splice: fix problems with sys_tee()
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / fs / splice.c
blob8fef6672b9b62dc46cfccc8f7352ea55a18d9736
1 /*
2 * "splice": joining two ropes together by interweaving their strands.
4 * This is the "extended pipe" functionality, where a pipe is used as
5 * an arbitrary in-memory buffer. Think of a pipe as a small kernel
6 * buffer that you can use to transfer data from one end to the other.
8 * The traditional unix read/write is extended with a "splice()" operation
9 * that transfers data buffers to or from a pipe buffer.
11 * Named by Larry McVoy, original implementation from Linus, extended by
12 * Jens to support splicing to files, network, direct splicing, etc and
13 * fixing lots of bugs.
15 * Copyright (C) 2005-2006 Jens Axboe <axboe@suse.de>
16 * Copyright (C) 2005-2006 Linus Torvalds <torvalds@osdl.org>
17 * Copyright (C) 2006 Ingo Molnar <mingo@elte.hu>
20 #include <linux/fs.h>
21 #include <linux/file.h>
22 #include <linux/pagemap.h>
23 #include <linux/pipe_fs_i.h>
24 #include <linux/mm_inline.h>
25 #include <linux/swap.h>
26 #include <linux/writeback.h>
27 #include <linux/buffer_head.h>
28 #include <linux/module.h>
29 #include <linux/syscalls.h>
30 #include <linux/uio.h>
32 struct partial_page {
33 unsigned int offset;
34 unsigned int len;
38 * Passed to splice_to_pipe
40 struct splice_pipe_desc {
41 struct page **pages; /* page map */
42 struct partial_page *partial; /* pages[] may not be contig */
43 int nr_pages; /* number of pages in map */
44 unsigned int flags; /* splice flags */
45 struct pipe_buf_operations *ops;/* ops associated with output pipe */
49 * Attempt to steal a page from a pipe buffer. This should perhaps go into
50 * a vm helper function, it's already simplified quite a bit by the
51 * addition of remove_mapping(). If success is returned, the caller may
52 * attempt to reuse this page for another destination.
54 static int page_cache_pipe_buf_steal(struct pipe_inode_info *pipe,
55 struct pipe_buffer *buf)
57 struct page *page = buf->page;
58 struct address_space *mapping = page_mapping(page);
60 lock_page(page);
62 WARN_ON(!PageUptodate(page));
65 * At least for ext2 with nobh option, we need to wait on writeback
66 * completing on this page, since we'll remove it from the pagecache.
67 * Otherwise truncate wont wait on the page, allowing the disk
68 * blocks to be reused by someone else before we actually wrote our
69 * data to them. fs corruption ensues.
71 wait_on_page_writeback(page);
73 if (PagePrivate(page))
74 try_to_release_page(page, mapping_gfp_mask(mapping));
76 if (!remove_mapping(mapping, page)) {
77 unlock_page(page);
78 return 1;
81 buf->flags |= PIPE_BUF_FLAG_LRU;
82 return 0;
85 static void page_cache_pipe_buf_release(struct pipe_inode_info *pipe,
86 struct pipe_buffer *buf)
88 page_cache_release(buf->page);
89 buf->flags &= ~PIPE_BUF_FLAG_LRU;
92 static int page_cache_pipe_buf_pin(struct pipe_inode_info *pipe,
93 struct pipe_buffer *buf)
95 struct page *page = buf->page;
96 int err;
98 if (!PageUptodate(page)) {
99 lock_page(page);
102 * Page got truncated/unhashed. This will cause a 0-byte
103 * splice, if this is the first page.
105 if (!page->mapping) {
106 err = -ENODATA;
107 goto error;
111 * Uh oh, read-error from disk.
113 if (!PageUptodate(page)) {
114 err = -EIO;
115 goto error;
119 * Page is ok afterall, we are done.
121 unlock_page(page);
124 return 0;
125 error:
126 unlock_page(page);
127 return err;
130 static struct pipe_buf_operations page_cache_pipe_buf_ops = {
131 .can_merge = 0,
132 .map = generic_pipe_buf_map,
133 .unmap = generic_pipe_buf_unmap,
134 .pin = page_cache_pipe_buf_pin,
135 .release = page_cache_pipe_buf_release,
136 .steal = page_cache_pipe_buf_steal,
137 .get = generic_pipe_buf_get,
140 static int user_page_pipe_buf_steal(struct pipe_inode_info *pipe,
141 struct pipe_buffer *buf)
143 if (!(buf->flags & PIPE_BUF_FLAG_GIFT))
144 return 1;
146 buf->flags |= PIPE_BUF_FLAG_LRU;
147 return generic_pipe_buf_steal(pipe, buf);
150 static struct pipe_buf_operations user_page_pipe_buf_ops = {
151 .can_merge = 0,
152 .map = generic_pipe_buf_map,
153 .unmap = generic_pipe_buf_unmap,
154 .pin = generic_pipe_buf_pin,
155 .release = page_cache_pipe_buf_release,
156 .steal = user_page_pipe_buf_steal,
157 .get = generic_pipe_buf_get,
161 * Pipe output worker. This sets up our pipe format with the page cache
162 * pipe buffer operations. Otherwise very similar to the regular pipe_writev().
164 static ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
165 struct splice_pipe_desc *spd)
167 int ret, do_wakeup, page_nr;
169 ret = 0;
170 do_wakeup = 0;
171 page_nr = 0;
173 if (pipe->inode)
174 mutex_lock(&pipe->inode->i_mutex);
176 for (;;) {
177 if (!pipe->readers) {
178 send_sig(SIGPIPE, current, 0);
179 if (!ret)
180 ret = -EPIPE;
181 break;
184 if (pipe->nrbufs < PIPE_BUFFERS) {
185 int newbuf = (pipe->curbuf + pipe->nrbufs) & (PIPE_BUFFERS - 1);
186 struct pipe_buffer *buf = pipe->bufs + newbuf;
188 buf->page = spd->pages[page_nr];
189 buf->offset = spd->partial[page_nr].offset;
190 buf->len = spd->partial[page_nr].len;
191 buf->ops = spd->ops;
192 if (spd->flags & SPLICE_F_GIFT)
193 buf->flags |= PIPE_BUF_FLAG_GIFT;
195 pipe->nrbufs++;
196 page_nr++;
197 ret += buf->len;
199 if (pipe->inode)
200 do_wakeup = 1;
202 if (!--spd->nr_pages)
203 break;
204 if (pipe->nrbufs < PIPE_BUFFERS)
205 continue;
207 break;
210 if (spd->flags & SPLICE_F_NONBLOCK) {
211 if (!ret)
212 ret = -EAGAIN;
213 break;
216 if (signal_pending(current)) {
217 if (!ret)
218 ret = -ERESTARTSYS;
219 break;
222 if (do_wakeup) {
223 smp_mb();
224 if (waitqueue_active(&pipe->wait))
225 wake_up_interruptible_sync(&pipe->wait);
226 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
227 do_wakeup = 0;
230 pipe->waiting_writers++;
231 pipe_wait(pipe);
232 pipe->waiting_writers--;
235 if (pipe->inode)
236 mutex_unlock(&pipe->inode->i_mutex);
238 if (do_wakeup) {
239 smp_mb();
240 if (waitqueue_active(&pipe->wait))
241 wake_up_interruptible(&pipe->wait);
242 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
245 while (page_nr < spd->nr_pages)
246 page_cache_release(spd->pages[page_nr++]);
248 return ret;
251 static int
252 __generic_file_splice_read(struct file *in, loff_t *ppos,
253 struct pipe_inode_info *pipe, size_t len,
254 unsigned int flags)
256 struct address_space *mapping = in->f_mapping;
257 unsigned int loff, nr_pages;
258 struct page *pages[PIPE_BUFFERS];
259 struct partial_page partial[PIPE_BUFFERS];
260 struct page *page;
261 pgoff_t index, end_index;
262 loff_t isize;
263 size_t total_len;
264 int error, page_nr;
265 struct splice_pipe_desc spd = {
266 .pages = pages,
267 .partial = partial,
268 .flags = flags,
269 .ops = &page_cache_pipe_buf_ops,
272 index = *ppos >> PAGE_CACHE_SHIFT;
273 loff = *ppos & ~PAGE_CACHE_MASK;
274 nr_pages = (len + loff + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
276 if (nr_pages > PIPE_BUFFERS)
277 nr_pages = PIPE_BUFFERS;
280 * Initiate read-ahead on this page range. however, don't call into
281 * read-ahead if this is a non-zero offset (we are likely doing small
282 * chunk splice and the page is already there) for a single page.
284 if (!loff || nr_pages > 1)
285 page_cache_readahead(mapping, &in->f_ra, in, index, nr_pages);
288 * Now fill in the holes:
290 error = 0;
291 total_len = 0;
294 * Lookup the (hopefully) full range of pages we need.
296 spd.nr_pages = find_get_pages_contig(mapping, index, nr_pages, pages);
299 * If find_get_pages_contig() returned fewer pages than we needed,
300 * allocate the rest.
302 index += spd.nr_pages;
303 while (spd.nr_pages < nr_pages) {
305 * Page could be there, find_get_pages_contig() breaks on
306 * the first hole.
308 page = find_get_page(mapping, index);
309 if (!page) {
311 * Make sure the read-ahead engine is notified
312 * about this failure.
314 handle_ra_miss(mapping, &in->f_ra, index);
317 * page didn't exist, allocate one.
319 page = page_cache_alloc_cold(mapping);
320 if (!page)
321 break;
323 error = add_to_page_cache_lru(page, mapping, index,
324 mapping_gfp_mask(mapping));
325 if (unlikely(error)) {
326 page_cache_release(page);
327 if (error == -EEXIST)
328 continue;
329 break;
332 * add_to_page_cache() locks the page, unlock it
333 * to avoid convoluting the logic below even more.
335 unlock_page(page);
338 pages[spd.nr_pages++] = page;
339 index++;
343 * Now loop over the map and see if we need to start IO on any
344 * pages, fill in the partial map, etc.
346 index = *ppos >> PAGE_CACHE_SHIFT;
347 nr_pages = spd.nr_pages;
348 spd.nr_pages = 0;
349 for (page_nr = 0; page_nr < nr_pages; page_nr++) {
350 unsigned int this_len;
352 if (!len)
353 break;
356 * this_len is the max we'll use from this page
358 this_len = min_t(unsigned long, len, PAGE_CACHE_SIZE - loff);
359 page = pages[page_nr];
362 * If the page isn't uptodate, we may need to start io on it
364 if (!PageUptodate(page)) {
366 * If in nonblock mode then dont block on waiting
367 * for an in-flight io page
369 if (flags & SPLICE_F_NONBLOCK)
370 break;
372 lock_page(page);
375 * page was truncated, stop here. if this isn't the
376 * first page, we'll just complete what we already
377 * added
379 if (!page->mapping) {
380 unlock_page(page);
381 break;
384 * page was already under io and is now done, great
386 if (PageUptodate(page)) {
387 unlock_page(page);
388 goto fill_it;
392 * need to read in the page
394 error = mapping->a_ops->readpage(in, page);
395 if (unlikely(error)) {
397 * We really should re-lookup the page here,
398 * but it complicates things a lot. Instead
399 * lets just do what we already stored, and
400 * we'll get it the next time we are called.
402 if (error == AOP_TRUNCATED_PAGE)
403 error = 0;
405 break;
409 * i_size must be checked after ->readpage().
411 isize = i_size_read(mapping->host);
412 end_index = (isize - 1) >> PAGE_CACHE_SHIFT;
413 if (unlikely(!isize || index > end_index))
414 break;
417 * if this is the last page, see if we need to shrink
418 * the length and stop
420 if (end_index == index) {
421 loff = PAGE_CACHE_SIZE - (isize & ~PAGE_CACHE_MASK);
422 if (total_len + loff > isize)
423 break;
425 * force quit after adding this page
427 len = this_len;
428 this_len = min(this_len, loff);
429 loff = 0;
432 fill_it:
433 partial[page_nr].offset = loff;
434 partial[page_nr].len = this_len;
435 len -= this_len;
436 total_len += this_len;
437 loff = 0;
438 spd.nr_pages++;
439 index++;
443 * Release any pages at the end, if we quit early. 'i' is how far
444 * we got, 'nr_pages' is how many pages are in the map.
446 while (page_nr < nr_pages)
447 page_cache_release(pages[page_nr++]);
449 if (spd.nr_pages)
450 return splice_to_pipe(pipe, &spd);
452 return error;
456 * generic_file_splice_read - splice data from file to a pipe
457 * @in: file to splice from
458 * @pipe: pipe to splice to
459 * @len: number of bytes to splice
460 * @flags: splice modifier flags
462 * Will read pages from given file and fill them into a pipe.
464 ssize_t generic_file_splice_read(struct file *in, loff_t *ppos,
465 struct pipe_inode_info *pipe, size_t len,
466 unsigned int flags)
468 ssize_t spliced;
469 int ret;
471 ret = 0;
472 spliced = 0;
474 while (len) {
475 ret = __generic_file_splice_read(in, ppos, pipe, len, flags);
477 if (ret < 0)
478 break;
479 else if (!ret) {
480 if (spliced)
481 break;
482 if (flags & SPLICE_F_NONBLOCK) {
483 ret = -EAGAIN;
484 break;
488 *ppos += ret;
489 len -= ret;
490 spliced += ret;
493 if (spliced)
494 return spliced;
496 return ret;
499 EXPORT_SYMBOL(generic_file_splice_read);
502 * Send 'sd->len' bytes to socket from 'sd->file' at position 'sd->pos'
503 * using sendpage(). Return the number of bytes sent.
505 static int pipe_to_sendpage(struct pipe_inode_info *pipe,
506 struct pipe_buffer *buf, struct splice_desc *sd)
508 struct file *file = sd->file;
509 loff_t pos = sd->pos;
510 int ret, more;
512 ret = buf->ops->pin(pipe, buf);
513 if (!ret) {
514 more = (sd->flags & SPLICE_F_MORE) || sd->len < sd->total_len;
516 ret = file->f_op->sendpage(file, buf->page, buf->offset,
517 sd->len, &pos, more);
520 return ret;
524 * This is a little more tricky than the file -> pipe splicing. There are
525 * basically three cases:
527 * - Destination page already exists in the address space and there
528 * are users of it. For that case we have no other option that
529 * copying the data. Tough luck.
530 * - Destination page already exists in the address space, but there
531 * are no users of it. Make sure it's uptodate, then drop it. Fall
532 * through to last case.
533 * - Destination page does not exist, we can add the pipe page to
534 * the page cache and avoid the copy.
536 * If asked to move pages to the output file (SPLICE_F_MOVE is set in
537 * sd->flags), we attempt to migrate pages from the pipe to the output
538 * file address space page cache. This is possible if no one else has
539 * the pipe page referenced outside of the pipe and page cache. If
540 * SPLICE_F_MOVE isn't set, or we cannot move the page, we simply create
541 * a new page in the output file page cache and fill/dirty that.
543 static int pipe_to_file(struct pipe_inode_info *pipe, struct pipe_buffer *buf,
544 struct splice_desc *sd)
546 struct file *file = sd->file;
547 struct address_space *mapping = file->f_mapping;
548 gfp_t gfp_mask = mapping_gfp_mask(mapping);
549 unsigned int offset, this_len;
550 struct page *page;
551 pgoff_t index;
552 int ret;
555 * make sure the data in this buffer is uptodate
557 ret = buf->ops->pin(pipe, buf);
558 if (unlikely(ret))
559 return ret;
561 index = sd->pos >> PAGE_CACHE_SHIFT;
562 offset = sd->pos & ~PAGE_CACHE_MASK;
564 this_len = sd->len;
565 if (this_len + offset > PAGE_CACHE_SIZE)
566 this_len = PAGE_CACHE_SIZE - offset;
569 * Reuse buf page, if SPLICE_F_MOVE is set and we are doing a full
570 * page.
572 if ((sd->flags & SPLICE_F_MOVE) && this_len == PAGE_CACHE_SIZE) {
574 * If steal succeeds, buf->page is now pruned from the
575 * pagecache and we can reuse it. The page will also be
576 * locked on successful return.
578 if (buf->ops->steal(pipe, buf))
579 goto find_page;
581 page = buf->page;
582 if (add_to_page_cache(page, mapping, index, gfp_mask)) {
583 unlock_page(page);
584 goto find_page;
587 page_cache_get(page);
589 if (!(buf->flags & PIPE_BUF_FLAG_LRU))
590 lru_cache_add(page);
591 } else {
592 find_page:
593 page = find_lock_page(mapping, index);
594 if (!page) {
595 ret = -ENOMEM;
596 page = page_cache_alloc_cold(mapping);
597 if (unlikely(!page))
598 goto out_nomem;
601 * This will also lock the page
603 ret = add_to_page_cache_lru(page, mapping, index,
604 gfp_mask);
605 if (unlikely(ret))
606 goto out;
610 * We get here with the page locked. If the page is also
611 * uptodate, we don't need to do more. If it isn't, we
612 * may need to bring it in if we are not going to overwrite
613 * the full page.
615 if (!PageUptodate(page)) {
616 if (this_len < PAGE_CACHE_SIZE) {
617 ret = mapping->a_ops->readpage(file, page);
618 if (unlikely(ret))
619 goto out;
621 lock_page(page);
623 if (!PageUptodate(page)) {
625 * Page got invalidated, repeat.
627 if (!page->mapping) {
628 unlock_page(page);
629 page_cache_release(page);
630 goto find_page;
632 ret = -EIO;
633 goto out;
635 } else
636 SetPageUptodate(page);
640 ret = mapping->a_ops->prepare_write(file, page, offset, offset+this_len);
641 if (unlikely(ret)) {
642 loff_t isize = i_size_read(mapping->host);
644 if (ret != AOP_TRUNCATED_PAGE)
645 unlock_page(page);
646 page_cache_release(page);
647 if (ret == AOP_TRUNCATED_PAGE)
648 goto find_page;
651 * prepare_write() may have instantiated a few blocks
652 * outside i_size. Trim these off again.
654 if (sd->pos + this_len > isize)
655 vmtruncate(mapping->host, isize);
657 goto out;
660 if (buf->page != page) {
662 * Careful, ->map() uses KM_USER0!
664 char *src = buf->ops->map(pipe, buf, 1);
665 char *dst = kmap_atomic(page, KM_USER1);
667 memcpy(dst + offset, src + buf->offset, this_len);
668 flush_dcache_page(page);
669 kunmap_atomic(dst, KM_USER1);
670 buf->ops->unmap(pipe, buf, src);
673 ret = mapping->a_ops->commit_write(file, page, offset, offset+this_len);
674 if (!ret) {
676 * Return the number of bytes written and mark page as
677 * accessed, we are now done!
679 ret = this_len;
680 mark_page_accessed(page);
681 balance_dirty_pages_ratelimited(mapping);
682 } else if (ret == AOP_TRUNCATED_PAGE) {
683 page_cache_release(page);
684 goto find_page;
686 out:
687 page_cache_release(page);
688 unlock_page(page);
689 out_nomem:
690 return ret;
694 * Pipe input worker. Most of this logic works like a regular pipe, the
695 * key here is the 'actor' worker passed in that actually moves the data
696 * to the wanted destination. See pipe_to_file/pipe_to_sendpage above.
698 ssize_t splice_from_pipe(struct pipe_inode_info *pipe, struct file *out,
699 loff_t *ppos, size_t len, unsigned int flags,
700 splice_actor *actor)
702 int ret, do_wakeup, err;
703 struct splice_desc sd;
705 ret = 0;
706 do_wakeup = 0;
708 sd.total_len = len;
709 sd.flags = flags;
710 sd.file = out;
711 sd.pos = *ppos;
713 if (pipe->inode)
714 mutex_lock(&pipe->inode->i_mutex);
716 for (;;) {
717 if (pipe->nrbufs) {
718 struct pipe_buffer *buf = pipe->bufs + pipe->curbuf;
719 struct pipe_buf_operations *ops = buf->ops;
721 sd.len = buf->len;
722 if (sd.len > sd.total_len)
723 sd.len = sd.total_len;
725 err = actor(pipe, buf, &sd);
726 if (err <= 0) {
727 if (!ret && err != -ENODATA)
728 ret = err;
730 break;
733 ret += err;
734 buf->offset += err;
735 buf->len -= err;
737 sd.len -= err;
738 sd.pos += err;
739 sd.total_len -= err;
740 if (sd.len)
741 continue;
743 if (!buf->len) {
744 buf->ops = NULL;
745 ops->release(pipe, buf);
746 pipe->curbuf = (pipe->curbuf + 1) & (PIPE_BUFFERS - 1);
747 pipe->nrbufs--;
748 if (pipe->inode)
749 do_wakeup = 1;
752 if (!sd.total_len)
753 break;
756 if (pipe->nrbufs)
757 continue;
758 if (!pipe->writers)
759 break;
760 if (!pipe->waiting_writers) {
761 if (ret)
762 break;
765 if (flags & SPLICE_F_NONBLOCK) {
766 if (!ret)
767 ret = -EAGAIN;
768 break;
771 if (signal_pending(current)) {
772 if (!ret)
773 ret = -ERESTARTSYS;
774 break;
777 if (do_wakeup) {
778 smp_mb();
779 if (waitqueue_active(&pipe->wait))
780 wake_up_interruptible_sync(&pipe->wait);
781 kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
782 do_wakeup = 0;
785 pipe_wait(pipe);
788 if (pipe->inode)
789 mutex_unlock(&pipe->inode->i_mutex);
791 if (do_wakeup) {
792 smp_mb();
793 if (waitqueue_active(&pipe->wait))
794 wake_up_interruptible(&pipe->wait);
795 kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
798 return ret;
802 * generic_file_splice_write - splice data from a pipe to a file
803 * @pipe: pipe info
804 * @out: file to write to
805 * @len: number of bytes to splice
806 * @flags: splice modifier flags
808 * Will either move or copy pages (determined by @flags options) from
809 * the given pipe inode to the given file.
812 ssize_t
813 generic_file_splice_write(struct pipe_inode_info *pipe, struct file *out,
814 loff_t *ppos, size_t len, unsigned int flags)
816 struct address_space *mapping = out->f_mapping;
817 ssize_t ret;
819 ret = splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_file);
820 if (ret > 0) {
821 struct inode *inode = mapping->host;
823 *ppos += ret;
826 * If file or inode is SYNC and we actually wrote some data,
827 * sync it.
829 if (unlikely((out->f_flags & O_SYNC) || IS_SYNC(inode))) {
830 int err;
832 mutex_lock(&inode->i_mutex);
833 err = generic_osync_inode(inode, mapping,
834 OSYNC_METADATA|OSYNC_DATA);
835 mutex_unlock(&inode->i_mutex);
837 if (err)
838 ret = err;
842 return ret;
845 EXPORT_SYMBOL(generic_file_splice_write);
848 * generic_splice_sendpage - splice data from a pipe to a socket
849 * @inode: pipe inode
850 * @out: socket to write to
851 * @len: number of bytes to splice
852 * @flags: splice modifier flags
854 * Will send @len bytes from the pipe to a network socket. No data copying
855 * is involved.
858 ssize_t generic_splice_sendpage(struct pipe_inode_info *pipe, struct file *out,
859 loff_t *ppos, size_t len, unsigned int flags)
861 return splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_sendpage);
864 EXPORT_SYMBOL(generic_splice_sendpage);
867 * Attempt to initiate a splice from pipe to file.
869 static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
870 loff_t *ppos, size_t len, unsigned int flags)
872 int ret;
874 if (unlikely(!out->f_op || !out->f_op->splice_write))
875 return -EINVAL;
877 if (unlikely(!(out->f_mode & FMODE_WRITE)))
878 return -EBADF;
880 ret = rw_verify_area(WRITE, out, ppos, len);
881 if (unlikely(ret < 0))
882 return ret;
884 return out->f_op->splice_write(pipe, out, ppos, len, flags);
888 * Attempt to initiate a splice from a file to a pipe.
890 static long do_splice_to(struct file *in, loff_t *ppos,
891 struct pipe_inode_info *pipe, size_t len,
892 unsigned int flags)
894 loff_t isize, left;
895 int ret;
897 if (unlikely(!in->f_op || !in->f_op->splice_read))
898 return -EINVAL;
900 if (unlikely(!(in->f_mode & FMODE_READ)))
901 return -EBADF;
903 ret = rw_verify_area(READ, in, ppos, len);
904 if (unlikely(ret < 0))
905 return ret;
907 isize = i_size_read(in->f_mapping->host);
908 if (unlikely(*ppos >= isize))
909 return 0;
911 left = isize - *ppos;
912 if (unlikely(left < len))
913 len = left;
915 return in->f_op->splice_read(in, ppos, pipe, len, flags);
918 long do_splice_direct(struct file *in, loff_t *ppos, struct file *out,
919 size_t len, unsigned int flags)
921 struct pipe_inode_info *pipe;
922 long ret, bytes;
923 loff_t out_off;
924 umode_t i_mode;
925 int i;
928 * We require the input being a regular file, as we don't want to
929 * randomly drop data for eg socket -> socket splicing. Use the
930 * piped splicing for that!
932 i_mode = in->f_dentry->d_inode->i_mode;
933 if (unlikely(!S_ISREG(i_mode) && !S_ISBLK(i_mode)))
934 return -EINVAL;
937 * neither in nor out is a pipe, setup an internal pipe attached to
938 * 'out' and transfer the wanted data from 'in' to 'out' through that
940 pipe = current->splice_pipe;
941 if (unlikely(!pipe)) {
942 pipe = alloc_pipe_info(NULL);
943 if (!pipe)
944 return -ENOMEM;
947 * We don't have an immediate reader, but we'll read the stuff
948 * out of the pipe right after the splice_to_pipe(). So set
949 * PIPE_READERS appropriately.
951 pipe->readers = 1;
953 current->splice_pipe = pipe;
957 * Do the splice.
959 ret = 0;
960 bytes = 0;
961 out_off = 0;
963 while (len) {
964 size_t read_len, max_read_len;
967 * Do at most PIPE_BUFFERS pages worth of transfer:
969 max_read_len = min(len, (size_t)(PIPE_BUFFERS*PAGE_SIZE));
971 ret = do_splice_to(in, ppos, pipe, max_read_len, flags);
972 if (unlikely(ret < 0))
973 goto out_release;
975 read_len = ret;
978 * NOTE: nonblocking mode only applies to the input. We
979 * must not do the output in nonblocking mode as then we
980 * could get stuck data in the internal pipe:
982 ret = do_splice_from(pipe, out, &out_off, read_len,
983 flags & ~SPLICE_F_NONBLOCK);
984 if (unlikely(ret < 0))
985 goto out_release;
987 bytes += ret;
988 len -= ret;
991 * In nonblocking mode, if we got back a short read then
992 * that was due to either an IO error or due to the
993 * pagecache entry not being there. In the IO error case
994 * the _next_ splice attempt will produce a clean IO error
995 * return value (not a short read), so in both cases it's
996 * correct to break out of the loop here:
998 if ((flags & SPLICE_F_NONBLOCK) && (read_len < max_read_len))
999 break;
1002 pipe->nrbufs = pipe->curbuf = 0;
1004 return bytes;
1006 out_release:
1008 * If we did an incomplete transfer we must release
1009 * the pipe buffers in question:
1011 for (i = 0; i < PIPE_BUFFERS; i++) {
1012 struct pipe_buffer *buf = pipe->bufs + i;
1014 if (buf->ops) {
1015 buf->ops->release(pipe, buf);
1016 buf->ops = NULL;
1019 pipe->nrbufs = pipe->curbuf = 0;
1022 * If we transferred some data, return the number of bytes:
1024 if (bytes > 0)
1025 return bytes;
1027 return ret;
1030 EXPORT_SYMBOL(do_splice_direct);
1033 * Determine where to splice to/from.
1035 static long do_splice(struct file *in, loff_t __user *off_in,
1036 struct file *out, loff_t __user *off_out,
1037 size_t len, unsigned int flags)
1039 struct pipe_inode_info *pipe;
1040 loff_t offset, *off;
1041 long ret;
1043 pipe = in->f_dentry->d_inode->i_pipe;
1044 if (pipe) {
1045 if (off_in)
1046 return -ESPIPE;
1047 if (off_out) {
1048 if (out->f_op->llseek == no_llseek)
1049 return -EINVAL;
1050 if (copy_from_user(&offset, off_out, sizeof(loff_t)))
1051 return -EFAULT;
1052 off = &offset;
1053 } else
1054 off = &out->f_pos;
1056 ret = do_splice_from(pipe, out, off, len, flags);
1058 if (off_out && copy_to_user(off_out, off, sizeof(loff_t)))
1059 ret = -EFAULT;
1061 return ret;
1064 pipe = out->f_dentry->d_inode->i_pipe;
1065 if (pipe) {
1066 if (off_out)
1067 return -ESPIPE;
1068 if (off_in) {
1069 if (in->f_op->llseek == no_llseek)
1070 return -EINVAL;
1071 if (copy_from_user(&offset, off_in, sizeof(loff_t)))
1072 return -EFAULT;
1073 off = &offset;
1074 } else
1075 off = &in->f_pos;
1077 ret = do_splice_to(in, off, pipe, len, flags);
1079 if (off_in && copy_to_user(off_in, off, sizeof(loff_t)))
1080 ret = -EFAULT;
1082 return ret;
1085 return -EINVAL;
1089 * Map an iov into an array of pages and offset/length tupples. With the
1090 * partial_page structure, we can map several non-contiguous ranges into
1091 * our ones pages[] map instead of splitting that operation into pieces.
1092 * Could easily be exported as a generic helper for other users, in which
1093 * case one would probably want to add a 'max_nr_pages' parameter as well.
1095 static int get_iovec_page_array(const struct iovec __user *iov,
1096 unsigned int nr_vecs, struct page **pages,
1097 struct partial_page *partial, int aligned)
1099 int buffers = 0, error = 0;
1102 * It's ok to take the mmap_sem for reading, even
1103 * across a "get_user()".
1105 down_read(&current->mm->mmap_sem);
1107 while (nr_vecs) {
1108 unsigned long off, npages;
1109 void __user *base;
1110 size_t len;
1111 int i;
1114 * Get user address base and length for this iovec.
1116 error = get_user(base, &iov->iov_base);
1117 if (unlikely(error))
1118 break;
1119 error = get_user(len, &iov->iov_len);
1120 if (unlikely(error))
1121 break;
1124 * Sanity check this iovec. 0 read succeeds.
1126 if (unlikely(!len))
1127 break;
1128 error = -EFAULT;
1129 if (unlikely(!base))
1130 break;
1133 * Get this base offset and number of pages, then map
1134 * in the user pages.
1136 off = (unsigned long) base & ~PAGE_MASK;
1139 * If asked for alignment, the offset must be zero and the
1140 * length a multiple of the PAGE_SIZE.
1142 error = -EINVAL;
1143 if (aligned && (off || len & ~PAGE_MASK))
1144 break;
1146 npages = (off + len + PAGE_SIZE - 1) >> PAGE_SHIFT;
1147 if (npages > PIPE_BUFFERS - buffers)
1148 npages = PIPE_BUFFERS - buffers;
1150 error = get_user_pages(current, current->mm,
1151 (unsigned long) base, npages, 0, 0,
1152 &pages[buffers], NULL);
1154 if (unlikely(error <= 0))
1155 break;
1158 * Fill this contiguous range into the partial page map.
1160 for (i = 0; i < error; i++) {
1161 const int plen = min_t(size_t, len, PAGE_SIZE - off);
1163 partial[buffers].offset = off;
1164 partial[buffers].len = plen;
1166 off = 0;
1167 len -= plen;
1168 buffers++;
1172 * We didn't complete this iov, stop here since it probably
1173 * means we have to move some of this into a pipe to
1174 * be able to continue.
1176 if (len)
1177 break;
1180 * Don't continue if we mapped fewer pages than we asked for,
1181 * or if we mapped the max number of pages that we have
1182 * room for.
1184 if (error < npages || buffers == PIPE_BUFFERS)
1185 break;
1187 nr_vecs--;
1188 iov++;
1191 up_read(&current->mm->mmap_sem);
1193 if (buffers)
1194 return buffers;
1196 return error;
1200 * vmsplice splices a user address range into a pipe. It can be thought of
1201 * as splice-from-memory, where the regular splice is splice-from-file (or
1202 * to file). In both cases the output is a pipe, naturally.
1204 * Note that vmsplice only supports splicing _from_ user memory to a pipe,
1205 * not the other way around. Splicing from user memory is a simple operation
1206 * that can be supported without any funky alignment restrictions or nasty
1207 * vm tricks. We simply map in the user memory and fill them into a pipe.
1208 * The reverse isn't quite as easy, though. There are two possible solutions
1209 * for that:
1211 * - memcpy() the data internally, at which point we might as well just
1212 * do a regular read() on the buffer anyway.
1213 * - Lots of nasty vm tricks, that are neither fast nor flexible (it
1214 * has restriction limitations on both ends of the pipe).
1216 * Alas, it isn't here.
1219 static long do_vmsplice(struct file *file, const struct iovec __user *iov,
1220 unsigned long nr_segs, unsigned int flags)
1222 struct pipe_inode_info *pipe = file->f_dentry->d_inode->i_pipe;
1223 struct page *pages[PIPE_BUFFERS];
1224 struct partial_page partial[PIPE_BUFFERS];
1225 struct splice_pipe_desc spd = {
1226 .pages = pages,
1227 .partial = partial,
1228 .flags = flags,
1229 .ops = &user_page_pipe_buf_ops,
1232 if (unlikely(!pipe))
1233 return -EBADF;
1234 if (unlikely(nr_segs > UIO_MAXIOV))
1235 return -EINVAL;
1236 else if (unlikely(!nr_segs))
1237 return 0;
1239 spd.nr_pages = get_iovec_page_array(iov, nr_segs, pages, partial,
1240 flags & SPLICE_F_GIFT);
1241 if (spd.nr_pages <= 0)
1242 return spd.nr_pages;
1244 return splice_to_pipe(pipe, &spd);
1247 asmlinkage long sys_vmsplice(int fd, const struct iovec __user *iov,
1248 unsigned long nr_segs, unsigned int flags)
1250 struct file *file;
1251 long error;
1252 int fput;
1254 error = -EBADF;
1255 file = fget_light(fd, &fput);
1256 if (file) {
1257 if (file->f_mode & FMODE_WRITE)
1258 error = do_vmsplice(file, iov, nr_segs, flags);
1260 fput_light(file, fput);
1263 return error;
1266 asmlinkage long sys_splice(int fd_in, loff_t __user *off_in,
1267 int fd_out, loff_t __user *off_out,
1268 size_t len, unsigned int flags)
1270 long error;
1271 struct file *in, *out;
1272 int fput_in, fput_out;
1274 if (unlikely(!len))
1275 return 0;
1277 error = -EBADF;
1278 in = fget_light(fd_in, &fput_in);
1279 if (in) {
1280 if (in->f_mode & FMODE_READ) {
1281 out = fget_light(fd_out, &fput_out);
1282 if (out) {
1283 if (out->f_mode & FMODE_WRITE)
1284 error = do_splice(in, off_in,
1285 out, off_out,
1286 len, flags);
1287 fput_light(out, fput_out);
1291 fput_light(in, fput_in);
1294 return error;
1298 * Make sure there's data to read. Wait for input if we can, otherwise
1299 * return an appropriate error.
1301 static int link_ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
1303 int ret;
1306 * Check ->nrbufs without the inode lock first. This function
1307 * is speculative anyways, so missing one is ok.
1309 if (pipe->nrbufs)
1310 return 0;
1312 ret = 0;
1313 mutex_lock(&pipe->inode->i_mutex);
1315 while (!pipe->nrbufs) {
1316 if (signal_pending(current)) {
1317 ret = -ERESTARTSYS;
1318 break;
1320 if (!pipe->writers)
1321 break;
1322 if (!pipe->waiting_writers) {
1323 if (flags & SPLICE_F_NONBLOCK) {
1324 ret = -EAGAIN;
1325 break;
1328 pipe_wait(pipe);
1331 mutex_unlock(&pipe->inode->i_mutex);
1332 return ret;
1336 * Make sure there's writeable room. Wait for room if we can, otherwise
1337 * return an appropriate error.
1339 static int link_opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
1341 int ret;
1344 * Check ->nrbufs without the inode lock first. This function
1345 * is speculative anyways, so missing one is ok.
1347 if (pipe->nrbufs < PIPE_BUFFERS)
1348 return 0;
1350 ret = 0;
1351 mutex_lock(&pipe->inode->i_mutex);
1353 while (pipe->nrbufs >= PIPE_BUFFERS) {
1354 if (!pipe->readers) {
1355 send_sig(SIGPIPE, current, 0);
1356 ret = -EPIPE;
1357 break;
1359 if (flags & SPLICE_F_NONBLOCK) {
1360 ret = -EAGAIN;
1361 break;
1363 if (signal_pending(current)) {
1364 ret = -ERESTARTSYS;
1365 break;
1367 pipe->waiting_writers++;
1368 pipe_wait(pipe);
1369 pipe->waiting_writers--;
1372 mutex_unlock(&pipe->inode->i_mutex);
1373 return ret;
1377 * Link contents of ipipe to opipe.
1379 static int link_pipe(struct pipe_inode_info *ipipe,
1380 struct pipe_inode_info *opipe,
1381 size_t len, unsigned int flags)
1383 struct pipe_buffer *ibuf, *obuf;
1384 int ret = 0, i = 0, nbuf;
1387 * Potential ABBA deadlock, work around it by ordering lock
1388 * grabbing by inode address. Otherwise two different processes
1389 * could deadlock (one doing tee from A -> B, the other from B -> A).
1391 if (ipipe->inode < opipe->inode) {
1392 mutex_lock(&ipipe->inode->i_mutex);
1393 mutex_lock(&opipe->inode->i_mutex);
1394 } else {
1395 mutex_lock(&opipe->inode->i_mutex);
1396 mutex_lock(&ipipe->inode->i_mutex);
1399 do {
1400 if (!opipe->readers) {
1401 send_sig(SIGPIPE, current, 0);
1402 if (!ret)
1403 ret = -EPIPE;
1404 break;
1408 * If we have iterated all input buffers or ran out of
1409 * output room, break.
1411 if (i >= ipipe->nrbufs || opipe->nrbufs >= PIPE_BUFFERS)
1412 break;
1414 ibuf = ipipe->bufs + ((ipipe->curbuf + i) & (PIPE_BUFFERS - 1));
1415 nbuf = (opipe->curbuf + opipe->nrbufs) & (PIPE_BUFFERS - 1);
1418 * Get a reference to this pipe buffer,
1419 * so we can copy the contents over.
1421 ibuf->ops->get(ipipe, ibuf);
1423 obuf = opipe->bufs + nbuf;
1424 *obuf = *ibuf;
1427 * Don't inherit the gift flag, we need to
1428 * prevent multiple steals of this page.
1430 obuf->flags &= ~PIPE_BUF_FLAG_GIFT;
1432 if (obuf->len > len)
1433 obuf->len = len;
1435 opipe->nrbufs++;
1436 ret += obuf->len;
1437 len -= obuf->len;
1438 i++;
1439 } while (len);
1441 mutex_unlock(&ipipe->inode->i_mutex);
1442 mutex_unlock(&opipe->inode->i_mutex);
1445 * If we put data in the output pipe, wakeup any potential readers.
1447 if (ret > 0) {
1448 smp_mb();
1449 if (waitqueue_active(&opipe->wait))
1450 wake_up_interruptible(&opipe->wait);
1451 kill_fasync(&opipe->fasync_readers, SIGIO, POLL_IN);
1454 return ret;
1458 * This is a tee(1) implementation that works on pipes. It doesn't copy
1459 * any data, it simply references the 'in' pages on the 'out' pipe.
1460 * The 'flags' used are the SPLICE_F_* variants, currently the only
1461 * applicable one is SPLICE_F_NONBLOCK.
1463 static long do_tee(struct file *in, struct file *out, size_t len,
1464 unsigned int flags)
1466 struct pipe_inode_info *ipipe = in->f_dentry->d_inode->i_pipe;
1467 struct pipe_inode_info *opipe = out->f_dentry->d_inode->i_pipe;
1468 int ret = -EINVAL;
1471 * Duplicate the contents of ipipe to opipe without actually
1472 * copying the data.
1474 if (ipipe && opipe && ipipe != opipe) {
1476 * Keep going, unless we encounter an error. The ipipe/opipe
1477 * ordering doesn't really matter.
1479 ret = link_ipipe_prep(ipipe, flags);
1480 if (!ret) {
1481 ret = link_opipe_prep(opipe, flags);
1482 if (!ret) {
1483 ret = link_pipe(ipipe, opipe, len, flags);
1484 if (!ret && (flags & SPLICE_F_NONBLOCK))
1485 ret = -EAGAIN;
1490 return ret;
1493 asmlinkage long sys_tee(int fdin, int fdout, size_t len, unsigned int flags)
1495 struct file *in;
1496 int error, fput_in;
1498 if (unlikely(!len))
1499 return 0;
1501 error = -EBADF;
1502 in = fget_light(fdin, &fput_in);
1503 if (in) {
1504 if (in->f_mode & FMODE_READ) {
1505 int fput_out;
1506 struct file *out = fget_light(fdout, &fput_out);
1508 if (out) {
1509 if (out->f_mode & FMODE_WRITE)
1510 error = do_tee(in, out, len, flags);
1511 fput_light(out, fput_out);
1514 fput_light(in, fput_in);
1517 return error;