Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus
[linux-2.6] / fs / pipe.c
1 /*
2  *  linux/fs/pipe.c
3  *
4  *  Copyright (C) 1991, 1992, 1999  Linus Torvalds
5  */
6
7 #include <linux/mm.h>
8 #include <linux/file.h>
9 #include <linux/poll.h>
10 #include <linux/slab.h>
11 #include <linux/module.h>
12 #include <linux/init.h>
13 #include <linux/fs.h>
14 #include <linux/mount.h>
15 #include <linux/pipe_fs_i.h>
16 #include <linux/uio.h>
17 #include <linux/highmem.h>
18 #include <linux/pagemap.h>
19
20 #include <asm/uaccess.h>
21 #include <asm/ioctls.h>
22
23 /*
24  * We use a start+len construction, which provides full use of the 
25  * allocated memory.
26  * -- Florian Coosmann (FGC)
27  * 
28  * Reads with count = 0 should always return 0.
29  * -- Julian Bradfield 1999-06-07.
30  *
31  * FIFOs and Pipes now generate SIGIO for both readers and writers.
32  * -- Jeremy Elson <jelson@circlemud.org> 2001-08-16
33  *
34  * pipe_read & write cleanup
35  * -- Manfred Spraul <manfred@colorfullife.com> 2002-05-09
36  */
37
38 /* Drop the inode semaphore and wait for a pipe event, atomically */
39 void pipe_wait(struct pipe_inode_info *pipe)
40 {
41         DEFINE_WAIT(wait);
42
43         /*
44          * Pipes are system-local resources, so sleeping on them
45          * is considered a noninteractive wait:
46          */
47         prepare_to_wait(&pipe->wait, &wait,
48                         TASK_INTERRUPTIBLE | TASK_NONINTERACTIVE);
49         if (pipe->inode)
50                 mutex_unlock(&pipe->inode->i_mutex);
51         schedule();
52         finish_wait(&pipe->wait, &wait);
53         if (pipe->inode)
54                 mutex_lock(&pipe->inode->i_mutex);
55 }
56
57 static int
58 pipe_iov_copy_from_user(void *to, struct iovec *iov, unsigned long len,
59                         int atomic)
60 {
61         unsigned long copy;
62
63         while (len > 0) {
64                 while (!iov->iov_len)
65                         iov++;
66                 copy = min_t(unsigned long, len, iov->iov_len);
67
68                 if (atomic) {
69                         if (__copy_from_user_inatomic(to, iov->iov_base, copy))
70                                 return -EFAULT;
71                 } else {
72                         if (copy_from_user(to, iov->iov_base, copy))
73                                 return -EFAULT;
74                 }
75                 to += copy;
76                 len -= copy;
77                 iov->iov_base += copy;
78                 iov->iov_len -= copy;
79         }
80         return 0;
81 }
82
83 static int
84 pipe_iov_copy_to_user(struct iovec *iov, const void *from, unsigned long len,
85                       int atomic)
86 {
87         unsigned long copy;
88
89         while (len > 0) {
90                 while (!iov->iov_len)
91                         iov++;
92                 copy = min_t(unsigned long, len, iov->iov_len);
93
94                 if (atomic) {
95                         if (__copy_to_user_inatomic(iov->iov_base, from, copy))
96                                 return -EFAULT;
97                 } else {
98                         if (copy_to_user(iov->iov_base, from, copy))
99                                 return -EFAULT;
100                 }
101                 from += copy;
102                 len -= copy;
103                 iov->iov_base += copy;
104                 iov->iov_len -= copy;
105         }
106         return 0;
107 }
108
109 /*
110  * Attempt to pre-fault in the user memory, so we can use atomic copies.
111  * Returns the number of bytes not faulted in.
112  */
113 static int iov_fault_in_pages_write(struct iovec *iov, unsigned long len)
114 {
115         while (!iov->iov_len)
116                 iov++;
117
118         while (len > 0) {
119                 unsigned long this_len;
120
121                 this_len = min_t(unsigned long, len, iov->iov_len);
122                 if (fault_in_pages_writeable(iov->iov_base, this_len))
123                         break;
124
125                 len -= this_len;
126                 iov++;
127         }
128
129         return len;
130 }
131
132 /*
133  * Pre-fault in the user memory, so we can use atomic copies.
134  */
135 static void iov_fault_in_pages_read(struct iovec *iov, unsigned long len)
136 {
137         while (!iov->iov_len)
138                 iov++;
139
140         while (len > 0) {
141                 unsigned long this_len;
142
143                 this_len = min_t(unsigned long, len, iov->iov_len);
144                 fault_in_pages_readable(iov->iov_base, this_len);
145                 len -= this_len;
146                 iov++;
147         }
148 }
149
150 static void anon_pipe_buf_release(struct pipe_inode_info *pipe,
151                                   struct pipe_buffer *buf)
152 {
153         struct page *page = buf->page;
154
155         /*
156          * If nobody else uses this page, and we don't already have a
157          * temporary page, let's keep track of it as a one-deep
158          * allocation cache. (Otherwise just release our reference to it)
159          */
160         if (page_count(page) == 1 && !pipe->tmp_page)
161                 pipe->tmp_page = page;
162         else
163                 page_cache_release(page);
164 }
165
166 void *generic_pipe_buf_map(struct pipe_inode_info *pipe,
167                            struct pipe_buffer *buf, int atomic)
168 {
169         if (atomic) {
170                 buf->flags |= PIPE_BUF_FLAG_ATOMIC;
171                 return kmap_atomic(buf->page, KM_USER0);
172         }
173
174         return kmap(buf->page);
175 }
176
177 void generic_pipe_buf_unmap(struct pipe_inode_info *pipe,
178                             struct pipe_buffer *buf, void *map_data)
179 {
180         if (buf->flags & PIPE_BUF_FLAG_ATOMIC) {
181                 buf->flags &= ~PIPE_BUF_FLAG_ATOMIC;
182                 kunmap_atomic(map_data, KM_USER0);
183         } else
184                 kunmap(buf->page);
185 }
186
187 int generic_pipe_buf_steal(struct pipe_inode_info *pipe,
188                            struct pipe_buffer *buf)
189 {
190         struct page *page = buf->page;
191
192         if (page_count(page) == 1) {
193                 lock_page(page);
194                 return 0;
195         }
196
197         return 1;
198 }
199
200 void generic_pipe_buf_get(struct pipe_inode_info *info, struct pipe_buffer *buf)
201 {
202         page_cache_get(buf->page);
203 }
204
205 int generic_pipe_buf_pin(struct pipe_inode_info *info, struct pipe_buffer *buf)
206 {
207         return 0;
208 }
209
210 static const struct pipe_buf_operations anon_pipe_buf_ops = {
211         .can_merge = 1,
212         .map = generic_pipe_buf_map,
213         .unmap = generic_pipe_buf_unmap,
214         .pin = generic_pipe_buf_pin,
215         .release = anon_pipe_buf_release,
216         .steal = generic_pipe_buf_steal,
217         .get = generic_pipe_buf_get,
218 };
219
220 static ssize_t
221 pipe_read(struct kiocb *iocb, const struct iovec *_iov,
222            unsigned long nr_segs, loff_t pos)
223 {
224         struct file *filp = iocb->ki_filp;
225         struct inode *inode = filp->f_path.dentry->d_inode;
226         struct pipe_inode_info *pipe;
227         int do_wakeup;
228         ssize_t ret;
229         struct iovec *iov = (struct iovec *)_iov;
230         size_t total_len;
231
232         total_len = iov_length(iov, nr_segs);
233         /* Null read succeeds. */
234         if (unlikely(total_len == 0))
235                 return 0;
236
237         do_wakeup = 0;
238         ret = 0;
239         mutex_lock(&inode->i_mutex);
240         pipe = inode->i_pipe;
241         for (;;) {
242                 int bufs = pipe->nrbufs;
243                 if (bufs) {
244                         int curbuf = pipe->curbuf;
245                         struct pipe_buffer *buf = pipe->bufs + curbuf;
246                         const struct pipe_buf_operations *ops = buf->ops;
247                         void *addr;
248                         size_t chars = buf->len;
249                         int error, atomic;
250
251                         if (chars > total_len)
252                                 chars = total_len;
253
254                         error = ops->pin(pipe, buf);
255                         if (error) {
256                                 if (!ret)
257                                         error = ret;
258                                 break;
259                         }
260
261                         atomic = !iov_fault_in_pages_write(iov, chars);
262 redo:
263                         addr = ops->map(pipe, buf, atomic);
264                         error = pipe_iov_copy_to_user(iov, addr + buf->offset, chars, atomic);
265                         ops->unmap(pipe, buf, addr);
266                         if (unlikely(error)) {
267                                 /*
268                                  * Just retry with the slow path if we failed.
269                                  */
270                                 if (atomic) {
271                                         atomic = 0;
272                                         goto redo;
273                                 }
274                                 if (!ret)
275                                         ret = error;
276                                 break;
277                         }
278                         ret += chars;
279                         buf->offset += chars;
280                         buf->len -= chars;
281                         if (!buf->len) {
282                                 buf->ops = NULL;
283                                 ops->release(pipe, buf);
284                                 curbuf = (curbuf + 1) & (PIPE_BUFFERS-1);
285                                 pipe->curbuf = curbuf;
286                                 pipe->nrbufs = --bufs;
287                                 do_wakeup = 1;
288                         }
289                         total_len -= chars;
290                         if (!total_len)
291                                 break;  /* common path: read succeeded */
292                 }
293                 if (bufs)       /* More to do? */
294                         continue;
295                 if (!pipe->writers)
296                         break;
297                 if (!pipe->waiting_writers) {
298                         /* syscall merging: Usually we must not sleep
299                          * if O_NONBLOCK is set, or if we got some data.
300                          * But if a writer sleeps in kernel space, then
301                          * we can wait for that data without violating POSIX.
302                          */
303                         if (ret)
304                                 break;
305                         if (filp->f_flags & O_NONBLOCK) {
306                                 ret = -EAGAIN;
307                                 break;
308                         }
309                 }
310                 if (signal_pending(current)) {
311                         if (!ret)
312                                 ret = -ERESTARTSYS;
313                         break;
314                 }
315                 if (do_wakeup) {
316                         wake_up_interruptible_sync(&pipe->wait);
317                         kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
318                 }
319                 pipe_wait(pipe);
320         }
321         mutex_unlock(&inode->i_mutex);
322
323         /* Signal writers asynchronously that there is more room. */
324         if (do_wakeup) {
325                 wake_up_interruptible(&pipe->wait);
326                 kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
327         }
328         if (ret > 0)
329                 file_accessed(filp);
330         return ret;
331 }
332
333 static ssize_t
334 pipe_write(struct kiocb *iocb, const struct iovec *_iov,
335             unsigned long nr_segs, loff_t ppos)
336 {
337         struct file *filp = iocb->ki_filp;
338         struct inode *inode = filp->f_path.dentry->d_inode;
339         struct pipe_inode_info *pipe;
340         ssize_t ret;
341         int do_wakeup;
342         struct iovec *iov = (struct iovec *)_iov;
343         size_t total_len;
344         ssize_t chars;
345
346         total_len = iov_length(iov, nr_segs);
347         /* Null write succeeds. */
348         if (unlikely(total_len == 0))
349                 return 0;
350
351         do_wakeup = 0;
352         ret = 0;
353         mutex_lock(&inode->i_mutex);
354         pipe = inode->i_pipe;
355
356         if (!pipe->readers) {
357                 send_sig(SIGPIPE, current, 0);
358                 ret = -EPIPE;
359                 goto out;
360         }
361
362         /* We try to merge small writes */
363         chars = total_len & (PAGE_SIZE-1); /* size of the last buffer */
364         if (pipe->nrbufs && chars != 0) {
365                 int lastbuf = (pipe->curbuf + pipe->nrbufs - 1) &
366                                                         (PIPE_BUFFERS-1);
367                 struct pipe_buffer *buf = pipe->bufs + lastbuf;
368                 const struct pipe_buf_operations *ops = buf->ops;
369                 int offset = buf->offset + buf->len;
370
371                 if (ops->can_merge && offset + chars <= PAGE_SIZE) {
372                         int error, atomic = 1;
373                         void *addr;
374
375                         error = ops->pin(pipe, buf);
376                         if (error)
377                                 goto out;
378
379                         iov_fault_in_pages_read(iov, chars);
380 redo1:
381                         addr = ops->map(pipe, buf, atomic);
382                         error = pipe_iov_copy_from_user(offset + addr, iov,
383                                                         chars, atomic);
384                         ops->unmap(pipe, buf, addr);
385                         ret = error;
386                         do_wakeup = 1;
387                         if (error) {
388                                 if (atomic) {
389                                         atomic = 0;
390                                         goto redo1;
391                                 }
392                                 goto out;
393                         }
394                         buf->len += chars;
395                         total_len -= chars;
396                         ret = chars;
397                         if (!total_len)
398                                 goto out;
399                 }
400         }
401
402         for (;;) {
403                 int bufs;
404
405                 if (!pipe->readers) {
406                         send_sig(SIGPIPE, current, 0);
407                         if (!ret)
408                                 ret = -EPIPE;
409                         break;
410                 }
411                 bufs = pipe->nrbufs;
412                 if (bufs < PIPE_BUFFERS) {
413                         int newbuf = (pipe->curbuf + bufs) & (PIPE_BUFFERS-1);
414                         struct pipe_buffer *buf = pipe->bufs + newbuf;
415                         struct page *page = pipe->tmp_page;
416                         char *src;
417                         int error, atomic = 1;
418
419                         if (!page) {
420                                 page = alloc_page(GFP_HIGHUSER);
421                                 if (unlikely(!page)) {
422                                         ret = ret ? : -ENOMEM;
423                                         break;
424                                 }
425                                 pipe->tmp_page = page;
426                         }
427                         /* Always wake up, even if the copy fails. Otherwise
428                          * we lock up (O_NONBLOCK-)readers that sleep due to
429                          * syscall merging.
430                          * FIXME! Is this really true?
431                          */
432                         do_wakeup = 1;
433                         chars = PAGE_SIZE;
434                         if (chars > total_len)
435                                 chars = total_len;
436
437                         iov_fault_in_pages_read(iov, chars);
438 redo2:
439                         if (atomic)
440                                 src = kmap_atomic(page, KM_USER0);
441                         else
442                                 src = kmap(page);
443
444                         error = pipe_iov_copy_from_user(src, iov, chars,
445                                                         atomic);
446                         if (atomic)
447                                 kunmap_atomic(src, KM_USER0);
448                         else
449                                 kunmap(page);
450
451                         if (unlikely(error)) {
452                                 if (atomic) {
453                                         atomic = 0;
454                                         goto redo2;
455                                 }
456                                 if (!ret)
457                                         ret = error;
458                                 break;
459                         }
460                         ret += chars;
461
462                         /* Insert it into the buffer array */
463                         buf->page = page;
464                         buf->ops = &anon_pipe_buf_ops;
465                         buf->offset = 0;
466                         buf->len = chars;
467                         pipe->nrbufs = ++bufs;
468                         pipe->tmp_page = NULL;
469
470                         total_len -= chars;
471                         if (!total_len)
472                                 break;
473                 }
474                 if (bufs < PIPE_BUFFERS)
475                         continue;
476                 if (filp->f_flags & O_NONBLOCK) {
477                         if (!ret)
478                                 ret = -EAGAIN;
479                         break;
480                 }
481                 if (signal_pending(current)) {
482                         if (!ret)
483                                 ret = -ERESTARTSYS;
484                         break;
485                 }
486                 if (do_wakeup) {
487                         wake_up_interruptible_sync(&pipe->wait);
488                         kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
489                         do_wakeup = 0;
490                 }
491                 pipe->waiting_writers++;
492                 pipe_wait(pipe);
493                 pipe->waiting_writers--;
494         }
495 out:
496         mutex_unlock(&inode->i_mutex);
497         if (do_wakeup) {
498                 wake_up_interruptible(&pipe->wait);
499                 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
500         }
501         if (ret > 0)
502                 file_update_time(filp);
503         return ret;
504 }
505
506 static ssize_t
507 bad_pipe_r(struct file *filp, char __user *buf, size_t count, loff_t *ppos)
508 {
509         return -EBADF;
510 }
511
512 static ssize_t
513 bad_pipe_w(struct file *filp, const char __user *buf, size_t count,
514            loff_t *ppos)
515 {
516         return -EBADF;
517 }
518
519 static int
520 pipe_ioctl(struct inode *pino, struct file *filp,
521            unsigned int cmd, unsigned long arg)
522 {
523         struct inode *inode = filp->f_path.dentry->d_inode;
524         struct pipe_inode_info *pipe;
525         int count, buf, nrbufs;
526
527         switch (cmd) {
528                 case FIONREAD:
529                         mutex_lock(&inode->i_mutex);
530                         pipe = inode->i_pipe;
531                         count = 0;
532                         buf = pipe->curbuf;
533                         nrbufs = pipe->nrbufs;
534                         while (--nrbufs >= 0) {
535                                 count += pipe->bufs[buf].len;
536                                 buf = (buf+1) & (PIPE_BUFFERS-1);
537                         }
538                         mutex_unlock(&inode->i_mutex);
539
540                         return put_user(count, (int __user *)arg);
541                 default:
542                         return -EINVAL;
543         }
544 }
545
546 /* No kernel lock held - fine */
547 static unsigned int
548 pipe_poll(struct file *filp, poll_table *wait)
549 {
550         unsigned int mask;
551         struct inode *inode = filp->f_path.dentry->d_inode;
552         struct pipe_inode_info *pipe = inode->i_pipe;
553         int nrbufs;
554
555         poll_wait(filp, &pipe->wait, wait);
556
557         /* Reading only -- no need for acquiring the semaphore.  */
558         nrbufs = pipe->nrbufs;
559         mask = 0;
560         if (filp->f_mode & FMODE_READ) {
561                 mask = (nrbufs > 0) ? POLLIN | POLLRDNORM : 0;
562                 if (!pipe->writers && filp->f_version != pipe->w_counter)
563                         mask |= POLLHUP;
564         }
565
566         if (filp->f_mode & FMODE_WRITE) {
567                 mask |= (nrbufs < PIPE_BUFFERS) ? POLLOUT | POLLWRNORM : 0;
568                 /*
569                  * Most Unices do not set POLLERR for FIFOs but on Linux they
570                  * behave exactly like pipes for poll().
571                  */
572                 if (!pipe->readers)
573                         mask |= POLLERR;
574         }
575
576         return mask;
577 }
578
579 static int
580 pipe_release(struct inode *inode, int decr, int decw)
581 {
582         struct pipe_inode_info *pipe;
583
584         mutex_lock(&inode->i_mutex);
585         pipe = inode->i_pipe;
586         pipe->readers -= decr;
587         pipe->writers -= decw;
588
589         if (!pipe->readers && !pipe->writers) {
590                 free_pipe_info(inode);
591         } else {
592                 wake_up_interruptible(&pipe->wait);
593                 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
594                 kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
595         }
596         mutex_unlock(&inode->i_mutex);
597
598         return 0;
599 }
600
601 static int
602 pipe_read_fasync(int fd, struct file *filp, int on)
603 {
604         struct inode *inode = filp->f_path.dentry->d_inode;
605         int retval;
606
607         mutex_lock(&inode->i_mutex);
608         retval = fasync_helper(fd, filp, on, &inode->i_pipe->fasync_readers);
609         mutex_unlock(&inode->i_mutex);
610
611         if (retval < 0)
612                 return retval;
613
614         return 0;
615 }
616
617
618 static int
619 pipe_write_fasync(int fd, struct file *filp, int on)
620 {
621         struct inode *inode = filp->f_path.dentry->d_inode;
622         int retval;
623
624         mutex_lock(&inode->i_mutex);
625         retval = fasync_helper(fd, filp, on, &inode->i_pipe->fasync_writers);
626         mutex_unlock(&inode->i_mutex);
627
628         if (retval < 0)
629                 return retval;
630
631         return 0;
632 }
633
634
635 static int
636 pipe_rdwr_fasync(int fd, struct file *filp, int on)
637 {
638         struct inode *inode = filp->f_path.dentry->d_inode;
639         struct pipe_inode_info *pipe = inode->i_pipe;
640         int retval;
641
642         mutex_lock(&inode->i_mutex);
643
644         retval = fasync_helper(fd, filp, on, &pipe->fasync_readers);
645
646         if (retval >= 0)
647                 retval = fasync_helper(fd, filp, on, &pipe->fasync_writers);
648
649         mutex_unlock(&inode->i_mutex);
650
651         if (retval < 0)
652                 return retval;
653
654         return 0;
655 }
656
657
658 static int
659 pipe_read_release(struct inode *inode, struct file *filp)
660 {
661         pipe_read_fasync(-1, filp, 0);
662         return pipe_release(inode, 1, 0);
663 }
664
665 static int
666 pipe_write_release(struct inode *inode, struct file *filp)
667 {
668         pipe_write_fasync(-1, filp, 0);
669         return pipe_release(inode, 0, 1);
670 }
671
672 static int
673 pipe_rdwr_release(struct inode *inode, struct file *filp)
674 {
675         int decr, decw;
676
677         pipe_rdwr_fasync(-1, filp, 0);
678         decr = (filp->f_mode & FMODE_READ) != 0;
679         decw = (filp->f_mode & FMODE_WRITE) != 0;
680         return pipe_release(inode, decr, decw);
681 }
682
683 static int
684 pipe_read_open(struct inode *inode, struct file *filp)
685 {
686         /* We could have perhaps used atomic_t, but this and friends
687            below are the only places.  So it doesn't seem worthwhile.  */
688         mutex_lock(&inode->i_mutex);
689         inode->i_pipe->readers++;
690         mutex_unlock(&inode->i_mutex);
691
692         return 0;
693 }
694
695 static int
696 pipe_write_open(struct inode *inode, struct file *filp)
697 {
698         mutex_lock(&inode->i_mutex);
699         inode->i_pipe->writers++;
700         mutex_unlock(&inode->i_mutex);
701
702         return 0;
703 }
704
705 static int
706 pipe_rdwr_open(struct inode *inode, struct file *filp)
707 {
708         mutex_lock(&inode->i_mutex);
709         if (filp->f_mode & FMODE_READ)
710                 inode->i_pipe->readers++;
711         if (filp->f_mode & FMODE_WRITE)
712                 inode->i_pipe->writers++;
713         mutex_unlock(&inode->i_mutex);
714
715         return 0;
716 }
717
718 /*
719  * The file_operations structs are not static because they
720  * are also used in linux/fs/fifo.c to do operations on FIFOs.
721  */
722 const struct file_operations read_fifo_fops = {
723         .llseek         = no_llseek,
724         .read           = do_sync_read,
725         .aio_read       = pipe_read,
726         .write          = bad_pipe_w,
727         .poll           = pipe_poll,
728         .ioctl          = pipe_ioctl,
729         .open           = pipe_read_open,
730         .release        = pipe_read_release,
731         .fasync         = pipe_read_fasync,
732 };
733
734 const struct file_operations write_fifo_fops = {
735         .llseek         = no_llseek,
736         .read           = bad_pipe_r,
737         .write          = do_sync_write,
738         .aio_write      = pipe_write,
739         .poll           = pipe_poll,
740         .ioctl          = pipe_ioctl,
741         .open           = pipe_write_open,
742         .release        = pipe_write_release,
743         .fasync         = pipe_write_fasync,
744 };
745
746 const struct file_operations rdwr_fifo_fops = {
747         .llseek         = no_llseek,
748         .read           = do_sync_read,
749         .aio_read       = pipe_read,
750         .write          = do_sync_write,
751         .aio_write      = pipe_write,
752         .poll           = pipe_poll,
753         .ioctl          = pipe_ioctl,
754         .open           = pipe_rdwr_open,
755         .release        = pipe_rdwr_release,
756         .fasync         = pipe_rdwr_fasync,
757 };
758
759 static const struct file_operations read_pipe_fops = {
760         .llseek         = no_llseek,
761         .read           = do_sync_read,
762         .aio_read       = pipe_read,
763         .write          = bad_pipe_w,
764         .poll           = pipe_poll,
765         .ioctl          = pipe_ioctl,
766         .open           = pipe_read_open,
767         .release        = pipe_read_release,
768         .fasync         = pipe_read_fasync,
769 };
770
771 static const struct file_operations write_pipe_fops = {
772         .llseek         = no_llseek,
773         .read           = bad_pipe_r,
774         .write          = do_sync_write,
775         .aio_write      = pipe_write,
776         .poll           = pipe_poll,
777         .ioctl          = pipe_ioctl,
778         .open           = pipe_write_open,
779         .release        = pipe_write_release,
780         .fasync         = pipe_write_fasync,
781 };
782
783 static const struct file_operations rdwr_pipe_fops = {
784         .llseek         = no_llseek,
785         .read           = do_sync_read,
786         .aio_read       = pipe_read,
787         .write          = do_sync_write,
788         .aio_write      = pipe_write,
789         .poll           = pipe_poll,
790         .ioctl          = pipe_ioctl,
791         .open           = pipe_rdwr_open,
792         .release        = pipe_rdwr_release,
793         .fasync         = pipe_rdwr_fasync,
794 };
795
796 struct pipe_inode_info * alloc_pipe_info(struct inode *inode)
797 {
798         struct pipe_inode_info *pipe;
799
800         pipe = kzalloc(sizeof(struct pipe_inode_info), GFP_KERNEL);
801         if (pipe) {
802                 init_waitqueue_head(&pipe->wait);
803                 pipe->r_counter = pipe->w_counter = 1;
804                 pipe->inode = inode;
805         }
806
807         return pipe;
808 }
809
810 void __free_pipe_info(struct pipe_inode_info *pipe)
811 {
812         int i;
813
814         for (i = 0; i < PIPE_BUFFERS; i++) {
815                 struct pipe_buffer *buf = pipe->bufs + i;
816                 if (buf->ops)
817                         buf->ops->release(pipe, buf);
818         }
819         if (pipe->tmp_page)
820                 __free_page(pipe->tmp_page);
821         kfree(pipe);
822 }
823
824 void free_pipe_info(struct inode *inode)
825 {
826         __free_pipe_info(inode->i_pipe);
827         inode->i_pipe = NULL;
828 }
829
830 static struct vfsmount *pipe_mnt __read_mostly;
831 static int pipefs_delete_dentry(struct dentry *dentry)
832 {
833         /*
834          * At creation time, we pretended this dentry was hashed
835          * (by clearing DCACHE_UNHASHED bit in d_flags)
836          * At delete time, we restore the truth : not hashed.
837          * (so that dput() can proceed correctly)
838          */
839         dentry->d_flags |= DCACHE_UNHASHED;
840         return 0;
841 }
842
843 static struct dentry_operations pipefs_dentry_operations = {
844         .d_delete       = pipefs_delete_dentry,
845 };
846
847 static struct inode * get_pipe_inode(void)
848 {
849         struct inode *inode = new_inode(pipe_mnt->mnt_sb);
850         struct pipe_inode_info *pipe;
851
852         if (!inode)
853                 goto fail_inode;
854
855         pipe = alloc_pipe_info(inode);
856         if (!pipe)
857                 goto fail_iput;
858         inode->i_pipe = pipe;
859
860         pipe->readers = pipe->writers = 1;
861         inode->i_fop = &rdwr_pipe_fops;
862
863         /*
864          * Mark the inode dirty from the very beginning,
865          * that way it will never be moved to the dirty
866          * list because "mark_inode_dirty()" will think
867          * that it already _is_ on the dirty list.
868          */
869         inode->i_state = I_DIRTY;
870         inode->i_mode = S_IFIFO | S_IRUSR | S_IWUSR;
871         inode->i_uid = current->fsuid;
872         inode->i_gid = current->fsgid;
873         inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;
874
875         return inode;
876
877 fail_iput:
878         iput(inode);
879
880 fail_inode:
881         return NULL;
882 }
883
884 struct file *create_write_pipe(void)
885 {
886         int err;
887         struct inode *inode;
888         struct file *f;
889         struct dentry *dentry;
890         char name[32];
891         struct qstr this;
892
893         f = get_empty_filp();
894         if (!f)
895                 return ERR_PTR(-ENFILE);
896         err = -ENFILE;
897         inode = get_pipe_inode();
898         if (!inode)
899                 goto err_file;
900
901         this.len = sprintf(name, "[%lu]", inode->i_ino);
902         this.name = name;
903         this.hash = 0;
904         err = -ENOMEM;
905         dentry = d_alloc(pipe_mnt->mnt_sb->s_root, &this);
906         if (!dentry)
907                 goto err_inode;
908
909         dentry->d_op = &pipefs_dentry_operations;
910         /*
911          * We dont want to publish this dentry into global dentry hash table.
912          * We pretend dentry is already hashed, by unsetting DCACHE_UNHASHED
913          * This permits a working /proc/$pid/fd/XXX on pipes
914          */
915         dentry->d_flags &= ~DCACHE_UNHASHED;
916         d_instantiate(dentry, inode);
917         f->f_path.mnt = mntget(pipe_mnt);
918         f->f_path.dentry = dentry;
919         f->f_mapping = inode->i_mapping;
920
921         f->f_flags = O_WRONLY;
922         f->f_op = &write_pipe_fops;
923         f->f_mode = FMODE_WRITE;
924         f->f_version = 0;
925
926         return f;
927
928  err_inode:
929         free_pipe_info(inode);
930         iput(inode);
931  err_file:
932         put_filp(f);
933         return ERR_PTR(err);
934 }
935
936 void free_write_pipe(struct file *f)
937 {
938         free_pipe_info(f->f_dentry->d_inode);
939         dput(f->f_path.dentry);
940         mntput(f->f_path.mnt);
941         put_filp(f);
942 }
943
944 struct file *create_read_pipe(struct file *wrf)
945 {
946         struct file *f = get_empty_filp();
947         if (!f)
948                 return ERR_PTR(-ENFILE);
949
950         /* Grab pipe from the writer */
951         f->f_path.mnt = mntget(wrf->f_path.mnt);
952         f->f_path.dentry = dget(wrf->f_path.dentry);
953         f->f_mapping = wrf->f_path.dentry->d_inode->i_mapping;
954
955         f->f_pos = 0;
956         f->f_flags = O_RDONLY;
957         f->f_op = &read_pipe_fops;
958         f->f_mode = FMODE_READ;
959         f->f_version = 0;
960
961         return f;
962 }
963
964 int do_pipe(int *fd)
965 {
966         struct file *fw, *fr;
967         int error;
968         int fdw, fdr;
969
970         fw = create_write_pipe();
971         if (IS_ERR(fw))
972                 return PTR_ERR(fw);
973         fr = create_read_pipe(fw);
974         error = PTR_ERR(fr);
975         if (IS_ERR(fr))
976                 goto err_write_pipe;
977
978         error = get_unused_fd();
979         if (error < 0)
980                 goto err_read_pipe;
981         fdr = error;
982
983         error = get_unused_fd();
984         if (error < 0)
985                 goto err_fdr;
986         fdw = error;
987
988         fd_install(fdr, fr);
989         fd_install(fdw, fw);
990         fd[0] = fdr;
991         fd[1] = fdw;
992
993         return 0;
994
995  err_fdr:
996         put_unused_fd(fdr);
997  err_read_pipe:
998         dput(fr->f_dentry);
999         mntput(fr->f_vfsmnt);
1000         put_filp(fr);
1001  err_write_pipe:
1002         free_write_pipe(fw);
1003         return error;
1004 }
1005
1006 /*
1007  * pipefs should _never_ be mounted by userland - too much of security hassle,
1008  * no real gain from having the whole whorehouse mounted. So we don't need
1009  * any operations on the root directory. However, we need a non-trivial
1010  * d_name - pipe: will go nicely and kill the special-casing in procfs.
1011  */
1012 static int pipefs_get_sb(struct file_system_type *fs_type,
1013                          int flags, const char *dev_name, void *data,
1014                          struct vfsmount *mnt)
1015 {
1016         return get_sb_pseudo(fs_type, "pipe:", NULL, PIPEFS_MAGIC, mnt);
1017 }
1018
1019 static struct file_system_type pipe_fs_type = {
1020         .name           = "pipefs",
1021         .get_sb         = pipefs_get_sb,
1022         .kill_sb        = kill_anon_super,
1023 };
1024
1025 static int __init init_pipe_fs(void)
1026 {
1027         int err = register_filesystem(&pipe_fs_type);
1028
1029         if (!err) {
1030                 pipe_mnt = kern_mount(&pipe_fs_type);
1031                 if (IS_ERR(pipe_mnt)) {
1032                         err = PTR_ERR(pipe_mnt);
1033                         unregister_filesystem(&pipe_fs_type);
1034                 }
1035         }
1036         return err;
1037 }
1038
1039 static void __exit exit_pipe_fs(void)
1040 {
1041         unregister_filesystem(&pipe_fs_type);
1042         mntput(pipe_mnt);
1043 }
1044
1045 fs_initcall(init_pipe_fs);
1046 module_exit(exit_pipe_fs);