1 // SPDX-License-Identifier: GPL-2.0-only
3 * "splice": joining two ropes together by interweaving their strands.
5 * This is the "extended pipe" functionality, where a pipe is used as
6 * an arbitrary in-memory buffer. Think of a pipe as a small kernel
7 * buffer that you can use to transfer data from one end to the other.
9 * The traditional unix read/write is extended with a "splice()" operation
10 * that transfers data buffers to or from a pipe buffer.
12 * Named by Larry McVoy, original implementation from Linus, extended by
13 * Jens to support splicing to files, network, direct splicing, etc and
14 * fixing lots of bugs.
16 * Copyright (C) 2005-2006 Jens Axboe <axboe@kernel.dk>
17 * Copyright (C) 2005-2006 Linus Torvalds <torvalds@osdl.org>
18 * Copyright (C) 2006 Ingo Molnar <mingo@elte.hu>
21 #include <linux/bvec.h>
23 #include <linux/file.h>
24 #include <linux/pagemap.h>
25 #include <linux/splice.h>
26 #include <linux/memcontrol.h>
27 #include <linux/mm_inline.h>
28 #include <linux/swap.h>
29 #include <linux/writeback.h>
30 #include <linux/export.h>
31 #include <linux/syscalls.h>
32 #include <linux/uio.h>
33 #include <linux/security.h>
34 #include <linux/gfp.h>
35 #include <linux/socket.h>
36 #include <linux/sched/signal.h>
41 * Attempt to steal a page from a pipe buffer. This should perhaps go into
42 * a vm helper function, it's already simplified quite a bit by the
43 * addition of remove_mapping(). If success is returned, the caller may
44 * attempt to reuse this page for another destination.
46 static bool page_cache_pipe_buf_try_steal(struct pipe_inode_info *pipe,
47 struct pipe_buffer *buf)
49 struct folio *folio = page_folio(buf->page);
50 struct address_space *mapping;
54 mapping = folio_mapping(folio);
56 WARN_ON(!folio_test_uptodate(folio));
59 * At least for ext2 with nobh option, we need to wait on
60 * writeback completing on this folio, since we'll remove it
61 * from the pagecache. Otherwise truncate wont wait on the
62 * folio, allowing the disk blocks to be reused by someone else
63 * before we actually wrote our data to them. fs corruption
66 folio_wait_writeback(folio);
68 if (!filemap_release_folio(folio, GFP_KERNEL))
72 * If we succeeded in removing the mapping, set LRU flag
75 if (remove_mapping(mapping, folio)) {
76 buf->flags |= PIPE_BUF_FLAG_LRU;
82 * Raced with truncate or failed to remove folio from current
83 * address space, unlock and return failure.
90 static void page_cache_pipe_buf_release(struct pipe_inode_info *pipe,
91 struct pipe_buffer *buf)
94 buf->flags &= ~PIPE_BUF_FLAG_LRU;
98 * Check whether the contents of buf is OK to access. Since the content
99 * is a page cache page, IO may be in flight.
101 static int page_cache_pipe_buf_confirm(struct pipe_inode_info *pipe,
102 struct pipe_buffer *buf)
104 struct page *page = buf->page;
107 if (!PageUptodate(page)) {
111 * Page got truncated/unhashed. This will cause a 0-byte
112 * splice, if this is the first page.
114 if (!page->mapping) {
120 * Uh oh, read-error from disk.
122 if (!PageUptodate(page)) {
128 * Page is ok afterall, we are done.
139 const struct pipe_buf_operations page_cache_pipe_buf_ops = {
140 .confirm = page_cache_pipe_buf_confirm,
141 .release = page_cache_pipe_buf_release,
142 .try_steal = page_cache_pipe_buf_try_steal,
143 .get = generic_pipe_buf_get,
146 static bool user_page_pipe_buf_try_steal(struct pipe_inode_info *pipe,
147 struct pipe_buffer *buf)
149 if (!(buf->flags & PIPE_BUF_FLAG_GIFT))
152 buf->flags |= PIPE_BUF_FLAG_LRU;
153 return generic_pipe_buf_try_steal(pipe, buf);
156 static const struct pipe_buf_operations user_page_pipe_buf_ops = {
157 .release = page_cache_pipe_buf_release,
158 .try_steal = user_page_pipe_buf_try_steal,
159 .get = generic_pipe_buf_get,
162 static void wakeup_pipe_readers(struct pipe_inode_info *pipe)
165 if (waitqueue_active(&pipe->rd_wait))
166 wake_up_interruptible(&pipe->rd_wait);
167 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
171 * splice_to_pipe - fill passed data into a pipe
172 * @pipe: pipe to fill
176 * @spd contains a map of pages and len/offset tuples, along with
177 * the struct pipe_buf_operations associated with these pages. This
178 * function will link that data to the pipe.
181 ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
182 struct splice_pipe_desc *spd)
184 unsigned int spd_pages = spd->nr_pages;
185 unsigned int tail = pipe->tail;
186 unsigned int head = pipe->head;
187 unsigned int mask = pipe->ring_size - 1;
188 int ret = 0, page_nr = 0;
193 if (unlikely(!pipe->readers)) {
194 send_sig(SIGPIPE, current, 0);
199 while (!pipe_full(head, tail, pipe->max_usage)) {
200 struct pipe_buffer *buf = &pipe->bufs[head & mask];
202 buf->page = spd->pages[page_nr];
203 buf->offset = spd->partial[page_nr].offset;
204 buf->len = spd->partial[page_nr].len;
205 buf->private = spd->partial[page_nr].private;
214 if (!--spd->nr_pages)
222 while (page_nr < spd_pages)
223 spd->spd_release(spd, page_nr++);
227 EXPORT_SYMBOL_GPL(splice_to_pipe);
229 ssize_t add_to_pipe(struct pipe_inode_info *pipe, struct pipe_buffer *buf)
231 unsigned int head = pipe->head;
232 unsigned int tail = pipe->tail;
233 unsigned int mask = pipe->ring_size - 1;
236 if (unlikely(!pipe->readers)) {
237 send_sig(SIGPIPE, current, 0);
239 } else if (pipe_full(head, tail, pipe->max_usage)) {
242 pipe->bufs[head & mask] = *buf;
243 pipe->head = head + 1;
246 pipe_buf_release(pipe, buf);
249 EXPORT_SYMBOL(add_to_pipe);
252 * Check if we need to grow the arrays holding pages and partial page
255 int splice_grow_spd(const struct pipe_inode_info *pipe, struct splice_pipe_desc *spd)
257 unsigned int max_usage = READ_ONCE(pipe->max_usage);
259 spd->nr_pages_max = max_usage;
260 if (max_usage <= PIPE_DEF_BUFFERS)
263 spd->pages = kmalloc_array(max_usage, sizeof(struct page *), GFP_KERNEL);
264 spd->partial = kmalloc_array(max_usage, sizeof(struct partial_page),
267 if (spd->pages && spd->partial)
275 void splice_shrink_spd(struct splice_pipe_desc *spd)
277 if (spd->nr_pages_max <= PIPE_DEF_BUFFERS)
285 * generic_file_splice_read - splice data from file to a pipe
286 * @in: file to splice from
287 * @ppos: position in @in
288 * @pipe: pipe to splice to
289 * @len: number of bytes to splice
290 * @flags: splice modifier flags
293 * Will read pages from given file and fill them into a pipe. Can be
294 * used as long as it has more or less sane ->read_iter().
297 ssize_t generic_file_splice_read(struct file *in, loff_t *ppos,
298 struct pipe_inode_info *pipe, size_t len,
305 iov_iter_pipe(&to, ITER_DEST, pipe, len);
306 init_sync_kiocb(&kiocb, in);
307 kiocb.ki_pos = *ppos;
308 ret = call_read_iter(in, &kiocb, &to);
310 *ppos = kiocb.ki_pos;
312 } else if (ret < 0) {
313 /* free what was emitted */
314 pipe_discard_from(pipe, to.start_head);
316 * callers of ->splice_read() expect -EAGAIN on
317 * "can't put anything in there", rather than -EFAULT.
325 EXPORT_SYMBOL(generic_file_splice_read);
327 const struct pipe_buf_operations default_pipe_buf_ops = {
328 .release = generic_pipe_buf_release,
329 .try_steal = generic_pipe_buf_try_steal,
330 .get = generic_pipe_buf_get,
333 /* Pipe buffer operations for a socket and similar. */
334 const struct pipe_buf_operations nosteal_pipe_buf_ops = {
335 .release = generic_pipe_buf_release,
336 .get = generic_pipe_buf_get,
338 EXPORT_SYMBOL(nosteal_pipe_buf_ops);
341 * Send 'sd->len' bytes to socket from 'sd->file' at position 'sd->pos'
342 * using sendpage(). Return the number of bytes sent.
344 static int pipe_to_sendpage(struct pipe_inode_info *pipe,
345 struct pipe_buffer *buf, struct splice_desc *sd)
347 struct file *file = sd->u.file;
348 loff_t pos = sd->pos;
351 if (!likely(file->f_op->sendpage))
354 more = (sd->flags & SPLICE_F_MORE) ? MSG_MORE : 0;
356 if (sd->len < sd->total_len &&
357 pipe_occupancy(pipe->head, pipe->tail) > 1)
358 more |= MSG_SENDPAGE_NOTLAST;
360 return file->f_op->sendpage(file, buf->page, buf->offset,
361 sd->len, &pos, more);
364 static void wakeup_pipe_writers(struct pipe_inode_info *pipe)
367 if (waitqueue_active(&pipe->wr_wait))
368 wake_up_interruptible(&pipe->wr_wait);
369 kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
373 * splice_from_pipe_feed - feed available data from a pipe to a file
374 * @pipe: pipe to splice from
375 * @sd: information to @actor
376 * @actor: handler that splices the data
379 * This function loops over the pipe and calls @actor to do the
380 * actual moving of a single struct pipe_buffer to the desired
381 * destination. It returns when there's no more buffers left in
382 * the pipe or if the requested number of bytes (@sd->total_len)
383 * have been copied. It returns a positive number (one) if the
384 * pipe needs to be filled with more data, zero if the required
385 * number of bytes have been copied and -errno on error.
387 * This, together with splice_from_pipe_{begin,end,next}, may be
388 * used to implement the functionality of __splice_from_pipe() when
389 * locking is required around copying the pipe buffers to the
392 static int splice_from_pipe_feed(struct pipe_inode_info *pipe, struct splice_desc *sd,
395 unsigned int head = pipe->head;
396 unsigned int tail = pipe->tail;
397 unsigned int mask = pipe->ring_size - 1;
400 while (!pipe_empty(head, tail)) {
401 struct pipe_buffer *buf = &pipe->bufs[tail & mask];
404 if (sd->len > sd->total_len)
405 sd->len = sd->total_len;
407 ret = pipe_buf_confirm(pipe, buf);
414 ret = actor(pipe, buf, sd);
421 sd->num_spliced += ret;
424 sd->total_len -= ret;
427 pipe_buf_release(pipe, buf);
431 sd->need_wakeup = true;
441 /* We know we have a pipe buffer, but maybe it's empty? */
442 static inline bool eat_empty_buffer(struct pipe_inode_info *pipe)
444 unsigned int tail = pipe->tail;
445 unsigned int mask = pipe->ring_size - 1;
446 struct pipe_buffer *buf = &pipe->bufs[tail & mask];
448 if (unlikely(!buf->len)) {
449 pipe_buf_release(pipe, buf);
458 * splice_from_pipe_next - wait for some data to splice from
459 * @pipe: pipe to splice from
460 * @sd: information about the splice operation
463 * This function will wait for some data and return a positive
464 * value (one) if pipe buffers are available. It will return zero
465 * or -errno if no more data needs to be spliced.
467 static int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_desc *sd)
470 * Check for signal early to make process killable when there are
471 * always buffers available
473 if (signal_pending(current))
477 while (pipe_empty(pipe->head, pipe->tail)) {
484 if (sd->flags & SPLICE_F_NONBLOCK)
487 if (signal_pending(current))
490 if (sd->need_wakeup) {
491 wakeup_pipe_writers(pipe);
492 sd->need_wakeup = false;
495 pipe_wait_readable(pipe);
498 if (eat_empty_buffer(pipe))
505 * splice_from_pipe_begin - start splicing from pipe
506 * @sd: information about the splice operation
509 * This function should be called before a loop containing
510 * splice_from_pipe_next() and splice_from_pipe_feed() to
511 * initialize the necessary fields of @sd.
513 static void splice_from_pipe_begin(struct splice_desc *sd)
516 sd->need_wakeup = false;
520 * splice_from_pipe_end - finish splicing from pipe
521 * @pipe: pipe to splice from
522 * @sd: information about the splice operation
525 * This function will wake up pipe writers if necessary. It should
526 * be called after a loop containing splice_from_pipe_next() and
527 * splice_from_pipe_feed().
529 static void splice_from_pipe_end(struct pipe_inode_info *pipe, struct splice_desc *sd)
532 wakeup_pipe_writers(pipe);
536 * __splice_from_pipe - splice data from a pipe to given actor
537 * @pipe: pipe to splice from
538 * @sd: information to @actor
539 * @actor: handler that splices the data
542 * This function does little more than loop over the pipe and call
543 * @actor to do the actual moving of a single struct pipe_buffer to
544 * the desired destination. See pipe_to_file, pipe_to_sendpage, or
548 ssize_t __splice_from_pipe(struct pipe_inode_info *pipe, struct splice_desc *sd,
553 splice_from_pipe_begin(sd);
556 ret = splice_from_pipe_next(pipe, sd);
558 ret = splice_from_pipe_feed(pipe, sd, actor);
560 splice_from_pipe_end(pipe, sd);
562 return sd->num_spliced ? sd->num_spliced : ret;
564 EXPORT_SYMBOL(__splice_from_pipe);
567 * splice_from_pipe - splice data from a pipe to a file
568 * @pipe: pipe to splice from
569 * @out: file to splice to
570 * @ppos: position in @out
571 * @len: how many bytes to splice
572 * @flags: splice modifier flags
573 * @actor: handler that splices the data
576 * See __splice_from_pipe. This function locks the pipe inode,
577 * otherwise it's identical to __splice_from_pipe().
580 ssize_t splice_from_pipe(struct pipe_inode_info *pipe, struct file *out,
581 loff_t *ppos, size_t len, unsigned int flags,
585 struct splice_desc sd = {
593 ret = __splice_from_pipe(pipe, &sd, actor);
600 * iter_file_splice_write - splice data from a pipe to a file
602 * @out: file to write to
603 * @ppos: position in @out
604 * @len: number of bytes to splice
605 * @flags: splice modifier flags
608 * Will either move or copy pages (determined by @flags options) from
609 * the given pipe inode to the given file.
610 * This one is ->write_iter-based.
614 iter_file_splice_write(struct pipe_inode_info *pipe, struct file *out,
615 loff_t *ppos, size_t len, unsigned int flags)
617 struct splice_desc sd = {
623 int nbufs = pipe->max_usage;
624 struct bio_vec *array = kcalloc(nbufs, sizeof(struct bio_vec),
628 if (unlikely(!array))
633 splice_from_pipe_begin(&sd);
634 while (sd.total_len) {
635 struct iov_iter from;
636 unsigned int head, tail, mask;
640 ret = splice_from_pipe_next(pipe, &sd);
644 if (unlikely(nbufs < pipe->max_usage)) {
646 nbufs = pipe->max_usage;
647 array = kcalloc(nbufs, sizeof(struct bio_vec),
657 mask = pipe->ring_size - 1;
659 /* build the vector */
661 for (n = 0; !pipe_empty(head, tail) && left && n < nbufs; tail++) {
662 struct pipe_buffer *buf = &pipe->bufs[tail & mask];
663 size_t this_len = buf->len;
665 /* zero-length bvecs are not supported, skip them */
668 this_len = min(this_len, left);
670 ret = pipe_buf_confirm(pipe, buf);
677 array[n].bv_page = buf->page;
678 array[n].bv_len = this_len;
679 array[n].bv_offset = buf->offset;
684 iov_iter_bvec(&from, ITER_SOURCE, array, n, sd.total_len - left);
685 ret = vfs_iter_write(out, &from, &sd.pos, 0);
689 sd.num_spliced += ret;
693 /* dismiss the fully eaten buffers, adjust the partial one */
696 struct pipe_buffer *buf = &pipe->bufs[tail & mask];
697 if (ret >= buf->len) {
700 pipe_buf_release(pipe, buf);
704 sd.need_wakeup = true;
714 splice_from_pipe_end(pipe, &sd);
719 ret = sd.num_spliced;
724 EXPORT_SYMBOL(iter_file_splice_write);
727 * generic_splice_sendpage - splice data from a pipe to a socket
728 * @pipe: pipe to splice from
729 * @out: socket to write to
730 * @ppos: position in @out
731 * @len: number of bytes to splice
732 * @flags: splice modifier flags
735 * Will send @len bytes from the pipe to a network socket. No data copying
739 ssize_t generic_splice_sendpage(struct pipe_inode_info *pipe, struct file *out,
740 loff_t *ppos, size_t len, unsigned int flags)
742 return splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_sendpage);
745 EXPORT_SYMBOL(generic_splice_sendpage);
747 static int warn_unsupported(struct file *file, const char *op)
749 pr_debug_ratelimited(
750 "splice %s not supported for file %pD4 (pid: %d comm: %.20s)\n",
751 op, file, current->pid, current->comm);
756 * Attempt to initiate a splice from pipe to file.
758 static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
759 loff_t *ppos, size_t len, unsigned int flags)
761 if (unlikely(!out->f_op->splice_write))
762 return warn_unsupported(out, "write");
763 return out->f_op->splice_write(pipe, out, ppos, len, flags);
767 * Indicate to the caller that there was a premature EOF when reading from the
768 * source and the caller didn't indicate they would be sending more data after
771 static void do_splice_eof(struct splice_desc *sd)
778 * Attempt to initiate a splice from a file to a pipe.
780 static long do_splice_to(struct file *in, loff_t *ppos,
781 struct pipe_inode_info *pipe, size_t len,
784 unsigned int p_space;
787 if (unlikely(!(in->f_mode & FMODE_READ)))
790 /* Don't try to read more the pipe has space for. */
791 p_space = pipe->max_usage - pipe_occupancy(pipe->head, pipe->tail);
792 len = min_t(size_t, len, p_space << PAGE_SHIFT);
794 ret = rw_verify_area(READ, in, ppos, len);
795 if (unlikely(ret < 0))
798 if (unlikely(len > MAX_RW_COUNT))
801 if (unlikely(!in->f_op->splice_read))
802 return warn_unsupported(in, "read");
803 return in->f_op->splice_read(in, ppos, pipe, len, flags);
807 * splice_direct_to_actor - splices data directly between two non-pipes
808 * @in: file to splice from
809 * @sd: actor information on where to splice to
810 * @actor: handles the data splicing
813 * This is a special case helper to splice directly between two
814 * points, without requiring an explicit pipe. Internally an allocated
815 * pipe is cached in the process, and reused during the lifetime of
819 ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
820 splice_direct_actor *actor)
822 struct pipe_inode_info *pipe;
828 * We require the input to be seekable, as we don't want to randomly
829 * drop data for eg socket -> socket splicing. Use the piped splicing
832 if (unlikely(!(in->f_mode & FMODE_LSEEK)))
836 * neither in nor out is a pipe, setup an internal pipe attached to
837 * 'out' and transfer the wanted data from 'in' to 'out' through that
839 pipe = current->splice_pipe;
840 if (unlikely(!pipe)) {
841 pipe = alloc_pipe_info();
846 * We don't have an immediate reader, but we'll read the stuff
847 * out of the pipe right after the splice_to_pipe(). So set
848 * PIPE_READERS appropriately.
852 current->splice_pipe = pipe;
864 * Don't block on output, we have to drain the direct pipe.
866 sd->flags &= ~SPLICE_F_NONBLOCK;
867 more = sd->flags & SPLICE_F_MORE;
869 WARN_ON_ONCE(!pipe_empty(pipe->head, pipe->tail));
873 loff_t pos = sd->pos, prev_pos = pos;
875 ret = do_splice_to(in, &pos, pipe, len, flags);
876 if (unlikely(ret <= 0))
880 sd->total_len = read_len;
883 * If more data is pending, set SPLICE_F_MORE
884 * If this is the last data and SPLICE_F_MORE was not set
885 * initially, clears it.
888 sd->flags |= SPLICE_F_MORE;
890 sd->flags &= ~SPLICE_F_MORE;
892 * NOTE: nonblocking mode only applies to the input. We
893 * must not do the output in nonblocking mode as then we
894 * could get stuck data in the internal pipe:
896 ret = actor(pipe, sd);
897 if (unlikely(ret <= 0)) {
906 if (ret < read_len) {
907 sd->pos = prev_pos + ret;
913 pipe->tail = pipe->head = 0;
919 * If the user did *not* set SPLICE_F_MORE *and* we didn't hit that
920 * "use all of len" case that cleared SPLICE_F_MORE, *and* we did a
921 * "->splice_in()" that returned EOF (ie zero) *and* we have sent at
922 * least 1 byte *then* we will also do the ->splice_eof() call.
924 if (ret == 0 && !more && len > 0 && bytes)
928 * If we did an incomplete transfer we must release
929 * the pipe buffers in question:
931 for (i = 0; i < pipe->ring_size; i++) {
932 struct pipe_buffer *buf = &pipe->bufs[i];
935 pipe_buf_release(pipe, buf);
943 EXPORT_SYMBOL(splice_direct_to_actor);
945 static int direct_splice_actor(struct pipe_inode_info *pipe,
946 struct splice_desc *sd)
948 struct file *file = sd->u.file;
950 return do_splice_from(pipe, file, sd->opos, sd->total_len,
954 static void direct_file_splice_eof(struct splice_desc *sd)
956 struct file *file = sd->u.file;
958 if (file->f_op->splice_eof)
959 file->f_op->splice_eof(file);
963 * do_splice_direct - splices data directly between two files
964 * @in: file to splice from
965 * @ppos: input file offset
966 * @out: file to splice to
967 * @opos: output file offset
968 * @len: number of bytes to splice
969 * @flags: splice modifier flags
972 * For use by do_sendfile(). splice can easily emulate sendfile, but
973 * doing it in the application would incur an extra system call
974 * (splice in + splice out, as compared to just sendfile()). So this helper
975 * can splice directly through a process-private pipe.
978 long do_splice_direct(struct file *in, loff_t *ppos, struct file *out,
979 loff_t *opos, size_t len, unsigned int flags)
981 struct splice_desc sd = {
987 .splice_eof = direct_file_splice_eof,
992 if (unlikely(!(out->f_mode & FMODE_WRITE)))
995 if (unlikely(out->f_flags & O_APPEND))
998 ret = rw_verify_area(WRITE, out, opos, len);
999 if (unlikely(ret < 0))
1002 ret = splice_direct_to_actor(in, &sd, direct_splice_actor);
1008 EXPORT_SYMBOL(do_splice_direct);
1010 static int wait_for_space(struct pipe_inode_info *pipe, unsigned flags)
1013 if (unlikely(!pipe->readers)) {
1014 send_sig(SIGPIPE, current, 0);
1017 if (!pipe_full(pipe->head, pipe->tail, pipe->max_usage))
1019 if (flags & SPLICE_F_NONBLOCK)
1021 if (signal_pending(current))
1022 return -ERESTARTSYS;
1023 pipe_wait_writable(pipe);
1027 static int splice_pipe_to_pipe(struct pipe_inode_info *ipipe,
1028 struct pipe_inode_info *opipe,
1029 size_t len, unsigned int flags);
1031 long splice_file_to_pipe(struct file *in,
1032 struct pipe_inode_info *opipe,
1034 size_t len, unsigned int flags)
1039 ret = wait_for_space(opipe, flags);
1041 ret = do_splice_to(in, offset, opipe, len, flags);
1044 wakeup_pipe_readers(opipe);
1049 * Determine where to splice to/from.
1051 long do_splice(struct file *in, loff_t *off_in, struct file *out,
1052 loff_t *off_out, size_t len, unsigned int flags)
1054 struct pipe_inode_info *ipipe;
1055 struct pipe_inode_info *opipe;
1059 if (unlikely(!(in->f_mode & FMODE_READ) ||
1060 !(out->f_mode & FMODE_WRITE)))
1063 ipipe = get_pipe_info(in, true);
1064 opipe = get_pipe_info(out, true);
1066 if (ipipe && opipe) {
1067 if (off_in || off_out)
1070 /* Splicing to self would be fun, but... */
1074 if ((in->f_flags | out->f_flags) & O_NONBLOCK)
1075 flags |= SPLICE_F_NONBLOCK;
1077 return splice_pipe_to_pipe(ipipe, opipe, len, flags);
1084 if (!(out->f_mode & FMODE_PWRITE))
1088 offset = out->f_pos;
1091 if (unlikely(out->f_flags & O_APPEND))
1094 ret = rw_verify_area(WRITE, out, &offset, len);
1095 if (unlikely(ret < 0))
1098 if (in->f_flags & O_NONBLOCK)
1099 flags |= SPLICE_F_NONBLOCK;
1101 file_start_write(out);
1102 ret = do_splice_from(ipipe, out, &offset, len, flags);
1103 file_end_write(out);
1106 out->f_pos = offset;
1117 if (!(in->f_mode & FMODE_PREAD))
1124 if (out->f_flags & O_NONBLOCK)
1125 flags |= SPLICE_F_NONBLOCK;
1127 ret = splice_file_to_pipe(in, opipe, &offset, len, flags);
1139 static long __do_splice(struct file *in, loff_t __user *off_in,
1140 struct file *out, loff_t __user *off_out,
1141 size_t len, unsigned int flags)
1143 struct pipe_inode_info *ipipe;
1144 struct pipe_inode_info *opipe;
1145 loff_t offset, *__off_in = NULL, *__off_out = NULL;
1148 ipipe = get_pipe_info(in, true);
1149 opipe = get_pipe_info(out, true);
1151 if (ipipe && off_in)
1153 if (opipe && off_out)
1157 if (copy_from_user(&offset, off_out, sizeof(loff_t)))
1159 __off_out = &offset;
1162 if (copy_from_user(&offset, off_in, sizeof(loff_t)))
1167 ret = do_splice(in, __off_in, out, __off_out, len, flags);
1171 if (__off_out && copy_to_user(off_out, __off_out, sizeof(loff_t)))
1173 if (__off_in && copy_to_user(off_in, __off_in, sizeof(loff_t)))
1179 static int iter_to_pipe(struct iov_iter *from,
1180 struct pipe_inode_info *pipe,
1183 struct pipe_buffer buf = {
1184 .ops = &user_page_pipe_buf_ops,
1190 while (iov_iter_count(from)) {
1191 struct page *pages[16];
1196 left = iov_iter_get_pages2(from, pages, ~0UL, 16, &start);
1202 n = DIV_ROUND_UP(left + start, PAGE_SIZE);
1203 for (i = 0; i < n; i++) {
1204 int size = min_t(int, left, PAGE_SIZE - start);
1206 buf.page = pages[i];
1209 ret = add_to_pipe(pipe, &buf);
1210 if (unlikely(ret < 0)) {
1211 iov_iter_revert(from, left);
1212 // this one got dropped by add_to_pipe()
1223 return total ? total : ret;
1226 static int pipe_to_user(struct pipe_inode_info *pipe, struct pipe_buffer *buf,
1227 struct splice_desc *sd)
1229 int n = copy_page_to_iter(buf->page, buf->offset, sd->len, sd->u.data);
1230 return n == sd->len ? n : -EFAULT;
1234 * For lack of a better implementation, implement vmsplice() to userspace
1235 * as a simple copy of the pipes pages to the user iov.
1237 static long vmsplice_to_user(struct file *file, struct iov_iter *iter,
1240 struct pipe_inode_info *pipe = get_pipe_info(file, true);
1241 struct splice_desc sd = {
1242 .total_len = iov_iter_count(iter),
1253 ret = __splice_from_pipe(pipe, &sd, pipe_to_user);
1261 * vmsplice splices a user address range into a pipe. It can be thought of
1262 * as splice-from-memory, where the regular splice is splice-from-file (or
1263 * to file). In both cases the output is a pipe, naturally.
1265 static long vmsplice_to_pipe(struct file *file, struct iov_iter *iter,
1268 struct pipe_inode_info *pipe;
1270 unsigned buf_flag = 0;
1272 if (flags & SPLICE_F_GIFT)
1273 buf_flag = PIPE_BUF_FLAG_GIFT;
1275 pipe = get_pipe_info(file, true);
1280 ret = wait_for_space(pipe, flags);
1282 ret = iter_to_pipe(iter, pipe, buf_flag);
1285 wakeup_pipe_readers(pipe);
1289 static int vmsplice_type(struct fd f, int *type)
1293 if (f.file->f_mode & FMODE_WRITE) {
1294 *type = ITER_SOURCE;
1295 } else if (f.file->f_mode & FMODE_READ) {
1305 * Note that vmsplice only really supports true splicing _from_ user memory
1306 * to a pipe, not the other way around. Splicing from user memory is a simple
1307 * operation that can be supported without any funky alignment restrictions
1308 * or nasty vm tricks. We simply map in the user memory and fill them into
1309 * a pipe. The reverse isn't quite as easy, though. There are two possible
1310 * solutions for that:
1312 * - memcpy() the data internally, at which point we might as well just
1313 * do a regular read() on the buffer anyway.
1314 * - Lots of nasty vm tricks, that are neither fast nor flexible (it
1315 * has restriction limitations on both ends of the pipe).
1317 * Currently we punt and implement it as a normal copy, see pipe_to_user().
1320 SYSCALL_DEFINE4(vmsplice, int, fd, const struct iovec __user *, uiov,
1321 unsigned long, nr_segs, unsigned int, flags)
1323 struct iovec iovstack[UIO_FASTIOV];
1324 struct iovec *iov = iovstack;
1325 struct iov_iter iter;
1330 if (unlikely(flags & ~SPLICE_F_ALL))
1334 error = vmsplice_type(f, &type);
1338 error = import_iovec(type, uiov, nr_segs,
1339 ARRAY_SIZE(iovstack), &iov, &iter);
1343 if (!iov_iter_count(&iter))
1345 else if (type == ITER_SOURCE)
1346 error = vmsplice_to_pipe(f.file, &iter, flags);
1348 error = vmsplice_to_user(f.file, &iter, flags);
1356 SYSCALL_DEFINE6(splice, int, fd_in, loff_t __user *, off_in,
1357 int, fd_out, loff_t __user *, off_out,
1358 size_t, len, unsigned int, flags)
1366 if (unlikely(flags & ~SPLICE_F_ALL))
1372 out = fdget(fd_out);
1374 error = __do_splice(in.file, off_in, out.file, off_out,
1384 * Make sure there's data to read. Wait for input if we can, otherwise
1385 * return an appropriate error.
1387 static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
1392 * Check the pipe occupancy without the inode lock first. This function
1393 * is speculative anyways, so missing one is ok.
1395 if (!pipe_empty(pipe->head, pipe->tail))
1401 while (pipe_empty(pipe->head, pipe->tail)) {
1402 if (signal_pending(current)) {
1408 if (flags & SPLICE_F_NONBLOCK) {
1412 pipe_wait_readable(pipe);
1420 * Make sure there's writeable room. Wait for room if we can, otherwise
1421 * return an appropriate error.
1423 static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
1428 * Check pipe occupancy without the inode lock first. This function
1429 * is speculative anyways, so missing one is ok.
1431 if (!pipe_full(pipe->head, pipe->tail, pipe->max_usage))
1437 while (pipe_full(pipe->head, pipe->tail, pipe->max_usage)) {
1438 if (!pipe->readers) {
1439 send_sig(SIGPIPE, current, 0);
1443 if (flags & SPLICE_F_NONBLOCK) {
1447 if (signal_pending(current)) {
1451 pipe_wait_writable(pipe);
1459 * Splice contents of ipipe to opipe.
1461 static int splice_pipe_to_pipe(struct pipe_inode_info *ipipe,
1462 struct pipe_inode_info *opipe,
1463 size_t len, unsigned int flags)
1465 struct pipe_buffer *ibuf, *obuf;
1466 unsigned int i_head, o_head;
1467 unsigned int i_tail, o_tail;
1468 unsigned int i_mask, o_mask;
1470 bool input_wakeup = false;
1474 ret = ipipe_prep(ipipe, flags);
1478 ret = opipe_prep(opipe, flags);
1483 * Potential ABBA deadlock, work around it by ordering lock
1484 * grabbing by pipe info address. Otherwise two different processes
1485 * could deadlock (one doing tee from A -> B, the other from B -> A).
1487 pipe_double_lock(ipipe, opipe);
1489 i_tail = ipipe->tail;
1490 i_mask = ipipe->ring_size - 1;
1491 o_head = opipe->head;
1492 o_mask = opipe->ring_size - 1;
1497 if (!opipe->readers) {
1498 send_sig(SIGPIPE, current, 0);
1504 i_head = ipipe->head;
1505 o_tail = opipe->tail;
1507 if (pipe_empty(i_head, i_tail) && !ipipe->writers)
1511 * Cannot make any progress, because either the input
1512 * pipe is empty or the output pipe is full.
1514 if (pipe_empty(i_head, i_tail) ||
1515 pipe_full(o_head, o_tail, opipe->max_usage)) {
1516 /* Already processed some buffers, break */
1520 if (flags & SPLICE_F_NONBLOCK) {
1526 * We raced with another reader/writer and haven't
1527 * managed to process any buffers. A zero return
1528 * value means EOF, so retry instead.
1535 ibuf = &ipipe->bufs[i_tail & i_mask];
1536 obuf = &opipe->bufs[o_head & o_mask];
1538 if (len >= ibuf->len) {
1540 * Simply move the whole buffer from ipipe to opipe
1545 ipipe->tail = i_tail;
1546 input_wakeup = true;
1549 opipe->head = o_head;
1552 * Get a reference to this pipe buffer,
1553 * so we can copy the contents over.
1555 if (!pipe_buf_get(ipipe, ibuf)) {
1563 * Don't inherit the gift and merge flags, we need to
1564 * prevent multiple steals of this page.
1566 obuf->flags &= ~PIPE_BUF_FLAG_GIFT;
1567 obuf->flags &= ~PIPE_BUF_FLAG_CAN_MERGE;
1570 ibuf->offset += len;
1574 opipe->head = o_head;
1584 * If we put data in the output pipe, wakeup any potential readers.
1587 wakeup_pipe_readers(opipe);
1590 wakeup_pipe_writers(ipipe);
1596 * Link contents of ipipe to opipe.
1598 static int link_pipe(struct pipe_inode_info *ipipe,
1599 struct pipe_inode_info *opipe,
1600 size_t len, unsigned int flags)
1602 struct pipe_buffer *ibuf, *obuf;
1603 unsigned int i_head, o_head;
1604 unsigned int i_tail, o_tail;
1605 unsigned int i_mask, o_mask;
1609 * Potential ABBA deadlock, work around it by ordering lock
1610 * grabbing by pipe info address. Otherwise two different processes
1611 * could deadlock (one doing tee from A -> B, the other from B -> A).
1613 pipe_double_lock(ipipe, opipe);
1615 i_tail = ipipe->tail;
1616 i_mask = ipipe->ring_size - 1;
1617 o_head = opipe->head;
1618 o_mask = opipe->ring_size - 1;
1621 if (!opipe->readers) {
1622 send_sig(SIGPIPE, current, 0);
1628 i_head = ipipe->head;
1629 o_tail = opipe->tail;
1632 * If we have iterated all input buffers or run out of
1633 * output room, break.
1635 if (pipe_empty(i_head, i_tail) ||
1636 pipe_full(o_head, o_tail, opipe->max_usage))
1639 ibuf = &ipipe->bufs[i_tail & i_mask];
1640 obuf = &opipe->bufs[o_head & o_mask];
1643 * Get a reference to this pipe buffer,
1644 * so we can copy the contents over.
1646 if (!pipe_buf_get(ipipe, ibuf)) {
1655 * Don't inherit the gift and merge flag, we need to prevent
1656 * multiple steals of this page.
1658 obuf->flags &= ~PIPE_BUF_FLAG_GIFT;
1659 obuf->flags &= ~PIPE_BUF_FLAG_CAN_MERGE;
1661 if (obuf->len > len)
1667 opipe->head = o_head;
1675 * If we put data in the output pipe, wakeup any potential readers.
1678 wakeup_pipe_readers(opipe);
1684 * This is a tee(1) implementation that works on pipes. It doesn't copy
1685 * any data, it simply references the 'in' pages on the 'out' pipe.
1686 * The 'flags' used are the SPLICE_F_* variants, currently the only
1687 * applicable one is SPLICE_F_NONBLOCK.
1689 long do_tee(struct file *in, struct file *out, size_t len, unsigned int flags)
1691 struct pipe_inode_info *ipipe = get_pipe_info(in, true);
1692 struct pipe_inode_info *opipe = get_pipe_info(out, true);
1695 if (unlikely(!(in->f_mode & FMODE_READ) ||
1696 !(out->f_mode & FMODE_WRITE)))
1700 * Duplicate the contents of ipipe to opipe without actually
1703 if (ipipe && opipe && ipipe != opipe) {
1704 if ((in->f_flags | out->f_flags) & O_NONBLOCK)
1705 flags |= SPLICE_F_NONBLOCK;
1708 * Keep going, unless we encounter an error. The ipipe/opipe
1709 * ordering doesn't really matter.
1711 ret = ipipe_prep(ipipe, flags);
1713 ret = opipe_prep(opipe, flags);
1715 ret = link_pipe(ipipe, opipe, len, flags);
1722 SYSCALL_DEFINE4(tee, int, fdin, int, fdout, size_t, len, unsigned int, flags)
1727 if (unlikely(flags & ~SPLICE_F_ALL))
1738 error = do_tee(in.file, out.file, len, flags);
projects / releases.git / blob