summaryrefslogtreecommitdiffstats
path: root/drivers/usb/gadget
diff options
context:
space:
mode:
authorAlan Stern <stern@rowland.harvard.edu>2007-01-17 08:28:48 +0100
committerGreg Kroah-Hartman <gregkh@suse.de>2007-02-08 00:44:39 +0100
commit49631ca7f3e2fd05186028b453fa27f75b830de7 (patch)
treeb8fb89f0ef0a32c94c259d0fc6ab9bc40a828419 /drivers/usb/gadget
parentUSB: gadgetfs behaves better on userspace init bug (diff)
downloadlinux-49631ca7f3e2fd05186028b453fa27f75b830de7.tar.xz
linux-49631ca7f3e2fd05186028b453fa27f75b830de7.zip
USB: gadgetfs AIO tweaks
This patch (as837) fixes several mistakes in the AIO interface of the gadgetfs driver: The ki_retry method is not supposed to do a put on the kiocb. The extra call to aio_put_req() causes memory corruption. (Note: This call was removed before, by patch as691, and then mysteriously re-introduced later.) Even if a read transfer is cancelled, we can and should send to the user all the data that did manage to get transferred. Testing for AIO cancellation in the I/O completion handler is both racy and (now) unnecessary. aio_complete() does its own checking, in a safe manner. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: David Brownell <dbrownell@users.sourceforge.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'drivers/usb/gadget')
-rw-r--r--drivers/usb/gadget/inode.c16
1 files changed, 7 insertions, 9 deletions
diff --git a/drivers/usb/gadget/inode.c b/drivers/usb/gadget/inode.c
index 1c5e1ee7e36b..34296e79edcf 100644
--- a/drivers/usb/gadget/inode.c
+++ b/drivers/usb/gadget/inode.c
@@ -576,7 +576,6 @@ static ssize_t ep_aio_read_retry(struct kiocb *iocb)
}
kfree(priv->buf);
kfree(priv);
- aio_put_req(iocb);
return len;
}
@@ -590,18 +589,17 @@ static void ep_aio_complete(struct usb_ep *ep, struct usb_request *req)
spin_lock(&epdata->dev->lock);
priv->req = NULL;
priv->epdata = NULL;
- if (priv->iv == NULL
- || unlikely(req->actual == 0)
- || unlikely(kiocbIsCancelled(iocb))) {
+
+ /* if this was a write or a read returning no data then we
+ * don't need to copy anything to userspace, so we can
+ * complete the aio request immediately.
+ */
+ if (priv->iv == NULL || unlikely(req->actual == 0)) {
kfree(req->buf);
kfree(priv);
iocb->private = NULL;
/* aio_complete() reports bytes-transferred _and_ faults */
- if (unlikely(kiocbIsCancelled(iocb)))
- aio_put_req(iocb);
- else
- aio_complete(iocb,
- req->actual ? req->actual : req->status,
+ aio_complete(iocb, req->actual ? req->actual : req->status,
req->status);
} else {
/* retry() won't report both; so we hide some faults */