]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blob - fs/splice.c
projects / mirror_ubuntu-artful-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
[PATCH] splice: fix bugs with stealing regular pipe pages
[mirror_ubuntu-artful-kernel.git] / fs / splice.c
1 /*
2 * "splice": joining two ropes together by interweaving their strands.
3 *
4 * This is the "extended pipe" functionality, where a pipe is used as
5 * an arbitrary in-memory buffer. Think of a pipe as a small kernel
6 * buffer that you can use to transfer data from one end to the other.
7 *
8 * The traditional unix read/write is extended with a "splice()" operation
9 * that transfers data buffers to or from a pipe buffer.
10 *
11 * Named by Larry McVoy, original implementation from Linus, extended by
12 * Jens to support splicing to files, network, direct splicing, etc and
13 * fixing lots of bugs.
14 *
15 * Copyright (C) 2005-2006 Jens Axboe <axboe@suse.de>
16 * Copyright (C) 2005-2006 Linus Torvalds <torvalds@osdl.org>
17 * Copyright (C) 2006 Ingo Molnar <mingo@elte.hu>
18 *
19 */
20 #include <linux/fs.h>
21 #include <linux/file.h>
22 #include <linux/pagemap.h>
23 #include <linux/pipe_fs_i.h>
24 #include <linux/mm_inline.h>
25 #include <linux/swap.h>
26 #include <linux/writeback.h>
27 #include <linux/buffer_head.h>
28 #include <linux/module.h>
29 #include <linux/syscalls.h>
30 #include <linux/uio.h>
31
32 struct partial_page {
33 unsigned int offset;
34 unsigned int len;
35 };
36
37 /*
38 * Passed to splice_to_pipe
39 */
40 struct splice_pipe_desc {
41 struct page **pages; /* page map */
42 struct partial_page *partial; /* pages[] may not be contig */
43 int nr_pages; /* number of pages in map */
44 unsigned int flags; /* splice flags */
45 struct pipe_buf_operations *ops;/* ops associated with output pipe */
46 };
47
48 /*
49 * Attempt to steal a page from a pipe buffer. This should perhaps go into
50 * a vm helper function, it's already simplified quite a bit by the
51 * addition of remove_mapping(). If success is returned, the caller may
52 * attempt to reuse this page for another destination.
53 */
54 static int page_cache_pipe_buf_steal(struct pipe_inode_info *info,
55 struct pipe_buffer *buf)
56 {
57 struct page *page = buf->page;
58 struct address_space *mapping = page_mapping(page);
59
60 lock_page(page);
61
62 WARN_ON(!PageUptodate(page));
63
64 /*
65 * At least for ext2 with nobh option, we need to wait on writeback
66 * completing on this page, since we'll remove it from the pagecache.
67 * Otherwise truncate wont wait on the page, allowing the disk
68 * blocks to be reused by someone else before we actually wrote our
69 * data to them. fs corruption ensues.
70 */
71 wait_on_page_writeback(page);
72
73 if (PagePrivate(page))
74 try_to_release_page(page, mapping_gfp_mask(mapping));
75
76 if (!remove_mapping(mapping, page)) {
77 unlock_page(page);
78 return 1;
79 }
80
81 buf->flags |= PIPE_BUF_FLAG_STOLEN | PIPE_BUF_FLAG_LRU;
82 return 0;
83 }
84
85 static void page_cache_pipe_buf_release(struct pipe_inode_info *info,
86 struct pipe_buffer *buf)
87 {
88 page_cache_release(buf->page);
89 buf->page = NULL;
90 buf->flags &= ~(PIPE_BUF_FLAG_STOLEN | PIPE_BUF_FLAG_LRU);
91 }
92
93 static void *page_cache_pipe_buf_map(struct file *file,
94 struct pipe_inode_info *info,
95 struct pipe_buffer *buf)
96 {
97 struct page *page = buf->page;
98 int err;
99
100 if (!PageUptodate(page)) {
101 lock_page(page);
102
103 /*
104 * Page got truncated/unhashed. This will cause a 0-byte
105 * splice, if this is the first page.
106 */
107 if (!page->mapping) {
108 err = -ENODATA;
109 goto error;
110 }
111
112 /*
113 * Uh oh, read-error from disk.
114 */
115 if (!PageUptodate(page)) {
116 err = -EIO;
117 goto error;
118 }
119
120 /*
121 * Page is ok afterall, fall through to mapping.
122 */
123 unlock_page(page);
124 }
125
126 return kmap(page);
127 error:
128 unlock_page(page);
129 return ERR_PTR(err);
130 }
131
132 static void page_cache_pipe_buf_unmap(struct pipe_inode_info *info,
133 struct pipe_buffer *buf)
134 {
135 kunmap(buf->page);
136 }
137
138 static void *user_page_pipe_buf_map(struct file *file,
139 struct pipe_inode_info *pipe,
140 struct pipe_buffer *buf)
141 {
142 return kmap(buf->page);
143 }
144
145 static void user_page_pipe_buf_unmap(struct pipe_inode_info *pipe,
146 struct pipe_buffer *buf)
147 {
148 kunmap(buf->page);
149 }
150
151 static void page_cache_pipe_buf_get(struct pipe_inode_info *info,
152 struct pipe_buffer *buf)
153 {
154 page_cache_get(buf->page);
155 }
156
157 static struct pipe_buf_operations page_cache_pipe_buf_ops = {
158 .can_merge = 0,
159 .map = page_cache_pipe_buf_map,
160 .unmap = page_cache_pipe_buf_unmap,
161 .release = page_cache_pipe_buf_release,
162 .steal = page_cache_pipe_buf_steal,
163 .get = page_cache_pipe_buf_get,
164 };
165
166 static int user_page_pipe_buf_steal(struct pipe_inode_info *pipe,
167 struct pipe_buffer *buf)
168 {
169 return 1;
170 }
171
172 static struct pipe_buf_operations user_page_pipe_buf_ops = {
173 .can_merge = 0,
174 .map = user_page_pipe_buf_map,
175 .unmap = user_page_pipe_buf_unmap,
176 .release = page_cache_pipe_buf_release,
177 .steal = user_page_pipe_buf_steal,
178 .get = page_cache_pipe_buf_get,
179 };
180
181 /*
182 * Pipe output worker. This sets up our pipe format with the page cache
183 * pipe buffer operations. Otherwise very similar to the regular pipe_writev().
184 */
185 static ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
186 struct splice_pipe_desc *spd)
187 {
188 int ret, do_wakeup, page_nr;
189
190 ret = 0;
191 do_wakeup = 0;
192 page_nr = 0;
193
194 if (pipe->inode)
195 mutex_lock(&pipe->inode->i_mutex);
196
197 for (;;) {
198 if (!pipe->readers) {
199 send_sig(SIGPIPE, current, 0);
200 if (!ret)
201 ret = -EPIPE;
202 break;
203 }
204
205 if (pipe->nrbufs < PIPE_BUFFERS) {
206 int newbuf = (pipe->curbuf + pipe->nrbufs) & (PIPE_BUFFERS - 1);
207 struct pipe_buffer *buf = pipe->bufs + newbuf;
208
209 buf->page = spd->pages[page_nr];
210 buf->offset = spd->partial[page_nr].offset;
211 buf->len = spd->partial[page_nr].len;
212 buf->ops = spd->ops;
213 pipe->nrbufs++;
214 page_nr++;
215 ret += buf->len;
216
217 if (pipe->inode)
218 do_wakeup = 1;
219
220 if (!--spd->nr_pages)
221 break;
222 if (pipe->nrbufs < PIPE_BUFFERS)
223 continue;
224
225 break;
226 }
227
228 if (spd->flags & SPLICE_F_NONBLOCK) {
229 if (!ret)
230 ret = -EAGAIN;
231 break;
232 }
233
234 if (signal_pending(current)) {
235 if (!ret)
236 ret = -ERESTARTSYS;
237 break;
238 }
239
240 if (do_wakeup) {
241 smp_mb();
242 if (waitqueue_active(&pipe->wait))
243 wake_up_interruptible_sync(&pipe->wait);
244 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
245 do_wakeup = 0;
246 }
247
248 pipe->waiting_writers++;
249 pipe_wait(pipe);
250 pipe->waiting_writers--;
251 }
252
253 if (pipe->inode)
254 mutex_unlock(&pipe->inode->i_mutex);
255
256 if (do_wakeup) {
257 smp_mb();
258 if (waitqueue_active(&pipe->wait))
259 wake_up_interruptible(&pipe->wait);
260 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
261 }
262
263 while (page_nr < spd->nr_pages)
264 page_cache_release(spd->pages[page_nr++]);
265
266 return ret;
267 }
268
269 static int
270 __generic_file_splice_read(struct file *in, loff_t *ppos,
271 struct pipe_inode_info *pipe, size_t len,
272 unsigned int flags)
273 {
274 struct address_space *mapping = in->f_mapping;
275 unsigned int loff, nr_pages;
276 struct page *pages[PIPE_BUFFERS];
277 struct partial_page partial[PIPE_BUFFERS];
278 struct page *page;
279 pgoff_t index, end_index;
280 loff_t isize;
281 size_t total_len;
282 int error, page_nr;
283 struct splice_pipe_desc spd = {
284 .pages = pages,
285 .partial = partial,
286 .flags = flags,
287 .ops = &page_cache_pipe_buf_ops,
288 };
289
290 index = *ppos >> PAGE_CACHE_SHIFT;
291 loff = *ppos & ~PAGE_CACHE_MASK;
292 nr_pages = (len + loff + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
293
294 if (nr_pages > PIPE_BUFFERS)
295 nr_pages = PIPE_BUFFERS;
296
297 /*
298 * Initiate read-ahead on this page range. however, don't call into
299 * read-ahead if this is a non-zero offset (we are likely doing small
300 * chunk splice and the page is already there) for a single page.
301 */
302 if (!loff || nr_pages > 1)
303 page_cache_readahead(mapping, &in->f_ra, in, index, nr_pages);
304
305 /*
306 * Now fill in the holes:
307 */
308 error = 0;
309 total_len = 0;
310
311 /*
312 * Lookup the (hopefully) full range of pages we need.
313 */
314 spd.nr_pages = find_get_pages_contig(mapping, index, nr_pages, pages);
315
316 /*
317 * If find_get_pages_contig() returned fewer pages than we needed,
318 * allocate the rest.
319 */
320 index += spd.nr_pages;
321 while (spd.nr_pages < nr_pages) {
322 /*
323 * Page could be there, find_get_pages_contig() breaks on
324 * the first hole.
325 */
326 page = find_get_page(mapping, index);
327 if (!page) {
328 /*
329 * page didn't exist, allocate one.
330 */
331 page = page_cache_alloc_cold(mapping);
332 if (!page)
333 break;
334
335 error = add_to_page_cache_lru(page, mapping, index,
336 mapping_gfp_mask(mapping));
337 if (unlikely(error)) {
338 page_cache_release(page);
339 break;
340 }
341 /*
342 * add_to_page_cache() locks the page, unlock it
343 * to avoid convoluting the logic below even more.
344 */
345 unlock_page(page);
346 }
347
348 pages[spd.nr_pages++] = page;
349 index++;
350 }
351
352 /*
353 * Now loop over the map and see if we need to start IO on any
354 * pages, fill in the partial map, etc.
355 */
356 index = *ppos >> PAGE_CACHE_SHIFT;
357 nr_pages = spd.nr_pages;
358 spd.nr_pages = 0;
359 for (page_nr = 0; page_nr < nr_pages; page_nr++) {
360 unsigned int this_len;
361
362 if (!len)
363 break;
364
365 /*
366 * this_len is the max we'll use from this page
367 */
368 this_len = min_t(unsigned long, len, PAGE_CACHE_SIZE - loff);
369 page = pages[page_nr];
370
371 /*
372 * If the page isn't uptodate, we may need to start io on it
373 */
374 if (!PageUptodate(page)) {
375 /*
376 * If in nonblock mode then dont block on waiting
377 * for an in-flight io page
378 */
379 if (flags & SPLICE_F_NONBLOCK)
380 break;
381
382 lock_page(page);
383
384 /*
385 * page was truncated, stop here. if this isn't the
386 * first page, we'll just complete what we already
387 * added
388 */
389 if (!page->mapping) {
390 unlock_page(page);
391 break;
392 }
393 /*
394 * page was already under io and is now done, great
395 */
396 if (PageUptodate(page)) {
397 unlock_page(page);
398 goto fill_it;
399 }
400
401 /*
402 * need to read in the page
403 */
404 error = mapping->a_ops->readpage(in, page);
405 if (unlikely(error)) {
406 /*
407 * We really should re-lookup the page here,
408 * but it complicates things a lot. Instead
409 * lets just do what we already stored, and
410 * we'll get it the next time we are called.
411 */
412 if (error == AOP_TRUNCATED_PAGE)
413 error = 0;
414
415 break;
416 }
417
418 /*
419 * i_size must be checked after ->readpage().
420 */
421 isize = i_size_read(mapping->host);
422 end_index = (isize - 1) >> PAGE_CACHE_SHIFT;
423 if (unlikely(!isize || index > end_index))
424 break;
425
426 /*
427 * if this is the last page, see if we need to shrink
428 * the length and stop
429 */
430 if (end_index == index) {
431 loff = PAGE_CACHE_SIZE - (isize & ~PAGE_CACHE_MASK);
432 if (total_len + loff > isize)
433 break;
434 /*
435 * force quit after adding this page
436 */
437 len = this_len;
438 this_len = min(this_len, loff);
439 loff = 0;
440 }
441 }
442 fill_it:
443 partial[page_nr].offset = loff;
444 partial[page_nr].len = this_len;
445 len -= this_len;
446 total_len += this_len;
447 loff = 0;
448 spd.nr_pages++;
449 index++;
450 }
451
452 /*
453 * Release any pages at the end, if we quit early. 'i' is how far
454 * we got, 'nr_pages' is how many pages are in the map.
455 */
456 while (page_nr < nr_pages)
457 page_cache_release(pages[page_nr++]);
458
459 if (spd.nr_pages)
460 return splice_to_pipe(pipe, &spd);
461
462 return error;
463 }
464
465 /**
466 * generic_file_splice_read - splice data from file to a pipe
467 * @in: file to splice from
468 * @pipe: pipe to splice to
469 * @len: number of bytes to splice
470 * @flags: splice modifier flags
471 *
472 * Will read pages from given file and fill them into a pipe.
473 */
474 ssize_t generic_file_splice_read(struct file *in, loff_t *ppos,
475 struct pipe_inode_info *pipe, size_t len,
476 unsigned int flags)
477 {
478 ssize_t spliced;
479 int ret;
480
481 ret = 0;
482 spliced = 0;
483
484 while (len) {
485 ret = __generic_file_splice_read(in, ppos, pipe, len, flags);
486
487 if (ret < 0)
488 break;
489 else if (!ret) {
490 if (spliced)
491 break;
492 if (flags & SPLICE_F_NONBLOCK) {
493 ret = -EAGAIN;
494 break;
495 }
496 }
497
498 *ppos += ret;
499 len -= ret;
500 spliced += ret;
501 }
502
503 if (spliced)
504 return spliced;
505
506 return ret;
507 }
508
509 EXPORT_SYMBOL(generic_file_splice_read);
510
511 /*
512 * Send 'sd->len' bytes to socket from 'sd->file' at position 'sd->pos'
513 * using sendpage(). Return the number of bytes sent.
514 */
515 static int pipe_to_sendpage(struct pipe_inode_info *info,
516 struct pipe_buffer *buf, struct splice_desc *sd)
517 {
518 struct file *file = sd->file;
519 loff_t pos = sd->pos;
520 ssize_t ret;
521 void *ptr;
522 int more;
523
524 /*
525 * Sub-optimal, but we are limited by the pipe ->map. We don't
526 * need a kmap'ed buffer here, we just want to make sure we
527 * have the page pinned if the pipe page originates from the
528 * page cache.
529 */
530 ptr = buf->ops->map(file, info, buf);
531 if (IS_ERR(ptr))
532 return PTR_ERR(ptr);
533
534 more = (sd->flags & SPLICE_F_MORE) || sd->len < sd->total_len;
535
536 ret = file->f_op->sendpage(file, buf->page, buf->offset, sd->len,
537 &pos, more);
538
539 buf->ops->unmap(info, buf);
540 return ret;
541 }
542
543 /*
544 * This is a little more tricky than the file -> pipe splicing. There are
545 * basically three cases:
546 *
547 * - Destination page already exists in the address space and there
548 * are users of it. For that case we have no other option that
549 * copying the data. Tough luck.
550 * - Destination page already exists in the address space, but there
551 * are no users of it. Make sure it's uptodate, then drop it. Fall
552 * through to last case.
553 * - Destination page does not exist, we can add the pipe page to
554 * the page cache and avoid the copy.
555 *
556 * If asked to move pages to the output file (SPLICE_F_MOVE is set in
557 * sd->flags), we attempt to migrate pages from the pipe to the output
558 * file address space page cache. This is possible if no one else has
559 * the pipe page referenced outside of the pipe and page cache. If
560 * SPLICE_F_MOVE isn't set, or we cannot move the page, we simply create
561 * a new page in the output file page cache and fill/dirty that.
562 */
563 static int pipe_to_file(struct pipe_inode_info *info, struct pipe_buffer *buf,
564 struct splice_desc *sd)
565 {
566 struct file *file = sd->file;
567 struct address_space *mapping = file->f_mapping;
568 gfp_t gfp_mask = mapping_gfp_mask(mapping);
569 unsigned int offset, this_len;
570 struct page *page;
571 pgoff_t index;
572 char *src;
573 int ret;
574
575 /*
576 * make sure the data in this buffer is uptodate
577 */
578 src = buf->ops->map(file, info, buf);
579 if (IS_ERR(src))
580 return PTR_ERR(src);
581
582 index = sd->pos >> PAGE_CACHE_SHIFT;
583 offset = sd->pos & ~PAGE_CACHE_MASK;
584
585 this_len = sd->len;
586 if (this_len + offset > PAGE_CACHE_SIZE)
587 this_len = PAGE_CACHE_SIZE - offset;
588
589 /*
590 * Reuse buf page, if SPLICE_F_MOVE is set.
591 */
592 if (sd->flags & SPLICE_F_MOVE) {
593 /*
594 * If steal succeeds, buf->page is now pruned from the vm
595 * side (LRU and page cache) and we can reuse it. The page
596 * will also be looked on successful return.
597 */
598 if (buf->ops->steal(info, buf))
599 goto find_page;
600
601 page = buf->page;
602 if (add_to_page_cache(page, mapping, index, gfp_mask)) {
603 unlock_page(page);
604 goto find_page;
605 }
606
607 if (!(buf->flags & PIPE_BUF_FLAG_LRU))
608 lru_cache_add(page);
609 } else {
610 find_page:
611 page = find_lock_page(mapping, index);
612 if (!page) {
613 ret = -ENOMEM;
614 page = page_cache_alloc_cold(mapping);
615 if (unlikely(!page))
616 goto out_nomem;
617
618 /*
619 * This will also lock the page
620 */
621 ret = add_to_page_cache_lru(page, mapping, index,
622 gfp_mask);
623 if (unlikely(ret))
624 goto out;
625 }
626
627 /*
628 * We get here with the page locked. If the page is also
629 * uptodate, we don't need to do more. If it isn't, we
630 * may need to bring it in if we are not going to overwrite
631 * the full page.
632 */
633 if (!PageUptodate(page)) {
634 if (this_len < PAGE_CACHE_SIZE) {
635 ret = mapping->a_ops->readpage(file, page);
636 if (unlikely(ret))
637 goto out;
638
639 lock_page(page);
640
641 if (!PageUptodate(page)) {
642 /*
643 * Page got invalidated, repeat.
644 */
645 if (!page->mapping) {
646 unlock_page(page);
647 page_cache_release(page);
648 goto find_page;
649 }
650 ret = -EIO;
651 goto out;
652 }
653 } else
654 SetPageUptodate(page);
655 }
656 }
657
658 ret = mapping->a_ops->prepare_write(file, page, offset, offset+this_len);
659 if (ret == AOP_TRUNCATED_PAGE) {
660 page_cache_release(page);
661 goto find_page;
662 } else if (ret)
663 goto out;
664
665 if (!(buf->flags & PIPE_BUF_FLAG_STOLEN)) {
666 char *dst = kmap_atomic(page, KM_USER0);
667
668 memcpy(dst + offset, src + buf->offset, this_len);
669 flush_dcache_page(page);
670 kunmap_atomic(dst, KM_USER0);
671 }
672
673 ret = mapping->a_ops->commit_write(file, page, offset, offset+this_len);
674 if (ret == AOP_TRUNCATED_PAGE) {
675 page_cache_release(page);
676 goto find_page;
677 } else if (ret)
678 goto out;
679
680 /*
681 * Return the number of bytes written.
682 */
683 ret = this_len;
684 mark_page_accessed(page);
685 balance_dirty_pages_ratelimited(mapping);
686 out:
687 if (!(buf->flags & PIPE_BUF_FLAG_STOLEN))
688 page_cache_release(page);
689
690 unlock_page(page);
691 out_nomem:
692 buf->ops->unmap(info, buf);
693 return ret;
694 }
695
696 /*
697 * Pipe input worker. Most of this logic works like a regular pipe, the
698 * key here is the 'actor' worker passed in that actually moves the data
699 * to the wanted destination. See pipe_to_file/pipe_to_sendpage above.
700 */
701 ssize_t splice_from_pipe(struct pipe_inode_info *pipe, struct file *out,
702 loff_t *ppos, size_t len, unsigned int flags,
703 splice_actor *actor)
704 {
705 int ret, do_wakeup, err;
706 struct splice_desc sd;
707
708 ret = 0;
709 do_wakeup = 0;
710
711 sd.total_len = len;
712 sd.flags = flags;
713 sd.file = out;
714 sd.pos = *ppos;
715
716 if (pipe->inode)
717 mutex_lock(&pipe->inode->i_mutex);
718
719 for (;;) {
720 if (pipe->nrbufs) {
721 struct pipe_buffer *buf = pipe->bufs + pipe->curbuf;
722 struct pipe_buf_operations *ops = buf->ops;
723
724 sd.len = buf->len;
725 if (sd.len > sd.total_len)
726 sd.len = sd.total_len;
727
728 err = actor(pipe, buf, &sd);
729 if (err <= 0) {
730 if (!ret && err != -ENODATA)
731 ret = err;
732
733 break;
734 }
735
736 ret += err;
737 buf->offset += err;
738 buf->len -= err;
739
740 sd.len -= err;
741 sd.pos += err;
742 sd.total_len -= err;
743 if (sd.len)
744 continue;
745
746 if (!buf->len) {
747 buf->ops = NULL;
748 ops->release(pipe, buf);
749 pipe->curbuf = (pipe->curbuf + 1) & (PIPE_BUFFERS - 1);
750 pipe->nrbufs--;
751 if (pipe->inode)
752 do_wakeup = 1;
753 }
754
755 if (!sd.total_len)
756 break;
757 }
758
759 if (pipe->nrbufs)
760 continue;
761 if (!pipe->writers)
762 break;
763 if (!pipe->waiting_writers) {
764 if (ret)
765 break;
766 }
767
768 if (flags & SPLICE_F_NONBLOCK) {
769 if (!ret)
770 ret = -EAGAIN;
771 break;
772 }
773
774 if (signal_pending(current)) {
775 if (!ret)
776 ret = -ERESTARTSYS;
777 break;
778 }
779
780 if (do_wakeup) {
781 smp_mb();
782 if (waitqueue_active(&pipe->wait))
783 wake_up_interruptible_sync(&pipe->wait);
784 kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
785 do_wakeup = 0;
786 }
787
788 pipe_wait(pipe);
789 }
790
791 if (pipe->inode)
792 mutex_unlock(&pipe->inode->i_mutex);
793
794 if (do_wakeup) {
795 smp_mb();
796 if (waitqueue_active(&pipe->wait))
797 wake_up_interruptible(&pipe->wait);
798 kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
799 }
800
801 return ret;
802 }
803
804 /**
805 * generic_file_splice_write - splice data from a pipe to a file
806 * @pipe: pipe info
807 * @out: file to write to
808 * @len: number of bytes to splice
809 * @flags: splice modifier flags
810 *
811 * Will either move or copy pages (determined by @flags options) from
812 * the given pipe inode to the given file.
813 *
814 */
815 ssize_t
816 generic_file_splice_write(struct pipe_inode_info *pipe, struct file *out,
817 loff_t *ppos, size_t len, unsigned int flags)
818 {
819 struct address_space *mapping = out->f_mapping;
820 ssize_t ret;
821
822 ret = splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_file);
823 if (ret > 0) {
824 struct inode *inode = mapping->host;
825
826 *ppos += ret;
827
828 /*
829 * If file or inode is SYNC and we actually wrote some data,
830 * sync it.
831 */
832 if (unlikely((out->f_flags & O_SYNC) || IS_SYNC(inode))) {
833 int err;
834
835 mutex_lock(&inode->i_mutex);
836 err = generic_osync_inode(inode, mapping,
837 OSYNC_METADATA|OSYNC_DATA);
838 mutex_unlock(&inode->i_mutex);
839
840 if (err)
841 ret = err;
842 }
843 }
844
845 return ret;
846 }
847
848 EXPORT_SYMBOL(generic_file_splice_write);
849
850 /**
851 * generic_splice_sendpage - splice data from a pipe to a socket
852 * @inode: pipe inode
853 * @out: socket to write to
854 * @len: number of bytes to splice
855 * @flags: splice modifier flags
856 *
857 * Will send @len bytes from the pipe to a network socket. No data copying
858 * is involved.
859 *
860 */
861 ssize_t generic_splice_sendpage(struct pipe_inode_info *pipe, struct file *out,
862 loff_t *ppos, size_t len, unsigned int flags)
863 {
864 return splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_sendpage);
865 }
866
867 EXPORT_SYMBOL(generic_splice_sendpage);
868
869 /*
870 * Attempt to initiate a splice from pipe to file.
871 */
872 static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
873 loff_t *ppos, size_t len, unsigned int flags)
874 {
875 int ret;
876
877 if (unlikely(!out->f_op || !out->f_op->splice_write))
878 return -EINVAL;
879
880 if (unlikely(!(out->f_mode & FMODE_WRITE)))
881 return -EBADF;
882
883 ret = rw_verify_area(WRITE, out, ppos, len);
884 if (unlikely(ret < 0))
885 return ret;
886
887 return out->f_op->splice_write(pipe, out, ppos, len, flags);
888 }
889
890 /*
891 * Attempt to initiate a splice from a file to a pipe.
892 */
893 static long do_splice_to(struct file *in, loff_t *ppos,
894 struct pipe_inode_info *pipe, size_t len,
895 unsigned int flags)
896 {
897 loff_t isize, left;
898 int ret;
899
900 if (unlikely(!in->f_op || !in->f_op->splice_read))
901 return -EINVAL;
902
903 if (unlikely(!(in->f_mode & FMODE_READ)))
904 return -EBADF;
905
906 ret = rw_verify_area(READ, in, ppos, len);
907 if (unlikely(ret < 0))
908 return ret;
909
910 isize = i_size_read(in->f_mapping->host);
911 if (unlikely(*ppos >= isize))
912 return 0;
913
914 left = isize - *ppos;
915 if (unlikely(left < len))
916 len = left;
917
918 return in->f_op->splice_read(in, ppos, pipe, len, flags);
919 }
920
921 long do_splice_direct(struct file *in, loff_t *ppos, struct file *out,
922 size_t len, unsigned int flags)
923 {
924 struct pipe_inode_info *pipe;
925 long ret, bytes;
926 loff_t out_off;
927 umode_t i_mode;
928 int i;
929
930 /*
931 * We require the input being a regular file, as we don't want to
932 * randomly drop data for eg socket -> socket splicing. Use the
933 * piped splicing for that!
934 */
935 i_mode = in->f_dentry->d_inode->i_mode;
936 if (unlikely(!S_ISREG(i_mode) && !S_ISBLK(i_mode)))
937 return -EINVAL;
938
939 /*
940 * neither in nor out is a pipe, setup an internal pipe attached to
941 * 'out' and transfer the wanted data from 'in' to 'out' through that
942 */
943 pipe = current->splice_pipe;
944 if (unlikely(!pipe)) {
945 pipe = alloc_pipe_info(NULL);
946 if (!pipe)
947 return -ENOMEM;
948
949 /*
950 * We don't have an immediate reader, but we'll read the stuff
951 * out of the pipe right after the splice_to_pipe(). So set
952 * PIPE_READERS appropriately.
953 */
954 pipe->readers = 1;
955
956 current->splice_pipe = pipe;
957 }
958
959 /*
960 * Do the splice.
961 */
962 ret = 0;
963 bytes = 0;
964 out_off = 0;
965
966 while (len) {
967 size_t read_len, max_read_len;
968
969 /*
970 * Do at most PIPE_BUFFERS pages worth of transfer:
971 */
972 max_read_len = min(len, (size_t)(PIPE_BUFFERS*PAGE_SIZE));
973
974 ret = do_splice_to(in, ppos, pipe, max_read_len, flags);
975 if (unlikely(ret < 0))
976 goto out_release;
977
978 read_len = ret;
979
980 /*
981 * NOTE: nonblocking mode only applies to the input. We
982 * must not do the output in nonblocking mode as then we
983 * could get stuck data in the internal pipe:
984 */
985 ret = do_splice_from(pipe, out, &out_off, read_len,
986 flags & ~SPLICE_F_NONBLOCK);
987 if (unlikely(ret < 0))
988 goto out_release;
989
990 bytes += ret;
991 len -= ret;
992
993 /*
994 * In nonblocking mode, if we got back a short read then
995 * that was due to either an IO error or due to the
996 * pagecache entry not being there. In the IO error case
997 * the _next_ splice attempt will produce a clean IO error
998 * return value (not a short read), so in both cases it's
999 * correct to break out of the loop here:
1000 */
1001 if ((flags & SPLICE_F_NONBLOCK) && (read_len < max_read_len))
1002 break;
1003 }
1004
1005 pipe->nrbufs = pipe->curbuf = 0;
1006
1007 return bytes;
1008
1009 out_release:
1010 /*
1011 * If we did an incomplete transfer we must release
1012 * the pipe buffers in question:
1013 */
1014 for (i = 0; i < PIPE_BUFFERS; i++) {
1015 struct pipe_buffer *buf = pipe->bufs + i;
1016
1017 if (buf->ops) {
1018 buf->ops->release(pipe, buf);
1019 buf->ops = NULL;
1020 }
1021 }
1022 pipe->nrbufs = pipe->curbuf = 0;
1023
1024 /*
1025 * If we transferred some data, return the number of bytes:
1026 */
1027 if (bytes > 0)
1028 return bytes;
1029
1030 return ret;
1031 }
1032
1033 EXPORT_SYMBOL(do_splice_direct);
1034
1035 /*
1036 * Determine where to splice to/from.
1037 */
1038 static long do_splice(struct file *in, loff_t __user *off_in,
1039 struct file *out, loff_t __user *off_out,
1040 size_t len, unsigned int flags)
1041 {
1042 struct pipe_inode_info *pipe;
1043 loff_t offset, *off;
1044 long ret;
1045
1046 pipe = in->f_dentry->d_inode->i_pipe;
1047 if (pipe) {
1048 if (off_in)
1049 return -ESPIPE;
1050 if (off_out) {
1051 if (out->f_op->llseek == no_llseek)
1052 return -EINVAL;
1053 if (copy_from_user(&offset, off_out, sizeof(loff_t)))
1054 return -EFAULT;
1055 off = &offset;
1056 } else
1057 off = &out->f_pos;
1058
1059 ret = do_splice_from(pipe, out, off, len, flags);
1060
1061 if (off_out && copy_to_user(off_out, off, sizeof(loff_t)))
1062 ret = -EFAULT;
1063
1064 return ret;
1065 }
1066
1067 pipe = out->f_dentry->d_inode->i_pipe;
1068 if (pipe) {
1069 if (off_out)
1070 return -ESPIPE;
1071 if (off_in) {
1072 if (in->f_op->llseek == no_llseek)
1073 return -EINVAL;
1074 if (copy_from_user(&offset, off_in, sizeof(loff_t)))
1075 return -EFAULT;
1076 off = &offset;
1077 } else
1078 off = &in->f_pos;
1079
1080 ret = do_splice_to(in, off, pipe, len, flags);
1081
1082 if (off_in && copy_to_user(off_in, off, sizeof(loff_t)))
1083 ret = -EFAULT;
1084
1085 return ret;
1086 }
1087
1088 return -EINVAL;
1089 }
1090
1091 /*
1092 * Map an iov into an array of pages and offset/length tupples. With the
1093 * partial_page structure, we can map several non-contiguous ranges into
1094 * our ones pages[] map instead of splitting that operation into pieces.
1095 * Could easily be exported as a generic helper for other users, in which
1096 * case one would probably want to add a 'max_nr_pages' parameter as well.
1097 */
1098 static int get_iovec_page_array(const struct iovec __user *iov,
1099 unsigned int nr_vecs, struct page **pages,
1100 struct partial_page *partial)
1101 {
1102 int buffers = 0, error = 0;
1103
1104 /*
1105 * It's ok to take the mmap_sem for reading, even
1106 * across a "get_user()".
1107 */
1108 down_read(&current->mm->mmap_sem);
1109
1110 while (nr_vecs) {
1111 unsigned long off, npages;
1112 void __user *base;
1113 size_t len;
1114 int i;
1115
1116 /*
1117 * Get user address base and length for this iovec.
1118 */
1119 error = get_user(base, &iov->iov_base);
1120 if (unlikely(error))
1121 break;
1122 error = get_user(len, &iov->iov_len);
1123 if (unlikely(error))
1124 break;
1125
1126 /*
1127 * Sanity check this iovec. 0 read succeeds.
1128 */
1129 if (unlikely(!len))
1130 break;
1131 error = -EFAULT;
1132 if (unlikely(!base))
1133 break;
1134
1135 /*
1136 * Get this base offset and number of pages, then map
1137 * in the user pages.
1138 */
1139 off = (unsigned long) base & ~PAGE_MASK;
1140 npages = (off + len + PAGE_SIZE - 1) >> PAGE_SHIFT;
1141 if (npages > PIPE_BUFFERS - buffers)
1142 npages = PIPE_BUFFERS - buffers;
1143
1144 error = get_user_pages(current, current->mm,
1145 (unsigned long) base, npages, 0, 0,
1146 &pages[buffers], NULL);
1147
1148 if (unlikely(error <= 0))
1149 break;
1150
1151 /*
1152 * Fill this contiguous range into the partial page map.
1153 */
1154 for (i = 0; i < error; i++) {
1155 const int plen = min_t(size_t, len, PAGE_SIZE) - off;
1156
1157 partial[buffers].offset = off;
1158 partial[buffers].len = plen;
1159
1160 off = 0;
1161 len -= plen;
1162 buffers++;
1163 }
1164
1165 /*
1166 * We didn't complete this iov, stop here since it probably
1167 * means we have to move some of this into a pipe to
1168 * be able to continue.
1169 */
1170 if (len)
1171 break;
1172
1173 /*
1174 * Don't continue if we mapped fewer pages than we asked for,
1175 * or if we mapped the max number of pages that we have
1176 * room for.
1177 */
1178 if (error < npages || buffers == PIPE_BUFFERS)
1179 break;
1180
1181 nr_vecs--;
1182 iov++;
1183 }
1184
1185 up_read(&current->mm->mmap_sem);
1186
1187 if (buffers)
1188 return buffers;
1189
1190 return error;
1191 }
1192
1193 /*
1194 * vmsplice splices a user address range into a pipe. It can be thought of
1195 * as splice-from-memory, where the regular splice is splice-from-file (or
1196 * to file). In both cases the output is a pipe, naturally.
1197 *
1198 * Note that vmsplice only supports splicing _from_ user memory to a pipe,
1199 * not the other way around. Splicing from user memory is a simple operation
1200 * that can be supported without any funky alignment restrictions or nasty
1201 * vm tricks. We simply map in the user memory and fill them into a pipe.
1202 * The reverse isn't quite as easy, though. There are two possible solutions
1203 * for that:
1204 *
1205 * - memcpy() the data internally, at which point we might as well just
1206 * do a regular read() on the buffer anyway.
1207 * - Lots of nasty vm tricks, that are neither fast nor flexible (it
1208 * has restriction limitations on both ends of the pipe).
1209 *
1210 * Alas, it isn't here.
1211 *
1212 */
1213 static long do_vmsplice(struct file *file, const struct iovec __user *iov,
1214 unsigned long nr_segs, unsigned int flags)
1215 {
1216 struct pipe_inode_info *pipe = file->f_dentry->d_inode->i_pipe;
1217 struct page *pages[PIPE_BUFFERS];
1218 struct partial_page partial[PIPE_BUFFERS];
1219 struct splice_pipe_desc spd = {
1220 .pages = pages,
1221 .partial = partial,
1222 .flags = flags,
1223 .ops = &user_page_pipe_buf_ops,
1224 };
1225
1226 if (unlikely(!pipe))
1227 return -EBADF;
1228 if (unlikely(nr_segs > UIO_MAXIOV))
1229 return -EINVAL;
1230 else if (unlikely(!nr_segs))
1231 return 0;
1232
1233 spd.nr_pages = get_iovec_page_array(iov, nr_segs, pages, partial);
1234 if (spd.nr_pages <= 0)
1235 return spd.nr_pages;
1236
1237 return splice_to_pipe(pipe, &spd);
1238 }
1239
1240 asmlinkage long sys_vmsplice(int fd, const struct iovec __user *iov,
1241 unsigned long nr_segs, unsigned int flags)
1242 {
1243 struct file *file;
1244 long error;
1245 int fput;
1246
1247 error = -EBADF;
1248 file = fget_light(fd, &fput);
1249 if (file) {
1250 if (file->f_mode & FMODE_WRITE)
1251 error = do_vmsplice(file, iov, nr_segs, flags);
1252
1253 fput_light(file, fput);
1254 }
1255
1256 return error;
1257 }
1258
1259 asmlinkage long sys_splice(int fd_in, loff_t __user *off_in,
1260 int fd_out, loff_t __user *off_out,
1261 size_t len, unsigned int flags)
1262 {
1263 long error;
1264 struct file *in, *out;
1265 int fput_in, fput_out;
1266
1267 if (unlikely(!len))
1268 return 0;
1269
1270 error = -EBADF;
1271 in = fget_light(fd_in, &fput_in);
1272 if (in) {
1273 if (in->f_mode & FMODE_READ) {
1274 out = fget_light(fd_out, &fput_out);
1275 if (out) {
1276 if (out->f_mode & FMODE_WRITE)
1277 error = do_splice(in, off_in,
1278 out, off_out,
1279 len, flags);
1280 fput_light(out, fput_out);
1281 }
1282 }
1283
1284 fput_light(in, fput_in);
1285 }
1286
1287 return error;
1288 }
1289
1290 /*
1291 * Link contents of ipipe to opipe.
1292 */
1293 static int link_pipe(struct pipe_inode_info *ipipe,
1294 struct pipe_inode_info *opipe,
1295 size_t len, unsigned int flags)
1296 {
1297 struct pipe_buffer *ibuf, *obuf;
1298 int ret, do_wakeup, i, ipipe_first;
1299
1300 ret = do_wakeup = ipipe_first = 0;
1301
1302 /*
1303 * Potential ABBA deadlock, work around it by ordering lock
1304 * grabbing by inode address. Otherwise two different processes
1305 * could deadlock (one doing tee from A -> B, the other from B -> A).
1306 */
1307 if (ipipe->inode < opipe->inode) {
1308 ipipe_first = 1;
1309 mutex_lock(&ipipe->inode->i_mutex);
1310 mutex_lock(&opipe->inode->i_mutex);
1311 } else {
1312 mutex_lock(&opipe->inode->i_mutex);
1313 mutex_lock(&ipipe->inode->i_mutex);
1314 }
1315
1316 for (i = 0;; i++) {
1317 if (!opipe->readers) {
1318 send_sig(SIGPIPE, current, 0);
1319 if (!ret)
1320 ret = -EPIPE;
1321 break;
1322 }
1323 if (ipipe->nrbufs - i) {
1324 ibuf = ipipe->bufs + ((ipipe->curbuf + i) & (PIPE_BUFFERS - 1));
1325
1326 /*
1327 * If we have room, fill this buffer
1328 */
1329 if (opipe->nrbufs < PIPE_BUFFERS) {
1330 int nbuf = (opipe->curbuf + opipe->nrbufs) & (PIPE_BUFFERS - 1);
1331
1332 /*
1333 * Get a reference to this pipe buffer,
1334 * so we can copy the contents over.
1335 */
1336 ibuf->ops->get(ipipe, ibuf);
1337
1338 obuf = opipe->bufs + nbuf;
1339 *obuf = *ibuf;
1340
1341 if (obuf->len > len)
1342 obuf->len = len;
1343
1344 opipe->nrbufs++;
1345 do_wakeup = 1;
1346 ret += obuf->len;
1347 len -= obuf->len;
1348
1349 if (!len)
1350 break;
1351 if (opipe->nrbufs < PIPE_BUFFERS)
1352 continue;
1353 }
1354
1355 /*
1356 * We have input available, but no output room.
1357 * If we already copied data, return that. If we
1358 * need to drop the opipe lock, it must be ordered
1359 * last to avoid deadlocks.
1360 */
1361 if ((flags & SPLICE_F_NONBLOCK) || !ipipe_first) {
1362 if (!ret)
1363 ret = -EAGAIN;
1364 break;
1365 }
1366 if (signal_pending(current)) {
1367 if (!ret)
1368 ret = -ERESTARTSYS;
1369 break;
1370 }
1371 if (do_wakeup) {
1372 smp_mb();
1373 if (waitqueue_active(&opipe->wait))
1374 wake_up_interruptible(&opipe->wait);
1375 kill_fasync(&opipe->fasync_readers, SIGIO, POLL_IN);
1376 do_wakeup = 0;
1377 }
1378
1379 opipe->waiting_writers++;
1380 pipe_wait(opipe);
1381 opipe->waiting_writers--;
1382 continue;
1383 }
1384
1385 /*
1386 * No input buffers, do the usual checks for available
1387 * writers and blocking and wait if necessary
1388 */
1389 if (!ipipe->writers)
1390 break;
1391 if (!ipipe->waiting_writers) {
1392 if (ret)
1393 break;
1394 }
1395 /*
1396 * pipe_wait() drops the ipipe mutex. To avoid deadlocks
1397 * with another process, we can only safely do that if
1398 * the ipipe lock is ordered last.
1399 */
1400 if ((flags & SPLICE_F_NONBLOCK) || ipipe_first) {
1401 if (!ret)
1402 ret = -EAGAIN;
1403 break;
1404 }
1405 if (signal_pending(current)) {
1406 if (!ret)
1407 ret = -ERESTARTSYS;
1408 break;
1409 }
1410
1411 if (waitqueue_active(&ipipe->wait))
1412 wake_up_interruptible_sync(&ipipe->wait);
1413 kill_fasync(&ipipe->fasync_writers, SIGIO, POLL_OUT);
1414
1415 pipe_wait(ipipe);
1416 }
1417
1418 mutex_unlock(&ipipe->inode->i_mutex);
1419 mutex_unlock(&opipe->inode->i_mutex);
1420
1421 if (do_wakeup) {
1422 smp_mb();
1423 if (waitqueue_active(&opipe->wait))
1424 wake_up_interruptible(&opipe->wait);
1425 kill_fasync(&opipe->fasync_readers, SIGIO, POLL_IN);
1426 }
1427
1428 return ret;
1429 }
1430
1431 /*
1432 * This is a tee(1) implementation that works on pipes. It doesn't copy
1433 * any data, it simply references the 'in' pages on the 'out' pipe.
1434 * The 'flags' used are the SPLICE_F_* variants, currently the only
1435 * applicable one is SPLICE_F_NONBLOCK.
1436 */
1437 static long do_tee(struct file *in, struct file *out, size_t len,
1438 unsigned int flags)
1439 {
1440 struct pipe_inode_info *ipipe = in->f_dentry->d_inode->i_pipe;
1441 struct pipe_inode_info *opipe = out->f_dentry->d_inode->i_pipe;
1442
1443 /*
1444 * Link ipipe to the two output pipes, consuming as we go along.
1445 */
1446 if (ipipe && opipe)
1447 return link_pipe(ipipe, opipe, len, flags);
1448
1449 return -EINVAL;
1450 }
1451
1452 asmlinkage long sys_tee(int fdin, int fdout, size_t len, unsigned int flags)
1453 {
1454 struct file *in;
1455 int error, fput_in;
1456
1457 if (unlikely(!len))
1458 return 0;
1459
1460 error = -EBADF;
1461 in = fget_light(fdin, &fput_in);
1462 if (in) {
1463 if (in->f_mode & FMODE_READ) {
1464 int fput_out;
1465 struct file *out = fget_light(fdout, &fput_out);
1466
1467 if (out) {
1468 if (out->f_mode & FMODE_WRITE)
1469 error = do_tee(in, out, len, flags);
1470 fput_light(out, fput_out);
1471 }
1472 }
1473 fput_light(in, fput_in);
1474 }
1475
1476 return error;
1477 }
Ubuntu Artful kernel mirror