Context Navigation

source: src/linux/ar531x/linux-2.6.24/fs/splice.c @ 8972

Last change on this file since 8972 was 8972, checked in by BrainSlayer, 5 years ago
kernel update
File size: 39.7 KB

Line
1	/*
2	* "splice": joining two ropes together by interweaving their strands.
3	*
4	* This is the "extended pipe" functionality, where a pipe is used as
5	* an arbitrary in-memory buffer. Think of a pipe as a small kernel
6	* buffer that you can use to transfer data from one end to the other.
7	*
8	* The traditional unix read/write is extended with a "splice()" operation
9	* that transfers data buffers to or from a pipe buffer.
10	*
11	* Named by Larry McVoy, original implementation from Linus, extended by
12	* Jens to support splicing to files, network, direct splicing, etc and
13	* fixing lots of bugs.
14	*
15	* Copyright (C) 2005-2006 Jens Axboe <axboe@kernel.dk>
16	* Copyright (C) 2005-2006 Linus Torvalds <torvalds@osdl.org>
17	* Copyright (C) 2006 Ingo Molnar <mingo@elte.hu>
18	*
19	*/
20	#include <linux/fs.h>
21	#include <linux/file.h>
22	#include <linux/pagemap.h>
23	#include <linux/splice.h>
24	#include <linux/mm_inline.h>
25	#include <linux/swap.h>
26	#include <linux/writeback.h>
27	#include <linux/buffer_head.h>
28	#include <linux/module.h>
29	#include <linux/syscalls.h>
30	#include <linux/uio.h>
31	#include <linux/security.h>
32
33	/*
34	* Attempt to steal a page from a pipe buffer. This should perhaps go into
35	* a vm helper function, it's already simplified quite a bit by the
36	* addition of remove_mapping(). If success is returned, the caller may
37	* attempt to reuse this page for another destination.
38	*/
39	static int page_cache_pipe_buf_steal(struct pipe_inode_info *pipe,
40	struct pipe_buffer *buf)
41	{
42	struct page *page = buf->page;
43	struct address_space *mapping;
44
45	lock_page(page);
46
47	mapping = page_mapping(page);
48	if (mapping) {
49	WARN_ON(!PageUptodate(page));
50
51	/*
52	* At least for ext2 with nobh option, we need to wait on
53	* writeback completing on this page, since we'll remove it
54	* from the pagecache. Otherwise truncate wont wait on the
55	* page, allowing the disk blocks to be reused by someone else
56	* before we actually wrote our data to them. fs corruption
57	* ensues.
58	*/
59	wait_on_page_writeback(page);
60
61	if (PagePrivate(page))
62	try_to_release_page(page, GFP_KERNEL);
63
64	/*
65	* If we succeeded in removing the mapping, set LRU flag
66	* and return good.
67	*/
68	if (remove_mapping(mapping, page)) {
69	buf->flags \|= PIPE_BUF_FLAG_LRU;
70	return 0;
71	}
72	}
73
74	/*
75	* Raced with truncate or failed to remove page from current
76	* address space, unlock and return failure.
77	*/
78	unlock_page(page);
79	return 1;
80	}
81
82	static void page_cache_pipe_buf_release(struct pipe_inode_info *pipe,
83	struct pipe_buffer *buf)
84	{
85	page_cache_release(buf->page);
86	buf->flags &= ~PIPE_BUF_FLAG_LRU;
87	}
88
89	/*
90	* Check whether the contents of buf is OK to access. Since the content
91	* is a page cache page, IO may be in flight.
92	*/
93	static int page_cache_pipe_buf_confirm(struct pipe_inode_info *pipe,
94	struct pipe_buffer *buf)
95	{
96	struct page *page = buf->page;
97	int err;
98
99	if (!PageUptodate(page)) {
100	lock_page(page);
101
102	/*
103	* Page got truncated/unhashed. This will cause a 0-byte
104	* splice, if this is the first page.
105	*/
106	if (!page->mapping) {
107	err = -ENODATA;
108	goto error;
109	}
110
111	/*
112	* Uh oh, read-error from disk.
113	*/
114	if (!PageUptodate(page)) {
115	err = -EIO;
116	goto error;
117	}
118
119	/*
120	* Page is ok afterall, we are done.
121	*/
122	unlock_page(page);
123	}
124
125	return 0;
126	error:
127	unlock_page(page);
128	return err;
129	}
130
131	static const struct pipe_buf_operations page_cache_pipe_buf_ops = {
132	.can_merge = 0,
133	.map = generic_pipe_buf_map,
134	.unmap = generic_pipe_buf_unmap,
135	.confirm = page_cache_pipe_buf_confirm,
136	.release = page_cache_pipe_buf_release,
137	.steal = page_cache_pipe_buf_steal,
138	.get = generic_pipe_buf_get,
139	};
140
141	static int user_page_pipe_buf_steal(struct pipe_inode_info *pipe,
142	struct pipe_buffer *buf)
143	{
144	if (!(buf->flags & PIPE_BUF_FLAG_GIFT))
145	return 1;
146
147	buf->flags \|= PIPE_BUF_FLAG_LRU;
148	return generic_pipe_buf_steal(pipe, buf);
149	}
150
151	static const struct pipe_buf_operations user_page_pipe_buf_ops = {
152	.can_merge = 0,
153	.map = generic_pipe_buf_map,
154	.unmap = generic_pipe_buf_unmap,
155	.confirm = generic_pipe_buf_confirm,
156	.release = page_cache_pipe_buf_release,
157	.steal = user_page_pipe_buf_steal,
158	.get = generic_pipe_buf_get,
159	};
160
161	/**
162	* splice_to_pipe - fill passed data into a pipe
163	* @pipe: pipe to fill
164	* @spd: data to fill
165	*
166	* Description:
167	* @spd contains a map of pages and len/offset tuples, along with
168	* the struct pipe_buf_operations associated with these pages. This
169	* function will link that data to the pipe.
170	*
171	*/
172	ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
173	struct splice_pipe_desc *spd)
174	{
175	unsigned int spd_pages = spd->nr_pages;
176	int ret, do_wakeup, page_nr;
177
178	ret = 0;
179	do_wakeup = 0;
180	page_nr = 0;
181
182	if (pipe->inode)
183	mutex_lock(&pipe->inode->i_mutex);
184
185	for (;;) {
186	if (!pipe->readers) {
187	send_sig(SIGPIPE, current, 0);
188	if (!ret)
189	ret = -EPIPE;
190	break;
191	}
192
193	if (pipe->nrbufs < PIPE_BUFFERS) {
194	int newbuf = (pipe->curbuf + pipe->nrbufs) & (PIPE_BUFFERS - 1);
195	struct pipe_buffer *buf = pipe->bufs + newbuf;
196
197	buf->page = spd->pages[page_nr];
198	buf->offset = spd->partial[page_nr].offset;
199	buf->len = spd->partial[page_nr].len;
200	buf->private = spd->partial[page_nr].private;
201	buf->ops = spd->ops;
202	if (spd->flags & SPLICE_F_GIFT)
203	buf->flags \|= PIPE_BUF_FLAG_GIFT;
204
205	pipe->nrbufs++;
206	page_nr++;
207	ret += buf->len;
208
209	if (pipe->inode)
210	do_wakeup = 1;
211
212	if (!--spd->nr_pages)
213	break;
214	if (pipe->nrbufs < PIPE_BUFFERS)
215	continue;
216
217	break;
218	}
219
220	if (spd->flags & SPLICE_F_NONBLOCK) {
221	if (!ret)
222	ret = -EAGAIN;
223	break;
224	}
225
226	if (signal_pending(current)) {
227	if (!ret)
228	ret = -ERESTARTSYS;
229	break;
230	}
231
232	if (do_wakeup) {
233	smp_mb();
234	if (waitqueue_active(&pipe->wait))
235	wake_up_interruptible_sync(&pipe->wait);
236	kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
237	do_wakeup = 0;
238	}
239
240	pipe->waiting_writers++;
241	pipe_wait(pipe);
242	pipe->waiting_writers--;
243	}
244
245	if (pipe->inode) {
246	mutex_unlock(&pipe->inode->i_mutex);
247
248	if (do_wakeup) {
249	smp_mb();
250	if (waitqueue_active(&pipe->wait))
251	wake_up_interruptible(&pipe->wait);
252	kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
253	}
254	}
255
256	while (page_nr < spd_pages)
257	page_cache_release(spd->pages[page_nr++]);
258
259	return ret;
260	}
261
262	static int
263	__generic_file_splice_read(struct file in, loff_t ppos,
264	struct pipe_inode_info *pipe, size_t len,
265	unsigned int flags)
266	{
267	struct address_space *mapping = in->f_mapping;
268	unsigned int loff, nr_pages, req_pages;
269	struct page *pages[PIPE_BUFFERS];
270	struct partial_page partial[PIPE_BUFFERS];
271	struct page *page;
272	pgoff_t index, end_index;
273	loff_t isize;
274	int error, page_nr;
275	struct splice_pipe_desc spd = {
276	.pages = pages,
277	.partial = partial,
278	.flags = flags,
279	.ops = &page_cache_pipe_buf_ops,
280	};
281
282	index = *ppos >> PAGE_CACHE_SHIFT;
283	loff = *ppos & ~PAGE_CACHE_MASK;
284	req_pages = (len + loff + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
285	nr_pages = min(req_pages, (unsigned)PIPE_BUFFERS);
286
287	/*
288	* Lookup the (hopefully) full range of pages we need.
289	*/
290	spd.nr_pages = find_get_pages_contig(mapping, index, nr_pages, pages);
291	index += spd.nr_pages;
292
293	/*
294	* If find_get_pages_contig() returned fewer pages than we needed,
295	* readahead/allocate the rest and fill in the holes.
296	*/
297	if (spd.nr_pages < nr_pages)
298	page_cache_sync_readahead(mapping, &in->f_ra, in,
299	index, req_pages - spd.nr_pages);
300
301	error = 0;
302	while (spd.nr_pages < nr_pages) {
303	/*
304	* Page could be there, find_get_pages_contig() breaks on
305	* the first hole.
306	*/
307	page = find_get_page(mapping, index);
308	if (!page) {
309	/*
310	* page didn't exist, allocate one.
311	*/
312	page = page_cache_alloc_cold(mapping);
313	if (!page)
314	break;
315
316	error = add_to_page_cache_lru(page, mapping, index,
317	GFP_KERNEL);
318	if (unlikely(error)) {
319	page_cache_release(page);
320	if (error == -EEXIST)
321	continue;
322	break;
323	}
324	/*
325	* add_to_page_cache() locks the page, unlock it
326	* to avoid convoluting the logic below even more.
327	*/
328	unlock_page(page);
329	}
330
331	pages[spd.nr_pages++] = page;
332	index++;
333	}
334
335	/*
336	* Now loop over the map and see if we need to start IO on any
337	* pages, fill in the partial map, etc.
338	*/
339	index = *ppos >> PAGE_CACHE_SHIFT;
340	nr_pages = spd.nr_pages;
341	spd.nr_pages = 0;
342	for (page_nr = 0; page_nr < nr_pages; page_nr++) {
343	unsigned int this_len;
344
345	if (!len)
346	break;
347
348	/*
349	* this_len is the max we'll use from this page
350	*/
351	this_len = min_t(unsigned long, len, PAGE_CACHE_SIZE - loff);
352	page = pages[page_nr];
353
354	if (PageReadahead(page))
355	page_cache_async_readahead(mapping, &in->f_ra, in,
356	page, index, req_pages - page_nr);
357
358	/*
359	* If the page isn't uptodate, we may need to start io on it
360	*/
361	if (!PageUptodate(page)) {
362	/*
363	* If in nonblock mode then dont block on waiting
364	* for an in-flight io page
365	*/
366	if (flags & SPLICE_F_NONBLOCK) {
367	if (TestSetPageLocked(page))
368	break;
369	} else
370	lock_page(page);
371
372	/*
373	* page was truncated, stop here. if this isn't the
374	* first page, we'll just complete what we already
375	* added
376	*/
377	if (!page->mapping) {
378	unlock_page(page);
379	break;
380	}
381	/*
382	* page was already under io and is now done, great
383	*/
384	if (PageUptodate(page)) {
385	unlock_page(page);
386	goto fill_it;
387	}
388
389	/*
390	* need to read in the page
391	*/
392	error = mapping->a_ops->readpage(in, page);
393	if (unlikely(error)) {
394	/*
395	* We really should re-lookup the page here,
396	* but it complicates things a lot. Instead
397	* lets just do what we already stored, and
398	* we'll get it the next time we are called.
399	*/
400	if (error == AOP_TRUNCATED_PAGE)
401	error = 0;
402
403	break;
404	}
405	}
406	fill_it:
407	/*
408	* i_size must be checked after PageUptodate.
409	*/
410	isize = i_size_read(mapping->host);
411	end_index = (isize - 1) >> PAGE_CACHE_SHIFT;
412	if (unlikely(!isize \|\| index > end_index))
413	break;
414
415	/*
416	* if this is the last page, see if we need to shrink
417	* the length and stop
418	*/
419	if (end_index == index) {
420	unsigned int plen;
421
422	/*
423	* max good bytes in this page
424	*/
425	plen = ((isize - 1) & ~PAGE_CACHE_MASK) + 1;
426	if (plen <= loff)
427	break;
428
429	/*
430	* force quit after adding this page
431	*/
432	this_len = min(this_len, plen - loff);
433	len = this_len;
434	}
435
436	partial[page_nr].offset = loff;
437	partial[page_nr].len = this_len;
438	len -= this_len;
439	loff = 0;
440	spd.nr_pages++;
441	index++;
442	}
443
444	/*
445	* Release any pages at the end, if we quit early. 'page_nr' is how far
446	* we got, 'nr_pages' is how many pages are in the map.
447	*/
448	while (page_nr < nr_pages)
449	page_cache_release(pages[page_nr++]);
450	in->f_ra.prev_pos = (loff_t)index << PAGE_CACHE_SHIFT;
451
452	if (spd.nr_pages)
453	return splice_to_pipe(pipe, &spd);
454
455	return error;
456	}
457
458	/**
459	* generic_file_splice_read - splice data from file to a pipe
460	* @in: file to splice from
461	* @ppos: position in @in
462	* @pipe: pipe to splice to
463	* @len: number of bytes to splice
464	* @flags: splice modifier flags
465	*
466	* Description:
467	* Will read pages from given file and fill them into a pipe. Can be
468	* used as long as the address_space operations for the source implements
469	* a readpage() hook.
470	*
471	*/
472	ssize_t generic_file_splice_read(struct file in, loff_t ppos,
473	struct pipe_inode_info *pipe, size_t len,
474	unsigned int flags)
475	{
476	ssize_t spliced;
477	int ret;
478	loff_t isize, left;
479
480	isize = i_size_read(in->f_mapping->host);
481	if (unlikely(*ppos >= isize))
482	return 0;
483
484	left = isize - *ppos;
485	if (unlikely(left < len))
486	len = left;
487
488	ret = 0;
489	spliced = 0;
490	while (len && !spliced) {
491	ret = __generic_file_splice_read(in, ppos, pipe, len, flags);
492
493	if (ret < 0)
494	break;
495	else if (!ret) {
496	if (spliced)
497	break;
498	if (flags & SPLICE_F_NONBLOCK) {
499	ret = -EAGAIN;
500	break;
501	}
502	}
503
504	*ppos += ret;
505	len -= ret;
506	spliced += ret;
507	}
508
509	if (spliced)
510	return spliced;
511
512	return ret;
513	}
514
515	EXPORT_SYMBOL(generic_file_splice_read);
516
517	/*
518	* Send 'sd->len' bytes to socket from 'sd->file' at position 'sd->pos'
519	* using sendpage(). Return the number of bytes sent.
520	*/
521	static int pipe_to_sendpage(struct pipe_inode_info *pipe,
522	struct pipe_buffer buf, struct splice_desc sd)
523	{
524	struct file *file = sd->u.file;
525	loff_t pos = sd->pos;
526	int ret, more;
527
528	ret = buf->ops->confirm(pipe, buf);
529	if (!ret) {
530	more = (sd->flags & SPLICE_F_MORE) \|\| sd->len < sd->total_len;
531
532	ret = file->f_op->sendpage(file, buf->page, buf->offset,
533	sd->len, &pos, more);
534	}
535
536	return ret;
537	}
538
539	/*
540	* This is a little more tricky than the file -> pipe splicing. There are
541	* basically three cases:
542	*
543	* - Destination page already exists in the address space and there
544	* are users of it. For that case we have no other option that
545	* copying the data. Tough luck.
546	* - Destination page already exists in the address space, but there
547	* are no users of it. Make sure it's uptodate, then drop it. Fall
548	* through to last case.
549	* - Destination page does not exist, we can add the pipe page to
550	* the page cache and avoid the copy.
551	*
552	* If asked to move pages to the output file (SPLICE_F_MOVE is set in
553	* sd->flags), we attempt to migrate pages from the pipe to the output
554	* file address space page cache. This is possible if no one else has
555	* the pipe page referenced outside of the pipe and page cache. If
556	* SPLICE_F_MOVE isn't set, or we cannot move the page, we simply create
557	* a new page in the output file page cache and fill/dirty that.
558	*/
559	static int pipe_to_file(struct pipe_inode_info pipe, struct pipe_buffer buf,
560	struct splice_desc *sd)
561	{
562	struct file *file = sd->u.file;
563	struct address_space *mapping = file->f_mapping;
564	unsigned int offset, this_len;
565	struct page *page;
566	void *fsdata;
567	int ret;
568
569	/*
570	* make sure the data in this buffer is uptodate
571	*/
572	ret = buf->ops->confirm(pipe, buf);
573	if (unlikely(ret))
574	return ret;
575
576	offset = sd->pos & ~PAGE_CACHE_MASK;
577
578	this_len = sd->len;
579	if (this_len + offset > PAGE_CACHE_SIZE)
580	this_len = PAGE_CACHE_SIZE - offset;
581
582	ret = pagecache_write_begin(file, mapping, sd->pos, this_len,
583	AOP_FLAG_UNINTERRUPTIBLE, &page, &fsdata);
584	if (unlikely(ret))
585	goto out;
586
587	if (buf->page != page) {
588	/*
589	* Careful, ->map() uses KM_USER0!
590	*/
591	char *src = buf->ops->map(pipe, buf, 1);
592	char *dst = kmap_atomic(page, KM_USER1);
593
594	memcpy(dst + offset, src + buf->offset, this_len);
595	flush_dcache_page(page);
596	kunmap_atomic(dst, KM_USER1);
597	buf->ops->unmap(pipe, buf, src);
598	}
599	ret = pagecache_write_end(file, mapping, sd->pos, this_len, this_len,
600	page, fsdata);
601	out:
602	return ret;
603	}
604
605	/**
606	* __splice_from_pipe - splice data from a pipe to given actor
607	* @pipe: pipe to splice from
608	* @sd: information to @actor
609	* @actor: handler that splices the data
610	*
611	* Description:
612	* This function does little more than loop over the pipe and call
613	* @actor to do the actual moving of a single struct pipe_buffer to
614	* the desired destination. See pipe_to_file, pipe_to_sendpage, or
615	* pipe_to_user.
616	*
617	*/
618	ssize_t __splice_from_pipe(struct pipe_inode_info pipe, struct splice_desc sd,
619	splice_actor *actor)
620	{
621	int ret, do_wakeup, err;
622
623	ret = 0;
624	do_wakeup = 0;
625
626	for (;;) {
627	if (pipe->nrbufs) {
628	struct pipe_buffer *buf = pipe->bufs + pipe->curbuf;
629	const struct pipe_buf_operations *ops = buf->ops;
630
631	sd->len = buf->len;
632	if (sd->len > sd->total_len)
633	sd->len = sd->total_len;
634
635	err = actor(pipe, buf, sd);
636	if (err <= 0) {
637	if (!ret && err != -ENODATA)
638	ret = err;
639
640	break;
641	}
642
643	ret += err;
644	buf->offset += err;
645	buf->len -= err;
646
647	sd->len -= err;
648	sd->pos += err;
649	sd->total_len -= err;
650	if (sd->len)
651	continue;
652
653	if (!buf->len) {
654	buf->ops = NULL;
655	ops->release(pipe, buf);
656	pipe->curbuf = (pipe->curbuf + 1) & (PIPE_BUFFERS - 1);
657	pipe->nrbufs--;
658	if (pipe->inode)
659	do_wakeup = 1;
660	}
661
662	if (!sd->total_len)
663	break;
664	}
665
666	if (pipe->nrbufs)
667	continue;
668	if (!pipe->writers)
669	break;
670	if (!pipe->waiting_writers) {
671	if (ret)
672	break;
673	}
674
675	if (sd->flags & SPLICE_F_NONBLOCK) {
676	if (!ret)
677	ret = -EAGAIN;
678	break;
679	}
680
681	if (signal_pending(current)) {
682	if (!ret)
683	ret = -ERESTARTSYS;
684	break;
685	}
686
687	if (do_wakeup) {
688	smp_mb();
689	if (waitqueue_active(&pipe->wait))
690	wake_up_interruptible_sync(&pipe->wait);
691	kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
692	do_wakeup = 0;
693	}
694
695	pipe_wait(pipe);
696	}
697
698	if (do_wakeup) {
699	smp_mb();
700	if (waitqueue_active(&pipe->wait))
701	wake_up_interruptible(&pipe->wait);
702	kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
703	}
704
705	return ret;
706	}
707	EXPORT_SYMBOL(__splice_from_pipe);
708
709	/**
710	* splice_from_pipe - splice data from a pipe to a file
711	* @pipe: pipe to splice from
712	* @out: file to splice to
713	* @ppos: position in @out
714	* @len: how many bytes to splice
715	* @flags: splice modifier flags
716	* @actor: handler that splices the data
717	*
718	* Description:
719	* See __splice_from_pipe. This function locks the input and output inodes,
720	* otherwise it's identical to __splice_from_pipe().
721	*
722	*/
723	ssize_t splice_from_pipe(struct pipe_inode_info pipe, struct file out,
724	loff_t *ppos, size_t len, unsigned int flags,
725	splice_actor *actor)
726	{
727	ssize_t ret;
728	struct inode *inode = out->f_mapping->host;
729	struct splice_desc sd = {
730	.total_len = len,
731	.flags = flags,
732	.pos = *ppos,
733	.u.file = out,
734	};
735
736	/*
737	* The actor worker might be calling ->prepare_write and
738	* ->commit_write. Most of the time, these expect i_mutex to
739	* be held. Since this may result in an ABBA deadlock with
740	* pipe->inode, we have to order lock acquiry here.
741	*/
742	inode_double_lock(inode, pipe->inode);
743	ret = __splice_from_pipe(pipe, &sd, actor);
744	inode_double_unlock(inode, pipe->inode);
745
746	return ret;
747	}
748
749	/**
750	* generic_file_splice_write_nolock - generic_file_splice_write without mutexes
751	* @pipe: pipe info
752	* @out: file to write to
753	* @ppos: position in @out
754	* @len: number of bytes to splice
755	* @flags: splice modifier flags
756	*
757	* Description:
758	* Will either move or copy pages (determined by @flags options) from
759	* the given pipe inode to the given file. The caller is responsible
760	* for acquiring i_mutex on both inodes.
761	*
762	*/
763	ssize_t
764	generic_file_splice_write_nolock(struct pipe_inode_info pipe, struct file out,
765	loff_t *ppos, size_t len, unsigned int flags)
766	{
767	struct address_space *mapping = out->f_mapping;
768	struct inode *inode = mapping->host;
769	struct splice_desc sd = {
770	.total_len = len,
771	.flags = flags,
772	.pos = *ppos,
773	.u.file = out,
774	};
775	ssize_t ret;
776	int err;
777
778	err = remove_suid(out->f_path.dentry);
779	if (unlikely(err))
780	return err;
781
782	ret = __splice_from_pipe(pipe, &sd, pipe_to_file);
783	if (ret > 0) {
784	unsigned long nr_pages;
785
786	*ppos += ret;
787	nr_pages = (ret + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
788
789	/*
790	* If file or inode is SYNC and we actually wrote some data,
791	* sync it.
792	*/
793	if (unlikely((out->f_flags & O_SYNC) \|\| IS_SYNC(inode))) {
794	err = generic_osync_inode(inode, mapping,
795	OSYNC_METADATA\|OSYNC_DATA);
796
797	if (err)
798	ret = err;
799	}
800	balance_dirty_pages_ratelimited_nr(mapping, nr_pages);
801	}
802
803	return ret;
804	}
805
806	EXPORT_SYMBOL(generic_file_splice_write_nolock);
807
808	/**
809	* generic_file_splice_write - splice data from a pipe to a file
810	* @pipe: pipe info
811	* @out: file to write to
812	* @ppos: position in @out
813	* @len: number of bytes to splice
814	* @flags: splice modifier flags
815	*
816	* Description:
817	* Will either move or copy pages (determined by @flags options) from
818	* the given pipe inode to the given file.
819	*
820	*/
821	ssize_t
822	generic_file_splice_write(struct pipe_inode_info pipe, struct file out,
823	loff_t *ppos, size_t len, unsigned int flags)
824	{
825	struct address_space *mapping = out->f_mapping;
826	struct inode *inode = mapping->host;
827	int killsuid, killpriv;
828	ssize_t ret;
829	int err = 0;
830
831	killpriv = security_inode_need_killpriv(out->f_path.dentry);
832	killsuid = should_remove_suid(out->f_path.dentry);
833	if (unlikely(killsuid \|\| killpriv)) {
834	mutex_lock(&inode->i_mutex);
835	if (killpriv)
836	err = security_inode_killpriv(out->f_path.dentry);
837	if (!err && killsuid)
838	err = __remove_suid(out->f_path.dentry, killsuid);
839	mutex_unlock(&inode->i_mutex);
840	if (err)
841	return err;
842	}
843
844	ret = splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_file);
845	if (ret > 0) {
846	unsigned long nr_pages;
847
848	*ppos += ret;
849	nr_pages = (ret + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
850
851	/*
852	* If file or inode is SYNC and we actually wrote some data,
853	* sync it.
854	*/
855	if (unlikely((out->f_flags & O_SYNC) \|\| IS_SYNC(inode))) {
856	mutex_lock(&inode->i_mutex);
857	err = generic_osync_inode(inode, mapping,
858	OSYNC_METADATA\|OSYNC_DATA);
859	mutex_unlock(&inode->i_mutex);
860
861	if (err)
862	ret = err;
863	}
864	balance_dirty_pages_ratelimited_nr(mapping, nr_pages);
865	}
866
867	return ret;
868	}
869
870	EXPORT_SYMBOL(generic_file_splice_write);
871
872	/**
873	* generic_splice_sendpage - splice data from a pipe to a socket
874	* @pipe: pipe to splice from
875	* @out: socket to write to
876	* @ppos: position in @out
877	* @len: number of bytes to splice
878	* @flags: splice modifier flags
879	*
880	* Description:
881	* Will send @len bytes from the pipe to a network socket. No data copying
882	* is involved.
883	*
884	*/
885	ssize_t generic_splice_sendpage(struct pipe_inode_info pipe, struct file out,
886	loff_t *ppos, size_t len, unsigned int flags)
887	{
888	return splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_sendpage);
889	}
890
891	EXPORT_SYMBOL(generic_splice_sendpage);
892
893	/*
894	* Attempt to initiate a splice from pipe to file.
895	*/
896	static long do_splice_from(struct pipe_inode_info pipe, struct file out,
897	loff_t *ppos, size_t len, unsigned int flags)
898	{
899	int ret;
900
901	if (unlikely(!out->f_op \|\| !out->f_op->splice_write))
902	return -EINVAL;
903
904	if (unlikely(!(out->f_mode & FMODE_WRITE)))
905	return -EBADF;
906
907	ret = rw_verify_area(WRITE, out, ppos, len);
908	if (unlikely(ret < 0))
909	return ret;
910
911	ret = security_file_permission(out, MAY_WRITE);
912	if (unlikely(ret < 0))
913	return ret;
914
915	return out->f_op->splice_write(pipe, out, ppos, len, flags);
916	}
917
918	/*
919	* Attempt to initiate a splice from a file to a pipe.
920	*/
921	static long do_splice_to(struct file in, loff_t ppos,
922	struct pipe_inode_info *pipe, size_t len,
923	unsigned int flags)
924	{
925	int ret;
926
927	if (unlikely(!in->f_op \|\| !in->f_op->splice_read))
928	return -EINVAL;
929
930	if (unlikely(!(in->f_mode & FMODE_READ)))
931	return -EBADF;
932
933	ret = rw_verify_area(READ, in, ppos, len);
934	if (unlikely(ret < 0))
935	return ret;
936
937	ret = security_file_permission(in, MAY_READ);
938	if (unlikely(ret < 0))
939	return ret;
940
941	return in->f_op->splice_read(in, ppos, pipe, len, flags);
942	}
943
944	/**
945	* splice_direct_to_actor - splices data directly between two non-pipes
946	* @in: file to splice from
947	* @sd: actor information on where to splice to
948	* @actor: handles the data splicing
949	*
950	* Description:
951	* This is a special case helper to splice directly between two
952	* points, without requiring an explicit pipe. Internally an allocated
953	* pipe is cached in the process, and reused during the lifetime of
954	* that process.
955	*
956	*/
957	ssize_t splice_direct_to_actor(struct file in, struct splice_desc sd,
958	splice_direct_actor *actor)
959	{
960	struct pipe_inode_info *pipe;
961	long ret, bytes;
962	umode_t i_mode;
963	size_t len;
964	int i, flags;
965
966	/*
967	* We require the input being a regular file, as we don't want to
968	* randomly drop data for eg socket -> socket splicing. Use the
969	* piped splicing for that!
970	*/
971	i_mode = in->f_path.dentry->d_inode->i_mode;
972	if (unlikely(!S_ISREG(i_mode) && !S_ISBLK(i_mode)))
973	return -EINVAL;
974
975	/*
976	* neither in nor out is a pipe, setup an internal pipe attached to
977	* 'out' and transfer the wanted data from 'in' to 'out' through that
978	*/
979	pipe = current->splice_pipe;
980	if (unlikely(!pipe)) {
981	pipe = alloc_pipe_info(NULL);
982	if (!pipe)
983	return -ENOMEM;
984
985	/*
986	* We don't have an immediate reader, but we'll read the stuff
987	* out of the pipe right after the splice_to_pipe(). So set
988	* PIPE_READERS appropriately.
989	*/
990	pipe->readers = 1;
991
992	current->splice_pipe = pipe;
993	}
994
995	/*
996	* Do the splice.
997	*/
998	ret = 0;
999	bytes = 0;
1000	len = sd->total_len;
1001	flags = sd->flags;
1002
1003	/*
1004	* Don't block on output, we have to drain the direct pipe.
1005	*/
1006	sd->flags &= ~SPLICE_F_NONBLOCK;
1007
1008	while (len) {
1009	size_t read_len;
1010	loff_t pos = sd->pos;
1011
1012	ret = do_splice_to(in, &pos, pipe, len, flags);
1013	if (unlikely(ret <= 0))
1014	goto out_release;
1015
1016	read_len = ret;
1017	sd->total_len = read_len;
1018
1019	/*
1020	* NOTE: nonblocking mode only applies to the input. We
1021	* must not do the output in nonblocking mode as then we
1022	* could get stuck data in the internal pipe:
1023	*/
1024	ret = actor(pipe, sd);
1025	if (unlikely(ret <= 0))
1026	goto out_release;
1027
1028	bytes += ret;
1029	len -= ret;
1030	sd->pos = pos;
1031
1032	if (ret < read_len)
1033	goto out_release;
1034	}
1035
1036	pipe->nrbufs = pipe->curbuf = 0;
1037	return bytes;
1038
1039	out_release:
1040	/*
1041	* If we did an incomplete transfer we must release
1042	* the pipe buffers in question:
1043	*/
1044	for (i = 0; i < PIPE_BUFFERS; i++) {
1045	struct pipe_buffer *buf = pipe->bufs + i;
1046
1047	if (buf->ops) {
1048	buf->ops->release(pipe, buf);
1049	buf->ops = NULL;
1050	}
1051	}
1052	pipe->nrbufs = pipe->curbuf = 0;
1053
1054	/*
1055	* If we transferred some data, return the number of bytes:
1056	*/
1057	if (bytes > 0)
1058	return bytes;
1059
1060	return ret;
1061
1062	}
1063	EXPORT_SYMBOL(splice_direct_to_actor);
1064
1065	static int direct_splice_actor(struct pipe_inode_info *pipe,
1066	struct splice_desc *sd)
1067	{
1068	struct file *file = sd->u.file;
1069
1070	return do_splice_from(pipe, file, &sd->pos, sd->total_len, sd->flags);
1071	}
1072
1073	/**
1074	* do_splice_direct - splices data directly between two files
1075	* @in: file to splice from
1076	* @ppos: input file offset
1077	* @out: file to splice to
1078	* @len: number of bytes to splice
1079	* @flags: splice modifier flags
1080	*
1081	* Description:
1082	* For use by do_sendfile(). splice can easily emulate sendfile, but
1083	* doing it in the application would incur an extra system call
1084	* (splice in + splice out, as compared to just sendfile()). So this helper
1085	* can splice directly through a process-private pipe.
1086	*
1087	*/
1088	long do_splice_direct(struct file in, loff_t ppos, struct file *out,
1089	size_t len, unsigned int flags)
1090	{
1091	struct splice_desc sd = {
1092	.len = len,
1093	.total_len = len,
1094	.flags = flags,
1095	.pos = *ppos,
1096	.u.file = out,
1097	};
1098	long ret;
1099
1100	ret = splice_direct_to_actor(in, &sd, direct_splice_actor);
1101	if (ret > 0)
1102	*ppos += ret;
1103
1104	return ret;
1105	}
1106
1107	/*
1108	* After the inode slimming patch, i_pipe/i_bdev/i_cdev share the same
1109	* location, so checking ->i_pipe is not enough to verify that this is a
1110	* pipe.
1111	*/
1112	static inline struct pipe_inode_info pipe_info(struct inode inode)
1113	{
1114	if (S_ISFIFO(inode->i_mode))
1115	return inode->i_pipe;
1116
1117	return NULL;
1118	}
1119
1120	/*
1121	* Determine where to splice to/from.
1122	*/
1123	static long do_splice(struct file in, loff_t __user off_in,
1124	struct file out, loff_t __user off_out,
1125	size_t len, unsigned int flags)
1126	{
1127	struct pipe_inode_info *pipe;
1128	loff_t offset, *off;
1129	long ret;
1130
1131	pipe = pipe_info(in->f_path.dentry->d_inode);
1132	if (pipe) {
1133	if (off_in)
1134	return -ESPIPE;
1135	if (off_out) {
1136	if (out->f_op->llseek == no_llseek)
1137	return -EINVAL;
1138	if (copy_from_user(&offset, off_out, sizeof(loff_t)))
1139	return -EFAULT;
1140	off = &offset;
1141	} else
1142	off = &out->f_pos;
1143
1144	ret = do_splice_from(pipe, out, off, len, flags);
1145
1146	if (off_out && copy_to_user(off_out, off, sizeof(loff_t)))
1147	ret = -EFAULT;
1148
1149	return ret;
1150	}
1151
1152	pipe = pipe_info(out->f_path.dentry->d_inode);
1153	if (pipe) {
1154	if (off_out)
1155	return -ESPIPE;
1156	if (off_in) {
1157	if (in->f_op->llseek == no_llseek)
1158	return -EINVAL;
1159	if (copy_from_user(&offset, off_in, sizeof(loff_t)))
1160	return -EFAULT;
1161	off = &offset;
1162	} else
1163	off = &in->f_pos;
1164
1165	ret = do_splice_to(in, off, pipe, len, flags);
1166
1167	if (off_in && copy_to_user(off_in, off, sizeof(loff_t)))
1168	ret = -EFAULT;
1169
1170	return ret;
1171	}
1172
1173	return -EINVAL;
1174	}
1175
1176	/*
1177	* Do a copy-from-user while holding the mmap_semaphore for reading, in a
1178	* manner safe from deadlocking with simultaneous mmap() (grabbing mmap_sem
1179	* for writing) and page faulting on the user memory pointed to by src.
1180	* This assumes that we will very rarely hit the partial != 0 path, or this
1181	* will not be a win.
1182	*/
1183	static int copy_from_user_mmap_sem(void dst, const void __user src, size_t n)
1184	{
1185	int partial;
1186
1187	if (!access_ok(VERIFY_READ, src, n))
1188	return -EFAULT;
1189
1190	pagefault_disable();
1191	partial = __copy_from_user_inatomic(dst, src, n);
1192	pagefault_enable();
1193
1194	/*
1195	* Didn't copy everything, drop the mmap_sem and do a faulting copy
1196	*/
1197	if (unlikely(partial)) {
1198	up_read(&current->mm->mmap_sem);
1199	partial = copy_from_user(dst, src, n);
1200	down_read(&current->mm->mmap_sem);
1201	}
1202
1203	return partial;
1204	}
1205
1206	/*
1207	* Map an iov into an array of pages and offset/length tupples. With the
1208	* partial_page structure, we can map several non-contiguous ranges into
1209	* our ones pages[] map instead of splitting that operation into pieces.
1210	* Could easily be exported as a generic helper for other users, in which
1211	* case one would probably want to add a 'max_nr_pages' parameter as well.
1212	*/
1213	static int get_iovec_page_array(const struct iovec __user *iov,
1214	unsigned int nr_vecs, struct page **pages,
1215	struct partial_page *partial, int aligned)
1216	{
1217	int buffers = 0, error = 0;
1218
1219	down_read(&current->mm->mmap_sem);
1220
1221	while (nr_vecs) {
1222	unsigned long off, npages;
1223	struct iovec entry;
1224	void __user *base;
1225	size_t len;
1226	int i;
1227
1228	error = -EFAULT;
1229	if (copy_from_user_mmap_sem(&entry, iov, sizeof(entry)))
1230	break;
1231
1232	base = entry.iov_base;
1233	len = entry.iov_len;
1234
1235	/*
1236	* Sanity check this iovec. 0 read succeeds.
1237	*/
1238	error = 0;
1239	if (unlikely(!len))
1240	break;
1241	error = -EFAULT;
1242	if (unlikely(!base))
1243	break;
1244
1245	/*
1246	* Get this base offset and number of pages, then map
1247	* in the user pages.
1248	*/
1249	off = (unsigned long) base & ~PAGE_MASK;
1250
1251	/*
1252	* If asked for alignment, the offset must be zero and the
1253	* length a multiple of the PAGE_SIZE.
1254	*/
1255	error = -EINVAL;
1256	if (aligned && (off \|\| len & ~PAGE_MASK))
1257	break;
1258
1259	npages = (off + len + PAGE_SIZE - 1) >> PAGE_SHIFT;
1260	if (npages > PIPE_BUFFERS - buffers)
1261	npages = PIPE_BUFFERS - buffers;
1262
1263	error = get_user_pages(current, current->mm,
1264	(unsigned long) base, npages, 0, 0,
1265	&pages[buffers], NULL);
1266
1267	if (unlikely(error <= 0))
1268	break;
1269
1270	/*
1271	* Fill this contiguous range into the partial page map.
1272	*/
1273	for (i = 0; i < error; i++) {
1274	const int plen = min_t(size_t, len, PAGE_SIZE - off);
1275
1276	partial[buffers].offset = off;
1277	partial[buffers].len = plen;
1278
1279	off = 0;
1280	len -= plen;
1281	buffers++;
1282	}
1283
1284	/*
1285	* We didn't complete this iov, stop here since it probably
1286	* means we have to move some of this into a pipe to
1287	* be able to continue.
1288	*/
1289	if (len)
1290	break;
1291
1292	/*
1293	* Don't continue if we mapped fewer pages than we asked for,
1294	* or if we mapped the max number of pages that we have
1295	* room for.
1296	*/
1297	if (error < npages \|\| buffers == PIPE_BUFFERS)
1298	break;
1299
1300	nr_vecs--;
1301	iov++;
1302	}
1303
1304	up_read(&current->mm->mmap_sem);
1305
1306	if (buffers)
1307	return buffers;
1308
1309	return error;
1310	}
1311
1312	static int pipe_to_user(struct pipe_inode_info pipe, struct pipe_buffer buf,
1313	struct splice_desc *sd)
1314	{
1315	char *src;
1316	int ret;
1317
1318	ret = buf->ops->confirm(pipe, buf);
1319	if (unlikely(ret))
1320	return ret;
1321
1322	/*
1323	* See if we can use the atomic maps, by prefaulting in the
1324	* pages and doing an atomic copy
1325	*/
1326	if (!fault_in_pages_writeable(sd->u.userptr, sd->len)) {
1327	src = buf->ops->map(pipe, buf, 1);
1328	ret = __copy_to_user_inatomic(sd->u.userptr, src + buf->offset,
1329	sd->len);
1330	buf->ops->unmap(pipe, buf, src);
1331	if (!ret) {
1332	ret = sd->len;
1333	goto out;
1334	}
1335	}
1336
1337	/*
1338	* No dice, use slow non-atomic map and copy
1339	*/
1340	src = buf->ops->map(pipe, buf, 0);
1341
1342	ret = sd->len;
1343	if (copy_to_user(sd->u.userptr, src + buf->offset, sd->len))
1344	ret = -EFAULT;
1345
1346	buf->ops->unmap(pipe, buf, src);
1347	out:
1348	if (ret > 0)
1349	sd->u.userptr += ret;
1350	return ret;
1351	}
1352
1353	/*
1354	* For lack of a better implementation, implement vmsplice() to userspace
1355	* as a simple copy of the pipes pages to the user iov.
1356	*/
1357	static long vmsplice_to_user(struct file file, const struct iovec __user iov,
1358	unsigned long nr_segs, unsigned int flags)
1359	{
1360	struct pipe_inode_info *pipe;
1361	struct splice_desc sd;
1362	ssize_t size;
1363	int error;
1364	long ret;
1365
1366	pipe = pipe_info(file->f_path.dentry->d_inode);
1367	if (!pipe)
1368	return -EBADF;
1369
1370	if (pipe->inode)
1371	mutex_lock(&pipe->inode->i_mutex);
1372
1373	error = ret = 0;
1374	while (nr_segs) {
1375	void __user *base;
1376	size_t len;
1377
1378	/*
1379	* Get user address base and length for this iovec.
1380	*/
1381	error = get_user(base, &iov->iov_base);
1382	if (unlikely(error))
1383	break;
1384	error = get_user(len, &iov->iov_len);
1385	if (unlikely(error))
1386	break;
1387
1388	/*
1389	* Sanity check this iovec. 0 read succeeds.
1390	*/
1391	if (unlikely(!len))
1392	break;
1393	if (unlikely(!base)) {
1394	error = -EFAULT;
1395	break;
1396	}
1397
1398	if (unlikely(!access_ok(VERIFY_WRITE, base, len))) {
1399	error = -EFAULT;
1400	break;
1401	}
1402
1403	sd.len = 0;
1404	sd.total_len = len;
1405	sd.flags = flags;
1406	sd.u.userptr = base;
1407	sd.pos = 0;
1408
1409	size = __splice_from_pipe(pipe, &sd, pipe_to_user);
1410	if (size < 0) {
1411	if (!ret)
1412	ret = size;
1413
1414	break;
1415	}
1416
1417	ret += size;
1418
1419	if (size < len)
1420	break;
1421
1422	nr_segs--;
1423	iov++;
1424	}
1425
1426	if (pipe->inode)
1427	mutex_unlock(&pipe->inode->i_mutex);
1428
1429	if (!ret)
1430	ret = error;
1431
1432	return ret;
1433	}
1434
1435	/*
1436	* vmsplice splices a user address range into a pipe. It can be thought of
1437	* as splice-from-memory, where the regular splice is splice-from-file (or
1438	* to file). In both cases the output is a pipe, naturally.
1439	*/
1440	static long vmsplice_to_pipe(struct file file, const struct iovec __user iov,
1441	unsigned long nr_segs, unsigned int flags)
1442	{
1443	struct pipe_inode_info *pipe;
1444	struct page *pages[PIPE_BUFFERS];
1445	struct partial_page partial[PIPE_BUFFERS];
1446	struct splice_pipe_desc spd = {
1447	.pages = pages,
1448	.partial = partial,
1449	.flags = flags,
1450	.ops = &user_page_pipe_buf_ops,
1451	};
1452
1453	pipe = pipe_info(file->f_path.dentry->d_inode);
1454	if (!pipe)
1455	return -EBADF;
1456
1457	spd.nr_pages = get_iovec_page_array(iov, nr_segs, pages, partial,
1458	flags & SPLICE_F_GIFT);
1459	if (spd.nr_pages <= 0)
1460	return spd.nr_pages;
1461
1462	return splice_to_pipe(pipe, &spd);
1463	}
1464
1465	/*
1466	* Note that vmsplice only really supports true splicing _from_ user memory
1467	* to a pipe, not the other way around. Splicing from user memory is a simple
1468	* operation that can be supported without any funky alignment restrictions
1469	* or nasty vm tricks. We simply map in the user memory and fill them into
1470	* a pipe. The reverse isn't quite as easy, though. There are two possible
1471	* solutions for that:
1472	*
1473	* - memcpy() the data internally, at which point we might as well just
1474	* do a regular read() on the buffer anyway.
1475	* - Lots of nasty vm tricks, that are neither fast nor flexible (it
1476	* has restriction limitations on both ends of the pipe).
1477	*
1478	* Currently we punt and implement it as a normal copy, see pipe_to_user().
1479	*
1480	*/
1481	asmlinkage long sys_vmsplice(int fd, const struct iovec __user *iov,
1482	unsigned long nr_segs, unsigned int flags)
1483	{
1484	struct file *file;
1485	long error;
1486	int fput;
1487
1488	if (unlikely(nr_segs > UIO_MAXIOV))
1489	return -EINVAL;
1490	else if (unlikely(!nr_segs))
1491	return 0;
1492
1493	error = -EBADF;
1494	file = fget_light(fd, &fput);
1495	if (file) {
1496	if (file->f_mode & FMODE_WRITE)
1497	error = vmsplice_to_pipe(file, iov, nr_segs, flags);
1498	else if (file->f_mode & FMODE_READ)
1499	error = vmsplice_to_user(file, iov, nr_segs, flags);
1500
1501	fput_light(file, fput);
1502	}
1503
1504	return error;
1505	}
1506
1507	asmlinkage long sys_splice(int fd_in, loff_t __user *off_in,
1508	int fd_out, loff_t __user *off_out,
1509	size_t len, unsigned int flags)
1510	{
1511	long error;
1512	struct file in, out;
1513	int fput_in, fput_out;
1514
1515	if (unlikely(!len))
1516	return 0;
1517
1518	error = -EBADF;
1519	in = fget_light(fd_in, &fput_in);
1520	if (in) {
1521	if (in->f_mode & FMODE_READ) {
1522	out = fget_light(fd_out, &fput_out);
1523	if (out) {
1524	if (out->f_mode & FMODE_WRITE)
1525	error = do_splice(in, off_in,
1526	out, off_out,
1527	len, flags);
1528	fput_light(out, fput_out);
1529	}
1530	}
1531
1532	fput_light(in, fput_in);
1533	}
1534
1535	return error;
1536	}
1537
1538	/*
1539	* Make sure there's data to read. Wait for input if we can, otherwise
1540	* return an appropriate error.
1541	*/
1542	static int link_ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
1543	{
1544	int ret;
1545
1546	/*
1547	* Check ->nrbufs without the inode lock first. This function
1548	* is speculative anyways, so missing one is ok.
1549	*/
1550	if (pipe->nrbufs)
1551	return 0;
1552
1553	ret = 0;
1554	mutex_lock(&pipe->inode->i_mutex);
1555
1556	while (!pipe->nrbufs) {
1557	if (signal_pending(current)) {
1558	ret = -ERESTARTSYS;
1559	break;
1560	}
1561	if (!pipe->writers)
1562	break;
1563	if (!pipe->waiting_writers) {
1564	if (flags & SPLICE_F_NONBLOCK) {
1565	ret = -EAGAIN;
1566	break;
1567	}
1568	}
1569	pipe_wait(pipe);
1570	}
1571
1572	mutex_unlock(&pipe->inode->i_mutex);
1573	return ret;
1574	}
1575
1576	/*
1577	* Make sure there's writeable room. Wait for room if we can, otherwise
1578	* return an appropriate error.
1579	*/
1580	static int link_opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
1581	{
1582	int ret;
1583
1584	/*
1585	* Check ->nrbufs without the inode lock first. This function
1586	* is speculative anyways, so missing one is ok.
1587	*/
1588	if (pipe->nrbufs < PIPE_BUFFERS)
1589	return 0;
1590
1591	ret = 0;
1592	mutex_lock(&pipe->inode->i_mutex);
1593
1594	while (pipe->nrbufs >= PIPE_BUFFERS) {
1595	if (!pipe->readers) {
1596	send_sig(SIGPIPE, current, 0);
1597	ret = -EPIPE;
1598	break;
1599	}
1600	if (flags & SPLICE_F_NONBLOCK) {
1601	ret = -EAGAIN;
1602	break;
1603	}
1604	if (signal_pending(current)) {
1605	ret = -ERESTARTSYS;
1606	break;
1607	}
1608	pipe->waiting_writers++;
1609	pipe_wait(pipe);
1610	pipe->waiting_writers--;
1611	}
1612
1613	mutex_unlock(&pipe->inode->i_mutex);
1614	return ret;
1615	}
1616
1617	/*
1618	* Link contents of ipipe to opipe.
1619	*/
1620	static int link_pipe(struct pipe_inode_info *ipipe,
1621	struct pipe_inode_info *opipe,
1622	size_t len, unsigned int flags)
1623	{
1624	struct pipe_buffer ibuf, obuf;
1625	int ret = 0, i = 0, nbuf;
1626
1627	/*
1628	* Potential ABBA deadlock, work around it by ordering lock
1629	* grabbing by inode address. Otherwise two different processes
1630	* could deadlock (one doing tee from A -> B, the other from B -> A).
1631	*/
1632	inode_double_lock(ipipe->inode, opipe->inode);
1633
1634	do {
1635	if (!opipe->readers) {
1636	send_sig(SIGPIPE, current, 0);
1637	if (!ret)
1638	ret = -EPIPE;
1639	break;
1640	}
1641
1642	/*
1643	* If we have iterated all input buffers or ran out of
1644	* output room, break.
1645	*/
1646	if (i >= ipipe->nrbufs \|\| opipe->nrbufs >= PIPE_BUFFERS)
1647	break;
1648
1649	ibuf = ipipe->bufs + ((ipipe->curbuf + i) & (PIPE_BUFFERS - 1));
1650	nbuf = (opipe->curbuf + opipe->nrbufs) & (PIPE_BUFFERS - 1);
1651
1652	/*
1653	* Get a reference to this pipe buffer,
1654	* so we can copy the contents over.
1655	*/
1656	ibuf->ops->get(ipipe, ibuf);
1657
1658	obuf = opipe->bufs + nbuf;
1659	obuf = ibuf;
1660
1661	/*
1662	* Don't inherit the gift flag, we need to
1663	* prevent multiple steals of this page.
1664	*/
1665	obuf->flags &= ~PIPE_BUF_FLAG_GIFT;
1666
1667	if (obuf->len > len)
1668	obuf->len = len;
1669
1670	opipe->nrbufs++;
1671	ret += obuf->len;
1672	len -= obuf->len;
1673	i++;
1674	} while (len);
1675
1676	inode_double_unlock(ipipe->inode, opipe->inode);
1677
1678	/*
1679	* If we put data in the output pipe, wakeup any potential readers.
1680	*/
1681	if (ret > 0) {
1682	smp_mb();
1683	if (waitqueue_active(&opipe->wait))
1684	wake_up_interruptible(&opipe->wait);
1685	kill_fasync(&opipe->fasync_readers, SIGIO, POLL_IN);
1686	}
1687
1688	return ret;
1689	}
1690
1691	/*
1692	* This is a tee(1) implementation that works on pipes. It doesn't copy
1693	* any data, it simply references the 'in' pages on the 'out' pipe.
1694	* The 'flags' used are the SPLICE_F_* variants, currently the only
1695	* applicable one is SPLICE_F_NONBLOCK.
1696	*/
1697	static long do_tee(struct file in, struct file out, size_t len,
1698	unsigned int flags)
1699	{
1700	struct pipe_inode_info *ipipe = pipe_info(in->f_path.dentry->d_inode);
1701	struct pipe_inode_info *opipe = pipe_info(out->f_path.dentry->d_inode);
1702	int ret = -EINVAL;
1703
1704	/*
1705	* Duplicate the contents of ipipe to opipe without actually
1706	* copying the data.
1707	*/
1708	if (ipipe && opipe && ipipe != opipe) {
1709	/*
1710	* Keep going, unless we encounter an error. The ipipe/opipe
1711	* ordering doesn't really matter.
1712	*/
1713	ret = link_ipipe_prep(ipipe, flags);
1714	if (!ret) {
1715	ret = link_opipe_prep(opipe, flags);
1716	if (!ret) {
1717	ret = link_pipe(ipipe, opipe, len, flags);
1718	if (!ret && (flags & SPLICE_F_NONBLOCK))
1719	ret = -EAGAIN;
1720	}
1721	}
1722	}
1723
1724	return ret;
1725	}
1726
1727	asmlinkage long sys_tee(int fdin, int fdout, size_t len, unsigned int flags)
1728	{
1729	struct file *in;
1730	int error, fput_in;
1731
1732	if (unlikely(!len))
1733	return 0;
1734
1735	error = -EBADF;
1736	in = fget_light(fdin, &fput_in);
1737	if (in) {
1738	if (in->f_mode & FMODE_READ) {
1739	int fput_out;
1740	struct file *out = fget_light(fdout, &fput_out);
1741
1742	if (out) {
1743	if (out->f_mode & FMODE_WRITE)
1744	error = do_tee(in, out, len, flags);
1745	fput_light(out, fput_out);
1746	}
1747	}
1748	fput_light(in, fput_in);
1749	}
1750
1751	return error;
1752	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: