1 // SPDX-License-Identifier: GPL-2.0-only
3 * "splice": joining two ropes together by interweaving their strands.
5 * This is the "extended pipe" functionality, where a pipe is used as
6 * an arbitrary in-memory buffer. Think of a pipe as a small kernel
7 * buffer that you can use to transfer data from one end to the other.
9 * The traditional unix read/write is extended with a "splice()" operation
10 * that transfers data buffers to or from a pipe buffer.
12 * Named by Larry McVoy, original implementation from Linus, extended by
13 * Jens to support splicing to files, network, direct splicing, etc and
14 * fixing lots of bugs.
16 * Copyright (C) 2005-2006 Jens Axboe <axboe@kernel.dk>
17 * Copyright (C) 2005-2006 Linus Torvalds <torvalds@osdl.org>
18 * Copyright (C) 2006 Ingo Molnar <mingo@elte.hu>
21 #include <linux/bvec.h>
23 #include <linux/file.h>
24 #include <linux/pagemap.h>
25 #include <linux/splice.h>
26 #include <linux/memcontrol.h>
27 #include <linux/mm_inline.h>
28 #include <linux/swap.h>
29 #include <linux/writeback.h>
30 #include <linux/export.h>
31 #include <linux/syscalls.h>
32 #include <linux/uio.h>
33 #include <linux/fsnotify.h>
34 #include <linux/security.h>
35 #include <linux/gfp.h>
36 #include <linux/net.h>
37 #include <linux/socket.h>
38 #include <linux/sched/signal.h>
43 * Splice doesn't support FMODE_NOWAIT. Since pipes may set this flag to
44 * indicate they support non-blocking reads or writes, we must clear it
45 * here if set to avoid blocking other users of this pipe if splice is
48 static noinline void noinline pipe_clear_nowait(struct file *file)
50 fmode_t fmode = READ_ONCE(file->f_mode);
53 if (!(fmode & FMODE_NOWAIT))
55 } while (!try_cmpxchg(&file->f_mode, &fmode, fmode & ~FMODE_NOWAIT));
59 * Attempt to steal a page from a pipe buffer. This should perhaps go into
60 * a vm helper function, it's already simplified quite a bit by the
61 * addition of remove_mapping(). If success is returned, the caller may
62 * attempt to reuse this page for another destination.
64 static bool page_cache_pipe_buf_try_steal(struct pipe_inode_info *pipe,
65 struct pipe_buffer *buf)
67 struct folio *folio = page_folio(buf->page);
68 struct address_space *mapping;
72 mapping = folio_mapping(folio);
74 WARN_ON(!folio_test_uptodate(folio));
77 * At least for ext2 with nobh option, we need to wait on
78 * writeback completing on this folio, since we'll remove it
79 * from the pagecache. Otherwise truncate wont wait on the
80 * folio, allowing the disk blocks to be reused by someone else
81 * before we actually wrote our data to them. fs corruption
84 folio_wait_writeback(folio);
86 if (folio_has_private(folio) &&
87 !filemap_release_folio(folio, GFP_KERNEL))
91 * If we succeeded in removing the mapping, set LRU flag
94 if (remove_mapping(mapping, folio)) {
95 buf->flags |= PIPE_BUF_FLAG_LRU;
101 * Raced with truncate or failed to remove folio from current
102 * address space, unlock and return failure.
109 static void page_cache_pipe_buf_release(struct pipe_inode_info *pipe,
110 struct pipe_buffer *buf)
113 buf->flags &= ~PIPE_BUF_FLAG_LRU;
117 * Check whether the contents of buf is OK to access. Since the content
118 * is a page cache page, IO may be in flight.
120 static int page_cache_pipe_buf_confirm(struct pipe_inode_info *pipe,
121 struct pipe_buffer *buf)
123 struct page *page = buf->page;
126 if (!PageUptodate(page)) {
130 * Page got truncated/unhashed. This will cause a 0-byte
131 * splice, if this is the first page.
133 if (!page->mapping) {
139 * Uh oh, read-error from disk.
141 if (!PageUptodate(page)) {
147 * Page is ok afterall, we are done.
158 const struct pipe_buf_operations page_cache_pipe_buf_ops = {
159 .confirm = page_cache_pipe_buf_confirm,
160 .release = page_cache_pipe_buf_release,
161 .try_steal = page_cache_pipe_buf_try_steal,
162 .get = generic_pipe_buf_get,
165 static bool user_page_pipe_buf_try_steal(struct pipe_inode_info *pipe,
166 struct pipe_buffer *buf)
168 if (!(buf->flags & PIPE_BUF_FLAG_GIFT))
171 buf->flags |= PIPE_BUF_FLAG_LRU;
172 return generic_pipe_buf_try_steal(pipe, buf);
175 static const struct pipe_buf_operations user_page_pipe_buf_ops = {
176 .release = page_cache_pipe_buf_release,
177 .try_steal = user_page_pipe_buf_try_steal,
178 .get = generic_pipe_buf_get,
181 static void wakeup_pipe_readers(struct pipe_inode_info *pipe)
184 if (waitqueue_active(&pipe->rd_wait))
185 wake_up_interruptible(&pipe->rd_wait);
186 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
190 * splice_to_pipe - fill passed data into a pipe
191 * @pipe: pipe to fill
195 * @spd contains a map of pages and len/offset tuples, along with
196 * the struct pipe_buf_operations associated with these pages. This
197 * function will link that data to the pipe.
200 ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
201 struct splice_pipe_desc *spd)
203 unsigned int spd_pages = spd->nr_pages;
204 unsigned int tail = pipe->tail;
205 unsigned int head = pipe->head;
206 unsigned int mask = pipe->ring_size - 1;
207 int ret = 0, page_nr = 0;
212 if (unlikely(!pipe->readers)) {
213 send_sig(SIGPIPE, current, 0);
218 while (!pipe_full(head, tail, pipe->max_usage)) {
219 struct pipe_buffer *buf = &pipe->bufs[head & mask];
221 buf->page = spd->pages[page_nr];
222 buf->offset = spd->partial[page_nr].offset;
223 buf->len = spd->partial[page_nr].len;
224 buf->private = spd->partial[page_nr].private;
233 if (!--spd->nr_pages)
241 while (page_nr < spd_pages)
242 spd->spd_release(spd, page_nr++);
246 EXPORT_SYMBOL_GPL(splice_to_pipe);
248 ssize_t add_to_pipe(struct pipe_inode_info *pipe, struct pipe_buffer *buf)
250 unsigned int head = pipe->head;
251 unsigned int tail = pipe->tail;
252 unsigned int mask = pipe->ring_size - 1;
255 if (unlikely(!pipe->readers)) {
256 send_sig(SIGPIPE, current, 0);
258 } else if (pipe_full(head, tail, pipe->max_usage)) {
261 pipe->bufs[head & mask] = *buf;
262 pipe->head = head + 1;
265 pipe_buf_release(pipe, buf);
268 EXPORT_SYMBOL(add_to_pipe);
271 * Check if we need to grow the arrays holding pages and partial page
274 int splice_grow_spd(const struct pipe_inode_info *pipe, struct splice_pipe_desc *spd)
276 unsigned int max_usage = READ_ONCE(pipe->max_usage);
278 spd->nr_pages_max = max_usage;
279 if (max_usage <= PIPE_DEF_BUFFERS)
282 spd->pages = kmalloc_array(max_usage, sizeof(struct page *), GFP_KERNEL);
283 spd->partial = kmalloc_array(max_usage, sizeof(struct partial_page),
286 if (spd->pages && spd->partial)
294 void splice_shrink_spd(struct splice_pipe_desc *spd)
296 if (spd->nr_pages_max <= PIPE_DEF_BUFFERS)
304 * Splice data from an O_DIRECT file into pages and then add them to the output
307 ssize_t direct_splice_read(struct file *in, loff_t *ppos,
308 struct pipe_inode_info *pipe,
309 size_t len, unsigned int flags)
316 size_t used, npages, chunk, remain, reclaim;
319 /* Work out how much data we can actually add into the pipe */
320 used = pipe_occupancy(pipe->head, pipe->tail);
321 npages = max_t(ssize_t, pipe->max_usage - used, 0);
322 len = min_t(size_t, len, npages * PAGE_SIZE);
323 npages = DIV_ROUND_UP(len, PAGE_SIZE);
325 bv = kzalloc(array_size(npages, sizeof(bv[0])) +
326 array_size(npages, sizeof(struct page *)), GFP_KERNEL);
330 pages = (void *)(bv + npages);
331 npages = alloc_pages_bulk_array(GFP_USER, npages, pages);
337 remain = len = min_t(size_t, len, npages * PAGE_SIZE);
339 for (i = 0; i < npages; i++) {
340 chunk = min_t(size_t, PAGE_SIZE, remain);
341 bv[i].bv_page = pages[i];
343 bv[i].bv_len = chunk;
348 iov_iter_bvec(&to, ITER_DEST, bv, npages, len);
349 init_sync_kiocb(&kiocb, in);
350 kiocb.ki_pos = *ppos;
351 ret = call_read_iter(in, &kiocb, &to);
353 reclaim = npages * PAGE_SIZE;
358 *ppos = kiocb.ki_pos;
360 } else if (ret < 0) {
362 * callers of ->splice_read() expect -EAGAIN on
363 * "can't put anything in there", rather than -EFAULT.
369 /* Free any pages that didn't get touched at all. */
370 reclaim /= PAGE_SIZE;
373 release_pages(pages + npages, reclaim);
376 /* Push the remaining pages into the pipe. */
377 for (i = 0; i < npages; i++) {
378 struct pipe_buffer *buf = pipe_head_buf(pipe);
380 chunk = min_t(size_t, remain, PAGE_SIZE);
381 *buf = (struct pipe_buffer) {
382 .ops = &default_pipe_buf_ops,
383 .page = bv[i].bv_page,
394 EXPORT_SYMBOL(direct_splice_read);
397 * generic_file_splice_read - splice data from file to a pipe
398 * @in: file to splice from
399 * @ppos: position in @in
400 * @pipe: pipe to splice to
401 * @len: number of bytes to splice
402 * @flags: splice modifier flags
405 * Will read pages from given file and fill them into a pipe. Can be
406 * used as long as it has more or less sane ->read_iter().
409 ssize_t generic_file_splice_read(struct file *in, loff_t *ppos,
410 struct pipe_inode_info *pipe, size_t len,
417 iov_iter_pipe(&to, ITER_DEST, pipe, len);
418 init_sync_kiocb(&kiocb, in);
419 kiocb.ki_pos = *ppos;
420 ret = call_read_iter(in, &kiocb, &to);
422 *ppos = kiocb.ki_pos;
424 } else if (ret < 0) {
425 /* free what was emitted */
426 pipe_discard_from(pipe, to.start_head);
428 * callers of ->splice_read() expect -EAGAIN on
429 * "can't put anything in there", rather than -EFAULT.
437 EXPORT_SYMBOL(generic_file_splice_read);
439 const struct pipe_buf_operations default_pipe_buf_ops = {
440 .release = generic_pipe_buf_release,
441 .try_steal = generic_pipe_buf_try_steal,
442 .get = generic_pipe_buf_get,
445 /* Pipe buffer operations for a socket and similar. */
446 const struct pipe_buf_operations nosteal_pipe_buf_ops = {
447 .release = generic_pipe_buf_release,
448 .get = generic_pipe_buf_get,
450 EXPORT_SYMBOL(nosteal_pipe_buf_ops);
452 static void wakeup_pipe_writers(struct pipe_inode_info *pipe)
455 if (waitqueue_active(&pipe->wr_wait))
456 wake_up_interruptible(&pipe->wr_wait);
457 kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
461 * splice_from_pipe_feed - feed available data from a pipe to a file
462 * @pipe: pipe to splice from
463 * @sd: information to @actor
464 * @actor: handler that splices the data
467 * This function loops over the pipe and calls @actor to do the
468 * actual moving of a single struct pipe_buffer to the desired
469 * destination. It returns when there's no more buffers left in
470 * the pipe or if the requested number of bytes (@sd->total_len)
471 * have been copied. It returns a positive number (one) if the
472 * pipe needs to be filled with more data, zero if the required
473 * number of bytes have been copied and -errno on error.
475 * This, together with splice_from_pipe_{begin,end,next}, may be
476 * used to implement the functionality of __splice_from_pipe() when
477 * locking is required around copying the pipe buffers to the
480 static int splice_from_pipe_feed(struct pipe_inode_info *pipe, struct splice_desc *sd,
483 unsigned int head = pipe->head;
484 unsigned int tail = pipe->tail;
485 unsigned int mask = pipe->ring_size - 1;
488 while (!pipe_empty(head, tail)) {
489 struct pipe_buffer *buf = &pipe->bufs[tail & mask];
492 if (sd->len > sd->total_len)
493 sd->len = sd->total_len;
495 ret = pipe_buf_confirm(pipe, buf);
502 ret = actor(pipe, buf, sd);
509 sd->num_spliced += ret;
512 sd->total_len -= ret;
515 pipe_buf_release(pipe, buf);
519 sd->need_wakeup = true;
529 /* We know we have a pipe buffer, but maybe it's empty? */
530 static inline bool eat_empty_buffer(struct pipe_inode_info *pipe)
532 unsigned int tail = pipe->tail;
533 unsigned int mask = pipe->ring_size - 1;
534 struct pipe_buffer *buf = &pipe->bufs[tail & mask];
536 if (unlikely(!buf->len)) {
537 pipe_buf_release(pipe, buf);
546 * splice_from_pipe_next - wait for some data to splice from
547 * @pipe: pipe to splice from
548 * @sd: information about the splice operation
551 * This function will wait for some data and return a positive
552 * value (one) if pipe buffers are available. It will return zero
553 * or -errno if no more data needs to be spliced.
555 static int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_desc *sd)
558 * Check for signal early to make process killable when there are
559 * always buffers available
561 if (signal_pending(current))
565 while (pipe_empty(pipe->head, pipe->tail)) {
572 if (sd->flags & SPLICE_F_NONBLOCK)
575 if (signal_pending(current))
578 if (sd->need_wakeup) {
579 wakeup_pipe_writers(pipe);
580 sd->need_wakeup = false;
583 pipe_wait_readable(pipe);
586 if (eat_empty_buffer(pipe))
593 * splice_from_pipe_begin - start splicing from pipe
594 * @sd: information about the splice operation
597 * This function should be called before a loop containing
598 * splice_from_pipe_next() and splice_from_pipe_feed() to
599 * initialize the necessary fields of @sd.
601 static void splice_from_pipe_begin(struct splice_desc *sd)
604 sd->need_wakeup = false;
608 * splice_from_pipe_end - finish splicing from pipe
609 * @pipe: pipe to splice from
610 * @sd: information about the splice operation
613 * This function will wake up pipe writers if necessary. It should
614 * be called after a loop containing splice_from_pipe_next() and
615 * splice_from_pipe_feed().
617 static void splice_from_pipe_end(struct pipe_inode_info *pipe, struct splice_desc *sd)
620 wakeup_pipe_writers(pipe);
624 * __splice_from_pipe - splice data from a pipe to given actor
625 * @pipe: pipe to splice from
626 * @sd: information to @actor
627 * @actor: handler that splices the data
630 * This function does little more than loop over the pipe and call
631 * @actor to do the actual moving of a single struct pipe_buffer to
632 * the desired destination. See pipe_to_file, pipe_to_sendmsg, or
636 ssize_t __splice_from_pipe(struct pipe_inode_info *pipe, struct splice_desc *sd,
641 splice_from_pipe_begin(sd);
644 ret = splice_from_pipe_next(pipe, sd);
646 ret = splice_from_pipe_feed(pipe, sd, actor);
648 splice_from_pipe_end(pipe, sd);
650 return sd->num_spliced ? sd->num_spliced : ret;
652 EXPORT_SYMBOL(__splice_from_pipe);
655 * splice_from_pipe - splice data from a pipe to a file
656 * @pipe: pipe to splice from
657 * @out: file to splice to
658 * @ppos: position in @out
659 * @len: how many bytes to splice
660 * @flags: splice modifier flags
661 * @actor: handler that splices the data
664 * See __splice_from_pipe. This function locks the pipe inode,
665 * otherwise it's identical to __splice_from_pipe().
668 ssize_t splice_from_pipe(struct pipe_inode_info *pipe, struct file *out,
669 loff_t *ppos, size_t len, unsigned int flags,
673 struct splice_desc sd = {
681 ret = __splice_from_pipe(pipe, &sd, actor);
688 * iter_file_splice_write - splice data from a pipe to a file
690 * @out: file to write to
691 * @ppos: position in @out
692 * @len: number of bytes to splice
693 * @flags: splice modifier flags
696 * Will either move or copy pages (determined by @flags options) from
697 * the given pipe inode to the given file.
698 * This one is ->write_iter-based.
702 iter_file_splice_write(struct pipe_inode_info *pipe, struct file *out,
703 loff_t *ppos, size_t len, unsigned int flags)
705 struct splice_desc sd = {
711 int nbufs = pipe->max_usage;
712 struct bio_vec *array = kcalloc(nbufs, sizeof(struct bio_vec),
716 if (unlikely(!array))
721 splice_from_pipe_begin(&sd);
722 while (sd.total_len) {
723 struct iov_iter from;
724 unsigned int head, tail, mask;
728 ret = splice_from_pipe_next(pipe, &sd);
732 if (unlikely(nbufs < pipe->max_usage)) {
734 nbufs = pipe->max_usage;
735 array = kcalloc(nbufs, sizeof(struct bio_vec),
745 mask = pipe->ring_size - 1;
747 /* build the vector */
749 for (n = 0; !pipe_empty(head, tail) && left && n < nbufs; tail++) {
750 struct pipe_buffer *buf = &pipe->bufs[tail & mask];
751 size_t this_len = buf->len;
753 /* zero-length bvecs are not supported, skip them */
756 this_len = min(this_len, left);
758 ret = pipe_buf_confirm(pipe, buf);
765 bvec_set_page(&array[n], buf->page, this_len,
771 iov_iter_bvec(&from, ITER_SOURCE, array, n, sd.total_len - left);
772 ret = vfs_iter_write(out, &from, &sd.pos, 0);
776 sd.num_spliced += ret;
780 /* dismiss the fully eaten buffers, adjust the partial one */
783 struct pipe_buffer *buf = &pipe->bufs[tail & mask];
784 if (ret >= buf->len) {
787 pipe_buf_release(pipe, buf);
791 sd.need_wakeup = true;
801 splice_from_pipe_end(pipe, &sd);
806 ret = sd.num_spliced;
811 EXPORT_SYMBOL(iter_file_splice_write);
815 * splice_to_socket - splice data from a pipe to a socket
816 * @pipe: pipe to splice from
817 * @out: socket to write to
818 * @ppos: position in @out
819 * @len: number of bytes to splice
820 * @flags: splice modifier flags
823 * Will send @len bytes from the pipe to a network socket. No data copying
827 ssize_t splice_to_socket(struct pipe_inode_info *pipe, struct file *out,
828 loff_t *ppos, size_t len, unsigned int flags)
830 struct socket *sock = sock_from_file(out);
831 struct bio_vec bvec[16];
832 struct msghdr msg = {};
835 bool need_wakeup = false;
840 unsigned int head, tail, mask, bc = 0;
844 * Check for signal early to make process killable when there
845 * are always buffers available
848 if (signal_pending(current))
851 while (pipe_empty(pipe->head, pipe->tail)) {
860 if (flags & SPLICE_F_NONBLOCK)
864 if (signal_pending(current))
868 wakeup_pipe_writers(pipe);
872 pipe_wait_readable(pipe);
877 mask = pipe->ring_size - 1;
879 while (!pipe_empty(head, tail)) {
880 struct pipe_buffer *buf = &pipe->bufs[tail & mask];
888 seg = min_t(size_t, remain, buf->len);
889 seg = min_t(size_t, seg, PAGE_SIZE);
891 ret = pipe_buf_confirm(pipe, buf);
898 bvec_set_page(&bvec[bc++], buf->page, seg, buf->offset);
902 if (bc >= ARRAY_SIZE(bvec))
909 msg.msg_flags = MSG_SPLICE_PAGES;
910 if (flags & SPLICE_F_MORE)
911 msg.msg_flags |= MSG_MORE;
912 if (remain && pipe_occupancy(pipe->head, tail) > 0)
913 msg.msg_flags |= MSG_MORE;
915 iov_iter_bvec(&msg.msg_iter, ITER_SOURCE, bvec, bc,
917 ret = sock_sendmsg(sock, &msg);
925 struct pipe_buffer *buf = &pipe->bufs[tail & mask];
926 size_t seg = min_t(size_t, ret, buf->len);
933 pipe_buf_release(pipe, buf);
938 if (tail != pipe->tail) {
948 wakeup_pipe_writers(pipe);
949 return spliced ?: ret;
953 static int warn_unsupported(struct file *file, const char *op)
955 pr_debug_ratelimited(
956 "splice %s not supported for file %pD4 (pid: %d comm: %.20s)\n",
957 op, file, current->pid, current->comm);
962 * Attempt to initiate a splice from pipe to file.
964 static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
965 loff_t *ppos, size_t len, unsigned int flags)
967 if (unlikely(!out->f_op->splice_write))
968 return warn_unsupported(out, "write");
969 return out->f_op->splice_write(pipe, out, ppos, len, flags);
973 * Attempt to initiate a splice from a file to a pipe.
975 static long do_splice_to(struct file *in, loff_t *ppos,
976 struct pipe_inode_info *pipe, size_t len,
979 unsigned int p_space;
982 if (unlikely(!(in->f_mode & FMODE_READ)))
985 /* Don't try to read more the pipe has space for. */
986 p_space = pipe->max_usage - pipe_occupancy(pipe->head, pipe->tail);
987 len = min_t(size_t, len, p_space << PAGE_SHIFT);
989 ret = rw_verify_area(READ, in, ppos, len);
990 if (unlikely(ret < 0))
993 if (unlikely(len > MAX_RW_COUNT))
996 if (unlikely(!in->f_op->splice_read))
997 return warn_unsupported(in, "read");
998 return in->f_op->splice_read(in, ppos, pipe, len, flags);
1002 * splice_direct_to_actor - splices data directly between two non-pipes
1003 * @in: file to splice from
1004 * @sd: actor information on where to splice to
1005 * @actor: handles the data splicing
1008 * This is a special case helper to splice directly between two
1009 * points, without requiring an explicit pipe. Internally an allocated
1010 * pipe is cached in the process, and reused during the lifetime of
1014 ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
1015 splice_direct_actor *actor)
1017 struct pipe_inode_info *pipe;
1023 * We require the input to be seekable, as we don't want to randomly
1024 * drop data for eg socket -> socket splicing. Use the piped splicing
1027 if (unlikely(!(in->f_mode & FMODE_LSEEK)))
1031 * neither in nor out is a pipe, setup an internal pipe attached to
1032 * 'out' and transfer the wanted data from 'in' to 'out' through that
1034 pipe = current->splice_pipe;
1035 if (unlikely(!pipe)) {
1036 pipe = alloc_pipe_info();
1041 * We don't have an immediate reader, but we'll read the stuff
1042 * out of the pipe right after the splice_to_pipe(). So set
1043 * PIPE_READERS appropriately.
1047 current->splice_pipe = pipe;
1054 len = sd->total_len;
1058 * Don't block on output, we have to drain the direct pipe.
1060 sd->flags &= ~SPLICE_F_NONBLOCK;
1061 more = sd->flags & SPLICE_F_MORE;
1063 WARN_ON_ONCE(!pipe_empty(pipe->head, pipe->tail));
1067 loff_t pos = sd->pos, prev_pos = pos;
1069 ret = do_splice_to(in, &pos, pipe, len, flags);
1070 if (unlikely(ret <= 0))
1074 sd->total_len = read_len;
1077 * If more data is pending, set SPLICE_F_MORE
1078 * If this is the last data and SPLICE_F_MORE was not set
1079 * initially, clears it.
1082 sd->flags |= SPLICE_F_MORE;
1084 sd->flags &= ~SPLICE_F_MORE;
1086 * NOTE: nonblocking mode only applies to the input. We
1087 * must not do the output in nonblocking mode as then we
1088 * could get stuck data in the internal pipe:
1090 ret = actor(pipe, sd);
1091 if (unlikely(ret <= 0)) {
1100 if (ret < read_len) {
1101 sd->pos = prev_pos + ret;
1107 pipe->tail = pipe->head = 0;
1113 * If we did an incomplete transfer we must release
1114 * the pipe buffers in question:
1116 for (i = 0; i < pipe->ring_size; i++) {
1117 struct pipe_buffer *buf = &pipe->bufs[i];
1120 pipe_buf_release(pipe, buf);
1128 EXPORT_SYMBOL(splice_direct_to_actor);
1130 static int direct_splice_actor(struct pipe_inode_info *pipe,
1131 struct splice_desc *sd)
1133 struct file *file = sd->u.file;
1135 return do_splice_from(pipe, file, sd->opos, sd->total_len,
1140 * do_splice_direct - splices data directly between two files
1141 * @in: file to splice from
1142 * @ppos: input file offset
1143 * @out: file to splice to
1144 * @opos: output file offset
1145 * @len: number of bytes to splice
1146 * @flags: splice modifier flags
1149 * For use by do_sendfile(). splice can easily emulate sendfile, but
1150 * doing it in the application would incur an extra system call
1151 * (splice in + splice out, as compared to just sendfile()). So this helper
1152 * can splice directly through a process-private pipe.
1155 long do_splice_direct(struct file *in, loff_t *ppos, struct file *out,
1156 loff_t *opos, size_t len, unsigned int flags)
1158 struct splice_desc sd = {
1168 if (unlikely(!(out->f_mode & FMODE_WRITE)))
1171 if (unlikely(out->f_flags & O_APPEND))
1174 ret = rw_verify_area(WRITE, out, opos, len);
1175 if (unlikely(ret < 0))
1178 ret = splice_direct_to_actor(in, &sd, direct_splice_actor);
1184 EXPORT_SYMBOL(do_splice_direct);
1186 static int wait_for_space(struct pipe_inode_info *pipe, unsigned flags)
1189 if (unlikely(!pipe->readers)) {
1190 send_sig(SIGPIPE, current, 0);
1193 if (!pipe_full(pipe->head, pipe->tail, pipe->max_usage))
1195 if (flags & SPLICE_F_NONBLOCK)
1197 if (signal_pending(current))
1198 return -ERESTARTSYS;
1199 pipe_wait_writable(pipe);
1203 static int splice_pipe_to_pipe(struct pipe_inode_info *ipipe,
1204 struct pipe_inode_info *opipe,
1205 size_t len, unsigned int flags);
1207 long splice_file_to_pipe(struct file *in,
1208 struct pipe_inode_info *opipe,
1210 size_t len, unsigned int flags)
1215 ret = wait_for_space(opipe, flags);
1217 ret = do_splice_to(in, offset, opipe, len, flags);
1220 wakeup_pipe_readers(opipe);
1225 * Determine where to splice to/from.
1227 long do_splice(struct file *in, loff_t *off_in, struct file *out,
1228 loff_t *off_out, size_t len, unsigned int flags)
1230 struct pipe_inode_info *ipipe;
1231 struct pipe_inode_info *opipe;
1235 if (unlikely(!(in->f_mode & FMODE_READ) ||
1236 !(out->f_mode & FMODE_WRITE)))
1239 ipipe = get_pipe_info(in, true);
1240 opipe = get_pipe_info(out, true);
1242 if (ipipe && opipe) {
1243 if (off_in || off_out)
1246 /* Splicing to self would be fun, but... */
1250 if ((in->f_flags | out->f_flags) & O_NONBLOCK)
1251 flags |= SPLICE_F_NONBLOCK;
1253 return splice_pipe_to_pipe(ipipe, opipe, len, flags);
1260 if (!(out->f_mode & FMODE_PWRITE))
1264 offset = out->f_pos;
1267 if (unlikely(out->f_flags & O_APPEND))
1270 ret = rw_verify_area(WRITE, out, &offset, len);
1271 if (unlikely(ret < 0))
1274 if (in->f_flags & O_NONBLOCK)
1275 flags |= SPLICE_F_NONBLOCK;
1277 file_start_write(out);
1278 ret = do_splice_from(ipipe, out, &offset, len, flags);
1279 file_end_write(out);
1282 fsnotify_modify(out);
1285 out->f_pos = offset;
1296 if (!(in->f_mode & FMODE_PREAD))
1303 if (out->f_flags & O_NONBLOCK)
1304 flags |= SPLICE_F_NONBLOCK;
1306 ret = splice_file_to_pipe(in, opipe, &offset, len, flags);
1309 fsnotify_access(in);
1322 static long __do_splice(struct file *in, loff_t __user *off_in,
1323 struct file *out, loff_t __user *off_out,
1324 size_t len, unsigned int flags)
1326 struct pipe_inode_info *ipipe;
1327 struct pipe_inode_info *opipe;
1328 loff_t offset, *__off_in = NULL, *__off_out = NULL;
1331 ipipe = get_pipe_info(in, true);
1332 opipe = get_pipe_info(out, true);
1337 pipe_clear_nowait(in);
1342 pipe_clear_nowait(out);
1346 if (copy_from_user(&offset, off_out, sizeof(loff_t)))
1348 __off_out = &offset;
1351 if (copy_from_user(&offset, off_in, sizeof(loff_t)))
1356 ret = do_splice(in, __off_in, out, __off_out, len, flags);
1360 if (__off_out && copy_to_user(off_out, __off_out, sizeof(loff_t)))
1362 if (__off_in && copy_to_user(off_in, __off_in, sizeof(loff_t)))
1368 static int iter_to_pipe(struct iov_iter *from,
1369 struct pipe_inode_info *pipe,
1372 struct pipe_buffer buf = {
1373 .ops = &user_page_pipe_buf_ops,
1379 while (iov_iter_count(from)) {
1380 struct page *pages[16];
1385 left = iov_iter_get_pages2(from, pages, ~0UL, 16, &start);
1391 n = DIV_ROUND_UP(left + start, PAGE_SIZE);
1392 for (i = 0; i < n; i++) {
1393 int size = min_t(int, left, PAGE_SIZE - start);
1395 buf.page = pages[i];
1398 ret = add_to_pipe(pipe, &buf);
1399 if (unlikely(ret < 0)) {
1400 iov_iter_revert(from, left);
1401 // this one got dropped by add_to_pipe()
1412 return total ? total : ret;
1415 static int pipe_to_user(struct pipe_inode_info *pipe, struct pipe_buffer *buf,
1416 struct splice_desc *sd)
1418 int n = copy_page_to_iter(buf->page, buf->offset, sd->len, sd->u.data);
1419 return n == sd->len ? n : -EFAULT;
1423 * For lack of a better implementation, implement vmsplice() to userspace
1424 * as a simple copy of the pipes pages to the user iov.
1426 static long vmsplice_to_user(struct file *file, struct iov_iter *iter,
1429 struct pipe_inode_info *pipe = get_pipe_info(file, true);
1430 struct splice_desc sd = {
1431 .total_len = iov_iter_count(iter),
1440 pipe_clear_nowait(file);
1444 ret = __splice_from_pipe(pipe, &sd, pipe_to_user);
1452 * vmsplice splices a user address range into a pipe. It can be thought of
1453 * as splice-from-memory, where the regular splice is splice-from-file (or
1454 * to file). In both cases the output is a pipe, naturally.
1456 static long vmsplice_to_pipe(struct file *file, struct iov_iter *iter,
1459 struct pipe_inode_info *pipe;
1461 unsigned buf_flag = 0;
1463 if (flags & SPLICE_F_GIFT)
1464 buf_flag = PIPE_BUF_FLAG_GIFT;
1466 pipe = get_pipe_info(file, true);
1470 pipe_clear_nowait(file);
1473 ret = wait_for_space(pipe, flags);
1475 ret = iter_to_pipe(iter, pipe, buf_flag);
1478 wakeup_pipe_readers(pipe);
1482 static int vmsplice_type(struct fd f, int *type)
1486 if (f.file->f_mode & FMODE_WRITE) {
1487 *type = ITER_SOURCE;
1488 } else if (f.file->f_mode & FMODE_READ) {
1498 * Note that vmsplice only really supports true splicing _from_ user memory
1499 * to a pipe, not the other way around. Splicing from user memory is a simple
1500 * operation that can be supported without any funky alignment restrictions
1501 * or nasty vm tricks. We simply map in the user memory and fill them into
1502 * a pipe. The reverse isn't quite as easy, though. There are two possible
1503 * solutions for that:
1505 * - memcpy() the data internally, at which point we might as well just
1506 * do a regular read() on the buffer anyway.
1507 * - Lots of nasty vm tricks, that are neither fast nor flexible (it
1508 * has restriction limitations on both ends of the pipe).
1510 * Currently we punt and implement it as a normal copy, see pipe_to_user().
1513 SYSCALL_DEFINE4(vmsplice, int, fd, const struct iovec __user *, uiov,
1514 unsigned long, nr_segs, unsigned int, flags)
1516 struct iovec iovstack[UIO_FASTIOV];
1517 struct iovec *iov = iovstack;
1518 struct iov_iter iter;
1523 if (unlikely(flags & ~SPLICE_F_ALL))
1527 error = vmsplice_type(f, &type);
1531 error = import_iovec(type, uiov, nr_segs,
1532 ARRAY_SIZE(iovstack), &iov, &iter);
1536 if (!iov_iter_count(&iter))
1538 else if (type == ITER_SOURCE)
1539 error = vmsplice_to_pipe(f.file, &iter, flags);
1541 error = vmsplice_to_user(f.file, &iter, flags);
1549 SYSCALL_DEFINE6(splice, int, fd_in, loff_t __user *, off_in,
1550 int, fd_out, loff_t __user *, off_out,
1551 size_t, len, unsigned int, flags)
1559 if (unlikely(flags & ~SPLICE_F_ALL))
1565 out = fdget(fd_out);
1567 error = __do_splice(in.file, off_in, out.file, off_out,
1577 * Make sure there's data to read. Wait for input if we can, otherwise
1578 * return an appropriate error.
1580 static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
1585 * Check the pipe occupancy without the inode lock first. This function
1586 * is speculative anyways, so missing one is ok.
1588 if (!pipe_empty(pipe->head, pipe->tail))
1594 while (pipe_empty(pipe->head, pipe->tail)) {
1595 if (signal_pending(current)) {
1601 if (flags & SPLICE_F_NONBLOCK) {
1605 pipe_wait_readable(pipe);
1613 * Make sure there's writeable room. Wait for room if we can, otherwise
1614 * return an appropriate error.
1616 static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
1621 * Check pipe occupancy without the inode lock first. This function
1622 * is speculative anyways, so missing one is ok.
1624 if (!pipe_full(pipe->head, pipe->tail, pipe->max_usage))
1630 while (pipe_full(pipe->head, pipe->tail, pipe->max_usage)) {
1631 if (!pipe->readers) {
1632 send_sig(SIGPIPE, current, 0);
1636 if (flags & SPLICE_F_NONBLOCK) {
1640 if (signal_pending(current)) {
1644 pipe_wait_writable(pipe);
1652 * Splice contents of ipipe to opipe.
1654 static int splice_pipe_to_pipe(struct pipe_inode_info *ipipe,
1655 struct pipe_inode_info *opipe,
1656 size_t len, unsigned int flags)
1658 struct pipe_buffer *ibuf, *obuf;
1659 unsigned int i_head, o_head;
1660 unsigned int i_tail, o_tail;
1661 unsigned int i_mask, o_mask;
1663 bool input_wakeup = false;
1667 ret = ipipe_prep(ipipe, flags);
1671 ret = opipe_prep(opipe, flags);
1676 * Potential ABBA deadlock, work around it by ordering lock
1677 * grabbing by pipe info address. Otherwise two different processes
1678 * could deadlock (one doing tee from A -> B, the other from B -> A).
1680 pipe_double_lock(ipipe, opipe);
1682 i_tail = ipipe->tail;
1683 i_mask = ipipe->ring_size - 1;
1684 o_head = opipe->head;
1685 o_mask = opipe->ring_size - 1;
1690 if (!opipe->readers) {
1691 send_sig(SIGPIPE, current, 0);
1697 i_head = ipipe->head;
1698 o_tail = opipe->tail;
1700 if (pipe_empty(i_head, i_tail) && !ipipe->writers)
1704 * Cannot make any progress, because either the input
1705 * pipe is empty or the output pipe is full.
1707 if (pipe_empty(i_head, i_tail) ||
1708 pipe_full(o_head, o_tail, opipe->max_usage)) {
1709 /* Already processed some buffers, break */
1713 if (flags & SPLICE_F_NONBLOCK) {
1719 * We raced with another reader/writer and haven't
1720 * managed to process any buffers. A zero return
1721 * value means EOF, so retry instead.
1728 ibuf = &ipipe->bufs[i_tail & i_mask];
1729 obuf = &opipe->bufs[o_head & o_mask];
1731 if (len >= ibuf->len) {
1733 * Simply move the whole buffer from ipipe to opipe
1738 ipipe->tail = i_tail;
1739 input_wakeup = true;
1742 opipe->head = o_head;
1745 * Get a reference to this pipe buffer,
1746 * so we can copy the contents over.
1748 if (!pipe_buf_get(ipipe, ibuf)) {
1756 * Don't inherit the gift and merge flags, we need to
1757 * prevent multiple steals of this page.
1759 obuf->flags &= ~PIPE_BUF_FLAG_GIFT;
1760 obuf->flags &= ~PIPE_BUF_FLAG_CAN_MERGE;
1763 ibuf->offset += len;
1767 opipe->head = o_head;
1777 * If we put data in the output pipe, wakeup any potential readers.
1780 wakeup_pipe_readers(opipe);
1783 wakeup_pipe_writers(ipipe);
1789 * Link contents of ipipe to opipe.
1791 static int link_pipe(struct pipe_inode_info *ipipe,
1792 struct pipe_inode_info *opipe,
1793 size_t len, unsigned int flags)
1795 struct pipe_buffer *ibuf, *obuf;
1796 unsigned int i_head, o_head;
1797 unsigned int i_tail, o_tail;
1798 unsigned int i_mask, o_mask;
1802 * Potential ABBA deadlock, work around it by ordering lock
1803 * grabbing by pipe info address. Otherwise two different processes
1804 * could deadlock (one doing tee from A -> B, the other from B -> A).
1806 pipe_double_lock(ipipe, opipe);
1808 i_tail = ipipe->tail;
1809 i_mask = ipipe->ring_size - 1;
1810 o_head = opipe->head;
1811 o_mask = opipe->ring_size - 1;
1814 if (!opipe->readers) {
1815 send_sig(SIGPIPE, current, 0);
1821 i_head = ipipe->head;
1822 o_tail = opipe->tail;
1825 * If we have iterated all input buffers or run out of
1826 * output room, break.
1828 if (pipe_empty(i_head, i_tail) ||
1829 pipe_full(o_head, o_tail, opipe->max_usage))
1832 ibuf = &ipipe->bufs[i_tail & i_mask];
1833 obuf = &opipe->bufs[o_head & o_mask];
1836 * Get a reference to this pipe buffer,
1837 * so we can copy the contents over.
1839 if (!pipe_buf_get(ipipe, ibuf)) {
1848 * Don't inherit the gift and merge flag, we need to prevent
1849 * multiple steals of this page.
1851 obuf->flags &= ~PIPE_BUF_FLAG_GIFT;
1852 obuf->flags &= ~PIPE_BUF_FLAG_CAN_MERGE;
1854 if (obuf->len > len)
1860 opipe->head = o_head;
1868 * If we put data in the output pipe, wakeup any potential readers.
1871 wakeup_pipe_readers(opipe);
1877 * This is a tee(1) implementation that works on pipes. It doesn't copy
1878 * any data, it simply references the 'in' pages on the 'out' pipe.
1879 * The 'flags' used are the SPLICE_F_* variants, currently the only
1880 * applicable one is SPLICE_F_NONBLOCK.
1882 long do_tee(struct file *in, struct file *out, size_t len, unsigned int flags)
1884 struct pipe_inode_info *ipipe = get_pipe_info(in, true);
1885 struct pipe_inode_info *opipe = get_pipe_info(out, true);
1888 if (unlikely(!(in->f_mode & FMODE_READ) ||
1889 !(out->f_mode & FMODE_WRITE)))
1893 * Duplicate the contents of ipipe to opipe without actually
1896 if (ipipe && opipe && ipipe != opipe) {
1897 if ((in->f_flags | out->f_flags) & O_NONBLOCK)
1898 flags |= SPLICE_F_NONBLOCK;
1901 * Keep going, unless we encounter an error. The ipipe/opipe
1902 * ordering doesn't really matter.
1904 ret = ipipe_prep(ipipe, flags);
1906 ret = opipe_prep(opipe, flags);
1908 ret = link_pipe(ipipe, opipe, len, flags);
1915 SYSCALL_DEFINE4(tee, int, fdin, int, fdout, size_t, len, unsigned int, flags)
1920 if (unlikely(flags & ~SPLICE_F_ALL))
1931 error = do_tee(in.file, out.file, len, flags);
projects / platform / kernel / linux-starfive.git / blob