2 * "splice": joining two ropes together by interweaving their strands.
4 * This is the "extended pipe" functionality, where a pipe is used as
5 * an arbitrary in-memory buffer. Think of a pipe as a small kernel
6 * buffer that you can use to transfer data from one end to the other.
8 * The traditional unix read/write is extended with a "splice()" operation
9 * that transfers data buffers to or from a pipe buffer.
11 * Named by Larry McVoy, original implementation from Linus, extended by
12 * Jens to support splicing to files, network, direct splicing, etc and
13 * fixing lots of bugs.
15 * Copyright (C) 2005-2006 Jens Axboe <axboe@kernel.dk>
16 * Copyright (C) 2005-2006 Linus Torvalds <torvalds@osdl.org>
17 * Copyright (C) 2006 Ingo Molnar <mingo@elte.hu>
20 #include <linux/bvec.h>
22 #include <linux/file.h>
23 #include <linux/pagemap.h>
24 #include <linux/splice.h>
25 #include <linux/memcontrol.h>
26 #include <linux/mm_inline.h>
27 #include <linux/swap.h>
28 #include <linux/writeback.h>
29 #include <linux/export.h>
30 #include <linux/syscalls.h>
31 #include <linux/uio.h>
32 #include <linux/security.h>
33 #include <linux/gfp.h>
34 #include <linux/socket.h>
35 #include <linux/compat.h>
39 * Attempt to steal a page from a pipe buffer. This should perhaps go into
40 * a vm helper function, it's already simplified quite a bit by the
41 * addition of remove_mapping(). If success is returned, the caller may
42 * attempt to reuse this page for another destination.
44 static int page_cache_pipe_buf_steal(struct pipe_inode_info *pipe,
45 struct pipe_buffer *buf)
47 struct page *page = buf->page;
48 struct address_space *mapping;
52 mapping = page_mapping(page);
54 WARN_ON(!PageUptodate(page));
57 * At least for ext2 with nobh option, we need to wait on
58 * writeback completing on this page, since we'll remove it
59 * from the pagecache. Otherwise truncate wont wait on the
60 * page, allowing the disk blocks to be reused by someone else
61 * before we actually wrote our data to them. fs corruption
64 wait_on_page_writeback(page);
66 if (page_has_private(page) &&
67 !try_to_release_page(page, GFP_KERNEL))
71 * If we succeeded in removing the mapping, set LRU flag
74 if (remove_mapping(mapping, page)) {
75 buf->flags |= PIPE_BUF_FLAG_LRU;
81 * Raced with truncate or failed to remove page from current
82 * address space, unlock and return failure.
89 static void page_cache_pipe_buf_release(struct pipe_inode_info *pipe,
90 struct pipe_buffer *buf)
93 buf->flags &= ~PIPE_BUF_FLAG_LRU;
97 * Check whether the contents of buf is OK to access. Since the content
98 * is a page cache page, IO may be in flight.
100 static int page_cache_pipe_buf_confirm(struct pipe_inode_info *pipe,
101 struct pipe_buffer *buf)
103 struct page *page = buf->page;
106 if (!PageUptodate(page)) {
110 * Page got truncated/unhashed. This will cause a 0-byte
111 * splice, if this is the first page.
113 if (!page->mapping) {
119 * Uh oh, read-error from disk.
121 if (!PageUptodate(page)) {
127 * Page is ok afterall, we are done.
138 const struct pipe_buf_operations page_cache_pipe_buf_ops = {
140 .confirm = page_cache_pipe_buf_confirm,
141 .release = page_cache_pipe_buf_release,
142 .steal = page_cache_pipe_buf_steal,
143 .get = generic_pipe_buf_get,
146 static int user_page_pipe_buf_steal(struct pipe_inode_info *pipe,
147 struct pipe_buffer *buf)
149 if (!(buf->flags & PIPE_BUF_FLAG_GIFT))
152 buf->flags |= PIPE_BUF_FLAG_LRU;
153 return generic_pipe_buf_steal(pipe, buf);
156 static const struct pipe_buf_operations user_page_pipe_buf_ops = {
158 .confirm = generic_pipe_buf_confirm,
159 .release = page_cache_pipe_buf_release,
160 .steal = user_page_pipe_buf_steal,
161 .get = generic_pipe_buf_get,
164 static void wakeup_pipe_readers(struct pipe_inode_info *pipe)
167 if (waitqueue_active(&pipe->wait))
168 wake_up_interruptible(&pipe->wait);
169 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
173 * splice_to_pipe - fill passed data into a pipe
174 * @pipe: pipe to fill
178 * @spd contains a map of pages and len/offset tuples, along with
179 * the struct pipe_buf_operations associated with these pages. This
180 * function will link that data to the pipe.
183 ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
184 struct splice_pipe_desc *spd)
186 unsigned int spd_pages = spd->nr_pages;
187 int ret = 0, page_nr = 0;
192 if (unlikely(!pipe->readers)) {
193 send_sig(SIGPIPE, current, 0);
198 while (pipe->nrbufs < pipe->buffers) {
199 int newbuf = (pipe->curbuf + pipe->nrbufs) & (pipe->buffers - 1);
200 struct pipe_buffer *buf = pipe->bufs + newbuf;
202 buf->page = spd->pages[page_nr];
203 buf->offset = spd->partial[page_nr].offset;
204 buf->len = spd->partial[page_nr].len;
205 buf->private = spd->partial[page_nr].private;
213 if (!--spd->nr_pages)
221 while (page_nr < spd_pages)
222 spd->spd_release(spd, page_nr++);
226 EXPORT_SYMBOL_GPL(splice_to_pipe);
228 ssize_t add_to_pipe(struct pipe_inode_info *pipe, struct pipe_buffer *buf)
232 if (unlikely(!pipe->readers)) {
233 send_sig(SIGPIPE, current, 0);
235 } else if (pipe->nrbufs == pipe->buffers) {
238 int newbuf = (pipe->curbuf + pipe->nrbufs) & (pipe->buffers - 1);
239 pipe->bufs[newbuf] = *buf;
243 pipe_buf_release(pipe, buf);
246 EXPORT_SYMBOL(add_to_pipe);
248 void spd_release_page(struct splice_pipe_desc *spd, unsigned int i)
250 put_page(spd->pages[i]);
254 * Check if we need to grow the arrays holding pages and partial page
257 int splice_grow_spd(const struct pipe_inode_info *pipe, struct splice_pipe_desc *spd)
259 unsigned int buffers = ACCESS_ONCE(pipe->buffers);
261 spd->nr_pages_max = buffers;
262 if (buffers <= PIPE_DEF_BUFFERS)
265 spd->pages = kmalloc(buffers * sizeof(struct page *), GFP_KERNEL);
266 spd->partial = kmalloc(buffers * sizeof(struct partial_page), GFP_KERNEL);
268 if (spd->pages && spd->partial)
276 void splice_shrink_spd(struct splice_pipe_desc *spd)
278 if (spd->nr_pages_max <= PIPE_DEF_BUFFERS)
286 * generic_file_splice_read - splice data from file to a pipe
287 * @in: file to splice from
288 * @ppos: position in @in
289 * @pipe: pipe to splice to
290 * @len: number of bytes to splice
291 * @flags: splice modifier flags
294 * Will read pages from given file and fill them into a pipe. Can be
295 * used as long as it has more or less sane ->read_iter().
298 ssize_t generic_file_splice_read(struct file *in, loff_t *ppos,
299 struct pipe_inode_info *pipe, size_t len,
306 iov_iter_pipe(&to, ITER_PIPE | READ, pipe, len);
308 init_sync_kiocb(&kiocb, in);
309 kiocb.ki_pos = *ppos;
310 ret = in->f_op->read_iter(&kiocb, &to);
312 *ppos = kiocb.ki_pos;
314 } else if (ret < 0) {
317 iov_iter_advance(&to, 0); /* to free what was emitted */
319 * callers of ->splice_read() expect -EAGAIN on
320 * "can't put anything in there", rather than -EFAULT.
328 EXPORT_SYMBOL(generic_file_splice_read);
330 const struct pipe_buf_operations default_pipe_buf_ops = {
332 .confirm = generic_pipe_buf_confirm,
333 .release = generic_pipe_buf_release,
334 .steal = generic_pipe_buf_steal,
335 .get = generic_pipe_buf_get,
338 static int generic_pipe_buf_nosteal(struct pipe_inode_info *pipe,
339 struct pipe_buffer *buf)
344 /* Pipe buffer operations for a socket and similar. */
345 const struct pipe_buf_operations nosteal_pipe_buf_ops = {
347 .confirm = generic_pipe_buf_confirm,
348 .release = generic_pipe_buf_release,
349 .steal = generic_pipe_buf_nosteal,
350 .get = generic_pipe_buf_get,
352 EXPORT_SYMBOL(nosteal_pipe_buf_ops);
354 static ssize_t kernel_readv(struct file *file, const struct kvec *vec,
355 unsigned long vlen, loff_t offset)
363 /* The cast to a user pointer is valid due to the set_fs() */
364 res = vfs_readv(file, (const struct iovec __user *)vec, vlen, &pos, 0);
370 ssize_t kernel_write(struct file *file, const char *buf, size_t count,
378 /* The cast to a user pointer is valid due to the set_fs() */
379 res = vfs_write(file, (__force const char __user *)buf, count, &pos);
384 EXPORT_SYMBOL(kernel_write);
386 static ssize_t default_file_splice_read(struct file *in, loff_t *ppos,
387 struct pipe_inode_info *pipe, size_t len,
390 struct kvec *vec, __vec[PIPE_DEF_BUFFERS];
393 unsigned int nr_pages;
394 size_t offset, dummy, copied = 0;
398 if (pipe->nrbufs == pipe->buffers)
402 * Try to keep page boundaries matching to source pagecache ones -
403 * it probably won't be much help, but...
405 offset = *ppos & ~PAGE_MASK;
407 iov_iter_pipe(&to, ITER_PIPE | READ, pipe, len + offset);
409 res = iov_iter_get_pages_alloc(&to, &pages, len + offset, &dummy);
414 nr_pages = DIV_ROUND_UP(res, PAGE_SIZE);
417 if (nr_pages > PIPE_DEF_BUFFERS) {
418 vec = kmalloc(nr_pages * sizeof(struct kvec), GFP_KERNEL);
419 if (unlikely(!vec)) {
425 pipe->bufs[to.idx].offset = offset;
426 pipe->bufs[to.idx].len -= offset;
428 for (i = 0; i < nr_pages; i++) {
429 size_t this_len = min_t(size_t, len, PAGE_SIZE - offset);
430 vec[i].iov_base = page_address(pages[i]) + offset;
431 vec[i].iov_len = this_len;
436 res = kernel_readv(in, vec, nr_pages, *ppos);
445 for (i = 0; i < nr_pages; i++)
448 iov_iter_advance(&to, copied); /* truncates and discards */
453 * Send 'sd->len' bytes to socket from 'sd->file' at position 'sd->pos'
454 * using sendpage(). Return the number of bytes sent.
456 static int pipe_to_sendpage(struct pipe_inode_info *pipe,
457 struct pipe_buffer *buf, struct splice_desc *sd)
459 struct file *file = sd->u.file;
460 loff_t pos = sd->pos;
463 if (!likely(file->f_op->sendpage))
466 more = (sd->flags & SPLICE_F_MORE) ? MSG_MORE : 0;
468 if (sd->len < sd->total_len && pipe->nrbufs > 1)
469 more |= MSG_SENDPAGE_NOTLAST;
471 return file->f_op->sendpage(file, buf->page, buf->offset,
472 sd->len, &pos, more);
475 static void wakeup_pipe_writers(struct pipe_inode_info *pipe)
478 if (waitqueue_active(&pipe->wait))
479 wake_up_interruptible(&pipe->wait);
480 kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
484 * splice_from_pipe_feed - feed available data from a pipe to a file
485 * @pipe: pipe to splice from
486 * @sd: information to @actor
487 * @actor: handler that splices the data
490 * This function loops over the pipe and calls @actor to do the
491 * actual moving of a single struct pipe_buffer to the desired
492 * destination. It returns when there's no more buffers left in
493 * the pipe or if the requested number of bytes (@sd->total_len)
494 * have been copied. It returns a positive number (one) if the
495 * pipe needs to be filled with more data, zero if the required
496 * number of bytes have been copied and -errno on error.
498 * This, together with splice_from_pipe_{begin,end,next}, may be
499 * used to implement the functionality of __splice_from_pipe() when
500 * locking is required around copying the pipe buffers to the
503 static int splice_from_pipe_feed(struct pipe_inode_info *pipe, struct splice_desc *sd,
508 while (pipe->nrbufs) {
509 struct pipe_buffer *buf = pipe->bufs + pipe->curbuf;
512 if (sd->len > sd->total_len)
513 sd->len = sd->total_len;
515 ret = pipe_buf_confirm(pipe, buf);
522 ret = actor(pipe, buf, sd);
529 sd->num_spliced += ret;
532 sd->total_len -= ret;
535 pipe_buf_release(pipe, buf);
536 pipe->curbuf = (pipe->curbuf + 1) & (pipe->buffers - 1);
539 sd->need_wakeup = true;
550 * splice_from_pipe_next - wait for some data to splice from
551 * @pipe: pipe to splice from
552 * @sd: information about the splice operation
555 * This function will wait for some data and return a positive
556 * value (one) if pipe buffers are available. It will return zero
557 * or -errno if no more data needs to be spliced.
559 static int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_desc *sd)
562 * Check for signal early to make process killable when there are
563 * always buffers available
565 if (signal_pending(current))
568 while (!pipe->nrbufs) {
572 if (!pipe->waiting_writers && sd->num_spliced)
575 if (sd->flags & SPLICE_F_NONBLOCK)
578 if (signal_pending(current))
581 if (sd->need_wakeup) {
582 wakeup_pipe_writers(pipe);
583 sd->need_wakeup = false;
593 * splice_from_pipe_begin - start splicing from pipe
594 * @sd: information about the splice operation
597 * This function should be called before a loop containing
598 * splice_from_pipe_next() and splice_from_pipe_feed() to
599 * initialize the necessary fields of @sd.
601 static void splice_from_pipe_begin(struct splice_desc *sd)
604 sd->need_wakeup = false;
608 * splice_from_pipe_end - finish splicing from pipe
609 * @pipe: pipe to splice from
610 * @sd: information about the splice operation
613 * This function will wake up pipe writers if necessary. It should
614 * be called after a loop containing splice_from_pipe_next() and
615 * splice_from_pipe_feed().
617 static void splice_from_pipe_end(struct pipe_inode_info *pipe, struct splice_desc *sd)
620 wakeup_pipe_writers(pipe);
624 * __splice_from_pipe - splice data from a pipe to given actor
625 * @pipe: pipe to splice from
626 * @sd: information to @actor
627 * @actor: handler that splices the data
630 * This function does little more than loop over the pipe and call
631 * @actor to do the actual moving of a single struct pipe_buffer to
632 * the desired destination. See pipe_to_file, pipe_to_sendpage, or
636 ssize_t __splice_from_pipe(struct pipe_inode_info *pipe, struct splice_desc *sd,
641 splice_from_pipe_begin(sd);
644 ret = splice_from_pipe_next(pipe, sd);
646 ret = splice_from_pipe_feed(pipe, sd, actor);
648 splice_from_pipe_end(pipe, sd);
650 return sd->num_spliced ? sd->num_spliced : ret;
652 EXPORT_SYMBOL(__splice_from_pipe);
655 * splice_from_pipe - splice data from a pipe to a file
656 * @pipe: pipe to splice from
657 * @out: file to splice to
658 * @ppos: position in @out
659 * @len: how many bytes to splice
660 * @flags: splice modifier flags
661 * @actor: handler that splices the data
664 * See __splice_from_pipe. This function locks the pipe inode,
665 * otherwise it's identical to __splice_from_pipe().
668 ssize_t splice_from_pipe(struct pipe_inode_info *pipe, struct file *out,
669 loff_t *ppos, size_t len, unsigned int flags,
673 struct splice_desc sd = {
681 ret = __splice_from_pipe(pipe, &sd, actor);
688 * iter_file_splice_write - splice data from a pipe to a file
690 * @out: file to write to
691 * @ppos: position in @out
692 * @len: number of bytes to splice
693 * @flags: splice modifier flags
696 * Will either move or copy pages (determined by @flags options) from
697 * the given pipe inode to the given file.
698 * This one is ->write_iter-based.
702 iter_file_splice_write(struct pipe_inode_info *pipe, struct file *out,
703 loff_t *ppos, size_t len, unsigned int flags)
705 struct splice_desc sd = {
711 int nbufs = pipe->buffers;
712 struct bio_vec *array = kcalloc(nbufs, sizeof(struct bio_vec),
716 if (unlikely(!array))
721 splice_from_pipe_begin(&sd);
722 while (sd.total_len) {
723 struct iov_iter from;
727 ret = splice_from_pipe_next(pipe, &sd);
731 if (unlikely(nbufs < pipe->buffers)) {
733 nbufs = pipe->buffers;
734 array = kcalloc(nbufs, sizeof(struct bio_vec),
742 /* build the vector */
744 for (n = 0, idx = pipe->curbuf; left && n < pipe->nrbufs; n++, idx++) {
745 struct pipe_buffer *buf = pipe->bufs + idx;
746 size_t this_len = buf->len;
751 if (idx == pipe->buffers - 1)
754 ret = pipe_buf_confirm(pipe, buf);
761 array[n].bv_page = buf->page;
762 array[n].bv_len = this_len;
763 array[n].bv_offset = buf->offset;
767 iov_iter_bvec(&from, ITER_BVEC | WRITE, array, n,
768 sd.total_len - left);
769 ret = vfs_iter_write(out, &from, &sd.pos);
773 sd.num_spliced += ret;
777 /* dismiss the fully eaten buffers, adjust the partial one */
779 struct pipe_buffer *buf = pipe->bufs + pipe->curbuf;
780 if (ret >= buf->len) {
783 pipe_buf_release(pipe, buf);
784 pipe->curbuf = (pipe->curbuf + 1) & (pipe->buffers - 1);
787 sd.need_wakeup = true;
797 splice_from_pipe_end(pipe, &sd);
802 ret = sd.num_spliced;
807 EXPORT_SYMBOL(iter_file_splice_write);
809 static int write_pipe_buf(struct pipe_inode_info *pipe, struct pipe_buffer *buf,
810 struct splice_desc *sd)
814 loff_t tmp = sd->pos;
816 data = kmap(buf->page);
817 ret = __kernel_write(sd->u.file, data + buf->offset, sd->len, &tmp);
823 static ssize_t default_file_splice_write(struct pipe_inode_info *pipe,
824 struct file *out, loff_t *ppos,
825 size_t len, unsigned int flags)
829 ret = splice_from_pipe(pipe, out, ppos, len, flags, write_pipe_buf);
837 * generic_splice_sendpage - splice data from a pipe to a socket
838 * @pipe: pipe to splice from
839 * @out: socket to write to
840 * @ppos: position in @out
841 * @len: number of bytes to splice
842 * @flags: splice modifier flags
845 * Will send @len bytes from the pipe to a network socket. No data copying
849 ssize_t generic_splice_sendpage(struct pipe_inode_info *pipe, struct file *out,
850 loff_t *ppos, size_t len, unsigned int flags)
852 return splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_sendpage);
855 EXPORT_SYMBOL(generic_splice_sendpage);
858 * Attempt to initiate a splice from pipe to file.
860 static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
861 loff_t *ppos, size_t len, unsigned int flags)
863 ssize_t (*splice_write)(struct pipe_inode_info *, struct file *,
864 loff_t *, size_t, unsigned int);
866 if (out->f_op->splice_write)
867 splice_write = out->f_op->splice_write;
869 splice_write = default_file_splice_write;
871 return splice_write(pipe, out, ppos, len, flags);
875 * Attempt to initiate a splice from a file to a pipe.
877 static long do_splice_to(struct file *in, loff_t *ppos,
878 struct pipe_inode_info *pipe, size_t len,
881 ssize_t (*splice_read)(struct file *, loff_t *,
882 struct pipe_inode_info *, size_t, unsigned int);
885 if (unlikely(!(in->f_mode & FMODE_READ)))
888 ret = rw_verify_area(READ, in, ppos, len);
889 if (unlikely(ret < 0))
892 if (unlikely(len > MAX_RW_COUNT))
895 if (in->f_op->splice_read)
896 splice_read = in->f_op->splice_read;
898 splice_read = default_file_splice_read;
900 return splice_read(in, ppos, pipe, len, flags);
904 * splice_direct_to_actor - splices data directly between two non-pipes
905 * @in: file to splice from
906 * @sd: actor information on where to splice to
907 * @actor: handles the data splicing
910 * This is a special case helper to splice directly between two
911 * points, without requiring an explicit pipe. Internally an allocated
912 * pipe is cached in the process, and reused during the lifetime of
916 ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
917 splice_direct_actor *actor)
919 struct pipe_inode_info *pipe;
926 * We require the input being a regular file, as we don't want to
927 * randomly drop data for eg socket -> socket splicing. Use the
928 * piped splicing for that!
930 i_mode = file_inode(in)->i_mode;
931 if (unlikely(!S_ISREG(i_mode) && !S_ISBLK(i_mode)))
935 * neither in nor out is a pipe, setup an internal pipe attached to
936 * 'out' and transfer the wanted data from 'in' to 'out' through that
938 pipe = current->splice_pipe;
939 if (unlikely(!pipe)) {
940 pipe = alloc_pipe_info();
945 * We don't have an immediate reader, but we'll read the stuff
946 * out of the pipe right after the splice_to_pipe(). So set
947 * PIPE_READERS appropriately.
951 current->splice_pipe = pipe;
963 * Don't block on output, we have to drain the direct pipe.
965 sd->flags &= ~SPLICE_F_NONBLOCK;
966 more = sd->flags & SPLICE_F_MORE;
970 loff_t pos = sd->pos, prev_pos = pos;
972 ret = do_splice_to(in, &pos, pipe, len, flags);
973 if (unlikely(ret <= 0))
977 sd->total_len = read_len;
980 * If more data is pending, set SPLICE_F_MORE
981 * If this is the last data and SPLICE_F_MORE was not set
982 * initially, clears it.
985 sd->flags |= SPLICE_F_MORE;
987 sd->flags &= ~SPLICE_F_MORE;
989 * NOTE: nonblocking mode only applies to the input. We
990 * must not do the output in nonblocking mode as then we
991 * could get stuck data in the internal pipe:
993 ret = actor(pipe, sd);
994 if (unlikely(ret <= 0)) {
1003 if (ret < read_len) {
1004 sd->pos = prev_pos + ret;
1010 pipe->nrbufs = pipe->curbuf = 0;
1016 * If we did an incomplete transfer we must release
1017 * the pipe buffers in question:
1019 for (i = 0; i < pipe->buffers; i++) {
1020 struct pipe_buffer *buf = pipe->bufs + i;
1023 pipe_buf_release(pipe, buf);
1031 EXPORT_SYMBOL(splice_direct_to_actor);
1033 static int direct_splice_actor(struct pipe_inode_info *pipe,
1034 struct splice_desc *sd)
1036 struct file *file = sd->u.file;
1038 return do_splice_from(pipe, file, sd->opos, sd->total_len,
1043 * do_splice_direct - splices data directly between two files
1044 * @in: file to splice from
1045 * @ppos: input file offset
1046 * @out: file to splice to
1047 * @opos: output file offset
1048 * @len: number of bytes to splice
1049 * @flags: splice modifier flags
1052 * For use by do_sendfile(). splice can easily emulate sendfile, but
1053 * doing it in the application would incur an extra system call
1054 * (splice in + splice out, as compared to just sendfile()). So this helper
1055 * can splice directly through a process-private pipe.
1058 long do_splice_direct(struct file *in, loff_t *ppos, struct file *out,
1059 loff_t *opos, size_t len, unsigned int flags)
1061 struct splice_desc sd = {
1071 if (unlikely(!(out->f_mode & FMODE_WRITE)))
1074 if (unlikely(out->f_flags & O_APPEND))
1077 ret = rw_verify_area(WRITE, out, opos, len);
1078 if (unlikely(ret < 0))
1081 ret = splice_direct_to_actor(in, &sd, direct_splice_actor);
1087 EXPORT_SYMBOL(do_splice_direct);
1089 static int wait_for_space(struct pipe_inode_info *pipe, unsigned flags)
1092 if (unlikely(!pipe->readers)) {
1093 send_sig(SIGPIPE, current, 0);
1096 if (pipe->nrbufs != pipe->buffers)
1098 if (flags & SPLICE_F_NONBLOCK)
1100 if (signal_pending(current))
1101 return -ERESTARTSYS;
1102 pipe->waiting_writers++;
1104 pipe->waiting_writers--;
1108 static int splice_pipe_to_pipe(struct pipe_inode_info *ipipe,
1109 struct pipe_inode_info *opipe,
1110 size_t len, unsigned int flags);
1113 * Determine where to splice to/from.
1115 static long do_splice(struct file *in, loff_t __user *off_in,
1116 struct file *out, loff_t __user *off_out,
1117 size_t len, unsigned int flags)
1119 struct pipe_inode_info *ipipe;
1120 struct pipe_inode_info *opipe;
1124 ipipe = get_pipe_info(in);
1125 opipe = get_pipe_info(out);
1127 if (ipipe && opipe) {
1128 if (off_in || off_out)
1131 if (!(in->f_mode & FMODE_READ))
1134 if (!(out->f_mode & FMODE_WRITE))
1137 /* Splicing to self would be fun, but... */
1141 return splice_pipe_to_pipe(ipipe, opipe, len, flags);
1148 if (!(out->f_mode & FMODE_PWRITE))
1150 if (copy_from_user(&offset, off_out, sizeof(loff_t)))
1153 offset = out->f_pos;
1156 if (unlikely(!(out->f_mode & FMODE_WRITE)))
1159 if (unlikely(out->f_flags & O_APPEND))
1162 ret = rw_verify_area(WRITE, out, &offset, len);
1163 if (unlikely(ret < 0))
1166 file_start_write(out);
1167 ret = do_splice_from(ipipe, out, &offset, len, flags);
1168 file_end_write(out);
1171 out->f_pos = offset;
1172 else if (copy_to_user(off_out, &offset, sizeof(loff_t)))
1182 if (!(in->f_mode & FMODE_PREAD))
1184 if (copy_from_user(&offset, off_in, sizeof(loff_t)))
1191 ret = wait_for_space(opipe, flags);
1193 ret = do_splice_to(in, &offset, opipe, len, flags);
1196 wakeup_pipe_readers(opipe);
1199 else if (copy_to_user(off_in, &offset, sizeof(loff_t)))
1208 static int iter_to_pipe(struct iov_iter *from,
1209 struct pipe_inode_info *pipe,
1212 struct pipe_buffer buf = {
1213 .ops = &user_page_pipe_buf_ops,
1218 bool failed = false;
1220 while (iov_iter_count(from) && !failed) {
1221 struct page *pages[16];
1226 copied = iov_iter_get_pages(from, pages, ~0UL, 16, &start);
1232 for (n = 0; copied; n++, start = 0) {
1233 int size = min_t(int, copied, PAGE_SIZE - start);
1235 buf.page = pages[n];
1238 ret = add_to_pipe(pipe, &buf);
1239 if (unlikely(ret < 0)) {
1242 iov_iter_advance(from, ret);
1251 return total ? total : ret;
1254 static int pipe_to_user(struct pipe_inode_info *pipe, struct pipe_buffer *buf,
1255 struct splice_desc *sd)
1257 int n = copy_page_to_iter(buf->page, buf->offset, sd->len, sd->u.data);
1258 return n == sd->len ? n : -EFAULT;
1262 * For lack of a better implementation, implement vmsplice() to userspace
1263 * as a simple copy of the pipes pages to the user iov.
1265 static long vmsplice_to_user(struct file *file, const struct iovec __user *uiov,
1266 unsigned long nr_segs, unsigned int flags)
1268 struct pipe_inode_info *pipe;
1269 struct splice_desc sd;
1271 struct iovec iovstack[UIO_FASTIOV];
1272 struct iovec *iov = iovstack;
1273 struct iov_iter iter;
1275 pipe = get_pipe_info(file);
1279 ret = import_iovec(READ, uiov, nr_segs,
1280 ARRAY_SIZE(iovstack), &iov, &iter);
1284 sd.total_len = iov_iter_count(&iter);
1292 ret = __splice_from_pipe(pipe, &sd, pipe_to_user);
1301 * vmsplice splices a user address range into a pipe. It can be thought of
1302 * as splice-from-memory, where the regular splice is splice-from-file (or
1303 * to file). In both cases the output is a pipe, naturally.
1305 static long vmsplice_to_pipe(struct file *file, const struct iovec __user *uiov,
1306 unsigned long nr_segs, unsigned int flags)
1308 struct pipe_inode_info *pipe;
1309 struct iovec iovstack[UIO_FASTIOV];
1310 struct iovec *iov = iovstack;
1311 struct iov_iter from;
1313 unsigned buf_flag = 0;
1315 if (flags & SPLICE_F_GIFT)
1316 buf_flag = PIPE_BUF_FLAG_GIFT;
1318 pipe = get_pipe_info(file);
1322 ret = import_iovec(WRITE, uiov, nr_segs,
1323 ARRAY_SIZE(iovstack), &iov, &from);
1328 ret = wait_for_space(pipe, flags);
1330 ret = iter_to_pipe(&from, pipe, buf_flag);
1333 wakeup_pipe_readers(pipe);
1339 * Note that vmsplice only really supports true splicing _from_ user memory
1340 * to a pipe, not the other way around. Splicing from user memory is a simple
1341 * operation that can be supported without any funky alignment restrictions
1342 * or nasty vm tricks. We simply map in the user memory and fill them into
1343 * a pipe. The reverse isn't quite as easy, though. There are two possible
1344 * solutions for that:
1346 * - memcpy() the data internally, at which point we might as well just
1347 * do a regular read() on the buffer anyway.
1348 * - Lots of nasty vm tricks, that are neither fast nor flexible (it
1349 * has restriction limitations on both ends of the pipe).
1351 * Currently we punt and implement it as a normal copy, see pipe_to_user().
1354 SYSCALL_DEFINE4(vmsplice, int, fd, const struct iovec __user *, iov,
1355 unsigned long, nr_segs, unsigned int, flags)
1360 if (unlikely(nr_segs > UIO_MAXIOV))
1362 else if (unlikely(!nr_segs))
1368 if (f.file->f_mode & FMODE_WRITE)
1369 error = vmsplice_to_pipe(f.file, iov, nr_segs, flags);
1370 else if (f.file->f_mode & FMODE_READ)
1371 error = vmsplice_to_user(f.file, iov, nr_segs, flags);
1379 #ifdef CONFIG_COMPAT
1380 COMPAT_SYSCALL_DEFINE4(vmsplice, int, fd, const struct compat_iovec __user *, iov32,
1381 unsigned int, nr_segs, unsigned int, flags)
1384 struct iovec __user *iov;
1385 if (nr_segs > UIO_MAXIOV)
1387 iov = compat_alloc_user_space(nr_segs * sizeof(struct iovec));
1388 for (i = 0; i < nr_segs; i++) {
1389 struct compat_iovec v;
1390 if (get_user(v.iov_base, &iov32[i].iov_base) ||
1391 get_user(v.iov_len, &iov32[i].iov_len) ||
1392 put_user(compat_ptr(v.iov_base), &iov[i].iov_base) ||
1393 put_user(v.iov_len, &iov[i].iov_len))
1396 return sys_vmsplice(fd, iov, nr_segs, flags);
1400 SYSCALL_DEFINE6(splice, int, fd_in, loff_t __user *, off_in,
1401 int, fd_out, loff_t __user *, off_out,
1402 size_t, len, unsigned int, flags)
1413 if (in.file->f_mode & FMODE_READ) {
1414 out = fdget(fd_out);
1416 if (out.file->f_mode & FMODE_WRITE)
1417 error = do_splice(in.file, off_in,
1429 * Make sure there's data to read. Wait for input if we can, otherwise
1430 * return an appropriate error.
1432 static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
1437 * Check ->nrbufs without the inode lock first. This function
1438 * is speculative anyways, so missing one is ok.
1446 while (!pipe->nrbufs) {
1447 if (signal_pending(current)) {
1453 if (!pipe->waiting_writers) {
1454 if (flags & SPLICE_F_NONBLOCK) {
1467 * Make sure there's writeable room. Wait for room if we can, otherwise
1468 * return an appropriate error.
1470 static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
1475 * Check ->nrbufs without the inode lock first. This function
1476 * is speculative anyways, so missing one is ok.
1478 if (pipe->nrbufs < pipe->buffers)
1484 while (pipe->nrbufs >= pipe->buffers) {
1485 if (!pipe->readers) {
1486 send_sig(SIGPIPE, current, 0);
1490 if (flags & SPLICE_F_NONBLOCK) {
1494 if (signal_pending(current)) {
1498 pipe->waiting_writers++;
1500 pipe->waiting_writers--;
1508 * Splice contents of ipipe to opipe.
1510 static int splice_pipe_to_pipe(struct pipe_inode_info *ipipe,
1511 struct pipe_inode_info *opipe,
1512 size_t len, unsigned int flags)
1514 struct pipe_buffer *ibuf, *obuf;
1516 bool input_wakeup = false;
1520 ret = ipipe_prep(ipipe, flags);
1524 ret = opipe_prep(opipe, flags);
1529 * Potential ABBA deadlock, work around it by ordering lock
1530 * grabbing by pipe info address. Otherwise two different processes
1531 * could deadlock (one doing tee from A -> B, the other from B -> A).
1533 pipe_double_lock(ipipe, opipe);
1536 if (!opipe->readers) {
1537 send_sig(SIGPIPE, current, 0);
1543 if (!ipipe->nrbufs && !ipipe->writers)
1547 * Cannot make any progress, because either the input
1548 * pipe is empty or the output pipe is full.
1550 if (!ipipe->nrbufs || opipe->nrbufs >= opipe->buffers) {
1551 /* Already processed some buffers, break */
1555 if (flags & SPLICE_F_NONBLOCK) {
1561 * We raced with another reader/writer and haven't
1562 * managed to process any buffers. A zero return
1563 * value means EOF, so retry instead.
1570 ibuf = ipipe->bufs + ipipe->curbuf;
1571 nbuf = (opipe->curbuf + opipe->nrbufs) & (opipe->buffers - 1);
1572 obuf = opipe->bufs + nbuf;
1574 if (len >= ibuf->len) {
1576 * Simply move the whole buffer from ipipe to opipe
1581 ipipe->curbuf = (ipipe->curbuf + 1) & (ipipe->buffers - 1);
1583 input_wakeup = true;
1586 * Get a reference to this pipe buffer,
1587 * so we can copy the contents over.
1589 pipe_buf_get(ipipe, ibuf);
1593 * Don't inherit the gift flag, we need to
1594 * prevent multiple steals of this page.
1596 obuf->flags &= ~PIPE_BUF_FLAG_GIFT;
1600 ibuf->offset += obuf->len;
1601 ibuf->len -= obuf->len;
1611 * If we put data in the output pipe, wakeup any potential readers.
1614 wakeup_pipe_readers(opipe);
1617 wakeup_pipe_writers(ipipe);
1623 * Link contents of ipipe to opipe.
1625 static int link_pipe(struct pipe_inode_info *ipipe,
1626 struct pipe_inode_info *opipe,
1627 size_t len, unsigned int flags)
1629 struct pipe_buffer *ibuf, *obuf;
1630 int ret = 0, i = 0, nbuf;
1633 * Potential ABBA deadlock, work around it by ordering lock
1634 * grabbing by pipe info address. Otherwise two different processes
1635 * could deadlock (one doing tee from A -> B, the other from B -> A).
1637 pipe_double_lock(ipipe, opipe);
1640 if (!opipe->readers) {
1641 send_sig(SIGPIPE, current, 0);
1648 * If we have iterated all input buffers or ran out of
1649 * output room, break.
1651 if (i >= ipipe->nrbufs || opipe->nrbufs >= opipe->buffers)
1654 ibuf = ipipe->bufs + ((ipipe->curbuf + i) & (ipipe->buffers-1));
1655 nbuf = (opipe->curbuf + opipe->nrbufs) & (opipe->buffers - 1);
1658 * Get a reference to this pipe buffer,
1659 * so we can copy the contents over.
1661 pipe_buf_get(ipipe, ibuf);
1663 obuf = opipe->bufs + nbuf;
1667 * Don't inherit the gift flag, we need to
1668 * prevent multiple steals of this page.
1670 obuf->flags &= ~PIPE_BUF_FLAG_GIFT;
1672 if (obuf->len > len)
1682 * return EAGAIN if we have the potential of some data in the
1683 * future, otherwise just return 0
1685 if (!ret && ipipe->waiting_writers && (flags & SPLICE_F_NONBLOCK))
1692 * If we put data in the output pipe, wakeup any potential readers.
1695 wakeup_pipe_readers(opipe);
1701 * This is a tee(1) implementation that works on pipes. It doesn't copy
1702 * any data, it simply references the 'in' pages on the 'out' pipe.
1703 * The 'flags' used are the SPLICE_F_* variants, currently the only
1704 * applicable one is SPLICE_F_NONBLOCK.
1706 static long do_tee(struct file *in, struct file *out, size_t len,
1709 struct pipe_inode_info *ipipe = get_pipe_info(in);
1710 struct pipe_inode_info *opipe = get_pipe_info(out);
1714 * Duplicate the contents of ipipe to opipe without actually
1717 if (ipipe && opipe && ipipe != opipe) {
1719 * Keep going, unless we encounter an error. The ipipe/opipe
1720 * ordering doesn't really matter.
1722 ret = ipipe_prep(ipipe, flags);
1724 ret = opipe_prep(opipe, flags);
1726 ret = link_pipe(ipipe, opipe, len, flags);
1733 SYSCALL_DEFINE4(tee, int, fdin, int, fdout, size_t, len, unsigned int, flags)
1744 if (in.file->f_mode & FMODE_READ) {
1745 struct fd out = fdget(fdout);
1747 if (out.file->f_mode & FMODE_WRITE)
1748 error = do_tee(in.file, out.file,
git.samba.org / sfrench / cifs-2.6.git / blob