projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[PATCH] splice: close i_size truncate races on read
[linux-2.6-block.git] / fs / splice.c
CommitLineData
5274f052
JA		 1/*
2 * "splice": joining two ropes together by interweaving their strands.
3 *
4 * This is the "extended pipe" functionality, where a pipe is used as
5 * an arbitrary in-memory buffer. Think of a pipe as a small kernel
6 * buffer that you can use to transfer data from one end to the other.
7 *
8 * The traditional unix read/write is extended with a "splice()" operation
9 * that transfers data buffers to or from a pipe buffer.
10 *
11 * Named by Larry McVoy, original implementation from Linus, extended by
c2058e06
JA		 12 * Jens to support splicing to files, network, direct splicing, etc and
13 * fixing lots of bugs.
5274f052 14 *
c2058e06
JA		 15 * Copyright (C) 2005-2006 Jens Axboe <axboe@suse.de>
16 * Copyright (C) 2005-2006 Linus Torvalds <torvalds@osdl.org>
17 * Copyright (C) 2006 Ingo Molnar <mingo@elte.hu>
5274f052
JA		 18 *
19 */
20#include <linux/fs.h>
21#include <linux/file.h>
22#include <linux/pagemap.h>
23#include <linux/pipe_fs_i.h>
24#include <linux/mm_inline.h>
5abc97aa 25#include <linux/swap.h>
4f6f0bd2
JA		 26#include <linux/writeback.h>
27#include <linux/buffer_head.h>
a0f06780 28#include <linux/module.h>
4f6f0bd2 29#include <linux/syscalls.h>
5274f052
JA		 30
31/*
32 * Passed to the actors
33 */
34struct splice_desc {
35 unsigned int len, total_len; /* current and remaining length */
36 unsigned int flags; /* splice flags */
37 struct file *file; /* file to read/write */
38 loff_t pos; /* file position */
39};
40
83f9135b
JA		 41/*
42 * Attempt to steal a page from a pipe buffer. This should perhaps go into
43 * a vm helper function, it's already simplified quite a bit by the
44 * addition of remove_mapping(). If success is returned, the caller may
45 * attempt to reuse this page for another destination.
46 */
5abc97aa
JA		 47static int page_cache_pipe_buf_steal(struct pipe_inode_info *info,
48 struct pipe_buffer *buf)
49{
50 struct page *page = buf->page;
4f6f0bd2 51 struct address_space *mapping = page_mapping(page);
5abc97aa
JA		 52
53 WARN_ON(!PageLocked(page));
54 WARN_ON(!PageUptodate(page));
55
ad8d6f0a
JA		 56 /*
57 * At least for ext2 with nobh option, we need to wait on writeback
58 * completing on this page, since we'll remove it from the pagecache.
59 * Otherwise truncate wont wait on the page, allowing the disk
60 * blocks to be reused by someone else before we actually wrote our
61 * data to them. fs corruption ensues.
62 */
63 wait_on_page_writeback(page);
64
4f6f0bd2
JA		 65 if (PagePrivate(page))
66 try_to_release_page(page, mapping_gfp_mask(mapping));
67
68 if (!remove_mapping(mapping, page))
5abc97aa
JA		 69 return 1;
70
3e7ee3e7 71 buf->flags |= PIPE_BUF_FLAG_STOLEN | PIPE_BUF_FLAG_LRU;
5abc97aa
JA		 72 return 0;
73}
74
5274f052
JA		 75static void page_cache_pipe_buf_release(struct pipe_inode_info *info,
76 struct pipe_buffer *buf)
77{
78 page_cache_release(buf->page);
79 buf->page = NULL;
3e7ee3e7 80 buf->flags &= ~(PIPE_BUF_FLAG_STOLEN | PIPE_BUF_FLAG_LRU);
5274f052
JA		 81}
82
83static void *page_cache_pipe_buf_map(struct file *file,
84 struct pipe_inode_info *info,
85 struct pipe_buffer *buf)
86{
87 struct page *page = buf->page;
49d0b21b 88 int err;
5274f052
JA		 89
90 if (!PageUptodate(page)) {
49d0b21b
JA		 91 lock_page(page);
92
93 /*
94 * Page got truncated/unhashed. This will cause a 0-byte
73d62d83 95 * splice, if this is the first page.
49d0b21b
JA		 96 */
97 if (!page->mapping) {
98 err = -ENODATA;
99 goto error;
100 }
5274f052 101
49d0b21b 102 /*
73d62d83 103 * Uh oh, read-error from disk.
49d0b21b
JA		 104 */
105 if (!PageUptodate(page)) {
106 err = -EIO;
107 goto error;
108 }
109
110 /*
73d62d83 111 * Page is ok afterall, fall through to mapping.
49d0b21b 112 */
5274f052 113 unlock_page(page);
5274f052
JA		 114 }
115
49d0b21b
JA		 116 return kmap(page);
117error:
118 unlock_page(page);
119 return ERR_PTR(err);
5274f052
JA		 120}
121
122static void page_cache_pipe_buf_unmap(struct pipe_inode_info *info,
123 struct pipe_buffer *buf)
124{
5274f052
JA		 125 kunmap(buf->page);
126}
127
70524490
JA		 128static void page_cache_pipe_buf_get(struct pipe_inode_info *info,
129 struct pipe_buffer *buf)
130{
131 page_cache_get(buf->page);
132}
133
5274f052
JA		 134static struct pipe_buf_operations page_cache_pipe_buf_ops = {
135 .can_merge = 0,
136 .map = page_cache_pipe_buf_map,
137 .unmap = page_cache_pipe_buf_unmap,
138 .release = page_cache_pipe_buf_release,
5abc97aa 139 .steal = page_cache_pipe_buf_steal,
70524490 140 .get = page_cache_pipe_buf_get,
5274f052
JA		 141};
142
83f9135b
JA		 143/*
144 * Pipe output worker. This sets up our pipe format with the page cache
145 * pipe buffer operations. Otherwise very similar to the regular pipe_writev().
146 */
3a326a2c 147static ssize_t move_to_pipe(struct pipe_inode_info *pipe, struct page **pages,
91ad66ef
JA		 148 int nr_pages, unsigned long len,
149 unsigned int offset, unsigned int flags)
5274f052 150{
5274f052
JA		 151 int ret, do_wakeup, i;
152
153 ret = 0;
154 do_wakeup = 0;
155 i = 0;
156
3a326a2c
IM		 157 if (pipe->inode)
158 mutex_lock(&pipe->inode->i_mutex);
5274f052 159
5274f052 160 for (;;) {
3a326a2c 161 if (!pipe->readers) {
5274f052
JA		 162 send_sig(SIGPIPE, current, 0);
163 if (!ret)
164 ret = -EPIPE;
165 break;
166 }
167
6f767b04
JA		 168 if (pipe->nrbufs < PIPE_BUFFERS) {
169 int newbuf = (pipe->curbuf + pipe->nrbufs) & (PIPE_BUFFERS - 1);
3a326a2c 170 struct pipe_buffer *buf = pipe->bufs + newbuf;
5274f052
JA		 171 struct page *page = pages[i++];
172 unsigned long this_len;
173
174 this_len = PAGE_CACHE_SIZE - offset;
175 if (this_len > len)
176 this_len = len;
177
178 buf->page = page;
179 buf->offset = offset;
180 buf->len = this_len;
181 buf->ops = &page_cache_pipe_buf_ops;
6f767b04
JA		 182 pipe->nrbufs++;
183 if (pipe->inode)
184 do_wakeup = 1;
5274f052
JA		 185
186 ret += this_len;
187 len -= this_len;
188 offset = 0;
189 if (!--nr_pages)
190 break;
191 if (!len)
192 break;
6f767b04 193 if (pipe->nrbufs < PIPE_BUFFERS)
5274f052
JA		 194 continue;
195
196 break;
197 }
198
29e35094
LT		 199 if (flags & SPLICE_F_NONBLOCK) {
200 if (!ret)
201 ret = -EAGAIN;
202 break;
203 }
204
5274f052
JA		 205 if (signal_pending(current)) {
206 if (!ret)
207 ret = -ERESTARTSYS;
208 break;
209 }
210
211 if (do_wakeup) {
c0bd1f65 212 smp_mb();
3a326a2c
IM		 213 if (waitqueue_active(&pipe->wait))
214 wake_up_interruptible_sync(&pipe->wait);
215 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
5274f052
JA		 216 do_wakeup = 0;
217 }
218
3a326a2c
IM		 219 pipe->waiting_writers++;
220 pipe_wait(pipe);
221 pipe->waiting_writers--;
5274f052
JA		 222 }
223
3a326a2c
IM		 224 if (pipe->inode)
225 mutex_unlock(&pipe->inode->i_mutex);
5274f052
JA		 226
227 if (do_wakeup) {
c0bd1f65 228 smp_mb();
3a326a2c
IM		 229 if (waitqueue_active(&pipe->wait))
230 wake_up_interruptible(&pipe->wait);
231 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
5274f052
JA		 232 }
233
234 while (i < nr_pages)
235 page_cache_release(pages[i++]);
236
237 return ret;
238}
239
3a326a2c 240static int
cbb7e577
JA		 241__generic_file_splice_read(struct file *in, loff_t *ppos,
242 struct pipe_inode_info *pipe, size_t len,
243 unsigned int flags)
5274f052
JA		 244{
245 struct address_space *mapping = in->f_mapping;
91ad66ef 246 unsigned int loff, offset, nr_pages;
16c523dd 247 struct page *pages[PIPE_BUFFERS];
5274f052 248 struct page *page;
91ad66ef
JA		 249 pgoff_t index, end_index;
250 loff_t isize;
251 size_t bytes;
7480a904 252 int i, error;
5274f052 253
cbb7e577 254 index = *ppos >> PAGE_CACHE_SHIFT;
91ad66ef 255 loff = offset = *ppos & ~PAGE_CACHE_MASK;
5274f052
JA		 256 nr_pages = (len + offset + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
257
258 if (nr_pages > PIPE_BUFFERS)
259 nr_pages = PIPE_BUFFERS;
260
261 /*
73d62d83 262 * Initiate read-ahead on this page range. however, don't call into
0b749ce3
JA		 263 * read-ahead if this is a non-zero offset (we are likely doing small
264 * chunk splice and the page is already there) for a single page.
5274f052 265 */
0b749ce3
JA		 266 if (!offset || nr_pages > 1)
267 do_page_cache_readahead(mapping, in, index, nr_pages);
5274f052 268
5274f052 269 /*
73d62d83 270 * Now fill in the holes:
5274f052 271 */
7480a904 272 error = 0;
91ad66ef 273 bytes = 0;
16c523dd 274 for (i = 0; i < nr_pages; i++, index++) {
7480a904 275find_page:
5274f052 276 /*
7480a904 277 * lookup the page for this index
5274f052 278 */
7480a904
JA		 279 page = find_get_page(mapping, index);
280 if (!page) {
281 /*
282 * If in nonblock mode then dont block on
283 * readpage (we've kicked readahead so there
284 * will be asynchronous progress):
285 */
286 if (flags & SPLICE_F_NONBLOCK)
287 break;
288
289 /*
290 * page didn't exist, allocate one
291 */
292 page = page_cache_alloc_cold(mapping);
293 if (!page)
294 break;
295
296 error = add_to_page_cache_lru(page, mapping, index,
297 mapping_gfp_mask(mapping));
298 if (unlikely(error)) {
299 page_cache_release(page);
300 break;
301 }
302
303 goto readpage;
304 }
305
306 /*
307 * If the page isn't uptodate, we may need to start io on it
308 */
309 if (!PageUptodate(page)) {
310 lock_page(page);
311
312 /*
313 * page was truncated, stop here. if this isn't the
314 * first page, we'll just complete what we already
315 * added
316 */
317 if (!page->mapping) {
318 unlock_page(page);
319 page_cache_release(page);
320 break;
321 }
322 /*
323 * page was already under io and is now done, great
324 */
325 if (PageUptodate(page)) {
326 unlock_page(page);
327 goto fill_it;
328 }
5274f052 329
7480a904
JA		 330readpage:
331 /*
332 * need to read in the page
333 */
334 error = mapping->a_ops->readpage(in, page);
5274f052
JA		 335
336 if (unlikely(error)) {
337 page_cache_release(page);
7480a904
JA		 338 if (error == AOP_TRUNCATED_PAGE)
339 goto find_page;
5274f052
JA		 340 break;
341 }
91ad66ef
JA		 342
343 /*
344 * i_size must be checked after ->readpage().
345 */
346 isize = i_size_read(mapping->host);
347 end_index = (isize - 1) >> PAGE_CACHE_SHIFT;
348 if (unlikely(!isize || index > end_index)) {
349 page_cache_release(page);
350 break;
351 }
352
353 /*
354 * if this is the last page, see if we need to shrink
355 * the length and stop
356 */
357 if (end_index == index) {
358 loff = PAGE_CACHE_SIZE - (isize & ~PAGE_CACHE_MASK);
359 if (bytes + loff > isize) {
360 page_cache_release(page);
361 break;
362 }
363 /*
364 * force quit after adding this page
365 */
366 nr_pages = i;
367 }
5274f052 368 }
7480a904 369fill_it:
16c523dd 370 pages[i] = page;
91ad66ef
JA		 371 bytes += PAGE_CACHE_SIZE - loff;
372 loff = 0;
5274f052
JA		 373 }
374
16c523dd 375 if (i)
91ad66ef 376 return move_to_pipe(pipe, pages, i, bytes, offset, flags);
5274f052 377
7480a904 378 return error;
5274f052
JA		 379}
380
83f9135b
JA		 381/**
382 * generic_file_splice_read - splice data from file to a pipe
383 * @in: file to splice from
384 * @pipe: pipe to splice to
385 * @len: number of bytes to splice
386 * @flags: splice modifier flags
387 *
388 * Will read pages from given file and fill them into a pipe.
83f9135b 389 */
cbb7e577
JA		 390ssize_t generic_file_splice_read(struct file *in, loff_t *ppos,
391 struct pipe_inode_info *pipe, size_t len,
392 unsigned int flags)
5274f052
JA		 393{
394 ssize_t spliced;
395 int ret;
396
397 ret = 0;
398 spliced = 0;
3a326a2c 399
5274f052 400 while (len) {
cbb7e577 401 ret = __generic_file_splice_read(in, ppos, pipe, len, flags);
5274f052
JA		 402
403 if (ret <= 0)
404 break;
405
cbb7e577 406 *ppos += ret;
5274f052
JA		 407 len -= ret;
408 spliced += ret;
29e35094
LT		 409
410 if (!(flags & SPLICE_F_NONBLOCK))
411 continue;
412 ret = -EAGAIN;
413 break;
5274f052
JA		 414 }
415
416 if (spliced)
417 return spliced;
418
419 return ret;
420}
421
059a8f37
JA		 422EXPORT_SYMBOL(generic_file_splice_read);
423
5274f052 424/*
4f6f0bd2
JA		 425 * Send 'sd->len' bytes to socket from 'sd->file' at position 'sd->pos'
426 * using sendpage().
5274f052
JA		 427 */
428static int pipe_to_sendpage(struct pipe_inode_info *info,
429 struct pipe_buffer *buf, struct splice_desc *sd)
430{
431 struct file *file = sd->file;
432 loff_t pos = sd->pos;
433 unsigned int offset;
434 ssize_t ret;
435 void *ptr;
b2b39fa4 436 int more;
5274f052
JA		 437
438 /*
73d62d83 439 * Sub-optimal, but we are limited by the pipe ->map. We don't
5274f052
JA		 440 * need a kmap'ed buffer here, we just want to make sure we
441 * have the page pinned if the pipe page originates from the
73d62d83 442 * page cache.
5274f052
JA		 443 */
444 ptr = buf->ops->map(file, info, buf);
445 if (IS_ERR(ptr))
446 return PTR_ERR(ptr);
447
448 offset = pos & ~PAGE_CACHE_MASK;
b2b39fa4 449 more = (sd->flags & SPLICE_F_MORE) || sd->len < sd->total_len;
5274f052 450
b2b39fa4 451 ret = file->f_op->sendpage(file, buf->page, offset, sd->len, &pos,more);
5274f052
JA		 452
453 buf->ops->unmap(info, buf);
454 if (ret == sd->len)
455 return 0;
456
457 return -EIO;
458}
459
460/*
461 * This is a little more tricky than the file -> pipe splicing. There are
462 * basically three cases:
463 *
464 * - Destination page already exists in the address space and there
465 * are users of it. For that case we have no other option that
466 * copying the data. Tough luck.
467 * - Destination page already exists in the address space, but there
468 * are no users of it. Make sure it's uptodate, then drop it. Fall
469 * through to last case.
470 * - Destination page does not exist, we can add the pipe page to
471 * the page cache and avoid the copy.
472 *
83f9135b
JA		 473 * If asked to move pages to the output file (SPLICE_F_MOVE is set in
474 * sd->flags), we attempt to migrate pages from the pipe to the output
475 * file address space page cache. This is possible if no one else has
476 * the pipe page referenced outside of the pipe and page cache. If
477 * SPLICE_F_MOVE isn't set, or we cannot move the page, we simply create
478 * a new page in the output file page cache and fill/dirty that.
5274f052
JA		 479 */
480static int pipe_to_file(struct pipe_inode_info *info, struct pipe_buffer *buf,
481 struct splice_desc *sd)
482{
483 struct file *file = sd->file;
484 struct address_space *mapping = file->f_mapping;
3e7ee3e7 485 gfp_t gfp_mask = mapping_gfp_mask(mapping);
5274f052
JA		 486 unsigned int offset;
487 struct page *page;
5274f052 488 pgoff_t index;
5abc97aa 489 char *src;
3e7ee3e7 490 int ret;
5274f052
JA		 491
492 /*
49d0b21b 493 * make sure the data in this buffer is uptodate
5274f052
JA		 494 */
495 src = buf->ops->map(file, info, buf);
496 if (IS_ERR(src))
497 return PTR_ERR(src);
498
499 index = sd->pos >> PAGE_CACHE_SHIFT;
500 offset = sd->pos & ~PAGE_CACHE_MASK;
501
5274f052 502 /*
73d62d83 503 * Reuse buf page, if SPLICE_F_MOVE is set.
5274f052 504 */
5abc97aa 505 if (sd->flags & SPLICE_F_MOVE) {
83f9135b
JA		 506 /*
507 * If steal succeeds, buf->page is now pruned from the vm
508 * side (LRU and page cache) and we can reuse it.
509 */
5abc97aa
JA		 510 if (buf->ops->steal(info, buf))
511 goto find_page;
512
49d0b21b
JA		 513 /*
514 * this will also set the page locked
515 */
5abc97aa 516 page = buf->page;
3e7ee3e7 517 if (add_to_page_cache(page, mapping, index, gfp_mask))
5abc97aa 518 goto find_page;
3e7ee3e7
JA		 519
520 if (!(buf->flags & PIPE_BUF_FLAG_LRU))
521 lru_cache_add(page);
5abc97aa
JA		 522 } else {
523find_page:
524 ret = -ENOMEM;
3e7ee3e7 525 page = find_or_create_page(mapping, index, gfp_mask);
5abc97aa 526 if (!page)
9aefe431 527 goto out_nomem;
5abc97aa
JA		 528
529 /*
530 * If the page is uptodate, it is also locked. If it isn't
531 * uptodate, we can mark it uptodate if we are filling the
532 * full page. Otherwise we need to read it in first...
533 */
534 if (!PageUptodate(page)) {
535 if (sd->len < PAGE_CACHE_SIZE) {
536 ret = mapping->a_ops->readpage(file, page);
537 if (unlikely(ret))
538 goto out;
539
540 lock_page(page);
541
542 if (!PageUptodate(page)) {
543 /*
73d62d83 544 * Page got invalidated, repeat.
5abc97aa
JA		 545 */
546 if (!page->mapping) {
547 unlock_page(page);
548 page_cache_release(page);
549 goto find_page;
550 }
551 ret = -EIO;
552 goto out;
5274f052 553 }
5abc97aa
JA		 554 } else {
555 WARN_ON(!PageLocked(page));
556 SetPageUptodate(page);
5274f052 557 }
5274f052
JA		 558 }
559 }
560
561 ret = mapping->a_ops->prepare_write(file, page, 0, sd->len);
4f6f0bd2
JA		 562 if (ret == AOP_TRUNCATED_PAGE) {
563 page_cache_release(page);
564 goto find_page;
565 } else if (ret)
5274f052
JA		 566 goto out;
567
3e7ee3e7 568 if (!(buf->flags & PIPE_BUF_FLAG_STOLEN)) {
5abc97aa
JA		 569 char *dst = kmap_atomic(page, KM_USER0);
570
571 memcpy(dst + offset, src + buf->offset, sd->len);
572 flush_dcache_page(page);
573 kunmap_atomic(dst, KM_USER0);
574 }
5274f052
JA		 575
576 ret = mapping->a_ops->commit_write(file, page, 0, sd->len);
4f6f0bd2
JA		 577 if (ret == AOP_TRUNCATED_PAGE) {
578 page_cache_release(page);
579 goto find_page;
580 } else if (ret)
5274f052
JA		 581 goto out;
582
c7f21e4f 583 mark_page_accessed(page);
4f6f0bd2 584 balance_dirty_pages_ratelimited(mapping);
5274f052 585out:
3e7ee3e7 586 if (!(buf->flags & PIPE_BUF_FLAG_STOLEN)) {
5abc97aa 587 page_cache_release(page);
4f6f0bd2
JA		 588 unlock_page(page);
589 }
9aefe431 590out_nomem:
5274f052
JA		 591 buf->ops->unmap(info, buf);
592 return ret;
593}
594
595typedef int (splice_actor)(struct pipe_inode_info *, struct pipe_buffer *,
596 struct splice_desc *);
597
83f9135b
JA		 598/*
599 * Pipe input worker. Most of this logic works like a regular pipe, the
600 * key here is the 'actor' worker passed in that actually moves the data
601 * to the wanted destination. See pipe_to_file/pipe_to_sendpage above.
602 */
3a326a2c 603static ssize_t move_from_pipe(struct pipe_inode_info *pipe, struct file *out,
cbb7e577 604 loff_t *ppos, size_t len, unsigned int flags,
5274f052
JA		 605 splice_actor *actor)
606{
5274f052
JA		 607 int ret, do_wakeup, err;
608 struct splice_desc sd;
609
610 ret = 0;
611 do_wakeup = 0;
612
613 sd.total_len = len;
614 sd.flags = flags;
615 sd.file = out;
cbb7e577 616 sd.pos = *ppos;
5274f052 617
3a326a2c
IM		 618 if (pipe->inode)
619 mutex_lock(&pipe->inode->i_mutex);
5274f052 620
5274f052 621 for (;;) {
6f767b04
JA		 622 if (pipe->nrbufs) {
623 struct pipe_buffer *buf = pipe->bufs + pipe->curbuf;
5274f052
JA		 624 struct pipe_buf_operations *ops = buf->ops;
625
626 sd.len = buf->len;
627 if (sd.len > sd.total_len)
628 sd.len = sd.total_len;
629
3a326a2c 630 err = actor(pipe, buf, &sd);
5274f052
JA		 631 if (err) {
632 if (!ret && err != -ENODATA)
633 ret = err;
634
635 break;
636 }
637
638 ret += sd.len;
639 buf->offset += sd.len;
640 buf->len -= sd.len;
73d62d83 641
5274f052
JA		 642 if (!buf->len) {
643 buf->ops = NULL;
3a326a2c 644 ops->release(pipe, buf);
6f767b04
JA		 645 pipe->curbuf = (pipe->curbuf + 1) & (PIPE_BUFFERS - 1);
646 pipe->nrbufs--;
647 if (pipe->inode)
648 do_wakeup = 1;
5274f052
JA		 649 }
650
651 sd.pos += sd.len;
652 sd.total_len -= sd.len;
653 if (!sd.total_len)
654 break;
655 }
656
6f767b04 657 if (pipe->nrbufs)
5274f052 658 continue;
3a326a2c 659 if (!pipe->writers)
5274f052 660 break;
3a326a2c 661 if (!pipe->waiting_writers) {
5274f052
JA		 662 if (ret)
663 break;
664 }
665
29e35094
LT		 666 if (flags & SPLICE_F_NONBLOCK) {
667 if (!ret)
668 ret = -EAGAIN;
669 break;
670 }
671
5274f052
JA		 672 if (signal_pending(current)) {
673 if (!ret)
674 ret = -ERESTARTSYS;
675 break;
676 }
677
678 if (do_wakeup) {
c0bd1f65 679 smp_mb();
3a326a2c
IM		 680 if (waitqueue_active(&pipe->wait))
681 wake_up_interruptible_sync(&pipe->wait);
682 kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
5274f052
JA		 683 do_wakeup = 0;
684 }
685
3a326a2c 686 pipe_wait(pipe);
5274f052
JA		 687 }
688
3a326a2c
IM		 689 if (pipe->inode)
690 mutex_unlock(&pipe->inode->i_mutex);
5274f052
JA		 691
692 if (do_wakeup) {
c0bd1f65 693 smp_mb();
3a326a2c
IM		 694 if (waitqueue_active(&pipe->wait))
695 wake_up_interruptible(&pipe->wait);
696 kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
5274f052
JA		 697 }
698
5274f052 699 return ret;
5274f052
JA		 700}
701
83f9135b
JA		 702/**
703 * generic_file_splice_write - splice data from a pipe to a file
3a326a2c 704 * @pipe: pipe info
83f9135b
JA		 705 * @out: file to write to
706 * @len: number of bytes to splice
707 * @flags: splice modifier flags
708 *
709 * Will either move or copy pages (determined by @flags options) from
710 * the given pipe inode to the given file.
711 *
712 */
3a326a2c
IM		 713ssize_t
714generic_file_splice_write(struct pipe_inode_info *pipe, struct file *out,
cbb7e577 715 loff_t *ppos, size_t len, unsigned int flags)
5274f052 716{
4f6f0bd2 717 struct address_space *mapping = out->f_mapping;
3a326a2c
IM		 718 ssize_t ret;
719
cbb7e577 720 ret = move_from_pipe(pipe, out, ppos, len, flags, pipe_to_file);
4f6f0bd2
JA		 721
722 /*
73d62d83 723 * If file or inode is SYNC and we actually wrote some data, sync it.
4f6f0bd2
JA		 724 */
725 if (unlikely((out->f_flags & O_SYNC) || IS_SYNC(mapping->host))
726 && ret > 0) {
727 struct inode *inode = mapping->host;
728 int err;
729
730 mutex_lock(&inode->i_mutex);
731 err = generic_osync_inode(mapping->host, mapping,
49570e9b 732 OSYNC_METADATA|OSYNC_DATA);
4f6f0bd2
JA		 733 mutex_unlock(&inode->i_mutex);
734
735 if (err)
736 ret = err;
737 }
738
739 return ret;
5274f052
JA		 740}
741
059a8f37
JA		 742EXPORT_SYMBOL(generic_file_splice_write);
743
83f9135b
JA		 744/**
745 * generic_splice_sendpage - splice data from a pipe to a socket
746 * @inode: pipe inode
747 * @out: socket to write to
748 * @len: number of bytes to splice
749 * @flags: splice modifier flags
750 *
751 * Will send @len bytes from the pipe to a network socket. No data copying
752 * is involved.
753 *
754 */
3a326a2c 755ssize_t generic_splice_sendpage(struct pipe_inode_info *pipe, struct file *out,
cbb7e577 756 loff_t *ppos, size_t len, unsigned int flags)
5274f052 757{
cbb7e577 758 return move_from_pipe(pipe, out, ppos, len, flags, pipe_to_sendpage);
5274f052
JA		 759}
760
059a8f37 761EXPORT_SYMBOL(generic_splice_sendpage);
a0f06780 762
83f9135b
JA		 763/*
764 * Attempt to initiate a splice from pipe to file.
765 */
3a326a2c 766static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
cbb7e577 767 loff_t *ppos, size_t len, unsigned int flags)
5274f052 768{
5274f052
JA		 769 int ret;
770
49570e9b 771 if (unlikely(!out->f_op || !out->f_op->splice_write))
5274f052
JA		 772 return -EINVAL;
773
49570e9b 774 if (unlikely(!(out->f_mode & FMODE_WRITE)))
5274f052
JA		 775 return -EBADF;
776
cbb7e577 777 ret = rw_verify_area(WRITE, out, ppos, len);
5274f052
JA		 778 if (unlikely(ret < 0))
779 return ret;
780
cbb7e577 781 return out->f_op->splice_write(pipe, out, ppos, len, flags);
5274f052
JA		 782}
783
83f9135b
JA		 784/*
785 * Attempt to initiate a splice from a file to a pipe.
786 */
cbb7e577
JA		 787static long do_splice_to(struct file *in, loff_t *ppos,
788 struct pipe_inode_info *pipe, size_t len,
789 unsigned int flags)
5274f052 790{
cbb7e577 791 loff_t isize, left;
5274f052
JA		 792 int ret;
793
49570e9b 794 if (unlikely(!in->f_op || !in->f_op->splice_read))
5274f052
JA		 795 return -EINVAL;
796
49570e9b 797 if (unlikely(!(in->f_mode & FMODE_READ)))
5274f052
JA		 798 return -EBADF;
799
cbb7e577 800 ret = rw_verify_area(READ, in, ppos, len);
5274f052
JA		 801 if (unlikely(ret < 0))
802 return ret;
803
804 isize = i_size_read(in->f_mapping->host);
cbb7e577 805 if (unlikely(*ppos >= isize))
5274f052
JA		 806 return 0;
807
cbb7e577 808 left = isize - *ppos;
49570e9b 809 if (unlikely(left < len))
5274f052
JA		 810 len = left;
811
cbb7e577 812 return in->f_op->splice_read(in, ppos, pipe, len, flags);
5274f052
JA		 813}
814
cbb7e577
JA		 815long do_splice_direct(struct file *in, loff_t *ppos, struct file *out,
816 size_t len, unsigned int flags)
b92ce558
JA		 817{
818 struct pipe_inode_info *pipe;
819 long ret, bytes;
cbb7e577 820 loff_t out_off;
b92ce558
JA		 821 umode_t i_mode;
822 int i;
823
824 /*
825 * We require the input being a regular file, as we don't want to
826 * randomly drop data for eg socket -> socket splicing. Use the
827 * piped splicing for that!
828 */
829 i_mode = in->f_dentry->d_inode->i_mode;
830 if (unlikely(!S_ISREG(i_mode) && !S_ISBLK(i_mode)))
831 return -EINVAL;
832
833 /*
834 * neither in nor out is a pipe, setup an internal pipe attached to
835 * 'out' and transfer the wanted data from 'in' to 'out' through that
836 */
837 pipe = current->splice_pipe;
49570e9b 838 if (unlikely(!pipe)) {
b92ce558
JA		 839 pipe = alloc_pipe_info(NULL);
840 if (!pipe)
841 return -ENOMEM;
842
843 /*
844 * We don't have an immediate reader, but we'll read the stuff
845 * out of the pipe right after the move_to_pipe(). So set
846 * PIPE_READERS appropriately.
847 */
848 pipe->readers = 1;
849
850 current->splice_pipe = pipe;
851 }
852
853 /*
73d62d83 854 * Do the splice.
b92ce558
JA		 855 */
856 ret = 0;
857 bytes = 0;
cbb7e577 858 out_off = 0;
b92ce558
JA		 859
860 while (len) {
861 size_t read_len, max_read_len;
862
863 /*
864 * Do at most PIPE_BUFFERS pages worth of transfer:
865 */
866 max_read_len = min(len, (size_t)(PIPE_BUFFERS*PAGE_SIZE));
867
cbb7e577 868 ret = do_splice_to(in, ppos, pipe, max_read_len, flags);
b92ce558
JA		 869 if (unlikely(ret < 0))
870 goto out_release;
871
872 read_len = ret;
873
874 /*
875 * NOTE: nonblocking mode only applies to the input. We
876 * must not do the output in nonblocking mode as then we
877 * could get stuck data in the internal pipe:
878 */
cbb7e577 879 ret = do_splice_from(pipe, out, &out_off, read_len,
b92ce558
JA		 880 flags & ~SPLICE_F_NONBLOCK);
881 if (unlikely(ret < 0))
882 goto out_release;
883
884 bytes += ret;
885 len -= ret;
886
887 /*
888 * In nonblocking mode, if we got back a short read then
889 * that was due to either an IO error or due to the
890 * pagecache entry not being there. In the IO error case
891 * the _next_ splice attempt will produce a clean IO error
892 * return value (not a short read), so in both cases it's
893 * correct to break out of the loop here:
894 */
895 if ((flags & SPLICE_F_NONBLOCK) && (read_len < max_read_len))
896 break;
897 }
898
899 pipe->nrbufs = pipe->curbuf = 0;
900
901 return bytes;
902
903out_release:
904 /*
905 * If we did an incomplete transfer we must release
906 * the pipe buffers in question:
907 */
908 for (i = 0; i < PIPE_BUFFERS; i++) {
909 struct pipe_buffer *buf = pipe->bufs + i;
910
911 if (buf->ops) {
912 buf->ops->release(pipe, buf);
913 buf->ops = NULL;
914 }
915 }
916 pipe->nrbufs = pipe->curbuf = 0;
917
918 /*
919 * If we transferred some data, return the number of bytes:
920 */
921 if (bytes > 0)
922 return bytes;
923
924 return ret;
925}
926
927EXPORT_SYMBOL(do_splice_direct);
928
83f9135b
JA		 929/*
930 * Determine where to splice to/from.
931 */
529565dc
IM		 932static long do_splice(struct file *in, loff_t __user *off_in,
933 struct file *out, loff_t __user *off_out,
934 size_t len, unsigned int flags)
5274f052 935{
3a326a2c 936 struct pipe_inode_info *pipe;
cbb7e577 937 loff_t offset, *off;
5274f052 938
3a326a2c 939 pipe = in->f_dentry->d_inode->i_pipe;
529565dc
IM		 940 if (pipe) {
941 if (off_in)
942 return -ESPIPE;
b92ce558
JA		 943 if (off_out) {
944 if (out->f_op->llseek == no_llseek)
945 return -EINVAL;
cbb7e577 946 if (copy_from_user(&offset, off_out, sizeof(loff_t)))
b92ce558 947 return -EFAULT;
cbb7e577
JA		 948 off = &offset;
949 } else
950 off = &out->f_pos;
529565dc 951
cbb7e577 952 return do_splice_from(pipe, out, off, len, flags);
529565dc 953 }
5274f052 954
3a326a2c 955 pipe = out->f_dentry->d_inode->i_pipe;
529565dc
IM		 956 if (pipe) {
957 if (off_out)
958 return -ESPIPE;
b92ce558
JA		 959 if (off_in) {
960 if (in->f_op->llseek == no_llseek)
961 return -EINVAL;
cbb7e577 962 if (copy_from_user(&offset, off_in, sizeof(loff_t)))
b92ce558 963 return -EFAULT;
cbb7e577
JA		 964 off = &offset;
965 } else
966 off = &in->f_pos;
529565dc 967
cbb7e577 968 return do_splice_to(in, off, pipe, len, flags);
529565dc 969 }
5274f052
JA		 970
971 return -EINVAL;
972}
973
529565dc
IM		 974asmlinkage long sys_splice(int fd_in, loff_t __user *off_in,
975 int fd_out, loff_t __user *off_out,
976 size_t len, unsigned int flags)
5274f052
JA		 977{
978 long error;
979 struct file *in, *out;
980 int fput_in, fput_out;
981
982 if (unlikely(!len))
983 return 0;
984
985 error = -EBADF;
529565dc 986 in = fget_light(fd_in, &fput_in);
5274f052
JA		 987 if (in) {
988 if (in->f_mode & FMODE_READ) {
529565dc 989 out = fget_light(fd_out, &fput_out);
5274f052
JA		 990 if (out) {
991 if (out->f_mode & FMODE_WRITE)
529565dc
IM		 992 error = do_splice(in, off_in,
993 out, off_out,
994 len, flags);
5274f052
JA		 995 fput_light(out, fput_out);
996 }
997 }
998
999 fput_light(in, fput_in);
1000 }
1001
1002 return error;
1003}
70524490
JA		 1004
1005/*
1006 * Link contents of ipipe to opipe.
1007 */
1008static int link_pipe(struct pipe_inode_info *ipipe,
1009 struct pipe_inode_info *opipe,
1010 size_t len, unsigned int flags)
1011{
1012 struct pipe_buffer *ibuf, *obuf;
1013 int ret = 0, do_wakeup = 0, i;
1014
1015 /*
1016 * Potential ABBA deadlock, work around it by ordering lock
1017 * grabbing by inode address. Otherwise two different processes
1018 * could deadlock (one doing tee from A -> B, the other from B -> A).
1019 */
1020 if (ipipe->inode < opipe->inode) {
1021 mutex_lock(&ipipe->inode->i_mutex);
1022 mutex_lock(&opipe->inode->i_mutex);
1023 } else {
1024 mutex_lock(&opipe->inode->i_mutex);
1025 mutex_lock(&ipipe->inode->i_mutex);
1026 }
1027
1028 for (i = 0;; i++) {
1029 if (!opipe->readers) {
1030 send_sig(SIGPIPE, current, 0);
1031 if (!ret)
1032 ret = -EPIPE;
1033 break;
1034 }
1035 if (ipipe->nrbufs - i) {
1036 ibuf = ipipe->bufs + ((ipipe->curbuf + i) & (PIPE_BUFFERS - 1));
1037
1038 /*
1039 * If we have room, fill this buffer
1040 */
1041 if (opipe->nrbufs < PIPE_BUFFERS) {
1042 int nbuf = (opipe->curbuf + opipe->nrbufs) & (PIPE_BUFFERS - 1);
1043
1044 /*
1045 * Get a reference to this pipe buffer,
1046 * so we can copy the contents over.
1047 */
1048 ibuf->ops->get(ipipe, ibuf);
1049
1050 obuf = opipe->bufs + nbuf;
1051 *obuf = *ibuf;
1052
1053 if (obuf->len > len)
1054 obuf->len = len;
1055
1056 opipe->nrbufs++;
1057 do_wakeup = 1;
1058 ret += obuf->len;
1059 len -= obuf->len;
1060
1061 if (!len)
1062 break;
1063 if (opipe->nrbufs < PIPE_BUFFERS)
1064 continue;
1065 }
1066
1067 /*
1068 * We have input available, but no output room.
1069 * If we already copied data, return that.
1070 */
1071 if (flags & SPLICE_F_NONBLOCK) {
1072 if (!ret)
1073 ret = -EAGAIN;
1074 break;
1075 }
1076 if (signal_pending(current)) {
1077 if (!ret)
1078 ret = -ERESTARTSYS;
1079 break;
1080 }
1081 if (do_wakeup) {
1082 smp_mb();
1083 if (waitqueue_active(&opipe->wait))
1084 wake_up_interruptible(&opipe->wait);
1085 kill_fasync(&opipe->fasync_readers, SIGIO, POLL_IN);
1086 do_wakeup = 0;
1087 }
1088
1089 opipe->waiting_writers++;
1090 pipe_wait(opipe);
1091 opipe->waiting_writers--;
1092 continue;
1093 }
1094
1095 /*
1096 * No input buffers, do the usual checks for available
1097 * writers and blocking and wait if necessary
1098 */
1099 if (!ipipe->writers)
1100 break;
1101 if (!ipipe->waiting_writers) {
1102 if (ret)
1103 break;
1104 }
1105 if (flags & SPLICE_F_NONBLOCK) {
1106 if (!ret)
1107 ret = -EAGAIN;
1108 break;
1109 }
1110 if (signal_pending(current)) {
1111 if (!ret)
1112 ret = -ERESTARTSYS;
1113 break;
1114 }
1115
1116 if (waitqueue_active(&ipipe->wait))
1117 wake_up_interruptible_sync(&ipipe->wait);
1118 kill_fasync(&ipipe->fasync_writers, SIGIO, POLL_OUT);
1119
1120 pipe_wait(ipipe);
1121 }
1122
1123 mutex_unlock(&ipipe->inode->i_mutex);
1124 mutex_unlock(&opipe->inode->i_mutex);
1125
1126 if (do_wakeup) {
1127 smp_mb();
1128 if (waitqueue_active(&opipe->wait))
1129 wake_up_interruptible(&opipe->wait);
1130 kill_fasync(&opipe->fasync_readers, SIGIO, POLL_IN);
1131 }
1132
1133 return ret;
1134}
1135
1136/*
1137 * This is a tee(1) implementation that works on pipes. It doesn't copy
1138 * any data, it simply references the 'in' pages on the 'out' pipe.
1139 * The 'flags' used are the SPLICE_F_* variants, currently the only
1140 * applicable one is SPLICE_F_NONBLOCK.
1141 */
1142static long do_tee(struct file *in, struct file *out, size_t len,
1143 unsigned int flags)
1144{
1145 struct pipe_inode_info *ipipe = in->f_dentry->d_inode->i_pipe;
1146 struct pipe_inode_info *opipe = out->f_dentry->d_inode->i_pipe;
1147
1148 /*
1149 * Link ipipe to the two output pipes, consuming as we go along.
1150 */
1151 if (ipipe && opipe)
1152 return link_pipe(ipipe, opipe, len, flags);
1153
1154 return -EINVAL;
1155}
1156
1157asmlinkage long sys_tee(int fdin, int fdout, size_t len, unsigned int flags)
1158{
1159 struct file *in;
1160 int error, fput_in;
1161
1162 if (unlikely(!len))
1163 return 0;
1164
1165 error = -EBADF;
1166 in = fget_light(fdin, &fput_in);
1167 if (in) {
1168 if (in->f_mode & FMODE_READ) {
1169 int fput_out;
1170 struct file *out = fget_light(fdout, &fput_out);
1171
1172 if (out) {
1173 if (out->f_mode & FMODE_WRITE)
1174 error = do_tee(in, out, len, flags);
1175 fput_light(out, fput_out);
1176 }
1177 }
1178 fput_light(in, fput_in);
1179 }
1180
1181 return error;
1182}
Linux 6.x block layer and io_uring tree(s)