]> bbs.cooldavid.org Git - net-next-2.6.git/blame - fs/splice.c
git://bbs.cooldavid.org / net-next-2.6.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
splice: split up __splice_from_pipe()
[net-next-2.6.git] / fs / splice.c
CommitLineData
5274f052
JA		 1/*
2 * "splice": joining two ropes together by interweaving their strands.
3 *
4 * This is the "extended pipe" functionality, where a pipe is used as
5 * an arbitrary in-memory buffer. Think of a pipe as a small kernel
6 * buffer that you can use to transfer data from one end to the other.
7 *
8 * The traditional unix read/write is extended with a "splice()" operation
9 * that transfers data buffers to or from a pipe buffer.
10 *
11 * Named by Larry McVoy, original implementation from Linus, extended by
c2058e06
JA		 12 * Jens to support splicing to files, network, direct splicing, etc and
13 * fixing lots of bugs.
5274f052 14 *
0fe23479 15 * Copyright (C) 2005-2006 Jens Axboe <axboe@kernel.dk>
c2058e06
JA		 16 * Copyright (C) 2005-2006 Linus Torvalds <torvalds@osdl.org>
17 * Copyright (C) 2006 Ingo Molnar <mingo@elte.hu>
5274f052
JA		 18 *
19 */
20#include <linux/fs.h>
21#include <linux/file.h>
22#include <linux/pagemap.h>
d6b29d7c 23#include <linux/splice.h>
08e552c6 24#include <linux/memcontrol.h>
5274f052 25#include <linux/mm_inline.h>
5abc97aa 26#include <linux/swap.h>
4f6f0bd2
JA		 27#include <linux/writeback.h>
28#include <linux/buffer_head.h>
a0f06780 29#include <linux/module.h>
4f6f0bd2 30#include <linux/syscalls.h>
912d35f8 31#include <linux/uio.h>
29ce2058 32#include <linux/security.h>
5274f052 33
83f9135b
JA		 34/*
35 * Attempt to steal a page from a pipe buffer. This should perhaps go into
36 * a vm helper function, it's already simplified quite a bit by the
37 * addition of remove_mapping(). If success is returned, the caller may
38 * attempt to reuse this page for another destination.
39 */
76ad4d11 40static int page_cache_pipe_buf_steal(struct pipe_inode_info *pipe,
5abc97aa
JA		 41 struct pipe_buffer *buf)
42{
43 struct page *page = buf->page;
9e94cd4f 44 struct address_space *mapping;
5abc97aa 45
9e0267c2
JA		 46 lock_page(page);
47
9e94cd4f
JA		 48 mapping = page_mapping(page);
49 if (mapping) {
50 WARN_ON(!PageUptodate(page));
5abc97aa 51
9e94cd4f
JA		 52 /*
53 * At least for ext2 with nobh option, we need to wait on
54 * writeback completing on this page, since we'll remove it
55 * from the pagecache. Otherwise truncate wont wait on the
56 * page, allowing the disk blocks to be reused by someone else
57 * before we actually wrote our data to them. fs corruption
58 * ensues.
59 */
60 wait_on_page_writeback(page);
ad8d6f0a 61
266cf658
DH		 62 if (page_has_private(page) &&
63 !try_to_release_page(page, GFP_KERNEL))
ca39d651 64 goto out_unlock;
4f6f0bd2 65
9e94cd4f
JA		 66 /*
67 * If we succeeded in removing the mapping, set LRU flag
68 * and return good.
69 */
70 if (remove_mapping(mapping, page)) {
71 buf->flags |= PIPE_BUF_FLAG_LRU;
72 return 0;
73 }
9e0267c2 74 }
5abc97aa 75
9e94cd4f
JA		 76 /*
77 * Raced with truncate or failed to remove page from current
78 * address space, unlock and return failure.
79 */
ca39d651 80out_unlock:
9e94cd4f
JA		 81 unlock_page(page);
82 return 1;
5abc97aa
JA		 83}
84
76ad4d11 85static void page_cache_pipe_buf_release(struct pipe_inode_info *pipe,
5274f052
JA		 86 struct pipe_buffer *buf)
87{
88 page_cache_release(buf->page);
1432873a 89 buf->flags &= ~PIPE_BUF_FLAG_LRU;
5274f052
JA		 90}
91
0845718d
JA		 92/*
93 * Check whether the contents of buf is OK to access. Since the content
94 * is a page cache page, IO may be in flight.
95 */
cac36bb0
JA		 96static int page_cache_pipe_buf_confirm(struct pipe_inode_info *pipe,
97 struct pipe_buffer *buf)
5274f052
JA		 98{
99 struct page *page = buf->page;
49d0b21b 100 int err;
5274f052
JA		 101
102 if (!PageUptodate(page)) {
49d0b21b
JA		 103 lock_page(page);
104
105 /*
106 * Page got truncated/unhashed. This will cause a 0-byte
73d62d83 107 * splice, if this is the first page.
49d0b21b
JA		 108 */
109 if (!page->mapping) {
110 err = -ENODATA;
111 goto error;
112 }
5274f052 113
49d0b21b 114 /*
73d62d83 115 * Uh oh, read-error from disk.
49d0b21b
JA		 116 */
117 if (!PageUptodate(page)) {
118 err = -EIO;
119 goto error;
120 }
121
122 /*
f84d7519 123 * Page is ok afterall, we are done.
49d0b21b 124 */
5274f052 125 unlock_page(page);
5274f052
JA		 126 }
127
f84d7519 128 return 0;
49d0b21b
JA		 129error:
130 unlock_page(page);
f84d7519 131 return err;
70524490
JA		 132}
133
d4c3cca9 134static const struct pipe_buf_operations page_cache_pipe_buf_ops = {
5274f052 135 .can_merge = 0,
f84d7519
JA		 136 .map = generic_pipe_buf_map,
137 .unmap = generic_pipe_buf_unmap,
cac36bb0 138 .confirm = page_cache_pipe_buf_confirm,
5274f052 139 .release = page_cache_pipe_buf_release,
5abc97aa 140 .steal = page_cache_pipe_buf_steal,
f84d7519 141 .get = generic_pipe_buf_get,
5274f052
JA		 142};
143
912d35f8
JA		 144static int user_page_pipe_buf_steal(struct pipe_inode_info *pipe,
145 struct pipe_buffer *buf)
146{
7afa6fd0
JA		 147 if (!(buf->flags & PIPE_BUF_FLAG_GIFT))
148 return 1;
149
1432873a 150 buf->flags |= PIPE_BUF_FLAG_LRU;
330ab716 151 return generic_pipe_buf_steal(pipe, buf);
912d35f8
JA		 152}
153
d4c3cca9 154static const struct pipe_buf_operations user_page_pipe_buf_ops = {
912d35f8 155 .can_merge = 0,
f84d7519
JA		 156 .map = generic_pipe_buf_map,
157 .unmap = generic_pipe_buf_unmap,
cac36bb0 158 .confirm = generic_pipe_buf_confirm,
912d35f8
JA		 159 .release = page_cache_pipe_buf_release,
160 .steal = user_page_pipe_buf_steal,
f84d7519 161 .get = generic_pipe_buf_get,
912d35f8
JA		 162};
163
932cc6d4
JA		 164/**
165 * splice_to_pipe - fill passed data into a pipe
166 * @pipe: pipe to fill
167 * @spd: data to fill
168 *
169 * Description:
79685b8d 170 * @spd contains a map of pages and len/offset tuples, along with
932cc6d4
JA		 171 * the struct pipe_buf_operations associated with these pages. This
172 * function will link that data to the pipe.
173 *
83f9135b 174 */
d6b29d7c
JA		 175ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
176 struct splice_pipe_desc *spd)
5274f052 177{
00de00bd 178 unsigned int spd_pages = spd->nr_pages;
912d35f8 179 int ret, do_wakeup, page_nr;
5274f052
JA		 180
181 ret = 0;
182 do_wakeup = 0;
912d35f8 183 page_nr = 0;
5274f052 184
3a326a2c
IM		 185 if (pipe->inode)
186 mutex_lock(&pipe->inode->i_mutex);
5274f052 187
5274f052 188 for (;;) {
3a326a2c 189 if (!pipe->readers) {
5274f052
JA		 190 send_sig(SIGPIPE, current, 0);
191 if (!ret)
192 ret = -EPIPE;
193 break;
194 }
195
6f767b04
JA		 196 if (pipe->nrbufs < PIPE_BUFFERS) {
197 int newbuf = (pipe->curbuf + pipe->nrbufs) & (PIPE_BUFFERS - 1);
3a326a2c 198 struct pipe_buffer *buf = pipe->bufs + newbuf;
5274f052 199
912d35f8
JA		 200 buf->page = spd->pages[page_nr];
201 buf->offset = spd->partial[page_nr].offset;
202 buf->len = spd->partial[page_nr].len;
497f9625 203 buf->private = spd->partial[page_nr].private;
912d35f8 204 buf->ops = spd->ops;
7afa6fd0
JA		 205 if (spd->flags & SPLICE_F_GIFT)
206 buf->flags |= PIPE_BUF_FLAG_GIFT;
207
6f767b04 208 pipe->nrbufs++;
912d35f8
JA		 209 page_nr++;
210 ret += buf->len;
211
6f767b04
JA		 212 if (pipe->inode)
213 do_wakeup = 1;
5274f052 214
912d35f8 215 if (!--spd->nr_pages)
5274f052 216 break;
6f767b04 217 if (pipe->nrbufs < PIPE_BUFFERS)
5274f052
JA		 218 continue;
219
220 break;
221 }
222
912d35f8 223 if (spd->flags & SPLICE_F_NONBLOCK) {
29e35094
LT		 224 if (!ret)
225 ret = -EAGAIN;
226 break;
227 }
228
5274f052
JA		 229 if (signal_pending(current)) {
230 if (!ret)
231 ret = -ERESTARTSYS;
232 break;
233 }
234
235 if (do_wakeup) {
c0bd1f65 236 smp_mb();
3a326a2c
IM		 237 if (waitqueue_active(&pipe->wait))
238 wake_up_interruptible_sync(&pipe->wait);
239 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
5274f052
JA		 240 do_wakeup = 0;
241 }
242
3a326a2c
IM		 243 pipe->waiting_writers++;
244 pipe_wait(pipe);
245 pipe->waiting_writers--;
5274f052
JA		 246 }
247
02676e5a 248 if (pipe->inode) {
3a326a2c 249 mutex_unlock(&pipe->inode->i_mutex);
5274f052 250
02676e5a
JA		 251 if (do_wakeup) {
252 smp_mb();
253 if (waitqueue_active(&pipe->wait))
254 wake_up_interruptible(&pipe->wait);
255 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
256 }
5274f052
JA		 257 }
258
00de00bd 259 while (page_nr < spd_pages)
bbdfc2f7 260 spd->spd_release(spd, page_nr++);
5274f052
JA		 261
262 return ret;
263}
264
bbdfc2f7
JA		 265static void spd_release_page(struct splice_pipe_desc *spd, unsigned int i)
266{
267 page_cache_release(spd->pages[i]);
268}
269
3a326a2c 270static int
cbb7e577
JA		 271__generic_file_splice_read(struct file *in, loff_t *ppos,
272 struct pipe_inode_info *pipe, size_t len,
273 unsigned int flags)
5274f052
JA		 274{
275 struct address_space *mapping = in->f_mapping;
d8983910 276 unsigned int loff, nr_pages, req_pages;
16c523dd 277 struct page *pages[PIPE_BUFFERS];
912d35f8 278 struct partial_page partial[PIPE_BUFFERS];
5274f052 279 struct page *page;
91ad66ef
JA		 280 pgoff_t index, end_index;
281 loff_t isize;
eb20796b 282 int error, page_nr;
912d35f8
JA		 283 struct splice_pipe_desc spd = {
284 .pages = pages,
285 .partial = partial,
286 .flags = flags,
287 .ops = &page_cache_pipe_buf_ops,
bbdfc2f7 288 .spd_release = spd_release_page,
912d35f8 289 };
5274f052 290
cbb7e577 291 index = *ppos >> PAGE_CACHE_SHIFT;
912d35f8 292 loff = *ppos & ~PAGE_CACHE_MASK;
d8983910
FW		 293 req_pages = (len + loff + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
294 nr_pages = min(req_pages, (unsigned)PIPE_BUFFERS);
5274f052 295
eb20796b
JA		 296 /*
297 * Lookup the (hopefully) full range of pages we need.
298 */
299 spd.nr_pages = find_get_pages_contig(mapping, index, nr_pages, pages);
431a4820 300 index += spd.nr_pages;
82aa5d61 301
eb20796b
JA		 302 /*
303 * If find_get_pages_contig() returned fewer pages than we needed,
431a4820 304 * readahead/allocate the rest and fill in the holes.
eb20796b 305 */
431a4820 306 if (spd.nr_pages < nr_pages)
cf914a7d
RR		 307 page_cache_sync_readahead(mapping, &in->f_ra, in,
308 index, req_pages - spd.nr_pages);
431a4820 309
932cc6d4 310 error = 0;
eb20796b 311 while (spd.nr_pages < nr_pages) {
82aa5d61 312 /*
eb20796b
JA		 313 * Page could be there, find_get_pages_contig() breaks on
314 * the first hole.
5274f052 315 */
7480a904
JA		 316 page = find_get_page(mapping, index);
317 if (!page) {
7480a904 318 /*
eb20796b 319 * page didn't exist, allocate one.
7480a904
JA		 320 */
321 page = page_cache_alloc_cold(mapping);
322 if (!page)
323 break;
324
325 error = add_to_page_cache_lru(page, mapping, index,
4cd13504 326 mapping_gfp_mask(mapping));
7480a904
JA		 327 if (unlikely(error)) {
328 page_cache_release(page);
a0548871
JA		 329 if (error == -EEXIST)
330 continue;
7480a904
JA		 331 break;
332 }
eb20796b
JA		 333 /*
334 * add_to_page_cache() locks the page, unlock it
335 * to avoid convoluting the logic below even more.
336 */
337 unlock_page(page);
7480a904
JA		 338 }
339
eb20796b
JA		 340 pages[spd.nr_pages++] = page;
341 index++;
342 }
343
344 /*
345 * Now loop over the map and see if we need to start IO on any
346 * pages, fill in the partial map, etc.
347 */
348 index = *ppos >> PAGE_CACHE_SHIFT;
349 nr_pages = spd.nr_pages;
350 spd.nr_pages = 0;
351 for (page_nr = 0; page_nr < nr_pages; page_nr++) {
352 unsigned int this_len;
353
354 if (!len)
355 break;
356
357 /*
358 * this_len is the max we'll use from this page
359 */
360 this_len = min_t(unsigned long, len, PAGE_CACHE_SIZE - loff);
361 page = pages[page_nr];
362
a08a166f 363 if (PageReadahead(page))
cf914a7d 364 page_cache_async_readahead(mapping, &in->f_ra, in,
d8983910 365 page, index, req_pages - page_nr);
a08a166f 366
7480a904
JA		 367 /*
368 * If the page isn't uptodate, we may need to start io on it
369 */
370 if (!PageUptodate(page)) {
c4f895cb
JA		 371 /*
372 * If in nonblock mode then dont block on waiting
373 * for an in-flight io page
374 */
9ae9d68c 375 if (flags & SPLICE_F_NONBLOCK) {
529ae9aa 376 if (!trylock_page(page)) {
8191ecd1 377 error = -EAGAIN;
9ae9d68c 378 break;
8191ecd1 379 }
9ae9d68c
FW		 380 } else
381 lock_page(page);
7480a904
JA		 382
383 /*
32502b84
MS		 384 * Page was truncated, or invalidated by the
385 * filesystem. Redo the find/create, but this time the
386 * page is kept locked, so there's no chance of another
387 * race with truncate/invalidate.
7480a904
JA		 388 */
389 if (!page->mapping) {
390 unlock_page(page);
32502b84
MS		 391 page = find_or_create_page(mapping, index,
392 mapping_gfp_mask(mapping));
393
394 if (!page) {
395 error = -ENOMEM;
396 break;
397 }
398 page_cache_release(pages[page_nr]);
399 pages[page_nr] = page;
7480a904
JA		 400 }
401 /*
402 * page was already under io and is now done, great
403 */
404 if (PageUptodate(page)) {
405 unlock_page(page);
406 goto fill_it;
407 }
5274f052 408
7480a904
JA		 409 /*
410 * need to read in the page
411 */
412 error = mapping->a_ops->readpage(in, page);
5274f052 413 if (unlikely(error)) {
eb20796b
JA		 414 /*
415 * We really should re-lookup the page here,
416 * but it complicates things a lot. Instead
417 * lets just do what we already stored, and
418 * we'll get it the next time we are called.
419 */
7480a904 420 if (error == AOP_TRUNCATED_PAGE)
eb20796b
JA		 421 error = 0;
422
5274f052
JA		 423 break;
424 }
620a324b
JA		 425 }
426fill_it:
427 /*
428 * i_size must be checked after PageUptodate.
429 */
430 isize = i_size_read(mapping->host);
431 end_index = (isize - 1) >> PAGE_CACHE_SHIFT;
432 if (unlikely(!isize || index > end_index))
433 break;
434
435 /*
436 * if this is the last page, see if we need to shrink
437 * the length and stop
438 */
439 if (end_index == index) {
440 unsigned int plen;
91ad66ef
JA		 441
442 /*
620a324b 443 * max good bytes in this page
91ad66ef 444 */
620a324b
JA		 445 plen = ((isize - 1) & ~PAGE_CACHE_MASK) + 1;
446 if (plen <= loff)
91ad66ef 447 break;
91ad66ef
JA		 448
449 /*
620a324b 450 * force quit after adding this page
91ad66ef 451 */
620a324b
JA		 452 this_len = min(this_len, plen - loff);
453 len = this_len;
5274f052 454 }
620a324b 455
eb20796b
JA		 456 partial[page_nr].offset = loff;
457 partial[page_nr].len = this_len;
82aa5d61 458 len -= this_len;
91ad66ef 459 loff = 0;
eb20796b
JA		 460 spd.nr_pages++;
461 index++;
5274f052
JA		 462 }
463
eb20796b 464 /*
475ecade 465 * Release any pages at the end, if we quit early. 'page_nr' is how far
eb20796b
JA		 466 * we got, 'nr_pages' is how many pages are in the map.
467 */
468 while (page_nr < nr_pages)
469 page_cache_release(pages[page_nr++]);
f4e6b498 470 in->f_ra.prev_pos = (loff_t)index << PAGE_CACHE_SHIFT;
eb20796b 471
912d35f8 472 if (spd.nr_pages)
00522fb4 473 return splice_to_pipe(pipe, &spd);
5274f052 474
7480a904 475 return error;
5274f052
JA		 476}
477
83f9135b
JA		 478/**
479 * generic_file_splice_read - splice data from file to a pipe
480 * @in: file to splice from
932cc6d4 481 * @ppos: position in @in
83f9135b
JA		 482 * @pipe: pipe to splice to
483 * @len: number of bytes to splice
484 * @flags: splice modifier flags
485 *
932cc6d4
JA		 486 * Description:
487 * Will read pages from given file and fill them into a pipe. Can be
488 * used as long as the address_space operations for the source implements
489 * a readpage() hook.
490 *
83f9135b 491 */
cbb7e577
JA		 492ssize_t generic_file_splice_read(struct file *in, loff_t *ppos,
493 struct pipe_inode_info *pipe, size_t len,
494 unsigned int flags)
5274f052 495{
d366d398 496 loff_t isize, left;
8191ecd1 497 int ret;
d366d398
JA		 498
499 isize = i_size_read(in->f_mapping->host);
500 if (unlikely(*ppos >= isize))
501 return 0;
502
503 left = isize - *ppos;
504 if (unlikely(left < len))
505 len = left;
5274f052 506
8191ecd1
JA		 507 ret = __generic_file_splice_read(in, ppos, pipe, len, flags);
508 if (ret > 0)
cbb7e577 509 *ppos += ret;
5274f052
JA		 510
511 return ret;
512}
513
059a8f37
JA		 514EXPORT_SYMBOL(generic_file_splice_read);
515
5274f052 516/*
4f6f0bd2 517 * Send 'sd->len' bytes to socket from 'sd->file' at position 'sd->pos'
016b661e 518 * using sendpage(). Return the number of bytes sent.
5274f052 519 */
76ad4d11 520static int pipe_to_sendpage(struct pipe_inode_info *pipe,
5274f052
JA		 521 struct pipe_buffer *buf, struct splice_desc *sd)
522{
6a14b90b 523 struct file *file = sd->u.file;
5274f052 524 loff_t pos = sd->pos;
f84d7519 525 int ret, more;
5274f052 526
cac36bb0 527 ret = buf->ops->confirm(pipe, buf);
f84d7519
JA		 528 if (!ret) {
529 more = (sd->flags & SPLICE_F_MORE) || sd->len < sd->total_len;
5274f052 530
f84d7519
JA		 531 ret = file->f_op->sendpage(file, buf->page, buf->offset,
532 sd->len, &pos, more);
533 }
5274f052 534
016b661e 535 return ret;
5274f052
JA		 536}
537
538/*
539 * This is a little more tricky than the file -> pipe splicing. There are
540 * basically three cases:
541 *
542 * - Destination page already exists in the address space and there
543 * are users of it. For that case we have no other option that
544 * copying the data. Tough luck.
545 * - Destination page already exists in the address space, but there
546 * are no users of it. Make sure it's uptodate, then drop it. Fall
547 * through to last case.
548 * - Destination page does not exist, we can add the pipe page to
549 * the page cache and avoid the copy.
550 *
83f9135b
JA		 551 * If asked to move pages to the output file (SPLICE_F_MOVE is set in
552 * sd->flags), we attempt to migrate pages from the pipe to the output
553 * file address space page cache. This is possible if no one else has
554 * the pipe page referenced outside of the pipe and page cache. If
555 * SPLICE_F_MOVE isn't set, or we cannot move the page, we simply create
556 * a new page in the output file page cache and fill/dirty that.
5274f052 557 */
76ad4d11 558static int pipe_to_file(struct pipe_inode_info *pipe, struct pipe_buffer *buf,
5274f052
JA		 559 struct splice_desc *sd)
560{
6a14b90b 561 struct file *file = sd->u.file;
5274f052 562 struct address_space *mapping = file->f_mapping;
016b661e 563 unsigned int offset, this_len;
5274f052 564 struct page *page;
afddba49 565 void *fsdata;
3e7ee3e7 566 int ret;
5274f052
JA		 567
568 /*
49d0b21b 569 * make sure the data in this buffer is uptodate
5274f052 570 */
cac36bb0 571 ret = buf->ops->confirm(pipe, buf);
f84d7519
JA		 572 if (unlikely(ret))
573 return ret;
5274f052 574
5274f052
JA		 575 offset = sd->pos & ~PAGE_CACHE_MASK;
576
016b661e
JA		 577 this_len = sd->len;
578 if (this_len + offset > PAGE_CACHE_SIZE)
579 this_len = PAGE_CACHE_SIZE - offset;
580
afddba49
NP		 581 ret = pagecache_write_begin(file, mapping, sd->pos, this_len,
582 AOP_FLAG_UNINTERRUPTIBLE, &page, &fsdata);
583 if (unlikely(ret))
584 goto out;
5274f052 585
0568b409 586 if (buf->page != page) {
f84d7519
JA		 587 /*
588 * Careful, ->map() uses KM_USER0!
589 */
76ad4d11 590 char *src = buf->ops->map(pipe, buf, 1);
f84d7519 591 char *dst = kmap_atomic(page, KM_USER1);
5abc97aa 592
016b661e 593 memcpy(dst + offset, src + buf->offset, this_len);
5abc97aa 594 flush_dcache_page(page);
f84d7519 595 kunmap_atomic(dst, KM_USER1);
76ad4d11 596 buf->ops->unmap(pipe, buf, src);
5abc97aa 597 }
afddba49
NP		 598 ret = pagecache_write_end(file, mapping, sd->pos, this_len, this_len,
599 page, fsdata);
5274f052 600out:
5274f052
JA		 601 return ret;
602}
603
b3c2d2dd
MS		 604static void wakeup_pipe_writers(struct pipe_inode_info *pipe)
605{
606 smp_mb();
607 if (waitqueue_active(&pipe->wait))
608 wake_up_interruptible(&pipe->wait);
609 kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
610}
611
932cc6d4 612/**
b3c2d2dd 613 * splice_from_pipe_feed - feed available data from a pipe to a file
932cc6d4
JA		 614 * @pipe: pipe to splice from
615 * @sd: information to @actor
616 * @actor: handler that splices the data
617 *
618 * Description:
b3c2d2dd
MS		 619
620 * This function loops over the pipe and calls @actor to do the
621 * actual moving of a single struct pipe_buffer to the desired
622 * destination. It returns when there's no more buffers left in
623 * the pipe or if the requested number of bytes (@sd->total_len)
624 * have been copied. It returns a positive number (one) if the
625 * pipe needs to be filled with more data, zero if the required
626 * number of bytes have been copied and -errno on error.
932cc6d4 627 *
b3c2d2dd
MS		 628 * This, together with splice_from_pipe_{begin,end,next}, may be
629 * used to implement the functionality of __splice_from_pipe() when
630 * locking is required around copying the pipe buffers to the
631 * destination.
83f9135b 632 */
b3c2d2dd
MS		 633int splice_from_pipe_feed(struct pipe_inode_info *pipe, struct splice_desc *sd,
634 splice_actor *actor)
5274f052 635{
b3c2d2dd 636 int ret;
5274f052 637
b3c2d2dd
MS		 638 while (pipe->nrbufs) {
639 struct pipe_buffer *buf = pipe->bufs + pipe->curbuf;
640 const struct pipe_buf_operations *ops = buf->ops;
5274f052 641
b3c2d2dd
MS		 642 sd->len = buf->len;
643 if (sd->len > sd->total_len)
644 sd->len = sd->total_len;
5274f052 645
b3c2d2dd
MS		 646 ret = actor(pipe, buf, sd);
647 if (ret <= 0) {
648 if (ret == -ENODATA)
649 ret = 0;
650 return ret;
651 }
652 buf->offset += ret;
653 buf->len -= ret;
654
655 sd->num_spliced += ret;
656 sd->len -= ret;
657 sd->pos += ret;
658 sd->total_len -= ret;
659
660 if (!buf->len) {
661 buf->ops = NULL;
662 ops->release(pipe, buf);
663 pipe->curbuf = (pipe->curbuf + 1) & (PIPE_BUFFERS - 1);
664 pipe->nrbufs--;
665 if (pipe->inode)
666 sd->need_wakeup = true;
667 }
5274f052 668
b3c2d2dd
MS		 669 if (!sd->total_len)
670 return 0;
671 }
5274f052 672
b3c2d2dd
MS		 673 return 1;
674}
675EXPORT_SYMBOL(splice_from_pipe_feed);
5274f052 676
b3c2d2dd
MS		 677/**
678 * splice_from_pipe_next - wait for some data to splice from
679 * @pipe: pipe to splice from
680 * @sd: information about the splice operation
681 *
682 * Description:
683 * This function will wait for some data and return a positive
684 * value (one) if pipe buffers are available. It will return zero
685 * or -errno if no more data needs to be spliced.
686 */
687int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_desc *sd)
688{
689 while (!pipe->nrbufs) {
690 if (!pipe->writers)
691 return 0;
016b661e 692
b3c2d2dd
MS		 693 if (!pipe->waiting_writers && sd->num_spliced)
694 return 0;
73d62d83 695
b3c2d2dd
MS		 696 if (sd->flags & SPLICE_F_NONBLOCK)
697 return -EAGAIN;
5274f052 698
b3c2d2dd
MS		 699 if (signal_pending(current))
700 return -ERESTARTSYS;
5274f052 701
b3c2d2dd
MS		 702 if (sd->need_wakeup) {
703 wakeup_pipe_writers(pipe);
704 sd->need_wakeup = false;
5274f052
JA		 705 }
706
b3c2d2dd
MS		 707 pipe_wait(pipe);
708 }
29e35094 709
b3c2d2dd
MS		 710 return 1;
711}
712EXPORT_SYMBOL(splice_from_pipe_next);
5274f052 713
b3c2d2dd
MS		 714/**
715 * splice_from_pipe_begin - start splicing from pipe
716 * @pipe: pipe to splice from
717 *
718 * Description:
719 * This function should be called before a loop containing
720 * splice_from_pipe_next() and splice_from_pipe_feed() to
721 * initialize the necessary fields of @sd.
722 */
723void splice_from_pipe_begin(struct splice_desc *sd)
724{
725 sd->num_spliced = 0;
726 sd->need_wakeup = false;
727}
728EXPORT_SYMBOL(splice_from_pipe_begin);
5274f052 729
b3c2d2dd
MS		 730/**
731 * splice_from_pipe_end - finish splicing from pipe
732 * @pipe: pipe to splice from
733 * @sd: information about the splice operation
734 *
735 * Description:
736 * This function will wake up pipe writers if necessary. It should
737 * be called after a loop containing splice_from_pipe_next() and
738 * splice_from_pipe_feed().
739 */
740void splice_from_pipe_end(struct pipe_inode_info *pipe, struct splice_desc *sd)
741{
742 if (sd->need_wakeup)
743 wakeup_pipe_writers(pipe);
744}
745EXPORT_SYMBOL(splice_from_pipe_end);
5274f052 746
b3c2d2dd
MS		 747/**
748 * __splice_from_pipe - splice data from a pipe to given actor
749 * @pipe: pipe to splice from
750 * @sd: information to @actor
751 * @actor: handler that splices the data
752 *
753 * Description:
754 * This function does little more than loop over the pipe and call
755 * @actor to do the actual moving of a single struct pipe_buffer to
756 * the desired destination. See pipe_to_file, pipe_to_sendpage, or
757 * pipe_to_user.
758 *
759 */
760ssize_t __splice_from_pipe(struct pipe_inode_info *pipe, struct splice_desc *sd,
761 splice_actor *actor)
762{
763 int ret;
5274f052 764
b3c2d2dd
MS		 765 splice_from_pipe_begin(sd);
766 do {
767 ret = splice_from_pipe_next(pipe, sd);
768 if (ret > 0)
769 ret = splice_from_pipe_feed(pipe, sd, actor);
770 } while (ret > 0);
771 splice_from_pipe_end(pipe, sd);
772
773 return sd->num_spliced ? sd->num_spliced : ret;
5274f052 774}
40bee44e 775EXPORT_SYMBOL(__splice_from_pipe);
5274f052 776
932cc6d4
JA		 777/**
778 * splice_from_pipe - splice data from a pipe to a file
779 * @pipe: pipe to splice from
780 * @out: file to splice to
781 * @ppos: position in @out
782 * @len: how many bytes to splice
783 * @flags: splice modifier flags
784 * @actor: handler that splices the data
785 *
786 * Description:
787 * See __splice_from_pipe. This function locks the input and output inodes,
788 * otherwise it's identical to __splice_from_pipe().
789 *
790 */
6da61809
MF		 791ssize_t splice_from_pipe(struct pipe_inode_info *pipe, struct file *out,
792 loff_t *ppos, size_t len, unsigned int flags,
793 splice_actor *actor)
794{
795 ssize_t ret;
796 struct inode *inode = out->f_mapping->host;
c66ab6fa
JA		 797 struct splice_desc sd = {
798 .total_len = len,
799 .flags = flags,
800 .pos = *ppos,
6a14b90b 801 .u.file = out,
c66ab6fa 802 };
6da61809
MF		 803
804 /*
4e02ed4b
NP		 805 * The actor worker might be calling ->write_begin and
806 * ->write_end. Most of the time, these expect i_mutex to
6da61809
MF		 807 * be held. Since this may result in an ABBA deadlock with
808 * pipe->inode, we have to order lock acquiry here.
7bfac9ec
MS		 809 *
810 * Outer lock must be inode->i_mutex, as pipe_wait() will
811 * release and reacquire pipe->inode->i_mutex, AND inode must
812 * never be a pipe.
6da61809 813 */
7bfac9ec
MS		 814 WARN_ON(S_ISFIFO(inode->i_mode));
815 mutex_lock_nested(&inode->i_mutex, I_MUTEX_PARENT);
816 if (pipe->inode)
817 mutex_lock_nested(&pipe->inode->i_mutex, I_MUTEX_CHILD);
c66ab6fa 818 ret = __splice_from_pipe(pipe, &sd, actor);
7bfac9ec
MS		 819 if (pipe->inode)
820 mutex_unlock(&pipe->inode->i_mutex);
821 mutex_unlock(&inode->i_mutex);
6da61809
MF		 822
823 return ret;
824}
825
826/**
827 * generic_file_splice_write_nolock - generic_file_splice_write without mutexes
828 * @pipe: pipe info
829 * @out: file to write to
932cc6d4 830 * @ppos: position in @out
6da61809
MF		 831 * @len: number of bytes to splice
832 * @flags: splice modifier flags
833 *
932cc6d4
JA		 834 * Description:
835 * Will either move or copy pages (determined by @flags options) from
836 * the given pipe inode to the given file. The caller is responsible
837 * for acquiring i_mutex on both inodes.
6da61809
MF		 838 *
839 */
840ssize_t
841generic_file_splice_write_nolock(struct pipe_inode_info *pipe, struct file *out,
842 loff_t *ppos, size_t len, unsigned int flags)
843{
844 struct address_space *mapping = out->f_mapping;
845 struct inode *inode = mapping->host;
c66ab6fa
JA		 846 struct splice_desc sd = {
847 .total_len = len,
848 .flags = flags,
849 .pos = *ppos,
6a14b90b 850 .u.file = out,
c66ab6fa 851 };
6da61809
MF		 852 ssize_t ret;
853 int err;
854
2f1936b8 855 err = file_remove_suid(out);
8c34e2d6
JA		 856 if (unlikely(err))
857 return err;
858
c66ab6fa 859 ret = __splice_from_pipe(pipe, &sd, pipe_to_file);
6da61809 860 if (ret > 0) {
17ee4f49
JA		 861 unsigned long nr_pages;
862
6da61809 863 *ppos += ret;
17ee4f49 864 nr_pages = (ret + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
6da61809
MF		 865
866 /*
867 * If file or inode is SYNC and we actually wrote some data,
868 * sync it.
869 */
870 if (unlikely((out->f_flags & O_SYNC) || IS_SYNC(inode))) {
871 err = generic_osync_inode(inode, mapping,
872 OSYNC_METADATA|OSYNC_DATA);
873
874 if (err)
875 ret = err;
876 }
17ee4f49 877 balance_dirty_pages_ratelimited_nr(mapping, nr_pages);
6da61809
MF		 878 }
879
880 return ret;
881}
882
883EXPORT_SYMBOL(generic_file_splice_write_nolock);
884
83f9135b
JA		 885/**
886 * generic_file_splice_write - splice data from a pipe to a file
3a326a2c 887 * @pipe: pipe info
83f9135b 888 * @out: file to write to
932cc6d4 889 * @ppos: position in @out
83f9135b
JA		 890 * @len: number of bytes to splice
891 * @flags: splice modifier flags
892 *
932cc6d4
JA		 893 * Description:
894 * Will either move or copy pages (determined by @flags options) from
895 * the given pipe inode to the given file.
83f9135b
JA		 896 *
897 */
3a326a2c
IM		 898ssize_t
899generic_file_splice_write(struct pipe_inode_info *pipe, struct file *out,
cbb7e577 900 loff_t *ppos, size_t len, unsigned int flags)
5274f052 901{
4f6f0bd2 902 struct address_space *mapping = out->f_mapping;
8c34e2d6 903 struct inode *inode = mapping->host;
7f3d4ee1
MS		 904 struct splice_desc sd = {
905 .total_len = len,
906 .flags = flags,
907 .pos = *ppos,
908 .u.file = out,
909 };
3a326a2c
IM		 910 ssize_t ret;
911
7bfac9ec
MS		 912 WARN_ON(S_ISFIFO(inode->i_mode));
913 mutex_lock_nested(&inode->i_mutex, I_MUTEX_PARENT);
2f1936b8 914 ret = file_remove_suid(out);
7bfac9ec
MS		 915 if (likely(!ret)) {
916 if (pipe->inode)
917 mutex_lock_nested(&pipe->inode->i_mutex, I_MUTEX_CHILD);
7f3d4ee1 918 ret = __splice_from_pipe(pipe, &sd, pipe_to_file);
7bfac9ec
MS		 919 if (pipe->inode)
920 mutex_unlock(&pipe->inode->i_mutex);
921 }
922 mutex_unlock(&inode->i_mutex);
a4514ebd 923 if (ret > 0) {
17ee4f49
JA		 924 unsigned long nr_pages;
925
a4514ebd 926 *ppos += ret;
17ee4f49 927 nr_pages = (ret + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
a4514ebd
JA		 928
929 /*
930 * If file or inode is SYNC and we actually wrote some data,
931 * sync it.
932 */
933 if (unlikely((out->f_flags & O_SYNC) || IS_SYNC(inode))) {
7f3d4ee1
MS		 934 int err;
935
a4514ebd
JA		 936 mutex_lock(&inode->i_mutex);
937 err = generic_osync_inode(inode, mapping,
938 OSYNC_METADATA|OSYNC_DATA);
939 mutex_unlock(&inode->i_mutex);
4f6f0bd2 940
a4514ebd
JA		 941 if (err)
942 ret = err;
943 }
17ee4f49 944 balance_dirty_pages_ratelimited_nr(mapping, nr_pages);
4f6f0bd2
JA		 945 }
946
947 return ret;
5274f052
JA		 948}
949
059a8f37
JA		 950EXPORT_SYMBOL(generic_file_splice_write);
951
83f9135b
JA		 952/**
953 * generic_splice_sendpage - splice data from a pipe to a socket
932cc6d4 954 * @pipe: pipe to splice from
83f9135b 955 * @out: socket to write to
932cc6d4 956 * @ppos: position in @out
83f9135b
JA		 957 * @len: number of bytes to splice
958 * @flags: splice modifier flags
959 *
932cc6d4
JA		 960 * Description:
961 * Will send @len bytes from the pipe to a network socket. No data copying
962 * is involved.
83f9135b
JA		 963 *
964 */
3a326a2c 965ssize_t generic_splice_sendpage(struct pipe_inode_info *pipe, struct file *out,
cbb7e577 966 loff_t *ppos, size_t len, unsigned int flags)
5274f052 967{
00522fb4 968 return splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_sendpage);
5274f052
JA		 969}
970
059a8f37 971EXPORT_SYMBOL(generic_splice_sendpage);
a0f06780 972
83f9135b
JA		 973/*
974 * Attempt to initiate a splice from pipe to file.
975 */
3a326a2c 976static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
cbb7e577 977 loff_t *ppos, size_t len, unsigned int flags)
5274f052 978{
5274f052
JA		 979 int ret;
980
49570e9b 981 if (unlikely(!out->f_op || !out->f_op->splice_write))
5274f052
JA		 982 return -EINVAL;
983
49570e9b 984 if (unlikely(!(out->f_mode & FMODE_WRITE)))
5274f052
JA		 985 return -EBADF;
986
efc968d4
LT		 987 if (unlikely(out->f_flags & O_APPEND))
988 return -EINVAL;
989
cbb7e577 990 ret = rw_verify_area(WRITE, out, ppos, len);
5274f052
JA		 991 if (unlikely(ret < 0))
992 return ret;
993
cbb7e577 994 return out->f_op->splice_write(pipe, out, ppos, len, flags);
5274f052
JA		 995}
996
83f9135b
JA		 997/*
998 * Attempt to initiate a splice from a file to a pipe.
999 */
cbb7e577
JA		 1000static long do_splice_to(struct file *in, loff_t *ppos,
1001 struct pipe_inode_info *pipe, size_t len,
1002 unsigned int flags)
5274f052 1003{
5274f052
JA		 1004 int ret;
1005
49570e9b 1006 if (unlikely(!in->f_op || !in->f_op->splice_read))
5274f052
JA		 1007 return -EINVAL;
1008
49570e9b 1009 if (unlikely(!(in->f_mode & FMODE_READ)))
5274f052
JA		 1010 return -EBADF;
1011
cbb7e577 1012 ret = rw_verify_area(READ, in, ppos, len);
5274f052
JA		 1013 if (unlikely(ret < 0))
1014 return ret;
1015
cbb7e577 1016 return in->f_op->splice_read(in, ppos, pipe, len, flags);
5274f052
JA		 1017}
1018
932cc6d4
JA		 1019/**
1020 * splice_direct_to_actor - splices data directly between two non-pipes
1021 * @in: file to splice from
1022 * @sd: actor information on where to splice to
1023 * @actor: handles the data splicing
1024 *
1025 * Description:
1026 * This is a special case helper to splice directly between two
1027 * points, without requiring an explicit pipe. Internally an allocated
79685b8d 1028 * pipe is cached in the process, and reused during the lifetime of
932cc6d4
JA		 1029 * that process.
1030 *
c66ab6fa
JA		 1031 */
1032ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
1033 splice_direct_actor *actor)
b92ce558
JA		 1034{
1035 struct pipe_inode_info *pipe;
1036 long ret, bytes;
1037 umode_t i_mode;
c66ab6fa
JA		 1038 size_t len;
1039 int i, flags;
b92ce558
JA		 1040
1041 /*
1042 * We require the input being a regular file, as we don't want to
1043 * randomly drop data for eg socket -> socket splicing. Use the
1044 * piped splicing for that!
1045 */
0f7fc9e4 1046 i_mode = in->f_path.dentry->d_inode->i_mode;
b92ce558
JA		 1047 if (unlikely(!S_ISREG(i_mode) && !S_ISBLK(i_mode)))
1048 return -EINVAL;
1049
1050 /*
1051 * neither in nor out is a pipe, setup an internal pipe attached to
1052 * 'out' and transfer the wanted data from 'in' to 'out' through that
1053 */
1054 pipe = current->splice_pipe;
49570e9b 1055 if (unlikely(!pipe)) {
b92ce558
JA		 1056 pipe = alloc_pipe_info(NULL);
1057 if (!pipe)
1058 return -ENOMEM;
1059
1060 /*
1061 * We don't have an immediate reader, but we'll read the stuff
00522fb4 1062 * out of the pipe right after the splice_to_pipe(). So set
b92ce558
JA		 1063 * PIPE_READERS appropriately.
1064 */
1065 pipe->readers = 1;
1066
1067 current->splice_pipe = pipe;
1068 }
1069
1070 /*
73d62d83 1071 * Do the splice.
b92ce558
JA		 1072 */
1073 ret = 0;
1074 bytes = 0;
c66ab6fa
JA		 1075 len = sd->total_len;
1076 flags = sd->flags;
1077
1078 /*
1079 * Don't block on output, we have to drain the direct pipe.
1080 */
1081 sd->flags &= ~SPLICE_F_NONBLOCK;
b92ce558
JA		 1082
1083 while (len) {
51a92c0f 1084 size_t read_len;
a82c53a0 1085 loff_t pos = sd->pos, prev_pos = pos;
b92ce558 1086
bcd4f3ac 1087 ret = do_splice_to(in, &pos, pipe, len, flags);
51a92c0f 1088 if (unlikely(ret <= 0))
b92ce558
JA		 1089 goto out_release;
1090
1091 read_len = ret;
c66ab6fa 1092 sd->total_len = read_len;
b92ce558
JA		 1093
1094 /*
1095 * NOTE: nonblocking mode only applies to the input. We
1096 * must not do the output in nonblocking mode as then we
1097 * could get stuck data in the internal pipe:
1098 */
c66ab6fa 1099 ret = actor(pipe, sd);
a82c53a0
TZ		 1100 if (unlikely(ret <= 0)) {
1101 sd->pos = prev_pos;
b92ce558 1102 goto out_release;
a82c53a0 1103 }
b92ce558
JA		 1104
1105 bytes += ret;
1106 len -= ret;
bcd4f3ac 1107 sd->pos = pos;
b92ce558 1108
a82c53a0
TZ		 1109 if (ret < read_len) {
1110 sd->pos = prev_pos + ret;
51a92c0f 1111 goto out_release;
a82c53a0 1112 }
b92ce558
JA		 1113 }
1114
9e97198d 1115done:
b92ce558 1116 pipe->nrbufs = pipe->curbuf = 0;
80848708 1117 file_accessed(in);
b92ce558
JA		 1118 return bytes;
1119
1120out_release:
1121 /*
1122 * If we did an incomplete transfer we must release
1123 * the pipe buffers in question:
1124 */
1125 for (i = 0; i < PIPE_BUFFERS; i++) {
1126 struct pipe_buffer *buf = pipe->bufs + i;
1127
1128 if (buf->ops) {
1129 buf->ops->release(pipe, buf);
1130 buf->ops = NULL;
1131 }
1132 }
b92ce558 1133
9e97198d
JA		 1134 if (!bytes)
1135 bytes = ret;
c66ab6fa 1136
9e97198d 1137 goto done;
c66ab6fa
JA		 1138}
1139EXPORT_SYMBOL(splice_direct_to_actor);
1140
1141static int direct_splice_actor(struct pipe_inode_info *pipe,
1142 struct splice_desc *sd)
1143{
6a14b90b 1144 struct file *file = sd->u.file;
c66ab6fa
JA		 1145
1146 return do_splice_from(pipe, file, &sd->pos, sd->total_len, sd->flags);
1147}
1148
932cc6d4
JA		 1149/**
1150 * do_splice_direct - splices data directly between two files
1151 * @in: file to splice from
1152 * @ppos: input file offset
1153 * @out: file to splice to
1154 * @len: number of bytes to splice
1155 * @flags: splice modifier flags
1156 *
1157 * Description:
1158 * For use by do_sendfile(). splice can easily emulate sendfile, but
1159 * doing it in the application would incur an extra system call
1160 * (splice in + splice out, as compared to just sendfile()). So this helper
1161 * can splice directly through a process-private pipe.
1162 *
1163 */
c66ab6fa
JA		 1164long do_splice_direct(struct file *in, loff_t *ppos, struct file *out,
1165 size_t len, unsigned int flags)
1166{
1167 struct splice_desc sd = {
1168 .len = len,
1169 .total_len = len,
1170 .flags = flags,
1171 .pos = *ppos,
6a14b90b 1172 .u.file = out,
c66ab6fa 1173 };
51a92c0f 1174 long ret;
c66ab6fa
JA		 1175
1176 ret = splice_direct_to_actor(in, &sd, direct_splice_actor);
51a92c0f 1177 if (ret > 0)
a82c53a0 1178 *ppos = sd.pos;
51a92c0f 1179
c66ab6fa 1180 return ret;
b92ce558
JA		 1181}
1182
ddac0d39
JA		 1183/*
1184 * After the inode slimming patch, i_pipe/i_bdev/i_cdev share the same
1185 * location, so checking ->i_pipe is not enough to verify that this is a
1186 * pipe.
1187 */
1188static inline struct pipe_inode_info *pipe_info(struct inode *inode)
1189{
1190 if (S_ISFIFO(inode->i_mode))
1191 return inode->i_pipe;
1192
1193 return NULL;
1194}
1195
83f9135b
JA		 1196/*
1197 * Determine where to splice to/from.
1198 */
529565dc
IM		 1199static long do_splice(struct file *in, loff_t __user *off_in,
1200 struct file *out, loff_t __user *off_out,
1201 size_t len, unsigned int flags)
5274f052 1202{
3a326a2c 1203 struct pipe_inode_info *pipe;
cbb7e577 1204 loff_t offset, *off;
a4514ebd 1205 long ret;
5274f052 1206
0f7fc9e4 1207 pipe = pipe_info(in->f_path.dentry->d_inode);
529565dc
IM		 1208 if (pipe) {
1209 if (off_in)
1210 return -ESPIPE;
b92ce558
JA		 1211 if (off_out) {
1212 if (out->f_op->llseek == no_llseek)
1213 return -EINVAL;
cbb7e577 1214 if (copy_from_user(&offset, off_out, sizeof(loff_t)))
b92ce558 1215 return -EFAULT;
cbb7e577
JA		 1216 off = &offset;
1217 } else
1218 off = &out->f_pos;
529565dc 1219
a4514ebd
JA		 1220 ret = do_splice_from(pipe, out, off, len, flags);
1221
1222 if (off_out && copy_to_user(off_out, off, sizeof(loff_t)))
1223 ret = -EFAULT;
1224
1225 return ret;
529565dc 1226 }
5274f052 1227
0f7fc9e4 1228 pipe = pipe_info(out->f_path.dentry->d_inode);
529565dc
IM		 1229 if (pipe) {
1230 if (off_out)
1231 return -ESPIPE;
b92ce558
JA		 1232 if (off_in) {
1233 if (in->f_op->llseek == no_llseek)
1234 return -EINVAL;
cbb7e577 1235 if (copy_from_user(&offset, off_in, sizeof(loff_t)))
b92ce558 1236 return -EFAULT;
cbb7e577
JA		 1237 off = &offset;
1238 } else
1239 off = &in->f_pos;
529565dc 1240
a4514ebd
JA		 1241 ret = do_splice_to(in, off, pipe, len, flags);
1242
1243 if (off_in && copy_to_user(off_in, off, sizeof(loff_t)))
1244 ret = -EFAULT;
1245
1246 return ret;
529565dc 1247 }
5274f052
JA		 1248
1249 return -EINVAL;
1250}
1251
912d35f8
JA		 1252/*
1253 * Map an iov into an array of pages and offset/length tupples. With the
1254 * partial_page structure, we can map several non-contiguous ranges into
1255 * our ones pages[] map instead of splitting that operation into pieces.
1256 * Could easily be exported as a generic helper for other users, in which
1257 * case one would probably want to add a 'max_nr_pages' parameter as well.
1258 */
1259static int get_iovec_page_array(const struct iovec __user *iov,
1260 unsigned int nr_vecs, struct page **pages,
7afa6fd0 1261 struct partial_page *partial, int aligned)
912d35f8
JA		 1262{
1263 int buffers = 0, error = 0;
1264
912d35f8
JA		 1265 while (nr_vecs) {
1266 unsigned long off, npages;
75723957 1267 struct iovec entry;
912d35f8
JA		 1268 void __user *base;
1269 size_t len;
1270 int i;
1271
75723957 1272 error = -EFAULT;
bc40d73c 1273 if (copy_from_user(&entry, iov, sizeof(entry)))
912d35f8
JA		 1274 break;
1275
75723957
LT		 1276 base = entry.iov_base;
1277 len = entry.iov_len;
1278
912d35f8
JA		 1279 /*
1280 * Sanity check this iovec. 0 read succeeds.
1281 */
75723957 1282 error = 0;
912d35f8
JA		 1283 if (unlikely(!len))
1284 break;
1285 error = -EFAULT;
712a30e6 1286 if (!access_ok(VERIFY_READ, base, len))
912d35f8
JA		 1287 break;
1288
1289 /*
1290 * Get this base offset and number of pages, then map
1291 * in the user pages.
1292 */
1293 off = (unsigned long) base & ~PAGE_MASK;
7afa6fd0
JA		 1294
1295 /*
1296 * If asked for alignment, the offset must be zero and the
1297 * length a multiple of the PAGE_SIZE.
1298 */
1299 error = -EINVAL;
1300 if (aligned && (off || len & ~PAGE_MASK))
1301 break;
1302
912d35f8
JA		 1303 npages = (off + len + PAGE_SIZE - 1) >> PAGE_SHIFT;
1304 if (npages > PIPE_BUFFERS - buffers)
1305 npages = PIPE_BUFFERS - buffers;
1306
bc40d73c
NP		 1307 error = get_user_pages_fast((unsigned long)base, npages,
1308 0, &pages[buffers]);
912d35f8
JA		 1309
1310 if (unlikely(error <= 0))
1311 break;
1312
1313 /*
1314 * Fill this contiguous range into the partial page map.
1315 */
1316 for (i = 0; i < error; i++) {
7591489a 1317 const int plen = min_t(size_t, len, PAGE_SIZE - off);
912d35f8
JA		 1318
1319 partial[buffers].offset = off;
1320 partial[buffers].len = plen;
1321
1322 off = 0;
1323 len -= plen;
1324 buffers++;
1325 }
1326
1327 /*
1328 * We didn't complete this iov, stop here since it probably
1329 * means we have to move some of this into a pipe to
1330 * be able to continue.
1331 */
1332 if (len)
1333 break;
1334
1335 /*
1336 * Don't continue if we mapped fewer pages than we asked for,
1337 * or if we mapped the max number of pages that we have
1338 * room for.
1339 */
1340 if (error < npages || buffers == PIPE_BUFFERS)
1341 break;
1342
1343 nr_vecs--;
1344 iov++;
1345 }
1346
912d35f8
JA		 1347 if (buffers)
1348 return buffers;
1349
1350 return error;
1351}
1352
6a14b90b
JA		 1353static int pipe_to_user(struct pipe_inode_info *pipe, struct pipe_buffer *buf,
1354 struct splice_desc *sd)
1355{
1356 char *src;
1357 int ret;
1358
cac36bb0 1359 ret = buf->ops->confirm(pipe, buf);
6a14b90b
JA		 1360 if (unlikely(ret))
1361 return ret;
1362
1363 /*
1364 * See if we can use the atomic maps, by prefaulting in the
1365 * pages and doing an atomic copy
1366 */
1367 if (!fault_in_pages_writeable(sd->u.userptr, sd->len)) {
1368 src = buf->ops->map(pipe, buf, 1);
1369 ret = __copy_to_user_inatomic(sd->u.userptr, src + buf->offset,
1370 sd->len);
1371 buf->ops->unmap(pipe, buf, src);
1372 if (!ret) {
1373 ret = sd->len;
1374 goto out;
1375 }
1376 }
1377
1378 /*
1379 * No dice, use slow non-atomic map and copy
1380 */
1381 src = buf->ops->map(pipe, buf, 0);
1382
1383 ret = sd->len;
1384 if (copy_to_user(sd->u.userptr, src + buf->offset, sd->len))
1385 ret = -EFAULT;
1386
6866bef4 1387 buf->ops->unmap(pipe, buf, src);
6a14b90b
JA		 1388out:
1389 if (ret > 0)
1390 sd->u.userptr += ret;
6a14b90b
JA		 1391 return ret;
1392}
1393
1394/*
1395 * For lack of a better implementation, implement vmsplice() to userspace
1396 * as a simple copy of the pipes pages to the user iov.
1397 */
1398static long vmsplice_to_user(struct file *file, const struct iovec __user *iov,
1399 unsigned long nr_segs, unsigned int flags)
1400{
1401 struct pipe_inode_info *pipe;
1402 struct splice_desc sd;
1403 ssize_t size;
1404 int error;
1405 long ret;
1406
1407 pipe = pipe_info(file->f_path.dentry->d_inode);
1408 if (!pipe)
1409 return -EBADF;
1410
1411 if (pipe->inode)
1412 mutex_lock(&pipe->inode->i_mutex);
1413
1414 error = ret = 0;
1415 while (nr_segs) {
1416 void __user *base;
1417 size_t len;
1418
1419 /*
1420 * Get user address base and length for this iovec.
1421 */
1422 error = get_user(base, &iov->iov_base);
1423 if (unlikely(error))
1424 break;
1425 error = get_user(len, &iov->iov_len);
1426 if (unlikely(error))
1427 break;
1428
1429 /*
1430 * Sanity check this iovec. 0 read succeeds.
1431 */
1432 if (unlikely(!len))
1433 break;
1434 if (unlikely(!base)) {
1435 error = -EFAULT;
1436 break;
1437 }
1438
8811930d
JA		 1439 if (unlikely(!access_ok(VERIFY_WRITE, base, len))) {
1440 error = -EFAULT;
1441 break;
1442 }
1443
6a14b90b
JA		 1444 sd.len = 0;
1445 sd.total_len = len;
1446 sd.flags = flags;
1447 sd.u.userptr = base;
1448 sd.pos = 0;
1449
1450 size = __splice_from_pipe(pipe, &sd, pipe_to_user);
1451 if (size < 0) {
1452 if (!ret)
1453 ret = size;
1454
1455 break;
1456 }
1457
1458 ret += size;
1459
1460 if (size < len)
1461 break;
1462
1463 nr_segs--;
1464 iov++;
1465 }
1466
1467 if (pipe->inode)
1468 mutex_unlock(&pipe->inode->i_mutex);
1469
1470 if (!ret)
1471 ret = error;
1472
1473 return ret;
1474}
1475
912d35f8
JA		 1476/*
1477 * vmsplice splices a user address range into a pipe. It can be thought of
1478 * as splice-from-memory, where the regular splice is splice-from-file (or
1479 * to file). In both cases the output is a pipe, naturally.
912d35f8 1480 */
6a14b90b
JA		 1481static long vmsplice_to_pipe(struct file *file, const struct iovec __user *iov,
1482 unsigned long nr_segs, unsigned int flags)
912d35f8 1483{
ddac0d39 1484 struct pipe_inode_info *pipe;
912d35f8
JA		 1485 struct page *pages[PIPE_BUFFERS];
1486 struct partial_page partial[PIPE_BUFFERS];
1487 struct splice_pipe_desc spd = {
1488 .pages = pages,
1489 .partial = partial,
1490 .flags = flags,
1491 .ops = &user_page_pipe_buf_ops,
bbdfc2f7 1492 .spd_release = spd_release_page,
912d35f8
JA		 1493 };
1494
0f7fc9e4 1495 pipe = pipe_info(file->f_path.dentry->d_inode);
ddac0d39 1496 if (!pipe)
912d35f8 1497 return -EBADF;
912d35f8 1498
7afa6fd0
JA		 1499 spd.nr_pages = get_iovec_page_array(iov, nr_segs, pages, partial,
1500 flags & SPLICE_F_GIFT);
912d35f8
JA		 1501 if (spd.nr_pages <= 0)
1502 return spd.nr_pages;
1503
00522fb4 1504 return splice_to_pipe(pipe, &spd);
912d35f8
JA		 1505}
1506
6a14b90b
JA		 1507/*
1508 * Note that vmsplice only really supports true splicing _from_ user memory
1509 * to a pipe, not the other way around. Splicing from user memory is a simple
1510 * operation that can be supported without any funky alignment restrictions
1511 * or nasty vm tricks. We simply map in the user memory and fill them into
1512 * a pipe. The reverse isn't quite as easy, though. There are two possible
1513 * solutions for that:
1514 *
1515 * - memcpy() the data internally, at which point we might as well just
1516 * do a regular read() on the buffer anyway.
1517 * - Lots of nasty vm tricks, that are neither fast nor flexible (it
1518 * has restriction limitations on both ends of the pipe).
1519 *
1520 * Currently we punt and implement it as a normal copy, see pipe_to_user().
1521 *
1522 */
836f92ad
HC		 1523SYSCALL_DEFINE4(vmsplice, int, fd, const struct iovec __user *, iov,
1524 unsigned long, nr_segs, unsigned int, flags)
912d35f8
JA		 1525{
1526 struct file *file;
1527 long error;
1528 int fput;
1529
6a14b90b
JA		 1530 if (unlikely(nr_segs > UIO_MAXIOV))
1531 return -EINVAL;
1532 else if (unlikely(!nr_segs))
1533 return 0;
1534
912d35f8
JA		 1535 error = -EBADF;
1536 file = fget_light(fd, &fput);
1537 if (file) {
1538 if (file->f_mode & FMODE_WRITE)
6a14b90b
JA		 1539 error = vmsplice_to_pipe(file, iov, nr_segs, flags);
1540 else if (file->f_mode & FMODE_READ)
1541 error = vmsplice_to_user(file, iov, nr_segs, flags);
912d35f8
JA		 1542
1543 fput_light(file, fput);
1544 }
1545
1546 return error;
1547}
1548
836f92ad
HC		 1549SYSCALL_DEFINE6(splice, int, fd_in, loff_t __user *, off_in,
1550 int, fd_out, loff_t __user *, off_out,
1551 size_t, len, unsigned int, flags)
5274f052
JA		 1552{
1553 long error;
1554 struct file *in, *out;
1555 int fput_in, fput_out;
1556
1557 if (unlikely(!len))
1558 return 0;
1559
1560 error = -EBADF;
529565dc 1561 in = fget_light(fd_in, &fput_in);
5274f052
JA		 1562 if (in) {
1563 if (in->f_mode & FMODE_READ) {
529565dc 1564 out = fget_light(fd_out, &fput_out);
5274f052
JA		 1565 if (out) {
1566 if (out->f_mode & FMODE_WRITE)
529565dc
IM		 1567 error = do_splice(in, off_in,
1568 out, off_out,
1569 len, flags);
5274f052
JA		 1570 fput_light(out, fput_out);
1571 }
1572 }
1573
1574 fput_light(in, fput_in);
1575 }
1576
1577 return error;
1578}
70524490 1579
aadd06e5
JA		 1580/*
1581 * Make sure there's data to read. Wait for input if we can, otherwise
1582 * return an appropriate error.
1583 */
1584static int link_ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
1585{
1586 int ret;
1587
1588 /*
1589 * Check ->nrbufs without the inode lock first. This function
1590 * is speculative anyways, so missing one is ok.
1591 */
1592 if (pipe->nrbufs)
1593 return 0;
1594
1595 ret = 0;
1596 mutex_lock(&pipe->inode->i_mutex);
1597
1598 while (!pipe->nrbufs) {
1599 if (signal_pending(current)) {
1600 ret = -ERESTARTSYS;
1601 break;
1602 }
1603 if (!pipe->writers)
1604 break;
1605 if (!pipe->waiting_writers) {
1606 if (flags & SPLICE_F_NONBLOCK) {
1607 ret = -EAGAIN;
1608 break;
1609 }
1610 }
1611 pipe_wait(pipe);
1612 }
1613
1614 mutex_unlock(&pipe->inode->i_mutex);
1615 return ret;
1616}
1617
1618/*
1619 * Make sure there's writeable room. Wait for room if we can, otherwise
1620 * return an appropriate error.
1621 */
1622static int link_opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
1623{
1624 int ret;
1625
1626 /*
1627 * Check ->nrbufs without the inode lock first. This function
1628 * is speculative anyways, so missing one is ok.
1629 */
1630 if (pipe->nrbufs < PIPE_BUFFERS)
1631 return 0;
1632
1633 ret = 0;
1634 mutex_lock(&pipe->inode->i_mutex);
1635
1636 while (pipe->nrbufs >= PIPE_BUFFERS) {
1637 if (!pipe->readers) {
1638 send_sig(SIGPIPE, current, 0);
1639 ret = -EPIPE;
1640 break;
1641 }
1642 if (flags & SPLICE_F_NONBLOCK) {
1643 ret = -EAGAIN;
1644 break;
1645 }
1646 if (signal_pending(current)) {
1647 ret = -ERESTARTSYS;
1648 break;
1649 }
1650 pipe->waiting_writers++;
1651 pipe_wait(pipe);
1652 pipe->waiting_writers--;
1653 }
1654
1655 mutex_unlock(&pipe->inode->i_mutex);
1656 return ret;
1657}
1658
70524490
JA		 1659/*
1660 * Link contents of ipipe to opipe.
1661 */
1662static int link_pipe(struct pipe_inode_info *ipipe,
1663 struct pipe_inode_info *opipe,
1664 size_t len, unsigned int flags)
1665{
1666 struct pipe_buffer *ibuf, *obuf;
aadd06e5 1667 int ret = 0, i = 0, nbuf;
70524490
JA		 1668
1669 /*
1670 * Potential ABBA deadlock, work around it by ordering lock
1671 * grabbing by inode address. Otherwise two different processes
1672 * could deadlock (one doing tee from A -> B, the other from B -> A).
1673 */
62752ee1 1674 inode_double_lock(ipipe->inode, opipe->inode);
70524490 1675
aadd06e5 1676 do {
70524490
JA		 1677 if (!opipe->readers) {
1678 send_sig(SIGPIPE, current, 0);
1679 if (!ret)
1680 ret = -EPIPE;
1681 break;
1682 }
70524490 1683
aadd06e5
JA		 1684 /*
1685 * If we have iterated all input buffers or ran out of
1686 * output room, break.
1687 */
1688 if (i >= ipipe->nrbufs || opipe->nrbufs >= PIPE_BUFFERS)
1689 break;
70524490 1690
aadd06e5
JA		 1691 ibuf = ipipe->bufs + ((ipipe->curbuf + i) & (PIPE_BUFFERS - 1));
1692 nbuf = (opipe->curbuf + opipe->nrbufs) & (PIPE_BUFFERS - 1);
70524490
JA		 1693
1694 /*
aadd06e5
JA		 1695 * Get a reference to this pipe buffer,
1696 * so we can copy the contents over.
70524490 1697 */
aadd06e5
JA		 1698 ibuf->ops->get(ipipe, ibuf);
1699
1700 obuf = opipe->bufs + nbuf;
1701 *obuf = *ibuf;
1702
2a27250e 1703 /*
aadd06e5
JA		 1704 * Don't inherit the gift flag, we need to
1705 * prevent multiple steals of this page.
2a27250e 1706 */
aadd06e5 1707 obuf->flags &= ~PIPE_BUF_FLAG_GIFT;
70524490 1708
aadd06e5
JA		 1709 if (obuf->len > len)
1710 obuf->len = len;
70524490 1711
aadd06e5
JA		 1712 opipe->nrbufs++;
1713 ret += obuf->len;
1714 len -= obuf->len;
1715 i++;
1716 } while (len);
70524490 1717
02cf01ae
JA		 1718 /*
1719 * return EAGAIN if we have the potential of some data in the
1720 * future, otherwise just return 0
1721 */
1722 if (!ret && ipipe->waiting_writers && (flags & SPLICE_F_NONBLOCK))
1723 ret = -EAGAIN;
1724
62752ee1 1725 inode_double_unlock(ipipe->inode, opipe->inode);
70524490 1726
aadd06e5
JA		 1727 /*
1728 * If we put data in the output pipe, wakeup any potential readers.
1729 */
1730 if (ret > 0) {
70524490
JA		 1731 smp_mb();
1732 if (waitqueue_active(&opipe->wait))
1733 wake_up_interruptible(&opipe->wait);
1734 kill_fasync(&opipe->fasync_readers, SIGIO, POLL_IN);
1735 }
1736
1737 return ret;
1738}
1739
1740/*
1741 * This is a tee(1) implementation that works on pipes. It doesn't copy
1742 * any data, it simply references the 'in' pages on the 'out' pipe.
1743 * The 'flags' used are the SPLICE_F_* variants, currently the only
1744 * applicable one is SPLICE_F_NONBLOCK.
1745 */
1746static long do_tee(struct file *in, struct file *out, size_t len,
1747 unsigned int flags)
1748{
0f7fc9e4
JJS		 1749 struct pipe_inode_info *ipipe = pipe_info(in->f_path.dentry->d_inode);
1750 struct pipe_inode_info *opipe = pipe_info(out->f_path.dentry->d_inode);
aadd06e5 1751 int ret = -EINVAL;
70524490
JA		 1752
1753 /*
aadd06e5
JA		 1754 * Duplicate the contents of ipipe to opipe without actually
1755 * copying the data.
70524490 1756 */
aadd06e5
JA		 1757 if (ipipe && opipe && ipipe != opipe) {
1758 /*
1759 * Keep going, unless we encounter an error. The ipipe/opipe
1760 * ordering doesn't really matter.
1761 */
1762 ret = link_ipipe_prep(ipipe, flags);
1763 if (!ret) {
1764 ret = link_opipe_prep(opipe, flags);
02cf01ae 1765 if (!ret)
aadd06e5 1766 ret = link_pipe(ipipe, opipe, len, flags);
aadd06e5
JA		 1767 }
1768 }
70524490 1769
aadd06e5 1770 return ret;
70524490
JA		 1771}
1772
836f92ad 1773SYSCALL_DEFINE4(tee, int, fdin, int, fdout, size_t, len, unsigned int, flags)
70524490
JA		 1774{
1775 struct file *in;
1776 int error, fput_in;
1777
1778 if (unlikely(!len))
1779 return 0;
1780
1781 error = -EBADF;
1782 in = fget_light(fdin, &fput_in);
1783 if (in) {
1784 if (in->f_mode & FMODE_READ) {
1785 int fput_out;
1786 struct file *out = fget_light(fdout, &fput_out);
1787
1788 if (out) {
1789 if (out->f_mode & FMODE_WRITE)
1790 error = do_tee(in, out, len, flags);
1791 fput_light(out, fput_out);
1792 }
1793 }
1794 fput_light(in, fput_in);
1795 }
1796
1797 return error;
1798}
Clone of davem's net-next-2.6 tree