4 * Copyright (C) 1991, 1992, 1999 Linus Torvalds
8 #include <linux/file.h>
9 #include <linux/poll.h>
10 #include <linux/slab.h>
11 #include <linux/module.h>
12 #include <linux/init.h>
14 #include <linux/mount.h>
15 #include <linux/pipe_fs_i.h>
16 #include <linux/uio.h>
17 #include <linux/highmem.h>
18 #include <linux/pagemap.h>
20 #include <asm/uaccess.h>
21 #include <asm/ioctls.h>
24 * We use a start+len construction, which provides full use of the
26 * -- Florian Coosmann (FGC)
28 * Reads with count = 0 should always return 0.
29 * -- Julian Bradfield 1999-06-07.
31 * FIFOs and Pipes now generate SIGIO for both readers and writers.
32 * -- Jeremy Elson <jelson@circlemud.org> 2001-08-16
34 * pipe_read & write cleanup
35 * -- Manfred Spraul <manfred@colorfullife.com> 2002-05-09
38 /* Drop the inode semaphore and wait for a pipe event, atomically */
39 void pipe_wait(struct pipe_inode_info *pipe)
44 * Pipes are system-local resources, so sleeping on them
45 * is considered a noninteractive wait:
47 prepare_to_wait(&pipe->wait, &wait,
48 TASK_INTERRUPTIBLE | TASK_NONINTERACTIVE);
50 mutex_unlock(&pipe->inode->i_mutex);
52 finish_wait(&pipe->wait, &wait);
54 mutex_lock(&pipe->inode->i_mutex);
58 pipe_iov_copy_from_user(void *to, struct iovec *iov, unsigned long len,
66 copy = min_t(unsigned long, len, iov->iov_len);
69 if (__copy_from_user_inatomic(to, iov->iov_base, copy))
72 if (copy_from_user(to, iov->iov_base, copy))
77 iov->iov_base += copy;
84 pipe_iov_copy_to_user(struct iovec *iov, const void *from, unsigned long len,
92 copy = min_t(unsigned long, len, iov->iov_len);
95 if (__copy_to_user_inatomic(iov->iov_base, from, copy))
98 if (copy_to_user(iov->iov_base, from, copy))
103 iov->iov_base += copy;
104 iov->iov_len -= copy;
110 * Attempt to pre-fault in the user memory, so we can use atomic copies.
111 * Returns the number of bytes not faulted in.
113 static int iov_fault_in_pages_write(struct iovec *iov, unsigned long len)
115 while (!iov->iov_len)
119 unsigned long this_len;
121 this_len = min_t(unsigned long, len, iov->iov_len);
122 if (fault_in_pages_writeable(iov->iov_base, this_len))
133 * Pre-fault in the user memory, so we can use atomic copies.
135 static void iov_fault_in_pages_read(struct iovec *iov, unsigned long len)
137 while (!iov->iov_len)
141 unsigned long this_len;
143 this_len = min_t(unsigned long, len, iov->iov_len);
144 fault_in_pages_readable(iov->iov_base, this_len);
150 static void anon_pipe_buf_release(struct pipe_inode_info *pipe,
151 struct pipe_buffer *buf)
153 struct page *page = buf->page;
156 * If nobody else uses this page, and we don't already have a
157 * temporary page, let's keep track of it as a one-deep
158 * allocation cache. (Otherwise just release our reference to it)
160 if (page_count(page) == 1 && !pipe->tmp_page)
161 pipe->tmp_page = page;
163 page_cache_release(page);
166 void *generic_pipe_buf_map(struct pipe_inode_info *pipe,
167 struct pipe_buffer *buf, int atomic)
170 buf->flags |= PIPE_BUF_FLAG_ATOMIC;
171 return kmap_atomic(buf->page, KM_USER0);
174 return kmap(buf->page);
177 void generic_pipe_buf_unmap(struct pipe_inode_info *pipe,
178 struct pipe_buffer *buf, void *map_data)
180 if (buf->flags & PIPE_BUF_FLAG_ATOMIC) {
181 buf->flags &= ~PIPE_BUF_FLAG_ATOMIC;
182 kunmap_atomic(map_data, KM_USER0);
187 int generic_pipe_buf_steal(struct pipe_inode_info *pipe,
188 struct pipe_buffer *buf)
190 struct page *page = buf->page;
192 if (page_count(page) == 1) {
200 void generic_pipe_buf_get(struct pipe_inode_info *info, struct pipe_buffer *buf)
202 page_cache_get(buf->page);
205 int generic_pipe_buf_pin(struct pipe_inode_info *info, struct pipe_buffer *buf)
210 static const struct pipe_buf_operations anon_pipe_buf_ops = {
212 .map = generic_pipe_buf_map,
213 .unmap = generic_pipe_buf_unmap,
214 .pin = generic_pipe_buf_pin,
215 .release = anon_pipe_buf_release,
216 .steal = generic_pipe_buf_steal,
217 .get = generic_pipe_buf_get,
221 pipe_read(struct kiocb *iocb, const struct iovec *_iov,
222 unsigned long nr_segs, loff_t pos)
224 struct file *filp = iocb->ki_filp;
225 struct inode *inode = filp->f_path.dentry->d_inode;
226 struct pipe_inode_info *pipe;
229 struct iovec *iov = (struct iovec *)_iov;
232 total_len = iov_length(iov, nr_segs);
233 /* Null read succeeds. */
234 if (unlikely(total_len == 0))
239 mutex_lock(&inode->i_mutex);
240 pipe = inode->i_pipe;
242 int bufs = pipe->nrbufs;
244 int curbuf = pipe->curbuf;
245 struct pipe_buffer *buf = pipe->bufs + curbuf;
246 const struct pipe_buf_operations *ops = buf->ops;
248 size_t chars = buf->len;
251 if (chars > total_len)
254 error = ops->pin(pipe, buf);
261 atomic = !iov_fault_in_pages_write(iov, chars);
263 addr = ops->map(pipe, buf, atomic);
264 error = pipe_iov_copy_to_user(iov, addr + buf->offset, chars, atomic);
265 ops->unmap(pipe, buf, addr);
266 if (unlikely(error)) {
268 * Just retry with the slow path if we failed.
279 buf->offset += chars;
283 ops->release(pipe, buf);
284 curbuf = (curbuf + 1) & (PIPE_BUFFERS-1);
285 pipe->curbuf = curbuf;
286 pipe->nrbufs = --bufs;
291 break; /* common path: read succeeded */
293 if (bufs) /* More to do? */
297 if (!pipe->waiting_writers) {
298 /* syscall merging: Usually we must not sleep
299 * if O_NONBLOCK is set, or if we got some data.
300 * But if a writer sleeps in kernel space, then
301 * we can wait for that data without violating POSIX.
305 if (filp->f_flags & O_NONBLOCK) {
310 if (signal_pending(current)) {
316 wake_up_interruptible_sync(&pipe->wait);
317 kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
321 mutex_unlock(&inode->i_mutex);
323 /* Signal writers asynchronously that there is more room. */
325 wake_up_interruptible(&pipe->wait);
326 kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
334 pipe_write(struct kiocb *iocb, const struct iovec *_iov,
335 unsigned long nr_segs, loff_t ppos)
337 struct file *filp = iocb->ki_filp;
338 struct inode *inode = filp->f_path.dentry->d_inode;
339 struct pipe_inode_info *pipe;
342 struct iovec *iov = (struct iovec *)_iov;
346 total_len = iov_length(iov, nr_segs);
347 /* Null write succeeds. */
348 if (unlikely(total_len == 0))
353 mutex_lock(&inode->i_mutex);
354 pipe = inode->i_pipe;
356 if (!pipe->readers) {
357 send_sig(SIGPIPE, current, 0);
362 /* We try to merge small writes */
363 chars = total_len & (PAGE_SIZE-1); /* size of the last buffer */
364 if (pipe->nrbufs && chars != 0) {
365 int lastbuf = (pipe->curbuf + pipe->nrbufs - 1) &
367 struct pipe_buffer *buf = pipe->bufs + lastbuf;
368 const struct pipe_buf_operations *ops = buf->ops;
369 int offset = buf->offset + buf->len;
371 if (ops->can_merge && offset + chars <= PAGE_SIZE) {
372 int error, atomic = 1;
375 error = ops->pin(pipe, buf);
379 iov_fault_in_pages_read(iov, chars);
381 addr = ops->map(pipe, buf, atomic);
382 error = pipe_iov_copy_from_user(offset + addr, iov,
384 ops->unmap(pipe, buf, addr);
405 if (!pipe->readers) {
406 send_sig(SIGPIPE, current, 0);
412 if (bufs < PIPE_BUFFERS) {
413 int newbuf = (pipe->curbuf + bufs) & (PIPE_BUFFERS-1);
414 struct pipe_buffer *buf = pipe->bufs + newbuf;
415 struct page *page = pipe->tmp_page;
417 int error, atomic = 1;
420 page = alloc_page(GFP_HIGHUSER);
421 if (unlikely(!page)) {
422 ret = ret ? : -ENOMEM;
425 pipe->tmp_page = page;
427 /* Always wake up, even if the copy fails. Otherwise
428 * we lock up (O_NONBLOCK-)readers that sleep due to
430 * FIXME! Is this really true?
434 if (chars > total_len)
437 iov_fault_in_pages_read(iov, chars);
440 src = kmap_atomic(page, KM_USER0);
444 error = pipe_iov_copy_from_user(src, iov, chars,
447 kunmap_atomic(src, KM_USER0);
451 if (unlikely(error)) {
462 /* Insert it into the buffer array */
464 buf->ops = &anon_pipe_buf_ops;
467 pipe->nrbufs = ++bufs;
468 pipe->tmp_page = NULL;
474 if (bufs < PIPE_BUFFERS)
476 if (filp->f_flags & O_NONBLOCK) {
481 if (signal_pending(current)) {
487 wake_up_interruptible_sync(&pipe->wait);
488 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
491 pipe->waiting_writers++;
493 pipe->waiting_writers--;
496 mutex_unlock(&inode->i_mutex);
498 wake_up_interruptible(&pipe->wait);
499 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
502 file_update_time(filp);
507 bad_pipe_r(struct file *filp, char __user *buf, size_t count, loff_t *ppos)
513 bad_pipe_w(struct file *filp, const char __user *buf, size_t count,
520 pipe_ioctl(struct inode *pino, struct file *filp,
521 unsigned int cmd, unsigned long arg)
523 struct inode *inode = filp->f_path.dentry->d_inode;
524 struct pipe_inode_info *pipe;
525 int count, buf, nrbufs;
529 mutex_lock(&inode->i_mutex);
530 pipe = inode->i_pipe;
533 nrbufs = pipe->nrbufs;
534 while (--nrbufs >= 0) {
535 count += pipe->bufs[buf].len;
536 buf = (buf+1) & (PIPE_BUFFERS-1);
538 mutex_unlock(&inode->i_mutex);
540 return put_user(count, (int __user *)arg);
546 /* No kernel lock held - fine */
548 pipe_poll(struct file *filp, poll_table *wait)
551 struct inode *inode = filp->f_path.dentry->d_inode;
552 struct pipe_inode_info *pipe = inode->i_pipe;
555 poll_wait(filp, &pipe->wait, wait);
557 /* Reading only -- no need for acquiring the semaphore. */
558 nrbufs = pipe->nrbufs;
560 if (filp->f_mode & FMODE_READ) {
561 mask = (nrbufs > 0) ? POLLIN | POLLRDNORM : 0;
562 if (!pipe->writers && filp->f_version != pipe->w_counter)
566 if (filp->f_mode & FMODE_WRITE) {
567 mask |= (nrbufs < PIPE_BUFFERS) ? POLLOUT | POLLWRNORM : 0;
569 * Most Unices do not set POLLERR for FIFOs but on Linux they
570 * behave exactly like pipes for poll().
580 pipe_release(struct inode *inode, int decr, int decw)
582 struct pipe_inode_info *pipe;
584 mutex_lock(&inode->i_mutex);
585 pipe = inode->i_pipe;
586 pipe->readers -= decr;
587 pipe->writers -= decw;
589 if (!pipe->readers && !pipe->writers) {
590 free_pipe_info(inode);
592 wake_up_interruptible(&pipe->wait);
593 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
594 kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
596 mutex_unlock(&inode->i_mutex);
602 pipe_read_fasync(int fd, struct file *filp, int on)
604 struct inode *inode = filp->f_path.dentry->d_inode;
607 mutex_lock(&inode->i_mutex);
608 retval = fasync_helper(fd, filp, on, &inode->i_pipe->fasync_readers);
609 mutex_unlock(&inode->i_mutex);
619 pipe_write_fasync(int fd, struct file *filp, int on)
621 struct inode *inode = filp->f_path.dentry->d_inode;
624 mutex_lock(&inode->i_mutex);
625 retval = fasync_helper(fd, filp, on, &inode->i_pipe->fasync_writers);
626 mutex_unlock(&inode->i_mutex);
636 pipe_rdwr_fasync(int fd, struct file *filp, int on)
638 struct inode *inode = filp->f_path.dentry->d_inode;
639 struct pipe_inode_info *pipe = inode->i_pipe;
642 mutex_lock(&inode->i_mutex);
644 retval = fasync_helper(fd, filp, on, &pipe->fasync_readers);
647 retval = fasync_helper(fd, filp, on, &pipe->fasync_writers);
649 mutex_unlock(&inode->i_mutex);
659 pipe_read_release(struct inode *inode, struct file *filp)
661 pipe_read_fasync(-1, filp, 0);
662 return pipe_release(inode, 1, 0);
666 pipe_write_release(struct inode *inode, struct file *filp)
668 pipe_write_fasync(-1, filp, 0);
669 return pipe_release(inode, 0, 1);
673 pipe_rdwr_release(struct inode *inode, struct file *filp)
677 pipe_rdwr_fasync(-1, filp, 0);
678 decr = (filp->f_mode & FMODE_READ) != 0;
679 decw = (filp->f_mode & FMODE_WRITE) != 0;
680 return pipe_release(inode, decr, decw);
684 pipe_read_open(struct inode *inode, struct file *filp)
686 /* We could have perhaps used atomic_t, but this and friends
687 below are the only places. So it doesn't seem worthwhile. */
688 mutex_lock(&inode->i_mutex);
689 inode->i_pipe->readers++;
690 mutex_unlock(&inode->i_mutex);
696 pipe_write_open(struct inode *inode, struct file *filp)
698 mutex_lock(&inode->i_mutex);
699 inode->i_pipe->writers++;
700 mutex_unlock(&inode->i_mutex);
706 pipe_rdwr_open(struct inode *inode, struct file *filp)
708 mutex_lock(&inode->i_mutex);
709 if (filp->f_mode & FMODE_READ)
710 inode->i_pipe->readers++;
711 if (filp->f_mode & FMODE_WRITE)
712 inode->i_pipe->writers++;
713 mutex_unlock(&inode->i_mutex);
719 * The file_operations structs are not static because they
720 * are also used in linux/fs/fifo.c to do operations on FIFOs.
722 const struct file_operations read_fifo_fops = {
724 .read = do_sync_read,
725 .aio_read = pipe_read,
729 .open = pipe_read_open,
730 .release = pipe_read_release,
731 .fasync = pipe_read_fasync,
734 const struct file_operations write_fifo_fops = {
737 .write = do_sync_write,
738 .aio_write = pipe_write,
741 .open = pipe_write_open,
742 .release = pipe_write_release,
743 .fasync = pipe_write_fasync,
746 const struct file_operations rdwr_fifo_fops = {
748 .read = do_sync_read,
749 .aio_read = pipe_read,
750 .write = do_sync_write,
751 .aio_write = pipe_write,
754 .open = pipe_rdwr_open,
755 .release = pipe_rdwr_release,
756 .fasync = pipe_rdwr_fasync,
759 static const struct file_operations read_pipe_fops = {
761 .read = do_sync_read,
762 .aio_read = pipe_read,
766 .open = pipe_read_open,
767 .release = pipe_read_release,
768 .fasync = pipe_read_fasync,
771 static const struct file_operations write_pipe_fops = {
774 .write = do_sync_write,
775 .aio_write = pipe_write,
778 .open = pipe_write_open,
779 .release = pipe_write_release,
780 .fasync = pipe_write_fasync,
783 static const struct file_operations rdwr_pipe_fops = {
785 .read = do_sync_read,
786 .aio_read = pipe_read,
787 .write = do_sync_write,
788 .aio_write = pipe_write,
791 .open = pipe_rdwr_open,
792 .release = pipe_rdwr_release,
793 .fasync = pipe_rdwr_fasync,
796 struct pipe_inode_info * alloc_pipe_info(struct inode *inode)
798 struct pipe_inode_info *pipe;
800 pipe = kzalloc(sizeof(struct pipe_inode_info), GFP_KERNEL);
802 init_waitqueue_head(&pipe->wait);
803 pipe->r_counter = pipe->w_counter = 1;
810 void __free_pipe_info(struct pipe_inode_info *pipe)
814 for (i = 0; i < PIPE_BUFFERS; i++) {
815 struct pipe_buffer *buf = pipe->bufs + i;
817 buf->ops->release(pipe, buf);
820 __free_page(pipe->tmp_page);
824 void free_pipe_info(struct inode *inode)
826 __free_pipe_info(inode->i_pipe);
827 inode->i_pipe = NULL;
830 static struct vfsmount *pipe_mnt __read_mostly;
831 static int pipefs_delete_dentry(struct dentry *dentry)
834 * At creation time, we pretended this dentry was hashed
835 * (by clearing DCACHE_UNHASHED bit in d_flags)
836 * At delete time, we restore the truth : not hashed.
837 * (so that dput() can proceed correctly)
839 dentry->d_flags |= DCACHE_UNHASHED;
843 static struct dentry_operations pipefs_dentry_operations = {
844 .d_delete = pipefs_delete_dentry,
847 static struct inode * get_pipe_inode(void)
849 struct inode *inode = new_inode(pipe_mnt->mnt_sb);
850 struct pipe_inode_info *pipe;
855 pipe = alloc_pipe_info(inode);
858 inode->i_pipe = pipe;
860 pipe->readers = pipe->writers = 1;
861 inode->i_fop = &rdwr_pipe_fops;
864 * Mark the inode dirty from the very beginning,
865 * that way it will never be moved to the dirty
866 * list because "mark_inode_dirty()" will think
867 * that it already _is_ on the dirty list.
869 inode->i_state = I_DIRTY;
870 inode->i_mode = S_IFIFO | S_IRUSR | S_IWUSR;
871 inode->i_uid = current->fsuid;
872 inode->i_gid = current->fsgid;
873 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;
884 struct file *create_write_pipe(void)
889 struct dentry *dentry;
893 f = get_empty_filp();
895 return ERR_PTR(-ENFILE);
897 inode = get_pipe_inode();
901 this.len = sprintf(name, "[%lu]", inode->i_ino);
905 dentry = d_alloc(pipe_mnt->mnt_sb->s_root, &this);
909 dentry->d_op = &pipefs_dentry_operations;
911 * We dont want to publish this dentry into global dentry hash table.
912 * We pretend dentry is already hashed, by unsetting DCACHE_UNHASHED
913 * This permits a working /proc/$pid/fd/XXX on pipes
915 dentry->d_flags &= ~DCACHE_UNHASHED;
916 d_instantiate(dentry, inode);
917 f->f_path.mnt = mntget(pipe_mnt);
918 f->f_path.dentry = dentry;
919 f->f_mapping = inode->i_mapping;
921 f->f_flags = O_WRONLY;
922 f->f_op = &write_pipe_fops;
923 f->f_mode = FMODE_WRITE;
929 free_pipe_info(inode);
936 void free_write_pipe(struct file *f)
938 free_pipe_info(f->f_dentry->d_inode);
939 dput(f->f_path.dentry);
940 mntput(f->f_path.mnt);
944 struct file *create_read_pipe(struct file *wrf)
946 struct file *f = get_empty_filp();
948 return ERR_PTR(-ENFILE);
950 /* Grab pipe from the writer */
951 f->f_path.mnt = mntget(wrf->f_path.mnt);
952 f->f_path.dentry = dget(wrf->f_path.dentry);
953 f->f_mapping = wrf->f_path.dentry->d_inode->i_mapping;
956 f->f_flags = O_RDONLY;
957 f->f_op = &read_pipe_fops;
958 f->f_mode = FMODE_READ;
966 struct file *fw, *fr;
970 fw = create_write_pipe();
973 fr = create_read_pipe(fw);
978 error = get_unused_fd();
983 error = get_unused_fd();
999 mntput(fr->f_vfsmnt);
1002 free_write_pipe(fw);
1007 * pipefs should _never_ be mounted by userland - too much of security hassle,
1008 * no real gain from having the whole whorehouse mounted. So we don't need
1009 * any operations on the root directory. However, we need a non-trivial
1010 * d_name - pipe: will go nicely and kill the special-casing in procfs.
1012 static int pipefs_get_sb(struct file_system_type *fs_type,
1013 int flags, const char *dev_name, void *data,
1014 struct vfsmount *mnt)
1016 return get_sb_pseudo(fs_type, "pipe:", NULL, PIPEFS_MAGIC, mnt);
1019 static struct file_system_type pipe_fs_type = {
1021 .get_sb = pipefs_get_sb,
1022 .kill_sb = kill_anon_super,
1025 static int __init init_pipe_fs(void)
1027 int err = register_filesystem(&pipe_fs_type);
1030 pipe_mnt = kern_mount(&pipe_fs_type);
1031 if (IS_ERR(pipe_mnt)) {
1032 err = PTR_ERR(pipe_mnt);
1033 unregister_filesystem(&pipe_fs_type);
1039 static void __exit exit_pipe_fs(void)
1041 unregister_filesystem(&pipe_fs_type);
1045 fs_initcall(init_pipe_fs);
1046 module_exit(exit_pipe_fs);