1 // SPDX-License-Identifier: GPL-2.0-only
3 * "splice": joining two ropes together by interweaving their strands.
5 * This is the "extended pipe" functionality, where a pipe is used as
6 * an arbitrary in-memory buffer. Think of a pipe as a small kernel
7 * buffer that you can use to transfer data from one end to the other.
9 * The traditional unix read/write is extended with a "splice()" operation
10 * that transfers data buffers to or from a pipe buffer.
12 * Named by Larry McVoy, original implementation from Linus, extended by
13 * Jens to support splicing to files, network, direct splicing, etc and
14 * fixing lots of bugs.
16 * Copyright (C) 2005-2006 Jens Axboe <axboe@kernel.dk>
17 * Copyright (C) 2005-2006 Linus Torvalds <torvalds@osdl.org>
18 * Copyright (C) 2006 Ingo Molnar <mingo@elte.hu>
21 #include <linux/bvec.h>
23 #include <linux/file.h>
24 #include <linux/pagemap.h>
25 #include <linux/splice.h>
26 #include <linux/memcontrol.h>
27 #include <linux/mm_inline.h>
28 #include <linux/swap.h>
29 #include <linux/writeback.h>
30 #include <linux/export.h>
31 #include <linux/syscalls.h>
32 #include <linux/uio.h>
33 #include <linux/security.h>
34 #include <linux/gfp.h>
35 #include <linux/socket.h>
36 #include <linux/compat.h>
37 #include <linux/sched/signal.h>
42 * Attempt to steal a page from a pipe buffer. This should perhaps go into
43 * a vm helper function, it's already simplified quite a bit by the
44 * addition of remove_mapping(). If success is returned, the caller may
45 * attempt to reuse this page for another destination.
47 static bool page_cache_pipe_buf_try_steal(struct pipe_inode_info *pipe,
48 struct pipe_buffer *buf)
50 struct page *page = buf->page;
51 struct address_space *mapping;
55 mapping = page_mapping(page);
57 WARN_ON(!PageUptodate(page));
60 * At least for ext2 with nobh option, we need to wait on
61 * writeback completing on this page, since we'll remove it
62 * from the pagecache. Otherwise truncate wont wait on the
63 * page, allowing the disk blocks to be reused by someone else
64 * before we actually wrote our data to them. fs corruption
67 wait_on_page_writeback(page);
69 if (page_has_private(page) &&
70 !try_to_release_page(page, GFP_KERNEL))
74 * If we succeeded in removing the mapping, set LRU flag
77 if (remove_mapping(mapping, page)) {
78 buf->flags |= PIPE_BUF_FLAG_LRU;
84 * Raced with truncate or failed to remove page from current
85 * address space, unlock and return failure.
92 static void page_cache_pipe_buf_release(struct pipe_inode_info *pipe,
93 struct pipe_buffer *buf)
96 buf->flags &= ~PIPE_BUF_FLAG_LRU;
100 * Check whether the contents of buf is OK to access. Since the content
101 * is a page cache page, IO may be in flight.
103 static int page_cache_pipe_buf_confirm(struct pipe_inode_info *pipe,
104 struct pipe_buffer *buf)
106 struct page *page = buf->page;
109 if (!PageUptodate(page)) {
113 * Page got truncated/unhashed. This will cause a 0-byte
114 * splice, if this is the first page.
116 if (!page->mapping) {
122 * Uh oh, read-error from disk.
124 if (!PageUptodate(page)) {
130 * Page is ok afterall, we are done.
141 const struct pipe_buf_operations page_cache_pipe_buf_ops = {
142 .confirm = page_cache_pipe_buf_confirm,
143 .release = page_cache_pipe_buf_release,
144 .try_steal = page_cache_pipe_buf_try_steal,
145 .get = generic_pipe_buf_get,
148 static bool user_page_pipe_buf_try_steal(struct pipe_inode_info *pipe,
149 struct pipe_buffer *buf)
151 if (!(buf->flags & PIPE_BUF_FLAG_GIFT))
154 buf->flags |= PIPE_BUF_FLAG_LRU;
155 return generic_pipe_buf_try_steal(pipe, buf);
158 static const struct pipe_buf_operations user_page_pipe_buf_ops = {
159 .release = page_cache_pipe_buf_release,
160 .try_steal = user_page_pipe_buf_try_steal,
161 .get = generic_pipe_buf_get,
164 static void wakeup_pipe_readers(struct pipe_inode_info *pipe)
167 if (waitqueue_active(&pipe->rd_wait))
168 wake_up_interruptible(&pipe->rd_wait);
169 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
173 * splice_to_pipe - fill passed data into a pipe
174 * @pipe: pipe to fill
178 * @spd contains a map of pages and len/offset tuples, along with
179 * the struct pipe_buf_operations associated with these pages. This
180 * function will link that data to the pipe.
183 ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
184 struct splice_pipe_desc *spd)
186 unsigned int spd_pages = spd->nr_pages;
187 unsigned int tail = pipe->tail;
188 unsigned int head = pipe->head;
189 unsigned int mask = pipe->ring_size - 1;
190 int ret = 0, page_nr = 0;
195 if (unlikely(!pipe->readers)) {
196 send_sig(SIGPIPE, current, 0);
201 while (!pipe_full(head, tail, pipe->max_usage)) {
202 struct pipe_buffer *buf = &pipe->bufs[head & mask];
204 buf->page = spd->pages[page_nr];
205 buf->offset = spd->partial[page_nr].offset;
206 buf->len = spd->partial[page_nr].len;
207 buf->private = spd->partial[page_nr].private;
216 if (!--spd->nr_pages)
224 while (page_nr < spd_pages)
225 spd->spd_release(spd, page_nr++);
229 EXPORT_SYMBOL_GPL(splice_to_pipe);
231 ssize_t add_to_pipe(struct pipe_inode_info *pipe, struct pipe_buffer *buf)
233 unsigned int head = pipe->head;
234 unsigned int tail = pipe->tail;
235 unsigned int mask = pipe->ring_size - 1;
238 if (unlikely(!pipe->readers)) {
239 send_sig(SIGPIPE, current, 0);
241 } else if (pipe_full(head, tail, pipe->max_usage)) {
244 pipe->bufs[head & mask] = *buf;
245 pipe->head = head + 1;
248 pipe_buf_release(pipe, buf);
251 EXPORT_SYMBOL(add_to_pipe);
254 * Check if we need to grow the arrays holding pages and partial page
257 int splice_grow_spd(const struct pipe_inode_info *pipe, struct splice_pipe_desc *spd)
259 unsigned int max_usage = READ_ONCE(pipe->max_usage);
261 spd->nr_pages_max = max_usage;
262 if (max_usage <= PIPE_DEF_BUFFERS)
265 spd->pages = kmalloc_array(max_usage, sizeof(struct page *), GFP_KERNEL);
266 spd->partial = kmalloc_array(max_usage, sizeof(struct partial_page),
269 if (spd->pages && spd->partial)
277 void splice_shrink_spd(struct splice_pipe_desc *spd)
279 if (spd->nr_pages_max <= PIPE_DEF_BUFFERS)
287 * generic_file_splice_read - splice data from file to a pipe
288 * @in: file to splice from
289 * @ppos: position in @in
290 * @pipe: pipe to splice to
291 * @len: number of bytes to splice
292 * @flags: splice modifier flags
295 * Will read pages from given file and fill them into a pipe. Can be
296 * used as long as it has more or less sane ->read_iter().
299 ssize_t generic_file_splice_read(struct file *in, loff_t *ppos,
300 struct pipe_inode_info *pipe, size_t len,
308 iov_iter_pipe(&to, READ, pipe, len);
310 init_sync_kiocb(&kiocb, in);
311 kiocb.ki_pos = *ppos;
312 ret = call_read_iter(in, &kiocb, &to);
314 *ppos = kiocb.ki_pos;
316 } else if (ret < 0) {
319 iov_iter_advance(&to, 0); /* to free what was emitted */
321 * callers of ->splice_read() expect -EAGAIN on
322 * "can't put anything in there", rather than -EFAULT.
330 EXPORT_SYMBOL(generic_file_splice_read);
332 const struct pipe_buf_operations default_pipe_buf_ops = {
333 .release = generic_pipe_buf_release,
334 .try_steal = generic_pipe_buf_try_steal,
335 .get = generic_pipe_buf_get,
338 /* Pipe buffer operations for a socket and similar. */
339 const struct pipe_buf_operations nosteal_pipe_buf_ops = {
340 .release = generic_pipe_buf_release,
341 .get = generic_pipe_buf_get,
343 EXPORT_SYMBOL(nosteal_pipe_buf_ops);
345 static ssize_t kernel_readv(struct file *file, const struct kvec *vec,
346 unsigned long vlen, loff_t offset)
354 /* The cast to a user pointer is valid due to the set_fs() */
355 res = vfs_readv(file, (const struct iovec __user *)vec, vlen, &pos, 0);
361 static ssize_t default_file_splice_read(struct file *in, loff_t *ppos,
362 struct pipe_inode_info *pipe, size_t len,
365 struct kvec *vec, __vec[PIPE_DEF_BUFFERS];
368 unsigned int nr_pages;
370 size_t offset, base, copied = 0;
374 if (pipe_full(pipe->head, pipe->tail, pipe->max_usage))
378 * Try to keep page boundaries matching to source pagecache ones -
379 * it probably won't be much help, but...
381 offset = *ppos & ~PAGE_MASK;
383 iov_iter_pipe(&to, READ, pipe, len + offset);
385 res = iov_iter_get_pages_alloc(&to, &pages, len + offset, &base);
389 nr_pages = DIV_ROUND_UP(res + base, PAGE_SIZE);
392 if (nr_pages > PIPE_DEF_BUFFERS) {
393 vec = kmalloc_array(nr_pages, sizeof(struct kvec), GFP_KERNEL);
394 if (unlikely(!vec)) {
400 mask = pipe->ring_size - 1;
401 pipe->bufs[to.head & mask].offset = offset;
402 pipe->bufs[to.head & mask].len -= offset;
404 for (i = 0; i < nr_pages; i++) {
405 size_t this_len = min_t(size_t, len, PAGE_SIZE - offset);
406 vec[i].iov_base = page_address(pages[i]) + offset;
407 vec[i].iov_len = this_len;
412 res = kernel_readv(in, vec, nr_pages, *ppos);
421 for (i = 0; i < nr_pages; i++)
424 iov_iter_advance(&to, copied); /* truncates and discards */
429 * Send 'sd->len' bytes to socket from 'sd->file' at position 'sd->pos'
430 * using sendpage(). Return the number of bytes sent.
432 static int pipe_to_sendpage(struct pipe_inode_info *pipe,
433 struct pipe_buffer *buf, struct splice_desc *sd)
435 struct file *file = sd->u.file;
436 loff_t pos = sd->pos;
439 if (!likely(file->f_op->sendpage))
442 more = (sd->flags & SPLICE_F_MORE) ? MSG_MORE : 0;
444 if (sd->len < sd->total_len &&
445 pipe_occupancy(pipe->head, pipe->tail) > 1)
446 more |= MSG_SENDPAGE_NOTLAST;
448 return file->f_op->sendpage(file, buf->page, buf->offset,
449 sd->len, &pos, more);
452 static void wakeup_pipe_writers(struct pipe_inode_info *pipe)
455 if (waitqueue_active(&pipe->wr_wait))
456 wake_up_interruptible(&pipe->wr_wait);
457 kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
461 * splice_from_pipe_feed - feed available data from a pipe to a file
462 * @pipe: pipe to splice from
463 * @sd: information to @actor
464 * @actor: handler that splices the data
467 * This function loops over the pipe and calls @actor to do the
468 * actual moving of a single struct pipe_buffer to the desired
469 * destination. It returns when there's no more buffers left in
470 * the pipe or if the requested number of bytes (@sd->total_len)
471 * have been copied. It returns a positive number (one) if the
472 * pipe needs to be filled with more data, zero if the required
473 * number of bytes have been copied and -errno on error.
475 * This, together with splice_from_pipe_{begin,end,next}, may be
476 * used to implement the functionality of __splice_from_pipe() when
477 * locking is required around copying the pipe buffers to the
480 static int splice_from_pipe_feed(struct pipe_inode_info *pipe, struct splice_desc *sd,
483 unsigned int head = pipe->head;
484 unsigned int tail = pipe->tail;
485 unsigned int mask = pipe->ring_size - 1;
488 while (!pipe_empty(head, tail)) {
489 struct pipe_buffer *buf = &pipe->bufs[tail & mask];
492 if (sd->len > sd->total_len)
493 sd->len = sd->total_len;
495 ret = pipe_buf_confirm(pipe, buf);
502 ret = actor(pipe, buf, sd);
509 sd->num_spliced += ret;
512 sd->total_len -= ret;
515 pipe_buf_release(pipe, buf);
519 sd->need_wakeup = true;
530 * splice_from_pipe_next - wait for some data to splice from
531 * @pipe: pipe to splice from
532 * @sd: information about the splice operation
535 * This function will wait for some data and return a positive
536 * value (one) if pipe buffers are available. It will return zero
537 * or -errno if no more data needs to be spliced.
539 static int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_desc *sd)
542 * Check for signal early to make process killable when there are
543 * always buffers available
545 if (signal_pending(current))
548 while (pipe_empty(pipe->head, pipe->tail)) {
555 if (sd->flags & SPLICE_F_NONBLOCK)
558 if (signal_pending(current))
561 if (sd->need_wakeup) {
562 wakeup_pipe_writers(pipe);
563 sd->need_wakeup = false;
573 * splice_from_pipe_begin - start splicing from pipe
574 * @sd: information about the splice operation
577 * This function should be called before a loop containing
578 * splice_from_pipe_next() and splice_from_pipe_feed() to
579 * initialize the necessary fields of @sd.
581 static void splice_from_pipe_begin(struct splice_desc *sd)
584 sd->need_wakeup = false;
588 * splice_from_pipe_end - finish splicing from pipe
589 * @pipe: pipe to splice from
590 * @sd: information about the splice operation
593 * This function will wake up pipe writers if necessary. It should
594 * be called after a loop containing splice_from_pipe_next() and
595 * splice_from_pipe_feed().
597 static void splice_from_pipe_end(struct pipe_inode_info *pipe, struct splice_desc *sd)
600 wakeup_pipe_writers(pipe);
604 * __splice_from_pipe - splice data from a pipe to given actor
605 * @pipe: pipe to splice from
606 * @sd: information to @actor
607 * @actor: handler that splices the data
610 * This function does little more than loop over the pipe and call
611 * @actor to do the actual moving of a single struct pipe_buffer to
612 * the desired destination. See pipe_to_file, pipe_to_sendpage, or
616 ssize_t __splice_from_pipe(struct pipe_inode_info *pipe, struct splice_desc *sd,
621 splice_from_pipe_begin(sd);
624 ret = splice_from_pipe_next(pipe, sd);
626 ret = splice_from_pipe_feed(pipe, sd, actor);
628 splice_from_pipe_end(pipe, sd);
630 return sd->num_spliced ? sd->num_spliced : ret;
632 EXPORT_SYMBOL(__splice_from_pipe);
635 * splice_from_pipe - splice data from a pipe to a file
636 * @pipe: pipe to splice from
637 * @out: file to splice to
638 * @ppos: position in @out
639 * @len: how many bytes to splice
640 * @flags: splice modifier flags
641 * @actor: handler that splices the data
644 * See __splice_from_pipe. This function locks the pipe inode,
645 * otherwise it's identical to __splice_from_pipe().
648 ssize_t splice_from_pipe(struct pipe_inode_info *pipe, struct file *out,
649 loff_t *ppos, size_t len, unsigned int flags,
653 struct splice_desc sd = {
661 ret = __splice_from_pipe(pipe, &sd, actor);
668 * iter_file_splice_write - splice data from a pipe to a file
670 * @out: file to write to
671 * @ppos: position in @out
672 * @len: number of bytes to splice
673 * @flags: splice modifier flags
676 * Will either move or copy pages (determined by @flags options) from
677 * the given pipe inode to the given file.
678 * This one is ->write_iter-based.
682 iter_file_splice_write(struct pipe_inode_info *pipe, struct file *out,
683 loff_t *ppos, size_t len, unsigned int flags)
685 struct splice_desc sd = {
691 int nbufs = pipe->max_usage;
692 struct bio_vec *array = kcalloc(nbufs, sizeof(struct bio_vec),
696 if (unlikely(!array))
701 splice_from_pipe_begin(&sd);
702 while (sd.total_len) {
703 struct iov_iter from;
704 unsigned int head, tail, mask;
708 ret = splice_from_pipe_next(pipe, &sd);
712 if (unlikely(nbufs < pipe->max_usage)) {
714 nbufs = pipe->max_usage;
715 array = kcalloc(nbufs, sizeof(struct bio_vec),
725 mask = pipe->ring_size - 1;
727 /* build the vector */
729 for (n = 0; !pipe_empty(head, tail) && left && n < nbufs; tail++, n++) {
730 struct pipe_buffer *buf = &pipe->bufs[tail & mask];
731 size_t this_len = buf->len;
736 ret = pipe_buf_confirm(pipe, buf);
743 array[n].bv_page = buf->page;
744 array[n].bv_len = this_len;
745 array[n].bv_offset = buf->offset;
749 iov_iter_bvec(&from, WRITE, array, n, sd.total_len - left);
750 ret = vfs_iter_write(out, &from, &sd.pos, 0);
754 sd.num_spliced += ret;
758 /* dismiss the fully eaten buffers, adjust the partial one */
761 struct pipe_buffer *buf = &pipe->bufs[tail & mask];
762 if (ret >= buf->len) {
765 pipe_buf_release(pipe, buf);
769 sd.need_wakeup = true;
779 splice_from_pipe_end(pipe, &sd);
784 ret = sd.num_spliced;
789 EXPORT_SYMBOL(iter_file_splice_write);
791 static int write_pipe_buf(struct pipe_inode_info *pipe, struct pipe_buffer *buf,
792 struct splice_desc *sd)
796 loff_t tmp = sd->pos;
798 data = kmap(buf->page);
799 ret = __kernel_write(sd->u.file, data + buf->offset, sd->len, &tmp);
805 static ssize_t default_file_splice_write(struct pipe_inode_info *pipe,
806 struct file *out, loff_t *ppos,
807 size_t len, unsigned int flags)
811 ret = splice_from_pipe(pipe, out, ppos, len, flags, write_pipe_buf);
819 * generic_splice_sendpage - splice data from a pipe to a socket
820 * @pipe: pipe to splice from
821 * @out: socket to write to
822 * @ppos: position in @out
823 * @len: number of bytes to splice
824 * @flags: splice modifier flags
827 * Will send @len bytes from the pipe to a network socket. No data copying
831 ssize_t generic_splice_sendpage(struct pipe_inode_info *pipe, struct file *out,
832 loff_t *ppos, size_t len, unsigned int flags)
834 return splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_sendpage);
837 EXPORT_SYMBOL(generic_splice_sendpage);
840 * Attempt to initiate a splice from pipe to file.
842 static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
843 loff_t *ppos, size_t len, unsigned int flags)
845 if (out->f_op->splice_write)
846 return out->f_op->splice_write(pipe, out, ppos, len, flags);
847 return default_file_splice_write(pipe, out, ppos, len, flags);
851 * Attempt to initiate a splice from a file to a pipe.
853 static long do_splice_to(struct file *in, loff_t *ppos,
854 struct pipe_inode_info *pipe, size_t len,
859 if (unlikely(!(in->f_mode & FMODE_READ)))
862 ret = rw_verify_area(READ, in, ppos, len);
863 if (unlikely(ret < 0))
866 if (unlikely(len > MAX_RW_COUNT))
869 if (in->f_op->splice_read)
870 return in->f_op->splice_read(in, ppos, pipe, len, flags);
871 return default_file_splice_read(in, ppos, pipe, len, flags);
875 * splice_direct_to_actor - splices data directly between two non-pipes
876 * @in: file to splice from
877 * @sd: actor information on where to splice to
878 * @actor: handles the data splicing
881 * This is a special case helper to splice directly between two
882 * points, without requiring an explicit pipe. Internally an allocated
883 * pipe is cached in the process, and reused during the lifetime of
887 ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
888 splice_direct_actor *actor)
890 struct pipe_inode_info *pipe;
897 * We require the input being a regular file, as we don't want to
898 * randomly drop data for eg socket -> socket splicing. Use the
899 * piped splicing for that!
901 i_mode = file_inode(in)->i_mode;
902 if (unlikely(!S_ISREG(i_mode) && !S_ISBLK(i_mode)))
906 * neither in nor out is a pipe, setup an internal pipe attached to
907 * 'out' and transfer the wanted data from 'in' to 'out' through that
909 pipe = current->splice_pipe;
910 if (unlikely(!pipe)) {
911 pipe = alloc_pipe_info();
916 * We don't have an immediate reader, but we'll read the stuff
917 * out of the pipe right after the splice_to_pipe(). So set
918 * PIPE_READERS appropriately.
922 current->splice_pipe = pipe;
934 * Don't block on output, we have to drain the direct pipe.
936 sd->flags &= ~SPLICE_F_NONBLOCK;
937 more = sd->flags & SPLICE_F_MORE;
939 WARN_ON_ONCE(!pipe_empty(pipe->head, pipe->tail));
942 unsigned int p_space;
944 loff_t pos = sd->pos, prev_pos = pos;
946 /* Don't try to read more the pipe has space for. */
947 p_space = pipe->max_usage -
948 pipe_occupancy(pipe->head, pipe->tail);
949 read_len = min_t(size_t, len, p_space << PAGE_SHIFT);
950 ret = do_splice_to(in, &pos, pipe, read_len, flags);
951 if (unlikely(ret <= 0))
955 sd->total_len = read_len;
958 * If more data is pending, set SPLICE_F_MORE
959 * If this is the last data and SPLICE_F_MORE was not set
960 * initially, clears it.
963 sd->flags |= SPLICE_F_MORE;
965 sd->flags &= ~SPLICE_F_MORE;
967 * NOTE: nonblocking mode only applies to the input. We
968 * must not do the output in nonblocking mode as then we
969 * could get stuck data in the internal pipe:
971 ret = actor(pipe, sd);
972 if (unlikely(ret <= 0)) {
981 if (ret < read_len) {
982 sd->pos = prev_pos + ret;
988 pipe->tail = pipe->head = 0;
994 * If we did an incomplete transfer we must release
995 * the pipe buffers in question:
997 for (i = 0; i < pipe->ring_size; i++) {
998 struct pipe_buffer *buf = &pipe->bufs[i];
1001 pipe_buf_release(pipe, buf);
1009 EXPORT_SYMBOL(splice_direct_to_actor);
1011 static int direct_splice_actor(struct pipe_inode_info *pipe,
1012 struct splice_desc *sd)
1014 struct file *file = sd->u.file;
1016 return do_splice_from(pipe, file, sd->opos, sd->total_len,
1021 * do_splice_direct - splices data directly between two files
1022 * @in: file to splice from
1023 * @ppos: input file offset
1024 * @out: file to splice to
1025 * @opos: output file offset
1026 * @len: number of bytes to splice
1027 * @flags: splice modifier flags
1030 * For use by do_sendfile(). splice can easily emulate sendfile, but
1031 * doing it in the application would incur an extra system call
1032 * (splice in + splice out, as compared to just sendfile()). So this helper
1033 * can splice directly through a process-private pipe.
1036 long do_splice_direct(struct file *in, loff_t *ppos, struct file *out,
1037 loff_t *opos, size_t len, unsigned int flags)
1039 struct splice_desc sd = {
1049 if (unlikely(!(out->f_mode & FMODE_WRITE)))
1052 if (unlikely(out->f_flags & O_APPEND))
1055 ret = rw_verify_area(WRITE, out, opos, len);
1056 if (unlikely(ret < 0))
1059 ret = splice_direct_to_actor(in, &sd, direct_splice_actor);
1065 EXPORT_SYMBOL(do_splice_direct);
1067 static int wait_for_space(struct pipe_inode_info *pipe, unsigned flags)
1070 if (unlikely(!pipe->readers)) {
1071 send_sig(SIGPIPE, current, 0);
1074 if (!pipe_full(pipe->head, pipe->tail, pipe->max_usage))
1076 if (flags & SPLICE_F_NONBLOCK)
1078 if (signal_pending(current))
1079 return -ERESTARTSYS;
1084 static int splice_pipe_to_pipe(struct pipe_inode_info *ipipe,
1085 struct pipe_inode_info *opipe,
1086 size_t len, unsigned int flags);
1089 * Determine where to splice to/from.
1091 long do_splice(struct file *in, loff_t __user *off_in,
1092 struct file *out, loff_t __user *off_out,
1093 size_t len, unsigned int flags)
1095 struct pipe_inode_info *ipipe;
1096 struct pipe_inode_info *opipe;
1100 if (unlikely(!(in->f_mode & FMODE_READ) ||
1101 !(out->f_mode & FMODE_WRITE)))
1104 ipipe = get_pipe_info(in, true);
1105 opipe = get_pipe_info(out, true);
1107 if (ipipe && opipe) {
1108 if (off_in || off_out)
1111 /* Splicing to self would be fun, but... */
1115 if ((in->f_flags | out->f_flags) & O_NONBLOCK)
1116 flags |= SPLICE_F_NONBLOCK;
1118 return splice_pipe_to_pipe(ipipe, opipe, len, flags);
1125 if (!(out->f_mode & FMODE_PWRITE))
1127 if (copy_from_user(&offset, off_out, sizeof(loff_t)))
1130 offset = out->f_pos;
1133 if (unlikely(out->f_flags & O_APPEND))
1136 ret = rw_verify_area(WRITE, out, &offset, len);
1137 if (unlikely(ret < 0))
1140 if (in->f_flags & O_NONBLOCK)
1141 flags |= SPLICE_F_NONBLOCK;
1143 file_start_write(out);
1144 ret = do_splice_from(ipipe, out, &offset, len, flags);
1145 file_end_write(out);
1148 out->f_pos = offset;
1149 else if (copy_to_user(off_out, &offset, sizeof(loff_t)))
1159 if (!(in->f_mode & FMODE_PREAD))
1161 if (copy_from_user(&offset, off_in, sizeof(loff_t)))
1167 if (out->f_flags & O_NONBLOCK)
1168 flags |= SPLICE_F_NONBLOCK;
1171 ret = wait_for_space(opipe, flags);
1173 unsigned int p_space;
1175 /* Don't try to read more the pipe has space for. */
1176 p_space = opipe->max_usage - pipe_occupancy(opipe->head, opipe->tail);
1177 len = min_t(size_t, len, p_space << PAGE_SHIFT);
1179 ret = do_splice_to(in, &offset, opipe, len, flags);
1183 wakeup_pipe_readers(opipe);
1186 else if (copy_to_user(off_in, &offset, sizeof(loff_t)))
1195 static int iter_to_pipe(struct iov_iter *from,
1196 struct pipe_inode_info *pipe,
1199 struct pipe_buffer buf = {
1200 .ops = &user_page_pipe_buf_ops,
1205 bool failed = false;
1207 while (iov_iter_count(from) && !failed) {
1208 struct page *pages[16];
1213 copied = iov_iter_get_pages(from, pages, ~0UL, 16, &start);
1219 for (n = 0; copied; n++, start = 0) {
1220 int size = min_t(int, copied, PAGE_SIZE - start);
1222 buf.page = pages[n];
1225 ret = add_to_pipe(pipe, &buf);
1226 if (unlikely(ret < 0)) {
1229 iov_iter_advance(from, ret);
1238 return total ? total : ret;
1241 static int pipe_to_user(struct pipe_inode_info *pipe, struct pipe_buffer *buf,
1242 struct splice_desc *sd)
1244 int n = copy_page_to_iter(buf->page, buf->offset, sd->len, sd->u.data);
1245 return n == sd->len ? n : -EFAULT;
1249 * For lack of a better implementation, implement vmsplice() to userspace
1250 * as a simple copy of the pipes pages to the user iov.
1252 static long vmsplice_to_user(struct file *file, struct iov_iter *iter,
1255 struct pipe_inode_info *pipe = get_pipe_info(file, true);
1256 struct splice_desc sd = {
1257 .total_len = iov_iter_count(iter),
1268 ret = __splice_from_pipe(pipe, &sd, pipe_to_user);
1276 * vmsplice splices a user address range into a pipe. It can be thought of
1277 * as splice-from-memory, where the regular splice is splice-from-file (or
1278 * to file). In both cases the output is a pipe, naturally.
1280 static long vmsplice_to_pipe(struct file *file, struct iov_iter *iter,
1283 struct pipe_inode_info *pipe;
1285 unsigned buf_flag = 0;
1287 if (flags & SPLICE_F_GIFT)
1288 buf_flag = PIPE_BUF_FLAG_GIFT;
1290 pipe = get_pipe_info(file, true);
1295 ret = wait_for_space(pipe, flags);
1297 ret = iter_to_pipe(iter, pipe, buf_flag);
1300 wakeup_pipe_readers(pipe);
1304 static int vmsplice_type(struct fd f, int *type)
1308 if (f.file->f_mode & FMODE_WRITE) {
1310 } else if (f.file->f_mode & FMODE_READ) {
1320 * Note that vmsplice only really supports true splicing _from_ user memory
1321 * to a pipe, not the other way around. Splicing from user memory is a simple
1322 * operation that can be supported without any funky alignment restrictions
1323 * or nasty vm tricks. We simply map in the user memory and fill them into
1324 * a pipe. The reverse isn't quite as easy, though. There are two possible
1325 * solutions for that:
1327 * - memcpy() the data internally, at which point we might as well just
1328 * do a regular read() on the buffer anyway.
1329 * - Lots of nasty vm tricks, that are neither fast nor flexible (it
1330 * has restriction limitations on both ends of the pipe).
1332 * Currently we punt and implement it as a normal copy, see pipe_to_user().
1335 static long do_vmsplice(struct file *f, struct iov_iter *iter, unsigned int flags)
1337 if (unlikely(flags & ~SPLICE_F_ALL))
1340 if (!iov_iter_count(iter))
1343 if (iov_iter_rw(iter) == WRITE)
1344 return vmsplice_to_pipe(f, iter, flags);
1346 return vmsplice_to_user(f, iter, flags);
1349 SYSCALL_DEFINE4(vmsplice, int, fd, const struct iovec __user *, uiov,
1350 unsigned long, nr_segs, unsigned int, flags)
1352 struct iovec iovstack[UIO_FASTIOV];
1353 struct iovec *iov = iovstack;
1354 struct iov_iter iter;
1360 error = vmsplice_type(f, &type);
1364 error = import_iovec(type, uiov, nr_segs,
1365 ARRAY_SIZE(iovstack), &iov, &iter);
1367 error = do_vmsplice(f.file, &iter, flags);
1374 #ifdef CONFIG_COMPAT
1375 COMPAT_SYSCALL_DEFINE4(vmsplice, int, fd, const struct compat_iovec __user *, iov32,
1376 unsigned int, nr_segs, unsigned int, flags)
1378 struct iovec iovstack[UIO_FASTIOV];
1379 struct iovec *iov = iovstack;
1380 struct iov_iter iter;
1386 error = vmsplice_type(f, &type);
1390 error = compat_import_iovec(type, iov32, nr_segs,
1391 ARRAY_SIZE(iovstack), &iov, &iter);
1393 error = do_vmsplice(f.file, &iter, flags);
1401 SYSCALL_DEFINE6(splice, int, fd_in, loff_t __user *, off_in,
1402 int, fd_out, loff_t __user *, off_out,
1403 size_t, len, unsigned int, flags)
1411 if (unlikely(flags & ~SPLICE_F_ALL))
1417 out = fdget(fd_out);
1419 error = do_splice(in.file, off_in, out.file, off_out,
1429 * Make sure there's data to read. Wait for input if we can, otherwise
1430 * return an appropriate error.
1432 static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
1437 * Check the pipe occupancy without the inode lock first. This function
1438 * is speculative anyways, so missing one is ok.
1440 if (!pipe_empty(pipe->head, pipe->tail))
1446 while (pipe_empty(pipe->head, pipe->tail)) {
1447 if (signal_pending(current)) {
1453 if (flags & SPLICE_F_NONBLOCK) {
1465 * Make sure there's writeable room. Wait for room if we can, otherwise
1466 * return an appropriate error.
1468 static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
1473 * Check pipe occupancy without the inode lock first. This function
1474 * is speculative anyways, so missing one is ok.
1476 if (!pipe_full(pipe->head, pipe->tail, pipe->max_usage))
1482 while (pipe_full(pipe->head, pipe->tail, pipe->max_usage)) {
1483 if (!pipe->readers) {
1484 send_sig(SIGPIPE, current, 0);
1488 if (flags & SPLICE_F_NONBLOCK) {
1492 if (signal_pending(current)) {
1504 * Splice contents of ipipe to opipe.
1506 static int splice_pipe_to_pipe(struct pipe_inode_info *ipipe,
1507 struct pipe_inode_info *opipe,
1508 size_t len, unsigned int flags)
1510 struct pipe_buffer *ibuf, *obuf;
1511 unsigned int i_head, o_head;
1512 unsigned int i_tail, o_tail;
1513 unsigned int i_mask, o_mask;
1515 bool input_wakeup = false;
1519 ret = ipipe_prep(ipipe, flags);
1523 ret = opipe_prep(opipe, flags);
1528 * Potential ABBA deadlock, work around it by ordering lock
1529 * grabbing by pipe info address. Otherwise two different processes
1530 * could deadlock (one doing tee from A -> B, the other from B -> A).
1532 pipe_double_lock(ipipe, opipe);
1534 i_tail = ipipe->tail;
1535 i_mask = ipipe->ring_size - 1;
1536 o_head = opipe->head;
1537 o_mask = opipe->ring_size - 1;
1542 if (!opipe->readers) {
1543 send_sig(SIGPIPE, current, 0);
1549 i_head = ipipe->head;
1550 o_tail = opipe->tail;
1552 if (pipe_empty(i_head, i_tail) && !ipipe->writers)
1556 * Cannot make any progress, because either the input
1557 * pipe is empty or the output pipe is full.
1559 if (pipe_empty(i_head, i_tail) ||
1560 pipe_full(o_head, o_tail, opipe->max_usage)) {
1561 /* Already processed some buffers, break */
1565 if (flags & SPLICE_F_NONBLOCK) {
1571 * We raced with another reader/writer and haven't
1572 * managed to process any buffers. A zero return
1573 * value means EOF, so retry instead.
1580 ibuf = &ipipe->bufs[i_tail & i_mask];
1581 obuf = &opipe->bufs[o_head & o_mask];
1583 if (len >= ibuf->len) {
1585 * Simply move the whole buffer from ipipe to opipe
1590 ipipe->tail = i_tail;
1591 input_wakeup = true;
1594 opipe->head = o_head;
1597 * Get a reference to this pipe buffer,
1598 * so we can copy the contents over.
1600 if (!pipe_buf_get(ipipe, ibuf)) {
1608 * Don't inherit the gift and merge flags, we need to
1609 * prevent multiple steals of this page.
1611 obuf->flags &= ~PIPE_BUF_FLAG_GIFT;
1612 obuf->flags &= ~PIPE_BUF_FLAG_CAN_MERGE;
1615 ibuf->offset += len;
1619 opipe->head = o_head;
1629 * If we put data in the output pipe, wakeup any potential readers.
1632 wakeup_pipe_readers(opipe);
1635 wakeup_pipe_writers(ipipe);
1641 * Link contents of ipipe to opipe.
1643 static int link_pipe(struct pipe_inode_info *ipipe,
1644 struct pipe_inode_info *opipe,
1645 size_t len, unsigned int flags)
1647 struct pipe_buffer *ibuf, *obuf;
1648 unsigned int i_head, o_head;
1649 unsigned int i_tail, o_tail;
1650 unsigned int i_mask, o_mask;
1654 * Potential ABBA deadlock, work around it by ordering lock
1655 * grabbing by pipe info address. Otherwise two different processes
1656 * could deadlock (one doing tee from A -> B, the other from B -> A).
1658 pipe_double_lock(ipipe, opipe);
1660 i_tail = ipipe->tail;
1661 i_mask = ipipe->ring_size - 1;
1662 o_head = opipe->head;
1663 o_mask = opipe->ring_size - 1;
1666 if (!opipe->readers) {
1667 send_sig(SIGPIPE, current, 0);
1673 i_head = ipipe->head;
1674 o_tail = opipe->tail;
1677 * If we have iterated all input buffers or run out of
1678 * output room, break.
1680 if (pipe_empty(i_head, i_tail) ||
1681 pipe_full(o_head, o_tail, opipe->max_usage))
1684 ibuf = &ipipe->bufs[i_tail & i_mask];
1685 obuf = &opipe->bufs[o_head & o_mask];
1688 * Get a reference to this pipe buffer,
1689 * so we can copy the contents over.
1691 if (!pipe_buf_get(ipipe, ibuf)) {
1700 * Don't inherit the gift and merge flag, we need to prevent
1701 * multiple steals of this page.
1703 obuf->flags &= ~PIPE_BUF_FLAG_GIFT;
1704 obuf->flags &= ~PIPE_BUF_FLAG_CAN_MERGE;
1706 if (obuf->len > len)
1712 opipe->head = o_head;
1720 * If we put data in the output pipe, wakeup any potential readers.
1723 wakeup_pipe_readers(opipe);
1729 * This is a tee(1) implementation that works on pipes. It doesn't copy
1730 * any data, it simply references the 'in' pages on the 'out' pipe.
1731 * The 'flags' used are the SPLICE_F_* variants, currently the only
1732 * applicable one is SPLICE_F_NONBLOCK.
1734 long do_tee(struct file *in, struct file *out, size_t len, unsigned int flags)
1736 struct pipe_inode_info *ipipe = get_pipe_info(in, true);
1737 struct pipe_inode_info *opipe = get_pipe_info(out, true);
1740 if (unlikely(!(in->f_mode & FMODE_READ) ||
1741 !(out->f_mode & FMODE_WRITE)))
1745 * Duplicate the contents of ipipe to opipe without actually
1748 if (ipipe && opipe && ipipe != opipe) {
1749 if ((in->f_flags | out->f_flags) & O_NONBLOCK)
1750 flags |= SPLICE_F_NONBLOCK;
1753 * Keep going, unless we encounter an error. The ipipe/opipe
1754 * ordering doesn't really matter.
1756 ret = ipipe_prep(ipipe, flags);
1758 ret = opipe_prep(opipe, flags);
1760 ret = link_pipe(ipipe, opipe, len, flags);
1767 SYSCALL_DEFINE4(tee, int, fdin, int, fdout, size_t, len, unsigned int, flags)
1772 if (unlikely(flags & ~SPLICE_F_ALL))
1783 error = do_tee(in.file, out.file, len, flags);
projects / linux-2.6-microblaze.git / blob