2 * "splice": joining two ropes together by interweaving their strands.
4 * This is the "extended pipe" functionality, where a pipe is used as
5 * an arbitrary in-memory buffer. Think of a pipe as a small kernel
6 * buffer that you can use to transfer data from one end to the other.
8 * The traditional unix read/write is extended with a "splice()" operation
9 * that transfers data buffers to or from a pipe buffer.
11 * Named by Larry McVoy, original implementation from Linus, extended by
12 * Jens to support splicing to files, network, direct splicing, etc and
13 * fixing lots of bugs.
15 * Copyright (C) 2005-2006 Jens Axboe <axboe@suse.de>
16 * Copyright (C) 2005-2006 Linus Torvalds <torvalds@osdl.org>
17 * Copyright (C) 2006 Ingo Molnar <mingo@elte.hu>
21 #include <linux/file.h>
22 #include <linux/pagemap.h>
23 #include <linux/pipe_fs_i.h>
24 #include <linux/mm_inline.h>
25 #include <linux/swap.h>
26 #include <linux/writeback.h>
27 #include <linux/buffer_head.h>
28 #include <linux/module.h>
29 #include <linux/syscalls.h>
32 * Passed to the actors
35 unsigned int len, total_len; /* current and remaining length */
36 unsigned int flags; /* splice flags */
37 struct file *file; /* file to read/write */
38 loff_t pos; /* file position */
42 * Attempt to steal a page from a pipe buffer. This should perhaps go into
43 * a vm helper function, it's already simplified quite a bit by the
44 * addition of remove_mapping(). If success is returned, the caller may
45 * attempt to reuse this page for another destination.
47 static int page_cache_pipe_buf_steal(struct pipe_inode_info *info,
48 struct pipe_buffer *buf)
50 struct page *page = buf->page;
51 struct address_space *mapping = page_mapping(page);
55 WARN_ON(!PageUptodate(page));
58 * At least for ext2 with nobh option, we need to wait on writeback
59 * completing on this page, since we'll remove it from the pagecache.
60 * Otherwise truncate wont wait on the page, allowing the disk
61 * blocks to be reused by someone else before we actually wrote our
62 * data to them. fs corruption ensues.
64 wait_on_page_writeback(page);
66 if (PagePrivate(page))
67 try_to_release_page(page, mapping_gfp_mask(mapping));
69 if (!remove_mapping(mapping, page)) {
74 buf->flags |= PIPE_BUF_FLAG_STOLEN | PIPE_BUF_FLAG_LRU;
78 static void page_cache_pipe_buf_release(struct pipe_inode_info *info,
79 struct pipe_buffer *buf)
81 page_cache_release(buf->page);
83 buf->flags &= ~(PIPE_BUF_FLAG_STOLEN | PIPE_BUF_FLAG_LRU);
86 static void *page_cache_pipe_buf_map(struct file *file,
87 struct pipe_inode_info *info,
88 struct pipe_buffer *buf)
90 struct page *page = buf->page;
93 if (!PageUptodate(page)) {
97 * Page got truncated/unhashed. This will cause a 0-byte
98 * splice, if this is the first page.
100 if (!page->mapping) {
106 * Uh oh, read-error from disk.
108 if (!PageUptodate(page)) {
114 * Page is ok afterall, fall through to mapping.
125 static void page_cache_pipe_buf_unmap(struct pipe_inode_info *info,
126 struct pipe_buffer *buf)
131 static void page_cache_pipe_buf_get(struct pipe_inode_info *info,
132 struct pipe_buffer *buf)
134 page_cache_get(buf->page);
137 static struct pipe_buf_operations page_cache_pipe_buf_ops = {
139 .map = page_cache_pipe_buf_map,
140 .unmap = page_cache_pipe_buf_unmap,
141 .release = page_cache_pipe_buf_release,
142 .steal = page_cache_pipe_buf_steal,
143 .get = page_cache_pipe_buf_get,
147 * Pipe output worker. This sets up our pipe format with the page cache
148 * pipe buffer operations. Otherwise very similar to the regular pipe_writev().
150 static ssize_t move_to_pipe(struct pipe_inode_info *pipe, struct page **pages,
151 int nr_pages, unsigned long len,
152 unsigned int offset, unsigned int flags)
154 int ret, do_wakeup, i;
161 mutex_lock(&pipe->inode->i_mutex);
164 if (!pipe->readers) {
165 send_sig(SIGPIPE, current, 0);
171 if (pipe->nrbufs < PIPE_BUFFERS) {
172 int newbuf = (pipe->curbuf + pipe->nrbufs) & (PIPE_BUFFERS - 1);
173 struct pipe_buffer *buf = pipe->bufs + newbuf;
174 struct page *page = pages[i++];
175 unsigned long this_len;
177 this_len = PAGE_CACHE_SIZE - offset;
182 buf->offset = offset;
184 buf->ops = &page_cache_pipe_buf_ops;
196 if (pipe->nrbufs < PIPE_BUFFERS)
202 if (flags & SPLICE_F_NONBLOCK) {
208 if (signal_pending(current)) {
216 if (waitqueue_active(&pipe->wait))
217 wake_up_interruptible_sync(&pipe->wait);
218 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
222 pipe->waiting_writers++;
224 pipe->waiting_writers--;
228 mutex_unlock(&pipe->inode->i_mutex);
232 if (waitqueue_active(&pipe->wait))
233 wake_up_interruptible(&pipe->wait);
234 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
238 page_cache_release(pages[i++]);
244 __generic_file_splice_read(struct file *in, loff_t *ppos,
245 struct pipe_inode_info *pipe, size_t len,
248 struct address_space *mapping = in->f_mapping;
249 unsigned int loff, offset, nr_pages;
250 struct page *pages[PIPE_BUFFERS];
252 pgoff_t index, end_index;
257 index = *ppos >> PAGE_CACHE_SHIFT;
258 loff = offset = *ppos & ~PAGE_CACHE_MASK;
259 nr_pages = (len + offset + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
261 if (nr_pages > PIPE_BUFFERS)
262 nr_pages = PIPE_BUFFERS;
265 * Initiate read-ahead on this page range. however, don't call into
266 * read-ahead if this is a non-zero offset (we are likely doing small
267 * chunk splice and the page is already there) for a single page.
269 if (!offset || nr_pages > 1)
270 do_page_cache_readahead(mapping, in, index, nr_pages);
273 * Now fill in the holes:
277 for (i = 0; i < nr_pages; i++, index++) {
278 unsigned int this_len;
284 * this_len is the max we'll use from this page
286 this_len = min_t(unsigned long, len, PAGE_CACHE_SIZE - loff);
289 * lookup the page for this index
291 page = find_get_page(mapping, index);
294 * page didn't exist, allocate one
296 page = page_cache_alloc_cold(mapping);
300 error = add_to_page_cache_lru(page, mapping, index,
301 mapping_gfp_mask(mapping));
302 if (unlikely(error)) {
303 page_cache_release(page);
311 * If the page isn't uptodate, we may need to start io on it
313 if (!PageUptodate(page)) {
315 * If in nonblock mode then dont block on waiting
316 * for an in-flight io page
318 if (flags & SPLICE_F_NONBLOCK)
324 * page was truncated, stop here. if this isn't the
325 * first page, we'll just complete what we already
328 if (!page->mapping) {
330 page_cache_release(page);
334 * page was already under io and is now done, great
336 if (PageUptodate(page)) {
343 * need to read in the page
345 error = mapping->a_ops->readpage(in, page);
347 if (unlikely(error)) {
348 page_cache_release(page);
349 if (error == AOP_TRUNCATED_PAGE)
355 * i_size must be checked after ->readpage().
357 isize = i_size_read(mapping->host);
358 end_index = (isize - 1) >> PAGE_CACHE_SHIFT;
359 if (unlikely(!isize || index > end_index)) {
360 page_cache_release(page);
365 * if this is the last page, see if we need to shrink
366 * the length and stop
368 if (end_index == index) {
369 loff = PAGE_CACHE_SIZE - (isize & ~PAGE_CACHE_MASK);
370 if (bytes + loff > isize) {
371 page_cache_release(page);
375 * force quit after adding this page
378 this_len = min(this_len, loff);
389 return move_to_pipe(pipe, pages, i, bytes, offset, flags);
395 * generic_file_splice_read - splice data from file to a pipe
396 * @in: file to splice from
397 * @pipe: pipe to splice to
398 * @len: number of bytes to splice
399 * @flags: splice modifier flags
401 * Will read pages from given file and fill them into a pipe.
403 ssize_t generic_file_splice_read(struct file *in, loff_t *ppos,
404 struct pipe_inode_info *pipe, size_t len,
414 ret = __generic_file_splice_read(in, ppos, pipe, len, flags);
421 if (flags & SPLICE_F_NONBLOCK) {
438 EXPORT_SYMBOL(generic_file_splice_read);
441 * Send 'sd->len' bytes to socket from 'sd->file' at position 'sd->pos'
442 * using sendpage(). Return the number of bytes sent.
444 static int pipe_to_sendpage(struct pipe_inode_info *info,
445 struct pipe_buffer *buf, struct splice_desc *sd)
447 struct file *file = sd->file;
448 loff_t pos = sd->pos;
454 * Sub-optimal, but we are limited by the pipe ->map. We don't
455 * need a kmap'ed buffer here, we just want to make sure we
456 * have the page pinned if the pipe page originates from the
459 ptr = buf->ops->map(file, info, buf);
463 more = (sd->flags & SPLICE_F_MORE) || sd->len < sd->total_len;
465 ret = file->f_op->sendpage(file, buf->page, buf->offset, sd->len,
468 buf->ops->unmap(info, buf);
473 * This is a little more tricky than the file -> pipe splicing. There are
474 * basically three cases:
476 * - Destination page already exists in the address space and there
477 * are users of it. For that case we have no other option that
478 * copying the data. Tough luck.
479 * - Destination page already exists in the address space, but there
480 * are no users of it. Make sure it's uptodate, then drop it. Fall
481 * through to last case.
482 * - Destination page does not exist, we can add the pipe page to
483 * the page cache and avoid the copy.
485 * If asked to move pages to the output file (SPLICE_F_MOVE is set in
486 * sd->flags), we attempt to migrate pages from the pipe to the output
487 * file address space page cache. This is possible if no one else has
488 * the pipe page referenced outside of the pipe and page cache. If
489 * SPLICE_F_MOVE isn't set, or we cannot move the page, we simply create
490 * a new page in the output file page cache and fill/dirty that.
492 static int pipe_to_file(struct pipe_inode_info *info, struct pipe_buffer *buf,
493 struct splice_desc *sd)
495 struct file *file = sd->file;
496 struct address_space *mapping = file->f_mapping;
497 gfp_t gfp_mask = mapping_gfp_mask(mapping);
498 unsigned int offset, this_len;
505 * make sure the data in this buffer is uptodate
507 src = buf->ops->map(file, info, buf);
511 index = sd->pos >> PAGE_CACHE_SHIFT;
512 offset = sd->pos & ~PAGE_CACHE_MASK;
515 if (this_len + offset > PAGE_CACHE_SIZE)
516 this_len = PAGE_CACHE_SIZE - offset;
519 * Reuse buf page, if SPLICE_F_MOVE is set.
521 if (sd->flags & SPLICE_F_MOVE) {
523 * If steal succeeds, buf->page is now pruned from the vm
524 * side (LRU and page cache) and we can reuse it. The page
525 * will also be looked on successful return.
527 if (buf->ops->steal(info, buf))
531 if (add_to_page_cache(page, mapping, index, gfp_mask))
534 if (!(buf->flags & PIPE_BUF_FLAG_LRU))
538 page = find_lock_page(mapping, index);
541 page = page_cache_alloc_cold(mapping);
546 * This will also lock the page
548 ret = add_to_page_cache_lru(page, mapping, index,
555 * We get here with the page locked. If the page is also
556 * uptodate, we don't need to do more. If it isn't, we
557 * may need to bring it in if we are not going to overwrite
560 if (!PageUptodate(page)) {
561 if (this_len < PAGE_CACHE_SIZE) {
562 ret = mapping->a_ops->readpage(file, page);
568 if (!PageUptodate(page)) {
570 * Page got invalidated, repeat.
572 if (!page->mapping) {
574 page_cache_release(page);
581 SetPageUptodate(page);
585 ret = mapping->a_ops->prepare_write(file, page, offset, offset+this_len);
586 if (ret == AOP_TRUNCATED_PAGE) {
587 page_cache_release(page);
592 if (!(buf->flags & PIPE_BUF_FLAG_STOLEN)) {
593 char *dst = kmap_atomic(page, KM_USER0);
595 memcpy(dst + offset, src + buf->offset, this_len);
596 flush_dcache_page(page);
597 kunmap_atomic(dst, KM_USER0);
600 ret = mapping->a_ops->commit_write(file, page, offset, offset+this_len);
601 if (ret == AOP_TRUNCATED_PAGE) {
602 page_cache_release(page);
608 * Return the number of bytes written.
611 mark_page_accessed(page);
612 balance_dirty_pages_ratelimited(mapping);
614 if (!(buf->flags & PIPE_BUF_FLAG_STOLEN))
615 page_cache_release(page);
619 buf->ops->unmap(info, buf);
623 typedef int (splice_actor)(struct pipe_inode_info *, struct pipe_buffer *,
624 struct splice_desc *);
627 * Pipe input worker. Most of this logic works like a regular pipe, the
628 * key here is the 'actor' worker passed in that actually moves the data
629 * to the wanted destination. See pipe_to_file/pipe_to_sendpage above.
631 static ssize_t move_from_pipe(struct pipe_inode_info *pipe, struct file *out,
632 loff_t *ppos, size_t len, unsigned int flags,
635 int ret, do_wakeup, err;
636 struct splice_desc sd;
647 mutex_lock(&pipe->inode->i_mutex);
651 struct pipe_buffer *buf = pipe->bufs + pipe->curbuf;
652 struct pipe_buf_operations *ops = buf->ops;
655 if (sd.len > sd.total_len)
656 sd.len = sd.total_len;
658 err = actor(pipe, buf, &sd);
660 if (!ret && err != -ENODATA)
678 ops->release(pipe, buf);
679 pipe->curbuf = (pipe->curbuf + 1) & (PIPE_BUFFERS - 1);
693 if (!pipe->waiting_writers) {
698 if (flags & SPLICE_F_NONBLOCK) {
704 if (signal_pending(current)) {
712 if (waitqueue_active(&pipe->wait))
713 wake_up_interruptible_sync(&pipe->wait);
714 kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
722 mutex_unlock(&pipe->inode->i_mutex);
726 if (waitqueue_active(&pipe->wait))
727 wake_up_interruptible(&pipe->wait);
728 kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
735 * generic_file_splice_write - splice data from a pipe to a file
737 * @out: file to write to
738 * @len: number of bytes to splice
739 * @flags: splice modifier flags
741 * Will either move or copy pages (determined by @flags options) from
742 * the given pipe inode to the given file.
746 generic_file_splice_write(struct pipe_inode_info *pipe, struct file *out,
747 loff_t *ppos, size_t len, unsigned int flags)
749 struct address_space *mapping = out->f_mapping;
752 ret = move_from_pipe(pipe, out, ppos, len, flags, pipe_to_file);
754 struct inode *inode = mapping->host;
759 * If file or inode is SYNC and we actually wrote some data,
762 if (unlikely((out->f_flags & O_SYNC) || IS_SYNC(inode))) {
765 mutex_lock(&inode->i_mutex);
766 err = generic_osync_inode(inode, mapping,
767 OSYNC_METADATA|OSYNC_DATA);
768 mutex_unlock(&inode->i_mutex);
778 EXPORT_SYMBOL(generic_file_splice_write);
781 * generic_splice_sendpage - splice data from a pipe to a socket
783 * @out: socket to write to
784 * @len: number of bytes to splice
785 * @flags: splice modifier flags
787 * Will send @len bytes from the pipe to a network socket. No data copying
791 ssize_t generic_splice_sendpage(struct pipe_inode_info *pipe, struct file *out,
792 loff_t *ppos, size_t len, unsigned int flags)
794 return move_from_pipe(pipe, out, ppos, len, flags, pipe_to_sendpage);
797 EXPORT_SYMBOL(generic_splice_sendpage);
800 * Attempt to initiate a splice from pipe to file.
802 static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
803 loff_t *ppos, size_t len, unsigned int flags)
807 if (unlikely(!out->f_op || !out->f_op->splice_write))
810 if (unlikely(!(out->f_mode & FMODE_WRITE)))
813 ret = rw_verify_area(WRITE, out, ppos, len);
814 if (unlikely(ret < 0))
817 return out->f_op->splice_write(pipe, out, ppos, len, flags);
821 * Attempt to initiate a splice from a file to a pipe.
823 static long do_splice_to(struct file *in, loff_t *ppos,
824 struct pipe_inode_info *pipe, size_t len,
830 if (unlikely(!in->f_op || !in->f_op->splice_read))
833 if (unlikely(!(in->f_mode & FMODE_READ)))
836 ret = rw_verify_area(READ, in, ppos, len);
837 if (unlikely(ret < 0))
840 isize = i_size_read(in->f_mapping->host);
841 if (unlikely(*ppos >= isize))
844 left = isize - *ppos;
845 if (unlikely(left < len))
848 return in->f_op->splice_read(in, ppos, pipe, len, flags);
851 long do_splice_direct(struct file *in, loff_t *ppos, struct file *out,
852 size_t len, unsigned int flags)
854 struct pipe_inode_info *pipe;
861 * We require the input being a regular file, as we don't want to
862 * randomly drop data for eg socket -> socket splicing. Use the
863 * piped splicing for that!
865 i_mode = in->f_dentry->d_inode->i_mode;
866 if (unlikely(!S_ISREG(i_mode) && !S_ISBLK(i_mode)))
870 * neither in nor out is a pipe, setup an internal pipe attached to
871 * 'out' and transfer the wanted data from 'in' to 'out' through that
873 pipe = current->splice_pipe;
874 if (unlikely(!pipe)) {
875 pipe = alloc_pipe_info(NULL);
880 * We don't have an immediate reader, but we'll read the stuff
881 * out of the pipe right after the move_to_pipe(). So set
882 * PIPE_READERS appropriately.
886 current->splice_pipe = pipe;
897 size_t read_len, max_read_len;
900 * Do at most PIPE_BUFFERS pages worth of transfer:
902 max_read_len = min(len, (size_t)(PIPE_BUFFERS*PAGE_SIZE));
904 ret = do_splice_to(in, ppos, pipe, max_read_len, flags);
905 if (unlikely(ret < 0))
911 * NOTE: nonblocking mode only applies to the input. We
912 * must not do the output in nonblocking mode as then we
913 * could get stuck data in the internal pipe:
915 ret = do_splice_from(pipe, out, &out_off, read_len,
916 flags & ~SPLICE_F_NONBLOCK);
917 if (unlikely(ret < 0))
924 * In nonblocking mode, if we got back a short read then
925 * that was due to either an IO error or due to the
926 * pagecache entry not being there. In the IO error case
927 * the _next_ splice attempt will produce a clean IO error
928 * return value (not a short read), so in both cases it's
929 * correct to break out of the loop here:
931 if ((flags & SPLICE_F_NONBLOCK) && (read_len < max_read_len))
935 pipe->nrbufs = pipe->curbuf = 0;
941 * If we did an incomplete transfer we must release
942 * the pipe buffers in question:
944 for (i = 0; i < PIPE_BUFFERS; i++) {
945 struct pipe_buffer *buf = pipe->bufs + i;
948 buf->ops->release(pipe, buf);
952 pipe->nrbufs = pipe->curbuf = 0;
955 * If we transferred some data, return the number of bytes:
963 EXPORT_SYMBOL(do_splice_direct);
966 * Determine where to splice to/from.
968 static long do_splice(struct file *in, loff_t __user *off_in,
969 struct file *out, loff_t __user *off_out,
970 size_t len, unsigned int flags)
972 struct pipe_inode_info *pipe;
976 pipe = in->f_dentry->d_inode->i_pipe;
981 if (out->f_op->llseek == no_llseek)
983 if (copy_from_user(&offset, off_out, sizeof(loff_t)))
989 ret = do_splice_from(pipe, out, off, len, flags);
991 if (off_out && copy_to_user(off_out, off, sizeof(loff_t)))
997 pipe = out->f_dentry->d_inode->i_pipe;
1002 if (in->f_op->llseek == no_llseek)
1004 if (copy_from_user(&offset, off_in, sizeof(loff_t)))
1010 ret = do_splice_to(in, off, pipe, len, flags);
1012 if (off_in && copy_to_user(off_in, off, sizeof(loff_t)))
1021 asmlinkage long sys_splice(int fd_in, loff_t __user *off_in,
1022 int fd_out, loff_t __user *off_out,
1023 size_t len, unsigned int flags)
1026 struct file *in, *out;
1027 int fput_in, fput_out;
1033 in = fget_light(fd_in, &fput_in);
1035 if (in->f_mode & FMODE_READ) {
1036 out = fget_light(fd_out, &fput_out);
1038 if (out->f_mode & FMODE_WRITE)
1039 error = do_splice(in, off_in,
1042 fput_light(out, fput_out);
1046 fput_light(in, fput_in);
1053 * Link contents of ipipe to opipe.
1055 static int link_pipe(struct pipe_inode_info *ipipe,
1056 struct pipe_inode_info *opipe,
1057 size_t len, unsigned int flags)
1059 struct pipe_buffer *ibuf, *obuf;
1060 int ret, do_wakeup, i, ipipe_first;
1062 ret = do_wakeup = ipipe_first = 0;
1065 * Potential ABBA deadlock, work around it by ordering lock
1066 * grabbing by inode address. Otherwise two different processes
1067 * could deadlock (one doing tee from A -> B, the other from B -> A).
1069 if (ipipe->inode < opipe->inode) {
1071 mutex_lock(&ipipe->inode->i_mutex);
1072 mutex_lock(&opipe->inode->i_mutex);
1074 mutex_lock(&opipe->inode->i_mutex);
1075 mutex_lock(&ipipe->inode->i_mutex);
1079 if (!opipe->readers) {
1080 send_sig(SIGPIPE, current, 0);
1085 if (ipipe->nrbufs - i) {
1086 ibuf = ipipe->bufs + ((ipipe->curbuf + i) & (PIPE_BUFFERS - 1));
1089 * If we have room, fill this buffer
1091 if (opipe->nrbufs < PIPE_BUFFERS) {
1092 int nbuf = (opipe->curbuf + opipe->nrbufs) & (PIPE_BUFFERS - 1);
1095 * Get a reference to this pipe buffer,
1096 * so we can copy the contents over.
1098 ibuf->ops->get(ipipe, ibuf);
1100 obuf = opipe->bufs + nbuf;
1103 if (obuf->len > len)
1113 if (opipe->nrbufs < PIPE_BUFFERS)
1118 * We have input available, but no output room.
1119 * If we already copied data, return that. If we
1120 * need to drop the opipe lock, it must be ordered
1121 * last to avoid deadlocks.
1123 if ((flags & SPLICE_F_NONBLOCK) || !ipipe_first) {
1128 if (signal_pending(current)) {
1135 if (waitqueue_active(&opipe->wait))
1136 wake_up_interruptible(&opipe->wait);
1137 kill_fasync(&opipe->fasync_readers, SIGIO, POLL_IN);
1141 opipe->waiting_writers++;
1143 opipe->waiting_writers--;
1148 * No input buffers, do the usual checks for available
1149 * writers and blocking and wait if necessary
1151 if (!ipipe->writers)
1153 if (!ipipe->waiting_writers) {
1158 * pipe_wait() drops the ipipe mutex. To avoid deadlocks
1159 * with another process, we can only safely do that if
1160 * the ipipe lock is ordered last.
1162 if ((flags & SPLICE_F_NONBLOCK) || ipipe_first) {
1167 if (signal_pending(current)) {
1173 if (waitqueue_active(&ipipe->wait))
1174 wake_up_interruptible_sync(&ipipe->wait);
1175 kill_fasync(&ipipe->fasync_writers, SIGIO, POLL_OUT);
1180 mutex_unlock(&ipipe->inode->i_mutex);
1181 mutex_unlock(&opipe->inode->i_mutex);
1185 if (waitqueue_active(&opipe->wait))
1186 wake_up_interruptible(&opipe->wait);
1187 kill_fasync(&opipe->fasync_readers, SIGIO, POLL_IN);
1194 * This is a tee(1) implementation that works on pipes. It doesn't copy
1195 * any data, it simply references the 'in' pages on the 'out' pipe.
1196 * The 'flags' used are the SPLICE_F_* variants, currently the only
1197 * applicable one is SPLICE_F_NONBLOCK.
1199 static long do_tee(struct file *in, struct file *out, size_t len,
1202 struct pipe_inode_info *ipipe = in->f_dentry->d_inode->i_pipe;
1203 struct pipe_inode_info *opipe = out->f_dentry->d_inode->i_pipe;
1206 * Link ipipe to the two output pipes, consuming as we go along.
1209 return link_pipe(ipipe, opipe, len, flags);
1214 asmlinkage long sys_tee(int fdin, int fdout, size_t len, unsigned int flags)
1223 in = fget_light(fdin, &fput_in);
1225 if (in->f_mode & FMODE_READ) {
1227 struct file *out = fget_light(fdout, &fput_out);
1230 if (out->f_mode & FMODE_WRITE)
1231 error = do_tee(in, out, len, flags);
1232 fput_light(out, fput_out);
1235 fput_light(in, fput_in);