1 // SPDX-License-Identifier: GPL-2.0-only
3 * "splice": joining two ropes together by interweaving their strands.
5 * This is the "extended pipe" functionality, where a pipe is used as
6 * an arbitrary in-memory buffer. Think of a pipe as a small kernel
7 * buffer that you can use to transfer data from one end to the other.
9 * The traditional unix read/write is extended with a "splice()" operation
10 * that transfers data buffers to or from a pipe buffer.
12 * Named by Larry McVoy, original implementation from Linus, extended by
13 * Jens to support splicing to files, network, direct splicing, etc and
14 * fixing lots of bugs.
16 * Copyright (C) 2005-2006 Jens Axboe <axboe@kernel.dk>
17 * Copyright (C) 2005-2006 Linus Torvalds <torvalds@osdl.org>
18 * Copyright (C) 2006 Ingo Molnar <mingo@elte.hu>
21 #include <linux/bvec.h>
23 #include <linux/file.h>
24 #include <linux/pagemap.h>
25 #include <linux/splice.h>
26 #include <linux/memcontrol.h>
27 #include <linux/mm_inline.h>
28 #include <linux/swap.h>
29 #include <linux/writeback.h>
30 #include <linux/export.h>
31 #include <linux/syscalls.h>
32 #include <linux/uio.h>
33 #include <linux/fsnotify.h>
34 #include <linux/security.h>
35 #include <linux/gfp.h>
36 #include <linux/socket.h>
37 #include <linux/sched/signal.h>
42 * Splice doesn't support FMODE_NOWAIT. Since pipes may set this flag to
43 * indicate they support non-blocking reads or writes, we must clear it
44 * here if set to avoid blocking other users of this pipe if splice is
47 static noinline void noinline pipe_clear_nowait(struct file *file)
49 fmode_t fmode = READ_ONCE(file->f_mode);
52 if (!(fmode & FMODE_NOWAIT))
54 } while (!try_cmpxchg(&file->f_mode, &fmode, fmode & ~FMODE_NOWAIT));
58 * Attempt to steal a page from a pipe buffer. This should perhaps go into
59 * a vm helper function, it's already simplified quite a bit by the
60 * addition of remove_mapping(). If success is returned, the caller may
61 * attempt to reuse this page for another destination.
63 static bool page_cache_pipe_buf_try_steal(struct pipe_inode_info *pipe,
64 struct pipe_buffer *buf)
66 struct folio *folio = page_folio(buf->page);
67 struct address_space *mapping;
71 mapping = folio_mapping(folio);
73 WARN_ON(!folio_test_uptodate(folio));
76 * At least for ext2 with nobh option, we need to wait on
77 * writeback completing on this folio, since we'll remove it
78 * from the pagecache. Otherwise truncate wont wait on the
79 * folio, allowing the disk blocks to be reused by someone else
80 * before we actually wrote our data to them. fs corruption
83 folio_wait_writeback(folio);
85 if (folio_has_private(folio) &&
86 !filemap_release_folio(folio, GFP_KERNEL))
90 * If we succeeded in removing the mapping, set LRU flag
93 if (remove_mapping(mapping, folio)) {
94 buf->flags |= PIPE_BUF_FLAG_LRU;
100 * Raced with truncate or failed to remove folio from current
101 * address space, unlock and return failure.
108 static void page_cache_pipe_buf_release(struct pipe_inode_info *pipe,
109 struct pipe_buffer *buf)
112 buf->flags &= ~PIPE_BUF_FLAG_LRU;
116 * Check whether the contents of buf is OK to access. Since the content
117 * is a page cache page, IO may be in flight.
119 static int page_cache_pipe_buf_confirm(struct pipe_inode_info *pipe,
120 struct pipe_buffer *buf)
122 struct page *page = buf->page;
125 if (!PageUptodate(page)) {
129 * Page got truncated/unhashed. This will cause a 0-byte
130 * splice, if this is the first page.
132 if (!page->mapping) {
138 * Uh oh, read-error from disk.
140 if (!PageUptodate(page)) {
146 * Page is ok afterall, we are done.
157 const struct pipe_buf_operations page_cache_pipe_buf_ops = {
158 .confirm = page_cache_pipe_buf_confirm,
159 .release = page_cache_pipe_buf_release,
160 .try_steal = page_cache_pipe_buf_try_steal,
161 .get = generic_pipe_buf_get,
164 static bool user_page_pipe_buf_try_steal(struct pipe_inode_info *pipe,
165 struct pipe_buffer *buf)
167 if (!(buf->flags & PIPE_BUF_FLAG_GIFT))
170 buf->flags |= PIPE_BUF_FLAG_LRU;
171 return generic_pipe_buf_try_steal(pipe, buf);
174 static const struct pipe_buf_operations user_page_pipe_buf_ops = {
175 .release = page_cache_pipe_buf_release,
176 .try_steal = user_page_pipe_buf_try_steal,
177 .get = generic_pipe_buf_get,
180 static void wakeup_pipe_readers(struct pipe_inode_info *pipe)
183 if (waitqueue_active(&pipe->rd_wait))
184 wake_up_interruptible(&pipe->rd_wait);
185 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
189 * splice_to_pipe - fill passed data into a pipe
190 * @pipe: pipe to fill
194 * @spd contains a map of pages and len/offset tuples, along with
195 * the struct pipe_buf_operations associated with these pages. This
196 * function will link that data to the pipe.
199 ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
200 struct splice_pipe_desc *spd)
202 unsigned int spd_pages = spd->nr_pages;
203 unsigned int tail = pipe->tail;
204 unsigned int head = pipe->head;
205 unsigned int mask = pipe->ring_size - 1;
206 int ret = 0, page_nr = 0;
211 if (unlikely(!pipe->readers)) {
212 send_sig(SIGPIPE, current, 0);
217 while (!pipe_full(head, tail, pipe->max_usage)) {
218 struct pipe_buffer *buf = &pipe->bufs[head & mask];
220 buf->page = spd->pages[page_nr];
221 buf->offset = spd->partial[page_nr].offset;
222 buf->len = spd->partial[page_nr].len;
223 buf->private = spd->partial[page_nr].private;
232 if (!--spd->nr_pages)
240 while (page_nr < spd_pages)
241 spd->spd_release(spd, page_nr++);
245 EXPORT_SYMBOL_GPL(splice_to_pipe);
247 ssize_t add_to_pipe(struct pipe_inode_info *pipe, struct pipe_buffer *buf)
249 unsigned int head = pipe->head;
250 unsigned int tail = pipe->tail;
251 unsigned int mask = pipe->ring_size - 1;
254 if (unlikely(!pipe->readers)) {
255 send_sig(SIGPIPE, current, 0);
257 } else if (pipe_full(head, tail, pipe->max_usage)) {
260 pipe->bufs[head & mask] = *buf;
261 pipe->head = head + 1;
264 pipe_buf_release(pipe, buf);
267 EXPORT_SYMBOL(add_to_pipe);
270 * Check if we need to grow the arrays holding pages and partial page
273 int splice_grow_spd(const struct pipe_inode_info *pipe, struct splice_pipe_desc *spd)
275 unsigned int max_usage = READ_ONCE(pipe->max_usage);
277 spd->nr_pages_max = max_usage;
278 if (max_usage <= PIPE_DEF_BUFFERS)
281 spd->pages = kmalloc_array(max_usage, sizeof(struct page *), GFP_KERNEL);
282 spd->partial = kmalloc_array(max_usage, sizeof(struct partial_page),
285 if (spd->pages && spd->partial)
293 void splice_shrink_spd(struct splice_pipe_desc *spd)
295 if (spd->nr_pages_max <= PIPE_DEF_BUFFERS)
303 * copy_splice_read - Copy data from a file and splice the copy into a pipe
304 * @in: The file to read from
305 * @ppos: Pointer to the file position to read from
306 * @pipe: The pipe to splice into
307 * @len: The amount to splice
308 * @flags: The SPLICE_F_* flags
310 * This function allocates a bunch of pages sufficient to hold the requested
311 * amount of data (but limited by the remaining pipe capacity), passes it to
312 * the file's ->read_iter() to read into and then splices the used pages into
315 * Return: On success, the number of bytes read will be returned and *@ppos
316 * will be updated if appropriate; 0 will be returned if there is no more data
317 * to be read; -EAGAIN will be returned if the pipe had no space, and some
318 * other negative error code will be returned on error. A short read may occur
319 * if the pipe has insufficient space, we reach the end of the data or we hit a
322 ssize_t copy_splice_read(struct file *in, loff_t *ppos,
323 struct pipe_inode_info *pipe,
324 size_t len, unsigned int flags)
331 size_t used, npages, chunk, remain, keep = 0;
334 /* Work out how much data we can actually add into the pipe */
335 used = pipe_occupancy(pipe->head, pipe->tail);
336 npages = max_t(ssize_t, pipe->max_usage - used, 0);
337 len = min_t(size_t, len, npages * PAGE_SIZE);
338 npages = DIV_ROUND_UP(len, PAGE_SIZE);
340 bv = kzalloc(array_size(npages, sizeof(bv[0])) +
341 array_size(npages, sizeof(struct page *)), GFP_KERNEL);
345 pages = (struct page **)(bv + npages);
346 npages = alloc_pages_bulk_array(GFP_USER, npages, pages);
352 remain = len = min_t(size_t, len, npages * PAGE_SIZE);
354 for (i = 0; i < npages; i++) {
355 chunk = min_t(size_t, PAGE_SIZE, remain);
356 bv[i].bv_page = pages[i];
358 bv[i].bv_len = chunk;
363 iov_iter_bvec(&to, ITER_DEST, bv, npages, len);
364 init_sync_kiocb(&kiocb, in);
365 kiocb.ki_pos = *ppos;
366 ret = call_read_iter(in, &kiocb, &to);
369 keep = DIV_ROUND_UP(ret, PAGE_SIZE);
370 *ppos = kiocb.ki_pos;
374 * Callers of ->splice_read() expect -EAGAIN on "can't put anything in
375 * there", rather than -EFAULT.
380 /* Free any pages that didn't get touched at all. */
382 release_pages(pages + keep, npages - keep);
384 /* Push the remaining pages into the pipe. */
386 for (i = 0; i < keep; i++) {
387 struct pipe_buffer *buf = pipe_head_buf(pipe);
389 chunk = min_t(size_t, remain, PAGE_SIZE);
390 *buf = (struct pipe_buffer) {
391 .ops = &default_pipe_buf_ops,
392 .page = bv[i].bv_page,
403 EXPORT_SYMBOL(copy_splice_read);
405 const struct pipe_buf_operations default_pipe_buf_ops = {
406 .release = generic_pipe_buf_release,
407 .try_steal = generic_pipe_buf_try_steal,
408 .get = generic_pipe_buf_get,
411 /* Pipe buffer operations for a socket and similar. */
412 const struct pipe_buf_operations nosteal_pipe_buf_ops = {
413 .release = generic_pipe_buf_release,
414 .get = generic_pipe_buf_get,
416 EXPORT_SYMBOL(nosteal_pipe_buf_ops);
419 * Send 'sd->len' bytes to socket from 'sd->file' at position 'sd->pos'
420 * using sendpage(). Return the number of bytes sent.
422 static int pipe_to_sendpage(struct pipe_inode_info *pipe,
423 struct pipe_buffer *buf, struct splice_desc *sd)
425 struct file *file = sd->u.file;
426 loff_t pos = sd->pos;
429 if (!likely(file->f_op->sendpage))
432 more = (sd->flags & SPLICE_F_MORE) ? MSG_MORE : 0;
434 if (sd->len < sd->total_len &&
435 pipe_occupancy(pipe->head, pipe->tail) > 1)
436 more |= MSG_SENDPAGE_NOTLAST;
438 return file->f_op->sendpage(file, buf->page, buf->offset,
439 sd->len, &pos, more);
442 static void wakeup_pipe_writers(struct pipe_inode_info *pipe)
445 if (waitqueue_active(&pipe->wr_wait))
446 wake_up_interruptible(&pipe->wr_wait);
447 kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
451 * splice_from_pipe_feed - feed available data from a pipe to a file
452 * @pipe: pipe to splice from
453 * @sd: information to @actor
454 * @actor: handler that splices the data
457 * This function loops over the pipe and calls @actor to do the
458 * actual moving of a single struct pipe_buffer to the desired
459 * destination. It returns when there's no more buffers left in
460 * the pipe or if the requested number of bytes (@sd->total_len)
461 * have been copied. It returns a positive number (one) if the
462 * pipe needs to be filled with more data, zero if the required
463 * number of bytes have been copied and -errno on error.
465 * This, together with splice_from_pipe_{begin,end,next}, may be
466 * used to implement the functionality of __splice_from_pipe() when
467 * locking is required around copying the pipe buffers to the
470 static int splice_from_pipe_feed(struct pipe_inode_info *pipe, struct splice_desc *sd,
473 unsigned int head = pipe->head;
474 unsigned int tail = pipe->tail;
475 unsigned int mask = pipe->ring_size - 1;
478 while (!pipe_empty(head, tail)) {
479 struct pipe_buffer *buf = &pipe->bufs[tail & mask];
482 if (sd->len > sd->total_len)
483 sd->len = sd->total_len;
485 ret = pipe_buf_confirm(pipe, buf);
492 ret = actor(pipe, buf, sd);
499 sd->num_spliced += ret;
502 sd->total_len -= ret;
505 pipe_buf_release(pipe, buf);
509 sd->need_wakeup = true;
519 /* We know we have a pipe buffer, but maybe it's empty? */
520 static inline bool eat_empty_buffer(struct pipe_inode_info *pipe)
522 unsigned int tail = pipe->tail;
523 unsigned int mask = pipe->ring_size - 1;
524 struct pipe_buffer *buf = &pipe->bufs[tail & mask];
526 if (unlikely(!buf->len)) {
527 pipe_buf_release(pipe, buf);
536 * splice_from_pipe_next - wait for some data to splice from
537 * @pipe: pipe to splice from
538 * @sd: information about the splice operation
541 * This function will wait for some data and return a positive
542 * value (one) if pipe buffers are available. It will return zero
543 * or -errno if no more data needs to be spliced.
545 static int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_desc *sd)
548 * Check for signal early to make process killable when there are
549 * always buffers available
551 if (signal_pending(current))
555 while (pipe_empty(pipe->head, pipe->tail)) {
562 if (sd->flags & SPLICE_F_NONBLOCK)
565 if (signal_pending(current))
568 if (sd->need_wakeup) {
569 wakeup_pipe_writers(pipe);
570 sd->need_wakeup = false;
573 pipe_wait_readable(pipe);
576 if (eat_empty_buffer(pipe))
583 * splice_from_pipe_begin - start splicing from pipe
584 * @sd: information about the splice operation
587 * This function should be called before a loop containing
588 * splice_from_pipe_next() and splice_from_pipe_feed() to
589 * initialize the necessary fields of @sd.
591 static void splice_from_pipe_begin(struct splice_desc *sd)
594 sd->need_wakeup = false;
598 * splice_from_pipe_end - finish splicing from pipe
599 * @pipe: pipe to splice from
600 * @sd: information about the splice operation
603 * This function will wake up pipe writers if necessary. It should
604 * be called after a loop containing splice_from_pipe_next() and
605 * splice_from_pipe_feed().
607 static void splice_from_pipe_end(struct pipe_inode_info *pipe, struct splice_desc *sd)
610 wakeup_pipe_writers(pipe);
614 * __splice_from_pipe - splice data from a pipe to given actor
615 * @pipe: pipe to splice from
616 * @sd: information to @actor
617 * @actor: handler that splices the data
620 * This function does little more than loop over the pipe and call
621 * @actor to do the actual moving of a single struct pipe_buffer to
622 * the desired destination. See pipe_to_file, pipe_to_sendpage, or
626 ssize_t __splice_from_pipe(struct pipe_inode_info *pipe, struct splice_desc *sd,
631 splice_from_pipe_begin(sd);
634 ret = splice_from_pipe_next(pipe, sd);
636 ret = splice_from_pipe_feed(pipe, sd, actor);
638 splice_from_pipe_end(pipe, sd);
640 return sd->num_spliced ? sd->num_spliced : ret;
642 EXPORT_SYMBOL(__splice_from_pipe);
645 * splice_from_pipe - splice data from a pipe to a file
646 * @pipe: pipe to splice from
647 * @out: file to splice to
648 * @ppos: position in @out
649 * @len: how many bytes to splice
650 * @flags: splice modifier flags
651 * @actor: handler that splices the data
654 * See __splice_from_pipe. This function locks the pipe inode,
655 * otherwise it's identical to __splice_from_pipe().
658 ssize_t splice_from_pipe(struct pipe_inode_info *pipe, struct file *out,
659 loff_t *ppos, size_t len, unsigned int flags,
663 struct splice_desc sd = {
671 ret = __splice_from_pipe(pipe, &sd, actor);
678 * iter_file_splice_write - splice data from a pipe to a file
680 * @out: file to write to
681 * @ppos: position in @out
682 * @len: number of bytes to splice
683 * @flags: splice modifier flags
686 * Will either move or copy pages (determined by @flags options) from
687 * the given pipe inode to the given file.
688 * This one is ->write_iter-based.
692 iter_file_splice_write(struct pipe_inode_info *pipe, struct file *out,
693 loff_t *ppos, size_t len, unsigned int flags)
695 struct splice_desc sd = {
701 int nbufs = pipe->max_usage;
702 struct bio_vec *array = kcalloc(nbufs, sizeof(struct bio_vec),
706 if (unlikely(!array))
711 splice_from_pipe_begin(&sd);
712 while (sd.total_len) {
713 struct iov_iter from;
714 unsigned int head, tail, mask;
718 ret = splice_from_pipe_next(pipe, &sd);
722 if (unlikely(nbufs < pipe->max_usage)) {
724 nbufs = pipe->max_usage;
725 array = kcalloc(nbufs, sizeof(struct bio_vec),
735 mask = pipe->ring_size - 1;
737 /* build the vector */
739 for (n = 0; !pipe_empty(head, tail) && left && n < nbufs; tail++) {
740 struct pipe_buffer *buf = &pipe->bufs[tail & mask];
741 size_t this_len = buf->len;
743 /* zero-length bvecs are not supported, skip them */
746 this_len = min(this_len, left);
748 ret = pipe_buf_confirm(pipe, buf);
755 bvec_set_page(&array[n], buf->page, this_len,
761 iov_iter_bvec(&from, ITER_SOURCE, array, n, sd.total_len - left);
762 ret = vfs_iter_write(out, &from, &sd.pos, 0);
766 sd.num_spliced += ret;
770 /* dismiss the fully eaten buffers, adjust the partial one */
773 struct pipe_buffer *buf = &pipe->bufs[tail & mask];
774 if (ret >= buf->len) {
777 pipe_buf_release(pipe, buf);
781 sd.need_wakeup = true;
791 splice_from_pipe_end(pipe, &sd);
796 ret = sd.num_spliced;
801 EXPORT_SYMBOL(iter_file_splice_write);
804 * generic_splice_sendpage - splice data from a pipe to a socket
805 * @pipe: pipe to splice from
806 * @out: socket to write to
807 * @ppos: position in @out
808 * @len: number of bytes to splice
809 * @flags: splice modifier flags
812 * Will send @len bytes from the pipe to a network socket. No data copying
816 ssize_t generic_splice_sendpage(struct pipe_inode_info *pipe, struct file *out,
817 loff_t *ppos, size_t len, unsigned int flags)
819 return splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_sendpage);
822 EXPORT_SYMBOL(generic_splice_sendpage);
824 static int warn_unsupported(struct file *file, const char *op)
826 pr_debug_ratelimited(
827 "splice %s not supported for file %pD4 (pid: %d comm: %.20s)\n",
828 op, file, current->pid, current->comm);
833 * Attempt to initiate a splice from pipe to file.
835 static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
836 loff_t *ppos, size_t len, unsigned int flags)
838 if (unlikely(!out->f_op->splice_write))
839 return warn_unsupported(out, "write");
840 return out->f_op->splice_write(pipe, out, ppos, len, flags);
844 * vfs_splice_read - Read data from a file and splice it into a pipe
845 * @in: File to splice from
846 * @ppos: Input file offset
847 * @pipe: Pipe to splice to
848 * @len: Number of bytes to splice
849 * @flags: Splice modifier flags (SPLICE_F_*)
851 * Splice the requested amount of data from the input file to the pipe. This
852 * is synchronous as the caller must hold the pipe lock across the entire
855 * If successful, it returns the amount of data spliced, 0 if it hit the EOF or
856 * a hole and a negative error code otherwise.
858 long vfs_splice_read(struct file *in, loff_t *ppos,
859 struct pipe_inode_info *pipe, size_t len,
862 unsigned int p_space;
865 if (unlikely(!(in->f_mode & FMODE_READ)))
870 /* Don't try to read more the pipe has space for. */
871 p_space = pipe->max_usage - pipe_occupancy(pipe->head, pipe->tail);
872 len = min_t(size_t, len, p_space << PAGE_SHIFT);
874 ret = rw_verify_area(READ, in, ppos, len);
875 if (unlikely(ret < 0))
878 if (unlikely(len > MAX_RW_COUNT))
881 if (unlikely(!in->f_op->splice_read))
882 return warn_unsupported(in, "read");
884 * O_DIRECT and DAX don't deal with the pagecache, so we allocate a
885 * buffer, copy into it and splice that into the pipe.
887 if ((in->f_flags & O_DIRECT) || IS_DAX(in->f_mapping->host))
888 return copy_splice_read(in, ppos, pipe, len, flags);
889 return in->f_op->splice_read(in, ppos, pipe, len, flags);
891 EXPORT_SYMBOL_GPL(vfs_splice_read);
894 * splice_direct_to_actor - splices data directly between two non-pipes
895 * @in: file to splice from
896 * @sd: actor information on where to splice to
897 * @actor: handles the data splicing
900 * This is a special case helper to splice directly between two
901 * points, without requiring an explicit pipe. Internally an allocated
902 * pipe is cached in the process, and reused during the lifetime of
906 ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
907 splice_direct_actor *actor)
909 struct pipe_inode_info *pipe;
915 * We require the input to be seekable, as we don't want to randomly
916 * drop data for eg socket -> socket splicing. Use the piped splicing
919 if (unlikely(!(in->f_mode & FMODE_LSEEK)))
923 * neither in nor out is a pipe, setup an internal pipe attached to
924 * 'out' and transfer the wanted data from 'in' to 'out' through that
926 pipe = current->splice_pipe;
927 if (unlikely(!pipe)) {
928 pipe = alloc_pipe_info();
933 * We don't have an immediate reader, but we'll read the stuff
934 * out of the pipe right after the splice_to_pipe(). So set
935 * PIPE_READERS appropriately.
939 current->splice_pipe = pipe;
950 * Don't block on output, we have to drain the direct pipe.
952 sd->flags &= ~SPLICE_F_NONBLOCK;
953 more = sd->flags & SPLICE_F_MORE;
955 WARN_ON_ONCE(!pipe_empty(pipe->head, pipe->tail));
959 loff_t pos = sd->pos, prev_pos = pos;
961 ret = vfs_splice_read(in, &pos, pipe, len, flags);
962 if (unlikely(ret <= 0))
966 sd->total_len = read_len;
969 * If more data is pending, set SPLICE_F_MORE
970 * If this is the last data and SPLICE_F_MORE was not set
971 * initially, clears it.
974 sd->flags |= SPLICE_F_MORE;
976 sd->flags &= ~SPLICE_F_MORE;
978 * NOTE: nonblocking mode only applies to the input. We
979 * must not do the output in nonblocking mode as then we
980 * could get stuck data in the internal pipe:
982 ret = actor(pipe, sd);
983 if (unlikely(ret <= 0)) {
992 if (ret < read_len) {
993 sd->pos = prev_pos + ret;
999 pipe->tail = pipe->head = 0;
1005 * If we did an incomplete transfer we must release
1006 * the pipe buffers in question:
1008 for (i = 0; i < pipe->ring_size; i++) {
1009 struct pipe_buffer *buf = &pipe->bufs[i];
1012 pipe_buf_release(pipe, buf);
1020 EXPORT_SYMBOL(splice_direct_to_actor);
1022 static int direct_splice_actor(struct pipe_inode_info *pipe,
1023 struct splice_desc *sd)
1025 struct file *file = sd->u.file;
1027 return do_splice_from(pipe, file, sd->opos, sd->total_len,
1032 * do_splice_direct - splices data directly between two files
1033 * @in: file to splice from
1034 * @ppos: input file offset
1035 * @out: file to splice to
1036 * @opos: output file offset
1037 * @len: number of bytes to splice
1038 * @flags: splice modifier flags
1041 * For use by do_sendfile(). splice can easily emulate sendfile, but
1042 * doing it in the application would incur an extra system call
1043 * (splice in + splice out, as compared to just sendfile()). So this helper
1044 * can splice directly through a process-private pipe.
1047 long do_splice_direct(struct file *in, loff_t *ppos, struct file *out,
1048 loff_t *opos, size_t len, unsigned int flags)
1050 struct splice_desc sd = {
1060 if (unlikely(!(out->f_mode & FMODE_WRITE)))
1063 if (unlikely(out->f_flags & O_APPEND))
1066 ret = rw_verify_area(WRITE, out, opos, len);
1067 if (unlikely(ret < 0))
1070 ret = splice_direct_to_actor(in, &sd, direct_splice_actor);
1076 EXPORT_SYMBOL(do_splice_direct);
1078 static int wait_for_space(struct pipe_inode_info *pipe, unsigned flags)
1081 if (unlikely(!pipe->readers)) {
1082 send_sig(SIGPIPE, current, 0);
1085 if (!pipe_full(pipe->head, pipe->tail, pipe->max_usage))
1087 if (flags & SPLICE_F_NONBLOCK)
1089 if (signal_pending(current))
1090 return -ERESTARTSYS;
1091 pipe_wait_writable(pipe);
1095 static int splice_pipe_to_pipe(struct pipe_inode_info *ipipe,
1096 struct pipe_inode_info *opipe,
1097 size_t len, unsigned int flags);
1099 long splice_file_to_pipe(struct file *in,
1100 struct pipe_inode_info *opipe,
1102 size_t len, unsigned int flags)
1107 ret = wait_for_space(opipe, flags);
1109 ret = vfs_splice_read(in, offset, opipe, len, flags);
1112 wakeup_pipe_readers(opipe);
1117 * Determine where to splice to/from.
1119 long do_splice(struct file *in, loff_t *off_in, struct file *out,
1120 loff_t *off_out, size_t len, unsigned int flags)
1122 struct pipe_inode_info *ipipe;
1123 struct pipe_inode_info *opipe;
1127 if (unlikely(!(in->f_mode & FMODE_READ) ||
1128 !(out->f_mode & FMODE_WRITE)))
1131 ipipe = get_pipe_info(in, true);
1132 opipe = get_pipe_info(out, true);
1134 if (ipipe && opipe) {
1135 if (off_in || off_out)
1138 /* Splicing to self would be fun, but... */
1142 if ((in->f_flags | out->f_flags) & O_NONBLOCK)
1143 flags |= SPLICE_F_NONBLOCK;
1145 return splice_pipe_to_pipe(ipipe, opipe, len, flags);
1152 if (!(out->f_mode & FMODE_PWRITE))
1156 offset = out->f_pos;
1159 if (unlikely(out->f_flags & O_APPEND))
1162 ret = rw_verify_area(WRITE, out, &offset, len);
1163 if (unlikely(ret < 0))
1166 if (in->f_flags & O_NONBLOCK)
1167 flags |= SPLICE_F_NONBLOCK;
1169 file_start_write(out);
1170 ret = do_splice_from(ipipe, out, &offset, len, flags);
1171 file_end_write(out);
1174 fsnotify_modify(out);
1177 out->f_pos = offset;
1188 if (!(in->f_mode & FMODE_PREAD))
1195 if (out->f_flags & O_NONBLOCK)
1196 flags |= SPLICE_F_NONBLOCK;
1198 ret = splice_file_to_pipe(in, opipe, &offset, len, flags);
1201 fsnotify_access(in);
1214 static long __do_splice(struct file *in, loff_t __user *off_in,
1215 struct file *out, loff_t __user *off_out,
1216 size_t len, unsigned int flags)
1218 struct pipe_inode_info *ipipe;
1219 struct pipe_inode_info *opipe;
1220 loff_t offset, *__off_in = NULL, *__off_out = NULL;
1223 ipipe = get_pipe_info(in, true);
1224 opipe = get_pipe_info(out, true);
1229 pipe_clear_nowait(in);
1234 pipe_clear_nowait(out);
1238 if (copy_from_user(&offset, off_out, sizeof(loff_t)))
1240 __off_out = &offset;
1243 if (copy_from_user(&offset, off_in, sizeof(loff_t)))
1248 ret = do_splice(in, __off_in, out, __off_out, len, flags);
1252 if (__off_out && copy_to_user(off_out, __off_out, sizeof(loff_t)))
1254 if (__off_in && copy_to_user(off_in, __off_in, sizeof(loff_t)))
1260 static int iter_to_pipe(struct iov_iter *from,
1261 struct pipe_inode_info *pipe,
1264 struct pipe_buffer buf = {
1265 .ops = &user_page_pipe_buf_ops,
1271 while (iov_iter_count(from)) {
1272 struct page *pages[16];
1277 left = iov_iter_get_pages2(from, pages, ~0UL, 16, &start);
1283 n = DIV_ROUND_UP(left + start, PAGE_SIZE);
1284 for (i = 0; i < n; i++) {
1285 int size = min_t(int, left, PAGE_SIZE - start);
1287 buf.page = pages[i];
1290 ret = add_to_pipe(pipe, &buf);
1291 if (unlikely(ret < 0)) {
1292 iov_iter_revert(from, left);
1293 // this one got dropped by add_to_pipe()
1304 return total ? total : ret;
1307 static int pipe_to_user(struct pipe_inode_info *pipe, struct pipe_buffer *buf,
1308 struct splice_desc *sd)
1310 int n = copy_page_to_iter(buf->page, buf->offset, sd->len, sd->u.data);
1311 return n == sd->len ? n : -EFAULT;
1315 * For lack of a better implementation, implement vmsplice() to userspace
1316 * as a simple copy of the pipes pages to the user iov.
1318 static long vmsplice_to_user(struct file *file, struct iov_iter *iter,
1321 struct pipe_inode_info *pipe = get_pipe_info(file, true);
1322 struct splice_desc sd = {
1323 .total_len = iov_iter_count(iter),
1332 pipe_clear_nowait(file);
1336 ret = __splice_from_pipe(pipe, &sd, pipe_to_user);
1344 * vmsplice splices a user address range into a pipe. It can be thought of
1345 * as splice-from-memory, where the regular splice is splice-from-file (or
1346 * to file). In both cases the output is a pipe, naturally.
1348 static long vmsplice_to_pipe(struct file *file, struct iov_iter *iter,
1351 struct pipe_inode_info *pipe;
1353 unsigned buf_flag = 0;
1355 if (flags & SPLICE_F_GIFT)
1356 buf_flag = PIPE_BUF_FLAG_GIFT;
1358 pipe = get_pipe_info(file, true);
1362 pipe_clear_nowait(file);
1365 ret = wait_for_space(pipe, flags);
1367 ret = iter_to_pipe(iter, pipe, buf_flag);
1370 wakeup_pipe_readers(pipe);
1374 static int vmsplice_type(struct fd f, int *type)
1378 if (f.file->f_mode & FMODE_WRITE) {
1379 *type = ITER_SOURCE;
1380 } else if (f.file->f_mode & FMODE_READ) {
1390 * Note that vmsplice only really supports true splicing _from_ user memory
1391 * to a pipe, not the other way around. Splicing from user memory is a simple
1392 * operation that can be supported without any funky alignment restrictions
1393 * or nasty vm tricks. We simply map in the user memory and fill them into
1394 * a pipe. The reverse isn't quite as easy, though. There are two possible
1395 * solutions for that:
1397 * - memcpy() the data internally, at which point we might as well just
1398 * do a regular read() on the buffer anyway.
1399 * - Lots of nasty vm tricks, that are neither fast nor flexible (it
1400 * has restriction limitations on both ends of the pipe).
1402 * Currently we punt and implement it as a normal copy, see pipe_to_user().
1405 SYSCALL_DEFINE4(vmsplice, int, fd, const struct iovec __user *, uiov,
1406 unsigned long, nr_segs, unsigned int, flags)
1408 struct iovec iovstack[UIO_FASTIOV];
1409 struct iovec *iov = iovstack;
1410 struct iov_iter iter;
1415 if (unlikely(flags & ~SPLICE_F_ALL))
1419 error = vmsplice_type(f, &type);
1423 error = import_iovec(type, uiov, nr_segs,
1424 ARRAY_SIZE(iovstack), &iov, &iter);
1428 if (!iov_iter_count(&iter))
1430 else if (type == ITER_SOURCE)
1431 error = vmsplice_to_pipe(f.file, &iter, flags);
1433 error = vmsplice_to_user(f.file, &iter, flags);
1441 SYSCALL_DEFINE6(splice, int, fd_in, loff_t __user *, off_in,
1442 int, fd_out, loff_t __user *, off_out,
1443 size_t, len, unsigned int, flags)
1451 if (unlikely(flags & ~SPLICE_F_ALL))
1457 out = fdget(fd_out);
1459 error = __do_splice(in.file, off_in, out.file, off_out,
1469 * Make sure there's data to read. Wait for input if we can, otherwise
1470 * return an appropriate error.
1472 static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
1477 * Check the pipe occupancy without the inode lock first. This function
1478 * is speculative anyways, so missing one is ok.
1480 if (!pipe_empty(pipe->head, pipe->tail))
1486 while (pipe_empty(pipe->head, pipe->tail)) {
1487 if (signal_pending(current)) {
1493 if (flags & SPLICE_F_NONBLOCK) {
1497 pipe_wait_readable(pipe);
1505 * Make sure there's writeable room. Wait for room if we can, otherwise
1506 * return an appropriate error.
1508 static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
1513 * Check pipe occupancy without the inode lock first. This function
1514 * is speculative anyways, so missing one is ok.
1516 if (!pipe_full(pipe->head, pipe->tail, pipe->max_usage))
1522 while (pipe_full(pipe->head, pipe->tail, pipe->max_usage)) {
1523 if (!pipe->readers) {
1524 send_sig(SIGPIPE, current, 0);
1528 if (flags & SPLICE_F_NONBLOCK) {
1532 if (signal_pending(current)) {
1536 pipe_wait_writable(pipe);
1544 * Splice contents of ipipe to opipe.
1546 static int splice_pipe_to_pipe(struct pipe_inode_info *ipipe,
1547 struct pipe_inode_info *opipe,
1548 size_t len, unsigned int flags)
1550 struct pipe_buffer *ibuf, *obuf;
1551 unsigned int i_head, o_head;
1552 unsigned int i_tail, o_tail;
1553 unsigned int i_mask, o_mask;
1555 bool input_wakeup = false;
1559 ret = ipipe_prep(ipipe, flags);
1563 ret = opipe_prep(opipe, flags);
1568 * Potential ABBA deadlock, work around it by ordering lock
1569 * grabbing by pipe info address. Otherwise two different processes
1570 * could deadlock (one doing tee from A -> B, the other from B -> A).
1572 pipe_double_lock(ipipe, opipe);
1574 i_tail = ipipe->tail;
1575 i_mask = ipipe->ring_size - 1;
1576 o_head = opipe->head;
1577 o_mask = opipe->ring_size - 1;
1582 if (!opipe->readers) {
1583 send_sig(SIGPIPE, current, 0);
1589 i_head = ipipe->head;
1590 o_tail = opipe->tail;
1592 if (pipe_empty(i_head, i_tail) && !ipipe->writers)
1596 * Cannot make any progress, because either the input
1597 * pipe is empty or the output pipe is full.
1599 if (pipe_empty(i_head, i_tail) ||
1600 pipe_full(o_head, o_tail, opipe->max_usage)) {
1601 /* Already processed some buffers, break */
1605 if (flags & SPLICE_F_NONBLOCK) {
1611 * We raced with another reader/writer and haven't
1612 * managed to process any buffers. A zero return
1613 * value means EOF, so retry instead.
1620 ibuf = &ipipe->bufs[i_tail & i_mask];
1621 obuf = &opipe->bufs[o_head & o_mask];
1623 if (len >= ibuf->len) {
1625 * Simply move the whole buffer from ipipe to opipe
1630 ipipe->tail = i_tail;
1631 input_wakeup = true;
1634 opipe->head = o_head;
1637 * Get a reference to this pipe buffer,
1638 * so we can copy the contents over.
1640 if (!pipe_buf_get(ipipe, ibuf)) {
1648 * Don't inherit the gift and merge flags, we need to
1649 * prevent multiple steals of this page.
1651 obuf->flags &= ~PIPE_BUF_FLAG_GIFT;
1652 obuf->flags &= ~PIPE_BUF_FLAG_CAN_MERGE;
1655 ibuf->offset += len;
1659 opipe->head = o_head;
1669 * If we put data in the output pipe, wakeup any potential readers.
1672 wakeup_pipe_readers(opipe);
1675 wakeup_pipe_writers(ipipe);
1681 * Link contents of ipipe to opipe.
1683 static int link_pipe(struct pipe_inode_info *ipipe,
1684 struct pipe_inode_info *opipe,
1685 size_t len, unsigned int flags)
1687 struct pipe_buffer *ibuf, *obuf;
1688 unsigned int i_head, o_head;
1689 unsigned int i_tail, o_tail;
1690 unsigned int i_mask, o_mask;
1694 * Potential ABBA deadlock, work around it by ordering lock
1695 * grabbing by pipe info address. Otherwise two different processes
1696 * could deadlock (one doing tee from A -> B, the other from B -> A).
1698 pipe_double_lock(ipipe, opipe);
1700 i_tail = ipipe->tail;
1701 i_mask = ipipe->ring_size - 1;
1702 o_head = opipe->head;
1703 o_mask = opipe->ring_size - 1;
1706 if (!opipe->readers) {
1707 send_sig(SIGPIPE, current, 0);
1713 i_head = ipipe->head;
1714 o_tail = opipe->tail;
1717 * If we have iterated all input buffers or run out of
1718 * output room, break.
1720 if (pipe_empty(i_head, i_tail) ||
1721 pipe_full(o_head, o_tail, opipe->max_usage))
1724 ibuf = &ipipe->bufs[i_tail & i_mask];
1725 obuf = &opipe->bufs[o_head & o_mask];
1728 * Get a reference to this pipe buffer,
1729 * so we can copy the contents over.
1731 if (!pipe_buf_get(ipipe, ibuf)) {
1740 * Don't inherit the gift and merge flag, we need to prevent
1741 * multiple steals of this page.
1743 obuf->flags &= ~PIPE_BUF_FLAG_GIFT;
1744 obuf->flags &= ~PIPE_BUF_FLAG_CAN_MERGE;
1746 if (obuf->len > len)
1752 opipe->head = o_head;
1760 * If we put data in the output pipe, wakeup any potential readers.
1763 wakeup_pipe_readers(opipe);
1769 * This is a tee(1) implementation that works on pipes. It doesn't copy
1770 * any data, it simply references the 'in' pages on the 'out' pipe.
1771 * The 'flags' used are the SPLICE_F_* variants, currently the only
1772 * applicable one is SPLICE_F_NONBLOCK.
1774 long do_tee(struct file *in, struct file *out, size_t len, unsigned int flags)
1776 struct pipe_inode_info *ipipe = get_pipe_info(in, true);
1777 struct pipe_inode_info *opipe = get_pipe_info(out, true);
1780 if (unlikely(!(in->f_mode & FMODE_READ) ||
1781 !(out->f_mode & FMODE_WRITE)))
1785 * Duplicate the contents of ipipe to opipe without actually
1788 if (ipipe && opipe && ipipe != opipe) {
1789 if ((in->f_flags | out->f_flags) & O_NONBLOCK)
1790 flags |= SPLICE_F_NONBLOCK;
1793 * Keep going, unless we encounter an error. The ipipe/opipe
1794 * ordering doesn't really matter.
1796 ret = ipipe_prep(ipipe, flags);
1798 ret = opipe_prep(opipe, flags);
1800 ret = link_pipe(ipipe, opipe, len, flags);
1807 SYSCALL_DEFINE4(tee, int, fdin, int, fdout, size_t, len, unsigned int, flags)
1812 if (unlikely(flags & ~SPLICE_F_ALL))
1823 error = do_tee(in.file, out.file, len, flags);
projects / platform / kernel / linux-starfive.git / blob