4 * Copyright (C) 1991, 1992, 1999 Linus Torvalds
8 #include <linux/file.h>
9 #include <linux/poll.h>
10 #include <linux/slab.h>
11 #include <linux/module.h>
12 #include <linux/init.h>
14 #include <linux/log2.h>
15 #include <linux/mount.h>
16 #include <linux/pipe_fs_i.h>
17 #include <linux/uio.h>
18 #include <linux/highmem.h>
19 #include <linux/pagemap.h>
20 #include <linux/audit.h>
21 #include <linux/syscalls.h>
22 #include <linux/fcntl.h>
24 #include <asm/uaccess.h>
25 #include <asm/ioctls.h>
28 * The max size that a non-root user is allowed to grow the pipe. Can
29 * be set by root in /proc/sys/fs/pipe-max-size
31 unsigned int pipe_max_size
= 1048576;
34 * Minimum pipe size, as required by POSIX
36 unsigned int pipe_min_size
= PAGE_SIZE
;
39 * We use a start+len construction, which provides full use of the
41 * -- Florian Coosmann (FGC)
43 * Reads with count = 0 should always return 0.
44 * -- Julian Bradfield 1999-06-07.
46 * FIFOs and Pipes now generate SIGIO for both readers and writers.
47 * -- Jeremy Elson <jelson@circlemud.org> 2001-08-16
49 * pipe_read & write cleanup
50 * -- Manfred Spraul <manfred@colorfullife.com> 2002-05-09
53 static void pipe_lock_nested(struct pipe_inode_info
*pipe
, int subclass
)
56 mutex_lock_nested(&pipe
->inode
->i_mutex
, subclass
);
59 void pipe_lock(struct pipe_inode_info
*pipe
)
62 * pipe_lock() nests non-pipe inode locks (for writing to a file)
64 pipe_lock_nested(pipe
, I_MUTEX_PARENT
);
66 EXPORT_SYMBOL(pipe_lock
);
68 void pipe_unlock(struct pipe_inode_info
*pipe
)
71 mutex_unlock(&pipe
->inode
->i_mutex
);
73 EXPORT_SYMBOL(pipe_unlock
);
75 void pipe_double_lock(struct pipe_inode_info
*pipe1
,
76 struct pipe_inode_info
*pipe2
)
78 BUG_ON(pipe1
== pipe2
);
81 pipe_lock_nested(pipe1
, I_MUTEX_PARENT
);
82 pipe_lock_nested(pipe2
, I_MUTEX_CHILD
);
84 pipe_lock_nested(pipe2
, I_MUTEX_PARENT
);
85 pipe_lock_nested(pipe1
, I_MUTEX_CHILD
);
89 /* Drop the inode semaphore and wait for a pipe event, atomically */
90 void pipe_wait(struct pipe_inode_info
*pipe
)
95 * Pipes are system-local resources, so sleeping on them
96 * is considered a noninteractive wait:
98 prepare_to_wait(&pipe
->wait
, &wait
, TASK_INTERRUPTIBLE
);
101 finish_wait(&pipe
->wait
, &wait
);
106 pipe_iov_copy_from_user(void *to
, struct iovec
*iov
, unsigned long len
,
112 while (!iov
->iov_len
)
114 copy
= min_t(unsigned long, len
, iov
->iov_len
);
117 if (__copy_from_user_inatomic(to
, iov
->iov_base
, copy
))
120 if (copy_from_user(to
, iov
->iov_base
, copy
))
125 iov
->iov_base
+= copy
;
126 iov
->iov_len
-= copy
;
132 pipe_iov_copy_to_user(struct iovec
*iov
, const void *from
, unsigned long len
,
138 while (!iov
->iov_len
)
140 copy
= min_t(unsigned long, len
, iov
->iov_len
);
143 if (__copy_to_user_inatomic(iov
->iov_base
, from
, copy
))
146 if (copy_to_user(iov
->iov_base
, from
, copy
))
151 iov
->iov_base
+= copy
;
152 iov
->iov_len
-= copy
;
158 * Attempt to pre-fault in the user memory, so we can use atomic copies.
159 * Returns the number of bytes not faulted in.
161 static int iov_fault_in_pages_write(struct iovec
*iov
, unsigned long len
)
163 while (!iov
->iov_len
)
167 unsigned long this_len
;
169 this_len
= min_t(unsigned long, len
, iov
->iov_len
);
170 if (fault_in_pages_writeable(iov
->iov_base
, this_len
))
181 * Pre-fault in the user memory, so we can use atomic copies.
183 static void iov_fault_in_pages_read(struct iovec
*iov
, unsigned long len
)
185 while (!iov
->iov_len
)
189 unsigned long this_len
;
191 this_len
= min_t(unsigned long, len
, iov
->iov_len
);
192 fault_in_pages_readable(iov
->iov_base
, this_len
);
198 static void anon_pipe_buf_release(struct pipe_inode_info
*pipe
,
199 struct pipe_buffer
*buf
)
201 struct page
*page
= buf
->page
;
204 * If nobody else uses this page, and we don't already have a
205 * temporary page, let's keep track of it as a one-deep
206 * allocation cache. (Otherwise just release our reference to it)
208 if (page_count(page
) == 1 && !pipe
->tmp_page
)
209 pipe
->tmp_page
= page
;
211 page_cache_release(page
);
215 * generic_pipe_buf_map - virtually map a pipe buffer
216 * @pipe: the pipe that the buffer belongs to
217 * @buf: the buffer that should be mapped
218 * @atomic: whether to use an atomic map
221 * This function returns a kernel virtual address mapping for the
222 * pipe_buffer passed in @buf. If @atomic is set, an atomic map is provided
223 * and the caller has to be careful not to fault before calling
224 * the unmap function.
226 * Note that this function occupies KM_USER0 if @atomic != 0.
228 void *generic_pipe_buf_map(struct pipe_inode_info
*pipe
,
229 struct pipe_buffer
*buf
, int atomic
)
232 buf
->flags
|= PIPE_BUF_FLAG_ATOMIC
;
233 return kmap_atomic(buf
->page
, KM_USER0
);
236 return kmap(buf
->page
);
238 EXPORT_SYMBOL(generic_pipe_buf_map
);
241 * generic_pipe_buf_unmap - unmap a previously mapped pipe buffer
242 * @pipe: the pipe that the buffer belongs to
243 * @buf: the buffer that should be unmapped
244 * @map_data: the data that the mapping function returned
247 * This function undoes the mapping that ->map() provided.
249 void generic_pipe_buf_unmap(struct pipe_inode_info
*pipe
,
250 struct pipe_buffer
*buf
, void *map_data
)
252 if (buf
->flags
& PIPE_BUF_FLAG_ATOMIC
) {
253 buf
->flags
&= ~PIPE_BUF_FLAG_ATOMIC
;
254 kunmap_atomic(map_data
, KM_USER0
);
258 EXPORT_SYMBOL(generic_pipe_buf_unmap
);
261 * generic_pipe_buf_steal - attempt to take ownership of a &pipe_buffer
262 * @pipe: the pipe that the buffer belongs to
263 * @buf: the buffer to attempt to steal
266 * This function attempts to steal the &struct page attached to
267 * @buf. If successful, this function returns 0 and returns with
268 * the page locked. The caller may then reuse the page for whatever
269 * he wishes; the typical use is insertion into a different file
272 int generic_pipe_buf_steal(struct pipe_inode_info
*pipe
,
273 struct pipe_buffer
*buf
)
275 struct page
*page
= buf
->page
;
278 * A reference of one is golden, that means that the owner of this
279 * page is the only one holding a reference to it. lock the page
282 if (page_count(page
) == 1) {
289 EXPORT_SYMBOL(generic_pipe_buf_steal
);
292 * generic_pipe_buf_get - get a reference to a &struct pipe_buffer
293 * @pipe: the pipe that the buffer belongs to
294 * @buf: the buffer to get a reference to
297 * This function grabs an extra reference to @buf. It's used in
298 * in the tee() system call, when we duplicate the buffers in one
301 void generic_pipe_buf_get(struct pipe_inode_info
*pipe
, struct pipe_buffer
*buf
)
303 page_cache_get(buf
->page
);
305 EXPORT_SYMBOL(generic_pipe_buf_get
);
308 * generic_pipe_buf_confirm - verify contents of the pipe buffer
309 * @info: the pipe that the buffer belongs to
310 * @buf: the buffer to confirm
313 * This function does nothing, because the generic pipe code uses
314 * pages that are always good when inserted into the pipe.
316 int generic_pipe_buf_confirm(struct pipe_inode_info
*info
,
317 struct pipe_buffer
*buf
)
321 EXPORT_SYMBOL(generic_pipe_buf_confirm
);
324 * generic_pipe_buf_release - put a reference to a &struct pipe_buffer
325 * @pipe: the pipe that the buffer belongs to
326 * @buf: the buffer to put a reference to
329 * This function releases a reference to @buf.
331 void generic_pipe_buf_release(struct pipe_inode_info
*pipe
,
332 struct pipe_buffer
*buf
)
334 page_cache_release(buf
->page
);
336 EXPORT_SYMBOL(generic_pipe_buf_release
);
338 static const struct pipe_buf_operations anon_pipe_buf_ops
= {
340 .map
= generic_pipe_buf_map
,
341 .unmap
= generic_pipe_buf_unmap
,
342 .confirm
= generic_pipe_buf_confirm
,
343 .release
= anon_pipe_buf_release
,
344 .steal
= generic_pipe_buf_steal
,
345 .get
= generic_pipe_buf_get
,
349 pipe_read(struct kiocb
*iocb
, const struct iovec
*_iov
,
350 unsigned long nr_segs
, loff_t pos
)
352 struct file
*filp
= iocb
->ki_filp
;
353 struct inode
*inode
= filp
->f_path
.dentry
->d_inode
;
354 struct pipe_inode_info
*pipe
;
357 struct iovec
*iov
= (struct iovec
*)_iov
;
360 total_len
= iov_length(iov
, nr_segs
);
361 /* Null read succeeds. */
362 if (unlikely(total_len
== 0))
367 mutex_lock(&inode
->i_mutex
);
368 pipe
= inode
->i_pipe
;
370 int bufs
= pipe
->nrbufs
;
372 int curbuf
= pipe
->curbuf
;
373 struct pipe_buffer
*buf
= pipe
->bufs
+ curbuf
;
374 const struct pipe_buf_operations
*ops
= buf
->ops
;
376 size_t chars
= buf
->len
;
379 if (chars
> total_len
)
382 error
= ops
->confirm(pipe
, buf
);
389 atomic
= !iov_fault_in_pages_write(iov
, chars
);
391 addr
= ops
->map(pipe
, buf
, atomic
);
392 error
= pipe_iov_copy_to_user(iov
, addr
+ buf
->offset
, chars
, atomic
);
393 ops
->unmap(pipe
, buf
, addr
);
394 if (unlikely(error
)) {
396 * Just retry with the slow path if we failed.
407 buf
->offset
+= chars
;
411 ops
->release(pipe
, buf
);
412 curbuf
= (curbuf
+ 1) & (pipe
->buffers
- 1);
413 pipe
->curbuf
= curbuf
;
414 pipe
->nrbufs
= --bufs
;
419 break; /* common path: read succeeded */
421 if (bufs
) /* More to do? */
425 if (!pipe
->waiting_writers
) {
426 /* syscall merging: Usually we must not sleep
427 * if O_NONBLOCK is set, or if we got some data.
428 * But if a writer sleeps in kernel space, then
429 * we can wait for that data without violating POSIX.
433 if (filp
->f_flags
& O_NONBLOCK
) {
438 if (signal_pending(current
)) {
444 wake_up_interruptible_sync_poll(&pipe
->wait
, POLLOUT
| POLLWRNORM
);
445 kill_fasync(&pipe
->fasync_writers
, SIGIO
, POLL_OUT
);
449 mutex_unlock(&inode
->i_mutex
);
451 /* Signal writers asynchronously that there is more room. */
453 wake_up_interruptible_sync_poll(&pipe
->wait
, POLLOUT
| POLLWRNORM
);
454 kill_fasync(&pipe
->fasync_writers
, SIGIO
, POLL_OUT
);
462 pipe_write(struct kiocb
*iocb
, const struct iovec
*_iov
,
463 unsigned long nr_segs
, loff_t ppos
)
465 struct file
*filp
= iocb
->ki_filp
;
466 struct inode
*inode
= filp
->f_path
.dentry
->d_inode
;
467 struct pipe_inode_info
*pipe
;
470 struct iovec
*iov
= (struct iovec
*)_iov
;
474 total_len
= iov_length(iov
, nr_segs
);
475 /* Null write succeeds. */
476 if (unlikely(total_len
== 0))
481 mutex_lock(&inode
->i_mutex
);
482 pipe
= inode
->i_pipe
;
484 if (!pipe
->readers
) {
485 send_sig(SIGPIPE
, current
, 0);
490 /* We try to merge small writes */
491 chars
= total_len
& (PAGE_SIZE
-1); /* size of the last buffer */
492 if (pipe
->nrbufs
&& chars
!= 0) {
493 int lastbuf
= (pipe
->curbuf
+ pipe
->nrbufs
- 1) &
495 struct pipe_buffer
*buf
= pipe
->bufs
+ lastbuf
;
496 const struct pipe_buf_operations
*ops
= buf
->ops
;
497 int offset
= buf
->offset
+ buf
->len
;
499 if (ops
->can_merge
&& offset
+ chars
<= PAGE_SIZE
) {
500 int error
, atomic
= 1;
503 error
= ops
->confirm(pipe
, buf
);
507 iov_fault_in_pages_read(iov
, chars
);
509 addr
= ops
->map(pipe
, buf
, atomic
);
510 error
= pipe_iov_copy_from_user(offset
+ addr
, iov
,
512 ops
->unmap(pipe
, buf
, addr
);
533 if (!pipe
->readers
) {
534 send_sig(SIGPIPE
, current
, 0);
540 if (bufs
< pipe
->buffers
) {
541 int newbuf
= (pipe
->curbuf
+ bufs
) & (pipe
->buffers
-1);
542 struct pipe_buffer
*buf
= pipe
->bufs
+ newbuf
;
543 struct page
*page
= pipe
->tmp_page
;
545 int error
, atomic
= 1;
548 page
= alloc_page(GFP_HIGHUSER
);
549 if (unlikely(!page
)) {
550 ret
= ret
? : -ENOMEM
;
553 pipe
->tmp_page
= page
;
555 /* Always wake up, even if the copy fails. Otherwise
556 * we lock up (O_NONBLOCK-)readers that sleep due to
558 * FIXME! Is this really true?
562 if (chars
> total_len
)
565 iov_fault_in_pages_read(iov
, chars
);
568 src
= kmap_atomic(page
, KM_USER0
);
572 error
= pipe_iov_copy_from_user(src
, iov
, chars
,
575 kunmap_atomic(src
, KM_USER0
);
579 if (unlikely(error
)) {
590 /* Insert it into the buffer array */
592 buf
->ops
= &anon_pipe_buf_ops
;
595 pipe
->nrbufs
= ++bufs
;
596 pipe
->tmp_page
= NULL
;
602 if (bufs
< pipe
->buffers
)
604 if (filp
->f_flags
& O_NONBLOCK
) {
609 if (signal_pending(current
)) {
615 wake_up_interruptible_sync_poll(&pipe
->wait
, POLLIN
| POLLRDNORM
);
616 kill_fasync(&pipe
->fasync_readers
, SIGIO
, POLL_IN
);
619 pipe
->waiting_writers
++;
621 pipe
->waiting_writers
--;
624 mutex_unlock(&inode
->i_mutex
);
626 wake_up_interruptible_sync_poll(&pipe
->wait
, POLLIN
| POLLRDNORM
);
627 kill_fasync(&pipe
->fasync_readers
, SIGIO
, POLL_IN
);
630 file_update_time(filp
);
635 bad_pipe_r(struct file
*filp
, char __user
*buf
, size_t count
, loff_t
*ppos
)
641 bad_pipe_w(struct file
*filp
, const char __user
*buf
, size_t count
,
647 static long pipe_ioctl(struct file
*filp
, unsigned int cmd
, unsigned long arg
)
649 struct inode
*inode
= filp
->f_path
.dentry
->d_inode
;
650 struct pipe_inode_info
*pipe
;
651 int count
, buf
, nrbufs
;
655 mutex_lock(&inode
->i_mutex
);
656 pipe
= inode
->i_pipe
;
659 nrbufs
= pipe
->nrbufs
;
660 while (--nrbufs
>= 0) {
661 count
+= pipe
->bufs
[buf
].len
;
662 buf
= (buf
+1) & (pipe
->buffers
- 1);
664 mutex_unlock(&inode
->i_mutex
);
666 return put_user(count
, (int __user
*)arg
);
672 /* No kernel lock held - fine */
674 pipe_poll(struct file
*filp
, poll_table
*wait
)
677 struct inode
*inode
= filp
->f_path
.dentry
->d_inode
;
678 struct pipe_inode_info
*pipe
= inode
->i_pipe
;
681 poll_wait(filp
, &pipe
->wait
, wait
);
683 /* Reading only -- no need for acquiring the semaphore. */
684 nrbufs
= pipe
->nrbufs
;
686 if (filp
->f_mode
& FMODE_READ
) {
687 mask
= (nrbufs
> 0) ? POLLIN
| POLLRDNORM
: 0;
688 if (!pipe
->writers
&& filp
->f_version
!= pipe
->w_counter
)
692 if (filp
->f_mode
& FMODE_WRITE
) {
693 mask
|= (nrbufs
< pipe
->buffers
) ? POLLOUT
| POLLWRNORM
: 0;
695 * Most Unices do not set POLLERR for FIFOs but on Linux they
696 * behave exactly like pipes for poll().
706 pipe_release(struct inode
*inode
, int decr
, int decw
)
708 struct pipe_inode_info
*pipe
;
710 mutex_lock(&inode
->i_mutex
);
711 pipe
= inode
->i_pipe
;
712 pipe
->readers
-= decr
;
713 pipe
->writers
-= decw
;
715 if (!pipe
->readers
&& !pipe
->writers
) {
716 free_pipe_info(inode
);
718 wake_up_interruptible_sync_poll(&pipe
->wait
, POLLIN
| POLLOUT
| POLLRDNORM
| POLLWRNORM
| POLLERR
| POLLHUP
);
719 kill_fasync(&pipe
->fasync_readers
, SIGIO
, POLL_IN
);
720 kill_fasync(&pipe
->fasync_writers
, SIGIO
, POLL_OUT
);
722 mutex_unlock(&inode
->i_mutex
);
728 pipe_read_fasync(int fd
, struct file
*filp
, int on
)
730 struct inode
*inode
= filp
->f_path
.dentry
->d_inode
;
733 mutex_lock(&inode
->i_mutex
);
734 retval
= fasync_helper(fd
, filp
, on
, &inode
->i_pipe
->fasync_readers
);
735 mutex_unlock(&inode
->i_mutex
);
742 pipe_write_fasync(int fd
, struct file
*filp
, int on
)
744 struct inode
*inode
= filp
->f_path
.dentry
->d_inode
;
747 mutex_lock(&inode
->i_mutex
);
748 retval
= fasync_helper(fd
, filp
, on
, &inode
->i_pipe
->fasync_writers
);
749 mutex_unlock(&inode
->i_mutex
);
756 pipe_rdwr_fasync(int fd
, struct file
*filp
, int on
)
758 struct inode
*inode
= filp
->f_path
.dentry
->d_inode
;
759 struct pipe_inode_info
*pipe
= inode
->i_pipe
;
762 mutex_lock(&inode
->i_mutex
);
763 retval
= fasync_helper(fd
, filp
, on
, &pipe
->fasync_readers
);
765 retval
= fasync_helper(fd
, filp
, on
, &pipe
->fasync_writers
);
766 if (retval
< 0) /* this can happen only if on == T */
767 fasync_helper(-1, filp
, 0, &pipe
->fasync_readers
);
769 mutex_unlock(&inode
->i_mutex
);
775 pipe_read_release(struct inode
*inode
, struct file
*filp
)
777 return pipe_release(inode
, 1, 0);
781 pipe_write_release(struct inode
*inode
, struct file
*filp
)
783 return pipe_release(inode
, 0, 1);
787 pipe_rdwr_release(struct inode
*inode
, struct file
*filp
)
791 decr
= (filp
->f_mode
& FMODE_READ
) != 0;
792 decw
= (filp
->f_mode
& FMODE_WRITE
) != 0;
793 return pipe_release(inode
, decr
, decw
);
797 pipe_read_open(struct inode
*inode
, struct file
*filp
)
801 mutex_lock(&inode
->i_mutex
);
805 inode
->i_pipe
->readers
++;
808 mutex_unlock(&inode
->i_mutex
);
814 pipe_write_open(struct inode
*inode
, struct file
*filp
)
818 mutex_lock(&inode
->i_mutex
);
822 inode
->i_pipe
->writers
++;
825 mutex_unlock(&inode
->i_mutex
);
831 pipe_rdwr_open(struct inode
*inode
, struct file
*filp
)
835 mutex_lock(&inode
->i_mutex
);
839 if (filp
->f_mode
& FMODE_READ
)
840 inode
->i_pipe
->readers
++;
841 if (filp
->f_mode
& FMODE_WRITE
)
842 inode
->i_pipe
->writers
++;
845 mutex_unlock(&inode
->i_mutex
);
851 * The file_operations structs are not static because they
852 * are also used in linux/fs/fifo.c to do operations on FIFOs.
854 * Pipes reuse fifos' file_operations structs.
856 const struct file_operations read_pipefifo_fops
= {
858 .read
= do_sync_read
,
859 .aio_read
= pipe_read
,
862 .unlocked_ioctl
= pipe_ioctl
,
863 .open
= pipe_read_open
,
864 .release
= pipe_read_release
,
865 .fasync
= pipe_read_fasync
,
868 const struct file_operations write_pipefifo_fops
= {
871 .write
= do_sync_write
,
872 .aio_write
= pipe_write
,
874 .unlocked_ioctl
= pipe_ioctl
,
875 .open
= pipe_write_open
,
876 .release
= pipe_write_release
,
877 .fasync
= pipe_write_fasync
,
880 const struct file_operations rdwr_pipefifo_fops
= {
882 .read
= do_sync_read
,
883 .aio_read
= pipe_read
,
884 .write
= do_sync_write
,
885 .aio_write
= pipe_write
,
887 .unlocked_ioctl
= pipe_ioctl
,
888 .open
= pipe_rdwr_open
,
889 .release
= pipe_rdwr_release
,
890 .fasync
= pipe_rdwr_fasync
,
893 struct pipe_inode_info
* alloc_pipe_info(struct inode
*inode
)
895 struct pipe_inode_info
*pipe
;
897 pipe
= kzalloc(sizeof(struct pipe_inode_info
), GFP_KERNEL
);
899 pipe
->bufs
= kzalloc(sizeof(struct pipe_buffer
) * PIPE_DEF_BUFFERS
, GFP_KERNEL
);
901 init_waitqueue_head(&pipe
->wait
);
902 pipe
->r_counter
= pipe
->w_counter
= 1;
904 pipe
->buffers
= PIPE_DEF_BUFFERS
;
913 void __free_pipe_info(struct pipe_inode_info
*pipe
)
917 for (i
= 0; i
< pipe
->buffers
; i
++) {
918 struct pipe_buffer
*buf
= pipe
->bufs
+ i
;
920 buf
->ops
->release(pipe
, buf
);
923 __free_page(pipe
->tmp_page
);
928 void free_pipe_info(struct inode
*inode
)
930 __free_pipe_info(inode
->i_pipe
);
931 inode
->i_pipe
= NULL
;
934 static struct vfsmount
*pipe_mnt __read_mostly
;
937 * pipefs_dname() is called from d_path().
939 static char *pipefs_dname(struct dentry
*dentry
, char *buffer
, int buflen
)
941 return dynamic_dname(dentry
, buffer
, buflen
, "pipe:[%lu]",
942 dentry
->d_inode
->i_ino
);
945 static const struct dentry_operations pipefs_dentry_operations
= {
946 .d_dname
= pipefs_dname
,
949 static struct inode
* get_pipe_inode(void)
951 struct inode
*inode
= new_inode(pipe_mnt
->mnt_sb
);
952 struct pipe_inode_info
*pipe
;
957 inode
->i_ino
= get_next_ino();
959 pipe
= alloc_pipe_info(inode
);
962 inode
->i_pipe
= pipe
;
964 pipe
->readers
= pipe
->writers
= 1;
965 inode
->i_fop
= &rdwr_pipefifo_fops
;
968 * Mark the inode dirty from the very beginning,
969 * that way it will never be moved to the dirty
970 * list because "mark_inode_dirty()" will think
971 * that it already _is_ on the dirty list.
973 inode
->i_state
= I_DIRTY
;
974 inode
->i_mode
= S_IFIFO
| S_IRUSR
| S_IWUSR
;
975 inode
->i_uid
= current_fsuid();
976 inode
->i_gid
= current_fsgid();
977 inode
->i_atime
= inode
->i_mtime
= inode
->i_ctime
= CURRENT_TIME
;
988 struct file
*create_write_pipe(int flags
)
994 struct qstr name
= { .name
= "" };
997 inode
= get_pipe_inode();
1002 path
.dentry
= d_alloc_pseudo(pipe_mnt
->mnt_sb
, &name
);
1005 path
.mnt
= mntget(pipe_mnt
);
1007 d_instantiate(path
.dentry
, inode
);
1010 f
= alloc_file(&path
, FMODE_WRITE
, &write_pipefifo_fops
);
1013 f
->f_mapping
= inode
->i_mapping
;
1015 f
->f_flags
= O_WRONLY
| (flags
& O_NONBLOCK
);
1021 free_pipe_info(inode
);
1023 return ERR_PTR(err
);
1026 free_pipe_info(inode
);
1029 return ERR_PTR(err
);
1032 void free_write_pipe(struct file
*f
)
1034 free_pipe_info(f
->f_dentry
->d_inode
);
1035 path_put(&f
->f_path
);
1039 struct file
*create_read_pipe(struct file
*wrf
, int flags
)
1041 /* Grab pipe from the writer */
1042 struct file
*f
= alloc_file(&wrf
->f_path
, FMODE_READ
,
1043 &read_pipefifo_fops
);
1045 return ERR_PTR(-ENFILE
);
1047 path_get(&wrf
->f_path
);
1048 f
->f_flags
= O_RDONLY
| (flags
& O_NONBLOCK
);
1053 int do_pipe_flags(int *fd
, int flags
)
1055 struct file
*fw
, *fr
;
1059 if (flags
& ~(O_CLOEXEC
| O_NONBLOCK
))
1062 fw
= create_write_pipe(flags
);
1065 fr
= create_read_pipe(fw
, flags
);
1066 error
= PTR_ERR(fr
);
1068 goto err_write_pipe
;
1070 error
= get_unused_fd_flags(flags
);
1075 error
= get_unused_fd_flags(flags
);
1080 audit_fd_pair(fdr
, fdw
);
1081 fd_install(fdr
, fr
);
1082 fd_install(fdw
, fw
);
1091 path_put(&fr
->f_path
);
1094 free_write_pipe(fw
);
1099 * sys_pipe() is the normal C calling standard for creating
1100 * a pipe. It's not the way Unix traditionally does this, though.
1102 SYSCALL_DEFINE2(pipe2
, int __user
*, fildes
, int, flags
)
1107 error
= do_pipe_flags(fd
, flags
);
1109 if (copy_to_user(fildes
, fd
, sizeof(fd
))) {
1118 SYSCALL_DEFINE1(pipe
, int __user
*, fildes
)
1120 return sys_pipe2(fildes
, 0);
1124 * Allocate a new array of pipe buffers and copy the info over. Returns the
1125 * pipe size if successful, or return -ERROR on error.
1127 static long pipe_set_size(struct pipe_inode_info
*pipe
, unsigned long nr_pages
)
1129 struct pipe_buffer
*bufs
;
1132 * We can shrink the pipe, if arg >= pipe->nrbufs. Since we don't
1133 * expect a lot of shrink+grow operations, just free and allocate
1134 * again like we would do for growing. If the pipe currently
1135 * contains more buffers than arg, then return busy.
1137 if (nr_pages
< pipe
->nrbufs
)
1140 bufs
= kcalloc(nr_pages
, sizeof(struct pipe_buffer
), GFP_KERNEL
);
1141 if (unlikely(!bufs
))
1145 * The pipe array wraps around, so just start the new one at zero
1146 * and adjust the indexes.
1152 tail
= pipe
->curbuf
+ pipe
->nrbufs
;
1153 if (tail
< pipe
->buffers
)
1156 tail
&= (pipe
->buffers
- 1);
1158 head
= pipe
->nrbufs
- tail
;
1160 memcpy(bufs
, pipe
->bufs
+ pipe
->curbuf
, head
* sizeof(struct pipe_buffer
));
1162 memcpy(bufs
+ head
, pipe
->bufs
, tail
* sizeof(struct pipe_buffer
));
1168 pipe
->buffers
= nr_pages
;
1169 return nr_pages
* PAGE_SIZE
;
1173 * Currently we rely on the pipe array holding a power-of-2 number
1176 static inline unsigned int round_pipe_size(unsigned int size
)
1178 unsigned long nr_pages
;
1180 nr_pages
= (size
+ PAGE_SIZE
- 1) >> PAGE_SHIFT
;
1181 return roundup_pow_of_two(nr_pages
) << PAGE_SHIFT
;
1185 * This should work even if CONFIG_PROC_FS isn't set, as proc_dointvec_minmax
1186 * will return an error.
1188 int pipe_proc_fn(struct ctl_table
*table
, int write
, void __user
*buf
,
1189 size_t *lenp
, loff_t
*ppos
)
1193 ret
= proc_dointvec_minmax(table
, write
, buf
, lenp
, ppos
);
1194 if (ret
< 0 || !write
)
1197 pipe_max_size
= round_pipe_size(pipe_max_size
);
1202 * After the inode slimming patch, i_pipe/i_bdev/i_cdev share the same
1203 * location, so checking ->i_pipe is not enough to verify that this is a
1206 struct pipe_inode_info
*get_pipe_info(struct file
*file
)
1208 struct inode
*i
= file
->f_path
.dentry
->d_inode
;
1210 return S_ISFIFO(i
->i_mode
) ? i
->i_pipe
: NULL
;
1213 long pipe_fcntl(struct file
*file
, unsigned int cmd
, unsigned long arg
)
1215 struct pipe_inode_info
*pipe
;
1218 pipe
= get_pipe_info(file
);
1222 mutex_lock(&pipe
->inode
->i_mutex
);
1225 case F_SETPIPE_SZ
: {
1226 unsigned int size
, nr_pages
;
1228 size
= round_pipe_size(arg
);
1229 nr_pages
= size
>> PAGE_SHIFT
;
1235 if (!capable(CAP_SYS_RESOURCE
) && size
> pipe_max_size
) {
1239 ret
= pipe_set_size(pipe
, nr_pages
);
1243 ret
= pipe
->buffers
* PAGE_SIZE
;
1251 mutex_unlock(&pipe
->inode
->i_mutex
);
1255 static const struct super_operations pipefs_ops
= {
1256 .destroy_inode
= free_inode_nonrcu
,
1260 * pipefs should _never_ be mounted by userland - too much of security hassle,
1261 * no real gain from having the whole whorehouse mounted. So we don't need
1262 * any operations on the root directory. However, we need a non-trivial
1263 * d_name - pipe: will go nicely and kill the special-casing in procfs.
1265 static struct dentry
*pipefs_mount(struct file_system_type
*fs_type
,
1266 int flags
, const char *dev_name
, void *data
)
1268 return mount_pseudo(fs_type
, "pipe:", &pipefs_ops
,
1269 &pipefs_dentry_operations
, PIPEFS_MAGIC
);
1272 static struct file_system_type pipe_fs_type
= {
1274 .mount
= pipefs_mount
,
1275 .kill_sb
= kill_anon_super
,
1278 static int __init
init_pipe_fs(void)
1280 int err
= register_filesystem(&pipe_fs_type
);
1283 pipe_mnt
= kern_mount(&pipe_fs_type
);
1284 if (IS_ERR(pipe_mnt
)) {
1285 err
= PTR_ERR(pipe_mnt
);
1286 unregister_filesystem(&pipe_fs_type
);
1292 static void __exit
exit_pipe_fs(void)
1294 kern_unmount(pipe_mnt
);
1295 unregister_filesystem(&pipe_fs_type
);
1298 fs_initcall(init_pipe_fs
);
1299 module_exit(exit_pipe_fs
);