2 * "splice": joining two ropes together by interweaving their strands.
4 * This is the "extended pipe" functionality, where a pipe is used as
5 * an arbitrary in-memory buffer. Think of a pipe as a small kernel
6 * buffer that you can use to transfer data from one end to the other.
8 * The traditional unix read/write is extended with a "splice()" operation
9 * that transfers data buffers to or from a pipe buffer.
11 * Named by Larry McVoy, original implementation from Linus, extended by
12 * Jens to support splicing to files, network, direct splicing, etc and
13 * fixing lots of bugs.
15 * Copyright (C) 2005-2006 Jens Axboe <axboe@suse.de>
16 * Copyright (C) 2005-2006 Linus Torvalds <torvalds@osdl.org>
17 * Copyright (C) 2006 Ingo Molnar <mingo@elte.hu>
21 #include <linux/file.h>
22 #include <linux/pagemap.h>
23 #include <linux/pipe_fs_i.h>
24 #include <linux/mm_inline.h>
25 #include <linux/swap.h>
26 #include <linux/writeback.h>
27 #include <linux/buffer_head.h>
28 #include <linux/module.h>
29 #include <linux/syscalls.h>
30 #include <linux/uio.h>
38 * Passed to splice_to_pipe
40 struct splice_pipe_desc
{
41 struct page
**pages
; /* page map */
42 struct partial_page
*partial
; /* pages[] may not be contig */
43 int nr_pages
; /* number of pages in map */
44 unsigned int flags
; /* splice flags */
45 struct pipe_buf_operations
*ops
;/* ops associated with output pipe */
49 * Attempt to steal a page from a pipe buffer. This should perhaps go into
50 * a vm helper function, it's already simplified quite a bit by the
51 * addition of remove_mapping(). If success is returned, the caller may
52 * attempt to reuse this page for another destination.
54 static int page_cache_pipe_buf_steal(struct pipe_inode_info
*info
,
55 struct pipe_buffer
*buf
)
57 struct page
*page
= buf
->page
;
58 struct address_space
*mapping
= page_mapping(page
);
62 WARN_ON(!PageUptodate(page
));
65 * At least for ext2 with nobh option, we need to wait on writeback
66 * completing on this page, since we'll remove it from the pagecache.
67 * Otherwise truncate wont wait on the page, allowing the disk
68 * blocks to be reused by someone else before we actually wrote our
69 * data to them. fs corruption ensues.
71 wait_on_page_writeback(page
);
73 if (PagePrivate(page
))
74 try_to_release_page(page
, mapping_gfp_mask(mapping
));
76 if (!remove_mapping(mapping
, page
)) {
81 buf
->flags
|= PIPE_BUF_FLAG_LRU
;
85 static void page_cache_pipe_buf_release(struct pipe_inode_info
*info
,
86 struct pipe_buffer
*buf
)
88 page_cache_release(buf
->page
);
90 buf
->flags
&= ~PIPE_BUF_FLAG_LRU
;
93 static int page_cache_pipe_buf_pin(struct pipe_inode_info
*info
,
94 struct pipe_buffer
*buf
)
96 struct page
*page
= buf
->page
;
99 if (!PageUptodate(page
)) {
103 * Page got truncated/unhashed. This will cause a 0-byte
104 * splice, if this is the first page.
106 if (!page
->mapping
) {
112 * Uh oh, read-error from disk.
114 if (!PageUptodate(page
)) {
120 * Page is ok afterall, we are done.
131 static struct pipe_buf_operations page_cache_pipe_buf_ops
= {
133 .map
= generic_pipe_buf_map
,
134 .unmap
= generic_pipe_buf_unmap
,
135 .pin
= page_cache_pipe_buf_pin
,
136 .release
= page_cache_pipe_buf_release
,
137 .steal
= page_cache_pipe_buf_steal
,
138 .get
= generic_pipe_buf_get
,
141 static int user_page_pipe_buf_steal(struct pipe_inode_info
*pipe
,
142 struct pipe_buffer
*buf
)
147 static struct pipe_buf_operations user_page_pipe_buf_ops
= {
149 .map
= generic_pipe_buf_map
,
150 .unmap
= generic_pipe_buf_unmap
,
151 .pin
= generic_pipe_buf_pin
,
152 .release
= page_cache_pipe_buf_release
,
153 .steal
= user_page_pipe_buf_steal
,
154 .get
= generic_pipe_buf_get
,
158 * Pipe output worker. This sets up our pipe format with the page cache
159 * pipe buffer operations. Otherwise very similar to the regular pipe_writev().
161 static ssize_t
splice_to_pipe(struct pipe_inode_info
*pipe
,
162 struct splice_pipe_desc
*spd
)
164 int ret
, do_wakeup
, page_nr
;
171 mutex_lock(&pipe
->inode
->i_mutex
);
174 if (!pipe
->readers
) {
175 send_sig(SIGPIPE
, current
, 0);
181 if (pipe
->nrbufs
< PIPE_BUFFERS
) {
182 int newbuf
= (pipe
->curbuf
+ pipe
->nrbufs
) & (PIPE_BUFFERS
- 1);
183 struct pipe_buffer
*buf
= pipe
->bufs
+ newbuf
;
185 buf
->page
= spd
->pages
[page_nr
];
186 buf
->offset
= spd
->partial
[page_nr
].offset
;
187 buf
->len
= spd
->partial
[page_nr
].len
;
196 if (!--spd
->nr_pages
)
198 if (pipe
->nrbufs
< PIPE_BUFFERS
)
204 if (spd
->flags
& SPLICE_F_NONBLOCK
) {
210 if (signal_pending(current
)) {
218 if (waitqueue_active(&pipe
->wait
))
219 wake_up_interruptible_sync(&pipe
->wait
);
220 kill_fasync(&pipe
->fasync_readers
, SIGIO
, POLL_IN
);
224 pipe
->waiting_writers
++;
226 pipe
->waiting_writers
--;
230 mutex_unlock(&pipe
->inode
->i_mutex
);
234 if (waitqueue_active(&pipe
->wait
))
235 wake_up_interruptible(&pipe
->wait
);
236 kill_fasync(&pipe
->fasync_readers
, SIGIO
, POLL_IN
);
239 while (page_nr
< spd
->nr_pages
)
240 page_cache_release(spd
->pages
[page_nr
++]);
246 __generic_file_splice_read(struct file
*in
, loff_t
*ppos
,
247 struct pipe_inode_info
*pipe
, size_t len
,
250 struct address_space
*mapping
= in
->f_mapping
;
251 unsigned int loff
, nr_pages
;
252 struct page
*pages
[PIPE_BUFFERS
];
253 struct partial_page partial
[PIPE_BUFFERS
];
255 pgoff_t index
, end_index
;
259 struct splice_pipe_desc spd
= {
263 .ops
= &page_cache_pipe_buf_ops
,
266 index
= *ppos
>> PAGE_CACHE_SHIFT
;
267 loff
= *ppos
& ~PAGE_CACHE_MASK
;
268 nr_pages
= (len
+ loff
+ PAGE_CACHE_SIZE
- 1) >> PAGE_CACHE_SHIFT
;
270 if (nr_pages
> PIPE_BUFFERS
)
271 nr_pages
= PIPE_BUFFERS
;
274 * Initiate read-ahead on this page range. however, don't call into
275 * read-ahead if this is a non-zero offset (we are likely doing small
276 * chunk splice and the page is already there) for a single page.
278 if (!loff
|| nr_pages
> 1)
279 page_cache_readahead(mapping
, &in
->f_ra
, in
, index
, nr_pages
);
282 * Now fill in the holes:
288 * Lookup the (hopefully) full range of pages we need.
290 spd
.nr_pages
= find_get_pages_contig(mapping
, index
, nr_pages
, pages
);
293 * If find_get_pages_contig() returned fewer pages than we needed,
296 index
+= spd
.nr_pages
;
297 while (spd
.nr_pages
< nr_pages
) {
299 * Page could be there, find_get_pages_contig() breaks on
302 page
= find_get_page(mapping
, index
);
305 * Make sure the read-ahead engine is notified
306 * about this failure.
308 handle_ra_miss(mapping
, &in
->f_ra
, index
);
311 * page didn't exist, allocate one.
313 page
= page_cache_alloc_cold(mapping
);
317 error
= add_to_page_cache_lru(page
, mapping
, index
,
318 mapping_gfp_mask(mapping
));
319 if (unlikely(error
)) {
320 page_cache_release(page
);
324 * add_to_page_cache() locks the page, unlock it
325 * to avoid convoluting the logic below even more.
330 pages
[spd
.nr_pages
++] = page
;
335 * Now loop over the map and see if we need to start IO on any
336 * pages, fill in the partial map, etc.
338 index
= *ppos
>> PAGE_CACHE_SHIFT
;
339 nr_pages
= spd
.nr_pages
;
341 for (page_nr
= 0; page_nr
< nr_pages
; page_nr
++) {
342 unsigned int this_len
;
348 * this_len is the max we'll use from this page
350 this_len
= min_t(unsigned long, len
, PAGE_CACHE_SIZE
- loff
);
351 page
= pages
[page_nr
];
354 * If the page isn't uptodate, we may need to start io on it
356 if (!PageUptodate(page
)) {
358 * If in nonblock mode then dont block on waiting
359 * for an in-flight io page
361 if (flags
& SPLICE_F_NONBLOCK
)
367 * page was truncated, stop here. if this isn't the
368 * first page, we'll just complete what we already
371 if (!page
->mapping
) {
376 * page was already under io and is now done, great
378 if (PageUptodate(page
)) {
384 * need to read in the page
386 error
= mapping
->a_ops
->readpage(in
, page
);
387 if (unlikely(error
)) {
389 * We really should re-lookup the page here,
390 * but it complicates things a lot. Instead
391 * lets just do what we already stored, and
392 * we'll get it the next time we are called.
394 if (error
== AOP_TRUNCATED_PAGE
)
401 * i_size must be checked after ->readpage().
403 isize
= i_size_read(mapping
->host
);
404 end_index
= (isize
- 1) >> PAGE_CACHE_SHIFT
;
405 if (unlikely(!isize
|| index
> end_index
))
409 * if this is the last page, see if we need to shrink
410 * the length and stop
412 if (end_index
== index
) {
413 loff
= PAGE_CACHE_SIZE
- (isize
& ~PAGE_CACHE_MASK
);
414 if (total_len
+ loff
> isize
)
417 * force quit after adding this page
420 this_len
= min(this_len
, loff
);
425 partial
[page_nr
].offset
= loff
;
426 partial
[page_nr
].len
= this_len
;
428 total_len
+= this_len
;
435 * Release any pages at the end, if we quit early. 'i' is how far
436 * we got, 'nr_pages' is how many pages are in the map.
438 while (page_nr
< nr_pages
)
439 page_cache_release(pages
[page_nr
++]);
442 return splice_to_pipe(pipe
, &spd
);
448 * generic_file_splice_read - splice data from file to a pipe
449 * @in: file to splice from
450 * @pipe: pipe to splice to
451 * @len: number of bytes to splice
452 * @flags: splice modifier flags
454 * Will read pages from given file and fill them into a pipe.
456 ssize_t
generic_file_splice_read(struct file
*in
, loff_t
*ppos
,
457 struct pipe_inode_info
*pipe
, size_t len
,
467 ret
= __generic_file_splice_read(in
, ppos
, pipe
, len
, flags
);
474 if (flags
& SPLICE_F_NONBLOCK
) {
491 EXPORT_SYMBOL(generic_file_splice_read
);
494 * Send 'sd->len' bytes to socket from 'sd->file' at position 'sd->pos'
495 * using sendpage(). Return the number of bytes sent.
497 static int pipe_to_sendpage(struct pipe_inode_info
*info
,
498 struct pipe_buffer
*buf
, struct splice_desc
*sd
)
500 struct file
*file
= sd
->file
;
501 loff_t pos
= sd
->pos
;
504 ret
= buf
->ops
->pin(info
, buf
);
506 more
= (sd
->flags
& SPLICE_F_MORE
) || sd
->len
< sd
->total_len
;
508 ret
= file
->f_op
->sendpage(file
, buf
->page
, buf
->offset
,
509 sd
->len
, &pos
, more
);
516 * This is a little more tricky than the file -> pipe splicing. There are
517 * basically three cases:
519 * - Destination page already exists in the address space and there
520 * are users of it. For that case we have no other option that
521 * copying the data. Tough luck.
522 * - Destination page already exists in the address space, but there
523 * are no users of it. Make sure it's uptodate, then drop it. Fall
524 * through to last case.
525 * - Destination page does not exist, we can add the pipe page to
526 * the page cache and avoid the copy.
528 * If asked to move pages to the output file (SPLICE_F_MOVE is set in
529 * sd->flags), we attempt to migrate pages from the pipe to the output
530 * file address space page cache. This is possible if no one else has
531 * the pipe page referenced outside of the pipe and page cache. If
532 * SPLICE_F_MOVE isn't set, or we cannot move the page, we simply create
533 * a new page in the output file page cache and fill/dirty that.
535 static int pipe_to_file(struct pipe_inode_info
*info
, struct pipe_buffer
*buf
,
536 struct splice_desc
*sd
)
538 struct file
*file
= sd
->file
;
539 struct address_space
*mapping
= file
->f_mapping
;
540 gfp_t gfp_mask
= mapping_gfp_mask(mapping
);
541 unsigned int offset
, this_len
;
547 * make sure the data in this buffer is uptodate
549 ret
= buf
->ops
->pin(info
, buf
);
553 index
= sd
->pos
>> PAGE_CACHE_SHIFT
;
554 offset
= sd
->pos
& ~PAGE_CACHE_MASK
;
557 if (this_len
+ offset
> PAGE_CACHE_SIZE
)
558 this_len
= PAGE_CACHE_SIZE
- offset
;
561 * Reuse buf page, if SPLICE_F_MOVE is set and we are doing a full
564 if ((sd
->flags
& SPLICE_F_MOVE
) && this_len
== PAGE_CACHE_SIZE
) {
566 * If steal succeeds, buf->page is now pruned from the vm
567 * side (LRU and page cache) and we can reuse it. The page
568 * will also be looked on successful return.
570 if (buf
->ops
->steal(info
, buf
))
574 if (add_to_page_cache(page
, mapping
, index
, gfp_mask
)) {
579 page_cache_get(page
);
581 if (!(buf
->flags
& PIPE_BUF_FLAG_LRU
))
585 page
= find_lock_page(mapping
, index
);
588 page
= page_cache_alloc_cold(mapping
);
593 * This will also lock the page
595 ret
= add_to_page_cache_lru(page
, mapping
, index
,
602 * We get here with the page locked. If the page is also
603 * uptodate, we don't need to do more. If it isn't, we
604 * may need to bring it in if we are not going to overwrite
607 if (!PageUptodate(page
)) {
608 if (this_len
< PAGE_CACHE_SIZE
) {
609 ret
= mapping
->a_ops
->readpage(file
, page
);
615 if (!PageUptodate(page
)) {
617 * Page got invalidated, repeat.
619 if (!page
->mapping
) {
621 page_cache_release(page
);
628 SetPageUptodate(page
);
632 ret
= mapping
->a_ops
->prepare_write(file
, page
, offset
, offset
+this_len
);
633 if (ret
== AOP_TRUNCATED_PAGE
) {
634 page_cache_release(page
);
639 if (buf
->page
!= page
) {
641 * Careful, ->map() uses KM_USER0!
643 char *src
= buf
->ops
->map(info
, buf
, 1);
644 char *dst
= kmap_atomic(page
, KM_USER1
);
646 memcpy(dst
+ offset
, src
+ buf
->offset
, this_len
);
647 flush_dcache_page(page
);
648 kunmap_atomic(dst
, KM_USER1
);
649 buf
->ops
->unmap(info
, buf
, src
);
652 ret
= mapping
->a_ops
->commit_write(file
, page
, offset
, offset
+this_len
);
655 * Return the number of bytes written and mark page as
656 * accessed, we are now done!
659 mark_page_accessed(page
);
660 balance_dirty_pages_ratelimited(mapping
);
661 } else if (ret
== AOP_TRUNCATED_PAGE
) {
662 page_cache_release(page
);
666 page_cache_release(page
);
673 * Pipe input worker. Most of this logic works like a regular pipe, the
674 * key here is the 'actor' worker passed in that actually moves the data
675 * to the wanted destination. See pipe_to_file/pipe_to_sendpage above.
677 ssize_t
splice_from_pipe(struct pipe_inode_info
*pipe
, struct file
*out
,
678 loff_t
*ppos
, size_t len
, unsigned int flags
,
681 int ret
, do_wakeup
, err
;
682 struct splice_desc sd
;
693 mutex_lock(&pipe
->inode
->i_mutex
);
697 struct pipe_buffer
*buf
= pipe
->bufs
+ pipe
->curbuf
;
698 struct pipe_buf_operations
*ops
= buf
->ops
;
701 if (sd
.len
> sd
.total_len
)
702 sd
.len
= sd
.total_len
;
704 err
= actor(pipe
, buf
, &sd
);
706 if (!ret
&& err
!= -ENODATA
)
724 ops
->release(pipe
, buf
);
725 pipe
->curbuf
= (pipe
->curbuf
+ 1) & (PIPE_BUFFERS
- 1);
739 if (!pipe
->waiting_writers
) {
744 if (flags
& SPLICE_F_NONBLOCK
) {
750 if (signal_pending(current
)) {
758 if (waitqueue_active(&pipe
->wait
))
759 wake_up_interruptible_sync(&pipe
->wait
);
760 kill_fasync(&pipe
->fasync_writers
, SIGIO
, POLL_OUT
);
768 mutex_unlock(&pipe
->inode
->i_mutex
);
772 if (waitqueue_active(&pipe
->wait
))
773 wake_up_interruptible(&pipe
->wait
);
774 kill_fasync(&pipe
->fasync_writers
, SIGIO
, POLL_OUT
);
781 * generic_file_splice_write - splice data from a pipe to a file
783 * @out: file to write to
784 * @len: number of bytes to splice
785 * @flags: splice modifier flags
787 * Will either move or copy pages (determined by @flags options) from
788 * the given pipe inode to the given file.
792 generic_file_splice_write(struct pipe_inode_info
*pipe
, struct file
*out
,
793 loff_t
*ppos
, size_t len
, unsigned int flags
)
795 struct address_space
*mapping
= out
->f_mapping
;
798 ret
= splice_from_pipe(pipe
, out
, ppos
, len
, flags
, pipe_to_file
);
800 struct inode
*inode
= mapping
->host
;
805 * If file or inode is SYNC and we actually wrote some data,
808 if (unlikely((out
->f_flags
& O_SYNC
) || IS_SYNC(inode
))) {
811 mutex_lock(&inode
->i_mutex
);
812 err
= generic_osync_inode(inode
, mapping
,
813 OSYNC_METADATA
|OSYNC_DATA
);
814 mutex_unlock(&inode
->i_mutex
);
824 EXPORT_SYMBOL(generic_file_splice_write
);
827 * generic_splice_sendpage - splice data from a pipe to a socket
829 * @out: socket to write to
830 * @len: number of bytes to splice
831 * @flags: splice modifier flags
833 * Will send @len bytes from the pipe to a network socket. No data copying
837 ssize_t
generic_splice_sendpage(struct pipe_inode_info
*pipe
, struct file
*out
,
838 loff_t
*ppos
, size_t len
, unsigned int flags
)
840 return splice_from_pipe(pipe
, out
, ppos
, len
, flags
, pipe_to_sendpage
);
843 EXPORT_SYMBOL(generic_splice_sendpage
);
846 * Attempt to initiate a splice from pipe to file.
848 static long do_splice_from(struct pipe_inode_info
*pipe
, struct file
*out
,
849 loff_t
*ppos
, size_t len
, unsigned int flags
)
853 if (unlikely(!out
->f_op
|| !out
->f_op
->splice_write
))
856 if (unlikely(!(out
->f_mode
& FMODE_WRITE
)))
859 ret
= rw_verify_area(WRITE
, out
, ppos
, len
);
860 if (unlikely(ret
< 0))
863 return out
->f_op
->splice_write(pipe
, out
, ppos
, len
, flags
);
867 * Attempt to initiate a splice from a file to a pipe.
869 static long do_splice_to(struct file
*in
, loff_t
*ppos
,
870 struct pipe_inode_info
*pipe
, size_t len
,
876 if (unlikely(!in
->f_op
|| !in
->f_op
->splice_read
))
879 if (unlikely(!(in
->f_mode
& FMODE_READ
)))
882 ret
= rw_verify_area(READ
, in
, ppos
, len
);
883 if (unlikely(ret
< 0))
886 isize
= i_size_read(in
->f_mapping
->host
);
887 if (unlikely(*ppos
>= isize
))
890 left
= isize
- *ppos
;
891 if (unlikely(left
< len
))
894 return in
->f_op
->splice_read(in
, ppos
, pipe
, len
, flags
);
897 long do_splice_direct(struct file
*in
, loff_t
*ppos
, struct file
*out
,
898 size_t len
, unsigned int flags
)
900 struct pipe_inode_info
*pipe
;
907 * We require the input being a regular file, as we don't want to
908 * randomly drop data for eg socket -> socket splicing. Use the
909 * piped splicing for that!
911 i_mode
= in
->f_dentry
->d_inode
->i_mode
;
912 if (unlikely(!S_ISREG(i_mode
) && !S_ISBLK(i_mode
)))
916 * neither in nor out is a pipe, setup an internal pipe attached to
917 * 'out' and transfer the wanted data from 'in' to 'out' through that
919 pipe
= current
->splice_pipe
;
920 if (unlikely(!pipe
)) {
921 pipe
= alloc_pipe_info(NULL
);
926 * We don't have an immediate reader, but we'll read the stuff
927 * out of the pipe right after the splice_to_pipe(). So set
928 * PIPE_READERS appropriately.
932 current
->splice_pipe
= pipe
;
943 size_t read_len
, max_read_len
;
946 * Do at most PIPE_BUFFERS pages worth of transfer:
948 max_read_len
= min(len
, (size_t)(PIPE_BUFFERS
*PAGE_SIZE
));
950 ret
= do_splice_to(in
, ppos
, pipe
, max_read_len
, flags
);
951 if (unlikely(ret
< 0))
957 * NOTE: nonblocking mode only applies to the input. We
958 * must not do the output in nonblocking mode as then we
959 * could get stuck data in the internal pipe:
961 ret
= do_splice_from(pipe
, out
, &out_off
, read_len
,
962 flags
& ~SPLICE_F_NONBLOCK
);
963 if (unlikely(ret
< 0))
970 * In nonblocking mode, if we got back a short read then
971 * that was due to either an IO error or due to the
972 * pagecache entry not being there. In the IO error case
973 * the _next_ splice attempt will produce a clean IO error
974 * return value (not a short read), so in both cases it's
975 * correct to break out of the loop here:
977 if ((flags
& SPLICE_F_NONBLOCK
) && (read_len
< max_read_len
))
981 pipe
->nrbufs
= pipe
->curbuf
= 0;
987 * If we did an incomplete transfer we must release
988 * the pipe buffers in question:
990 for (i
= 0; i
< PIPE_BUFFERS
; i
++) {
991 struct pipe_buffer
*buf
= pipe
->bufs
+ i
;
994 buf
->ops
->release(pipe
, buf
);
998 pipe
->nrbufs
= pipe
->curbuf
= 0;
1001 * If we transferred some data, return the number of bytes:
1009 EXPORT_SYMBOL(do_splice_direct
);
1012 * Determine where to splice to/from.
1014 static long do_splice(struct file
*in
, loff_t __user
*off_in
,
1015 struct file
*out
, loff_t __user
*off_out
,
1016 size_t len
, unsigned int flags
)
1018 struct pipe_inode_info
*pipe
;
1019 loff_t offset
, *off
;
1022 pipe
= in
->f_dentry
->d_inode
->i_pipe
;
1027 if (out
->f_op
->llseek
== no_llseek
)
1029 if (copy_from_user(&offset
, off_out
, sizeof(loff_t
)))
1035 ret
= do_splice_from(pipe
, out
, off
, len
, flags
);
1037 if (off_out
&& copy_to_user(off_out
, off
, sizeof(loff_t
)))
1043 pipe
= out
->f_dentry
->d_inode
->i_pipe
;
1048 if (in
->f_op
->llseek
== no_llseek
)
1050 if (copy_from_user(&offset
, off_in
, sizeof(loff_t
)))
1056 ret
= do_splice_to(in
, off
, pipe
, len
, flags
);
1058 if (off_in
&& copy_to_user(off_in
, off
, sizeof(loff_t
)))
1068 * Map an iov into an array of pages and offset/length tupples. With the
1069 * partial_page structure, we can map several non-contiguous ranges into
1070 * our ones pages[] map instead of splitting that operation into pieces.
1071 * Could easily be exported as a generic helper for other users, in which
1072 * case one would probably want to add a 'max_nr_pages' parameter as well.
1074 static int get_iovec_page_array(const struct iovec __user
*iov
,
1075 unsigned int nr_vecs
, struct page
**pages
,
1076 struct partial_page
*partial
)
1078 int buffers
= 0, error
= 0;
1081 * It's ok to take the mmap_sem for reading, even
1082 * across a "get_user()".
1084 down_read(¤t
->mm
->mmap_sem
);
1087 unsigned long off
, npages
;
1093 * Get user address base and length for this iovec.
1095 error
= get_user(base
, &iov
->iov_base
);
1096 if (unlikely(error
))
1098 error
= get_user(len
, &iov
->iov_len
);
1099 if (unlikely(error
))
1103 * Sanity check this iovec. 0 read succeeds.
1108 if (unlikely(!base
))
1112 * Get this base offset and number of pages, then map
1113 * in the user pages.
1115 off
= (unsigned long) base
& ~PAGE_MASK
;
1116 npages
= (off
+ len
+ PAGE_SIZE
- 1) >> PAGE_SHIFT
;
1117 if (npages
> PIPE_BUFFERS
- buffers
)
1118 npages
= PIPE_BUFFERS
- buffers
;
1120 error
= get_user_pages(current
, current
->mm
,
1121 (unsigned long) base
, npages
, 0, 0,
1122 &pages
[buffers
], NULL
);
1124 if (unlikely(error
<= 0))
1128 * Fill this contiguous range into the partial page map.
1130 for (i
= 0; i
< error
; i
++) {
1131 const int plen
= min_t(size_t, len
, PAGE_SIZE
) - off
;
1133 partial
[buffers
].offset
= off
;
1134 partial
[buffers
].len
= plen
;
1142 * We didn't complete this iov, stop here since it probably
1143 * means we have to move some of this into a pipe to
1144 * be able to continue.
1150 * Don't continue if we mapped fewer pages than we asked for,
1151 * or if we mapped the max number of pages that we have
1154 if (error
< npages
|| buffers
== PIPE_BUFFERS
)
1161 up_read(¤t
->mm
->mmap_sem
);
1170 * vmsplice splices a user address range into a pipe. It can be thought of
1171 * as splice-from-memory, where the regular splice is splice-from-file (or
1172 * to file). In both cases the output is a pipe, naturally.
1174 * Note that vmsplice only supports splicing _from_ user memory to a pipe,
1175 * not the other way around. Splicing from user memory is a simple operation
1176 * that can be supported without any funky alignment restrictions or nasty
1177 * vm tricks. We simply map in the user memory and fill them into a pipe.
1178 * The reverse isn't quite as easy, though. There are two possible solutions
1181 * - memcpy() the data internally, at which point we might as well just
1182 * do a regular read() on the buffer anyway.
1183 * - Lots of nasty vm tricks, that are neither fast nor flexible (it
1184 * has restriction limitations on both ends of the pipe).
1186 * Alas, it isn't here.
1189 static long do_vmsplice(struct file
*file
, const struct iovec __user
*iov
,
1190 unsigned long nr_segs
, unsigned int flags
)
1192 struct pipe_inode_info
*pipe
= file
->f_dentry
->d_inode
->i_pipe
;
1193 struct page
*pages
[PIPE_BUFFERS
];
1194 struct partial_page partial
[PIPE_BUFFERS
];
1195 struct splice_pipe_desc spd
= {
1199 .ops
= &user_page_pipe_buf_ops
,
1202 if (unlikely(!pipe
))
1204 if (unlikely(nr_segs
> UIO_MAXIOV
))
1206 else if (unlikely(!nr_segs
))
1209 spd
.nr_pages
= get_iovec_page_array(iov
, nr_segs
, pages
, partial
);
1210 if (spd
.nr_pages
<= 0)
1211 return spd
.nr_pages
;
1213 return splice_to_pipe(pipe
, &spd
);
1216 asmlinkage
long sys_vmsplice(int fd
, const struct iovec __user
*iov
,
1217 unsigned long nr_segs
, unsigned int flags
)
1224 file
= fget_light(fd
, &fput
);
1226 if (file
->f_mode
& FMODE_WRITE
)
1227 error
= do_vmsplice(file
, iov
, nr_segs
, flags
);
1229 fput_light(file
, fput
);
1235 asmlinkage
long sys_splice(int fd_in
, loff_t __user
*off_in
,
1236 int fd_out
, loff_t __user
*off_out
,
1237 size_t len
, unsigned int flags
)
1240 struct file
*in
, *out
;
1241 int fput_in
, fput_out
;
1247 in
= fget_light(fd_in
, &fput_in
);
1249 if (in
->f_mode
& FMODE_READ
) {
1250 out
= fget_light(fd_out
, &fput_out
);
1252 if (out
->f_mode
& FMODE_WRITE
)
1253 error
= do_splice(in
, off_in
,
1256 fput_light(out
, fput_out
);
1260 fput_light(in
, fput_in
);
1267 * Link contents of ipipe to opipe.
1269 static int link_pipe(struct pipe_inode_info
*ipipe
,
1270 struct pipe_inode_info
*opipe
,
1271 size_t len
, unsigned int flags
)
1273 struct pipe_buffer
*ibuf
, *obuf
;
1274 int ret
, do_wakeup
, i
, ipipe_first
;
1276 ret
= do_wakeup
= ipipe_first
= 0;
1279 * Potential ABBA deadlock, work around it by ordering lock
1280 * grabbing by inode address. Otherwise two different processes
1281 * could deadlock (one doing tee from A -> B, the other from B -> A).
1283 if (ipipe
->inode
< opipe
->inode
) {
1285 mutex_lock(&ipipe
->inode
->i_mutex
);
1286 mutex_lock(&opipe
->inode
->i_mutex
);
1288 mutex_lock(&opipe
->inode
->i_mutex
);
1289 mutex_lock(&ipipe
->inode
->i_mutex
);
1293 if (!opipe
->readers
) {
1294 send_sig(SIGPIPE
, current
, 0);
1299 if (ipipe
->nrbufs
- i
) {
1300 ibuf
= ipipe
->bufs
+ ((ipipe
->curbuf
+ i
) & (PIPE_BUFFERS
- 1));
1303 * If we have room, fill this buffer
1305 if (opipe
->nrbufs
< PIPE_BUFFERS
) {
1306 int nbuf
= (opipe
->curbuf
+ opipe
->nrbufs
) & (PIPE_BUFFERS
- 1);
1309 * Get a reference to this pipe buffer,
1310 * so we can copy the contents over.
1312 ibuf
->ops
->get(ipipe
, ibuf
);
1314 obuf
= opipe
->bufs
+ nbuf
;
1317 if (obuf
->len
> len
)
1327 if (opipe
->nrbufs
< PIPE_BUFFERS
)
1332 * We have input available, but no output room.
1333 * If we already copied data, return that. If we
1334 * need to drop the opipe lock, it must be ordered
1335 * last to avoid deadlocks.
1337 if ((flags
& SPLICE_F_NONBLOCK
) || !ipipe_first
) {
1342 if (signal_pending(current
)) {
1349 if (waitqueue_active(&opipe
->wait
))
1350 wake_up_interruptible(&opipe
->wait
);
1351 kill_fasync(&opipe
->fasync_readers
, SIGIO
, POLL_IN
);
1355 opipe
->waiting_writers
++;
1357 opipe
->waiting_writers
--;
1362 * No input buffers, do the usual checks for available
1363 * writers and blocking and wait if necessary
1365 if (!ipipe
->writers
)
1367 if (!ipipe
->waiting_writers
) {
1372 * pipe_wait() drops the ipipe mutex. To avoid deadlocks
1373 * with another process, we can only safely do that if
1374 * the ipipe lock is ordered last.
1376 if ((flags
& SPLICE_F_NONBLOCK
) || ipipe_first
) {
1381 if (signal_pending(current
)) {
1387 if (waitqueue_active(&ipipe
->wait
))
1388 wake_up_interruptible_sync(&ipipe
->wait
);
1389 kill_fasync(&ipipe
->fasync_writers
, SIGIO
, POLL_OUT
);
1394 mutex_unlock(&ipipe
->inode
->i_mutex
);
1395 mutex_unlock(&opipe
->inode
->i_mutex
);
1399 if (waitqueue_active(&opipe
->wait
))
1400 wake_up_interruptible(&opipe
->wait
);
1401 kill_fasync(&opipe
->fasync_readers
, SIGIO
, POLL_IN
);
1408 * This is a tee(1) implementation that works on pipes. It doesn't copy
1409 * any data, it simply references the 'in' pages on the 'out' pipe.
1410 * The 'flags' used are the SPLICE_F_* variants, currently the only
1411 * applicable one is SPLICE_F_NONBLOCK.
1413 static long do_tee(struct file
*in
, struct file
*out
, size_t len
,
1416 struct pipe_inode_info
*ipipe
= in
->f_dentry
->d_inode
->i_pipe
;
1417 struct pipe_inode_info
*opipe
= out
->f_dentry
->d_inode
->i_pipe
;
1420 * Link ipipe to the two output pipes, consuming as we go along.
1423 return link_pipe(ipipe
, opipe
, len
, flags
);
1428 asmlinkage
long sys_tee(int fdin
, int fdout
, size_t len
, unsigned int flags
)
1437 in
= fget_light(fdin
, &fput_in
);
1439 if (in
->f_mode
& FMODE_READ
) {
1441 struct file
*out
= fget_light(fdout
, &fput_out
);
1444 if (out
->f_mode
& FMODE_WRITE
)
1445 error
= do_tee(in
, out
, len
, flags
);
1446 fput_light(out
, fput_out
);
1449 fput_light(in
, fput_in
);