projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
splice: fix i_mutex locking in generic_splice_write()
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / fs / splice.c
CommitLineData
5274f052
JA		 1/*
2 * "splice": joining two ropes together by interweaving their strands.
3 *
4 * This is the "extended pipe" functionality, where a pipe is used as
5 * an arbitrary in-memory buffer. Think of a pipe as a small kernel
6 * buffer that you can use to transfer data from one end to the other.
7 *
8 * The traditional unix read/write is extended with a "splice()" operation
9 * that transfers data buffers to or from a pipe buffer.
10 *
11 * Named by Larry McVoy, original implementation from Linus, extended by
c2058e06
JA		 12 * Jens to support splicing to files, network, direct splicing, etc and
13 * fixing lots of bugs.
5274f052 14 *
0fe23479 15 * Copyright (C) 2005-2006 Jens Axboe <axboe@kernel.dk>
c2058e06
JA		 16 * Copyright (C) 2005-2006 Linus Torvalds <torvalds@osdl.org>
17 * Copyright (C) 2006 Ingo Molnar <mingo@elte.hu>
5274f052
JA		 18 *
19 */
20#include <linux/fs.h>
21#include <linux/file.h>
22#include <linux/pagemap.h>
d6b29d7c 23#include <linux/splice.h>
08e552c6 24#include <linux/memcontrol.h>
5274f052 25#include <linux/mm_inline.h>
5abc97aa 26#include <linux/swap.h>
4f6f0bd2
JA		 27#include <linux/writeback.h>
28#include <linux/buffer_head.h>
a0f06780 29#include <linux/module.h>
4f6f0bd2 30#include <linux/syscalls.h>
912d35f8 31#include <linux/uio.h>
29ce2058 32#include <linux/security.h>
5274f052 33
83f9135b
JA		 34/*
35 * Attempt to steal a page from a pipe buffer. This should perhaps go into
36 * a vm helper function, it's already simplified quite a bit by the
37 * addition of remove_mapping(). If success is returned, the caller may
38 * attempt to reuse this page for another destination.
39 */
76ad4d11 40static int page_cache_pipe_buf_steal(struct pipe_inode_info *pipe,
5abc97aa
JA		 41 struct pipe_buffer *buf)
42{
43 struct page *page = buf->page;
9e94cd4f 44 struct address_space *mapping;
5abc97aa 45
9e0267c2
JA		 46 lock_page(page);
47
9e94cd4f
JA		 48 mapping = page_mapping(page);
49 if (mapping) {
50 WARN_ON(!PageUptodate(page));
5abc97aa 51
9e94cd4f
JA		 52 /*
53 * At least for ext2 with nobh option, we need to wait on
54 * writeback completing on this page, since we'll remove it
55 * from the pagecache. Otherwise truncate wont wait on the
56 * page, allowing the disk blocks to be reused by someone else
57 * before we actually wrote our data to them. fs corruption
58 * ensues.
59 */
60 wait_on_page_writeback(page);
ad8d6f0a 61
266cf658
DH		 62 if (page_has_private(page) &&
63 !try_to_release_page(page, GFP_KERNEL))
ca39d651 64 goto out_unlock;
4f6f0bd2 65
9e94cd4f
JA		 66 /*
67 * If we succeeded in removing the mapping, set LRU flag
68 * and return good.
69 */
70 if (remove_mapping(mapping, page)) {
71 buf->flags |= PIPE_BUF_FLAG_LRU;
72 return 0;
73 }
9e0267c2 74 }
5abc97aa 75
9e94cd4f
JA		 76 /*
77 * Raced with truncate or failed to remove page from current
78 * address space, unlock and return failure.
79 */
ca39d651 80out_unlock:
9e94cd4f
JA		 81 unlock_page(page);
82 return 1;
5abc97aa
JA		 83}
84
76ad4d11 85static void page_cache_pipe_buf_release(struct pipe_inode_info *pipe,
5274f052
JA		 86 struct pipe_buffer *buf)
87{
88 page_cache_release(buf->page);
1432873a 89 buf->flags &= ~PIPE_BUF_FLAG_LRU;
5274f052
JA		 90}
91
0845718d
JA		 92/*
93 * Check whether the contents of buf is OK to access. Since the content
94 * is a page cache page, IO may be in flight.
95 */
cac36bb0
JA		 96static int page_cache_pipe_buf_confirm(struct pipe_inode_info *pipe,
97 struct pipe_buffer *buf)
5274f052
JA		 98{
99 struct page *page = buf->page;
49d0b21b 100 int err;
5274f052
JA		 101
102 if (!PageUptodate(page)) {
49d0b21b
JA		 103 lock_page(page);
104
105 /*
106 * Page got truncated/unhashed. This will cause a 0-byte
73d62d83 107 * splice, if this is the first page.
49d0b21b
JA		 108 */
109 if (!page->mapping) {
110 err = -ENODATA;
111 goto error;
112 }
5274f052 113
49d0b21b 114 /*
73d62d83 115 * Uh oh, read-error from disk.
49d0b21b
JA		 116 */
117 if (!PageUptodate(page)) {
118 err = -EIO;
119 goto error;
120 }
121
122 /*
f84d7519 123 * Page is ok afterall, we are done.
49d0b21b 124 */
5274f052 125 unlock_page(page);
5274f052
JA		 126 }
127
f84d7519 128 return 0;
49d0b21b
JA		 129error:
130 unlock_page(page);
f84d7519 131 return err;
70524490
JA		 132}
133
d4c3cca9 134static const struct pipe_buf_operations page_cache_pipe_buf_ops = {
5274f052 135 .can_merge = 0,
f84d7519
JA		 136 .map = generic_pipe_buf_map,
137 .unmap = generic_pipe_buf_unmap,
cac36bb0 138 .confirm = page_cache_pipe_buf_confirm,
5274f052 139 .release = page_cache_pipe_buf_release,
5abc97aa 140 .steal = page_cache_pipe_buf_steal,
f84d7519 141 .get = generic_pipe_buf_get,
5274f052
JA		 142};
143
912d35f8
JA		 144static int user_page_pipe_buf_steal(struct pipe_inode_info *pipe,
145 struct pipe_buffer *buf)
146{
7afa6fd0
JA		 147 if (!(buf->flags & PIPE_BUF_FLAG_GIFT))
148 return 1;
149
1432873a 150 buf->flags |= PIPE_BUF_FLAG_LRU;
330ab716 151 return generic_pipe_buf_steal(pipe, buf);
912d35f8
JA		 152}
153
d4c3cca9 154static const struct pipe_buf_operations user_page_pipe_buf_ops = {
912d35f8 155 .can_merge = 0,
f84d7519
JA		 156 .map = generic_pipe_buf_map,
157 .unmap = generic_pipe_buf_unmap,
cac36bb0 158 .confirm = generic_pipe_buf_confirm,
912d35f8
JA		 159 .release = page_cache_pipe_buf_release,
160 .steal = user_page_pipe_buf_steal,
f84d7519 161 .get = generic_pipe_buf_get,
912d35f8
JA		 162};
163
932cc6d4
JA		 164/**
165 * splice_to_pipe - fill passed data into a pipe
166 * @pipe: pipe to fill
167 * @spd: data to fill
168 *
169 * Description:
79685b8d 170 * @spd contains a map of pages and len/offset tuples, along with
932cc6d4
JA		 171 * the struct pipe_buf_operations associated with these pages. This
172 * function will link that data to the pipe.
173 *
83f9135b 174 */
d6b29d7c
JA		 175ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
176 struct splice_pipe_desc *spd)
5274f052 177{
00de00bd 178 unsigned int spd_pages = spd->nr_pages;
912d35f8 179 int ret, do_wakeup, page_nr;
5274f052
JA		 180
181 ret = 0;
182 do_wakeup = 0;
912d35f8 183 page_nr = 0;
5274f052 184
3a326a2c
IM		 185 if (pipe->inode)
186 mutex_lock(&pipe->inode->i_mutex);
5274f052 187
5274f052 188 for (;;) {
3a326a2c 189 if (!pipe->readers) {
5274f052
JA		 190 send_sig(SIGPIPE, current, 0);
191 if (!ret)
192 ret = -EPIPE;
193 break;
194 }
195
6f767b04
JA		 196 if (pipe->nrbufs < PIPE_BUFFERS) {
197 int newbuf = (pipe->curbuf + pipe->nrbufs) & (PIPE_BUFFERS - 1);
3a326a2c 198 struct pipe_buffer *buf = pipe->bufs + newbuf;
5274f052 199
912d35f8
JA		 200 buf->page = spd->pages[page_nr];
201 buf->offset = spd->partial[page_nr].offset;
202 buf->len = spd->partial[page_nr].len;
497f9625 203 buf->private = spd->partial[page_nr].private;
912d35f8 204 buf->ops = spd->ops;
7afa6fd0
JA		 205 if (spd->flags & SPLICE_F_GIFT)
206 buf->flags |= PIPE_BUF_FLAG_GIFT;
207
6f767b04 208 pipe->nrbufs++;
912d35f8
JA		 209 page_nr++;
210 ret += buf->len;
211
6f767b04
JA		 212 if (pipe->inode)
213 do_wakeup = 1;
5274f052 214
912d35f8 215 if (!--spd->nr_pages)
5274f052 216 break;
6f767b04 217 if (pipe->nrbufs < PIPE_BUFFERS)
5274f052
JA		 218 continue;
219
220 break;
221 }
222
912d35f8 223 if (spd->flags & SPLICE_F_NONBLOCK) {
29e35094
LT		 224 if (!ret)
225 ret = -EAGAIN;
226 break;
227 }
228
5274f052
JA		 229 if (signal_pending(current)) {
230 if (!ret)
231 ret = -ERESTARTSYS;
232 break;
233 }
234
235 if (do_wakeup) {
c0bd1f65 236 smp_mb();
3a326a2c
IM		 237 if (waitqueue_active(&pipe->wait))
238 wake_up_interruptible_sync(&pipe->wait);
239 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
5274f052
JA		 240 do_wakeup = 0;
241 }
242
3a326a2c
IM		 243 pipe->waiting_writers++;
244 pipe_wait(pipe);
245 pipe->waiting_writers--;
5274f052
JA		 246 }
247
02676e5a 248 if (pipe->inode) {
3a326a2c 249 mutex_unlock(&pipe->inode->i_mutex);
5274f052 250
02676e5a
JA		 251 if (do_wakeup) {
252 smp_mb();
253 if (waitqueue_active(&pipe->wait))
254 wake_up_interruptible(&pipe->wait);
255 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
256 }
5274f052
JA		 257 }
258
00de00bd 259 while (page_nr < spd_pages)
bbdfc2f7 260 spd->spd_release(spd, page_nr++);
5274f052
JA		 261
262 return ret;
263}
264
bbdfc2f7
JA		 265static void spd_release_page(struct splice_pipe_desc *spd, unsigned int i)
266{
267 page_cache_release(spd->pages[i]);
268}
269
3a326a2c 270static int
cbb7e577
JA		 271__generic_file_splice_read(struct file *in, loff_t *ppos,
272 struct pipe_inode_info *pipe, size_t len,
273 unsigned int flags)
5274f052
JA		 274{
275 struct address_space *mapping = in->f_mapping;
d8983910 276 unsigned int loff, nr_pages, req_pages;
16c523dd 277 struct page *pages[PIPE_BUFFERS];
912d35f8 278 struct partial_page partial[PIPE_BUFFERS];
5274f052 279 struct page *page;
91ad66ef
JA		 280 pgoff_t index, end_index;
281 loff_t isize;
eb20796b 282 int error, page_nr;
912d35f8
JA		 283 struct splice_pipe_desc spd = {
284 .pages = pages,
285 .partial = partial,
286 .flags = flags,
287 .ops = &page_cache_pipe_buf_ops,
bbdfc2f7 288 .spd_release = spd_release_page,
912d35f8 289 };
5274f052 290
cbb7e577 291 index = *ppos >> PAGE_CACHE_SHIFT;
912d35f8 292 loff = *ppos & ~PAGE_CACHE_MASK;
d8983910
FW		 293 req_pages = (len + loff + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
294 nr_pages = min(req_pages, (unsigned)PIPE_BUFFERS);
5274f052 295
eb20796b
JA		 296 /*
297 * Lookup the (hopefully) full range of pages we need.
298 */
299 spd.nr_pages = find_get_pages_contig(mapping, index, nr_pages, pages);
431a4820 300 index += spd.nr_pages;
82aa5d61 301
eb20796b
JA		 302 /*
303 * If find_get_pages_contig() returned fewer pages than we needed,
431a4820 304 * readahead/allocate the rest and fill in the holes.
eb20796b 305 */
431a4820 306 if (spd.nr_pages < nr_pages)
cf914a7d
RR		 307 page_cache_sync_readahead(mapping, &in->f_ra, in,
308 index, req_pages - spd.nr_pages);
431a4820 309
932cc6d4 310 error = 0;
eb20796b 311 while (spd.nr_pages < nr_pages) {
82aa5d61 312 /*
eb20796b
JA		 313 * Page could be there, find_get_pages_contig() breaks on
314 * the first hole.
5274f052 315 */
7480a904
JA		 316 page = find_get_page(mapping, index);
317 if (!page) {
7480a904 318 /*
eb20796b 319 * page didn't exist, allocate one.
7480a904
JA		 320 */
321 page = page_cache_alloc_cold(mapping);
322 if (!page)
323 break;
324
325 error = add_to_page_cache_lru(page, mapping, index,
4cd13504 326 mapping_gfp_mask(mapping));
7480a904
JA		 327 if (unlikely(error)) {
328 page_cache_release(page);
a0548871
JA		 329 if (error == -EEXIST)
330 continue;
7480a904
JA		 331 break;
332 }
eb20796b
JA		 333 /*
334 * add_to_page_cache() locks the page, unlock it
335 * to avoid convoluting the logic below even more.
336 */
337 unlock_page(page);
7480a904
JA		 338 }
339
eb20796b
JA		 340 pages[spd.nr_pages++] = page;
341 index++;
342 }
343
344 /*
345 * Now loop over the map and see if we need to start IO on any
346 * pages, fill in the partial map, etc.
347 */
348 index = *ppos >> PAGE_CACHE_SHIFT;
349 nr_pages = spd.nr_pages;
350 spd.nr_pages = 0;
351 for (page_nr = 0; page_nr < nr_pages; page_nr++) {
352 unsigned int this_len;
353
354 if (!len)
355 break;
356
357 /*
358 * this_len is the max we'll use from this page
359 */
360 this_len = min_t(unsigned long, len, PAGE_CACHE_SIZE - loff);
361 page = pages[page_nr];
362
a08a166f 363 if (PageReadahead(page))
cf914a7d 364 page_cache_async_readahead(mapping, &in->f_ra, in,
d8983910 365 page, index, req_pages - page_nr);
a08a166f 366
7480a904
JA		 367 /*
368 * If the page isn't uptodate, we may need to start io on it
369 */
370 if (!PageUptodate(page)) {
c4f895cb
JA		 371 /*
372 * If in nonblock mode then dont block on waiting
373 * for an in-flight io page
374 */
9ae9d68c 375 if (flags & SPLICE_F_NONBLOCK) {
529ae9aa 376 if (!trylock_page(page)) {
8191ecd1 377 error = -EAGAIN;
9ae9d68c 378 break;
8191ecd1 379 }
9ae9d68c
FW		 380 } else
381 lock_page(page);
7480a904
JA		 382
383 /*
32502b84
MS		 384 * Page was truncated, or invalidated by the
385 * filesystem. Redo the find/create, but this time the
386 * page is kept locked, so there's no chance of another
387 * race with truncate/invalidate.
7480a904
JA		 388 */
389 if (!page->mapping) {
390 unlock_page(page);
32502b84
MS		 391 page = find_or_create_page(mapping, index,
392 mapping_gfp_mask(mapping));
393
394 if (!page) {
395 error = -ENOMEM;
396 break;
397 }
398 page_cache_release(pages[page_nr]);
399 pages[page_nr] = page;
7480a904
JA		 400 }
401 /*
402 * page was already under io and is now done, great
403 */
404 if (PageUptodate(page)) {
405 unlock_page(page);
406 goto fill_it;
407 }
5274f052 408
7480a904
JA		 409 /*
410 * need to read in the page
411 */
412 error = mapping->a_ops->readpage(in, page);
5274f052 413 if (unlikely(error)) {
eb20796b
JA		 414 /*
415 * We really should re-lookup the page here,
416 * but it complicates things a lot. Instead
417 * lets just do what we already stored, and
418 * we'll get it the next time we are called.
419 */
7480a904 420 if (error == AOP_TRUNCATED_PAGE)
eb20796b
JA		 421 error = 0;
422
5274f052
JA		 423 break;
424 }
620a324b
JA		 425 }
426fill_it:
427 /*
428 * i_size must be checked after PageUptodate.
429 */
430 isize = i_size_read(mapping->host);
431 end_index = (isize - 1) >> PAGE_CACHE_SHIFT;
432 if (unlikely(!isize || index > end_index))
433 break;
434
435 /*
436 * if this is the last page, see if we need to shrink
437 * the length and stop
438 */
439 if (end_index == index) {
440 unsigned int plen;
91ad66ef
JA		 441
442 /*
620a324b 443 * max good bytes in this page
91ad66ef 444 */
620a324b
JA		 445 plen = ((isize - 1) & ~PAGE_CACHE_MASK) + 1;
446 if (plen <= loff)
91ad66ef 447 break;
91ad66ef
JA		 448
449 /*
620a324b 450 * force quit after adding this page
91ad66ef 451 */
620a324b
JA		 452 this_len = min(this_len, plen - loff);
453 len = this_len;
5274f052 454 }
620a324b 455
eb20796b
JA		 456 partial[page_nr].offset = loff;
457 partial[page_nr].len = this_len;
82aa5d61 458 len -= this_len;
91ad66ef 459 loff = 0;
eb20796b
JA		 460 spd.nr_pages++;
461 index++;
5274f052
JA		 462 }
463
eb20796b 464 /*
475ecade 465 * Release any pages at the end, if we quit early. 'page_nr' is how far
eb20796b
JA		 466 * we got, 'nr_pages' is how many pages are in the map.
467 */
468 while (page_nr < nr_pages)
469 page_cache_release(pages[page_nr++]);
f4e6b498 470 in->f_ra.prev_pos = (loff_t)index << PAGE_CACHE_SHIFT;
eb20796b 471
912d35f8 472 if (spd.nr_pages)
00522fb4 473 return splice_to_pipe(pipe, &spd);
5274f052 474
7480a904 475 return error;
5274f052
JA		 476}
477
83f9135b
JA		 478/**
479 * generic_file_splice_read - splice data from file to a pipe
480 * @in: file to splice from
932cc6d4 481 * @ppos: position in @in
83f9135b
JA		 482 * @pipe: pipe to splice to
483 * @len: number of bytes to splice
484 * @flags: splice modifier flags
485 *
932cc6d4
JA		 486 * Description:
487 * Will read pages from given file and fill them into a pipe. Can be
488 * used as long as the address_space operations for the source implements
489 * a readpage() hook.
490 *
83f9135b 491 */
cbb7e577
JA		 492ssize_t generic_file_splice_read(struct file *in, loff_t *ppos,
493 struct pipe_inode_info *pipe, size_t len,
494 unsigned int flags)
5274f052 495{
d366d398 496 loff_t isize, left;
8191ecd1 497 int ret;
d366d398
JA		 498
499 isize = i_size_read(in->f_mapping->host);
500 if (unlikely(*ppos >= isize))
501 return 0;
502
503 left = isize - *ppos;
504 if (unlikely(left < len))
505 len = left;
5274f052 506
8191ecd1
JA		 507 ret = __generic_file_splice_read(in, ppos, pipe, len, flags);
508 if (ret > 0)
cbb7e577 509 *ppos += ret;
5274f052
JA		 510
511 return ret;
512}
513
059a8f37
JA		 514EXPORT_SYMBOL(generic_file_splice_read);
515
5274f052 516/*
4f6f0bd2 517 * Send 'sd->len' bytes to socket from 'sd->file' at position 'sd->pos'
016b661e 518 * using sendpage(). Return the number of bytes sent.
5274f052 519 */
76ad4d11 520static int pipe_to_sendpage(struct pipe_inode_info *pipe,
5274f052
JA		 521 struct pipe_buffer *buf, struct splice_desc *sd)
522{
6a14b90b 523 struct file *file = sd->u.file;
5274f052 524 loff_t pos = sd->pos;
f84d7519 525 int ret, more;
5274f052 526
cac36bb0 527 ret = buf->ops->confirm(pipe, buf);
f84d7519
JA		 528 if (!ret) {
529 more = (sd->flags & SPLICE_F_MORE) || sd->len < sd->total_len;
5274f052 530
f84d7519
JA		 531 ret = file->f_op->sendpage(file, buf->page, buf->offset,
532 sd->len, &pos, more);
533 }
5274f052 534
016b661e 535 return ret;
5274f052
JA		 536}
537
538/*
539 * This is a little more tricky than the file -> pipe splicing. There are
540 * basically three cases:
541 *
542 * - Destination page already exists in the address space and there
543 * are users of it. For that case we have no other option that
544 * copying the data. Tough luck.
545 * - Destination page already exists in the address space, but there
546 * are no users of it. Make sure it's uptodate, then drop it. Fall
547 * through to last case.
548 * - Destination page does not exist, we can add the pipe page to
549 * the page cache and avoid the copy.
550 *
83f9135b
JA		 551 * If asked to move pages to the output file (SPLICE_F_MOVE is set in
552 * sd->flags), we attempt to migrate pages from the pipe to the output
553 * file address space page cache. This is possible if no one else has
554 * the pipe page referenced outside of the pipe and page cache. If
555 * SPLICE_F_MOVE isn't set, or we cannot move the page, we simply create
556 * a new page in the output file page cache and fill/dirty that.
5274f052 557 */
76ad4d11 558static int pipe_to_file(struct pipe_inode_info *pipe, struct pipe_buffer *buf,
5274f052
JA		 559 struct splice_desc *sd)
560{
6a14b90b 561 struct file *file = sd->u.file;
5274f052 562 struct address_space *mapping = file->f_mapping;
016b661e 563 unsigned int offset, this_len;
5274f052 564 struct page *page;
afddba49 565 void *fsdata;
3e7ee3e7 566 int ret;
5274f052
JA		 567
568 /*
49d0b21b 569 * make sure the data in this buffer is uptodate
5274f052 570 */
cac36bb0 571 ret = buf->ops->confirm(pipe, buf);
f84d7519
JA		 572 if (unlikely(ret))
573 return ret;
5274f052 574
5274f052
JA		 575 offset = sd->pos & ~PAGE_CACHE_MASK;
576
016b661e
JA		 577 this_len = sd->len;
578 if (this_len + offset > PAGE_CACHE_SIZE)
579 this_len = PAGE_CACHE_SIZE - offset;
580
afddba49
NP		 581 ret = pagecache_write_begin(file, mapping, sd->pos, this_len,
582 AOP_FLAG_UNINTERRUPTIBLE, &page, &fsdata);
583 if (unlikely(ret))
584 goto out;
5274f052 585
0568b409 586 if (buf->page != page) {
f84d7519
JA		 587 /*
588 * Careful, ->map() uses KM_USER0!
589 */
76ad4d11 590 char *src = buf->ops->map(pipe, buf, 1);
f84d7519 591 char *dst = kmap_atomic(page, KM_USER1);
5abc97aa 592
016b661e 593 memcpy(dst + offset, src + buf->offset, this_len);
5abc97aa 594 flush_dcache_page(page);
f84d7519 595 kunmap_atomic(dst, KM_USER1);
76ad4d11 596 buf->ops->unmap(pipe, buf, src);
5abc97aa 597 }
afddba49
NP		 598 ret = pagecache_write_end(file, mapping, sd->pos, this_len, this_len,
599 page, fsdata);
5274f052 600out:
5274f052
JA		 601 return ret;
602}
603
b3c2d2dd
MS		 604static void wakeup_pipe_writers(struct pipe_inode_info *pipe)
605{
606 smp_mb();
607 if (waitqueue_active(&pipe->wait))
608 wake_up_interruptible(&pipe->wait);
609 kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
610}
611
932cc6d4 612/**
b3c2d2dd 613 * splice_from_pipe_feed - feed available data from a pipe to a file
932cc6d4
JA		 614 * @pipe: pipe to splice from
615 * @sd: information to @actor
616 * @actor: handler that splices the data
617 *
618 * Description:
b3c2d2dd
MS		 619
620 * This function loops over the pipe and calls @actor to do the
621 * actual moving of a single struct pipe_buffer to the desired
622 * destination. It returns when there's no more buffers left in
623 * the pipe or if the requested number of bytes (@sd->total_len)
624 * have been copied. It returns a positive number (one) if the
625 * pipe needs to be filled with more data, zero if the required
626 * number of bytes have been copied and -errno on error.
932cc6d4 627 *
b3c2d2dd
MS		 628 * This, together with splice_from_pipe_{begin,end,next}, may be
629 * used to implement the functionality of __splice_from_pipe() when
630 * locking is required around copying the pipe buffers to the
631 * destination.
83f9135b 632 */
b3c2d2dd
MS		 633int splice_from_pipe_feed(struct pipe_inode_info *pipe, struct splice_desc *sd,
634 splice_actor *actor)
5274f052 635{
b3c2d2dd 636 int ret;
5274f052 637
b3c2d2dd
MS		 638 while (pipe->nrbufs) {
639 struct pipe_buffer *buf = pipe->bufs + pipe->curbuf;
640 const struct pipe_buf_operations *ops = buf->ops;
5274f052 641
b3c2d2dd
MS		 642 sd->len = buf->len;
643 if (sd->len > sd->total_len)
644 sd->len = sd->total_len;
5274f052 645
b3c2d2dd
MS		 646 ret = actor(pipe, buf, sd);
647 if (ret <= 0) {
648 if (ret == -ENODATA)
649 ret = 0;
650 return ret;
651 }
652 buf->offset += ret;
653 buf->len -= ret;
654
655 sd->num_spliced += ret;
656 sd->len -= ret;
657 sd->pos += ret;
658 sd->total_len -= ret;
659
660 if (!buf->len) {
661 buf->ops = NULL;
662 ops->release(pipe, buf);
663 pipe->curbuf = (pipe->curbuf + 1) & (PIPE_BUFFERS - 1);
664 pipe->nrbufs--;
665 if (pipe->inode)
666 sd->need_wakeup = true;
667 }
5274f052 668
b3c2d2dd
MS		 669 if (!sd->total_len)
670 return 0;
671 }
5274f052 672
b3c2d2dd
MS		 673 return 1;
674}
675EXPORT_SYMBOL(splice_from_pipe_feed);
5274f052 676
b3c2d2dd
MS		 677/**
678 * splice_from_pipe_next - wait for some data to splice from
679 * @pipe: pipe to splice from
680 * @sd: information about the splice operation
681 *
682 * Description:
683 * This function will wait for some data and return a positive
684 * value (one) if pipe buffers are available. It will return zero
685 * or -errno if no more data needs to be spliced.
686 */
687int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_desc *sd)
688{
689 while (!pipe->nrbufs) {
690 if (!pipe->writers)
691 return 0;
016b661e 692
b3c2d2dd
MS		 693 if (!pipe->waiting_writers && sd->num_spliced)
694 return 0;
73d62d83 695
b3c2d2dd
MS		 696 if (sd->flags & SPLICE_F_NONBLOCK)
697 return -EAGAIN;
5274f052 698
b3c2d2dd
MS		 699 if (signal_pending(current))
700 return -ERESTARTSYS;
5274f052 701
b3c2d2dd
MS		 702 if (sd->need_wakeup) {
703 wakeup_pipe_writers(pipe);
704 sd->need_wakeup = false;
5274f052
JA		 705 }
706
b3c2d2dd
MS		 707 pipe_wait(pipe);
708 }
29e35094 709
b3c2d2dd
MS		 710 return 1;
711}
712EXPORT_SYMBOL(splice_from_pipe_next);
5274f052 713
b3c2d2dd
MS		 714/**
715 * splice_from_pipe_begin - start splicing from pipe
716 * @pipe: pipe to splice from
717 *
718 * Description:
719 * This function should be called before a loop containing
720 * splice_from_pipe_next() and splice_from_pipe_feed() to
721 * initialize the necessary fields of @sd.
722 */
723void splice_from_pipe_begin(struct splice_desc *sd)
724{
725 sd->num_spliced = 0;
726 sd->need_wakeup = false;
727}
728EXPORT_SYMBOL(splice_from_pipe_begin);
5274f052 729
b3c2d2dd
MS		 730/**
731 * splice_from_pipe_end - finish splicing from pipe
732 * @pipe: pipe to splice from
733 * @sd: information about the splice operation
734 *
735 * Description:
736 * This function will wake up pipe writers if necessary. It should
737 * be called after a loop containing splice_from_pipe_next() and
738 * splice_from_pipe_feed().
739 */
740void splice_from_pipe_end(struct pipe_inode_info *pipe, struct splice_desc *sd)
741{
742 if (sd->need_wakeup)
743 wakeup_pipe_writers(pipe);
744}
745EXPORT_SYMBOL(splice_from_pipe_end);
5274f052 746
b3c2d2dd
MS		 747/**
748 * __splice_from_pipe - splice data from a pipe to given actor
749 * @pipe: pipe to splice from
750 * @sd: information to @actor
751 * @actor: handler that splices the data
752 *
753 * Description:
754 * This function does little more than loop over the pipe and call
755 * @actor to do the actual moving of a single struct pipe_buffer to
756 * the desired destination. See pipe_to_file, pipe_to_sendpage, or
757 * pipe_to_user.
758 *
759 */
760ssize_t __splice_from_pipe(struct pipe_inode_info *pipe, struct splice_desc *sd,
761 splice_actor *actor)
762{
763 int ret;
5274f052 764
b3c2d2dd
MS		 765 splice_from_pipe_begin(sd);
766 do {
767 ret = splice_from_pipe_next(pipe, sd);
768 if (ret > 0)
769 ret = splice_from_pipe_feed(pipe, sd, actor);
770 } while (ret > 0);
771 splice_from_pipe_end(pipe, sd);
772
773 return sd->num_spliced ? sd->num_spliced : ret;
5274f052 774}
40bee44e 775EXPORT_SYMBOL(__splice_from_pipe);
5274f052 776
932cc6d4
JA		 777/**
778 * splice_from_pipe - splice data from a pipe to a file
779 * @pipe: pipe to splice from
780 * @out: file to splice to
781 * @ppos: position in @out
782 * @len: how many bytes to splice
783 * @flags: splice modifier flags
784 * @actor: handler that splices the data
785 *
786 * Description:
2933970b 787 * See __splice_from_pipe. This function locks the pipe inode,
932cc6d4
JA		 788 * otherwise it's identical to __splice_from_pipe().
789 *
790 */
6da61809
MF		 791ssize_t splice_from_pipe(struct pipe_inode_info *pipe, struct file *out,
792 loff_t *ppos, size_t len, unsigned int flags,
793 splice_actor *actor)
794{
795 ssize_t ret;
c66ab6fa
JA		 796 struct splice_desc sd = {
797 .total_len = len,
798 .flags = flags,
799 .pos = *ppos,
6a14b90b 800 .u.file = out,
c66ab6fa 801 };
6da61809 802
7bfac9ec 803 if (pipe->inode)
2933970b 804 mutex_lock(&pipe->inode->i_mutex);
c66ab6fa 805 ret = __splice_from_pipe(pipe, &sd, actor);
7bfac9ec
MS		 806 if (pipe->inode)
807 mutex_unlock(&pipe->inode->i_mutex);
6da61809
MF		 808
809 return ret;
810}
811
812/**
813 * generic_file_splice_write_nolock - generic_file_splice_write without mutexes
814 * @pipe: pipe info
815 * @out: file to write to
932cc6d4 816 * @ppos: position in @out
6da61809
MF		 817 * @len: number of bytes to splice
818 * @flags: splice modifier flags
819 *
932cc6d4
JA		 820 * Description:
821 * Will either move or copy pages (determined by @flags options) from
822 * the given pipe inode to the given file. The caller is responsible
823 * for acquiring i_mutex on both inodes.
6da61809
MF		 824 *
825 */
826ssize_t
827generic_file_splice_write_nolock(struct pipe_inode_info *pipe, struct file *out,
828 loff_t *ppos, size_t len, unsigned int flags)
829{
830 struct address_space *mapping = out->f_mapping;
831 struct inode *inode = mapping->host;
c66ab6fa
JA		 832 struct splice_desc sd = {
833 .total_len = len,
834 .flags = flags,
835 .pos = *ppos,
6a14b90b 836 .u.file = out,
c66ab6fa 837 };
6da61809
MF		 838 ssize_t ret;
839 int err;
840
2f1936b8 841 err = file_remove_suid(out);
8c34e2d6
JA		 842 if (unlikely(err))
843 return err;
844
c66ab6fa 845 ret = __splice_from_pipe(pipe, &sd, pipe_to_file);
6da61809 846 if (ret > 0) {
17ee4f49
JA		 847 unsigned long nr_pages;
848
6da61809 849 *ppos += ret;
17ee4f49 850 nr_pages = (ret + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
6da61809
MF		 851
852 /*
853 * If file or inode is SYNC and we actually wrote some data,
854 * sync it.
855 */
856 if (unlikely((out->f_flags & O_SYNC) || IS_SYNC(inode))) {
857 err = generic_osync_inode(inode, mapping,
858 OSYNC_METADATA|OSYNC_DATA);
859
860 if (err)
861 ret = err;
862 }
17ee4f49 863 balance_dirty_pages_ratelimited_nr(mapping, nr_pages);
6da61809
MF		 864 }
865
866 return ret;
867}
868
869EXPORT_SYMBOL(generic_file_splice_write_nolock);
870
83f9135b
JA		 871/**
872 * generic_file_splice_write - splice data from a pipe to a file
3a326a2c 873 * @pipe: pipe info
83f9135b 874 * @out: file to write to
932cc6d4 875 * @ppos: position in @out
83f9135b
JA		 876 * @len: number of bytes to splice
877 * @flags: splice modifier flags
878 *
932cc6d4
JA		 879 * Description:
880 * Will either move or copy pages (determined by @flags options) from
881 * the given pipe inode to the given file.
83f9135b
JA		 882 *
883 */
3a326a2c
IM		 884ssize_t
885generic_file_splice_write(struct pipe_inode_info *pipe, struct file *out,
cbb7e577 886 loff_t *ppos, size_t len, unsigned int flags)
5274f052 887{
4f6f0bd2 888 struct address_space *mapping = out->f_mapping;
8c34e2d6 889 struct inode *inode = mapping->host;
7f3d4ee1
MS		 890 struct splice_desc sd = {
891 .total_len = len,
892 .flags = flags,
893 .pos = *ppos,
894 .u.file = out,
895 };
3a326a2c
IM		 896 ssize_t ret;
897
eb443e5a
MS		 898 if (pipe->inode)
899 mutex_lock_nested(&pipe->inode->i_mutex, I_MUTEX_PARENT);
900
901 splice_from_pipe_begin(&sd);
902 do {
903 ret = splice_from_pipe_next(pipe, &sd);
904 if (ret <= 0)
905 break;
906
907 mutex_lock_nested(&inode->i_mutex, I_MUTEX_CHILD);
908 ret = file_remove_suid(out);
909 if (!ret)
910 ret = splice_from_pipe_feed(pipe, &sd, pipe_to_file);
911 mutex_unlock(&inode->i_mutex);
912 } while (ret > 0);
913 splice_from_pipe_end(pipe, &sd);
914
915 if (pipe->inode)
916 mutex_unlock(&pipe->inode->i_mutex);
917
918 if (sd.num_spliced)
919 ret = sd.num_spliced;
920
a4514ebd 921 if (ret > 0) {
17ee4f49
JA		 922 unsigned long nr_pages;
923
a4514ebd 924 *ppos += ret;
17ee4f49 925 nr_pages = (ret + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
a4514ebd
JA		 926
927 /*
928 * If file or inode is SYNC and we actually wrote some data,
929 * sync it.
930 */
931 if (unlikely((out->f_flags & O_SYNC) || IS_SYNC(inode))) {
7f3d4ee1
MS		 932 int err;
933
a4514ebd
JA		 934 mutex_lock(&inode->i_mutex);
935 err = generic_osync_inode(inode, mapping,
936 OSYNC_METADATA|OSYNC_DATA);
937 mutex_unlock(&inode->i_mutex);
4f6f0bd2 938
a4514ebd
JA		 939 if (err)
940 ret = err;
941 }
17ee4f49 942 balance_dirty_pages_ratelimited_nr(mapping, nr_pages);
4f6f0bd2
JA		 943 }
944
945 return ret;
5274f052
JA		 946}
947
059a8f37
JA		 948EXPORT_SYMBOL(generic_file_splice_write);
949
83f9135b
JA		 950/**
951 * generic_splice_sendpage - splice data from a pipe to a socket
932cc6d4 952 * @pipe: pipe to splice from
83f9135b 953 * @out: socket to write to
932cc6d4 954 * @ppos: position in @out
83f9135b
JA		 955 * @len: number of bytes to splice
956 * @flags: splice modifier flags
957 *
932cc6d4
JA		 958 * Description:
959 * Will send @len bytes from the pipe to a network socket. No data copying
960 * is involved.
83f9135b
JA		 961 *
962 */
3a326a2c 963ssize_t generic_splice_sendpage(struct pipe_inode_info *pipe, struct file *out,
cbb7e577 964 loff_t *ppos, size_t len, unsigned int flags)
5274f052 965{
00522fb4 966 return splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_sendpage);
5274f052
JA		 967}
968
059a8f37 969EXPORT_SYMBOL(generic_splice_sendpage);
a0f06780 970
83f9135b
JA		 971/*
972 * Attempt to initiate a splice from pipe to file.
973 */
3a326a2c 974static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
cbb7e577 975 loff_t *ppos, size_t len, unsigned int flags)
5274f052 976{
5274f052
JA		 977 int ret;
978
49570e9b 979 if (unlikely(!out->f_op || !out->f_op->splice_write))
5274f052
JA		 980 return -EINVAL;
981
49570e9b 982 if (unlikely(!(out->f_mode & FMODE_WRITE)))
5274f052
JA		 983 return -EBADF;
984
efc968d4
LT		 985 if (unlikely(out->f_flags & O_APPEND))
986 return -EINVAL;
987
cbb7e577 988 ret = rw_verify_area(WRITE, out, ppos, len);
5274f052
JA		 989 if (unlikely(ret < 0))
990 return ret;
991
cbb7e577 992 return out->f_op->splice_write(pipe, out, ppos, len, flags);
5274f052
JA		 993}
994
83f9135b
JA		 995/*
996 * Attempt to initiate a splice from a file to a pipe.
997 */
cbb7e577
JA		 998static long do_splice_to(struct file *in, loff_t *ppos,
999 struct pipe_inode_info *pipe, size_t len,
1000 unsigned int flags)
5274f052 1001{
5274f052
JA		 1002 int ret;
1003
49570e9b 1004 if (unlikely(!in->f_op || !in->f_op->splice_read))
5274f052
JA		 1005 return -EINVAL;
1006
49570e9b 1007 if (unlikely(!(in->f_mode & FMODE_READ)))
5274f052
JA		 1008 return -EBADF;
1009
cbb7e577 1010 ret = rw_verify_area(READ, in, ppos, len);
5274f052
JA		 1011 if (unlikely(ret < 0))
1012 return ret;
1013
cbb7e577 1014 return in->f_op->splice_read(in, ppos, pipe, len, flags);
5274f052
JA		 1015}
1016
932cc6d4
JA		 1017/**
1018 * splice_direct_to_actor - splices data directly between two non-pipes
1019 * @in: file to splice from
1020 * @sd: actor information on where to splice to
1021 * @actor: handles the data splicing
1022 *
1023 * Description:
1024 * This is a special case helper to splice directly between two
1025 * points, without requiring an explicit pipe. Internally an allocated
79685b8d 1026 * pipe is cached in the process, and reused during the lifetime of
932cc6d4
JA		 1027 * that process.
1028 *
c66ab6fa
JA		 1029 */
1030ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
1031 splice_direct_actor *actor)
b92ce558
JA		 1032{
1033 struct pipe_inode_info *pipe;
1034 long ret, bytes;
1035 umode_t i_mode;
c66ab6fa
JA		 1036 size_t len;
1037 int i, flags;
b92ce558
JA		 1038
1039 /*
1040 * We require the input being a regular file, as we don't want to
1041 * randomly drop data for eg socket -> socket splicing. Use the
1042 * piped splicing for that!
1043 */
0f7fc9e4 1044 i_mode = in->f_path.dentry->d_inode->i_mode;
b92ce558
JA		 1045 if (unlikely(!S_ISREG(i_mode) && !S_ISBLK(i_mode)))
1046 return -EINVAL;
1047
1048 /*
1049 * neither in nor out is a pipe, setup an internal pipe attached to
1050 * 'out' and transfer the wanted data from 'in' to 'out' through that
1051 */
1052 pipe = current->splice_pipe;
49570e9b 1053 if (unlikely(!pipe)) {
b92ce558
JA		 1054 pipe = alloc_pipe_info(NULL);
1055 if (!pipe)
1056 return -ENOMEM;
1057
1058 /*
1059 * We don't have an immediate reader, but we'll read the stuff
00522fb4 1060 * out of the pipe right after the splice_to_pipe(). So set
b92ce558
JA		 1061 * PIPE_READERS appropriately.
1062 */
1063 pipe->readers = 1;
1064
1065 current->splice_pipe = pipe;
1066 }
1067
1068 /*
73d62d83 1069 * Do the splice.
b92ce558
JA		 1070 */
1071 ret = 0;
1072 bytes = 0;
c66ab6fa
JA		 1073 len = sd->total_len;
1074 flags = sd->flags;
1075
1076 /*
1077 * Don't block on output, we have to drain the direct pipe.
1078 */
1079 sd->flags &= ~SPLICE_F_NONBLOCK;
b92ce558
JA		 1080
1081 while (len) {
51a92c0f 1082 size_t read_len;
a82c53a0 1083 loff_t pos = sd->pos, prev_pos = pos;
b92ce558 1084
bcd4f3ac 1085 ret = do_splice_to(in, &pos, pipe, len, flags);
51a92c0f 1086 if (unlikely(ret <= 0))
b92ce558
JA		 1087 goto out_release;
1088
1089 read_len = ret;
c66ab6fa 1090 sd->total_len = read_len;
b92ce558
JA		 1091
1092 /*
1093 * NOTE: nonblocking mode only applies to the input. We
1094 * must not do the output in nonblocking mode as then we
1095 * could get stuck data in the internal pipe:
1096 */
c66ab6fa 1097 ret = actor(pipe, sd);
a82c53a0
TZ		 1098 if (unlikely(ret <= 0)) {
1099 sd->pos = prev_pos;
b92ce558 1100 goto out_release;
a82c53a0 1101 }
b92ce558
JA		 1102
1103 bytes += ret;
1104 len -= ret;
bcd4f3ac 1105 sd->pos = pos;
b92ce558 1106
a82c53a0
TZ		 1107 if (ret < read_len) {
1108 sd->pos = prev_pos + ret;
51a92c0f 1109 goto out_release;
a82c53a0 1110 }
b92ce558
JA		 1111 }
1112
9e97198d 1113done:
b92ce558 1114 pipe->nrbufs = pipe->curbuf = 0;
80848708 1115 file_accessed(in);
b92ce558
JA		 1116 return bytes;
1117
1118out_release:
1119 /*
1120 * If we did an incomplete transfer we must release
1121 * the pipe buffers in question:
1122 */
1123 for (i = 0; i < PIPE_BUFFERS; i++) {
1124 struct pipe_buffer *buf = pipe->bufs + i;
1125
1126 if (buf->ops) {
1127 buf->ops->release(pipe, buf);
1128 buf->ops = NULL;
1129 }
1130 }
b92ce558 1131
9e97198d
JA		 1132 if (!bytes)
1133 bytes = ret;
c66ab6fa 1134
9e97198d 1135 goto done;
c66ab6fa
JA		 1136}
1137EXPORT_SYMBOL(splice_direct_to_actor);
1138
1139static int direct_splice_actor(struct pipe_inode_info *pipe,
1140 struct splice_desc *sd)
1141{
6a14b90b 1142 struct file *file = sd->u.file;
c66ab6fa
JA		 1143
1144 return do_splice_from(pipe, file, &sd->pos, sd->total_len, sd->flags);
1145}
1146
932cc6d4
JA		 1147/**
1148 * do_splice_direct - splices data directly between two files
1149 * @in: file to splice from
1150 * @ppos: input file offset
1151 * @out: file to splice to
1152 * @len: number of bytes to splice
1153 * @flags: splice modifier flags
1154 *
1155 * Description:
1156 * For use by do_sendfile(). splice can easily emulate sendfile, but
1157 * doing it in the application would incur an extra system call
1158 * (splice in + splice out, as compared to just sendfile()). So this helper
1159 * can splice directly through a process-private pipe.
1160 *
1161 */
c66ab6fa
JA		 1162long do_splice_direct(struct file *in, loff_t *ppos, struct file *out,
1163 size_t len, unsigned int flags)
1164{
1165 struct splice_desc sd = {
1166 .len = len,
1167 .total_len = len,
1168 .flags = flags,
1169 .pos = *ppos,
6a14b90b 1170 .u.file = out,
c66ab6fa 1171 };
51a92c0f 1172 long ret;
c66ab6fa
JA		 1173
1174 ret = splice_direct_to_actor(in, &sd, direct_splice_actor);
51a92c0f 1175 if (ret > 0)
a82c53a0 1176 *ppos = sd.pos;
51a92c0f 1177
c66ab6fa 1178 return ret;
b92ce558
JA		 1179}
1180
ddac0d39
JA		 1181/*
1182 * After the inode slimming patch, i_pipe/i_bdev/i_cdev share the same
1183 * location, so checking ->i_pipe is not enough to verify that this is a
1184 * pipe.
1185 */
1186static inline struct pipe_inode_info *pipe_info(struct inode *inode)
1187{
1188 if (S_ISFIFO(inode->i_mode))
1189 return inode->i_pipe;
1190
1191 return NULL;
1192}
1193
83f9135b
JA		 1194/*
1195 * Determine where to splice to/from.
1196 */
529565dc
IM		 1197static long do_splice(struct file *in, loff_t __user *off_in,
1198 struct file *out, loff_t __user *off_out,
1199 size_t len, unsigned int flags)
5274f052 1200{
3a326a2c 1201 struct pipe_inode_info *pipe;
cbb7e577 1202 loff_t offset, *off;
a4514ebd 1203 long ret;
5274f052 1204
0f7fc9e4 1205 pipe = pipe_info(in->f_path.dentry->d_inode);
529565dc
IM		 1206 if (pipe) {
1207 if (off_in)
1208 return -ESPIPE;
b92ce558
JA		 1209 if (off_out) {
1210 if (out->f_op->llseek == no_llseek)
1211 return -EINVAL;
cbb7e577 1212 if (copy_from_user(&offset, off_out, sizeof(loff_t)))
b92ce558 1213 return -EFAULT;
cbb7e577
JA		 1214 off = &offset;
1215 } else
1216 off = &out->f_pos;
529565dc 1217
a4514ebd
JA		 1218 ret = do_splice_from(pipe, out, off, len, flags);
1219
1220 if (off_out && copy_to_user(off_out, off, sizeof(loff_t)))
1221 ret = -EFAULT;
1222
1223 return ret;
529565dc 1224 }
5274f052 1225
0f7fc9e4 1226 pipe = pipe_info(out->f_path.dentry->d_inode);
529565dc
IM		 1227 if (pipe) {
1228 if (off_out)
1229 return -ESPIPE;
b92ce558
JA		 1230 if (off_in) {
1231 if (in->f_op->llseek == no_llseek)
1232 return -EINVAL;
cbb7e577 1233 if (copy_from_user(&offset, off_in, sizeof(loff_t)))
b92ce558 1234 return -EFAULT;
cbb7e577
JA		 1235 off = &offset;
1236 } else
1237 off = &in->f_pos;
529565dc 1238
a4514ebd
JA		 1239 ret = do_splice_to(in, off, pipe, len, flags);
1240
1241 if (off_in && copy_to_user(off_in, off, sizeof(loff_t)))
1242 ret = -EFAULT;
1243
1244 return ret;
529565dc 1245 }
5274f052
JA		 1246
1247 return -EINVAL;
1248}
1249
912d35f8
JA		 1250/*
1251 * Map an iov into an array of pages and offset/length tupples. With the
1252 * partial_page structure, we can map several non-contiguous ranges into
1253 * our ones pages[] map instead of splitting that operation into pieces.
1254 * Could easily be exported as a generic helper for other users, in which
1255 * case one would probably want to add a 'max_nr_pages' parameter as well.
1256 */
1257static int get_iovec_page_array(const struct iovec __user *iov,
1258 unsigned int nr_vecs, struct page **pages,
7afa6fd0 1259 struct partial_page *partial, int aligned)
912d35f8
JA		 1260{
1261 int buffers = 0, error = 0;
1262
912d35f8
JA		 1263 while (nr_vecs) {
1264 unsigned long off, npages;
75723957 1265 struct iovec entry;
912d35f8
JA		 1266 void __user *base;
1267 size_t len;
1268 int i;
1269
75723957 1270 error = -EFAULT;
bc40d73c 1271 if (copy_from_user(&entry, iov, sizeof(entry)))
912d35f8
JA		 1272 break;
1273
75723957
LT		 1274 base = entry.iov_base;
1275 len = entry.iov_len;
1276
912d35f8
JA		 1277 /*
1278 * Sanity check this iovec. 0 read succeeds.
1279 */
75723957 1280 error = 0;
912d35f8
JA		 1281 if (unlikely(!len))
1282 break;
1283 error = -EFAULT;
712a30e6 1284 if (!access_ok(VERIFY_READ, base, len))
912d35f8
JA		 1285 break;
1286
1287 /*
1288 * Get this base offset and number of pages, then map
1289 * in the user pages.
1290 */
1291 off = (unsigned long) base & ~PAGE_MASK;
7afa6fd0
JA		 1292
1293 /*
1294 * If asked for alignment, the offset must be zero and the
1295 * length a multiple of the PAGE_SIZE.
1296 */
1297 error = -EINVAL;
1298 if (aligned && (off || len & ~PAGE_MASK))
1299 break;
1300
912d35f8
JA		 1301 npages = (off + len + PAGE_SIZE - 1) >> PAGE_SHIFT;
1302 if (npages > PIPE_BUFFERS - buffers)
1303 npages = PIPE_BUFFERS - buffers;
1304
bc40d73c
NP		 1305 error = get_user_pages_fast((unsigned long)base, npages,
1306 0, &pages[buffers]);
912d35f8
JA		 1307
1308 if (unlikely(error <= 0))
1309 break;
1310
1311 /*
1312 * Fill this contiguous range into the partial page map.
1313 */
1314 for (i = 0; i < error; i++) {
7591489a 1315 const int plen = min_t(size_t, len, PAGE_SIZE - off);
912d35f8
JA		 1316
1317 partial[buffers].offset = off;
1318 partial[buffers].len = plen;
1319
1320 off = 0;
1321 len -= plen;
1322 buffers++;
1323 }
1324
1325 /*
1326 * We didn't complete this iov, stop here since it probably
1327 * means we have to move some of this into a pipe to
1328 * be able to continue.
1329 */
1330 if (len)
1331 break;
1332
1333 /*
1334 * Don't continue if we mapped fewer pages than we asked for,
1335 * or if we mapped the max number of pages that we have
1336 * room for.
1337 */
1338 if (error < npages || buffers == PIPE_BUFFERS)
1339 break;
1340
1341 nr_vecs--;
1342 iov++;
1343 }
1344
912d35f8
JA		 1345 if (buffers)
1346 return buffers;
1347
1348 return error;
1349}
1350
6a14b90b
JA		 1351static int pipe_to_user(struct pipe_inode_info *pipe, struct pipe_buffer *buf,
1352 struct splice_desc *sd)
1353{
1354 char *src;
1355 int ret;
1356
cac36bb0 1357 ret = buf->ops->confirm(pipe, buf);
6a14b90b
JA		 1358 if (unlikely(ret))
1359 return ret;
1360
1361 /*
1362 * See if we can use the atomic maps, by prefaulting in the
1363 * pages and doing an atomic copy
1364 */
1365 if (!fault_in_pages_writeable(sd->u.userptr, sd->len)) {
1366 src = buf->ops->map(pipe, buf, 1);
1367 ret = __copy_to_user_inatomic(sd->u.userptr, src + buf->offset,
1368 sd->len);
1369 buf->ops->unmap(pipe, buf, src);
1370 if (!ret) {
1371 ret = sd->len;
1372 goto out;
1373 }
1374 }
1375
1376 /*
1377 * No dice, use slow non-atomic map and copy
1378 */
1379 src = buf->ops->map(pipe, buf, 0);
1380
1381 ret = sd->len;
1382 if (copy_to_user(sd->u.userptr, src + buf->offset, sd->len))
1383 ret = -EFAULT;
1384
6866bef4 1385 buf->ops->unmap(pipe, buf, src);
6a14b90b
JA		 1386out:
1387 if (ret > 0)
1388 sd->u.userptr += ret;
6a14b90b
JA		 1389 return ret;
1390}
1391
1392/*
1393 * For lack of a better implementation, implement vmsplice() to userspace
1394 * as a simple copy of the pipes pages to the user iov.
1395 */
1396static long vmsplice_to_user(struct file *file, const struct iovec __user *iov,
1397 unsigned long nr_segs, unsigned int flags)
1398{
1399 struct pipe_inode_info *pipe;
1400 struct splice_desc sd;
1401 ssize_t size;
1402 int error;
1403 long ret;
1404
1405 pipe = pipe_info(file->f_path.dentry->d_inode);
1406 if (!pipe)
1407 return -EBADF;
1408
1409 if (pipe->inode)
1410 mutex_lock(&pipe->inode->i_mutex);
1411
1412 error = ret = 0;
1413 while (nr_segs) {
1414 void __user *base;
1415 size_t len;
1416
1417 /*
1418 * Get user address base and length for this iovec.
1419 */
1420 error = get_user(base, &iov->iov_base);
1421 if (unlikely(error))
1422 break;
1423 error = get_user(len, &iov->iov_len);
1424 if (unlikely(error))
1425 break;
1426
1427 /*
1428 * Sanity check this iovec. 0 read succeeds.
1429 */
1430 if (unlikely(!len))
1431 break;
1432 if (unlikely(!base)) {
1433 error = -EFAULT;
1434 break;
1435 }
1436
8811930d
JA		 1437 if (unlikely(!access_ok(VERIFY_WRITE, base, len))) {
1438 error = -EFAULT;
1439 break;
1440 }
1441
6a14b90b
JA		 1442 sd.len = 0;
1443 sd.total_len = len;
1444 sd.flags = flags;
1445 sd.u.userptr = base;
1446 sd.pos = 0;
1447
1448 size = __splice_from_pipe(pipe, &sd, pipe_to_user);
1449 if (size < 0) {
1450 if (!ret)
1451 ret = size;
1452
1453 break;
1454 }
1455
1456 ret += size;
1457
1458 if (size < len)
1459 break;
1460
1461 nr_segs--;
1462 iov++;
1463 }
1464
1465 if (pipe->inode)
1466 mutex_unlock(&pipe->inode->i_mutex);
1467
1468 if (!ret)
1469 ret = error;
1470
1471 return ret;
1472}
1473
912d35f8
JA		 1474/*
1475 * vmsplice splices a user address range into a pipe. It can be thought of
1476 * as splice-from-memory, where the regular splice is splice-from-file (or
1477 * to file). In both cases the output is a pipe, naturally.
912d35f8 1478 */
6a14b90b
JA		 1479static long vmsplice_to_pipe(struct file *file, const struct iovec __user *iov,
1480 unsigned long nr_segs, unsigned int flags)
912d35f8 1481{
ddac0d39 1482 struct pipe_inode_info *pipe;
912d35f8
JA		 1483 struct page *pages[PIPE_BUFFERS];
1484 struct partial_page partial[PIPE_BUFFERS];
1485 struct splice_pipe_desc spd = {
1486 .pages = pages,
1487 .partial = partial,
1488 .flags = flags,
1489 .ops = &user_page_pipe_buf_ops,
bbdfc2f7 1490 .spd_release = spd_release_page,
912d35f8
JA		 1491 };
1492
0f7fc9e4 1493 pipe = pipe_info(file->f_path.dentry->d_inode);
ddac0d39 1494 if (!pipe)
912d35f8 1495 return -EBADF;
912d35f8 1496
7afa6fd0
JA		 1497 spd.nr_pages = get_iovec_page_array(iov, nr_segs, pages, partial,
1498 flags & SPLICE_F_GIFT);
912d35f8
JA		 1499 if (spd.nr_pages <= 0)
1500 return spd.nr_pages;
1501
00522fb4 1502 return splice_to_pipe(pipe, &spd);
912d35f8
JA		 1503}
1504
6a14b90b
JA		 1505/*
1506 * Note that vmsplice only really supports true splicing _from_ user memory
1507 * to a pipe, not the other way around. Splicing from user memory is a simple
1508 * operation that can be supported without any funky alignment restrictions
1509 * or nasty vm tricks. We simply map in the user memory and fill them into
1510 * a pipe. The reverse isn't quite as easy, though. There are two possible
1511 * solutions for that:
1512 *
1513 * - memcpy() the data internally, at which point we might as well just
1514 * do a regular read() on the buffer anyway.
1515 * - Lots of nasty vm tricks, that are neither fast nor flexible (it
1516 * has restriction limitations on both ends of the pipe).
1517 *
1518 * Currently we punt and implement it as a normal copy, see pipe_to_user().
1519 *
1520 */
836f92ad
HC		 1521SYSCALL_DEFINE4(vmsplice, int, fd, const struct iovec __user *, iov,
1522 unsigned long, nr_segs, unsigned int, flags)
912d35f8
JA		 1523{
1524 struct file *file;
1525 long error;
1526 int fput;
1527
6a14b90b
JA		 1528 if (unlikely(nr_segs > UIO_MAXIOV))
1529 return -EINVAL;
1530 else if (unlikely(!nr_segs))
1531 return 0;
1532
912d35f8
JA		 1533 error = -EBADF;
1534 file = fget_light(fd, &fput);
1535 if (file) {
1536 if (file->f_mode & FMODE_WRITE)
6a14b90b
JA		 1537 error = vmsplice_to_pipe(file, iov, nr_segs, flags);
1538 else if (file->f_mode & FMODE_READ)
1539 error = vmsplice_to_user(file, iov, nr_segs, flags);
912d35f8
JA		 1540
1541 fput_light(file, fput);
1542 }
1543
1544 return error;
1545}
1546
836f92ad
HC		 1547SYSCALL_DEFINE6(splice, int, fd_in, loff_t __user *, off_in,
1548 int, fd_out, loff_t __user *, off_out,
1549 size_t, len, unsigned int, flags)
5274f052
JA		 1550{
1551 long error;
1552 struct file *in, *out;
1553 int fput_in, fput_out;
1554
1555 if (unlikely(!len))
1556 return 0;
1557
1558 error = -EBADF;
529565dc 1559 in = fget_light(fd_in, &fput_in);
5274f052
JA		 1560 if (in) {
1561 if (in->f_mode & FMODE_READ) {
529565dc 1562 out = fget_light(fd_out, &fput_out);
5274f052
JA		 1563 if (out) {
1564 if (out->f_mode & FMODE_WRITE)
529565dc
IM		 1565 error = do_splice(in, off_in,
1566 out, off_out,
1567 len, flags);
5274f052
JA		 1568 fput_light(out, fput_out);
1569 }
1570 }
1571
1572 fput_light(in, fput_in);
1573 }
1574
1575 return error;
1576}
70524490 1577
aadd06e5
JA		 1578/*
1579 * Make sure there's data to read. Wait for input if we can, otherwise
1580 * return an appropriate error.
1581 */
1582static int link_ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
1583{
1584 int ret;
1585
1586 /*
1587 * Check ->nrbufs without the inode lock first. This function
1588 * is speculative anyways, so missing one is ok.
1589 */
1590 if (pipe->nrbufs)
1591 return 0;
1592
1593 ret = 0;
1594 mutex_lock(&pipe->inode->i_mutex);
1595
1596 while (!pipe->nrbufs) {
1597 if (signal_pending(current)) {
1598 ret = -ERESTARTSYS;
1599 break;
1600 }
1601 if (!pipe->writers)
1602 break;
1603 if (!pipe->waiting_writers) {
1604 if (flags & SPLICE_F_NONBLOCK) {
1605 ret = -EAGAIN;
1606 break;
1607 }
1608 }
1609 pipe_wait(pipe);
1610 }
1611
1612 mutex_unlock(&pipe->inode->i_mutex);
1613 return ret;
1614}
1615
1616/*
1617 * Make sure there's writeable room. Wait for room if we can, otherwise
1618 * return an appropriate error.
1619 */
1620static int link_opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
1621{
1622 int ret;
1623
1624 /*
1625 * Check ->nrbufs without the inode lock first. This function
1626 * is speculative anyways, so missing one is ok.
1627 */
1628 if (pipe->nrbufs < PIPE_BUFFERS)
1629 return 0;
1630
1631 ret = 0;
1632 mutex_lock(&pipe->inode->i_mutex);
1633
1634 while (pipe->nrbufs >= PIPE_BUFFERS) {
1635 if (!pipe->readers) {
1636 send_sig(SIGPIPE, current, 0);
1637 ret = -EPIPE;
1638 break;
1639 }
1640 if (flags & SPLICE_F_NONBLOCK) {
1641 ret = -EAGAIN;
1642 break;
1643 }
1644 if (signal_pending(current)) {
1645 ret = -ERESTARTSYS;
1646 break;
1647 }
1648 pipe->waiting_writers++;
1649 pipe_wait(pipe);
1650 pipe->waiting_writers--;
1651 }
1652
1653 mutex_unlock(&pipe->inode->i_mutex);
1654 return ret;
1655}
1656
70524490
JA		 1657/*
1658 * Link contents of ipipe to opipe.
1659 */
1660static int link_pipe(struct pipe_inode_info *ipipe,
1661 struct pipe_inode_info *opipe,
1662 size_t len, unsigned int flags)
1663{
1664 struct pipe_buffer *ibuf, *obuf;
aadd06e5 1665 int ret = 0, i = 0, nbuf;
70524490
JA		 1666
1667 /*
1668 * Potential ABBA deadlock, work around it by ordering lock
1669 * grabbing by inode address. Otherwise two different processes
1670 * could deadlock (one doing tee from A -> B, the other from B -> A).
1671 */
62752ee1 1672 inode_double_lock(ipipe->inode, opipe->inode);
70524490 1673
aadd06e5 1674 do {
70524490
JA		 1675 if (!opipe->readers) {
1676 send_sig(SIGPIPE, current, 0);
1677 if (!ret)
1678 ret = -EPIPE;
1679 break;
1680 }
70524490 1681
aadd06e5
JA		 1682 /*
1683 * If we have iterated all input buffers or ran out of
1684 * output room, break.
1685 */
1686 if (i >= ipipe->nrbufs || opipe->nrbufs >= PIPE_BUFFERS)
1687 break;
70524490 1688
aadd06e5
JA		 1689 ibuf = ipipe->bufs + ((ipipe->curbuf + i) & (PIPE_BUFFERS - 1));
1690 nbuf = (opipe->curbuf + opipe->nrbufs) & (PIPE_BUFFERS - 1);
70524490
JA		 1691
1692 /*
aadd06e5
JA		 1693 * Get a reference to this pipe buffer,
1694 * so we can copy the contents over.
70524490 1695 */
aadd06e5
JA		 1696 ibuf->ops->get(ipipe, ibuf);
1697
1698 obuf = opipe->bufs + nbuf;
1699 *obuf = *ibuf;
1700
2a27250e 1701 /*
aadd06e5
JA		 1702 * Don't inherit the gift flag, we need to
1703 * prevent multiple steals of this page.
2a27250e 1704 */
aadd06e5 1705 obuf->flags &= ~PIPE_BUF_FLAG_GIFT;
70524490 1706
aadd06e5
JA		 1707 if (obuf->len > len)
1708 obuf->len = len;
70524490 1709
aadd06e5
JA		 1710 opipe->nrbufs++;
1711 ret += obuf->len;
1712 len -= obuf->len;
1713 i++;
1714 } while (len);
70524490 1715
02cf01ae
JA		 1716 /*
1717 * return EAGAIN if we have the potential of some data in the
1718 * future, otherwise just return 0
1719 */
1720 if (!ret && ipipe->waiting_writers && (flags & SPLICE_F_NONBLOCK))
1721 ret = -EAGAIN;
1722
62752ee1 1723 inode_double_unlock(ipipe->inode, opipe->inode);
70524490 1724
aadd06e5
JA		 1725 /*
1726 * If we put data in the output pipe, wakeup any potential readers.
1727 */
1728 if (ret > 0) {
70524490
JA		 1729 smp_mb();
1730 if (waitqueue_active(&opipe->wait))
1731 wake_up_interruptible(&opipe->wait);
1732 kill_fasync(&opipe->fasync_readers, SIGIO, POLL_IN);
1733 }
1734
1735 return ret;
1736}
1737
1738/*
1739 * This is a tee(1) implementation that works on pipes. It doesn't copy
1740 * any data, it simply references the 'in' pages on the 'out' pipe.
1741 * The 'flags' used are the SPLICE_F_* variants, currently the only
1742 * applicable one is SPLICE_F_NONBLOCK.
1743 */
1744static long do_tee(struct file *in, struct file *out, size_t len,
1745 unsigned int flags)
1746{
0f7fc9e4
JJS		 1747 struct pipe_inode_info *ipipe = pipe_info(in->f_path.dentry->d_inode);
1748 struct pipe_inode_info *opipe = pipe_info(out->f_path.dentry->d_inode);
aadd06e5 1749 int ret = -EINVAL;
70524490
JA		 1750
1751 /*
aadd06e5
JA		 1752 * Duplicate the contents of ipipe to opipe without actually
1753 * copying the data.
70524490 1754 */
aadd06e5
JA		 1755 if (ipipe && opipe && ipipe != opipe) {
1756 /*
1757 * Keep going, unless we encounter an error. The ipipe/opipe
1758 * ordering doesn't really matter.
1759 */
1760 ret = link_ipipe_prep(ipipe, flags);
1761 if (!ret) {
1762 ret = link_opipe_prep(opipe, flags);
02cf01ae 1763 if (!ret)
aadd06e5 1764 ret = link_pipe(ipipe, opipe, len, flags);
aadd06e5
JA		 1765 }
1766 }
70524490 1767
aadd06e5 1768 return ret;
70524490
JA		 1769}
1770
836f92ad 1771SYSCALL_DEFINE4(tee, int, fdin, int, fdout, size_t, len, unsigned int, flags)
70524490
JA		 1772{
1773 struct file *in;
1774 int error, fput_in;
1775
1776 if (unlikely(!len))
1777 return 0;
1778
1779 error = -EBADF;
1780 in = fget_light(fdin, &fput_in);
1781 if (in) {
1782 if (in->f_mode & FMODE_READ) {
1783 int fput_out;
1784 struct file *out = fget_light(fdout, &fput_out);
1785
1786 if (out) {
1787 if (out->f_mode & FMODE_WRITE)
1788 error = do_tee(in, out, len, flags);
1789 fput_light(out, fput_out);
1790 }
1791 }
1792 fput_light(in, fput_in);
1793 }
1794
1795 return error;
1796}
kernel source for telekom puls (alcatel/mediatek)