cgroup: fix cgroup_write_event_control()

81eeaf0411 ("cgroup: make cftype->[un]register_event() deal with
cgroup_subsys_state inst ead of cgroup") updated the cftype event
methods to take @css (cgroup_subsys_state) instead of @cgroup;
however, it incorrectly used @css passed to
cgroup_write_event_control(), which the dummy_css for the cgroup as
the file is a cgroup core file.  This leads to oops on event
registration.

Fix it by using the css matching the event target file.  Note that
cgroup_write_event_control() now disallows cgroup core files from
being event sources.  This is for simplicity and doesn't matter as
cgroup_event will be moved and made specific to memcg.

Signed-off-by: Tejun Heo <tj@kernel.org>
Acked-by: Li Zefan <lizefan@huawei.com>

diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index 896e035..ef43e3f 100644 (file)
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -4040,10 +4040,10 @@ static void cgroup_event_ptable_queue_proc(struct file *file,
  * Input must be in format '<event_fd> <control_fd> <args>'.
  * Interpretation of args is defined by control file implementation.
  */
-static int cgroup_write_event_control(struct cgroup_subsys_state *css,
+static int cgroup_write_event_control(struct cgroup_subsys_state *dummy_css,
                                      struct cftype *cft, const char *buffer)
 {
-       struct cgroup *cgrp = css->cgroup;
+       struct cgroup *cgrp = dummy_css->cgroup;
        struct cgroup_event *event;
        struct cgroup *cgrp_cfile;
        unsigned int efd, cfd;
@@ -4065,7 +4065,7 @@ static int cgroup_write_event_control(struct cgroup_subsys_state *css,
        event = kzalloc(sizeof(*event), GFP_KERNEL);
        if (!event)
                return -ENOMEM;
-       event->css = css;
+
        INIT_LIST_HEAD(&event->list);
        init_poll_funcptr(&event->pt, cgroup_event_ptable_queue_proc);
        init_waitqueue_func_entry(&event->wait, cgroup_event_wake);
@@ -4101,6 +4101,23 @@ static int cgroup_write_event_control(struct cgroup_subsys_state *css,
                goto out_put_cfile;
        }
 
+       if (!event->cft->ss) {
+               ret = -EBADF;
+               goto out_put_cfile;
+       }
+
+       /* determine the css of @cfile and associate @event with it */
+       rcu_read_lock();
+
+       ret = -EINVAL;
+       event->css = cgroup_css(cgrp, event->cft->ss->subsys_id);
+       if (event->css)
+               ret = 0;
+
+       rcu_read_unlock();
+       if (ret)
+               goto out_put_cfile;
+
        /*
         * The file to be monitored must be in the same cgroup as
         * cgroup.event_control is.
@@ -4116,7 +4133,7 @@ static int cgroup_write_event_control(struct cgroup_subsys_state *css,
                goto out_put_cfile;
        }
 
-       ret = event->cft->register_event(css, event->cft,
+       ret = event->cft->register_event(event->css, event->cft,
                        event->eventfd, buffer);
        if (ret)
                goto out_put_cfile;