1pipe(7) Miscellaneous Information Manual pipe(7)
2
3
4
6 pipe - overview of pipes and FIFOs
7
9 Pipes and FIFOs (also known as named pipes) provide a unidirectional
10 interprocess communication channel. A pipe has a read end and a write
11 end. Data written to the write end of a pipe can be read from the read
12 end of the pipe.
13
14 A pipe is created using pipe(2), which creates a new pipe and returns
15 two file descriptors, one referring to the read end of the pipe, the
16 other referring to the write end. Pipes can be used to create a commu‐
17 nication channel between related processes; see pipe(2) for an example.
18
19 A FIFO (short for First In First Out) has a name within the filesystem
20 (created using mkfifo(3)), and is opened using open(2). Any process
21 may open a FIFO, assuming the file permissions allow it. The read end
22 is opened using the O_RDONLY flag; the write end is opened using the
23 O_WRONLY flag. See fifo(7) for further details. Note: although FIFOs
24 have a pathname in the filesystem, I/O on FIFOs does not involve opera‐
25 tions on the underlying device (if there is one).
26
27 I/O on pipes and FIFOs
28 The only difference between pipes and FIFOs is the manner in which they
29 are created and opened. Once these tasks have been accomplished, I/O
30 on pipes and FIFOs has exactly the same semantics.
31
32 If a process attempts to read from an empty pipe, then read(2) will
33 block until data is available. If a process attempts to write to a
34 full pipe (see below), then write(2) blocks until sufficient data has
35 been read from the pipe to allow the write to complete.
36
37 Nonblocking I/O is possible by using the fcntl(2) F_SETFL operation to
38 enable the O_NONBLOCK open file status flag or by opening a fifo(7)
39 with O_NONBLOCK. If any process has the pipe open for writing, reads
40 fail with EAGAIN; otherwise—with no potential writers—reads succeed and
41 return empty.
42
43 The communication channel provided by a pipe is a byte stream: there is
44 no concept of message boundaries.
45
46 If all file descriptors referring to the write end of a pipe have been
47 closed, then an attempt to read(2) from the pipe will see end-of-file
48 (read(2) will return 0). If all file descriptors referring to the read
49 end of a pipe have been closed, then a write(2) will cause a SIGPIPE
50 signal to be generated for the calling process. If the calling process
51 is ignoring this signal, then write(2) fails with the error EPIPE. An
52 application that uses pipe(2) and fork(2) should use suitable close(2)
53 calls to close unnecessary duplicate file descriptors; this ensures
54 that end-of-file and SIGPIPE/EPIPE are delivered when appropriate.
55
56 It is not possible to apply lseek(2) to a pipe.
57
58 Pipe capacity
59 A pipe has a limited capacity. If the pipe is full, then a write(2)
60 will block or fail, depending on whether the O_NONBLOCK flag is set
61 (see below). Different implementations have different limits for the
62 pipe capacity. Applications should not rely on a particular capacity:
63 an application should be designed so that a reading process consumes
64 data as soon as it is available, so that a writing process does not re‐
65 main blocked.
66
67 Before Linux 2.6.11, the capacity of a pipe was the same as the system
68 page size (e.g., 4096 bytes on i386). Since Linux 2.6.11, the pipe ca‐
69 pacity is 16 pages (i.e., 65,536 bytes in a system with a page size of
70 4096 bytes). Since Linux 2.6.35, the default pipe capacity is 16
71 pages, but the capacity can be queried and set using the fcntl(2)
72 F_GETPIPE_SZ and F_SETPIPE_SZ operations. See fcntl(2) for more infor‐
73 mation.
74
75 The following ioctl(2) operation, which can be applied to a file de‐
76 scriptor that refers to either end of a pipe, places a count of the
77 number of unread bytes in the pipe in the int buffer pointed to by the
78 final argument of the call:
79
80 ioctl(fd, FIONREAD, &nbytes);
81
82 The FIONREAD operation is not specified in any standard, but is pro‐
83 vided on many implementations.
84
85 /proc files
86 On Linux, the following files control how much memory can be used for
87 pipes:
88
89 /proc/sys/fs/pipe-max-pages (only in Linux 2.6.34)
90 An upper limit, in pages, on the capacity that an unprivileged
91 user (one without the CAP_SYS_RESOURCE capability) can set for a
92 pipe.
93
94 The default value for this limit is 16 times the default pipe
95 capacity (see above); the lower limit is two pages.
96
97 This interface was removed in Linux 2.6.35, in favor of
98 /proc/sys/fs/pipe-max-size.
99
100 /proc/sys/fs/pipe-max-size (since Linux 2.6.35)
101 The maximum size (in bytes) of individual pipes that can be set
102 by users without the CAP_SYS_RESOURCE capability. The value as‐
103 signed to this file may be rounded upward, to reflect the value
104 actually employed for a convenient implementation. To determine
105 the rounded-up value, display the contents of this file after
106 assigning a value to it.
107
108 The default value for this file is 1048576 (1 MiB). The minimum
109 value that can be assigned to this file is the system page size.
110 Attempts to set a limit less than the page size cause write(2)
111 to fail with the error EINVAL.
112
113 Since Linux 4.9, the value on this file also acts as a ceiling
114 on the default capacity of a new pipe or newly opened FIFO.
115
116 /proc/sys/fs/pipe-user-pages-hard (since Linux 4.5)
117 The hard limit on the total size (in pages) of all pipes created
118 or set by a single unprivileged user (i.e., one with neither the
119 CAP_SYS_RESOURCE nor the CAP_SYS_ADMIN capability). So long as
120 the total number of pages allocated to pipe buffers for this
121 user is at this limit, attempts to create new pipes will be de‐
122 nied, and attempts to increase a pipe's capacity will be denied.
123
124 When the value of this limit is zero (which is the default), no
125 hard limit is applied.
126
127 /proc/sys/fs/pipe-user-pages-soft (since Linux 4.5)
128 The soft limit on the total size (in pages) of all pipes created
129 or set by a single unprivileged user (i.e., one with neither the
130 CAP_SYS_RESOURCE nor the CAP_SYS_ADMIN capability). So long as
131 the total number of pages allocated to pipe buffers for this
132 user is at this limit, individual pipes created by a user will
133 be limited to one page, and attempts to increase a pipe's capac‐
134 ity will be denied.
135
136 When the value of this limit is zero, no soft limit is applied.
137 The default value for this file is 16384, which permits creating
138 up to 1024 pipes with the default capacity.
139
140 Before Linux 4.9, some bugs affected the handling of the
141 pipe-user-pages-soft and pipe-user-pages-hard limits; see BUGS.
142
143 PIPE_BUF
144 POSIX.1 says that writes of less than PIPE_BUF bytes must be atomic:
145 the output data is written to the pipe as a contiguous sequence.
146 Writes of more than PIPE_BUF bytes may be nonatomic: the kernel may in‐
147 terleave the data with data written by other processes. POSIX.1 re‐
148 quires PIPE_BUF to be at least 512 bytes. (On Linux, PIPE_BUF is 4096
149 bytes.) The precise semantics depend on whether the file descriptor is
150 nonblocking (O_NONBLOCK), whether there are multiple writers to the
151 pipe, and on n, the number of bytes to be written:
152
153 O_NONBLOCK disabled, n <= PIPE_BUF
154 All n bytes are written atomically; write(2) may block if there
155 is not room for n bytes to be written immediately
156
157 O_NONBLOCK enabled, n <= PIPE_BUF
158 If there is room to write n bytes to the pipe, then write(2)
159 succeeds immediately, writing all n bytes; otherwise write(2)
160 fails, with errno set to EAGAIN.
161
162 O_NONBLOCK disabled, n > PIPE_BUF
163 The write is nonatomic: the data given to write(2) may be inter‐
164 leaved with write(2)s by other process; the write(2) blocks un‐
165 til n bytes have been written.
166
167 O_NONBLOCK enabled, n > PIPE_BUF
168 If the pipe is full, then write(2) fails, with errno set to EA‐
169 GAIN. Otherwise, from 1 to n bytes may be written (i.e., a
170 "partial write" may occur; the caller should check the return
171 value from write(2) to see how many bytes were actually writ‐
172 ten), and these bytes may be interleaved with writes by other
173 processes.
174
175 Open file status flags
176 The only open file status flags that can be meaningfully applied to a
177 pipe or FIFO are O_NONBLOCK and O_ASYNC.
178
179 Setting the O_ASYNC flag for the read end of a pipe causes a signal
180 (SIGIO by default) to be generated when new input becomes available on
181 the pipe. The target for delivery of signals must be set using the fc‐
182 ntl(2) F_SETOWN command. On Linux, O_ASYNC is supported for pipes and
183 FIFOs only since Linux 2.6.
184
185 Portability notes
186 On some systems (but not Linux), pipes are bidirectional: data can be
187 transmitted in both directions between the pipe ends. POSIX.1 requires
188 only unidirectional pipes. Portable applications should avoid reliance
189 on bidirectional pipe semantics.
190
191 BUGS
192 Before Linux 4.9, some bugs affected the handling of the
193 pipe-user-pages-soft and pipe-user-pages-hard limits when using the fc‐
194 ntl(2) F_SETPIPE_SZ operation to change a pipe's capacity:
195
196 (a) When increasing the pipe capacity, the checks against the soft and
197 hard limits were made against existing consumption, and excluded
198 the memory required for the increased pipe capacity. The new in‐
199 crease in pipe capacity could then push the total memory used by
200 the user for pipes (possibly far) over a limit. (This could also
201 trigger the problem described next.)
202
203 Starting with Linux 4.9, the limit checking includes the memory
204 required for the new pipe capacity.
205
206 (b) The limit checks were performed even when the new pipe capacity
207 was less than the existing pipe capacity. This could lead to
208 problems if a user set a large pipe capacity, and then the limits
209 were lowered, with the result that the user could no longer de‐
210 crease the pipe capacity.
211
212 Starting with Linux 4.9, checks against the limits are performed
213 only when increasing a pipe's capacity; an unprivileged user can
214 always decrease a pipe's capacity.
215
216 (c) The accounting and checking against the limits were done as fol‐
217 lows:
218
219 (1) Test whether the user has exceeded the limit.
220 (2) Make the new pipe buffer allocation.
221 (3) Account new allocation against the limits.
222
223 This was racey. Multiple processes could pass point (1) simulta‐
224 neously, and then allocate pipe buffers that were accounted for
225 only in step (3), with the result that the user's pipe buffer al‐
226 location could be pushed over the limit.
227
228 Starting with Linux 4.9, the accounting step is performed before
229 doing the allocation, and the operation fails if the limit would
230 be exceeded.
231
232 Before Linux 4.9, bugs similar to points (a) and (c) could also occur
233 when the kernel allocated memory for a new pipe buffer; that is, when
234 calling pipe(2) and when opening a previously unopened FIFO.
235
237 mkfifo(1), dup(2), fcntl(2), open(2), pipe(2), poll(2), select(2),
238 socketpair(2), splice(2), stat(2), tee(2), vmsplice(2), mkfifo(3),
239 epoll(7), fifo(7)
240
241
242
243Linux man-pages 6.05 2023-07-16 pipe(7)