */
1960 if (dash == p)
1961 return -EINVAL;
1962
1963 while (dash) {
1964 _cleanup_free_ char *escaped = NULL;
1965 char n[dash - p + sizeof(".slice")];
1966
1967 #if HAS_FEATURE_MEMORY_SANITIZER
1968 /* msan doesn't instrument stpncpy, so it thinks
1969 * n is later used unitialized:
1970 * https://github.com/google/sanitizers/issues/926
1971 */
1972 zero(n);
1973 #endif
1974
1975 /* Don't allow trailing or double dashes */
1976 if (IN_SET(dash[1], 0, '-'))
1977 return -EINVAL;
1978
1979 strcpy(stpncpy(n, p, dash - p), ".slice");
1980 if (!unit_name_is_valid(n, UNIT_NAME_PLAIN))
1981 return -EINVAL;
1982
1983 escaped = cg_escape(n);
1984 if (!escaped)
1985 return -ENOMEM;
1986
1987 if (!strextend(&s, escaped, "/", NULL))
1988 return -ENOMEM;
1989
1990 dash = strchr(dash+1, '-');
1991 }
1992
1993 e = cg_escape(unit);
1994 if (!e)
1995 return -ENOMEM;
1996
1997 if (!strextend(&s, e, NULL))
1998 return -ENOMEM;
1999
2000 *ret = TAKE_PTR(s);
2001
2002 return 0;
2003 }
2004
2005 int cg_set_attribute(const char *controller, const char *path, const char *attribute, const char *value) {
2006 _cleanup_free_ char *p = NULL;
2007 int r;
2008
2009 r = cg_get_path(controller, path, attribute, &p);
2010 if (r < 0)
2011 return r;
2012
2013 return write_string_file(p, value, 0);
2014 }
2015
2016 int cg_get_attribute(const char *controller, const char *path, const char *attribute, char **ret) {
2017 _cleanup_free_ char *p = NULL;
2018 int r;
2019
2020 r = cg_get_path(controller, path, attribute, &p);
2021 if (r < 0)
2022 return r;
2023
2024 return read_one_line_file(p, ret);
2025 }
2026
2027 int cg_get_keyed_attribute(
2028 const char *controller,
2029 const char *path,
2030 const char *attribute,
2031 char **keys,
2032 char **ret_values) {
2033
2034 _cleanup_free_ char *filename = NULL, *contents = NULL;
2035 const char *p;
2036 size_t n, i, n_done = 0;
2037 char **v;
2038 int r;
2039
2040 /* Reads one or more fields of a cgroupsv2 keyed attribute file. The 'keys' parameter should be an strv with
2041 * all keys to retrieve. The 'ret_values' parameter should be passed as string size with the same number of
2042 * entries as 'keys'. On success each entry will be set to the value of the matching key.
2043 *
2044 * If the attribute file doesn't exist at all returns ENOENT, if any key is not found returns ENXIO. */
2045
2046 r = cg_get_path(controller, path, attribute, &filename);
2047 if (r < 0)
2048 return r;
2049
2050 r = read_full_file(filename, &contents, NULL);
2051 if (r < 0)
2052 return r;
2053
2054 n = strv_length(keys);
2055 if (n == 0) /* No keys to retrieve? That's easy, we are done then */
2056 return 0;
2057
2058 /* Let's build this up in a temporary array for now in order not to clobber the return parameter on failure */
2059 v = newa0(char*, n);
2060
2061 for (p = contents; *p;) {
2062 const char *w = NULL;
2063
2064 for (i = 0; i < n; i++)
2065 if (!v[i]) {
2066 w = first_word(p, keys[i]);
2067 if (w)
2068 break;
2069 }
2070
2071 if (w) {
2072 size_t l;
2073
2074 l = strcspn(w, NEWLINE);
2075 v[i] = strndup(w, l);
2076 if (!v[i]) {
2077 r = -ENOMEM;
2078 goto fail;
2079 }
2080
2081 n_done++;
2082 if (n_done >= n)
2083 goto done;
2084
2085 p = w + l;
2086 } else
2087 p += strcspn(p, NEWLINE);
2088
2089 p += strspn(p, NEWLINE);
2090 }
2091
2092 r = -ENXIO;
2093
2094 fail:
2095 for (i = 0; i < n; i++)
2096 free(v[i]);
2097
2098 return r;
2099
2100 done:
2101 memcpy(ret_values, v, sizeof(char*) * n);
2102 return 0;
2103
2104 }
2105
2106 int cg_create_everywhere(CGroupMask supported, CGroupMask mask, const char *path) {
2107 CGroupController c;
2108 bool created;
2109 int r;
2110
2111 /* This one will create a cgroup in our private tree, but also
2112 * duplicate it in the trees specified in mask, and remove it
2113 * in all others.
2114 *
2115 * Returns 0 if the group already existed in the systemd hierarchy,
2116 * 1 on success, negative otherwise.
2117 */
2118
2119 /* First create the cgroup in our own hierarchy. */
2120 r = cg_create(SYSTEMD_CGROUP_CONTROLLER, path);
2121 if (r < 0)
2122 return r;
2123 created = !!r;
2124
2125 /* If we are in the unified hierarchy, we are done now */
2126 r = cg_all_unified();
2127 if (r < 0)
2128 return r;
2129 if (r > 0)
2130 return created;
2131
2132 /* Otherwise, do the same in the other hierarchies */
2133 for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
2134 CGroupMask bit = CGROUP_CONTROLLER_TO_MASK(c);
2135 const char *n;
2136
2137 n = cgroup_controller_to_string(c);
2138
2139 if (mask & bit)
2140 (void) cg_create(n, path);
2141 else if (supported & bit)
2142 (void) cg_trim(n, path, true);
2143 }
2144
2145 return created;
2146 }
2147
2148 int cg_attach_everywhere(CGroupMask supported, const char *path, pid_t pid, cg_migrate_callback_t path_callback, void *userdata) {
2149 CGroupController c;
2150 int r;
2151
2152 r = cg_attach(SYSTEMD_CGROUP_CONTROLLER, path, pid);
2153 if (r < 0)
2154 return r;
2155
2156 r = cg_all_unified();
2157 if (r < 0)
2158 return r;
2159 if (r > 0)
2160 return 0;
2161
2162 for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
2163 CGroupMask bit = CGROUP_CONTROLLER_TO_MASK(c);
2164 const char *p = NULL;
2165
2166 if (!(supported & bit))
2167 continue;
2168
2169 if (path_callback)
2170 p = path_callback(bit, userdata);
2171
2172 if (!p)
2173 p = path;
2174
2175 (void) cg_attach_fallback(cgroup_controller_to_string(c), p, pid);
2176 }
2177
2178 return 0;
2179 }
2180
2181 int cg_attach_many_everywhere(CGroupMask supported, const char *path, Set* pids, cg_migrate_callback_t path_callback, void *userdata) {
2182 Iterator i;
2183 void *pidp;
2184 int r = 0;
2185
2186 SET_FOREACH(pidp, pids, i) {
2187 pid_t pid = PTR_TO_PID(pidp);
2188 int q;
2189
2190 q = cg_attach_everywhere(supported, path, pid, path_callback, userdata);
2191 if (q < 0 && r >= 0)
2192 r = q;
2193 }
2194
2195 return r;
2196 }
2197
2198 int cg_migrate_everywhere(CGroupMask supported, const char *from, const char *to, cg_migrate_callback_t to_callback, void *userdata) {
2199 CGroupController c;
2200 int r = 0, q;
2201
2202 if (!path_equal(from, to)) {
2203 r = cg_migrate_recursive(SYSTEMD_CGROUP_CONTROLLER, from, SYSTEMD_CGROUP_CONTROLLER, to, CGROUP_REMOVE);
2204 if (r < 0)
2205 return r;
2206 }
2207
2208 q = cg_all_unified();
2209 if (q < 0)
2210 return q;
2211 if (q > 0)
2212 return r;
2213
2214 for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
2215 CGroupMask bit = CGROUP_CONTROLLER_TO_MASK(c);
2216 const char *p = NULL;
2217
2218 if (!(supported & bit))
2219 continue;
2220
2221 if (to_callback)
2222 p = to_callback(bit, userdata);
2223
2224 if (!p)
2225 p = to;
2226
2227 (void) cg_migrate_recursive_fallback(SYSTEMD_CGROUP_CONTROLLER, to, cgroup_controller_to_string(c), p, 0);
2228 }
2229
2230 return 0;
2231 }
2232
2233 int cg_trim_everywhere(CGroupMask supported, const char *path, bool delete_root) {
2234 CGroupController c;
2235 int r, q;
2236
2237 r = cg_trim(SYSTEMD_CGROUP_CONTROLLER, path, delete_root);
2238 if (r < 0)
2239 return r;
2240
2241 q = cg_all_unified();
2242 if (q < 0)
2243 return q;
2244 if (q > 0)
2245 return r;
2246
2247 for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
2248 CGroupMask bit = CGROUP_CONTROLLER_TO_MASK(c);
2249
2250 if (!(supported & bit))
2251 continue;
2252
2253 (void) cg_trim(cgroup_controller_to_string(c), path, delete_root);
2254 }
2255
2256 return 0;
2257 }
2258
2259 int cg_mask_to_string(CGroupMask mask, char **ret) {
2260 _cleanup_free_ char *s = NULL;
2261 size_t n = 0, allocated = 0;
2262 bool space = false;
2263 CGroupController c;
2264
2265 assert(ret);
2266
2267 if (mask == 0) {
2268 *ret = NULL;
2269 return 0;
2270 }
2271
2272 for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
2273 const char *k;
2274 size_t l;
2275
2276 if (!(mask & CGROUP_CONTROLLER_TO_MASK(c)))
2277 continue;
2278
2279 k = cgroup_controller_to_string(c);
2280 l = strlen(k);
2281
2282 if (!GREEDY_REALLOC(s, allocated, n + space + l + 1))
2283 return -ENOMEM;
2284
2285 if (space)
2286 s[n] = ' ';
2287 memcpy(s + n + space, k, l);
2288 n += space + l;
2289
2290 space = true;
2291 }
2292
2293 assert(s);
2294
2295 s[n] = 0;
2296 *ret = TAKE_PTR(s);
2297
2298 return 0;
2299 }
2300
2301 int cg_mask_from_string(const char *value, CGroupMask *mask) {
2302 assert(mask);
2303 assert(value);
2304
2305 for (;;) {
2306 _cleanup_free_ char *n = NULL;
2307 CGroupController v;
2308 int r;
2309
2310 r = extract_first_word(&value, &n, NULL, 0);
2311 if (r < 0)
2312 return r;
2313 if (r == 0)
2314 break;
2315
2316 v = cgroup_controller_from_string(n);
2317 if (v < 0)
2318 continue;
2319
2320 *mask |= CGROUP_CONTROLLER_TO_MASK(v);
2321 }
2322 return 0;
2323 }
2324
2325 int cg_mask_supported(CGroupMask *ret) {
2326 CGroupMask mask = 0;
2327 int r;
2328
2329 /* Determines the mask of supported cgroup controllers. Only
2330 * includes controllers we can make sense of and that are
2331 * actually accessible. */
2332
2333 r = cg_all_unified();
2334 if (r < 0)
2335 return r;
2336 if (r > 0) {
2337 _cleanup_free_ char *root = NULL, *controllers = NULL, *path = NULL;
2338
2339 /* In the unified hierarchy we can read the supported
2340 * and accessible controllers from a the top-level
2341 * cgroup attribute */
2342
2343 r = cg_get_root_path(&root);
2344 if (r < 0)
2345 return r;
2346
2347 r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, root, "cgroup.controllers", &path);
2348 if (r < 0)
2349 return r;
2350
2351 r = read_one_line_file(path, &controllers);
2352 if (r < 0)
2353 return r;
2354
2355 r = cg_mask_from_string(controllers, &mask);
2356 if (r < 0)
2357 return r;
2358
2359 /* Currently, we support the cpu, memory, io and pids
2360 * controller in the unified hierarchy, mask
2361 * everything else off. */
2362 mask &= CGROUP_MASK_CPU | CGROUP_MASK_MEMORY | CGROUP_MASK_IO | CGROUP_MASK_PIDS;
2363
2364 } else {
2365 CGroupController c;
2366
2367 /* In the legacy hierarchy, we check whether which
2368 * hierarchies are mounted. */
2369
2370 for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
2371 const char *n;
2372
2373 n = cgroup_controller_to_string(c);
2374 if (controller_is_accessible(n) >= 0)
2375 mask |= CGROUP_CONTROLLER_TO_MASK(c);
2376 }
2377 }
2378
2379 *ret = mask;
2380 return 0;
2381 }
2382
2383 int cg_kernel_controllers(Set **ret) {
2384 _cleanup_set_free_free_ Set *controllers = NULL;
2385 _cleanup_fclose_ FILE *f = NULL;
2386 int r;
2387
2388 assert(ret);
2389
2390 /* Determines the full list of kernel-known controllers. Might
2391 * include controllers we don't actually support, arbitrary
2392 * named hierarchies and controllers that aren't currently
2393 * accessible (because not mounted). */
2394
2395 controllers = set_new(&string_hash_ops);
2396 if (!controllers)
2397 return -ENOMEM;
2398
2399 f = fopen("/proc/cgroups", "re");
2400 if (!f) {
2401 if (errno == ENOENT) {
2402 *ret = NULL;
2403 return 0;
2404 }
2405
2406 return -errno;
2407 }
2408
2409 (void) __fsetlocking(f, FSETLOCKING_BYCALLER);
2410
2411 /* Ignore the header line */
2412 (void) read_line(f, (size_t) -1, NULL);
2413
2414 for (;;) {
2415 char *controller;
2416 int enabled = 0;
2417
2418 errno = 0;
2419 if (fscanf(f, "%ms %*i %*i %i", &controller, &enabled) != 2) {
2420
2421 if (feof(f))
2422 break;
2423
2424 if (ferror(f) && errno > 0)
2425 return -errno;
2426
2427 return -EBADMSG;
2428 }
2429
2430 if (!enabled) {
2431 free(controller);
2432 continue;
2433 }
2434
2435 if (!cg_controller_is_valid(controller)) {
2436 free(controller);
2437 return -EBADMSG;
2438 }
2439
2440 r = set_consume(controllers, controller);
2441 if (r < 0)
2442 return r;
2443 }
2444
2445 *ret = TAKE_PTR(controllers);
2446
2447 return 0;
2448 }
2449
2450 static thread_local CGroupUnified unified_cache = CGROUP_UNIFIED_UNKNOWN;
2451
2452 /* The hybrid mode was initially implemented in v232 and simply mounted cgroup v2 on /sys/fs/cgroup/systemd. This
2453 * unfortunately broke other tools (such as docker) which expected the v1 "name=systemd" hierarchy on
2454 * /sys/fs/cgroup/systemd. From v233 and on, the hybrid mode mountnbs v2 on /sys/fs/cgroup/unified and maintains
2455 * "name=systemd" hierarchy on /sys/fs/cgroup/systemd for compatibility with other tools.
2456 *
2457 * To keep live upgrade working, we detect and support v232 layout. When v232 layout is detected, to keep cgroup v2
2458 * process management but disable the compat dual layout, we return %true on
2459 * cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER) and %false on cg_hybrid_unified().
2460 */
2461 static thread_local bool unified_systemd_v232;
2462
2463 static int cg_unified_update(void) {
2464
2465 struct statfs fs;
2466
2467 /* Checks if we support the unified hierarchy. Returns an
2468 * error when the cgroup hierarchies aren't mounted yet or we
2469 * have any other trouble determining if the unified hierarchy
2470 * is supported. */
2471
2472 if (unified_cache >= CGROUP_UNIFIED_NONE)
2473 return 0;
2474
2475 if (statfs("/sys/fs/cgroup/", &fs) < 0)
2476 return log_debug_errno(errno, "statfs(\"/sys/fs/cgroup/\") failed: %m");
2477
2478 if (F_TYPE_EQUAL(fs.f_type, CGROUP2_SUPER_MAGIC)) {
2479 log_debug("Found cgroup2 on /sys/fs/cgroup/, full unified hierarchy");
2480 unified_cache = CGROUP_UNIFIED_ALL;
2481 } else if (F_TYPE_EQUAL(fs.f_type, TMPFS_MAGIC)) {
2482 if (statfs("/sys/fs/cgroup/unified/", &fs) == 0 &&
2483 F_TYPE_EQUAL(fs.f_type, CGROUP2_SUPER_MAGIC)) {
2484 log_debug("Found cgroup2 on /sys/fs/cgroup/unified, unified hierarchy for systemd controller");
2485 unified_cache = CGROUP_UNIFIED_SYSTEMD;
2486 unified_systemd_v232 = false;
2487 } else {
2488 if (statfs("/sys/fs/cgroup/systemd/", &fs) < 0)
2489 return log_debug_errno(errno, "statfs(\"/sys/fs/cgroup/systemd\" failed: %m");
2490
2491 if (F_TYPE_EQUAL(fs.f_type, CGROUP2_SUPER_MAGIC)) {
2492 log_debug("Found cgroup2 on /sys/fs/cgroup/systemd, unified hierarchy for systemd controller (v232 variant)");
2493 unified_cache = CGROUP_UNIFIED_SYSTEMD;
2494 unified_systemd_v232 = true;
2495 } else if (F_TYPE_EQUAL(fs.f_type, CGROUP_SUPER_MAGIC)) {
2496 log_debug("Found cgroup on /sys/fs/cgroup/systemd, legacy hierarchy");
2497 unified_cache = CGROUP_UNIFIED_NONE;
2498 } else {
2499 log_debug("Unexpected filesystem type %llx mounted on /sys/fs/cgroup/systemd, assuming legacy hierarchy",
2500 (unsigned long long) fs.f_type);
2501 unified_cache = CGROUP_UNIFIED_NONE;
2502 }
2503 }
2504 } else {
2505 log_debug("Unknown filesystem type %llx mounted on /sys/fs/cgroup.",
2506 (unsigned long long) fs.f_type);
2507 return -ENOMEDIUM;
2508 }
2509
2510 return 0;
2511 }
2512
2513 int cg_unified_controller(const char *controller) {
2514 int r;
2515
2516 r = cg_unified_update();
2517 if (r < 0)
2518 return r;
2519
2520 if (unified_cache == CGROUP_UNIFIED_NONE)
2521 return false;
2522
2523 if (unified_cache >= CGROUP_UNIFIED_ALL)
2524 return true;
2525
2526 return streq_ptr(controller, SYSTEMD_CGROUP_CONTROLLER);
2527 }
2528
2529 int cg_all_unified(void) {
2530 int r;
2531
2532 r = cg_unified_update();
2533 if (r < 0)
2534 return r;
2535
2536 return unified_cache >= CGROUP_UNIFIED_ALL;
2537 }
2538
2539 int cg_hybrid_unified(void) {
2540 int r;
2541
2542 r = cg_unified_update();
2543 if (r < 0)
2544 return r;
2545
2546 return unified_cache == CGROUP_UNIFIED_SYSTEMD && !unified_systemd_v232;
2547 }
2548
2549 int cg_unified_flush(void) {
2550 unified_cache = CGROUP_UNIFIED_UNKNOWN;
2551
2552 return cg_unified_update();
2553 }
2554
2555 int cg_enable_everywhere(CGroupMask supported, CGroupMask mask, const char *p) {
2556 _cleanup_fclose_ FILE *f = NULL;
2557 _cleanup_free_ char *fs = NULL;
2558 CGroupController c;
2559 int r;
2560
2561 assert(p);
2562
2563 if (supported == 0)
2564 return 0;
2565
2566 r = cg_all_unified();
2567 if (r < 0)
2568 return r;
2569 if (r == 0) /* on the legacy hiearchy there's no joining of controllers defined */
2570 return 0;
2571
2572 r = cg_get_path(SYSTEMD_CGROUP_CONTROLLER, p, "cgroup.subtree_control", &fs);
2573 if (r < 0)
2574 return r;
2575
2576 for (c = 0; c < _CGROUP_CONTROLLER_MAX; c++) {
2577 CGroupMask bit = CGROUP_CONTROLLER_TO_MASK(c);
2578 const char *n;
2579
2580 if (!(supported & bit))
2581 continue;
2582
2583 n = cgroup_controller_to_string(c);
2584 {
2585 char s[1 + strlen(n) + 1];
2586
2587 s[0] = mask & bit ? '+' : '-';
2588 strcpy(s + 1, n);
2589
2590 if (!f) {
2591 f = fopen(fs, "we");
2592 if (!f) {
2593 log_debug_errno(errno, "Failed to open cgroup.subtree_control file of %s: %m", p);
2594 break;
2595 }
2596 }
2597
2598 r = write_string_stream(f, s, 0);
2599 if (r < 0) {
2600 log_debug_errno(r, "Failed to enable controller %s for %s (%s): %m", n, p, fs);
2601 clearerr(f);
2602 }
2603 }
2604 }
2605
2606 return 0;
2607 }
2608
2609 bool cg_is_unified_wanted(void) {
2610 static thread_local int wanted = -1;
2611 int r;
2612 bool b;
2613 const bool is_default = DEFAULT_HIERARCHY == CGROUP_UNIFIED_ALL;
2614
2615 /* If we have a cached value, return that. */
2616 if (wanted >= 0)
2617 return wanted;
2618
2619 /* If the hierarchy is already mounted, then follow whatever
2620 * was chosen for it. */
2621 if (cg_unified_flush() >= 0)
2622 return (wanted = unified_cache >= CGROUP_UNIFIED_ALL);
2623
2624 /* Otherwise, let's see what the kernel command line has to say.
2625 * Since checking is expensive, cache a non-error result. */
2626 r = proc_cmdline_get_bool("systemd.unified_cgroup_hierarchy", &b);
2627
2628 return (wanted = r > 0 ? b : is_default);
2629 }
2630
2631 bool cg_is_legacy_wanted(void) {
2632 static thread_local int wanted = -1;
2633
2634 /* If we have a cached value, return that. */
2635 if (wanted >= 0)
2636 return wanted;
2637
2638 /* Check if we have cgroups2 already mounted. */
2639 if (cg_unified_flush() >= 0 &&
2640 unified_cache == CGROUP_UNIFIED_ALL)
2641 return (wanted = false);
2642
2643 /* Otherwise, assume that at least partial legacy is wanted,
2644 * since cgroups2 should already be mounted at this point. */
2645 return (wanted = true);
2646 }
2647
2648 bool cg_is_hybrid_wanted(void) {
2649 static thread_local int wanted = -1;
2650 int r;
2651 bool b;
2652 const bool is_default = DEFAULT_HIERARCHY >= CGROUP_UNIFIED_SYSTEMD;
2653 /* We default to true if the default is "hybrid", obviously,
2654 * but also when the default is "unified", because if we get
2655 * called, it means that unified hierarchy was not mounted. */
2656
2657 /* If we have a cached value, return that. */
2658 if (wanted >= 0)
2659 return wanted;
2660
2661 /* If the hierarchy is already mounted, then follow whatever
2662 * was chosen for it. */
2663 if (cg_unified_flush() >= 0 &&
2664 unified_cache == CGROUP_UNIFIED_ALL)
2665 return (wanted = false);
2666
2667 /* Otherwise, let's see what the kernel command line has to say.
2668 * Since checking is expensive, cache a non-error result. */
2669 r = proc_cmdline_get_bool("systemd.legacy_systemd_cgroup_controller", &b);
2670
2671 /* The meaning of the kernel option is reversed wrt. to the return value
2672 * of this function, hence the negation. */
2673 return (wanted = r > 0 ? !b : is_default);
2674 }
2675
2676 int cg_weight_parse(const char *s, uint64_t *ret) {
2677 uint64_t u;
2678 int r;
2679
2680 if (isempty(s)) {
2681 *ret = CGROUP_WEIGHT_INVALID;
2682 return 0;
2683 }
2684
2685 r = safe_atou64(s, &u);
2686 if (r < 0)
2687 return r;
2688
2689 if (u < CGROUP_WEIGHT_MIN || u > CGROUP_WEIGHT_MAX)
2690 return -ERANGE;
2691
2692 *ret = u;
2693 return 0;
2694 }
2695
2696 const uint64_t cgroup_io_limit_defaults[_CGROUP_IO_LIMIT_TYPE_MAX] = {
2697 [CGROUP_IO_RBPS_MAX] = CGROUP_LIMIT_MAX,
2698 [CGROUP_IO_WBPS_MAX] = CGROUP_LIMIT_MAX,
2699 [CGROUP_IO_RIOPS_MAX] = CGROUP_LIMIT_MAX,
2700 [CGROUP_IO_WIOPS_MAX] = CGROUP_LIMIT_MAX,
2701 };
2702
2703 static const char* const cgroup_io_limit_type_table[_CGROUP_IO_LIMIT_TYPE_MAX] = {
2704 [CGROUP_IO_RBPS_MAX] = "IOReadBandwidthMax",
2705 [CGROUP_IO_WBPS_MAX] = "IOWriteBandwidthMax",
2706 [CGROUP_IO_RIOPS_MAX] = "IOReadIOPSMax",
2707 [CGROUP_IO_WIOPS_MAX] = "IOWriteIOPSMax",
2708 };
2709
2710 DEFINE_STRING_TABLE_LOOKUP(cgroup_io_limit_type, CGroupIOLimitType);
2711
2712 int cg_cpu_shares_parse(const char *s, uint64_t *ret) {
2713 uint64_t u;
2714 int r;
2715
2716 if (isempty(s)) {
2717 *ret = CGROUP_CPU_SHARES_INVALID;
2718 return 0;
2719 }
2720
2721 r = safe_atou64(s, &u);
2722 if (r < 0)
2723 return r;
2724
2725 if (u < CGROUP_CPU_SHARES_MIN || u > CGROUP_CPU_SHARES_MAX)
2726 return -ERANGE;
2727
2728 *ret = u;
2729 return 0;
2730 }
2731
2732 int cg_blkio_weight_parse(const char *s, uint64_t *ret) {
2733 uint64_t u;
2734 int r;
2735
2736 if (isempty(s)) {
2737 *ret = CGROUP_BLKIO_WEIGHT_INVALID;
2738 return 0;
2739 }
2740
2741 r = safe_atou64(s, &u);
2742 if (r < 0)
2743 return r;
2744
2745 if (u < CGROUP_BLKIO_WEIGHT_MIN || u > CGROUP_BLKIO_WEIGHT_MAX)
2746 return -ERANGE;
2747
2748 *ret = u;
2749 return 0;
2750 }
2751
2752 bool is_cgroup_fs(const struct statfs *s) {
2753 return is_fs_type(s, CGROUP_SUPER_MAGIC) ||
2754 is_fs_type(s, CGROUP2_SUPER_MAGIC);
2755 }
2756
2757 bool fd_is_cgroup_fs(int fd) {
2758 struct statfs s;
2759
2760 if (fstatfs(fd, &s) < 0)
2761 return -errno;
2762
2763 return is_cgroup_fs(&s);
2764 }
2765
2766 static const char *cgroup_controller_table[_CGROUP_CONTROLLER_MAX] = {
2767 [CGROUP_CONTROLLER_CPU] = "cpu",
2768 [CGROUP_CONTROLLER_CPUACCT] = "cpuacct",
2769 [CGROUP_CONTROLLER_IO] = "io",
2770 [CGROUP_CONTROLLER_BLKIO] = "blkio",
2771 [CGROUP_CONTROLLER_MEMORY] = "memory",
2772 [CGROUP_CONTROLLER_DEVICES] = "devices",
2773 [CGROUP_CONTROLLER_PIDS] = "pids",
2774 };
2775
2776 DEFINE_STRING_TABLE_LOOKUP(cgroup_controller, CGroupController);