]> git.proxmox.com Git - mirror_ubuntu-hirsute-kernel.git/blame - fs/pipe.c
projects / mirror_ubuntu-hirsute-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
pipe: remove 'waiting_writers' merging logic
[mirror_ubuntu-hirsute-kernel.git] / fs / pipe.c
CommitLineData
b2441318 1// SPDX-License-Identifier: GPL-2.0
1da177e4
LT		 2/*
3 * linux/fs/pipe.c
4 *
5 * Copyright (C) 1991, 1992, 1999 Linus Torvalds
6 */
7
8#include <linux/mm.h>
9#include <linux/file.h>
10#include <linux/poll.h>
11#include <linux/slab.h>
12#include <linux/module.h>
13#include <linux/init.h>
14#include <linux/fs.h>
35f3d14d 15#include <linux/log2.h>
1da177e4 16#include <linux/mount.h>
4fa7ec5d 17#include <linux/pseudo_fs.h>
b502bd11 18#include <linux/magic.h>
1da177e4
LT		 19#include <linux/pipe_fs_i.h>
20#include <linux/uio.h>
21#include <linux/highmem.h>
5274f052 22#include <linux/pagemap.h>
db349509 23#include <linux/audit.h>
ba719bae 24#include <linux/syscalls.h>
b492e95b 25#include <linux/fcntl.h>
d86133bd 26#include <linux/memcontrol.h>
1da177e4 27
7c0f6ba6 28#include <linux/uaccess.h>
1da177e4
LT		 29#include <asm/ioctls.h>
30
599a0ac1
AV		 31#include "internal.h"
32
b492e95b
JA		 33/*
34 * The max size that a non-root user is allowed to grow the pipe. Can
ff9da691 35 * be set by root in /proc/sys/fs/pipe-max-size
b492e95b 36 */
ff9da691
JA		 37unsigned int pipe_max_size = 1048576;
38
759c0114
WT		 39/* Maximum allocatable pages per user. Hard limit is unset by default, soft
40 * matches default values.
41 */
42unsigned long pipe_user_pages_hard;
43unsigned long pipe_user_pages_soft = PIPE_DEF_BUFFERS * INR_OPEN_CUR;
44
1da177e4 45/*
8cefc107
DH		 46 * We use head and tail indices that aren't masked off, except at the point of
47 * dereference, but rather they're allowed to wrap naturally. This means there
48 * isn't a dead spot in the buffer, but the ring has to be a power of two and
49 * <= 2^31.
50 * -- David Howells 2019-09-23.
51 *
1da177e4
LT		 52 * Reads with count = 0 should always return 0.
53 * -- Julian Bradfield 1999-06-07.
54 *
55 * FIFOs and Pipes now generate SIGIO for both readers and writers.
56 * -- Jeremy Elson <jelson@circlemud.org> 2001-08-16
57 *
58 * pipe_read & write cleanup
59 * -- Manfred Spraul <manfred@colorfullife.com> 2002-05-09
60 */
61
61e0d47c
MS		 62static void pipe_lock_nested(struct pipe_inode_info *pipe, int subclass)
63{
6447a3cf 64 if (pipe->files)
72b0d9aa 65 mutex_lock_nested(&pipe->mutex, subclass);
61e0d47c
MS		 66}
67
68void pipe_lock(struct pipe_inode_info *pipe)
69{
70 /*
71 * pipe_lock() nests non-pipe inode locks (for writing to a file)
72 */
73 pipe_lock_nested(pipe, I_MUTEX_PARENT);
74}
75EXPORT_SYMBOL(pipe_lock);
76
77void pipe_unlock(struct pipe_inode_info *pipe)
78{
6447a3cf 79 if (pipe->files)
72b0d9aa 80 mutex_unlock(&pipe->mutex);
61e0d47c
MS		 81}
82EXPORT_SYMBOL(pipe_unlock);
83
ebec73f4
AV		 84static inline void __pipe_lock(struct pipe_inode_info *pipe)
85{
86 mutex_lock_nested(&pipe->mutex, I_MUTEX_PARENT);
87}
88
89static inline void __pipe_unlock(struct pipe_inode_info *pipe)
90{
91 mutex_unlock(&pipe->mutex);
92}
93
61e0d47c
MS		 94void pipe_double_lock(struct pipe_inode_info *pipe1,
95 struct pipe_inode_info *pipe2)
96{
97 BUG_ON(pipe1 == pipe2);
98
99 if (pipe1 < pipe2) {
100 pipe_lock_nested(pipe1, I_MUTEX_PARENT);
101 pipe_lock_nested(pipe2, I_MUTEX_CHILD);
102 } else {
023d43c7
PZ		 103 pipe_lock_nested(pipe2, I_MUTEX_PARENT);
104 pipe_lock_nested(pipe1, I_MUTEX_CHILD);
61e0d47c
MS		 105 }
106}
107
1da177e4 108/* Drop the inode semaphore and wait for a pipe event, atomically */
3a326a2c 109void pipe_wait(struct pipe_inode_info *pipe)
1da177e4
LT		 110{
111 DEFINE_WAIT(wait);
112
d79fc0fc
IM		 113 /*
114 * Pipes are system-local resources, so sleeping on them
115 * is considered a noninteractive wait:
116 */
af927232 117 prepare_to_wait(&pipe->wait, &wait, TASK_INTERRUPTIBLE);
61e0d47c 118 pipe_unlock(pipe);
1da177e4 119 schedule();
3a326a2c 120 finish_wait(&pipe->wait, &wait);
61e0d47c 121 pipe_lock(pipe);
1da177e4
LT		 122}
123
341b446b
IM		 124static void anon_pipe_buf_release(struct pipe_inode_info *pipe,
125 struct pipe_buffer *buf)
1da177e4
LT		 126{
127 struct page *page = buf->page;
128
5274f052
JA		 129 /*
130 * If nobody else uses this page, and we don't already have a
131 * temporary page, let's keep track of it as a one-deep
341b446b 132 * allocation cache. (Otherwise just release our reference to it)
5274f052 133 */
341b446b 134 if (page_count(page) == 1 && !pipe->tmp_page)
923f4f23 135 pipe->tmp_page = page;
341b446b 136 else
09cbfeaf 137 put_page(page);
1da177e4
LT		 138}
139
d86133bd
VD		 140static int anon_pipe_buf_steal(struct pipe_inode_info *pipe,
141 struct pipe_buffer *buf)
142{
143 struct page *page = buf->page;
144
145 if (page_count(page) == 1) {
60cd4bcd 146 memcg_kmem_uncharge(page, 0);
d86133bd
VD		 147 __SetPageLocked(page);
148 return 0;
149 }
150 return 1;
151}
152
0845718d 153/**
b51d63c6 154 * generic_pipe_buf_steal - attempt to take ownership of a &pipe_buffer
0845718d
JA		 155 * @pipe: the pipe that the buffer belongs to
156 * @buf: the buffer to attempt to steal
157 *
158 * Description:
b51d63c6 159 * This function attempts to steal the &struct page attached to
0845718d
JA		 160 * @buf. If successful, this function returns 0 and returns with
161 * the page locked. The caller may then reuse the page for whatever
b51d63c6 162 * he wishes; the typical use is insertion into a different file
0845718d
JA		 163 * page cache.
164 */
330ab716
JA		 165int generic_pipe_buf_steal(struct pipe_inode_info *pipe,
166 struct pipe_buffer *buf)
5abc97aa 167{
46e678c9
JA		 168 struct page *page = buf->page;
169
0845718d
JA		 170 /*
171 * A reference of one is golden, that means that the owner of this
172 * page is the only one holding a reference to it. lock the page
173 * and return OK.
174 */
46e678c9 175 if (page_count(page) == 1) {
46e678c9
JA		 176 lock_page(page);
177 return 0;
178 }
179
180 return 1;
5abc97aa 181}
51921cb7 182EXPORT_SYMBOL(generic_pipe_buf_steal);
5abc97aa 183
0845718d 184/**
b51d63c6 185 * generic_pipe_buf_get - get a reference to a &struct pipe_buffer
0845718d
JA		 186 * @pipe: the pipe that the buffer belongs to
187 * @buf: the buffer to get a reference to
188 *
189 * Description:
190 * This function grabs an extra reference to @buf. It's used in
191 * in the tee() system call, when we duplicate the buffers in one
192 * pipe into another.
193 */
15fab63e 194bool generic_pipe_buf_get(struct pipe_inode_info *pipe, struct pipe_buffer *buf)
70524490 195{
15fab63e 196 return try_get_page(buf->page);
70524490 197}
51921cb7 198EXPORT_SYMBOL(generic_pipe_buf_get);
70524490 199
0845718d
JA		 200/**
201 * generic_pipe_buf_confirm - verify contents of the pipe buffer
79685b8d 202 * @info: the pipe that the buffer belongs to
0845718d
JA		 203 * @buf: the buffer to confirm
204 *
205 * Description:
206 * This function does nothing, because the generic pipe code uses
207 * pages that are always good when inserted into the pipe.
208 */
cac36bb0
JA		 209int generic_pipe_buf_confirm(struct pipe_inode_info *info,
210 struct pipe_buffer *buf)
f84d7519
JA		 211{
212 return 0;
213}
51921cb7 214EXPORT_SYMBOL(generic_pipe_buf_confirm);
f84d7519 215
6818173b
MS		 216/**
217 * generic_pipe_buf_release - put a reference to a &struct pipe_buffer
218 * @pipe: the pipe that the buffer belongs to
219 * @buf: the buffer to put a reference to
220 *
221 * Description:
222 * This function releases a reference to @buf.
223 */
224void generic_pipe_buf_release(struct pipe_inode_info *pipe,
225 struct pipe_buffer *buf)
226{
09cbfeaf 227 put_page(buf->page);
6818173b 228}
51921cb7 229EXPORT_SYMBOL(generic_pipe_buf_release);
6818173b 230
01e7187b 231/* New data written to a pipe may be appended to a buffer with this type. */
d4c3cca9 232static const struct pipe_buf_operations anon_pipe_buf_ops = {
cac36bb0 233 .confirm = generic_pipe_buf_confirm,
1da177e4 234 .release = anon_pipe_buf_release,
d86133bd 235 .steal = anon_pipe_buf_steal,
f84d7519 236 .get = generic_pipe_buf_get,
1da177e4
LT		 237};
238
a0ce2f0a 239static const struct pipe_buf_operations anon_pipe_buf_nomerge_ops = {
cac36bb0 240 .confirm = generic_pipe_buf_confirm,
1da177e4 241 .release = anon_pipe_buf_release,
d86133bd 242 .steal = anon_pipe_buf_steal,
f84d7519 243 .get = generic_pipe_buf_get,
1da177e4
LT		 244};
245
9883035a 246static const struct pipe_buf_operations packet_pipe_buf_ops = {
9883035a
LT		 247 .confirm = generic_pipe_buf_confirm,
248 .release = anon_pipe_buf_release,
d86133bd 249 .steal = anon_pipe_buf_steal,
9883035a
LT		 250 .get = generic_pipe_buf_get,
251};
252
01e7187b
JH		 253/**
254 * pipe_buf_mark_unmergeable - mark a &struct pipe_buffer as unmergeable
255 * @buf: the buffer to mark
256 *
257 * Description:
258 * This function ensures that no future writes will be merged into the
259 * given &struct pipe_buffer. This is necessary when multiple pipe buffers
260 * share the same backing page.
261 */
a0ce2f0a
JH		 262void pipe_buf_mark_unmergeable(struct pipe_buffer *buf)
263{
264 if (buf->ops == &anon_pipe_buf_ops)
265 buf->ops = &anon_pipe_buf_nomerge_ops;
266}
267
01e7187b
JH		 268static bool pipe_buf_can_merge(struct pipe_buffer *buf)
269{
270 return buf->ops == &anon_pipe_buf_ops;
271}
272
1da177e4 273static ssize_t
fb9096a3 274pipe_read(struct kiocb *iocb, struct iov_iter *to)
1da177e4 275{
fb9096a3 276 size_t total_len = iov_iter_count(to);
ee0b3e67 277 struct file *filp = iocb->ki_filp;
de32ec4c 278 struct pipe_inode_info *pipe = filp->private_data;
f467a6a6 279 bool was_full;
1da177e4 280 ssize_t ret;
1da177e4 281
1da177e4
LT		 282 /* Null read succeeds. */
283 if (unlikely(total_len == 0))
284 return 0;
285
1da177e4 286 ret = 0;
ebec73f4 287 __pipe_lock(pipe);
f467a6a6
LT		 288
289 /*
290 * We only wake up writers if the pipe was full when we started
291 * reading in order to avoid unnecessary wakeups.
292 *
293 * But when we do wake up writers, we do so using a sync wakeup
294 * (WF_SYNC), because we want them to get going and generate more
295 * data for us.
296 */
297 was_full = pipe_full(pipe->head, pipe->tail, pipe->max_usage);
1da177e4 298 for (;;) {
8cefc107
DH		 299 unsigned int head = pipe->head;
300 unsigned int tail = pipe->tail;
301 unsigned int mask = pipe->ring_size - 1;
302
303 if (!pipe_empty(head, tail)) {
304 struct pipe_buffer *buf = &pipe->bufs[tail & mask];
1da177e4 305 size_t chars = buf->len;
637b58c2
AV		 306 size_t written;
307 int error;
1da177e4
LT		 308
309 if (chars > total_len)
310 chars = total_len;
311
fba597db 312 error = pipe_buf_confirm(pipe, buf);
f84d7519 313 if (error) {
5274f052 314 if (!ret)
e5953cbd 315 ret = error;
5274f052
JA		 316 break;
317 }
f84d7519 318
fb9096a3 319 written = copy_page_to_iter(buf->page, buf->offset, chars, to);
637b58c2 320 if (unlikely(written < chars)) {
341b446b 321 if (!ret)
637b58c2 322 ret = -EFAULT;
1da177e4
LT		 323 break;
324 }
325 ret += chars;
326 buf->offset += chars;
327 buf->len -= chars;
9883035a
LT		 328
329 /* Was it a packet buffer? Clean up and exit */
330 if (buf->flags & PIPE_BUF_FLAG_PACKET) {
331 total_len = chars;
332 buf->len = 0;
333 }
334
1da177e4 335 if (!buf->len) {
a779638c 336 pipe_buf_release(pipe, buf);
b667b867 337 spin_lock_irq(&pipe->wait.lock);
8cefc107
DH		 338 tail++;
339 pipe->tail = tail;
b667b867 340 spin_unlock_irq(&pipe->wait.lock);
1da177e4
LT		 341 }
342 total_len -= chars;
343 if (!total_len)
344 break; /* common path: read succeeded */
8cefc107
DH		 345 if (!pipe_empty(head, tail)) /* More to do? */
346 continue;
1da177e4 347 }
8cefc107 348
923f4f23 349 if (!pipe->writers)
1da177e4 350 break;
a28c8b9d
LT		 351 if (ret)
352 break;
353 if (filp->f_flags & O_NONBLOCK) {
354 ret = -EAGAIN;
355 break;
1da177e4
LT		 356 }
357 if (signal_pending(current)) {
341b446b
IM		 358 if (!ret)
359 ret = -ERESTARTSYS;
1da177e4
LT		 360 break;
361 }
f467a6a6
LT		 362 if (was_full) {
363 wake_up_interruptible_sync_poll(&pipe->wait, EPOLLOUT | EPOLLWRNORM);
364 kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
365 }
923f4f23 366 pipe_wait(pipe);
f467a6a6 367 was_full = pipe_full(pipe->head, pipe->tail, pipe->max_usage);
1da177e4 368 }
ebec73f4 369 __pipe_unlock(pipe);
341b446b 370
f467a6a6
LT		 371 if (was_full) {
372 wake_up_interruptible_sync_poll(&pipe->wait, EPOLLOUT | EPOLLWRNORM);
923f4f23 373 kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
1da177e4
LT		 374 }
375 if (ret > 0)
376 file_accessed(filp);
377 return ret;
378}
379
9883035a
LT		 380static inline int is_packetized(struct file *file)
381{
382 return (file->f_flags & O_DIRECT) != 0;
383}
384
1da177e4 385static ssize_t
f0d1bec9 386pipe_write(struct kiocb *iocb, struct iov_iter *from)
1da177e4 387{
ee0b3e67 388 struct file *filp = iocb->ki_filp;
de32ec4c 389 struct pipe_inode_info *pipe = filp->private_data;
8f868d68 390 unsigned int head;
f0d1bec9 391 ssize_t ret = 0;
f0d1bec9 392 size_t total_len = iov_iter_count(from);
1da177e4 393 ssize_t chars;
1b6b26ae 394 bool was_empty = false;
1da177e4 395
1da177e4
LT		 396 /* Null write succeeds. */
397 if (unlikely(total_len == 0))
398 return 0;
399
ebec73f4 400 __pipe_lock(pipe);
1da177e4 401
923f4f23 402 if (!pipe->readers) {
1da177e4
LT		 403 send_sig(SIGPIPE, current, 0);
404 ret = -EPIPE;
405 goto out;
406 }
407
1b6b26ae
LT		 408 /*
409 * Only wake up if the pipe started out empty, since
410 * otherwise there should be no readers waiting.
411 *
412 * If it wasn't empty we try to merge new data into
413 * the last buffer.
414 *
415 * That naturally merges small writes, but it also
416 * page-aligs the rest of the writes for large writes
417 * spanning multiple pages.
418 */
8cefc107 419 head = pipe->head;
1b6b26ae
LT		 420 was_empty = pipe_empty(head, pipe->tail);
421 chars = total_len & (PAGE_SIZE-1);
422 if (chars && !was_empty) {
8f868d68 423 unsigned int mask = pipe->ring_size - 1;
8cefc107 424 struct pipe_buffer *buf = &pipe->bufs[(head - 1) & mask];
1da177e4 425 int offset = buf->offset + buf->len;
341b446b 426
01e7187b 427 if (pipe_buf_can_merge(buf) && offset + chars <= PAGE_SIZE) {
fba597db 428 ret = pipe_buf_confirm(pipe, buf);
6ae08069 429 if (ret)
5274f052 430 goto out;
f84d7519 431
f0d1bec9
AV		 432 ret = copy_page_from_iter(buf->page, offset, chars, from);
433 if (unlikely(ret < chars)) {
6ae08069 434 ret = -EFAULT;
1da177e4 435 goto out;
f6762b7a 436 }
1b6b26ae 437
6ae08069 438 buf->len += ret;
f0d1bec9 439 if (!iov_iter_count(from))
1da177e4
LT		 440 goto out;
441 }
442 }
443
444 for (;;) {
923f4f23 445 if (!pipe->readers) {
1da177e4 446 send_sig(SIGPIPE, current, 0);
341b446b
IM		 447 if (!ret)
448 ret = -EPIPE;
1da177e4
LT		 449 break;
450 }
8cefc107 451
a194dfe6 452 head = pipe->head;
8f868d68
DH		 453 if (!pipe_full(head, pipe->tail, pipe->max_usage)) {
454 unsigned int mask = pipe->ring_size - 1;
8cefc107 455 struct pipe_buffer *buf = &pipe->bufs[head & mask];
923f4f23 456 struct page *page = pipe->tmp_page;
f0d1bec9 457 int copied;
1da177e4
LT		 458
459 if (!page) {
d86133bd 460 page = alloc_page(GFP_HIGHUSER | __GFP_ACCOUNT);
1da177e4
LT		 461 if (unlikely(!page)) {
462 ret = ret ? : -ENOMEM;
463 break;
464 }
923f4f23 465 pipe->tmp_page = page;
1da177e4 466 }
a194dfe6
DH		 467
468 /* Allocate a slot in the ring in advance and attach an
469 * empty buffer. If we fault or otherwise fail to use
470 * it, either the reader will consume it or it'll still
471 * be there for the next write.
472 */
473 spin_lock_irq(&pipe->wait.lock);
474
475 head = pipe->head;
8f868d68 476 if (pipe_full(head, pipe->tail, pipe->max_usage)) {
8df44129
DH		 477 spin_unlock_irq(&pipe->wait.lock);
478 continue;
479 }
480
a194dfe6 481 pipe->head = head + 1;
a194dfe6 482 spin_unlock_irq(&pipe->wait.lock);
1da177e4
LT		 483
484 /* Insert it into the buffer array */
a194dfe6 485 buf = &pipe->bufs[head & mask];
1da177e4
LT		 486 buf->page = page;
487 buf->ops = &anon_pipe_buf_ops;
488 buf->offset = 0;
a194dfe6 489 buf->len = 0;
9883035a
LT		 490 buf->flags = 0;
491 if (is_packetized(filp)) {
492 buf->ops = &packet_pipe_buf_ops;
493 buf->flags = PIPE_BUF_FLAG_PACKET;
494 }
923f4f23 495 pipe->tmp_page = NULL;
1da177e4 496
a194dfe6
DH		 497 copied = copy_page_from_iter(page, 0, PAGE_SIZE, from);
498 if (unlikely(copied < PAGE_SIZE && iov_iter_count(from))) {
499 if (!ret)
500 ret = -EFAULT;
501 break;
502 }
503 ret += copied;
504 buf->offset = 0;
505 buf->len = copied;
506
f0d1bec9 507 if (!iov_iter_count(from))
1da177e4
LT		 508 break;
509 }
8cefc107 510
8f868d68 511 if (!pipe_full(head, pipe->tail, pipe->max_usage))
1da177e4 512 continue;
8cefc107
DH		 513
514 /* Wait for buffer space to become available. */
1da177e4 515 if (filp->f_flags & O_NONBLOCK) {
341b446b
IM		 516 if (!ret)
517 ret = -EAGAIN;
1da177e4
LT		 518 break;
519 }
520 if (signal_pending(current)) {
341b446b
IM		 521 if (!ret)
522 ret = -ERESTARTSYS;
1da177e4
LT		 523 break;
524 }
1b6b26ae
LT		 525
526 /*
527 * We're going to release the pipe lock and wait for more
528 * space. We wake up any readers if necessary, and then
529 * after waiting we need to re-check whether the pipe
530 * become empty while we dropped the lock.
531 */
532 if (was_empty) {
533 wake_up_interruptible_sync_poll(&pipe->wait, EPOLLIN | EPOLLRDNORM);
534 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
535 }
923f4f23 536 pipe_wait(pipe);
1b6b26ae
LT		 537
538 was_empty = pipe_empty(head, pipe->tail);
1da177e4
LT		 539 }
540out:
ebec73f4 541 __pipe_unlock(pipe);
1b6b26ae
LT		 542
543 /*
544 * If we do do a wakeup event, we do a 'sync' wakeup, because we
545 * want the reader to start processing things asap, rather than
546 * leave the data pending.
547 *
548 * This is particularly important for small writes, because of
549 * how (for example) the GNU make jobserver uses small writes to
550 * wake up pending jobs
551 */
552 if (was_empty) {
553 wake_up_interruptible_sync_poll(&pipe->wait, EPOLLIN | EPOLLRDNORM);
923f4f23 554 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
1da177e4 555 }
7e775f46 556 if (ret > 0 && sb_start_write_trylock(file_inode(filp)->i_sb)) {
c3b2da31
JB		 557 int err = file_update_time(filp);
558 if (err)
559 ret = err;
7e775f46 560 sb_end_write(file_inode(filp)->i_sb);
c3b2da31 561 }
1da177e4
LT		 562 return ret;
563}
564
d59d0b1b 565static long pipe_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
1da177e4 566{
de32ec4c 567 struct pipe_inode_info *pipe = filp->private_data;
8cefc107 568 int count, head, tail, mask;
1da177e4
LT		 569
570 switch (cmd) {
571 case FIONREAD:
ebec73f4 572 __pipe_lock(pipe);
1da177e4 573 count = 0;
8cefc107
DH		 574 head = pipe->head;
575 tail = pipe->tail;
576 mask = pipe->ring_size - 1;
577
578 while (tail != head) {
579 count += pipe->bufs[tail & mask].len;
580 tail++;
1da177e4 581 }
ebec73f4 582 __pipe_unlock(pipe);
923f4f23 583
1da177e4
LT		 584 return put_user(count, (int __user *)arg);
585 default:
46ce341b 586 return -ENOIOCTLCMD;
1da177e4
LT		 587 }
588}
589
dd67081b 590/* No kernel lock held - fine */
a11e1d43
LT		 591static __poll_t
592pipe_poll(struct file *filp, poll_table *wait)
dd67081b 593{
a11e1d43 594 __poll_t mask;
dd67081b 595 struct pipe_inode_info *pipe = filp->private_data;
ad910e36 596 unsigned int head, tail;
a11e1d43 597
ad910e36
LT		 598 /*
599 * Reading only -- no need for acquiring the semaphore.
600 *
601 * But because this is racy, the code has to add the
602 * entry to the poll table _first_ ..
603 */
a11e1d43 604 poll_wait(filp, &pipe->wait, wait);
1da177e4 605
ad910e36
LT		 606 /*
607 * .. and only then can you do the racy tests. That way,
608 * if something changes and you got it wrong, the poll
609 * table entry will wake you up and fix it.
610 */
611 head = READ_ONCE(pipe->head);
612 tail = READ_ONCE(pipe->tail);
613
a11e1d43 614 mask = 0;
1da177e4 615 if (filp->f_mode & FMODE_READ) {
8cefc107
DH		 616 if (!pipe_empty(head, tail))
617 mask |= EPOLLIN | EPOLLRDNORM;
923f4f23 618 if (!pipe->writers && filp->f_version != pipe->w_counter)
a9a08845 619 mask |= EPOLLHUP;
1da177e4
LT		 620 }
621
622 if (filp->f_mode & FMODE_WRITE) {
6718b6f8 623 if (!pipe_full(head, tail, pipe->max_usage))
8cefc107 624 mask |= EPOLLOUT | EPOLLWRNORM;
5e5d7a22 625 /*
a9a08845 626 * Most Unices do not set EPOLLERR for FIFOs but on Linux they
5e5d7a22
PE		 627 * behave exactly like pipes for poll().
628 */
923f4f23 629 if (!pipe->readers)
a9a08845 630 mask |= EPOLLERR;
1da177e4
LT		 631 }
632
633 return mask;
634}
635
b0d8d229
LT		 636static void put_pipe_info(struct inode *inode, struct pipe_inode_info *pipe)
637{
638 int kill = 0;
639
640 spin_lock(&inode->i_lock);
641 if (!--pipe->files) {
642 inode->i_pipe = NULL;
643 kill = 1;
644 }
645 spin_unlock(&inode->i_lock);
646
647 if (kill)
648 free_pipe_info(pipe);
649}
650
1da177e4 651static int
599a0ac1 652pipe_release(struct inode *inode, struct file *file)
1da177e4 653{
b0d8d229 654 struct pipe_inode_info *pipe = file->private_data;
923f4f23 655
ebec73f4 656 __pipe_lock(pipe);
599a0ac1
AV		 657 if (file->f_mode & FMODE_READ)
658 pipe->readers--;
659 if (file->f_mode & FMODE_WRITE)
660 pipe->writers--;
341b446b 661
ba5bb147 662 if (pipe->readers || pipe->writers) {
a9a08845 663 wake_up_interruptible_sync_poll(&pipe->wait, EPOLLIN | EPOLLOUT | EPOLLRDNORM | EPOLLWRNORM | EPOLLERR | EPOLLHUP);
923f4f23
IM		 664 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
665 kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
1da177e4 666 }
ebec73f4 667 __pipe_unlock(pipe);
ba5bb147 668
b0d8d229 669 put_pipe_info(inode, pipe);
1da177e4
LT		 670 return 0;
671}
672
673static int
599a0ac1 674pipe_fasync(int fd, struct file *filp, int on)
1da177e4 675{
de32ec4c 676 struct pipe_inode_info *pipe = filp->private_data;
599a0ac1 677 int retval = 0;
1da177e4 678
ebec73f4 679 __pipe_lock(pipe);
599a0ac1
AV		 680 if (filp->f_mode & FMODE_READ)
681 retval = fasync_helper(fd, filp, on, &pipe->fasync_readers);
682 if ((filp->f_mode & FMODE_WRITE) && retval >= 0) {
341b446b 683 retval = fasync_helper(fd, filp, on, &pipe->fasync_writers);
599a0ac1
AV		 684 if (retval < 0 && (filp->f_mode & FMODE_READ))
685 /* this can happen only if on == T */
e5bc49ba
ON		 686 fasync_helper(-1, filp, 0, &pipe->fasync_readers);
687 }
ebec73f4 688 __pipe_unlock(pipe);
60aa4924 689 return retval;
1da177e4
LT		 690}
691
9c87bcf0 692static unsigned long account_pipe_buffers(struct user_struct *user,
759c0114
WT		 693 unsigned long old, unsigned long new)
694{
9c87bcf0 695 return atomic_long_add_return(new - old, &user->pipe_bufs);
759c0114
WT		 696}
697
9c87bcf0 698static bool too_many_pipe_buffers_soft(unsigned long user_bufs)
759c0114 699{
f7340761
EB		 700 unsigned long soft_limit = READ_ONCE(pipe_user_pages_soft);
701
702 return soft_limit && user_bufs > soft_limit;
759c0114
WT		 703}
704
9c87bcf0 705static bool too_many_pipe_buffers_hard(unsigned long user_bufs)
759c0114 706{
f7340761
EB		 707 unsigned long hard_limit = READ_ONCE(pipe_user_pages_hard);
708
709 return hard_limit && user_bufs > hard_limit;
759c0114
WT		 710}
711
85c2dd54
EB		 712static bool is_unprivileged_user(void)
713{
714 return !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN);
715}
716
7bee130e 717struct pipe_inode_info *alloc_pipe_info(void)
3a326a2c 718{
923f4f23 719 struct pipe_inode_info *pipe;
09b4d199
MK		 720 unsigned long pipe_bufs = PIPE_DEF_BUFFERS;
721 struct user_struct *user = get_current_user();
9c87bcf0 722 unsigned long user_bufs;
f7340761 723 unsigned int max_size = READ_ONCE(pipe_max_size);
3a326a2c 724
d86133bd 725 pipe = kzalloc(sizeof(struct pipe_inode_info), GFP_KERNEL_ACCOUNT);
09b4d199
MK		 726 if (pipe == NULL)
727 goto out_free_uid;
728
f7340761
EB		 729 if (pipe_bufs * PAGE_SIZE > max_size && !capable(CAP_SYS_RESOURCE))
730 pipe_bufs = max_size >> PAGE_SHIFT;
086e774a 731
9c87bcf0 732 user_bufs = account_pipe_buffers(user, 0, pipe_bufs);
a005ca0e 733
85c2dd54 734 if (too_many_pipe_buffers_soft(user_bufs) && is_unprivileged_user()) {
9c87bcf0 735 user_bufs = account_pipe_buffers(user, pipe_bufs, 1);
a005ca0e 736 pipe_bufs = 1;
09b4d199 737 }
759c0114 738
85c2dd54 739 if (too_many_pipe_buffers_hard(user_bufs) && is_unprivileged_user())
a005ca0e
MK		 740 goto out_revert_acct;
741
742 pipe->bufs = kcalloc(pipe_bufs, sizeof(struct pipe_buffer),
743 GFP_KERNEL_ACCOUNT);
744
09b4d199
MK		 745 if (pipe->bufs) {
746 init_waitqueue_head(&pipe->wait);
747 pipe->r_counter = pipe->w_counter = 1;
6718b6f8 748 pipe->max_usage = pipe_bufs;
8cefc107 749 pipe->ring_size = pipe_bufs;
09b4d199 750 pipe->user = user;
09b4d199
MK		 751 mutex_init(&pipe->mutex);
752 return pipe;
3a326a2c
IM		 753 }
754
a005ca0e 755out_revert_acct:
9c87bcf0 756 (void) account_pipe_buffers(user, pipe_bufs, 0);
09b4d199
MK		 757 kfree(pipe);
758out_free_uid:
759 free_uid(user);
35f3d14d 760 return NULL;
3a326a2c
IM		 761}
762
4b8a8f1e 763void free_pipe_info(struct pipe_inode_info *pipe)
1da177e4
LT		 764{
765 int i;
1da177e4 766
8cefc107 767 (void) account_pipe_buffers(pipe->user, pipe->ring_size, 0);
759c0114 768 free_uid(pipe->user);
8cefc107 769 for (i = 0; i < pipe->ring_size; i++) {
923f4f23 770 struct pipe_buffer *buf = pipe->bufs + i;
1da177e4 771 if (buf->ops)
a779638c 772 pipe_buf_release(pipe, buf);
1da177e4 773 }
923f4f23
IM		 774 if (pipe->tmp_page)
775 __free_page(pipe->tmp_page);
35f3d14d 776 kfree(pipe->bufs);
923f4f23 777 kfree(pipe);
1da177e4
LT		 778}
779
fa3536cc 780static struct vfsmount *pipe_mnt __read_mostly;
341b446b 781
c23fbb6b
ED		 782/*
783 * pipefs_dname() is called from d_path().
784 */
785static char *pipefs_dname(struct dentry *dentry, char *buffer, int buflen)
786{
787 return dynamic_dname(dentry, buffer, buflen, "pipe:[%lu]",
75c3cfa8 788 d_inode(dentry)->i_ino);
c23fbb6b
ED		 789}
790
3ba13d17 791static const struct dentry_operations pipefs_dentry_operations = {
c23fbb6b 792 .d_dname = pipefs_dname,
1da177e4
LT		 793};
794
795static struct inode * get_pipe_inode(void)
796{
a209dfc7 797 struct inode *inode = new_inode_pseudo(pipe_mnt->mnt_sb);
923f4f23 798 struct pipe_inode_info *pipe;
1da177e4
LT		 799
800 if (!inode)
801 goto fail_inode;
802
85fe4025
CH		 803 inode->i_ino = get_next_ino();
804
7bee130e 805 pipe = alloc_pipe_info();
923f4f23 806 if (!pipe)
1da177e4 807 goto fail_iput;
3a326a2c 808
ba5bb147
AV		 809 inode->i_pipe = pipe;
810 pipe->files = 2;
923f4f23 811 pipe->readers = pipe->writers = 1;
599a0ac1 812 inode->i_fop = &pipefifo_fops;
1da177e4
LT		 813
814 /*
815 * Mark the inode dirty from the very beginning,
816 * that way it will never be moved to the dirty
817 * list because "mark_inode_dirty()" will think
818 * that it already _is_ on the dirty list.
819 */
820 inode->i_state = I_DIRTY;
821 inode->i_mode = S_IFIFO | S_IRUSR | S_IWUSR;
da9592ed
DH		 822 inode->i_uid = current_fsuid();
823 inode->i_gid = current_fsgid();
078cd827 824 inode->i_atime = inode->i_mtime = inode->i_ctime = current_time(inode);
923f4f23 825
1da177e4
LT		 826 return inode;
827
828fail_iput:
829 iput(inode);
341b446b 830
1da177e4
LT		 831fail_inode:
832 return NULL;
833}
834
e4fad8e5 835int create_pipe_files(struct file **res, int flags)
1da177e4 836{
e4fad8e5 837 struct inode *inode = get_pipe_inode();
d6cbd281 838 struct file *f;
1da177e4 839
1da177e4 840 if (!inode)
e4fad8e5 841 return -ENFILE;
1da177e4 842
152b6372
AV		 843 f = alloc_file_pseudo(inode, pipe_mnt, "",
844 O_WRONLY | (flags & (O_NONBLOCK | O_DIRECT)),
845 &pipefifo_fops);
e9bb1f9b 846 if (IS_ERR(f)) {
152b6372
AV		 847 free_pipe_info(inode->i_pipe);
848 iput(inode);
849 return PTR_ERR(f);
e9bb1f9b 850 }
341b446b 851
de32ec4c 852 f->private_data = inode->i_pipe;
d6cbd281 853
183266f2
AV		 854 res[0] = alloc_file_clone(f, O_RDONLY | (flags & O_NONBLOCK),
855 &pipefifo_fops);
e9bb1f9b 856 if (IS_ERR(res[0])) {
b10a4a9f
AV		 857 put_pipe_info(inode, inode->i_pipe);
858 fput(f);
859 return PTR_ERR(res[0]);
e9bb1f9b 860 }
de32ec4c 861 res[0]->private_data = inode->i_pipe;
e4fad8e5 862 res[1] = f;
d8e464ec
LT		 863 stream_open(inode, res[0]);
864 stream_open(inode, res[1]);
e4fad8e5 865 return 0;
d6cbd281
AK		 866}
867
5b249b1b 868static int __do_pipe_flags(int *fd, struct file **files, int flags)
d6cbd281 869{
d6cbd281
AK		 870 int error;
871 int fdw, fdr;
872
9883035a 873 if (flags & ~(O_CLOEXEC | O_NONBLOCK | O_DIRECT))
ed8cae8b
UD		 874 return -EINVAL;
875
e4fad8e5
AV		 876 error = create_pipe_files(files, flags);
877 if (error)
878 return error;
d6cbd281 879
ed8cae8b 880 error = get_unused_fd_flags(flags);
d6cbd281
AK		 881 if (error < 0)
882 goto err_read_pipe;
883 fdr = error;
884
ed8cae8b 885 error = get_unused_fd_flags(flags);
d6cbd281
AK		 886 if (error < 0)
887 goto err_fdr;
888 fdw = error;
889
157cf649 890 audit_fd_pair(fdr, fdw);
d6cbd281
AK		 891 fd[0] = fdr;
892 fd[1] = fdw;
d6cbd281
AK		 893 return 0;
894
895 err_fdr:
896 put_unused_fd(fdr);
897 err_read_pipe:
e4fad8e5
AV		 898 fput(files[0]);
899 fput(files[1]);
d6cbd281 900 return error;
1da177e4
LT		 901}
902
5b249b1b
AV		 903int do_pipe_flags(int *fd, int flags)
904{
905 struct file *files[2];
906 int error = __do_pipe_flags(fd, files, flags);
907 if (!error) {
908 fd_install(fd[0], files[0]);
909 fd_install(fd[1], files[1]);
910 }
911 return error;
912}
913
d35c7b0e
UD		 914/*
915 * sys_pipe() is the normal C calling standard for creating
916 * a pipe. It's not the way Unix traditionally does this, though.
917 */
0a216dd1 918static int do_pipe2(int __user *fildes, int flags)
d35c7b0e 919{
5b249b1b 920 struct file *files[2];
d35c7b0e
UD		 921 int fd[2];
922 int error;
923
5b249b1b 924 error = __do_pipe_flags(fd, files, flags);
d35c7b0e 925 if (!error) {
5b249b1b
AV		 926 if (unlikely(copy_to_user(fildes, fd, sizeof(fd)))) {
927 fput(files[0]);
928 fput(files[1]);
929 put_unused_fd(fd[0]);
930 put_unused_fd(fd[1]);
d35c7b0e 931 error = -EFAULT;
5b249b1b
AV		 932 } else {
933 fd_install(fd[0], files[0]);
934 fd_install(fd[1], files[1]);
ba719bae 935 }
d35c7b0e
UD		 936 }
937 return error;
938}
939
0a216dd1
DB		 940SYSCALL_DEFINE2(pipe2, int __user *, fildes, int, flags)
941{
942 return do_pipe2(fildes, flags);
943}
944
2b664219 945SYSCALL_DEFINE1(pipe, int __user *, fildes)
ed8cae8b 946{
0a216dd1 947 return do_pipe2(fildes, 0);
ed8cae8b
UD		 948}
949
fc7478a2 950static int wait_for_partner(struct pipe_inode_info *pipe, unsigned int *cnt)
f776c738 951{
8cefc107 952 int cur = *cnt;
f776c738
AV		 953
954 while (cur == *cnt) {
fc7478a2 955 pipe_wait(pipe);
f776c738
AV		 956 if (signal_pending(current))
957 break;
958 }
959 return cur == *cnt ? -ERESTARTSYS : 0;
960}
961
fc7478a2 962static void wake_up_partner(struct pipe_inode_info *pipe)
f776c738 963{
fc7478a2 964 wake_up_interruptible(&pipe->wait);
f776c738
AV		 965}
966
967static int fifo_open(struct inode *inode, struct file *filp)
968{
969 struct pipe_inode_info *pipe;
599a0ac1 970 bool is_pipe = inode->i_sb->s_magic == PIPEFS_MAGIC;
f776c738
AV		 971 int ret;
972
ba5bb147
AV		 973 filp->f_version = 0;
974
975 spin_lock(&inode->i_lock);
976 if (inode->i_pipe) {
977 pipe = inode->i_pipe;
978 pipe->files++;
979 spin_unlock(&inode->i_lock);
980 } else {
981 spin_unlock(&inode->i_lock);
7bee130e 982 pipe = alloc_pipe_info();
f776c738 983 if (!pipe)
ba5bb147
AV		 984 return -ENOMEM;
985 pipe->files = 1;
986 spin_lock(&inode->i_lock);
987 if (unlikely(inode->i_pipe)) {
988 inode->i_pipe->files++;
989 spin_unlock(&inode->i_lock);
4b8a8f1e 990 free_pipe_info(pipe);
ba5bb147
AV		 991 pipe = inode->i_pipe;
992 } else {
993 inode->i_pipe = pipe;
994 spin_unlock(&inode->i_lock);
995 }
f776c738 996 }
de32ec4c 997 filp->private_data = pipe;
ba5bb147
AV		 998 /* OK, we have a pipe and it's pinned down */
999
ebec73f4 1000 __pipe_lock(pipe);
f776c738
AV		 1001
1002 /* We can only do regular read/write on fifos */
d8e464ec 1003 stream_open(inode, filp);
f776c738 1004
d8e464ec 1005 switch (filp->f_mode & (FMODE_READ | FMODE_WRITE)) {
f776c738
AV		 1006 case FMODE_READ:
1007 /*
1008 * O_RDONLY
1009 * POSIX.1 says that O_NONBLOCK means return with the FIFO
1010 * opened, even when there is no process writing the FIFO.
1011 */
f776c738
AV		 1012 pipe->r_counter++;
1013 if (pipe->readers++ == 0)
fc7478a2 1014 wake_up_partner(pipe);
f776c738 1015
599a0ac1 1016 if (!is_pipe && !pipe->writers) {
f776c738 1017 if ((filp->f_flags & O_NONBLOCK)) {
a9a08845 1018 /* suppress EPOLLHUP until we have
f776c738
AV		 1019 * seen a writer */
1020 filp->f_version = pipe->w_counter;
1021 } else {
fc7478a2 1022 if (wait_for_partner(pipe, &pipe->w_counter))
f776c738
AV		 1023 goto err_rd;
1024 }
1025 }
1026 break;
8cefc107 1027
f776c738
AV		 1028 case FMODE_WRITE:
1029 /*
1030 * O_WRONLY
1031 * POSIX.1 says that O_NONBLOCK means return -1 with
1032 * errno=ENXIO when there is no process reading the FIFO.
1033 */
1034 ret = -ENXIO;
599a0ac1 1035 if (!is_pipe && (filp->f_flags & O_NONBLOCK) && !pipe->readers)
f776c738
AV		 1036 goto err;
1037
f776c738
AV		 1038 pipe->w_counter++;
1039 if (!pipe->writers++)
fc7478a2 1040 wake_up_partner(pipe);
f776c738 1041
599a0ac1 1042 if (!is_pipe && !pipe->readers) {
fc7478a2 1043 if (wait_for_partner(pipe, &pipe->r_counter))
f776c738
AV		 1044 goto err_wr;
1045 }
1046 break;
8cefc107 1047
f776c738
AV		 1048 case FMODE_READ | FMODE_WRITE:
1049 /*
1050 * O_RDWR
1051 * POSIX.1 leaves this case "undefined" when O_NONBLOCK is set.
1052 * This implementation will NEVER block on a O_RDWR open, since
1053 * the process can at least talk to itself.
1054 */
f776c738
AV		 1055
1056 pipe->readers++;
1057 pipe->writers++;
1058 pipe->r_counter++;
1059 pipe->w_counter++;
1060 if (pipe->readers == 1 || pipe->writers == 1)
fc7478a2 1061 wake_up_partner(pipe);
f776c738
AV		 1062 break;
1063
1064 default:
1065 ret = -EINVAL;
1066 goto err;
1067 }
1068
1069 /* Ok! */
ebec73f4 1070 __pipe_unlock(pipe);
f776c738
AV		 1071 return 0;
1072
1073err_rd:
1074 if (!--pipe->readers)
1075 wake_up_interruptible(&pipe->wait);
1076 ret = -ERESTARTSYS;
1077 goto err;
1078
1079err_wr:
1080 if (!--pipe->writers)
1081 wake_up_interruptible(&pipe->wait);
1082 ret = -ERESTARTSYS;
1083 goto err;
1084
1085err:
ebec73f4 1086 __pipe_unlock(pipe);
b0d8d229
LT		 1087
1088 put_pipe_info(inode, pipe);
f776c738
AV		 1089 return ret;
1090}
1091
599a0ac1
AV		 1092const struct file_operations pipefifo_fops = {
1093 .open = fifo_open,
1094 .llseek = no_llseek,
fb9096a3 1095 .read_iter = pipe_read,
f0d1bec9 1096 .write_iter = pipe_write,
a11e1d43 1097 .poll = pipe_poll,
599a0ac1
AV		 1098 .unlocked_ioctl = pipe_ioctl,
1099 .release = pipe_release,
1100 .fasync = pipe_fasync,
f776c738
AV		 1101};
1102
f491bd71
MK		 1103/*
1104 * Currently we rely on the pipe array holding a power-of-2 number
d3f14c48 1105 * of pages. Returns 0 on error.
f491bd71 1106 */
96e99be4 1107unsigned int round_pipe_size(unsigned long size)
f491bd71 1108{
c4fed5a9 1109 if (size > (1U << 31))
96e99be4
EB		 1110 return 0;
1111
4c2e4bef
EB		 1112 /* Minimum pipe size, as required by POSIX */
1113 if (size < PAGE_SIZE)
c4fed5a9 1114 return PAGE_SIZE;
d3f14c48 1115
c4fed5a9 1116 return roundup_pow_of_two(size);
f491bd71
MK		 1117}
1118
35f3d14d
JA		 1119/*
1120 * Allocate a new array of pipe buffers and copy the info over. Returns the
1121 * pipe size if successful, or return -ERROR on error.
1122 */
d37d4166 1123static long pipe_set_size(struct pipe_inode_info *pipe, unsigned long arg)
35f3d14d
JA		 1124{
1125 struct pipe_buffer *bufs;
8cefc107 1126 unsigned int size, nr_slots, head, tail, mask, n;
9c87bcf0 1127 unsigned long user_bufs;
b0b91d18 1128 long ret = 0;
d37d4166
MK		 1129
1130 size = round_pipe_size(arg);
8cefc107 1131 nr_slots = size >> PAGE_SHIFT;
d37d4166 1132
8cefc107 1133 if (!nr_slots)
d37d4166
MK		 1134 return -EINVAL;
1135
b0b91d18
MK		 1136 /*
1137 * If trying to increase the pipe capacity, check that an
1138 * unprivileged user is not trying to exceed various limits
1139 * (soft limit check here, hard limit check just below).
1140 * Decreasing the pipe capacity is always permitted, even
1141 * if the user is currently over a limit.
1142 */
8cefc107 1143 if (nr_slots > pipe->ring_size &&
b0b91d18 1144 size > pipe_max_size && !capable(CAP_SYS_RESOURCE))
d37d4166
MK		 1145 return -EPERM;
1146
8cefc107 1147 user_bufs = account_pipe_buffers(pipe->user, pipe->ring_size, nr_slots);
b0b91d18 1148
8cefc107 1149 if (nr_slots > pipe->ring_size &&
9c87bcf0
MK		 1150 (too_many_pipe_buffers_hard(user_bufs) ||
1151 too_many_pipe_buffers_soft(user_bufs)) &&
85c2dd54 1152 is_unprivileged_user()) {
b0b91d18
MK		 1153 ret = -EPERM;
1154 goto out_revert_acct;
1155 }
35f3d14d 1156
35f3d14d 1157 /*
8cefc107
DH		 1158 * We can shrink the pipe, if arg is greater than the ring occupancy.
1159 * Since we don't expect a lot of shrink+grow operations, just free and
1160 * allocate again like we would do for growing. If the pipe currently
35f3d14d
JA		 1161 * contains more buffers than arg, then return busy.
1162 */
8cefc107
DH		 1163 mask = pipe->ring_size - 1;
1164 head = pipe->head;
1165 tail = pipe->tail;
1166 n = pipe_occupancy(pipe->head, pipe->tail);
1167 if (nr_slots < n) {
b0b91d18
MK		 1168 ret = -EBUSY;
1169 goto out_revert_acct;
1170 }
35f3d14d 1171
8cefc107 1172 bufs = kcalloc(nr_slots, sizeof(*bufs),
d86133bd 1173 GFP_KERNEL_ACCOUNT | __GFP_NOWARN);
b0b91d18
MK		 1174 if (unlikely(!bufs)) {
1175 ret = -ENOMEM;
1176 goto out_revert_acct;
1177 }
35f3d14d
JA		 1178
1179 /*
1180 * The pipe array wraps around, so just start the new one at zero
8cefc107 1181 * and adjust the indices.
35f3d14d 1182 */
8cefc107
DH		 1183 if (n > 0) {
1184 unsigned int h = head & mask;
1185 unsigned int t = tail & mask;
1186 if (h > t) {
1187 memcpy(bufs, pipe->bufs + t,
1188 n * sizeof(struct pipe_buffer));
1189 } else {
1190 unsigned int tsize = pipe->ring_size - t;
1191 if (h > 0)
1192 memcpy(bufs + tsize, pipe->bufs,
1193 h * sizeof(struct pipe_buffer));
1194 memcpy(bufs, pipe->bufs + t,
1195 tsize * sizeof(struct pipe_buffer));
1196 }
35f3d14d
JA		 1197 }
1198
8cefc107
DH		 1199 head = n;
1200 tail = 0;
1201
35f3d14d
JA		 1202 kfree(pipe->bufs);
1203 pipe->bufs = bufs;
8cefc107 1204 pipe->ring_size = nr_slots;
6718b6f8 1205 pipe->max_usage = nr_slots;
8cefc107
DH		 1206 pipe->tail = tail;
1207 pipe->head = head;
8c7b8c34 1208 wake_up_interruptible_all(&pipe->wait);
6718b6f8 1209 return pipe->max_usage * PAGE_SIZE;
b0b91d18
MK		 1210
1211out_revert_acct:
8cefc107 1212 (void) account_pipe_buffers(pipe->user, nr_slots, pipe->ring_size);
b0b91d18 1213 return ret;
35f3d14d
JA		 1214}
1215
72083646
LT		 1216/*
1217 * After the inode slimming patch, i_pipe/i_bdev/i_cdev share the same
1218 * location, so checking ->i_pipe is not enough to verify that this is a
1219 * pipe.
1220 */
1221struct pipe_inode_info *get_pipe_info(struct file *file)
1222{
de32ec4c 1223 return file->f_op == &pipefifo_fops ? file->private_data : NULL;
72083646
LT		 1224}
1225
35f3d14d
JA		 1226long pipe_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
1227{
1228 struct pipe_inode_info *pipe;
1229 long ret;
1230
c66fb347 1231 pipe = get_pipe_info(file);
35f3d14d
JA		 1232 if (!pipe)
1233 return -EBADF;
1234
ebec73f4 1235 __pipe_lock(pipe);
35f3d14d
JA		 1236
1237 switch (cmd) {
d37d4166
MK		 1238 case F_SETPIPE_SZ:
1239 ret = pipe_set_size(pipe, arg);
35f3d14d
JA		 1240 break;
1241 case F_GETPIPE_SZ:
6718b6f8 1242 ret = pipe->max_usage * PAGE_SIZE;
35f3d14d
JA		 1243 break;
1244 default:
1245 ret = -EINVAL;
1246 break;
1247 }
1248
ebec73f4 1249 __pipe_unlock(pipe);
35f3d14d
JA		 1250 return ret;
1251}
1252
ff0c7d15
NP		 1253static const struct super_operations pipefs_ops = {
1254 .destroy_inode = free_inode_nonrcu,
d70ef97b 1255 .statfs = simple_statfs,
ff0c7d15
NP		 1256};
1257
1da177e4
LT		 1258/*
1259 * pipefs should _never_ be mounted by userland - too much of security hassle,
1260 * no real gain from having the whole whorehouse mounted. So we don't need
1261 * any operations on the root directory. However, we need a non-trivial
1262 * d_name - pipe: will go nicely and kill the special-casing in procfs.
1263 */
4fa7ec5d
DH		 1264
1265static int pipefs_init_fs_context(struct fs_context *fc)
1da177e4 1266{
4fa7ec5d
DH		 1267 struct pseudo_fs_context *ctx = init_pseudo(fc, PIPEFS_MAGIC);
1268 if (!ctx)
1269 return -ENOMEM;
1270 ctx->ops = &pipefs_ops;
1271 ctx->dops = &pipefs_dentry_operations;
1272 return 0;
1da177e4
LT		 1273}
1274
1275static struct file_system_type pipe_fs_type = {
1276 .name = "pipefs",
4fa7ec5d 1277 .init_fs_context = pipefs_init_fs_context,
1da177e4
LT		 1278 .kill_sb = kill_anon_super,
1279};
1280
1281static int __init init_pipe_fs(void)
1282{
1283 int err = register_filesystem(&pipe_fs_type);
341b446b 1284
1da177e4
LT		 1285 if (!err) {
1286 pipe_mnt = kern_mount(&pipe_fs_type);
1287 if (IS_ERR(pipe_mnt)) {
1288 err = PTR_ERR(pipe_mnt);
1289 unregister_filesystem(&pipe_fs_type);
1290 }
1291 }
1292 return err;
1293}
1294
1da177e4 1295fs_initcall(init_pipe_fs);
Ubuntu Hirsute Linux kernel mirror