diff options
author | Alan Stern <stern@rowland.harvard.edu> | 2007-01-17 08:28:48 +0100 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2007-02-08 00:44:39 +0100 |
commit | 49631ca7f3e2fd05186028b453fa27f75b830de7 (patch) | |
tree | b8fb89f0ef0a32c94c259d0fc6ab9bc40a828419 /drivers/usb/gadget | |
parent | USB: gadgetfs behaves better on userspace init bug (diff) | |
download | linux-49631ca7f3e2fd05186028b453fa27f75b830de7.tar.xz linux-49631ca7f3e2fd05186028b453fa27f75b830de7.zip |
USB: gadgetfs AIO tweaks
This patch (as837) fixes several mistakes in the AIO interface of the
gadgetfs driver:
The ki_retry method is not supposed to do a put on the kiocb.
The extra call to aio_put_req() causes memory corruption.
(Note: This call was removed before, by patch as691, and then
mysteriously re-introduced later.)
Even if a read transfer is cancelled, we can and should send
to the user all the data that did manage to get transferred.
Testing for AIO cancellation in the I/O completion handler
is both racy and (now) unnecessary. aio_complete() does its
own checking, in a safe manner.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'drivers/usb/gadget')
-rw-r--r-- | drivers/usb/gadget/inode.c | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/drivers/usb/gadget/inode.c b/drivers/usb/gadget/inode.c index 1c5e1ee7e36b..34296e79edcf 100644 --- a/drivers/usb/gadget/inode.c +++ b/drivers/usb/gadget/inode.c @@ -576,7 +576,6 @@ static ssize_t ep_aio_read_retry(struct kiocb *iocb) } kfree(priv->buf); kfree(priv); - aio_put_req(iocb); return len; } @@ -590,18 +589,17 @@ static void ep_aio_complete(struct usb_ep *ep, struct usb_request *req) spin_lock(&epdata->dev->lock); priv->req = NULL; priv->epdata = NULL; - if (priv->iv == NULL - || unlikely(req->actual == 0) - || unlikely(kiocbIsCancelled(iocb))) { + + /* if this was a write or a read returning no data then we + * don't need to copy anything to userspace, so we can + * complete the aio request immediately. + */ + if (priv->iv == NULL || unlikely(req->actual == 0)) { kfree(req->buf); kfree(priv); iocb->private = NULL; /* aio_complete() reports bytes-transferred _and_ faults */ - if (unlikely(kiocbIsCancelled(iocb))) - aio_put_req(iocb); - else - aio_complete(iocb, - req->actual ? req->actual : req->status, + aio_complete(iocb, req->actual ? req->actual : req->status, req->status); } else { /* retry() won't report both; so we hide some faults */ |