1 // SPDX-License-Identifier: GPL-2.0-only
3 * "splice": joining two ropes together by interweaving their strands.
5 * This is the "extended pipe" functionality, where a pipe is used as
6 * an arbitrary in-memory buffer. Think of a pipe as a small kernel
7 * buffer that you can use to transfer data from one end to the other.
9 * The traditional unix read/write is extended with a "splice()" operation
10 * that transfers data buffers to or from a pipe buffer.
12 * Named by Larry McVoy, original implementation from Linus, extended by
13 * Jens to support splicing to files, network, direct splicing, etc and
14 * fixing lots of bugs.
16 * Copyright (C) 2005-2006 Jens Axboe <axboe@kernel.dk>
17 * Copyright (C) 2005-2006 Linus Torvalds <torvalds@osdl.org>
18 * Copyright (C) 2006 Ingo Molnar <mingo@elte.hu>
21 #include <linux/bvec.h>
23 #include <linux/file.h>
24 #include <linux/pagemap.h>
25 #include <linux/splice.h>
26 #include <linux/memcontrol.h>
27 #include <linux/mm_inline.h>
28 #include <linux/swap.h>
29 #include <linux/writeback.h>
30 #include <linux/export.h>
31 #include <linux/syscalls.h>
32 #include <linux/uio.h>
33 #include <linux/security.h>
34 #include <linux/gfp.h>
35 #include <linux/socket.h>
36 #include <linux/compat.h>
37 #include <linux/sched/signal.h>
42 * Attempt to steal a page from a pipe buffer. This should perhaps go into
43 * a vm helper function, it's already simplified quite a bit by the
44 * addition of remove_mapping(). If success is returned, the caller may
45 * attempt to reuse this page for another destination.
47 static bool page_cache_pipe_buf_try_steal(struct pipe_inode_info *pipe,
48 struct pipe_buffer *buf)
50 struct page *page = buf->page;
51 struct address_space *mapping;
55 mapping = page_mapping(page);
57 WARN_ON(!PageUptodate(page));
60 * At least for ext2 with nobh option, we need to wait on
61 * writeback completing on this page, since we'll remove it
62 * from the pagecache. Otherwise truncate wont wait on the
63 * page, allowing the disk blocks to be reused by someone else
64 * before we actually wrote our data to them. fs corruption
67 wait_on_page_writeback(page);
69 if (page_has_private(page) &&
70 !try_to_release_page(page, GFP_KERNEL))
74 * If we succeeded in removing the mapping, set LRU flag
77 if (remove_mapping(mapping, page)) {
78 buf->flags |= PIPE_BUF_FLAG_LRU;
84 * Raced with truncate or failed to remove page from current
85 * address space, unlock and return failure.
92 static void page_cache_pipe_buf_release(struct pipe_inode_info *pipe,
93 struct pipe_buffer *buf)
96 buf->flags &= ~PIPE_BUF_FLAG_LRU;
100 * Check whether the contents of buf is OK to access. Since the content
101 * is a page cache page, IO may be in flight.
103 static int page_cache_pipe_buf_confirm(struct pipe_inode_info *pipe,
104 struct pipe_buffer *buf)
106 struct page *page = buf->page;
109 if (!PageUptodate(page)) {
113 * Page got truncated/unhashed. This will cause a 0-byte
114 * splice, if this is the first page.
116 if (!page->mapping) {
122 * Uh oh, read-error from disk.
124 if (!PageUptodate(page)) {
130 * Page is ok afterall, we are done.
141 const struct pipe_buf_operations page_cache_pipe_buf_ops = {
142 .confirm = page_cache_pipe_buf_confirm,
143 .release = page_cache_pipe_buf_release,
144 .try_steal = page_cache_pipe_buf_try_steal,
145 .get = generic_pipe_buf_get,
148 static bool user_page_pipe_buf_try_steal(struct pipe_inode_info *pipe,
149 struct pipe_buffer *buf)
151 if (!(buf->flags & PIPE_BUF_FLAG_GIFT))
154 buf->flags |= PIPE_BUF_FLAG_LRU;
155 return generic_pipe_buf_try_steal(pipe, buf);
158 static const struct pipe_buf_operations user_page_pipe_buf_ops = {
159 .release = page_cache_pipe_buf_release,
160 .try_steal = user_page_pipe_buf_try_steal,
161 .get = generic_pipe_buf_get,
164 static void wakeup_pipe_readers(struct pipe_inode_info *pipe)
167 if (waitqueue_active(&pipe->rd_wait))
168 wake_up_interruptible(&pipe->rd_wait);
169 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
173 * splice_to_pipe - fill passed data into a pipe
174 * @pipe: pipe to fill
178 * @spd contains a map of pages and len/offset tuples, along with
179 * the struct pipe_buf_operations associated with these pages. This
180 * function will link that data to the pipe.
183 ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
184 struct splice_pipe_desc *spd)
186 unsigned int spd_pages = spd->nr_pages;
187 unsigned int tail = pipe->tail;
188 unsigned int head = pipe->head;
189 unsigned int mask = pipe->ring_size - 1;
190 int ret = 0, page_nr = 0;
195 if (unlikely(!pipe->readers)) {
196 send_sig(SIGPIPE, current, 0);
201 while (!pipe_full(head, tail, pipe->max_usage)) {
202 struct pipe_buffer *buf = &pipe->bufs[head & mask];
204 buf->page = spd->pages[page_nr];
205 buf->offset = spd->partial[page_nr].offset;
206 buf->len = spd->partial[page_nr].len;
207 buf->private = spd->partial[page_nr].private;
216 if (!--spd->nr_pages)
224 while (page_nr < spd_pages)
225 spd->spd_release(spd, page_nr++);
229 EXPORT_SYMBOL_GPL(splice_to_pipe);
231 ssize_t add_to_pipe(struct pipe_inode_info *pipe, struct pipe_buffer *buf)
233 unsigned int head = pipe->head;
234 unsigned int tail = pipe->tail;
235 unsigned int mask = pipe->ring_size - 1;
238 if (unlikely(!pipe->readers)) {
239 send_sig(SIGPIPE, current, 0);
241 } else if (pipe_full(head, tail, pipe->max_usage)) {
244 pipe->bufs[head & mask] = *buf;
245 pipe->head = head + 1;
248 pipe_buf_release(pipe, buf);
251 EXPORT_SYMBOL(add_to_pipe);
254 * Check if we need to grow the arrays holding pages and partial page
257 int splice_grow_spd(const struct pipe_inode_info *pipe, struct splice_pipe_desc *spd)
259 unsigned int max_usage = READ_ONCE(pipe->max_usage);
261 spd->nr_pages_max = max_usage;
262 if (max_usage <= PIPE_DEF_BUFFERS)
265 spd->pages = kmalloc_array(max_usage, sizeof(struct page *), GFP_KERNEL);
266 spd->partial = kmalloc_array(max_usage, sizeof(struct partial_page),
269 if (spd->pages && spd->partial)
277 void splice_shrink_spd(struct splice_pipe_desc *spd)
279 if (spd->nr_pages_max <= PIPE_DEF_BUFFERS)
287 * generic_file_splice_read - splice data from file to a pipe
288 * @in: file to splice from
289 * @ppos: position in @in
290 * @pipe: pipe to splice to
291 * @len: number of bytes to splice
292 * @flags: splice modifier flags
295 * Will read pages from given file and fill them into a pipe. Can be
296 * used as long as it has more or less sane ->read_iter().
299 ssize_t generic_file_splice_read(struct file *in, loff_t *ppos,
300 struct pipe_inode_info *pipe, size_t len,
308 iov_iter_pipe(&to, READ, pipe, len);
310 init_sync_kiocb(&kiocb, in);
311 kiocb.ki_pos = *ppos;
312 ret = call_read_iter(in, &kiocb, &to);
314 *ppos = kiocb.ki_pos;
316 } else if (ret < 0) {
319 iov_iter_advance(&to, 0); /* to free what was emitted */
321 * callers of ->splice_read() expect -EAGAIN on
322 * "can't put anything in there", rather than -EFAULT.
330 EXPORT_SYMBOL(generic_file_splice_read);
332 const struct pipe_buf_operations default_pipe_buf_ops = {
333 .release = generic_pipe_buf_release,
334 .try_steal = generic_pipe_buf_try_steal,
335 .get = generic_pipe_buf_get,
338 /* Pipe buffer operations for a socket and similar. */
339 const struct pipe_buf_operations nosteal_pipe_buf_ops = {
340 .release = generic_pipe_buf_release,
341 .get = generic_pipe_buf_get,
343 EXPORT_SYMBOL(nosteal_pipe_buf_ops);
346 * Send 'sd->len' bytes to socket from 'sd->file' at position 'sd->pos'
347 * using sendpage(). Return the number of bytes sent.
349 static int pipe_to_sendpage(struct pipe_inode_info *pipe,
350 struct pipe_buffer *buf, struct splice_desc *sd)
352 struct file *file = sd->u.file;
353 loff_t pos = sd->pos;
356 if (!likely(file->f_op->sendpage))
359 more = (sd->flags & SPLICE_F_MORE) ? MSG_MORE : 0;
361 if (sd->len < sd->total_len &&
362 pipe_occupancy(pipe->head, pipe->tail) > 1)
363 more |= MSG_SENDPAGE_NOTLAST;
365 return file->f_op->sendpage(file, buf->page, buf->offset,
366 sd->len, &pos, more);
369 static void wakeup_pipe_writers(struct pipe_inode_info *pipe)
372 if (waitqueue_active(&pipe->wr_wait))
373 wake_up_interruptible(&pipe->wr_wait);
374 kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
378 * splice_from_pipe_feed - feed available data from a pipe to a file
379 * @pipe: pipe to splice from
380 * @sd: information to @actor
381 * @actor: handler that splices the data
384 * This function loops over the pipe and calls @actor to do the
385 * actual moving of a single struct pipe_buffer to the desired
386 * destination. It returns when there's no more buffers left in
387 * the pipe or if the requested number of bytes (@sd->total_len)
388 * have been copied. It returns a positive number (one) if the
389 * pipe needs to be filled with more data, zero if the required
390 * number of bytes have been copied and -errno on error.
392 * This, together with splice_from_pipe_{begin,end,next}, may be
393 * used to implement the functionality of __splice_from_pipe() when
394 * locking is required around copying the pipe buffers to the
397 static int splice_from_pipe_feed(struct pipe_inode_info *pipe, struct splice_desc *sd,
400 unsigned int head = pipe->head;
401 unsigned int tail = pipe->tail;
402 unsigned int mask = pipe->ring_size - 1;
405 while (!pipe_empty(head, tail)) {
406 struct pipe_buffer *buf = &pipe->bufs[tail & mask];
409 if (sd->len > sd->total_len)
410 sd->len = sd->total_len;
412 ret = pipe_buf_confirm(pipe, buf);
419 ret = actor(pipe, buf, sd);
426 sd->num_spliced += ret;
429 sd->total_len -= ret;
432 pipe_buf_release(pipe, buf);
436 sd->need_wakeup = true;
447 * splice_from_pipe_next - wait for some data to splice from
448 * @pipe: pipe to splice from
449 * @sd: information about the splice operation
452 * This function will wait for some data and return a positive
453 * value (one) if pipe buffers are available. It will return zero
454 * or -errno if no more data needs to be spliced.
456 static int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_desc *sd)
459 * Check for signal early to make process killable when there are
460 * always buffers available
462 if (signal_pending(current))
465 while (pipe_empty(pipe->head, pipe->tail)) {
472 if (sd->flags & SPLICE_F_NONBLOCK)
475 if (signal_pending(current))
478 if (sd->need_wakeup) {
479 wakeup_pipe_writers(pipe);
480 sd->need_wakeup = false;
490 * splice_from_pipe_begin - start splicing from pipe
491 * @sd: information about the splice operation
494 * This function should be called before a loop containing
495 * splice_from_pipe_next() and splice_from_pipe_feed() to
496 * initialize the necessary fields of @sd.
498 static void splice_from_pipe_begin(struct splice_desc *sd)
501 sd->need_wakeup = false;
505 * splice_from_pipe_end - finish splicing from pipe
506 * @pipe: pipe to splice from
507 * @sd: information about the splice operation
510 * This function will wake up pipe writers if necessary. It should
511 * be called after a loop containing splice_from_pipe_next() and
512 * splice_from_pipe_feed().
514 static void splice_from_pipe_end(struct pipe_inode_info *pipe, struct splice_desc *sd)
517 wakeup_pipe_writers(pipe);
521 * __splice_from_pipe - splice data from a pipe to given actor
522 * @pipe: pipe to splice from
523 * @sd: information to @actor
524 * @actor: handler that splices the data
527 * This function does little more than loop over the pipe and call
528 * @actor to do the actual moving of a single struct pipe_buffer to
529 * the desired destination. See pipe_to_file, pipe_to_sendpage, or
533 ssize_t __splice_from_pipe(struct pipe_inode_info *pipe, struct splice_desc *sd,
538 splice_from_pipe_begin(sd);
541 ret = splice_from_pipe_next(pipe, sd);
543 ret = splice_from_pipe_feed(pipe, sd, actor);
545 splice_from_pipe_end(pipe, sd);
547 return sd->num_spliced ? sd->num_spliced : ret;
549 EXPORT_SYMBOL(__splice_from_pipe);
552 * splice_from_pipe - splice data from a pipe to a file
553 * @pipe: pipe to splice from
554 * @out: file to splice to
555 * @ppos: position in @out
556 * @len: how many bytes to splice
557 * @flags: splice modifier flags
558 * @actor: handler that splices the data
561 * See __splice_from_pipe. This function locks the pipe inode,
562 * otherwise it's identical to __splice_from_pipe().
565 ssize_t splice_from_pipe(struct pipe_inode_info *pipe, struct file *out,
566 loff_t *ppos, size_t len, unsigned int flags,
570 struct splice_desc sd = {
578 ret = __splice_from_pipe(pipe, &sd, actor);
585 * iter_file_splice_write - splice data from a pipe to a file
587 * @out: file to write to
588 * @ppos: position in @out
589 * @len: number of bytes to splice
590 * @flags: splice modifier flags
593 * Will either move or copy pages (determined by @flags options) from
594 * the given pipe inode to the given file.
595 * This one is ->write_iter-based.
599 iter_file_splice_write(struct pipe_inode_info *pipe, struct file *out,
600 loff_t *ppos, size_t len, unsigned int flags)
602 struct splice_desc sd = {
608 int nbufs = pipe->max_usage;
609 struct bio_vec *array = kcalloc(nbufs, sizeof(struct bio_vec),
613 if (unlikely(!array))
618 splice_from_pipe_begin(&sd);
619 while (sd.total_len) {
620 struct iov_iter from;
621 unsigned int head, tail, mask;
625 ret = splice_from_pipe_next(pipe, &sd);
629 if (unlikely(nbufs < pipe->max_usage)) {
631 nbufs = pipe->max_usage;
632 array = kcalloc(nbufs, sizeof(struct bio_vec),
642 mask = pipe->ring_size - 1;
644 /* build the vector */
646 for (n = 0; !pipe_empty(head, tail) && left && n < nbufs; tail++, n++) {
647 struct pipe_buffer *buf = &pipe->bufs[tail & mask];
648 size_t this_len = buf->len;
653 ret = pipe_buf_confirm(pipe, buf);
660 array[n].bv_page = buf->page;
661 array[n].bv_len = this_len;
662 array[n].bv_offset = buf->offset;
666 iov_iter_bvec(&from, WRITE, array, n, sd.total_len - left);
667 ret = vfs_iter_write(out, &from, &sd.pos, 0);
671 sd.num_spliced += ret;
675 /* dismiss the fully eaten buffers, adjust the partial one */
678 struct pipe_buffer *buf = &pipe->bufs[tail & mask];
679 if (ret >= buf->len) {
682 pipe_buf_release(pipe, buf);
686 sd.need_wakeup = true;
696 splice_from_pipe_end(pipe, &sd);
701 ret = sd.num_spliced;
706 EXPORT_SYMBOL(iter_file_splice_write);
709 * generic_splice_sendpage - splice data from a pipe to a socket
710 * @pipe: pipe to splice from
711 * @out: socket to write to
712 * @ppos: position in @out
713 * @len: number of bytes to splice
714 * @flags: splice modifier flags
717 * Will send @len bytes from the pipe to a network socket. No data copying
721 ssize_t generic_splice_sendpage(struct pipe_inode_info *pipe, struct file *out,
722 loff_t *ppos, size_t len, unsigned int flags)
724 return splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_sendpage);
727 EXPORT_SYMBOL(generic_splice_sendpage);
729 static int warn_unsupported(struct file *file, const char *op)
731 pr_debug_ratelimited(
732 "splice %s not supported for file %pD4 (pid: %d comm: %.20s)\n",
733 op, file, current->pid, current->comm);
738 * Attempt to initiate a splice from pipe to file.
740 static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
741 loff_t *ppos, size_t len, unsigned int flags)
743 if (unlikely(!out->f_op->splice_write))
744 return warn_unsupported(out, "write");
745 return out->f_op->splice_write(pipe, out, ppos, len, flags);
749 * Attempt to initiate a splice from a file to a pipe.
751 static long do_splice_to(struct file *in, loff_t *ppos,
752 struct pipe_inode_info *pipe, size_t len,
757 if (unlikely(!(in->f_mode & FMODE_READ)))
760 ret = rw_verify_area(READ, in, ppos, len);
761 if (unlikely(ret < 0))
764 if (unlikely(len > MAX_RW_COUNT))
767 if (unlikely(!in->f_op->splice_read))
768 return warn_unsupported(in, "read");
769 return in->f_op->splice_read(in, ppos, pipe, len, flags);
773 * splice_direct_to_actor - splices data directly between two non-pipes
774 * @in: file to splice from
775 * @sd: actor information on where to splice to
776 * @actor: handles the data splicing
779 * This is a special case helper to splice directly between two
780 * points, without requiring an explicit pipe. Internally an allocated
781 * pipe is cached in the process, and reused during the lifetime of
785 ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
786 splice_direct_actor *actor)
788 struct pipe_inode_info *pipe;
795 * We require the input being a regular file, as we don't want to
796 * randomly drop data for eg socket -> socket splicing. Use the
797 * piped splicing for that!
799 i_mode = file_inode(in)->i_mode;
800 if (unlikely(!S_ISREG(i_mode) && !S_ISBLK(i_mode)))
804 * neither in nor out is a pipe, setup an internal pipe attached to
805 * 'out' and transfer the wanted data from 'in' to 'out' through that
807 pipe = current->splice_pipe;
808 if (unlikely(!pipe)) {
809 pipe = alloc_pipe_info();
814 * We don't have an immediate reader, but we'll read the stuff
815 * out of the pipe right after the splice_to_pipe(). So set
816 * PIPE_READERS appropriately.
820 current->splice_pipe = pipe;
832 * Don't block on output, we have to drain the direct pipe.
834 sd->flags &= ~SPLICE_F_NONBLOCK;
835 more = sd->flags & SPLICE_F_MORE;
837 WARN_ON_ONCE(!pipe_empty(pipe->head, pipe->tail));
840 unsigned int p_space;
842 loff_t pos = sd->pos, prev_pos = pos;
844 /* Don't try to read more the pipe has space for. */
845 p_space = pipe->max_usage -
846 pipe_occupancy(pipe->head, pipe->tail);
847 read_len = min_t(size_t, len, p_space << PAGE_SHIFT);
848 ret = do_splice_to(in, &pos, pipe, read_len, flags);
849 if (unlikely(ret <= 0))
853 sd->total_len = read_len;
856 * If more data is pending, set SPLICE_F_MORE
857 * If this is the last data and SPLICE_F_MORE was not set
858 * initially, clears it.
861 sd->flags |= SPLICE_F_MORE;
863 sd->flags &= ~SPLICE_F_MORE;
865 * NOTE: nonblocking mode only applies to the input. We
866 * must not do the output in nonblocking mode as then we
867 * could get stuck data in the internal pipe:
869 ret = actor(pipe, sd);
870 if (unlikely(ret <= 0)) {
879 if (ret < read_len) {
880 sd->pos = prev_pos + ret;
886 pipe->tail = pipe->head = 0;
892 * If we did an incomplete transfer we must release
893 * the pipe buffers in question:
895 for (i = 0; i < pipe->ring_size; i++) {
896 struct pipe_buffer *buf = &pipe->bufs[i];
899 pipe_buf_release(pipe, buf);
907 EXPORT_SYMBOL(splice_direct_to_actor);
909 static int direct_splice_actor(struct pipe_inode_info *pipe,
910 struct splice_desc *sd)
912 struct file *file = sd->u.file;
914 return do_splice_from(pipe, file, sd->opos, sd->total_len,
919 * do_splice_direct - splices data directly between two files
920 * @in: file to splice from
921 * @ppos: input file offset
922 * @out: file to splice to
923 * @opos: output file offset
924 * @len: number of bytes to splice
925 * @flags: splice modifier flags
928 * For use by do_sendfile(). splice can easily emulate sendfile, but
929 * doing it in the application would incur an extra system call
930 * (splice in + splice out, as compared to just sendfile()). So this helper
931 * can splice directly through a process-private pipe.
934 long do_splice_direct(struct file *in, loff_t *ppos, struct file *out,
935 loff_t *opos, size_t len, unsigned int flags)
937 struct splice_desc sd = {
947 if (unlikely(!(out->f_mode & FMODE_WRITE)))
950 if (unlikely(out->f_flags & O_APPEND))
953 ret = rw_verify_area(WRITE, out, opos, len);
954 if (unlikely(ret < 0))
957 ret = splice_direct_to_actor(in, &sd, direct_splice_actor);
963 EXPORT_SYMBOL(do_splice_direct);
965 static int wait_for_space(struct pipe_inode_info *pipe, unsigned flags)
968 if (unlikely(!pipe->readers)) {
969 send_sig(SIGPIPE, current, 0);
972 if (!pipe_full(pipe->head, pipe->tail, pipe->max_usage))
974 if (flags & SPLICE_F_NONBLOCK)
976 if (signal_pending(current))
982 static int splice_pipe_to_pipe(struct pipe_inode_info *ipipe,
983 struct pipe_inode_info *opipe,
984 size_t len, unsigned int flags);
987 * Determine where to splice to/from.
989 long do_splice(struct file *in, loff_t __user *off_in,
990 struct file *out, loff_t __user *off_out,
991 size_t len, unsigned int flags)
993 struct pipe_inode_info *ipipe;
994 struct pipe_inode_info *opipe;
998 if (unlikely(!(in->f_mode & FMODE_READ) ||
999 !(out->f_mode & FMODE_WRITE)))
1002 ipipe = get_pipe_info(in, true);
1003 opipe = get_pipe_info(out, true);
1005 if (ipipe && opipe) {
1006 if (off_in || off_out)
1009 /* Splicing to self would be fun, but... */
1013 if ((in->f_flags | out->f_flags) & O_NONBLOCK)
1014 flags |= SPLICE_F_NONBLOCK;
1016 return splice_pipe_to_pipe(ipipe, opipe, len, flags);
1023 if (!(out->f_mode & FMODE_PWRITE))
1025 if (copy_from_user(&offset, off_out, sizeof(loff_t)))
1028 offset = out->f_pos;
1031 if (unlikely(out->f_flags & O_APPEND))
1034 ret = rw_verify_area(WRITE, out, &offset, len);
1035 if (unlikely(ret < 0))
1038 if (in->f_flags & O_NONBLOCK)
1039 flags |= SPLICE_F_NONBLOCK;
1041 file_start_write(out);
1042 ret = do_splice_from(ipipe, out, &offset, len, flags);
1043 file_end_write(out);
1046 out->f_pos = offset;
1047 else if (copy_to_user(off_out, &offset, sizeof(loff_t)))
1057 if (!(in->f_mode & FMODE_PREAD))
1059 if (copy_from_user(&offset, off_in, sizeof(loff_t)))
1065 if (out->f_flags & O_NONBLOCK)
1066 flags |= SPLICE_F_NONBLOCK;
1069 ret = wait_for_space(opipe, flags);
1071 unsigned int p_space;
1073 /* Don't try to read more the pipe has space for. */
1074 p_space = opipe->max_usage - pipe_occupancy(opipe->head, opipe->tail);
1075 len = min_t(size_t, len, p_space << PAGE_SHIFT);
1077 ret = do_splice_to(in, &offset, opipe, len, flags);
1081 wakeup_pipe_readers(opipe);
1084 else if (copy_to_user(off_in, &offset, sizeof(loff_t)))
1093 static int iter_to_pipe(struct iov_iter *from,
1094 struct pipe_inode_info *pipe,
1097 struct pipe_buffer buf = {
1098 .ops = &user_page_pipe_buf_ops,
1103 bool failed = false;
1105 while (iov_iter_count(from) && !failed) {
1106 struct page *pages[16];
1111 copied = iov_iter_get_pages(from, pages, ~0UL, 16, &start);
1117 for (n = 0; copied; n++, start = 0) {
1118 int size = min_t(int, copied, PAGE_SIZE - start);
1120 buf.page = pages[n];
1123 ret = add_to_pipe(pipe, &buf);
1124 if (unlikely(ret < 0)) {
1127 iov_iter_advance(from, ret);
1136 return total ? total : ret;
1139 static int pipe_to_user(struct pipe_inode_info *pipe, struct pipe_buffer *buf,
1140 struct splice_desc *sd)
1142 int n = copy_page_to_iter(buf->page, buf->offset, sd->len, sd->u.data);
1143 return n == sd->len ? n : -EFAULT;
1147 * For lack of a better implementation, implement vmsplice() to userspace
1148 * as a simple copy of the pipes pages to the user iov.
1150 static long vmsplice_to_user(struct file *file, struct iov_iter *iter,
1153 struct pipe_inode_info *pipe = get_pipe_info(file, true);
1154 struct splice_desc sd = {
1155 .total_len = iov_iter_count(iter),
1166 ret = __splice_from_pipe(pipe, &sd, pipe_to_user);
1174 * vmsplice splices a user address range into a pipe. It can be thought of
1175 * as splice-from-memory, where the regular splice is splice-from-file (or
1176 * to file). In both cases the output is a pipe, naturally.
1178 static long vmsplice_to_pipe(struct file *file, struct iov_iter *iter,
1181 struct pipe_inode_info *pipe;
1183 unsigned buf_flag = 0;
1185 if (flags & SPLICE_F_GIFT)
1186 buf_flag = PIPE_BUF_FLAG_GIFT;
1188 pipe = get_pipe_info(file, true);
1193 ret = wait_for_space(pipe, flags);
1195 ret = iter_to_pipe(iter, pipe, buf_flag);
1198 wakeup_pipe_readers(pipe);
1202 static int vmsplice_type(struct fd f, int *type)
1206 if (f.file->f_mode & FMODE_WRITE) {
1208 } else if (f.file->f_mode & FMODE_READ) {
1218 * Note that vmsplice only really supports true splicing _from_ user memory
1219 * to a pipe, not the other way around. Splicing from user memory is a simple
1220 * operation that can be supported without any funky alignment restrictions
1221 * or nasty vm tricks. We simply map in the user memory and fill them into
1222 * a pipe. The reverse isn't quite as easy, though. There are two possible
1223 * solutions for that:
1225 * - memcpy() the data internally, at which point we might as well just
1226 * do a regular read() on the buffer anyway.
1227 * - Lots of nasty vm tricks, that are neither fast nor flexible (it
1228 * has restriction limitations on both ends of the pipe).
1230 * Currently we punt and implement it as a normal copy, see pipe_to_user().
1233 static long do_vmsplice(struct file *f, struct iov_iter *iter, unsigned int flags)
1235 if (unlikely(flags & ~SPLICE_F_ALL))
1238 if (!iov_iter_count(iter))
1241 if (iov_iter_rw(iter) == WRITE)
1242 return vmsplice_to_pipe(f, iter, flags);
1244 return vmsplice_to_user(f, iter, flags);
1247 SYSCALL_DEFINE4(vmsplice, int, fd, const struct iovec __user *, uiov,
1248 unsigned long, nr_segs, unsigned int, flags)
1250 struct iovec iovstack[UIO_FASTIOV];
1251 struct iovec *iov = iovstack;
1252 struct iov_iter iter;
1258 error = vmsplice_type(f, &type);
1262 error = import_iovec(type, uiov, nr_segs,
1263 ARRAY_SIZE(iovstack), &iov, &iter);
1265 error = do_vmsplice(f.file, &iter, flags);
1272 #ifdef CONFIG_COMPAT
1273 COMPAT_SYSCALL_DEFINE4(vmsplice, int, fd, const struct compat_iovec __user *, iov32,
1274 unsigned int, nr_segs, unsigned int, flags)
1276 struct iovec iovstack[UIO_FASTIOV];
1277 struct iovec *iov = iovstack;
1278 struct iov_iter iter;
1284 error = vmsplice_type(f, &type);
1288 error = compat_import_iovec(type, iov32, nr_segs,
1289 ARRAY_SIZE(iovstack), &iov, &iter);
1291 error = do_vmsplice(f.file, &iter, flags);
1299 SYSCALL_DEFINE6(splice, int, fd_in, loff_t __user *, off_in,
1300 int, fd_out, loff_t __user *, off_out,
1301 size_t, len, unsigned int, flags)
1309 if (unlikely(flags & ~SPLICE_F_ALL))
1315 out = fdget(fd_out);
1317 error = do_splice(in.file, off_in, out.file, off_out,
1327 * Make sure there's data to read. Wait for input if we can, otherwise
1328 * return an appropriate error.
1330 static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
1335 * Check the pipe occupancy without the inode lock first. This function
1336 * is speculative anyways, so missing one is ok.
1338 if (!pipe_empty(pipe->head, pipe->tail))
1344 while (pipe_empty(pipe->head, pipe->tail)) {
1345 if (signal_pending(current)) {
1351 if (flags & SPLICE_F_NONBLOCK) {
1363 * Make sure there's writeable room. Wait for room if we can, otherwise
1364 * return an appropriate error.
1366 static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
1371 * Check pipe occupancy without the inode lock first. This function
1372 * is speculative anyways, so missing one is ok.
1374 if (!pipe_full(pipe->head, pipe->tail, pipe->max_usage))
1380 while (pipe_full(pipe->head, pipe->tail, pipe->max_usage)) {
1381 if (!pipe->readers) {
1382 send_sig(SIGPIPE, current, 0);
1386 if (flags & SPLICE_F_NONBLOCK) {
1390 if (signal_pending(current)) {
1402 * Splice contents of ipipe to opipe.
1404 static int splice_pipe_to_pipe(struct pipe_inode_info *ipipe,
1405 struct pipe_inode_info *opipe,
1406 size_t len, unsigned int flags)
1408 struct pipe_buffer *ibuf, *obuf;
1409 unsigned int i_head, o_head;
1410 unsigned int i_tail, o_tail;
1411 unsigned int i_mask, o_mask;
1413 bool input_wakeup = false;
1417 ret = ipipe_prep(ipipe, flags);
1421 ret = opipe_prep(opipe, flags);
1426 * Potential ABBA deadlock, work around it by ordering lock
1427 * grabbing by pipe info address. Otherwise two different processes
1428 * could deadlock (one doing tee from A -> B, the other from B -> A).
1430 pipe_double_lock(ipipe, opipe);
1432 i_tail = ipipe->tail;
1433 i_mask = ipipe->ring_size - 1;
1434 o_head = opipe->head;
1435 o_mask = opipe->ring_size - 1;
1440 if (!opipe->readers) {
1441 send_sig(SIGPIPE, current, 0);
1447 i_head = ipipe->head;
1448 o_tail = opipe->tail;
1450 if (pipe_empty(i_head, i_tail) && !ipipe->writers)
1454 * Cannot make any progress, because either the input
1455 * pipe is empty or the output pipe is full.
1457 if (pipe_empty(i_head, i_tail) ||
1458 pipe_full(o_head, o_tail, opipe->max_usage)) {
1459 /* Already processed some buffers, break */
1463 if (flags & SPLICE_F_NONBLOCK) {
1469 * We raced with another reader/writer and haven't
1470 * managed to process any buffers. A zero return
1471 * value means EOF, so retry instead.
1478 ibuf = &ipipe->bufs[i_tail & i_mask];
1479 obuf = &opipe->bufs[o_head & o_mask];
1481 if (len >= ibuf->len) {
1483 * Simply move the whole buffer from ipipe to opipe
1488 ipipe->tail = i_tail;
1489 input_wakeup = true;
1492 opipe->head = o_head;
1495 * Get a reference to this pipe buffer,
1496 * so we can copy the contents over.
1498 if (!pipe_buf_get(ipipe, ibuf)) {
1506 * Don't inherit the gift and merge flags, we need to
1507 * prevent multiple steals of this page.
1509 obuf->flags &= ~PIPE_BUF_FLAG_GIFT;
1510 obuf->flags &= ~PIPE_BUF_FLAG_CAN_MERGE;
1513 ibuf->offset += len;
1517 opipe->head = o_head;
1527 * If we put data in the output pipe, wakeup any potential readers.
1530 wakeup_pipe_readers(opipe);
1533 wakeup_pipe_writers(ipipe);
1539 * Link contents of ipipe to opipe.
1541 static int link_pipe(struct pipe_inode_info *ipipe,
1542 struct pipe_inode_info *opipe,
1543 size_t len, unsigned int flags)
1545 struct pipe_buffer *ibuf, *obuf;
1546 unsigned int i_head, o_head;
1547 unsigned int i_tail, o_tail;
1548 unsigned int i_mask, o_mask;
1552 * Potential ABBA deadlock, work around it by ordering lock
1553 * grabbing by pipe info address. Otherwise two different processes
1554 * could deadlock (one doing tee from A -> B, the other from B -> A).
1556 pipe_double_lock(ipipe, opipe);
1558 i_tail = ipipe->tail;
1559 i_mask = ipipe->ring_size - 1;
1560 o_head = opipe->head;
1561 o_mask = opipe->ring_size - 1;
1564 if (!opipe->readers) {
1565 send_sig(SIGPIPE, current, 0);
1571 i_head = ipipe->head;
1572 o_tail = opipe->tail;
1575 * If we have iterated all input buffers or run out of
1576 * output room, break.
1578 if (pipe_empty(i_head, i_tail) ||
1579 pipe_full(o_head, o_tail, opipe->max_usage))
1582 ibuf = &ipipe->bufs[i_tail & i_mask];
1583 obuf = &opipe->bufs[o_head & o_mask];
1586 * Get a reference to this pipe buffer,
1587 * so we can copy the contents over.
1589 if (!pipe_buf_get(ipipe, ibuf)) {
1598 * Don't inherit the gift and merge flag, we need to prevent
1599 * multiple steals of this page.
1601 obuf->flags &= ~PIPE_BUF_FLAG_GIFT;
1602 obuf->flags &= ~PIPE_BUF_FLAG_CAN_MERGE;
1604 if (obuf->len > len)
1610 opipe->head = o_head;
1618 * If we put data in the output pipe, wakeup any potential readers.
1621 wakeup_pipe_readers(opipe);
1627 * This is a tee(1) implementation that works on pipes. It doesn't copy
1628 * any data, it simply references the 'in' pages on the 'out' pipe.
1629 * The 'flags' used are the SPLICE_F_* variants, currently the only
1630 * applicable one is SPLICE_F_NONBLOCK.
1632 long do_tee(struct file *in, struct file *out, size_t len, unsigned int flags)
1634 struct pipe_inode_info *ipipe = get_pipe_info(in, true);
1635 struct pipe_inode_info *opipe = get_pipe_info(out, true);
1638 if (unlikely(!(in->f_mode & FMODE_READ) ||
1639 !(out->f_mode & FMODE_WRITE)))
1643 * Duplicate the contents of ipipe to opipe without actually
1646 if (ipipe && opipe && ipipe != opipe) {
1647 if ((in->f_flags | out->f_flags) & O_NONBLOCK)
1648 flags |= SPLICE_F_NONBLOCK;
1651 * Keep going, unless we encounter an error. The ipipe/opipe
1652 * ordering doesn't really matter.
1654 ret = ipipe_prep(ipipe, flags);
1656 ret = opipe_prep(opipe, flags);
1658 ret = link_pipe(ipipe, opipe, len, flags);
1665 SYSCALL_DEFINE4(tee, int, fdin, int, fdout, size_t, len, unsigned int, flags)
1670 if (unlikely(flags & ~SPLICE_F_ALL))
1681 error = do_tee(in.file, out.file, len, flags);
projects / linux-2.6-microblaze.git / blob