projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[PATCH] splice: fix bugs in pipe_to_file()
[linux-2.6-block.git] / fs / splice.c
CommitLineData
5274f052
JA		 1/*
2 * "splice": joining two ropes together by interweaving their strands.
3 *
4 * This is the "extended pipe" functionality, where a pipe is used as
5 * an arbitrary in-memory buffer. Think of a pipe as a small kernel
6 * buffer that you can use to transfer data from one end to the other.
7 *
8 * The traditional unix read/write is extended with a "splice()" operation
9 * that transfers data buffers to or from a pipe buffer.
10 *
11 * Named by Larry McVoy, original implementation from Linus, extended by
c2058e06
JA		 12 * Jens to support splicing to files, network, direct splicing, etc and
13 * fixing lots of bugs.
5274f052 14 *
c2058e06
JA		 15 * Copyright (C) 2005-2006 Jens Axboe <axboe@suse.de>
16 * Copyright (C) 2005-2006 Linus Torvalds <torvalds@osdl.org>
17 * Copyright (C) 2006 Ingo Molnar <mingo@elte.hu>
5274f052
JA		 18 *
19 */
20#include <linux/fs.h>
21#include <linux/file.h>
22#include <linux/pagemap.h>
23#include <linux/pipe_fs_i.h>
24#include <linux/mm_inline.h>
5abc97aa 25#include <linux/swap.h>
4f6f0bd2
JA		 26#include <linux/writeback.h>
27#include <linux/buffer_head.h>
a0f06780 28#include <linux/module.h>
4f6f0bd2 29#include <linux/syscalls.h>
912d35f8 30#include <linux/uio.h>
5274f052 31
912d35f8
JA		 32struct partial_page {
33 unsigned int offset;
34 unsigned int len;
35};
36
37/*
00522fb4 38 * Passed to splice_to_pipe
912d35f8
JA		 39 */
40struct splice_pipe_desc {
41 struct page **pages; /* page map */
42 struct partial_page *partial; /* pages[] may not be contig */
43 int nr_pages; /* number of pages in map */
44 unsigned int flags; /* splice flags */
45 struct pipe_buf_operations *ops;/* ops associated with output pipe */
46};
47
83f9135b
JA		 48/*
49 * Attempt to steal a page from a pipe buffer. This should perhaps go into
50 * a vm helper function, it's already simplified quite a bit by the
51 * addition of remove_mapping(). If success is returned, the caller may
52 * attempt to reuse this page for another destination.
53 */
5abc97aa
JA		 54static int page_cache_pipe_buf_steal(struct pipe_inode_info *info,
55 struct pipe_buffer *buf)
56{
57 struct page *page = buf->page;
4f6f0bd2 58 struct address_space *mapping = page_mapping(page);
5abc97aa 59
9e0267c2
JA		 60 lock_page(page);
61
5abc97aa
JA		 62 WARN_ON(!PageUptodate(page));
63
ad8d6f0a
JA		 64 /*
65 * At least for ext2 with nobh option, we need to wait on writeback
66 * completing on this page, since we'll remove it from the pagecache.
67 * Otherwise truncate wont wait on the page, allowing the disk
68 * blocks to be reused by someone else before we actually wrote our
69 * data to them. fs corruption ensues.
70 */
71 wait_on_page_writeback(page);
72
4f6f0bd2
JA		 73 if (PagePrivate(page))
74 try_to_release_page(page, mapping_gfp_mask(mapping));
75
9e0267c2
JA		 76 if (!remove_mapping(mapping, page)) {
77 unlock_page(page);
5abc97aa 78 return 1;
9e0267c2 79 }
5abc97aa 80
0568b409 81 buf->flags |= PIPE_BUF_FLAG_LRU;
5abc97aa
JA		 82 return 0;
83}
84
5274f052
JA		 85static void page_cache_pipe_buf_release(struct pipe_inode_info *info,
86 struct pipe_buffer *buf)
87{
88 page_cache_release(buf->page);
89 buf->page = NULL;
0568b409 90 buf->flags &= ~PIPE_BUF_FLAG_LRU;
5274f052
JA		 91}
92
93static void *page_cache_pipe_buf_map(struct file *file,
94 struct pipe_inode_info *info,
95 struct pipe_buffer *buf)
96{
97 struct page *page = buf->page;
49d0b21b 98 int err;
5274f052
JA		 99
100 if (!PageUptodate(page)) {
49d0b21b
JA		 101 lock_page(page);
102
103 /*
104 * Page got truncated/unhashed. This will cause a 0-byte
73d62d83 105 * splice, if this is the first page.
49d0b21b
JA		 106 */
107 if (!page->mapping) {
108 err = -ENODATA;
109 goto error;
110 }
5274f052 111
49d0b21b 112 /*
73d62d83 113 * Uh oh, read-error from disk.
49d0b21b
JA		 114 */
115 if (!PageUptodate(page)) {
116 err = -EIO;
117 goto error;
118 }
119
120 /*
73d62d83 121 * Page is ok afterall, fall through to mapping.
49d0b21b 122 */
5274f052 123 unlock_page(page);
5274f052
JA		 124 }
125
49d0b21b
JA		 126 return kmap(page);
127error:
128 unlock_page(page);
129 return ERR_PTR(err);
5274f052
JA		 130}
131
132static void page_cache_pipe_buf_unmap(struct pipe_inode_info *info,
133 struct pipe_buffer *buf)
134{
5274f052
JA		 135 kunmap(buf->page);
136}
137
912d35f8
JA		 138static void *user_page_pipe_buf_map(struct file *file,
139 struct pipe_inode_info *pipe,
140 struct pipe_buffer *buf)
141{
142 return kmap(buf->page);
143}
144
145static void user_page_pipe_buf_unmap(struct pipe_inode_info *pipe,
146 struct pipe_buffer *buf)
147{
148 kunmap(buf->page);
149}
150
70524490
JA		 151static void page_cache_pipe_buf_get(struct pipe_inode_info *info,
152 struct pipe_buffer *buf)
153{
154 page_cache_get(buf->page);
155}
156
5274f052
JA		 157static struct pipe_buf_operations page_cache_pipe_buf_ops = {
158 .can_merge = 0,
159 .map = page_cache_pipe_buf_map,
160 .unmap = page_cache_pipe_buf_unmap,
161 .release = page_cache_pipe_buf_release,
5abc97aa 162 .steal = page_cache_pipe_buf_steal,
70524490 163 .get = page_cache_pipe_buf_get,
5274f052
JA		 164};
165
912d35f8
JA		 166static int user_page_pipe_buf_steal(struct pipe_inode_info *pipe,
167 struct pipe_buffer *buf)
168{
169 return 1;
170}
171
172static struct pipe_buf_operations user_page_pipe_buf_ops = {
173 .can_merge = 0,
174 .map = user_page_pipe_buf_map,
175 .unmap = user_page_pipe_buf_unmap,
176 .release = page_cache_pipe_buf_release,
177 .steal = user_page_pipe_buf_steal,
178 .get = page_cache_pipe_buf_get,
179};
180
83f9135b
JA		 181/*
182 * Pipe output worker. This sets up our pipe format with the page cache
183 * pipe buffer operations. Otherwise very similar to the regular pipe_writev().
184 */
00522fb4
JA		 185static ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
186 struct splice_pipe_desc *spd)
5274f052 187{
912d35f8 188 int ret, do_wakeup, page_nr;
5274f052
JA		 189
190 ret = 0;
191 do_wakeup = 0;
912d35f8 192 page_nr = 0;
5274f052 193
3a326a2c
IM		 194 if (pipe->inode)
195 mutex_lock(&pipe->inode->i_mutex);
5274f052 196
5274f052 197 for (;;) {
3a326a2c 198 if (!pipe->readers) {
5274f052
JA		 199 send_sig(SIGPIPE, current, 0);
200 if (!ret)
201 ret = -EPIPE;
202 break;
203 }
204
6f767b04
JA		 205 if (pipe->nrbufs < PIPE_BUFFERS) {
206 int newbuf = (pipe->curbuf + pipe->nrbufs) & (PIPE_BUFFERS - 1);
3a326a2c 207 struct pipe_buffer *buf = pipe->bufs + newbuf;
5274f052 208
912d35f8
JA		 209 buf->page = spd->pages[page_nr];
210 buf->offset = spd->partial[page_nr].offset;
211 buf->len = spd->partial[page_nr].len;
212 buf->ops = spd->ops;
6f767b04 213 pipe->nrbufs++;
912d35f8
JA		 214 page_nr++;
215 ret += buf->len;
216
6f767b04
JA		 217 if (pipe->inode)
218 do_wakeup = 1;
5274f052 219
912d35f8 220 if (!--spd->nr_pages)
5274f052 221 break;
6f767b04 222 if (pipe->nrbufs < PIPE_BUFFERS)
5274f052
JA		 223 continue;
224
225 break;
226 }
227
912d35f8 228 if (spd->flags & SPLICE_F_NONBLOCK) {
29e35094
LT		 229 if (!ret)
230 ret = -EAGAIN;
231 break;
232 }
233
5274f052
JA		 234 if (signal_pending(current)) {
235 if (!ret)
236 ret = -ERESTARTSYS;
237 break;
238 }
239
240 if (do_wakeup) {
c0bd1f65 241 smp_mb();
3a326a2c
IM		 242 if (waitqueue_active(&pipe->wait))
243 wake_up_interruptible_sync(&pipe->wait);
244 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
5274f052
JA		 245 do_wakeup = 0;
246 }
247
3a326a2c
IM		 248 pipe->waiting_writers++;
249 pipe_wait(pipe);
250 pipe->waiting_writers--;
5274f052
JA		 251 }
252
3a326a2c
IM		 253 if (pipe->inode)
254 mutex_unlock(&pipe->inode->i_mutex);
5274f052
JA		 255
256 if (do_wakeup) {
c0bd1f65 257 smp_mb();
3a326a2c
IM		 258 if (waitqueue_active(&pipe->wait))
259 wake_up_interruptible(&pipe->wait);
260 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
5274f052
JA		 261 }
262
912d35f8
JA		 263 while (page_nr < spd->nr_pages)
264 page_cache_release(spd->pages[page_nr++]);
5274f052
JA		 265
266 return ret;
267}
268
3a326a2c 269static int
cbb7e577
JA		 270__generic_file_splice_read(struct file *in, loff_t *ppos,
271 struct pipe_inode_info *pipe, size_t len,
272 unsigned int flags)
5274f052
JA		 273{
274 struct address_space *mapping = in->f_mapping;
912d35f8 275 unsigned int loff, nr_pages;
16c523dd 276 struct page *pages[PIPE_BUFFERS];
912d35f8 277 struct partial_page partial[PIPE_BUFFERS];
5274f052 278 struct page *page;
91ad66ef
JA		 279 pgoff_t index, end_index;
280 loff_t isize;
912d35f8 281 size_t total_len;
eb20796b 282 int error, page_nr;
912d35f8
JA		 283 struct splice_pipe_desc spd = {
284 .pages = pages,
285 .partial = partial,
286 .flags = flags,
287 .ops = &page_cache_pipe_buf_ops,
288 };
5274f052 289
cbb7e577 290 index = *ppos >> PAGE_CACHE_SHIFT;
912d35f8
JA		 291 loff = *ppos & ~PAGE_CACHE_MASK;
292 nr_pages = (len + loff + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
5274f052
JA		 293
294 if (nr_pages > PIPE_BUFFERS)
295 nr_pages = PIPE_BUFFERS;
296
297 /*
73d62d83 298 * Initiate read-ahead on this page range. however, don't call into
0b749ce3
JA		 299 * read-ahead if this is a non-zero offset (we are likely doing small
300 * chunk splice and the page is already there) for a single page.
5274f052 301 */
eb645a24
JA		 302 if (!loff || nr_pages > 1)
303 page_cache_readahead(mapping, &in->f_ra, in, index, nr_pages);
5274f052 304
5274f052 305 /*
73d62d83 306 * Now fill in the holes:
5274f052 307 */
7480a904 308 error = 0;
912d35f8 309 total_len = 0;
82aa5d61 310
eb20796b
JA		 311 /*
312 * Lookup the (hopefully) full range of pages we need.
313 */
314 spd.nr_pages = find_get_pages_contig(mapping, index, nr_pages, pages);
82aa5d61 315
eb20796b
JA		 316 /*
317 * If find_get_pages_contig() returned fewer pages than we needed,
318 * allocate the rest.
319 */
320 index += spd.nr_pages;
321 while (spd.nr_pages < nr_pages) {
82aa5d61 322 /*
eb20796b
JA		 323 * Page could be there, find_get_pages_contig() breaks on
324 * the first hole.
5274f052 325 */
7480a904
JA		 326 page = find_get_page(mapping, index);
327 if (!page) {
7480a904 328 /*
eb20796b 329 * page didn't exist, allocate one.
7480a904
JA		 330 */
331 page = page_cache_alloc_cold(mapping);
332 if (!page)
333 break;
334
335 error = add_to_page_cache_lru(page, mapping, index,
eb20796b 336 mapping_gfp_mask(mapping));
7480a904
JA		 337 if (unlikely(error)) {
338 page_cache_release(page);
339 break;
340 }
eb20796b
JA		 341 /*
342 * add_to_page_cache() locks the page, unlock it
343 * to avoid convoluting the logic below even more.
344 */
345 unlock_page(page);
7480a904
JA		 346 }
347
eb20796b
JA		 348 pages[spd.nr_pages++] = page;
349 index++;
350 }
351
352 /*
353 * Now loop over the map and see if we need to start IO on any
354 * pages, fill in the partial map, etc.
355 */
356 index = *ppos >> PAGE_CACHE_SHIFT;
357 nr_pages = spd.nr_pages;
358 spd.nr_pages = 0;
359 for (page_nr = 0; page_nr < nr_pages; page_nr++) {
360 unsigned int this_len;
361
362 if (!len)
363 break;
364
365 /*
366 * this_len is the max we'll use from this page
367 */
368 this_len = min_t(unsigned long, len, PAGE_CACHE_SIZE - loff);
369 page = pages[page_nr];
370
7480a904
JA		 371 /*
372 * If the page isn't uptodate, we may need to start io on it
373 */
374 if (!PageUptodate(page)) {
c4f895cb
JA		 375 /*
376 * If in nonblock mode then dont block on waiting
377 * for an in-flight io page
378 */
379 if (flags & SPLICE_F_NONBLOCK)
380 break;
381
7480a904
JA		 382 lock_page(page);
383
384 /*
385 * page was truncated, stop here. if this isn't the
386 * first page, we'll just complete what we already
387 * added
388 */
389 if (!page->mapping) {
390 unlock_page(page);
7480a904
JA		 391 break;
392 }
393 /*
394 * page was already under io and is now done, great
395 */
396 if (PageUptodate(page)) {
397 unlock_page(page);
398 goto fill_it;
399 }
5274f052 400
7480a904
JA		 401 /*
402 * need to read in the page
403 */
404 error = mapping->a_ops->readpage(in, page);
5274f052 405 if (unlikely(error)) {
eb20796b
JA		 406 /*
407 * We really should re-lookup the page here,
408 * but it complicates things a lot. Instead
409 * lets just do what we already stored, and
410 * we'll get it the next time we are called.
411 */
7480a904 412 if (error == AOP_TRUNCATED_PAGE)
eb20796b
JA		 413 error = 0;
414
5274f052
JA		 415 break;
416 }
91ad66ef
JA		 417
418 /*
419 * i_size must be checked after ->readpage().
420 */
421 isize = i_size_read(mapping->host);
422 end_index = (isize - 1) >> PAGE_CACHE_SHIFT;
eb20796b 423 if (unlikely(!isize || index > end_index))
91ad66ef 424 break;
91ad66ef
JA		 425
426 /*
427 * if this is the last page, see if we need to shrink
428 * the length and stop
429 */
430 if (end_index == index) {
431 loff = PAGE_CACHE_SIZE - (isize & ~PAGE_CACHE_MASK);
eb20796b 432 if (total_len + loff > isize)
91ad66ef 433 break;
91ad66ef
JA		 434 /*
435 * force quit after adding this page
436 */
eb20796b 437 len = this_len;
82aa5d61 438 this_len = min(this_len, loff);
912d35f8 439 loff = 0;
91ad66ef 440 }
5274f052 441 }
7480a904 442fill_it:
eb20796b
JA		 443 partial[page_nr].offset = loff;
444 partial[page_nr].len = this_len;
82aa5d61 445 len -= this_len;
912d35f8 446 total_len += this_len;
91ad66ef 447 loff = 0;
eb20796b
JA		 448 spd.nr_pages++;
449 index++;
5274f052
JA		 450 }
451
eb20796b
JA		 452 /*
453 * Release any pages at the end, if we quit early. 'i' is how far
454 * we got, 'nr_pages' is how many pages are in the map.
455 */
456 while (page_nr < nr_pages)
457 page_cache_release(pages[page_nr++]);
458
912d35f8 459 if (spd.nr_pages)
00522fb4 460 return splice_to_pipe(pipe, &spd);
5274f052 461
7480a904 462 return error;
5274f052
JA		 463}
464
83f9135b
JA		 465/**
466 * generic_file_splice_read - splice data from file to a pipe
467 * @in: file to splice from
468 * @pipe: pipe to splice to
469 * @len: number of bytes to splice
470 * @flags: splice modifier flags
471 *
472 * Will read pages from given file and fill them into a pipe.
83f9135b 473 */
cbb7e577
JA		 474ssize_t generic_file_splice_read(struct file *in, loff_t *ppos,
475 struct pipe_inode_info *pipe, size_t len,
476 unsigned int flags)
5274f052
JA		 477{
478 ssize_t spliced;
479 int ret;
480
481 ret = 0;
482 spliced = 0;
3a326a2c 483
5274f052 484 while (len) {
cbb7e577 485 ret = __generic_file_splice_read(in, ppos, pipe, len, flags);
5274f052 486
c4f895cb 487 if (ret < 0)
5274f052 488 break;
c4f895cb
JA		 489 else if (!ret) {
490 if (spliced)
491 break;
492 if (flags & SPLICE_F_NONBLOCK) {
493 ret = -EAGAIN;
494 break;
495 }
496 }
5274f052 497
cbb7e577 498 *ppos += ret;
5274f052
JA		 499 len -= ret;
500 spliced += ret;
501 }
502
503 if (spliced)
504 return spliced;
505
506 return ret;
507}
508
059a8f37
JA		 509EXPORT_SYMBOL(generic_file_splice_read);
510
5274f052 511/*
4f6f0bd2 512 * Send 'sd->len' bytes to socket from 'sd->file' at position 'sd->pos'
016b661e 513 * using sendpage(). Return the number of bytes sent.
5274f052
JA		 514 */
515static int pipe_to_sendpage(struct pipe_inode_info *info,
516 struct pipe_buffer *buf, struct splice_desc *sd)
517{
518 struct file *file = sd->file;
519 loff_t pos = sd->pos;
5274f052
JA		 520 ssize_t ret;
521 void *ptr;
b2b39fa4 522 int more;
5274f052
JA		 523
524 /*
73d62d83 525 * Sub-optimal, but we are limited by the pipe ->map. We don't
5274f052
JA		 526 * need a kmap'ed buffer here, we just want to make sure we
527 * have the page pinned if the pipe page originates from the
73d62d83 528 * page cache.
5274f052
JA		 529 */
530 ptr = buf->ops->map(file, info, buf);
531 if (IS_ERR(ptr))
532 return PTR_ERR(ptr);
533
b2b39fa4 534 more = (sd->flags & SPLICE_F_MORE) || sd->len < sd->total_len;
5274f052 535
016b661e
JA		 536 ret = file->f_op->sendpage(file, buf->page, buf->offset, sd->len,
537 &pos, more);
5274f052
JA		 538
539 buf->ops->unmap(info, buf);
016b661e 540 return ret;
5274f052
JA		 541}
542
543/*
544 * This is a little more tricky than the file -> pipe splicing. There are
545 * basically three cases:
546 *
547 * - Destination page already exists in the address space and there
548 * are users of it. For that case we have no other option that
549 * copying the data. Tough luck.
550 * - Destination page already exists in the address space, but there
551 * are no users of it. Make sure it's uptodate, then drop it. Fall
552 * through to last case.
553 * - Destination page does not exist, we can add the pipe page to
554 * the page cache and avoid the copy.
555 *
83f9135b
JA		 556 * If asked to move pages to the output file (SPLICE_F_MOVE is set in
557 * sd->flags), we attempt to migrate pages from the pipe to the output
558 * file address space page cache. This is possible if no one else has
559 * the pipe page referenced outside of the pipe and page cache. If
560 * SPLICE_F_MOVE isn't set, or we cannot move the page, we simply create
561 * a new page in the output file page cache and fill/dirty that.
5274f052
JA		 562 */
563static int pipe_to_file(struct pipe_inode_info *info, struct pipe_buffer *buf,
564 struct splice_desc *sd)
565{
566 struct file *file = sd->file;
567 struct address_space *mapping = file->f_mapping;
3e7ee3e7 568 gfp_t gfp_mask = mapping_gfp_mask(mapping);
016b661e 569 unsigned int offset, this_len;
5274f052 570 struct page *page;
5274f052 571 pgoff_t index;
5abc97aa 572 char *src;
3e7ee3e7 573 int ret;
5274f052
JA		 574
575 /*
49d0b21b 576 * make sure the data in this buffer is uptodate
5274f052
JA		 577 */
578 src = buf->ops->map(file, info, buf);
579 if (IS_ERR(src))
580 return PTR_ERR(src);
581
582 index = sd->pos >> PAGE_CACHE_SHIFT;
583 offset = sd->pos & ~PAGE_CACHE_MASK;
584
016b661e
JA		 585 this_len = sd->len;
586 if (this_len + offset > PAGE_CACHE_SIZE)
587 this_len = PAGE_CACHE_SIZE - offset;
588
5274f052 589 /*
0568b409
JA		 590 * Reuse buf page, if SPLICE_F_MOVE is set and we are doing a full
591 * page.
5274f052 592 */
0568b409 593 if ((sd->flags & SPLICE_F_MOVE) && this_len == PAGE_CACHE_SIZE) {
83f9135b
JA		 594 /*
595 * If steal succeeds, buf->page is now pruned from the vm
9e0267c2
JA		 596 * side (LRU and page cache) and we can reuse it. The page
597 * will also be looked on successful return.
83f9135b 598 */
5abc97aa
JA		 599 if (buf->ops->steal(info, buf))
600 goto find_page;
601
602 page = buf->page;
46e678c9
JA		 603 if (add_to_page_cache(page, mapping, index, gfp_mask)) {
604 unlock_page(page);
5abc97aa 605 goto find_page;
46e678c9 606 }
3e7ee3e7 607
0568b409
JA		 608 page_cache_get(page);
609
3e7ee3e7
JA		 610 if (!(buf->flags & PIPE_BUF_FLAG_LRU))
611 lru_cache_add(page);
5abc97aa
JA		 612 } else {
613find_page:
9e0267c2
JA		 614 page = find_lock_page(mapping, index);
615 if (!page) {
616 ret = -ENOMEM;
617 page = page_cache_alloc_cold(mapping);
618 if (unlikely(!page))
619 goto out_nomem;
620
621 /*
622 * This will also lock the page
623 */
624 ret = add_to_page_cache_lru(page, mapping, index,
625 gfp_mask);
626 if (unlikely(ret))
627 goto out;
628 }
5abc97aa
JA		 629
630 /*
9e0267c2
JA		 631 * We get here with the page locked. If the page is also
632 * uptodate, we don't need to do more. If it isn't, we
633 * may need to bring it in if we are not going to overwrite
634 * the full page.
5abc97aa
JA		 635 */
636 if (!PageUptodate(page)) {
016b661e 637 if (this_len < PAGE_CACHE_SIZE) {
5abc97aa
JA		 638 ret = mapping->a_ops->readpage(file, page);
639 if (unlikely(ret))
640 goto out;
641
642 lock_page(page);
643
644 if (!PageUptodate(page)) {
645 /*
73d62d83 646 * Page got invalidated, repeat.
5abc97aa
JA		 647 */
648 if (!page->mapping) {
649 unlock_page(page);
650 page_cache_release(page);
651 goto find_page;
652 }
653 ret = -EIO;
654 goto out;
5274f052 655 }
9e0267c2 656 } else
5abc97aa 657 SetPageUptodate(page);
5274f052
JA		 658 }
659 }
660
016b661e 661 ret = mapping->a_ops->prepare_write(file, page, offset, offset+this_len);
4f6f0bd2
JA		 662 if (ret == AOP_TRUNCATED_PAGE) {
663 page_cache_release(page);
664 goto find_page;
665 } else if (ret)
5274f052
JA		 666 goto out;
667
0568b409 668 if (buf->page != page) {
5abc97aa
JA		 669 char *dst = kmap_atomic(page, KM_USER0);
670
016b661e 671 memcpy(dst + offset, src + buf->offset, this_len);
5abc97aa
JA		 672 flush_dcache_page(page);
673 kunmap_atomic(dst, KM_USER0);
674 }
5274f052 675
016b661e 676 ret = mapping->a_ops->commit_write(file, page, offset, offset+this_len);
0568b409
JA		 677 if (!ret) {
678 /*
679 * Return the number of bytes written and mark page as
680 * accessed, we are now done!
681 */
682 ret = this_len;
683 mark_page_accessed(page);
684 balance_dirty_pages_ratelimited(mapping);
685 } else if (ret == AOP_TRUNCATED_PAGE) {
4f6f0bd2
JA		 686 page_cache_release(page);
687 goto find_page;
0568b409 688 }
5274f052 689out:
0568b409 690 page_cache_release(page);
9e0267c2 691 unlock_page(page);
9aefe431 692out_nomem:
5274f052
JA		 693 buf->ops->unmap(info, buf);
694 return ret;
695}
696
83f9135b
JA		 697/*
698 * Pipe input worker. Most of this logic works like a regular pipe, the
699 * key here is the 'actor' worker passed in that actually moves the data
700 * to the wanted destination. See pipe_to_file/pipe_to_sendpage above.
701 */
00522fb4
JA		 702ssize_t splice_from_pipe(struct pipe_inode_info *pipe, struct file *out,
703 loff_t *ppos, size_t len, unsigned int flags,
704 splice_actor *actor)
5274f052 705{
5274f052
JA		 706 int ret, do_wakeup, err;
707 struct splice_desc sd;
708
709 ret = 0;
710 do_wakeup = 0;
711
712 sd.total_len = len;
713 sd.flags = flags;
714 sd.file = out;
cbb7e577 715 sd.pos = *ppos;
5274f052 716
3a326a2c
IM		 717 if (pipe->inode)
718 mutex_lock(&pipe->inode->i_mutex);
5274f052 719
5274f052 720 for (;;) {
6f767b04
JA		 721 if (pipe->nrbufs) {
722 struct pipe_buffer *buf = pipe->bufs + pipe->curbuf;
5274f052
JA		 723 struct pipe_buf_operations *ops = buf->ops;
724
725 sd.len = buf->len;
726 if (sd.len > sd.total_len)
727 sd.len = sd.total_len;
728
3a326a2c 729 err = actor(pipe, buf, &sd);
016b661e 730 if (err <= 0) {
5274f052
JA		 731 if (!ret && err != -ENODATA)
732 ret = err;
733
734 break;
735 }
736
016b661e
JA		 737 ret += err;
738 buf->offset += err;
739 buf->len -= err;
740
741 sd.len -= err;
742 sd.pos += err;
743 sd.total_len -= err;
744 if (sd.len)
745 continue;
73d62d83 746
5274f052
JA		 747 if (!buf->len) {
748 buf->ops = NULL;
3a326a2c 749 ops->release(pipe, buf);
6f767b04
JA		 750 pipe->curbuf = (pipe->curbuf + 1) & (PIPE_BUFFERS - 1);
751 pipe->nrbufs--;
752 if (pipe->inode)
753 do_wakeup = 1;
5274f052
JA		 754 }
755
5274f052
JA		 756 if (!sd.total_len)
757 break;
758 }
759
6f767b04 760 if (pipe->nrbufs)
5274f052 761 continue;
3a326a2c 762 if (!pipe->writers)
5274f052 763 break;
3a326a2c 764 if (!pipe->waiting_writers) {
5274f052
JA		 765 if (ret)
766 break;
767 }
768
29e35094
LT		 769 if (flags & SPLICE_F_NONBLOCK) {
770 if (!ret)
771 ret = -EAGAIN;
772 break;
773 }
774
5274f052
JA		 775 if (signal_pending(current)) {
776 if (!ret)
777 ret = -ERESTARTSYS;
778 break;
779 }
780
781 if (do_wakeup) {
c0bd1f65 782 smp_mb();
3a326a2c
IM		 783 if (waitqueue_active(&pipe->wait))
784 wake_up_interruptible_sync(&pipe->wait);
785 kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
5274f052
JA		 786 do_wakeup = 0;
787 }
788
3a326a2c 789 pipe_wait(pipe);
5274f052
JA		 790 }
791
3a326a2c
IM		 792 if (pipe->inode)
793 mutex_unlock(&pipe->inode->i_mutex);
5274f052
JA		 794
795 if (do_wakeup) {
c0bd1f65 796 smp_mb();
3a326a2c
IM		 797 if (waitqueue_active(&pipe->wait))
798 wake_up_interruptible(&pipe->wait);
799 kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
5274f052
JA		 800 }
801
5274f052 802 return ret;
5274f052
JA		 803}
804
83f9135b
JA		 805/**
806 * generic_file_splice_write - splice data from a pipe to a file
3a326a2c 807 * @pipe: pipe info
83f9135b
JA		 808 * @out: file to write to
809 * @len: number of bytes to splice
810 * @flags: splice modifier flags
811 *
812 * Will either move or copy pages (determined by @flags options) from
813 * the given pipe inode to the given file.
814 *
815 */
3a326a2c
IM		 816ssize_t
817generic_file_splice_write(struct pipe_inode_info *pipe, struct file *out,
cbb7e577 818 loff_t *ppos, size_t len, unsigned int flags)
5274f052 819{
4f6f0bd2 820 struct address_space *mapping = out->f_mapping;
3a326a2c
IM		 821 ssize_t ret;
822
00522fb4 823 ret = splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_file);
a4514ebd 824 if (ret > 0) {
4f6f0bd2 825 struct inode *inode = mapping->host;
4f6f0bd2 826
a4514ebd
JA		 827 *ppos += ret;
828
829 /*
830 * If file or inode is SYNC and we actually wrote some data,
831 * sync it.
832 */
833 if (unlikely((out->f_flags & O_SYNC) || IS_SYNC(inode))) {
834 int err;
835
836 mutex_lock(&inode->i_mutex);
837 err = generic_osync_inode(inode, mapping,
838 OSYNC_METADATA|OSYNC_DATA);
839 mutex_unlock(&inode->i_mutex);
4f6f0bd2 840
a4514ebd
JA		 841 if (err)
842 ret = err;
843 }
4f6f0bd2
JA		 844 }
845
846 return ret;
5274f052
JA		 847}
848
059a8f37
JA		 849EXPORT_SYMBOL(generic_file_splice_write);
850
83f9135b
JA		 851/**
852 * generic_splice_sendpage - splice data from a pipe to a socket
853 * @inode: pipe inode
854 * @out: socket to write to
855 * @len: number of bytes to splice
856 * @flags: splice modifier flags
857 *
858 * Will send @len bytes from the pipe to a network socket. No data copying
859 * is involved.
860 *
861 */
3a326a2c 862ssize_t generic_splice_sendpage(struct pipe_inode_info *pipe, struct file *out,
cbb7e577 863 loff_t *ppos, size_t len, unsigned int flags)
5274f052 864{
00522fb4 865 return splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_sendpage);
5274f052
JA		 866}
867
059a8f37 868EXPORT_SYMBOL(generic_splice_sendpage);
a0f06780 869
83f9135b
JA		 870/*
871 * Attempt to initiate a splice from pipe to file.
872 */
3a326a2c 873static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
cbb7e577 874 loff_t *ppos, size_t len, unsigned int flags)
5274f052 875{
5274f052
JA		 876 int ret;
877
49570e9b 878 if (unlikely(!out->f_op || !out->f_op->splice_write))
5274f052
JA		 879 return -EINVAL;
880
49570e9b 881 if (unlikely(!(out->f_mode & FMODE_WRITE)))
5274f052
JA		 882 return -EBADF;
883
cbb7e577 884 ret = rw_verify_area(WRITE, out, ppos, len);
5274f052
JA		 885 if (unlikely(ret < 0))
886 return ret;
887
cbb7e577 888 return out->f_op->splice_write(pipe, out, ppos, len, flags);
5274f052
JA		 889}
890
83f9135b
JA		 891/*
892 * Attempt to initiate a splice from a file to a pipe.
893 */
cbb7e577
JA		 894static long do_splice_to(struct file *in, loff_t *ppos,
895 struct pipe_inode_info *pipe, size_t len,
896 unsigned int flags)
5274f052 897{
cbb7e577 898 loff_t isize, left;
5274f052
JA		 899 int ret;
900
49570e9b 901 if (unlikely(!in->f_op || !in->f_op->splice_read))
5274f052
JA		 902 return -EINVAL;
903
49570e9b 904 if (unlikely(!(in->f_mode & FMODE_READ)))
5274f052
JA		 905 return -EBADF;
906
cbb7e577 907 ret = rw_verify_area(READ, in, ppos, len);
5274f052
JA		 908 if (unlikely(ret < 0))
909 return ret;
910
911 isize = i_size_read(in->f_mapping->host);
cbb7e577 912 if (unlikely(*ppos >= isize))
5274f052
JA		 913 return 0;
914
cbb7e577 915 left = isize - *ppos;
49570e9b 916 if (unlikely(left < len))
5274f052
JA		 917 len = left;
918
cbb7e577 919 return in->f_op->splice_read(in, ppos, pipe, len, flags);
5274f052
JA		 920}
921
cbb7e577
JA		 922long do_splice_direct(struct file *in, loff_t *ppos, struct file *out,
923 size_t len, unsigned int flags)
b92ce558
JA		 924{
925 struct pipe_inode_info *pipe;
926 long ret, bytes;
cbb7e577 927 loff_t out_off;
b92ce558
JA		 928 umode_t i_mode;
929 int i;
930
931 /*
932 * We require the input being a regular file, as we don't want to
933 * randomly drop data for eg socket -> socket splicing. Use the
934 * piped splicing for that!
935 */
936 i_mode = in->f_dentry->d_inode->i_mode;
937 if (unlikely(!S_ISREG(i_mode) && !S_ISBLK(i_mode)))
938 return -EINVAL;
939
940 /*
941 * neither in nor out is a pipe, setup an internal pipe attached to
942 * 'out' and transfer the wanted data from 'in' to 'out' through that
943 */
944 pipe = current->splice_pipe;
49570e9b 945 if (unlikely(!pipe)) {
b92ce558
JA		 946 pipe = alloc_pipe_info(NULL);
947 if (!pipe)
948 return -ENOMEM;
949
950 /*
951 * We don't have an immediate reader, but we'll read the stuff
00522fb4 952 * out of the pipe right after the splice_to_pipe(). So set
b92ce558
JA		 953 * PIPE_READERS appropriately.
954 */
955 pipe->readers = 1;
956
957 current->splice_pipe = pipe;
958 }
959
960 /*
73d62d83 961 * Do the splice.
b92ce558
JA		 962 */
963 ret = 0;
964 bytes = 0;
cbb7e577 965 out_off = 0;
b92ce558
JA		 966
967 while (len) {
968 size_t read_len, max_read_len;
969
970 /*
971 * Do at most PIPE_BUFFERS pages worth of transfer:
972 */
973 max_read_len = min(len, (size_t)(PIPE_BUFFERS*PAGE_SIZE));
974
cbb7e577 975 ret = do_splice_to(in, ppos, pipe, max_read_len, flags);
b92ce558
JA		 976 if (unlikely(ret < 0))
977 goto out_release;
978
979 read_len = ret;
980
981 /*
982 * NOTE: nonblocking mode only applies to the input. We
983 * must not do the output in nonblocking mode as then we
984 * could get stuck data in the internal pipe:
985 */
cbb7e577 986 ret = do_splice_from(pipe, out, &out_off, read_len,
b92ce558
JA		 987 flags & ~SPLICE_F_NONBLOCK);
988 if (unlikely(ret < 0))
989 goto out_release;
990
991 bytes += ret;
992 len -= ret;
993
994 /*
995 * In nonblocking mode, if we got back a short read then
996 * that was due to either an IO error or due to the
997 * pagecache entry not being there. In the IO error case
998 * the _next_ splice attempt will produce a clean IO error
999 * return value (not a short read), so in both cases it's
1000 * correct to break out of the loop here:
1001 */
1002 if ((flags & SPLICE_F_NONBLOCK) && (read_len < max_read_len))
1003 break;
1004 }
1005
1006 pipe->nrbufs = pipe->curbuf = 0;
1007
1008 return bytes;
1009
1010out_release:
1011 /*
1012 * If we did an incomplete transfer we must release
1013 * the pipe buffers in question:
1014 */
1015 for (i = 0; i < PIPE_BUFFERS; i++) {
1016 struct pipe_buffer *buf = pipe->bufs + i;
1017
1018 if (buf->ops) {
1019 buf->ops->release(pipe, buf);
1020 buf->ops = NULL;
1021 }
1022 }
1023 pipe->nrbufs = pipe->curbuf = 0;
1024
1025 /*
1026 * If we transferred some data, return the number of bytes:
1027 */
1028 if (bytes > 0)
1029 return bytes;
1030
1031 return ret;
1032}
1033
1034EXPORT_SYMBOL(do_splice_direct);
1035
83f9135b
JA		 1036/*
1037 * Determine where to splice to/from.
1038 */
529565dc
IM		 1039static long do_splice(struct file *in, loff_t __user *off_in,
1040 struct file *out, loff_t __user *off_out,
1041 size_t len, unsigned int flags)
5274f052 1042{
3a326a2c 1043 struct pipe_inode_info *pipe;
cbb7e577 1044 loff_t offset, *off;
a4514ebd 1045 long ret;
5274f052 1046
3a326a2c 1047 pipe = in->f_dentry->d_inode->i_pipe;
529565dc
IM		 1048 if (pipe) {
1049 if (off_in)
1050 return -ESPIPE;
b92ce558
JA		 1051 if (off_out) {
1052 if (out->f_op->llseek == no_llseek)
1053 return -EINVAL;
cbb7e577 1054 if (copy_from_user(&offset, off_out, sizeof(loff_t)))
b92ce558 1055 return -EFAULT;
cbb7e577
JA		 1056 off = &offset;
1057 } else
1058 off = &out->f_pos;
529565dc 1059
a4514ebd
JA		 1060 ret = do_splice_from(pipe, out, off, len, flags);
1061
1062 if (off_out && copy_to_user(off_out, off, sizeof(loff_t)))
1063 ret = -EFAULT;
1064
1065 return ret;
529565dc 1066 }
5274f052 1067
3a326a2c 1068 pipe = out->f_dentry->d_inode->i_pipe;
529565dc
IM		 1069 if (pipe) {
1070 if (off_out)
1071 return -ESPIPE;
b92ce558
JA		 1072 if (off_in) {
1073 if (in->f_op->llseek == no_llseek)
1074 return -EINVAL;
cbb7e577 1075 if (copy_from_user(&offset, off_in, sizeof(loff_t)))
b92ce558 1076 return -EFAULT;
cbb7e577
JA		 1077 off = &offset;
1078 } else
1079 off = &in->f_pos;
529565dc 1080
a4514ebd
JA		 1081 ret = do_splice_to(in, off, pipe, len, flags);
1082
1083 if (off_in && copy_to_user(off_in, off, sizeof(loff_t)))
1084 ret = -EFAULT;
1085
1086 return ret;
529565dc 1087 }
5274f052
JA		 1088
1089 return -EINVAL;
1090}
1091
912d35f8
JA		 1092/*
1093 * Map an iov into an array of pages and offset/length tupples. With the
1094 * partial_page structure, we can map several non-contiguous ranges into
1095 * our ones pages[] map instead of splitting that operation into pieces.
1096 * Could easily be exported as a generic helper for other users, in which
1097 * case one would probably want to add a 'max_nr_pages' parameter as well.
1098 */
1099static int get_iovec_page_array(const struct iovec __user *iov,
1100 unsigned int nr_vecs, struct page **pages,
1101 struct partial_page *partial)
1102{
1103 int buffers = 0, error = 0;
1104
1105 /*
1106 * It's ok to take the mmap_sem for reading, even
1107 * across a "get_user()".
1108 */
1109 down_read(&current->mm->mmap_sem);
1110
1111 while (nr_vecs) {
1112 unsigned long off, npages;
1113 void __user *base;
1114 size_t len;
1115 int i;
1116
1117 /*
1118 * Get user address base and length for this iovec.
1119 */
1120 error = get_user(base, &iov->iov_base);
1121 if (unlikely(error))
1122 break;
1123 error = get_user(len, &iov->iov_len);
1124 if (unlikely(error))
1125 break;
1126
1127 /*
1128 * Sanity check this iovec. 0 read succeeds.
1129 */
1130 if (unlikely(!len))
1131 break;
1132 error = -EFAULT;
1133 if (unlikely(!base))
1134 break;
1135
1136 /*
1137 * Get this base offset and number of pages, then map
1138 * in the user pages.
1139 */
1140 off = (unsigned long) base & ~PAGE_MASK;
1141 npages = (off + len + PAGE_SIZE - 1) >> PAGE_SHIFT;
1142 if (npages > PIPE_BUFFERS - buffers)
1143 npages = PIPE_BUFFERS - buffers;
1144
1145 error = get_user_pages(current, current->mm,
1146 (unsigned long) base, npages, 0, 0,
1147 &pages[buffers], NULL);
1148
1149 if (unlikely(error <= 0))
1150 break;
1151
1152 /*
1153 * Fill this contiguous range into the partial page map.
1154 */
1155 for (i = 0; i < error; i++) {
1156 const int plen = min_t(size_t, len, PAGE_SIZE) - off;
1157
1158 partial[buffers].offset = off;
1159 partial[buffers].len = plen;
1160
1161 off = 0;
1162 len -= plen;
1163 buffers++;
1164 }
1165
1166 /*
1167 * We didn't complete this iov, stop here since it probably
1168 * means we have to move some of this into a pipe to
1169 * be able to continue.
1170 */
1171 if (len)
1172 break;
1173
1174 /*
1175 * Don't continue if we mapped fewer pages than we asked for,
1176 * or if we mapped the max number of pages that we have
1177 * room for.
1178 */
1179 if (error < npages || buffers == PIPE_BUFFERS)
1180 break;
1181
1182 nr_vecs--;
1183 iov++;
1184 }
1185
1186 up_read(&current->mm->mmap_sem);
1187
1188 if (buffers)
1189 return buffers;
1190
1191 return error;
1192}
1193
1194/*
1195 * vmsplice splices a user address range into a pipe. It can be thought of
1196 * as splice-from-memory, where the regular splice is splice-from-file (or
1197 * to file). In both cases the output is a pipe, naturally.
1198 *
1199 * Note that vmsplice only supports splicing _from_ user memory to a pipe,
1200 * not the other way around. Splicing from user memory is a simple operation
1201 * that can be supported without any funky alignment restrictions or nasty
1202 * vm tricks. We simply map in the user memory and fill them into a pipe.
1203 * The reverse isn't quite as easy, though. There are two possible solutions
1204 * for that:
1205 *
1206 * - memcpy() the data internally, at which point we might as well just
1207 * do a regular read() on the buffer anyway.
1208 * - Lots of nasty vm tricks, that are neither fast nor flexible (it
1209 * has restriction limitations on both ends of the pipe).
1210 *
1211 * Alas, it isn't here.
1212 *
1213 */
1214static long do_vmsplice(struct file *file, const struct iovec __user *iov,
1215 unsigned long nr_segs, unsigned int flags)
1216{
1217 struct pipe_inode_info *pipe = file->f_dentry->d_inode->i_pipe;
1218 struct page *pages[PIPE_BUFFERS];
1219 struct partial_page partial[PIPE_BUFFERS];
1220 struct splice_pipe_desc spd = {
1221 .pages = pages,
1222 .partial = partial,
1223 .flags = flags,
1224 .ops = &user_page_pipe_buf_ops,
1225 };
1226
1227 if (unlikely(!pipe))
1228 return -EBADF;
1229 if (unlikely(nr_segs > UIO_MAXIOV))
1230 return -EINVAL;
1231 else if (unlikely(!nr_segs))
1232 return 0;
1233
1234 spd.nr_pages = get_iovec_page_array(iov, nr_segs, pages, partial);
1235 if (spd.nr_pages <= 0)
1236 return spd.nr_pages;
1237
00522fb4 1238 return splice_to_pipe(pipe, &spd);
912d35f8
JA		 1239}
1240
1241asmlinkage long sys_vmsplice(int fd, const struct iovec __user *iov,
1242 unsigned long nr_segs, unsigned int flags)
1243{
1244 struct file *file;
1245 long error;
1246 int fput;
1247
1248 error = -EBADF;
1249 file = fget_light(fd, &fput);
1250 if (file) {
1251 if (file->f_mode & FMODE_WRITE)
1252 error = do_vmsplice(file, iov, nr_segs, flags);
1253
1254 fput_light(file, fput);
1255 }
1256
1257 return error;
1258}
1259
529565dc
IM		 1260asmlinkage long sys_splice(int fd_in, loff_t __user *off_in,
1261 int fd_out, loff_t __user *off_out,
1262 size_t len, unsigned int flags)
5274f052
JA		 1263{
1264 long error;
1265 struct file *in, *out;
1266 int fput_in, fput_out;
1267
1268 if (unlikely(!len))
1269 return 0;
1270
1271 error = -EBADF;
529565dc 1272 in = fget_light(fd_in, &fput_in);
5274f052
JA		 1273 if (in) {
1274 if (in->f_mode & FMODE_READ) {
529565dc 1275 out = fget_light(fd_out, &fput_out);
5274f052
JA		 1276 if (out) {
1277 if (out->f_mode & FMODE_WRITE)
529565dc
IM		 1278 error = do_splice(in, off_in,
1279 out, off_out,
1280 len, flags);
5274f052
JA		 1281 fput_light(out, fput_out);
1282 }
1283 }
1284
1285 fput_light(in, fput_in);
1286 }
1287
1288 return error;
1289}
70524490
JA		 1290
1291/*
1292 * Link contents of ipipe to opipe.
1293 */
1294static int link_pipe(struct pipe_inode_info *ipipe,
1295 struct pipe_inode_info *opipe,
1296 size_t len, unsigned int flags)
1297{
1298 struct pipe_buffer *ibuf, *obuf;
2a27250e
JA		 1299 int ret, do_wakeup, i, ipipe_first;
1300
1301 ret = do_wakeup = ipipe_first = 0;
70524490
JA		 1302
1303 /*
1304 * Potential ABBA deadlock, work around it by ordering lock
1305 * grabbing by inode address. Otherwise two different processes
1306 * could deadlock (one doing tee from A -> B, the other from B -> A).
1307 */
1308 if (ipipe->inode < opipe->inode) {
2a27250e 1309 ipipe_first = 1;
70524490
JA		 1310 mutex_lock(&ipipe->inode->i_mutex);
1311 mutex_lock(&opipe->inode->i_mutex);
1312 } else {
1313 mutex_lock(&opipe->inode->i_mutex);
1314 mutex_lock(&ipipe->inode->i_mutex);
1315 }
1316
1317 for (i = 0;; i++) {
1318 if (!opipe->readers) {
1319 send_sig(SIGPIPE, current, 0);
1320 if (!ret)
1321 ret = -EPIPE;
1322 break;
1323 }
1324 if (ipipe->nrbufs - i) {
1325 ibuf = ipipe->bufs + ((ipipe->curbuf + i) & (PIPE_BUFFERS - 1));
1326
1327 /*
1328 * If we have room, fill this buffer
1329 */
1330 if (opipe->nrbufs < PIPE_BUFFERS) {
1331 int nbuf = (opipe->curbuf + opipe->nrbufs) & (PIPE_BUFFERS - 1);
1332
1333 /*
1334 * Get a reference to this pipe buffer,
1335 * so we can copy the contents over.
1336 */
1337 ibuf->ops->get(ipipe, ibuf);
1338
1339 obuf = opipe->bufs + nbuf;
1340 *obuf = *ibuf;
1341
1342 if (obuf->len > len)
1343 obuf->len = len;
1344
1345 opipe->nrbufs++;
1346 do_wakeup = 1;
1347 ret += obuf->len;
1348 len -= obuf->len;
1349
1350 if (!len)
1351 break;
1352 if (opipe->nrbufs < PIPE_BUFFERS)
1353 continue;
1354 }
1355
1356 /*
1357 * We have input available, but no output room.
2a27250e
JA		 1358 * If we already copied data, return that. If we
1359 * need to drop the opipe lock, it must be ordered
1360 * last to avoid deadlocks.
70524490 1361 */
2a27250e 1362 if ((flags & SPLICE_F_NONBLOCK) || !ipipe_first) {
70524490
JA		 1363 if (!ret)
1364 ret = -EAGAIN;
1365 break;
1366 }
1367 if (signal_pending(current)) {
1368 if (!ret)
1369 ret = -ERESTARTSYS;
1370 break;
1371 }
1372 if (do_wakeup) {
1373 smp_mb();
1374 if (waitqueue_active(&opipe->wait))
1375 wake_up_interruptible(&opipe->wait);
1376 kill_fasync(&opipe->fasync_readers, SIGIO, POLL_IN);
1377 do_wakeup = 0;
1378 }
1379
1380 opipe->waiting_writers++;
1381 pipe_wait(opipe);
1382 opipe->waiting_writers--;
1383 continue;
1384 }
1385
1386 /*
1387 * No input buffers, do the usual checks for available
1388 * writers and blocking and wait if necessary
1389 */
1390 if (!ipipe->writers)
1391 break;
1392 if (!ipipe->waiting_writers) {
1393 if (ret)
1394 break;
1395 }
2a27250e
JA		 1396 /*
1397 * pipe_wait() drops the ipipe mutex. To avoid deadlocks
1398 * with another process, we can only safely do that if
1399 * the ipipe lock is ordered last.
1400 */
1401 if ((flags & SPLICE_F_NONBLOCK) || ipipe_first) {
70524490
JA		 1402 if (!ret)
1403 ret = -EAGAIN;
1404 break;
1405 }
1406 if (signal_pending(current)) {
1407 if (!ret)
1408 ret = -ERESTARTSYS;
1409 break;
1410 }
1411
1412 if (waitqueue_active(&ipipe->wait))
1413 wake_up_interruptible_sync(&ipipe->wait);
1414 kill_fasync(&ipipe->fasync_writers, SIGIO, POLL_OUT);
1415
1416 pipe_wait(ipipe);
1417 }
1418
1419 mutex_unlock(&ipipe->inode->i_mutex);
1420 mutex_unlock(&opipe->inode->i_mutex);
1421
1422 if (do_wakeup) {
1423 smp_mb();
1424 if (waitqueue_active(&opipe->wait))
1425 wake_up_interruptible(&opipe->wait);
1426 kill_fasync(&opipe->fasync_readers, SIGIO, POLL_IN);
1427 }
1428
1429 return ret;
1430}
1431
1432/*
1433 * This is a tee(1) implementation that works on pipes. It doesn't copy
1434 * any data, it simply references the 'in' pages on the 'out' pipe.
1435 * The 'flags' used are the SPLICE_F_* variants, currently the only
1436 * applicable one is SPLICE_F_NONBLOCK.
1437 */
1438static long do_tee(struct file *in, struct file *out, size_t len,
1439 unsigned int flags)
1440{
1441 struct pipe_inode_info *ipipe = in->f_dentry->d_inode->i_pipe;
1442 struct pipe_inode_info *opipe = out->f_dentry->d_inode->i_pipe;
1443
1444 /*
1445 * Link ipipe to the two output pipes, consuming as we go along.
1446 */
1447 if (ipipe && opipe)
1448 return link_pipe(ipipe, opipe, len, flags);
1449
1450 return -EINVAL;
1451}
1452
1453asmlinkage long sys_tee(int fdin, int fdout, size_t len, unsigned int flags)
1454{
1455 struct file *in;
1456 int error, fput_in;
1457
1458 if (unlikely(!len))
1459 return 0;
1460
1461 error = -EBADF;
1462 in = fget_light(fdin, &fput_in);
1463 if (in) {
1464 if (in->f_mode & FMODE_READ) {
1465 int fput_out;
1466 struct file *out = fget_light(fdout, &fput_out);
1467
1468 if (out) {
1469 if (out->f_mode & FMODE_WRITE)
1470 error = do_tee(in, out, len, flags);
1471 fput_light(out, fput_out);
1472 }
1473 }
1474 fput_light(in, fput_in);
1475 }
1476
1477 return error;
1478}
Linux 6.x block layer and io_uring tree(s)