2 * "splice": joining two ropes together by interweaving their strands.
4 * This is the "extended pipe" functionality, where a pipe is used as
5 * an arbitrary in-memory buffer. Think of a pipe as a small kernel
6 * buffer that you can use to transfer data from one end to the other.
8 * The traditional unix read/write is extended with a "splice()" operation
9 * that transfers data buffers to or from a pipe buffer.
11 * Named by Larry McVoy, original implementation from Linus, extended by
12 * Jens to support splicing to files, network, direct splicing, etc and
13 * fixing lots of bugs.
15 * Copyright (C) 2005-2006 Jens Axboe <axboe@kernel.dk>
16 * Copyright (C) 2005-2006 Linus Torvalds <torvalds@osdl.org>
17 * Copyright (C) 2006 Ingo Molnar <mingo@elte.hu>
21 #include <linux/file.h>
22 #include <linux/pagemap.h>
23 #include <linux/splice.h>
24 #include <linux/memcontrol.h>
25 #include <linux/mm_inline.h>
26 #include <linux/swap.h>
27 #include <linux/writeback.h>
28 #include <linux/export.h>
29 #include <linux/syscalls.h>
30 #include <linux/uio.h>
31 #include <linux/security.h>
32 #include <linux/gfp.h>
33 #include <linux/socket.h>
34 #include <linux/compat.h>
38 * Attempt to steal a page from a pipe buffer. This should perhaps go into
39 * a vm helper function, it's already simplified quite a bit by the
40 * addition of remove_mapping(). If success is returned, the caller may
41 * attempt to reuse this page for another destination.
43 static int page_cache_pipe_buf_steal(struct pipe_inode_info
*pipe
,
44 struct pipe_buffer
*buf
)
46 struct page
*page
= buf
->page
;
47 struct address_space
*mapping
;
51 mapping
= page_mapping(page
);
53 WARN_ON(!PageUptodate(page
));
56 * At least for ext2 with nobh option, we need to wait on
57 * writeback completing on this page, since we'll remove it
58 * from the pagecache. Otherwise truncate wont wait on the
59 * page, allowing the disk blocks to be reused by someone else
60 * before we actually wrote our data to them. fs corruption
63 wait_on_page_writeback(page
);
65 if (page_has_private(page
) &&
66 !try_to_release_page(page
, GFP_KERNEL
))
70 * If we succeeded in removing the mapping, set LRU flag
73 if (remove_mapping(mapping
, page
)) {
74 buf
->flags
|= PIPE_BUF_FLAG_LRU
;
80 * Raced with truncate or failed to remove page from current
81 * address space, unlock and return failure.
88 static void page_cache_pipe_buf_release(struct pipe_inode_info
*pipe
,
89 struct pipe_buffer
*buf
)
92 buf
->flags
&= ~PIPE_BUF_FLAG_LRU
;
96 * Check whether the contents of buf is OK to access. Since the content
97 * is a page cache page, IO may be in flight.
99 static int page_cache_pipe_buf_confirm(struct pipe_inode_info
*pipe
,
100 struct pipe_buffer
*buf
)
102 struct page
*page
= buf
->page
;
105 if (!PageUptodate(page
)) {
109 * Page got truncated/unhashed. This will cause a 0-byte
110 * splice, if this is the first page.
112 if (!page
->mapping
) {
118 * Uh oh, read-error from disk.
120 if (!PageUptodate(page
)) {
126 * Page is ok afterall, we are done.
137 const struct pipe_buf_operations page_cache_pipe_buf_ops
= {
139 .confirm
= page_cache_pipe_buf_confirm
,
140 .release
= page_cache_pipe_buf_release
,
141 .steal
= page_cache_pipe_buf_steal
,
142 .get
= generic_pipe_buf_get
,
145 static int user_page_pipe_buf_steal(struct pipe_inode_info
*pipe
,
146 struct pipe_buffer
*buf
)
148 if (!(buf
->flags
& PIPE_BUF_FLAG_GIFT
))
151 buf
->flags
|= PIPE_BUF_FLAG_LRU
;
152 return generic_pipe_buf_steal(pipe
, buf
);
155 static const struct pipe_buf_operations user_page_pipe_buf_ops
= {
157 .confirm
= generic_pipe_buf_confirm
,
158 .release
= page_cache_pipe_buf_release
,
159 .steal
= user_page_pipe_buf_steal
,
160 .get
= generic_pipe_buf_get
,
163 static void wakeup_pipe_readers(struct pipe_inode_info
*pipe
)
166 if (waitqueue_active(&pipe
->wait
))
167 wake_up_interruptible(&pipe
->wait
);
168 kill_fasync(&pipe
->fasync_readers
, SIGIO
, POLL_IN
);
172 * splice_to_pipe - fill passed data into a pipe
173 * @pipe: pipe to fill
177 * @spd contains a map of pages and len/offset tuples, along with
178 * the struct pipe_buf_operations associated with these pages. This
179 * function will link that data to the pipe.
182 ssize_t
splice_to_pipe(struct pipe_inode_info
*pipe
,
183 struct splice_pipe_desc
*spd
)
185 unsigned int spd_pages
= spd
->nr_pages
;
186 int ret
= 0, page_nr
= 0;
191 if (unlikely(!pipe
->readers
)) {
192 send_sig(SIGPIPE
, current
, 0);
197 while (pipe
->nrbufs
< pipe
->buffers
) {
198 int newbuf
= (pipe
->curbuf
+ pipe
->nrbufs
) & (pipe
->buffers
- 1);
199 struct pipe_buffer
*buf
= pipe
->bufs
+ newbuf
;
201 buf
->page
= spd
->pages
[page_nr
];
202 buf
->offset
= spd
->partial
[page_nr
].offset
;
203 buf
->len
= spd
->partial
[page_nr
].len
;
204 buf
->private = spd
->partial
[page_nr
].private;
206 if (spd
->flags
& SPLICE_F_GIFT
)
207 buf
->flags
|= PIPE_BUF_FLAG_GIFT
;
213 if (!--spd
->nr_pages
)
221 while (page_nr
< spd_pages
)
222 spd
->spd_release(spd
, page_nr
++);
226 EXPORT_SYMBOL_GPL(splice_to_pipe
);
228 void spd_release_page(struct splice_pipe_desc
*spd
, unsigned int i
)
230 put_page(spd
->pages
[i
]);
234 * Check if we need to grow the arrays holding pages and partial page
237 int splice_grow_spd(const struct pipe_inode_info
*pipe
, struct splice_pipe_desc
*spd
)
239 unsigned int buffers
= ACCESS_ONCE(pipe
->buffers
);
241 spd
->nr_pages_max
= buffers
;
242 if (buffers
<= PIPE_DEF_BUFFERS
)
245 spd
->pages
= kmalloc(buffers
* sizeof(struct page
*), GFP_KERNEL
);
246 spd
->partial
= kmalloc(buffers
* sizeof(struct partial_page
), GFP_KERNEL
);
248 if (spd
->pages
&& spd
->partial
)
256 void splice_shrink_spd(struct splice_pipe_desc
*spd
)
258 if (spd
->nr_pages_max
<= PIPE_DEF_BUFFERS
)
266 __generic_file_splice_read(struct file
*in
, loff_t
*ppos
,
267 struct pipe_inode_info
*pipe
, size_t len
,
270 struct address_space
*mapping
= in
->f_mapping
;
271 unsigned int loff
, nr_pages
, req_pages
;
272 struct page
*pages
[PIPE_DEF_BUFFERS
];
273 struct partial_page partial
[PIPE_DEF_BUFFERS
];
275 pgoff_t index
, end_index
;
278 struct splice_pipe_desc spd
= {
281 .nr_pages_max
= PIPE_DEF_BUFFERS
,
283 .ops
= &page_cache_pipe_buf_ops
,
284 .spd_release
= spd_release_page
,
287 if (splice_grow_spd(pipe
, &spd
))
290 index
= *ppos
>> PAGE_SHIFT
;
291 loff
= *ppos
& ~PAGE_MASK
;
292 req_pages
= (len
+ loff
+ PAGE_SIZE
- 1) >> PAGE_SHIFT
;
293 nr_pages
= min(req_pages
, spd
.nr_pages_max
);
296 * Lookup the (hopefully) full range of pages we need.
298 spd
.nr_pages
= find_get_pages_contig(mapping
, index
, nr_pages
, spd
.pages
);
299 index
+= spd
.nr_pages
;
302 * If find_get_pages_contig() returned fewer pages than we needed,
303 * readahead/allocate the rest and fill in the holes.
305 if (spd
.nr_pages
< nr_pages
)
306 page_cache_sync_readahead(mapping
, &in
->f_ra
, in
,
307 index
, req_pages
- spd
.nr_pages
);
310 while (spd
.nr_pages
< nr_pages
) {
312 * Page could be there, find_get_pages_contig() breaks on
315 page
= find_get_page(mapping
, index
);
318 * page didn't exist, allocate one.
320 page
= page_cache_alloc_cold(mapping
);
324 error
= add_to_page_cache_lru(page
, mapping
, index
,
325 mapping_gfp_constraint(mapping
, GFP_KERNEL
));
326 if (unlikely(error
)) {
328 if (error
== -EEXIST
)
333 * add_to_page_cache() locks the page, unlock it
334 * to avoid convoluting the logic below even more.
339 spd
.pages
[spd
.nr_pages
++] = page
;
344 * Now loop over the map and see if we need to start IO on any
345 * pages, fill in the partial map, etc.
347 index
= *ppos
>> PAGE_SHIFT
;
348 nr_pages
= spd
.nr_pages
;
350 for (page_nr
= 0; page_nr
< nr_pages
; page_nr
++) {
351 unsigned int this_len
;
357 * this_len is the max we'll use from this page
359 this_len
= min_t(unsigned long, len
, PAGE_SIZE
- loff
);
360 page
= spd
.pages
[page_nr
];
362 if (PageReadahead(page
))
363 page_cache_async_readahead(mapping
, &in
->f_ra
, in
,
364 page
, index
, req_pages
- page_nr
);
367 * If the page isn't uptodate, we may need to start io on it
369 if (!PageUptodate(page
)) {
373 * Page was truncated, or invalidated by the
374 * filesystem. Redo the find/create, but this time the
375 * page is kept locked, so there's no chance of another
376 * race with truncate/invalidate.
378 if (!page
->mapping
) {
381 page
= find_or_create_page(mapping
, index
,
382 mapping_gfp_mask(mapping
));
388 put_page(spd
.pages
[page_nr
]);
389 spd
.pages
[page_nr
] = page
;
392 * page was already under io and is now done, great
394 if (PageUptodate(page
)) {
400 * need to read in the page
402 error
= mapping
->a_ops
->readpage(in
, page
);
403 if (unlikely(error
)) {
407 if (error
== AOP_TRUNCATED_PAGE
)
415 * i_size must be checked after PageUptodate.
417 isize
= i_size_read(mapping
->host
);
418 end_index
= (isize
- 1) >> PAGE_SHIFT
;
419 if (unlikely(!isize
|| index
> end_index
))
423 * if this is the last page, see if we need to shrink
424 * the length and stop
426 if (end_index
== index
) {
430 * max good bytes in this page
432 plen
= ((isize
- 1) & ~PAGE_MASK
) + 1;
437 * force quit after adding this page
439 this_len
= min(this_len
, plen
- loff
);
443 spd
.partial
[page_nr
].offset
= loff
;
444 spd
.partial
[page_nr
].len
= this_len
;
452 * Release any pages at the end, if we quit early. 'page_nr' is how far
453 * we got, 'nr_pages' is how many pages are in the map.
455 while (page_nr
< nr_pages
)
456 put_page(spd
.pages
[page_nr
++]);
457 in
->f_ra
.prev_pos
= (loff_t
)index
<< PAGE_SHIFT
;
460 error
= splice_to_pipe(pipe
, &spd
);
462 splice_shrink_spd(&spd
);
467 * generic_file_splice_read - splice data from file to a pipe
468 * @in: file to splice from
469 * @ppos: position in @in
470 * @pipe: pipe to splice to
471 * @len: number of bytes to splice
472 * @flags: splice modifier flags
475 * Will read pages from given file and fill them into a pipe. Can be
476 * used as long as the address_space operations for the source implements
480 ssize_t
generic_file_splice_read(struct file
*in
, loff_t
*ppos
,
481 struct pipe_inode_info
*pipe
, size_t len
,
487 if (IS_DAX(in
->f_mapping
->host
))
488 return default_file_splice_read(in
, ppos
, pipe
, len
, flags
);
490 isize
= i_size_read(in
->f_mapping
->host
);
491 if (unlikely(*ppos
>= isize
))
494 left
= isize
- *ppos
;
495 if (unlikely(left
< len
))
498 ret
= __generic_file_splice_read(in
, ppos
, pipe
, len
, flags
);
506 EXPORT_SYMBOL(generic_file_splice_read
);
508 static const struct pipe_buf_operations default_pipe_buf_ops
= {
510 .confirm
= generic_pipe_buf_confirm
,
511 .release
= generic_pipe_buf_release
,
512 .steal
= generic_pipe_buf_steal
,
513 .get
= generic_pipe_buf_get
,
516 static int generic_pipe_buf_nosteal(struct pipe_inode_info
*pipe
,
517 struct pipe_buffer
*buf
)
522 /* Pipe buffer operations for a socket and similar. */
523 const struct pipe_buf_operations nosteal_pipe_buf_ops
= {
525 .confirm
= generic_pipe_buf_confirm
,
526 .release
= generic_pipe_buf_release
,
527 .steal
= generic_pipe_buf_nosteal
,
528 .get
= generic_pipe_buf_get
,
530 EXPORT_SYMBOL(nosteal_pipe_buf_ops
);
532 static ssize_t
kernel_readv(struct file
*file
, const struct iovec
*vec
,
533 unsigned long vlen
, loff_t offset
)
541 /* The cast to a user pointer is valid due to the set_fs() */
542 res
= vfs_readv(file
, (const struct iovec __user
*)vec
, vlen
, &pos
, 0);
548 ssize_t
kernel_write(struct file
*file
, const char *buf
, size_t count
,
556 /* The cast to a user pointer is valid due to the set_fs() */
557 res
= vfs_write(file
, (__force
const char __user
*)buf
, count
, &pos
);
562 EXPORT_SYMBOL(kernel_write
);
564 ssize_t
default_file_splice_read(struct file
*in
, loff_t
*ppos
,
565 struct pipe_inode_info
*pipe
, size_t len
,
568 unsigned int nr_pages
;
569 unsigned int nr_freed
;
571 struct page
*pages
[PIPE_DEF_BUFFERS
];
572 struct partial_page partial
[PIPE_DEF_BUFFERS
];
573 struct iovec
*vec
, __vec
[PIPE_DEF_BUFFERS
];
578 struct splice_pipe_desc spd
= {
581 .nr_pages_max
= PIPE_DEF_BUFFERS
,
583 .ops
= &default_pipe_buf_ops
,
584 .spd_release
= spd_release_page
,
587 if (splice_grow_spd(pipe
, &spd
))
592 if (spd
.nr_pages_max
> PIPE_DEF_BUFFERS
) {
593 vec
= kmalloc(spd
.nr_pages_max
* sizeof(struct iovec
), GFP_KERNEL
);
598 offset
= *ppos
& ~PAGE_MASK
;
599 nr_pages
= (len
+ offset
+ PAGE_SIZE
- 1) >> PAGE_SHIFT
;
601 for (i
= 0; i
< nr_pages
&& i
< spd
.nr_pages_max
&& len
; i
++) {
604 page
= alloc_page(GFP_USER
);
609 this_len
= min_t(size_t, len
, PAGE_SIZE
- offset
);
610 vec
[i
].iov_base
= (void __user
*) page_address(page
);
611 vec
[i
].iov_len
= this_len
;
618 res
= kernel_readv(in
, vec
, spd
.nr_pages
, *ppos
);
629 for (i
= 0; i
< spd
.nr_pages
; i
++) {
630 this_len
= min_t(size_t, vec
[i
].iov_len
, res
);
631 spd
.partial
[i
].offset
= 0;
632 spd
.partial
[i
].len
= this_len
;
634 __free_page(spd
.pages
[i
]);
640 spd
.nr_pages
-= nr_freed
;
642 res
= splice_to_pipe(pipe
, &spd
);
649 splice_shrink_spd(&spd
);
653 for (i
= 0; i
< spd
.nr_pages
; i
++)
654 __free_page(spd
.pages
[i
]);
659 EXPORT_SYMBOL(default_file_splice_read
);
662 * Send 'sd->len' bytes to socket from 'sd->file' at position 'sd->pos'
663 * using sendpage(). Return the number of bytes sent.
665 static int pipe_to_sendpage(struct pipe_inode_info
*pipe
,
666 struct pipe_buffer
*buf
, struct splice_desc
*sd
)
668 struct file
*file
= sd
->u
.file
;
669 loff_t pos
= sd
->pos
;
672 if (!likely(file
->f_op
->sendpage
))
675 more
= (sd
->flags
& SPLICE_F_MORE
) ? MSG_MORE
: 0;
677 if (sd
->len
< sd
->total_len
&& pipe
->nrbufs
> 1)
678 more
|= MSG_SENDPAGE_NOTLAST
;
680 return file
->f_op
->sendpage(file
, buf
->page
, buf
->offset
,
681 sd
->len
, &pos
, more
);
684 static void wakeup_pipe_writers(struct pipe_inode_info
*pipe
)
687 if (waitqueue_active(&pipe
->wait
))
688 wake_up_interruptible(&pipe
->wait
);
689 kill_fasync(&pipe
->fasync_writers
, SIGIO
, POLL_OUT
);
693 * splice_from_pipe_feed - feed available data from a pipe to a file
694 * @pipe: pipe to splice from
695 * @sd: information to @actor
696 * @actor: handler that splices the data
699 * This function loops over the pipe and calls @actor to do the
700 * actual moving of a single struct pipe_buffer to the desired
701 * destination. It returns when there's no more buffers left in
702 * the pipe or if the requested number of bytes (@sd->total_len)
703 * have been copied. It returns a positive number (one) if the
704 * pipe needs to be filled with more data, zero if the required
705 * number of bytes have been copied and -errno on error.
707 * This, together with splice_from_pipe_{begin,end,next}, may be
708 * used to implement the functionality of __splice_from_pipe() when
709 * locking is required around copying the pipe buffers to the
712 static int splice_from_pipe_feed(struct pipe_inode_info
*pipe
, struct splice_desc
*sd
,
717 while (pipe
->nrbufs
) {
718 struct pipe_buffer
*buf
= pipe
->bufs
+ pipe
->curbuf
;
719 const struct pipe_buf_operations
*ops
= buf
->ops
;
722 if (sd
->len
> sd
->total_len
)
723 sd
->len
= sd
->total_len
;
725 ret
= buf
->ops
->confirm(pipe
, buf
);
732 ret
= actor(pipe
, buf
, sd
);
739 sd
->num_spliced
+= ret
;
742 sd
->total_len
-= ret
;
746 ops
->release(pipe
, buf
);
747 pipe
->curbuf
= (pipe
->curbuf
+ 1) & (pipe
->buffers
- 1);
750 sd
->need_wakeup
= true;
761 * splice_from_pipe_next - wait for some data to splice from
762 * @pipe: pipe to splice from
763 * @sd: information about the splice operation
766 * This function will wait for some data and return a positive
767 * value (one) if pipe buffers are available. It will return zero
768 * or -errno if no more data needs to be spliced.
770 static int splice_from_pipe_next(struct pipe_inode_info
*pipe
, struct splice_desc
*sd
)
773 * Check for signal early to make process killable when there are
774 * always buffers available
776 if (signal_pending(current
))
779 while (!pipe
->nrbufs
) {
783 if (!pipe
->waiting_writers
&& sd
->num_spliced
)
786 if (sd
->flags
& SPLICE_F_NONBLOCK
)
789 if (signal_pending(current
))
792 if (sd
->need_wakeup
) {
793 wakeup_pipe_writers(pipe
);
794 sd
->need_wakeup
= false;
804 * splice_from_pipe_begin - start splicing from pipe
805 * @sd: information about the splice operation
808 * This function should be called before a loop containing
809 * splice_from_pipe_next() and splice_from_pipe_feed() to
810 * initialize the necessary fields of @sd.
812 static void splice_from_pipe_begin(struct splice_desc
*sd
)
815 sd
->need_wakeup
= false;
819 * splice_from_pipe_end - finish splicing from pipe
820 * @pipe: pipe to splice from
821 * @sd: information about the splice operation
824 * This function will wake up pipe writers if necessary. It should
825 * be called after a loop containing splice_from_pipe_next() and
826 * splice_from_pipe_feed().
828 static void splice_from_pipe_end(struct pipe_inode_info
*pipe
, struct splice_desc
*sd
)
831 wakeup_pipe_writers(pipe
);
835 * __splice_from_pipe - splice data from a pipe to given actor
836 * @pipe: pipe to splice from
837 * @sd: information to @actor
838 * @actor: handler that splices the data
841 * This function does little more than loop over the pipe and call
842 * @actor to do the actual moving of a single struct pipe_buffer to
843 * the desired destination. See pipe_to_file, pipe_to_sendpage, or
847 ssize_t
__splice_from_pipe(struct pipe_inode_info
*pipe
, struct splice_desc
*sd
,
852 splice_from_pipe_begin(sd
);
855 ret
= splice_from_pipe_next(pipe
, sd
);
857 ret
= splice_from_pipe_feed(pipe
, sd
, actor
);
859 splice_from_pipe_end(pipe
, sd
);
861 return sd
->num_spliced
? sd
->num_spliced
: ret
;
863 EXPORT_SYMBOL(__splice_from_pipe
);
866 * splice_from_pipe - splice data from a pipe to a file
867 * @pipe: pipe to splice from
868 * @out: file to splice to
869 * @ppos: position in @out
870 * @len: how many bytes to splice
871 * @flags: splice modifier flags
872 * @actor: handler that splices the data
875 * See __splice_from_pipe. This function locks the pipe inode,
876 * otherwise it's identical to __splice_from_pipe().
879 ssize_t
splice_from_pipe(struct pipe_inode_info
*pipe
, struct file
*out
,
880 loff_t
*ppos
, size_t len
, unsigned int flags
,
884 struct splice_desc sd
= {
892 ret
= __splice_from_pipe(pipe
, &sd
, actor
);
899 * iter_file_splice_write - splice data from a pipe to a file
901 * @out: file to write to
902 * @ppos: position in @out
903 * @len: number of bytes to splice
904 * @flags: splice modifier flags
907 * Will either move or copy pages (determined by @flags options) from
908 * the given pipe inode to the given file.
909 * This one is ->write_iter-based.
913 iter_file_splice_write(struct pipe_inode_info
*pipe
, struct file
*out
,
914 loff_t
*ppos
, size_t len
, unsigned int flags
)
916 struct splice_desc sd
= {
922 int nbufs
= pipe
->buffers
;
923 struct bio_vec
*array
= kcalloc(nbufs
, sizeof(struct bio_vec
),
927 if (unlikely(!array
))
932 splice_from_pipe_begin(&sd
);
933 while (sd
.total_len
) {
934 struct iov_iter from
;
938 ret
= splice_from_pipe_next(pipe
, &sd
);
942 if (unlikely(nbufs
< pipe
->buffers
)) {
944 nbufs
= pipe
->buffers
;
945 array
= kcalloc(nbufs
, sizeof(struct bio_vec
),
953 /* build the vector */
955 for (n
= 0, idx
= pipe
->curbuf
; left
&& n
< pipe
->nrbufs
; n
++, idx
++) {
956 struct pipe_buffer
*buf
= pipe
->bufs
+ idx
;
957 size_t this_len
= buf
->len
;
962 if (idx
== pipe
->buffers
- 1)
965 ret
= buf
->ops
->confirm(pipe
, buf
);
972 array
[n
].bv_page
= buf
->page
;
973 array
[n
].bv_len
= this_len
;
974 array
[n
].bv_offset
= buf
->offset
;
978 iov_iter_bvec(&from
, ITER_BVEC
| WRITE
, array
, n
,
979 sd
.total_len
- left
);
980 ret
= vfs_iter_write(out
, &from
, &sd
.pos
);
984 sd
.num_spliced
+= ret
;
988 /* dismiss the fully eaten buffers, adjust the partial one */
990 struct pipe_buffer
*buf
= pipe
->bufs
+ pipe
->curbuf
;
991 if (ret
>= buf
->len
) {
992 const struct pipe_buf_operations
*ops
= buf
->ops
;
996 ops
->release(pipe
, buf
);
997 pipe
->curbuf
= (pipe
->curbuf
+ 1) & (pipe
->buffers
- 1);
1000 sd
.need_wakeup
= true;
1010 splice_from_pipe_end(pipe
, &sd
);
1015 ret
= sd
.num_spliced
;
1020 EXPORT_SYMBOL(iter_file_splice_write
);
1022 static int write_pipe_buf(struct pipe_inode_info
*pipe
, struct pipe_buffer
*buf
,
1023 struct splice_desc
*sd
)
1027 loff_t tmp
= sd
->pos
;
1029 data
= kmap(buf
->page
);
1030 ret
= __kernel_write(sd
->u
.file
, data
+ buf
->offset
, sd
->len
, &tmp
);
1036 static ssize_t
default_file_splice_write(struct pipe_inode_info
*pipe
,
1037 struct file
*out
, loff_t
*ppos
,
1038 size_t len
, unsigned int flags
)
1042 ret
= splice_from_pipe(pipe
, out
, ppos
, len
, flags
, write_pipe_buf
);
1050 * generic_splice_sendpage - splice data from a pipe to a socket
1051 * @pipe: pipe to splice from
1052 * @out: socket to write to
1053 * @ppos: position in @out
1054 * @len: number of bytes to splice
1055 * @flags: splice modifier flags
1058 * Will send @len bytes from the pipe to a network socket. No data copying
1062 ssize_t
generic_splice_sendpage(struct pipe_inode_info
*pipe
, struct file
*out
,
1063 loff_t
*ppos
, size_t len
, unsigned int flags
)
1065 return splice_from_pipe(pipe
, out
, ppos
, len
, flags
, pipe_to_sendpage
);
1068 EXPORT_SYMBOL(generic_splice_sendpage
);
1071 * Attempt to initiate a splice from pipe to file.
1073 static long do_splice_from(struct pipe_inode_info
*pipe
, struct file
*out
,
1074 loff_t
*ppos
, size_t len
, unsigned int flags
)
1076 ssize_t (*splice_write
)(struct pipe_inode_info
*, struct file
*,
1077 loff_t
*, size_t, unsigned int);
1079 if (out
->f_op
->splice_write
)
1080 splice_write
= out
->f_op
->splice_write
;
1082 splice_write
= default_file_splice_write
;
1084 return splice_write(pipe
, out
, ppos
, len
, flags
);
1088 * Attempt to initiate a splice from a file to a pipe.
1090 static long do_splice_to(struct file
*in
, loff_t
*ppos
,
1091 struct pipe_inode_info
*pipe
, size_t len
,
1094 ssize_t (*splice_read
)(struct file
*, loff_t
*,
1095 struct pipe_inode_info
*, size_t, unsigned int);
1098 if (unlikely(!(in
->f_mode
& FMODE_READ
)))
1101 ret
= rw_verify_area(READ
, in
, ppos
, len
);
1102 if (unlikely(ret
< 0))
1105 if (unlikely(len
> MAX_RW_COUNT
))
1108 if (in
->f_op
->splice_read
)
1109 splice_read
= in
->f_op
->splice_read
;
1111 splice_read
= default_file_splice_read
;
1113 return splice_read(in
, ppos
, pipe
, len
, flags
);
1117 * splice_direct_to_actor - splices data directly between two non-pipes
1118 * @in: file to splice from
1119 * @sd: actor information on where to splice to
1120 * @actor: handles the data splicing
1123 * This is a special case helper to splice directly between two
1124 * points, without requiring an explicit pipe. Internally an allocated
1125 * pipe is cached in the process, and reused during the lifetime of
1129 ssize_t
splice_direct_to_actor(struct file
*in
, struct splice_desc
*sd
,
1130 splice_direct_actor
*actor
)
1132 struct pipe_inode_info
*pipe
;
1139 * We require the input being a regular file, as we don't want to
1140 * randomly drop data for eg socket -> socket splicing. Use the
1141 * piped splicing for that!
1143 i_mode
= file_inode(in
)->i_mode
;
1144 if (unlikely(!S_ISREG(i_mode
) && !S_ISBLK(i_mode
)))
1148 * neither in nor out is a pipe, setup an internal pipe attached to
1149 * 'out' and transfer the wanted data from 'in' to 'out' through that
1151 pipe
= current
->splice_pipe
;
1152 if (unlikely(!pipe
)) {
1153 pipe
= alloc_pipe_info();
1158 * We don't have an immediate reader, but we'll read the stuff
1159 * out of the pipe right after the splice_to_pipe(). So set
1160 * PIPE_READERS appropriately.
1164 current
->splice_pipe
= pipe
;
1172 len
= sd
->total_len
;
1176 * Don't block on output, we have to drain the direct pipe.
1178 sd
->flags
&= ~SPLICE_F_NONBLOCK
;
1179 more
= sd
->flags
& SPLICE_F_MORE
;
1183 loff_t pos
= sd
->pos
, prev_pos
= pos
;
1185 ret
= do_splice_to(in
, &pos
, pipe
, len
, flags
);
1186 if (unlikely(ret
<= 0))
1190 sd
->total_len
= read_len
;
1193 * If more data is pending, set SPLICE_F_MORE
1194 * If this is the last data and SPLICE_F_MORE was not set
1195 * initially, clears it.
1198 sd
->flags
|= SPLICE_F_MORE
;
1200 sd
->flags
&= ~SPLICE_F_MORE
;
1202 * NOTE: nonblocking mode only applies to the input. We
1203 * must not do the output in nonblocking mode as then we
1204 * could get stuck data in the internal pipe:
1206 ret
= actor(pipe
, sd
);
1207 if (unlikely(ret
<= 0)) {
1216 if (ret
< read_len
) {
1217 sd
->pos
= prev_pos
+ ret
;
1223 pipe
->nrbufs
= pipe
->curbuf
= 0;
1229 * If we did an incomplete transfer we must release
1230 * the pipe buffers in question:
1232 for (i
= 0; i
< pipe
->buffers
; i
++) {
1233 struct pipe_buffer
*buf
= pipe
->bufs
+ i
;
1236 buf
->ops
->release(pipe
, buf
);
1246 EXPORT_SYMBOL(splice_direct_to_actor
);
1248 static int direct_splice_actor(struct pipe_inode_info
*pipe
,
1249 struct splice_desc
*sd
)
1251 struct file
*file
= sd
->u
.file
;
1253 return do_splice_from(pipe
, file
, sd
->opos
, sd
->total_len
,
1258 * do_splice_direct - splices data directly between two files
1259 * @in: file to splice from
1260 * @ppos: input file offset
1261 * @out: file to splice to
1262 * @opos: output file offset
1263 * @len: number of bytes to splice
1264 * @flags: splice modifier flags
1267 * For use by do_sendfile(). splice can easily emulate sendfile, but
1268 * doing it in the application would incur an extra system call
1269 * (splice in + splice out, as compared to just sendfile()). So this helper
1270 * can splice directly through a process-private pipe.
1273 long do_splice_direct(struct file
*in
, loff_t
*ppos
, struct file
*out
,
1274 loff_t
*opos
, size_t len
, unsigned int flags
)
1276 struct splice_desc sd
= {
1286 if (unlikely(!(out
->f_mode
& FMODE_WRITE
)))
1289 if (unlikely(out
->f_flags
& O_APPEND
))
1292 ret
= rw_verify_area(WRITE
, out
, opos
, len
);
1293 if (unlikely(ret
< 0))
1296 ret
= splice_direct_to_actor(in
, &sd
, direct_splice_actor
);
1302 EXPORT_SYMBOL(do_splice_direct
);
1304 static int wait_for_space(struct pipe_inode_info
*pipe
, unsigned flags
)
1306 while (pipe
->nrbufs
== pipe
->buffers
) {
1307 if (flags
& SPLICE_F_NONBLOCK
)
1309 if (signal_pending(current
))
1310 return -ERESTARTSYS
;
1311 pipe
->waiting_writers
++;
1313 pipe
->waiting_writers
--;
1318 static int splice_pipe_to_pipe(struct pipe_inode_info
*ipipe
,
1319 struct pipe_inode_info
*opipe
,
1320 size_t len
, unsigned int flags
);
1323 * Determine where to splice to/from.
1325 static long do_splice(struct file
*in
, loff_t __user
*off_in
,
1326 struct file
*out
, loff_t __user
*off_out
,
1327 size_t len
, unsigned int flags
)
1329 struct pipe_inode_info
*ipipe
;
1330 struct pipe_inode_info
*opipe
;
1334 ipipe
= get_pipe_info(in
);
1335 opipe
= get_pipe_info(out
);
1337 if (ipipe
&& opipe
) {
1338 if (off_in
|| off_out
)
1341 if (!(in
->f_mode
& FMODE_READ
))
1344 if (!(out
->f_mode
& FMODE_WRITE
))
1347 /* Splicing to self would be fun, but... */
1351 return splice_pipe_to_pipe(ipipe
, opipe
, len
, flags
);
1358 if (!(out
->f_mode
& FMODE_PWRITE
))
1360 if (copy_from_user(&offset
, off_out
, sizeof(loff_t
)))
1363 offset
= out
->f_pos
;
1366 if (unlikely(!(out
->f_mode
& FMODE_WRITE
)))
1369 if (unlikely(out
->f_flags
& O_APPEND
))
1372 ret
= rw_verify_area(WRITE
, out
, &offset
, len
);
1373 if (unlikely(ret
< 0))
1376 file_start_write(out
);
1377 ret
= do_splice_from(ipipe
, out
, &offset
, len
, flags
);
1378 file_end_write(out
);
1381 out
->f_pos
= offset
;
1382 else if (copy_to_user(off_out
, &offset
, sizeof(loff_t
)))
1392 if (!(in
->f_mode
& FMODE_PREAD
))
1394 if (copy_from_user(&offset
, off_in
, sizeof(loff_t
)))
1401 ret
= wait_for_space(opipe
, flags
);
1403 ret
= do_splice_to(in
, &offset
, opipe
, len
, flags
);
1406 wakeup_pipe_readers(opipe
);
1409 else if (copy_to_user(off_in
, &offset
, sizeof(loff_t
)))
1418 static int get_iovec_page_array(struct iov_iter
*from
,
1419 struct page
**pages
,
1420 struct partial_page
*partial
,
1421 unsigned int pipe_buffers
)
1424 while (iov_iter_count(from
)) {
1428 copied
= iov_iter_get_pages(from
, pages
+ buffers
, ~0UL,
1429 pipe_buffers
- buffers
, &start
);
1431 return buffers
? buffers
: copied
;
1433 iov_iter_advance(from
, copied
);
1435 int size
= min_t(int, copied
, PAGE_SIZE
- start
);
1436 partial
[buffers
].offset
= start
;
1437 partial
[buffers
].len
= size
;
1446 static int pipe_to_user(struct pipe_inode_info
*pipe
, struct pipe_buffer
*buf
,
1447 struct splice_desc
*sd
)
1449 int n
= copy_page_to_iter(buf
->page
, buf
->offset
, sd
->len
, sd
->u
.data
);
1450 return n
== sd
->len
? n
: -EFAULT
;
1454 * For lack of a better implementation, implement vmsplice() to userspace
1455 * as a simple copy of the pipes pages to the user iov.
1457 static long vmsplice_to_user(struct file
*file
, const struct iovec __user
*uiov
,
1458 unsigned long nr_segs
, unsigned int flags
)
1460 struct pipe_inode_info
*pipe
;
1461 struct splice_desc sd
;
1463 struct iovec iovstack
[UIO_FASTIOV
];
1464 struct iovec
*iov
= iovstack
;
1465 struct iov_iter iter
;
1467 pipe
= get_pipe_info(file
);
1471 ret
= import_iovec(READ
, uiov
, nr_segs
,
1472 ARRAY_SIZE(iovstack
), &iov
, &iter
);
1476 sd
.total_len
= iov_iter_count(&iter
);
1484 ret
= __splice_from_pipe(pipe
, &sd
, pipe_to_user
);
1493 * vmsplice splices a user address range into a pipe. It can be thought of
1494 * as splice-from-memory, where the regular splice is splice-from-file (or
1495 * to file). In both cases the output is a pipe, naturally.
1497 static long vmsplice_to_pipe(struct file
*file
, const struct iovec __user
*uiov
,
1498 unsigned long nr_segs
, unsigned int flags
)
1500 struct pipe_inode_info
*pipe
;
1501 struct iovec iovstack
[UIO_FASTIOV
];
1502 struct iovec
*iov
= iovstack
;
1503 struct iov_iter from
;
1504 struct page
*pages
[PIPE_DEF_BUFFERS
];
1505 struct partial_page partial
[PIPE_DEF_BUFFERS
];
1506 struct splice_pipe_desc spd
= {
1509 .nr_pages_max
= PIPE_DEF_BUFFERS
,
1511 .ops
= &user_page_pipe_buf_ops
,
1512 .spd_release
= spd_release_page
,
1516 pipe
= get_pipe_info(file
);
1520 ret
= import_iovec(WRITE
, uiov
, nr_segs
,
1521 ARRAY_SIZE(iovstack
), &iov
, &from
);
1525 if (splice_grow_spd(pipe
, &spd
)) {
1531 ret
= wait_for_space(pipe
, flags
);
1533 spd
.nr_pages
= get_iovec_page_array(&from
, spd
.pages
,
1536 if (spd
.nr_pages
<= 0)
1539 ret
= splice_to_pipe(pipe
, &spd
);
1543 wakeup_pipe_readers(pipe
);
1544 splice_shrink_spd(&spd
);
1550 * Note that vmsplice only really supports true splicing _from_ user memory
1551 * to a pipe, not the other way around. Splicing from user memory is a simple
1552 * operation that can be supported without any funky alignment restrictions
1553 * or nasty vm tricks. We simply map in the user memory and fill them into
1554 * a pipe. The reverse isn't quite as easy, though. There are two possible
1555 * solutions for that:
1557 * - memcpy() the data internally, at which point we might as well just
1558 * do a regular read() on the buffer anyway.
1559 * - Lots of nasty vm tricks, that are neither fast nor flexible (it
1560 * has restriction limitations on both ends of the pipe).
1562 * Currently we punt and implement it as a normal copy, see pipe_to_user().
1565 SYSCALL_DEFINE4(vmsplice
, int, fd
, const struct iovec __user
*, iov
,
1566 unsigned long, nr_segs
, unsigned int, flags
)
1571 if (unlikely(nr_segs
> UIO_MAXIOV
))
1573 else if (unlikely(!nr_segs
))
1579 if (f
.file
->f_mode
& FMODE_WRITE
)
1580 error
= vmsplice_to_pipe(f
.file
, iov
, nr_segs
, flags
);
1581 else if (f
.file
->f_mode
& FMODE_READ
)
1582 error
= vmsplice_to_user(f
.file
, iov
, nr_segs
, flags
);
1590 #ifdef CONFIG_COMPAT
1591 COMPAT_SYSCALL_DEFINE4(vmsplice
, int, fd
, const struct compat_iovec __user
*, iov32
,
1592 unsigned int, nr_segs
, unsigned int, flags
)
1595 struct iovec __user
*iov
;
1596 if (nr_segs
> UIO_MAXIOV
)
1598 iov
= compat_alloc_user_space(nr_segs
* sizeof(struct iovec
));
1599 for (i
= 0; i
< nr_segs
; i
++) {
1600 struct compat_iovec v
;
1601 if (get_user(v
.iov_base
, &iov32
[i
].iov_base
) ||
1602 get_user(v
.iov_len
, &iov32
[i
].iov_len
) ||
1603 put_user(compat_ptr(v
.iov_base
), &iov
[i
].iov_base
) ||
1604 put_user(v
.iov_len
, &iov
[i
].iov_len
))
1607 return sys_vmsplice(fd
, iov
, nr_segs
, flags
);
1611 SYSCALL_DEFINE6(splice
, int, fd_in
, loff_t __user
*, off_in
,
1612 int, fd_out
, loff_t __user
*, off_out
,
1613 size_t, len
, unsigned int, flags
)
1624 if (in
.file
->f_mode
& FMODE_READ
) {
1625 out
= fdget(fd_out
);
1627 if (out
.file
->f_mode
& FMODE_WRITE
)
1628 error
= do_splice(in
.file
, off_in
,
1640 * Make sure there's data to read. Wait for input if we can, otherwise
1641 * return an appropriate error.
1643 static int ipipe_prep(struct pipe_inode_info
*pipe
, unsigned int flags
)
1648 * Check ->nrbufs without the inode lock first. This function
1649 * is speculative anyways, so missing one is ok.
1657 while (!pipe
->nrbufs
) {
1658 if (signal_pending(current
)) {
1664 if (!pipe
->waiting_writers
) {
1665 if (flags
& SPLICE_F_NONBLOCK
) {
1678 * Make sure there's writeable room. Wait for room if we can, otherwise
1679 * return an appropriate error.
1681 static int opipe_prep(struct pipe_inode_info
*pipe
, unsigned int flags
)
1686 * Check ->nrbufs without the inode lock first. This function
1687 * is speculative anyways, so missing one is ok.
1689 if (pipe
->nrbufs
< pipe
->buffers
)
1695 while (pipe
->nrbufs
>= pipe
->buffers
) {
1696 if (!pipe
->readers
) {
1697 send_sig(SIGPIPE
, current
, 0);
1701 if (flags
& SPLICE_F_NONBLOCK
) {
1705 if (signal_pending(current
)) {
1709 pipe
->waiting_writers
++;
1711 pipe
->waiting_writers
--;
1719 * Splice contents of ipipe to opipe.
1721 static int splice_pipe_to_pipe(struct pipe_inode_info
*ipipe
,
1722 struct pipe_inode_info
*opipe
,
1723 size_t len
, unsigned int flags
)
1725 struct pipe_buffer
*ibuf
, *obuf
;
1727 bool input_wakeup
= false;
1731 ret
= ipipe_prep(ipipe
, flags
);
1735 ret
= opipe_prep(opipe
, flags
);
1740 * Potential ABBA deadlock, work around it by ordering lock
1741 * grabbing by pipe info address. Otherwise two different processes
1742 * could deadlock (one doing tee from A -> B, the other from B -> A).
1744 pipe_double_lock(ipipe
, opipe
);
1747 if (!opipe
->readers
) {
1748 send_sig(SIGPIPE
, current
, 0);
1754 if (!ipipe
->nrbufs
&& !ipipe
->writers
)
1758 * Cannot make any progress, because either the input
1759 * pipe is empty or the output pipe is full.
1761 if (!ipipe
->nrbufs
|| opipe
->nrbufs
>= opipe
->buffers
) {
1762 /* Already processed some buffers, break */
1766 if (flags
& SPLICE_F_NONBLOCK
) {
1772 * We raced with another reader/writer and haven't
1773 * managed to process any buffers. A zero return
1774 * value means EOF, so retry instead.
1781 ibuf
= ipipe
->bufs
+ ipipe
->curbuf
;
1782 nbuf
= (opipe
->curbuf
+ opipe
->nrbufs
) & (opipe
->buffers
- 1);
1783 obuf
= opipe
->bufs
+ nbuf
;
1785 if (len
>= ibuf
->len
) {
1787 * Simply move the whole buffer from ipipe to opipe
1792 ipipe
->curbuf
= (ipipe
->curbuf
+ 1) & (ipipe
->buffers
- 1);
1794 input_wakeup
= true;
1797 * Get a reference to this pipe buffer,
1798 * so we can copy the contents over.
1800 ibuf
->ops
->get(ipipe
, ibuf
);
1804 * Don't inherit the gift flag, we need to
1805 * prevent multiple steals of this page.
1807 obuf
->flags
&= ~PIPE_BUF_FLAG_GIFT
;
1811 ibuf
->offset
+= obuf
->len
;
1812 ibuf
->len
-= obuf
->len
;
1822 * If we put data in the output pipe, wakeup any potential readers.
1825 wakeup_pipe_readers(opipe
);
1828 wakeup_pipe_writers(ipipe
);
1834 * Link contents of ipipe to opipe.
1836 static int link_pipe(struct pipe_inode_info
*ipipe
,
1837 struct pipe_inode_info
*opipe
,
1838 size_t len
, unsigned int flags
)
1840 struct pipe_buffer
*ibuf
, *obuf
;
1841 int ret
= 0, i
= 0, nbuf
;
1844 * Potential ABBA deadlock, work around it by ordering lock
1845 * grabbing by pipe info address. Otherwise two different processes
1846 * could deadlock (one doing tee from A -> B, the other from B -> A).
1848 pipe_double_lock(ipipe
, opipe
);
1851 if (!opipe
->readers
) {
1852 send_sig(SIGPIPE
, current
, 0);
1859 * If we have iterated all input buffers or ran out of
1860 * output room, break.
1862 if (i
>= ipipe
->nrbufs
|| opipe
->nrbufs
>= opipe
->buffers
)
1865 ibuf
= ipipe
->bufs
+ ((ipipe
->curbuf
+ i
) & (ipipe
->buffers
-1));
1866 nbuf
= (opipe
->curbuf
+ opipe
->nrbufs
) & (opipe
->buffers
- 1);
1869 * Get a reference to this pipe buffer,
1870 * so we can copy the contents over.
1872 ibuf
->ops
->get(ipipe
, ibuf
);
1874 obuf
= opipe
->bufs
+ nbuf
;
1878 * Don't inherit the gift flag, we need to
1879 * prevent multiple steals of this page.
1881 obuf
->flags
&= ~PIPE_BUF_FLAG_GIFT
;
1883 if (obuf
->len
> len
)
1893 * return EAGAIN if we have the potential of some data in the
1894 * future, otherwise just return 0
1896 if (!ret
&& ipipe
->waiting_writers
&& (flags
& SPLICE_F_NONBLOCK
))
1903 * If we put data in the output pipe, wakeup any potential readers.
1906 wakeup_pipe_readers(opipe
);
1912 * This is a tee(1) implementation that works on pipes. It doesn't copy
1913 * any data, it simply references the 'in' pages on the 'out' pipe.
1914 * The 'flags' used are the SPLICE_F_* variants, currently the only
1915 * applicable one is SPLICE_F_NONBLOCK.
1917 static long do_tee(struct file
*in
, struct file
*out
, size_t len
,
1920 struct pipe_inode_info
*ipipe
= get_pipe_info(in
);
1921 struct pipe_inode_info
*opipe
= get_pipe_info(out
);
1925 * Duplicate the contents of ipipe to opipe without actually
1928 if (ipipe
&& opipe
&& ipipe
!= opipe
) {
1930 * Keep going, unless we encounter an error. The ipipe/opipe
1931 * ordering doesn't really matter.
1933 ret
= ipipe_prep(ipipe
, flags
);
1935 ret
= opipe_prep(opipe
, flags
);
1937 ret
= link_pipe(ipipe
, opipe
, len
, flags
);
1944 SYSCALL_DEFINE4(tee
, int, fdin
, int, fdout
, size_t, len
, unsigned int, flags
)
1955 if (in
.file
->f_mode
& FMODE_READ
) {
1956 struct fd out
= fdget(fdout
);
1958 if (out
.file
->f_mode
& FMODE_WRITE
)
1959 error
= do_tee(in
.file
, out
.file
,