Merge branch 'gadget' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

+90 -136

drivers/usb/gadget/function/f_fs.c

··· 144 144 bool read; 145 145 146 146 struct kiocb *kiocb; 147 - const struct iovec *iovec; 148 - unsigned long nr_segs; 149 - char __user *buf; 150 - size_t len; 147 + struct iov_iter data; 148 + const void *to_free; 149 + char *buf; 151 150 152 151 struct mm_struct *mm; 153 152 struct work_struct work; ··· 648 649 io_data->req->actual; 649 650 650 651 if (io_data->read && ret > 0) { 651 - int i; 652 - size_t pos = 0; 653 - 654 - /* 655 - * Since req->length may be bigger than io_data->len (after 656 - * being rounded up to maxpacketsize), we may end up with more 657 - * data then user space has space for. 658 - */ 659 - ret = min_t(int, ret, io_data->len); 660 - 661 652 use_mm(io_data->mm); 662 - for (i = 0; i < io_data->nr_segs; i++) { 663 - size_t len = min_t(size_t, ret - pos, 664 - io_data->iovec[i].iov_len); 665 - if (!len) 666 - break; 667 - if (unlikely(copy_to_user(io_data->iovec[i].iov_base, 668 - &io_data->buf[pos], len))) { 669 - ret = -EFAULT; 670 - break; 671 - } 672 - pos += len; 673 - } 653 + ret = copy_to_iter(io_data->buf, ret, &io_data->data); 654 + if (iov_iter_count(&io_data->data)) 655 + ret = -EFAULT; 674 656 unuse_mm(io_data->mm); 675 657 } 676 658 ··· 664 684 665 685 io_data->kiocb->private = NULL; 666 686 if (io_data->read) 667 - kfree(io_data->iovec); 687 + kfree(io_data->to_free); 668 688 kfree(io_data->buf); 669 689 kfree(io_data); 670 690 } ··· 723 743 * before the waiting completes, so do not assign to 'gadget' earlier 724 744 */ 725 745 struct usb_gadget *gadget = epfile->ffs->gadget; 746 + size_t copied; 726 747 727 748 spin_lock_irq(&epfile->ffs->eps_lock); 728 749 /* In the meantime, endpoint got disabled or changed. */ ··· 731 750 spin_unlock_irq(&epfile->ffs->eps_lock); 732 751 return -ESHUTDOWN; 733 752 } 753 + data_len = iov_iter_count(&io_data->data); 734 754 /* 735 755 * Controller may require buffer size to be aligned to 736 756 * maxpacketsize of an out endpoint. 737 757 */ 738 - data_len = io_data->read ? 739 - usb_ep_align_maybe(gadget, ep->ep, io_data->len) : 740 - io_data->len; 758 + if (io_data->read) 759 + data_len = usb_ep_align_maybe(gadget, ep->ep, data_len); 741 760 spin_unlock_irq(&epfile->ffs->eps_lock); 742 761 743 762 data = kmalloc(data_len, GFP_KERNEL); 744 763 if (unlikely(!data)) 745 764 return -ENOMEM; 746 - if (io_data->aio && !io_data->read) { 747 - int i; 748 - size_t pos = 0; 749 - for (i = 0; i < io_data->nr_segs; i++) { 750 - if (unlikely(copy_from_user(&data[pos], 751 - io_data->iovec[i].iov_base, 752 - io_data->iovec[i].iov_len))) { 753 - ret = -EFAULT; 754 - goto error; 755 - } 756 - pos += io_data->iovec[i].iov_len; 757 - } 758 - } else { 759 - if (!io_data->read && 760 - unlikely(__copy_from_user(data, io_data->buf, 761 - io_data->len))) { 765 + if (!io_data->read) { 766 + copied = copy_from_iter(data, data_len, &io_data->data); 767 + if (copied != data_len) { 762 768 ret = -EFAULT; 763 769 goto error; 764 770 } ··· 844 876 */ 845 877 ret = ep->status; 846 878 if (io_data->read && ret > 0) { 847 - ret = min_t(size_t, ret, io_data->len); 848 - 849 - if (unlikely(copy_to_user(io_data->buf, 850 - data, ret))) 879 + ret = copy_to_iter(data, ret, &io_data->data); 880 + if (unlikely(iov_iter_count(&io_data->data))) 851 881 ret = -EFAULT; 852 882 } 853 883 } ··· 862 896 error: 863 897 kfree(data); 864 898 return ret; 865 - } 866 - 867 - static ssize_t 868 - ffs_epfile_write(struct file *file, const char __user *buf, size_t len, 869 - loff_t *ptr) 870 - { 871 - struct ffs_io_data io_data; 872 - 873 - ENTER(); 874 - 875 - io_data.aio = false; 876 - io_data.read = false; 877 - io_data.buf = (char * __user)buf; 878 - io_data.len = len; 879 - 880 - return ffs_epfile_io(file, &io_data); 881 - } 882 - 883 - static ssize_t 884 - ffs_epfile_read(struct file *file, char __user *buf, size_t len, loff_t *ptr) 885 - { 886 - struct ffs_io_data io_data; 887 - 888 - ENTER(); 889 - 890 - io_data.aio = false; 891 - io_data.read = true; 892 - io_data.buf = buf; 893 - io_data.len = len; 894 - 895 - return ffs_epfile_io(file, &io_data); 896 899 } 897 900 898 901 static int ··· 900 965 return value; 901 966 } 902 967 903 - static ssize_t ffs_epfile_aio_write(struct kiocb *kiocb, 904 - const struct iovec *iovec, 905 - unsigned long nr_segs, loff_t loff) 968 + static ssize_t ffs_epfile_write_iter(struct kiocb *kiocb, struct iov_iter *from) 906 969 { 907 - struct ffs_io_data *io_data; 970 + struct ffs_io_data io_data, *p = &io_data; 971 + ssize_t res; 908 972 909 973 ENTER(); 910 974 911 - io_data = kmalloc(sizeof(*io_data), GFP_KERNEL); 912 - if (unlikely(!io_data)) 913 - return -ENOMEM; 914 - 915 - io_data->aio = true; 916 - io_data->read = false; 917 - io_data->kiocb = kiocb; 918 - io_data->iovec = iovec; 919 - io_data->nr_segs = nr_segs; 920 - io_data->len = kiocb->ki_nbytes; 921 - io_data->mm = current->mm; 922 - 923 - kiocb->private = io_data; 924 - 925 - kiocb_set_cancel_fn(kiocb, ffs_aio_cancel); 926 - 927 - return ffs_epfile_io(kiocb->ki_filp, io_data); 928 - } 929 - 930 - static ssize_t ffs_epfile_aio_read(struct kiocb *kiocb, 931 - const struct iovec *iovec, 932 - unsigned long nr_segs, loff_t loff) 933 - { 934 - struct ffs_io_data *io_data; 935 - struct iovec *iovec_copy; 936 - 937 - ENTER(); 938 - 939 - iovec_copy = kmalloc_array(nr_segs, sizeof(*iovec_copy), GFP_KERNEL); 940 - if (unlikely(!iovec_copy)) 941 - return -ENOMEM; 942 - 943 - memcpy(iovec_copy, iovec, sizeof(struct iovec)*nr_segs); 944 - 945 - io_data = kmalloc(sizeof(*io_data), GFP_KERNEL); 946 - if (unlikely(!io_data)) { 947 - kfree(iovec_copy); 948 - return -ENOMEM; 975 + if (!is_sync_kiocb(kiocb)) { 976 + p = kmalloc(sizeof(io_data), GFP_KERNEL); 977 + if (unlikely(!p)) 978 + return -ENOMEM; 979 + p->aio = true; 980 + } else { 981 + p->aio = false; 949 982 } 950 983 951 - io_data->aio = true; 952 - io_data->read = true; 953 - io_data->kiocb = kiocb; 954 - io_data->iovec = iovec_copy; 955 - io_data->nr_segs = nr_segs; 956 - io_data->len = kiocb->ki_nbytes; 957 - io_data->mm = current->mm; 984 + p->read = false; 985 + p->kiocb = kiocb; 986 + p->data = *from; 987 + p->mm = current->mm; 958 988 959 - kiocb->private = io_data; 989 + kiocb->private = p; 960 990 961 991 kiocb_set_cancel_fn(kiocb, ffs_aio_cancel); 962 992 963 - return ffs_epfile_io(kiocb->ki_filp, io_data); 993 + res = ffs_epfile_io(kiocb->ki_filp, p); 994 + if (res == -EIOCBQUEUED) 995 + return res; 996 + if (p->aio) 997 + kfree(p); 998 + else 999 + *from = p->data; 1000 + return res; 1001 + } 1002 + 1003 + static ssize_t ffs_epfile_read_iter(struct kiocb *kiocb, struct iov_iter *to) 1004 + { 1005 + struct ffs_io_data io_data, *p = &io_data; 1006 + ssize_t res; 1007 + 1008 + ENTER(); 1009 + 1010 + if (!is_sync_kiocb(kiocb)) { 1011 + p = kmalloc(sizeof(io_data), GFP_KERNEL); 1012 + if (unlikely(!p)) 1013 + return -ENOMEM; 1014 + p->aio = true; 1015 + } else { 1016 + p->aio = false; 1017 + } 1018 + 1019 + p->read = true; 1020 + p->kiocb = kiocb; 1021 + if (p->aio) { 1022 + p->to_free = dup_iter(&p->data, to, GFP_KERNEL); 1023 + if (!p->to_free) { 1024 + kfree(p); 1025 + return -ENOMEM; 1026 + } 1027 + } else { 1028 + p->data = *to; 1029 + p->to_free = NULL; 1030 + } 1031 + p->mm = current->mm; 1032 + 1033 + kiocb->private = p; 1034 + 1035 + kiocb_set_cancel_fn(kiocb, ffs_aio_cancel); 1036 + 1037 + res = ffs_epfile_io(kiocb->ki_filp, p); 1038 + if (res == -EIOCBQUEUED) 1039 + return res; 1040 + 1041 + if (p->aio) { 1042 + kfree(p->to_free); 1043 + kfree(p); 1044 + } else { 1045 + *to = p->data; 1046 + } 1047 + return res; 964 1048 } 965 1049 966 1050 static int ··· 1059 1105 .llseek = no_llseek, 1060 1106 1061 1107 .open = ffs_epfile_open, 1062 - .write = ffs_epfile_write, 1063 - .read = ffs_epfile_read, 1064 - .aio_write = ffs_epfile_aio_write, 1065 - .aio_read = ffs_epfile_aio_read, 1108 + .write = new_sync_write, 1109 + .read = new_sync_read, 1110 + .write_iter = ffs_epfile_write_iter, 1111 + .read_iter = ffs_epfile_read_iter, 1066 1112 .release = ffs_epfile_release, 1067 1113 .unlocked_ioctl = ffs_epfile_ioctl, 1068 1114 };

+194 -274

drivers/usb/gadget/legacy/inode.c

··· 74 74 MODULE_AUTHOR ("David Brownell"); 75 75 MODULE_LICENSE ("GPL"); 76 76 77 + static int ep_open(struct inode *, struct file *); 78 + 77 79 78 80 /*----------------------------------------------------------------------*/ 79 81 ··· 285 283 * still need dev->lock to use epdata->ep. 286 284 */ 287 285 static int 288 - get_ready_ep (unsigned f_flags, struct ep_data *epdata) 286 + get_ready_ep (unsigned f_flags, struct ep_data *epdata, bool is_write) 289 287 { 290 288 int val; 291 289 292 290 if (f_flags & O_NONBLOCK) { 293 291 if (!mutex_trylock(&epdata->lock)) 294 292 goto nonblock; 295 - if (epdata->state != STATE_EP_ENABLED) { 293 + if (epdata->state != STATE_EP_ENABLED && 294 + (!is_write || epdata->state != STATE_EP_READY)) { 296 295 mutex_unlock(&epdata->lock); 297 296 nonblock: 298 297 val = -EAGAIN; ··· 308 305 309 306 switch (epdata->state) { 310 307 case STATE_EP_ENABLED: 308 + return 0; 309 + case STATE_EP_READY: /* not configured yet */ 310 + if (is_write) 311 + return 0; 312 + // FALLTHRU 313 + case STATE_EP_UNBOUND: /* clean disconnect */ 311 314 break; 312 315 // case STATE_EP_DISABLED: /* "can't happen" */ 313 - // case STATE_EP_READY: /* "can't happen" */ 314 316 default: /* error! */ 315 317 pr_debug ("%s: ep %p not available, state %d\n", 316 318 shortname, epdata, epdata->state); 317 - // FALLTHROUGH 318 - case STATE_EP_UNBOUND: /* clean disconnect */ 319 - val = -ENODEV; 320 - mutex_unlock(&epdata->lock); 321 319 } 322 - return val; 320 + mutex_unlock(&epdata->lock); 321 + return -ENODEV; 323 322 } 324 323 325 324 static ssize_t ··· 368 363 return value; 369 364 } 370 365 371 - 372 - /* handle a synchronous OUT bulk/intr/iso transfer */ 373 - static ssize_t 374 - ep_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr) 375 - { 376 - struct ep_data *data = fd->private_data; 377 - void *kbuf; 378 - ssize_t value; 379 - 380 - if ((value = get_ready_ep (fd->f_flags, data)) < 0) 381 - return value; 382 - 383 - /* halt any endpoint by doing a "wrong direction" i/o call */ 384 - if (usb_endpoint_dir_in(&data->desc)) { 385 - if (usb_endpoint_xfer_isoc(&data->desc)) { 386 - mutex_unlock(&data->lock); 387 - return -EINVAL; 388 - } 389 - DBG (data->dev, "%s halt\n", data->name); 390 - spin_lock_irq (&data->dev->lock); 391 - if (likely (data->ep != NULL)) 392 - usb_ep_set_halt (data->ep); 393 - spin_unlock_irq (&data->dev->lock); 394 - mutex_unlock(&data->lock); 395 - return -EBADMSG; 396 - } 397 - 398 - /* FIXME readahead for O_NONBLOCK and poll(); careful with ZLPs */ 399 - 400 - value = -ENOMEM; 401 - kbuf = kmalloc (len, GFP_KERNEL); 402 - if (unlikely (!kbuf)) 403 - goto free1; 404 - 405 - value = ep_io (data, kbuf, len); 406 - VDEBUG (data->dev, "%s read %zu OUT, status %d\n", 407 - data->name, len, (int) value); 408 - if (value >= 0 && copy_to_user (buf, kbuf, value)) 409 - value = -EFAULT; 410 - 411 - free1: 412 - mutex_unlock(&data->lock); 413 - kfree (kbuf); 414 - return value; 415 - } 416 - 417 - /* handle a synchronous IN bulk/intr/iso transfer */ 418 - static ssize_t 419 - ep_write (struct file *fd, const char __user *buf, size_t len, loff_t *ptr) 420 - { 421 - struct ep_data *data = fd->private_data; 422 - void *kbuf; 423 - ssize_t value; 424 - 425 - if ((value = get_ready_ep (fd->f_flags, data)) < 0) 426 - return value; 427 - 428 - /* halt any endpoint by doing a "wrong direction" i/o call */ 429 - if (!usb_endpoint_dir_in(&data->desc)) { 430 - if (usb_endpoint_xfer_isoc(&data->desc)) { 431 - mutex_unlock(&data->lock); 432 - return -EINVAL; 433 - } 434 - DBG (data->dev, "%s halt\n", data->name); 435 - spin_lock_irq (&data->dev->lock); 436 - if (likely (data->ep != NULL)) 437 - usb_ep_set_halt (data->ep); 438 - spin_unlock_irq (&data->dev->lock); 439 - mutex_unlock(&data->lock); 440 - return -EBADMSG; 441 - } 442 - 443 - /* FIXME writebehind for O_NONBLOCK and poll(), qlen = 1 */ 444 - 445 - value = -ENOMEM; 446 - kbuf = memdup_user(buf, len); 447 - if (IS_ERR(kbuf)) { 448 - value = PTR_ERR(kbuf); 449 - kbuf = NULL; 450 - goto free1; 451 - } 452 - 453 - value = ep_io (data, kbuf, len); 454 - VDEBUG (data->dev, "%s write %zu IN, status %d\n", 455 - data->name, len, (int) value); 456 - free1: 457 - mutex_unlock(&data->lock); 458 - kfree (kbuf); 459 - return value; 460 - } 461 - 462 366 static int 463 367 ep_release (struct inode *inode, struct file *fd) 464 368 { ··· 395 481 struct ep_data *data = fd->private_data; 396 482 int status; 397 483 398 - if ((status = get_ready_ep (fd->f_flags, data)) < 0) 484 + if ((status = get_ready_ep (fd->f_flags, data, false)) < 0) 399 485 return status; 400 486 401 487 spin_lock_irq (&data->dev->lock); ··· 431 517 struct mm_struct *mm; 432 518 struct work_struct work; 433 519 void *buf; 434 - const struct iovec *iv; 435 - unsigned long nr_segs; 520 + struct iov_iter to; 521 + const void *to_free; 436 522 unsigned actual; 437 523 }; 438 524 ··· 455 541 return value; 456 542 } 457 543 458 - static ssize_t ep_copy_to_user(struct kiocb_priv *priv) 459 - { 460 - ssize_t len, total; 461 - void *to_copy; 462 - int i; 463 - 464 - /* copy stuff into user buffers */ 465 - total = priv->actual; 466 - len = 0; 467 - to_copy = priv->buf; 468 - for (i=0; i < priv->nr_segs; i++) { 469 - ssize_t this = min((ssize_t)(priv->iv[i].iov_len), total); 470 - 471 - if (copy_to_user(priv->iv[i].iov_base, to_copy, this)) { 472 - if (len == 0) 473 - len = -EFAULT; 474 - break; 475 - } 476 - 477 - total -= this; 478 - len += this; 479 - to_copy += this; 480 - if (total == 0) 481 - break; 482 - } 483 - 484 - return len; 485 - } 486 - 487 544 static void ep_user_copy_worker(struct work_struct *work) 488 545 { 489 546 struct kiocb_priv *priv = container_of(work, struct kiocb_priv, work); ··· 463 578 size_t ret; 464 579 465 580 use_mm(mm); 466 - ret = ep_copy_to_user(priv); 581 + ret = copy_to_iter(priv->buf, priv->actual, &priv->to); 467 582 unuse_mm(mm); 583 + if (!ret) 584 + ret = -EFAULT; 468 585 469 586 /* completing the iocb can drop the ctx and mm, don't touch mm after */ 470 587 aio_complete(iocb, ret, ret); 471 588 472 589 kfree(priv->buf); 590 + kfree(priv->to_free); 473 591 kfree(priv); 474 592 } 475 593 ··· 491 603 * don't need to copy anything to userspace, so we can 492 604 * complete the aio request immediately. 493 605 */ 494 - if (priv->iv == NULL || unlikely(req->actual == 0)) { 606 + if (priv->to_free == NULL || unlikely(req->actual == 0)) { 495 607 kfree(req->buf); 608 + kfree(priv->to_free); 496 609 kfree(priv); 497 610 iocb->private = NULL; 498 611 /* aio_complete() reports bytes-transferred _and_ faults */ ··· 507 618 508 619 priv->buf = req->buf; 509 620 priv->actual = req->actual; 621 + INIT_WORK(&priv->work, ep_user_copy_worker); 510 622 schedule_work(&priv->work); 511 623 } 512 624 spin_unlock(&epdata->dev->lock); ··· 516 626 put_ep(epdata); 517 627 } 518 628 519 - static ssize_t 520 - ep_aio_rwtail( 521 - struct kiocb *iocb, 522 - char *buf, 523 - size_t len, 524 - struct ep_data *epdata, 525 - const struct iovec *iv, 526 - unsigned long nr_segs 527 - ) 629 + static ssize_t ep_aio(struct kiocb *iocb, 630 + struct kiocb_priv *priv, 631 + struct ep_data *epdata, 632 + char *buf, 633 + size_t len) 528 634 { 529 - struct kiocb_priv *priv; 530 - struct usb_request *req; 531 - ssize_t value; 635 + struct usb_request *req; 636 + ssize_t value; 532 637 533 - priv = kmalloc(sizeof *priv, GFP_KERNEL); 534 - if (!priv) { 535 - value = -ENOMEM; 536 - fail: 537 - kfree(buf); 538 - return value; 539 - } 540 638 iocb->private = priv; 541 639 priv->iocb = iocb; 542 - priv->iv = iv; 543 - priv->nr_segs = nr_segs; 544 - INIT_WORK(&priv->work, ep_user_copy_worker); 545 - 546 - value = get_ready_ep(iocb->ki_filp->f_flags, epdata); 547 - if (unlikely(value < 0)) { 548 - kfree(priv); 549 - goto fail; 550 - } 551 640 552 641 kiocb_set_cancel_fn(iocb, ep_aio_cancel); 553 642 get_ep(epdata); ··· 538 669 * allocate or submit those if the host disconnected. 539 670 */ 540 671 spin_lock_irq(&epdata->dev->lock); 541 - if (likely(epdata->ep)) { 542 - req = usb_ep_alloc_request(epdata->ep, GFP_ATOMIC); 543 - if (likely(req)) { 544 - priv->req = req; 545 - req->buf = buf; 546 - req->length = len; 547 - req->complete = ep_aio_complete; 548 - req->context = iocb; 549 - value = usb_ep_queue(epdata->ep, req, GFP_ATOMIC); 550 - if (unlikely(0 != value)) 551 - usb_ep_free_request(epdata->ep, req); 552 - } else 553 - value = -EAGAIN; 554 - } else 555 - value = -ENODEV; 672 + value = -ENODEV; 673 + if (unlikely(epdata->ep)) 674 + goto fail; 675 + 676 + req = usb_ep_alloc_request(epdata->ep, GFP_ATOMIC); 677 + value = -ENOMEM; 678 + if (unlikely(!req)) 679 + goto fail; 680 + 681 + priv->req = req; 682 + req->buf = buf; 683 + req->length = len; 684 + req->complete = ep_aio_complete; 685 + req->context = iocb; 686 + value = usb_ep_queue(epdata->ep, req, GFP_ATOMIC); 687 + if (unlikely(0 != value)) { 688 + usb_ep_free_request(epdata->ep, req); 689 + goto fail; 690 + } 556 691 spin_unlock_irq(&epdata->dev->lock); 692 + return -EIOCBQUEUED; 557 693 558 - mutex_unlock(&epdata->lock); 559 - 560 - if (unlikely(value)) { 561 - kfree(priv); 562 - put_ep(epdata); 563 - } else 564 - value = -EIOCBQUEUED; 694 + fail: 695 + spin_unlock_irq(&epdata->dev->lock); 696 + kfree(priv->to_free); 697 + kfree(priv); 698 + put_ep(epdata); 565 699 return value; 566 700 } 567 701 568 702 static ssize_t 569 - ep_aio_read(struct kiocb *iocb, const struct iovec *iov, 570 - unsigned long nr_segs, loff_t o) 703 + ep_read_iter(struct kiocb *iocb, struct iov_iter *to) 571 704 { 572 - struct ep_data *epdata = iocb->ki_filp->private_data; 573 - char *buf; 705 + struct file *file = iocb->ki_filp; 706 + struct ep_data *epdata = file->private_data; 707 + size_t len = iov_iter_count(to); 708 + ssize_t value; 709 + char *buf; 574 710 575 - if (unlikely(usb_endpoint_dir_in(&epdata->desc))) 576 - return -EINVAL; 711 + if ((value = get_ready_ep(file->f_flags, epdata, false)) < 0) 712 + return value; 577 713 578 - buf = kmalloc(iocb->ki_nbytes, GFP_KERNEL); 579 - if (unlikely(!buf)) 714 + /* halt any endpoint by doing a "wrong direction" i/o call */ 715 + if (usb_endpoint_dir_in(&epdata->desc)) { 716 + if (usb_endpoint_xfer_isoc(&epdata->desc) || 717 + !is_sync_kiocb(iocb)) { 718 + mutex_unlock(&epdata->lock); 719 + return -EINVAL; 720 + } 721 + DBG (epdata->dev, "%s halt\n", epdata->name); 722 + spin_lock_irq(&epdata->dev->lock); 723 + if (likely(epdata->ep != NULL)) 724 + usb_ep_set_halt(epdata->ep); 725 + spin_unlock_irq(&epdata->dev->lock); 726 + mutex_unlock(&epdata->lock); 727 + return -EBADMSG; 728 + } 729 + 730 + buf = kmalloc(len, GFP_KERNEL); 731 + if (unlikely(!buf)) { 732 + mutex_unlock(&epdata->lock); 580 733 return -ENOMEM; 581 - 582 - return ep_aio_rwtail(iocb, buf, iocb->ki_nbytes, epdata, iov, nr_segs); 734 + } 735 + if (is_sync_kiocb(iocb)) { 736 + value = ep_io(epdata, buf, len); 737 + if (value >= 0 && copy_to_iter(buf, value, to)) 738 + value = -EFAULT; 739 + } else { 740 + struct kiocb_priv *priv = kzalloc(sizeof *priv, GFP_KERNEL); 741 + value = -ENOMEM; 742 + if (!priv) 743 + goto fail; 744 + priv->to_free = dup_iter(&priv->to, to, GFP_KERNEL); 745 + if (!priv->to_free) { 746 + kfree(priv); 747 + goto fail; 748 + } 749 + value = ep_aio(iocb, priv, epdata, buf, len); 750 + if (value == -EIOCBQUEUED) 751 + buf = NULL; 752 + } 753 + fail: 754 + kfree(buf); 755 + mutex_unlock(&epdata->lock); 756 + return value; 583 757 } 584 758 759 + static ssize_t ep_config(struct ep_data *, const char *, size_t); 760 + 585 761 static ssize_t 586 - ep_aio_write(struct kiocb *iocb, const struct iovec *iov, 587 - unsigned long nr_segs, loff_t o) 762 + ep_write_iter(struct kiocb *iocb, struct iov_iter *from) 588 763 { 589 - struct ep_data *epdata = iocb->ki_filp->private_data; 590 - char *buf; 591 - size_t len = 0; 592 - int i = 0; 764 + struct file *file = iocb->ki_filp; 765 + struct ep_data *epdata = file->private_data; 766 + size_t len = iov_iter_count(from); 767 + bool configured; 768 + ssize_t value; 769 + char *buf; 593 770 594 - if (unlikely(!usb_endpoint_dir_in(&epdata->desc))) 595 - return -EINVAL; 771 + if ((value = get_ready_ep(file->f_flags, epdata, true)) < 0) 772 + return value; 596 773 597 - buf = kmalloc(iocb->ki_nbytes, GFP_KERNEL); 598 - if (unlikely(!buf)) 599 - return -ENOMEM; 774 + configured = epdata->state == STATE_EP_ENABLED; 600 775 601 - for (i=0; i < nr_segs; i++) { 602 - if (unlikely(copy_from_user(&buf[len], iov[i].iov_base, 603 - iov[i].iov_len) != 0)) { 604 - kfree(buf); 605 - return -EFAULT; 776 + /* halt any endpoint by doing a "wrong direction" i/o call */ 777 + if (configured && !usb_endpoint_dir_in(&epdata->desc)) { 778 + if (usb_endpoint_xfer_isoc(&epdata->desc) || 779 + !is_sync_kiocb(iocb)) { 780 + mutex_unlock(&epdata->lock); 781 + return -EINVAL; 606 782 } 607 - len += iov[i].iov_len; 783 + DBG (epdata->dev, "%s halt\n", epdata->name); 784 + spin_lock_irq(&epdata->dev->lock); 785 + if (likely(epdata->ep != NULL)) 786 + usb_ep_set_halt(epdata->ep); 787 + spin_unlock_irq(&epdata->dev->lock); 788 + mutex_unlock(&epdata->lock); 789 + return -EBADMSG; 608 790 } 609 - return ep_aio_rwtail(iocb, buf, len, epdata, NULL, 0); 791 + 792 + buf = kmalloc(len, GFP_KERNEL); 793 + if (unlikely(!buf)) { 794 + mutex_unlock(&epdata->lock); 795 + return -ENOMEM; 796 + } 797 + 798 + if (unlikely(copy_from_iter(buf, len, from) != len)) { 799 + value = -EFAULT; 800 + goto out; 801 + } 802 + 803 + if (unlikely(!configured)) { 804 + value = ep_config(epdata, buf, len); 805 + } else if (is_sync_kiocb(iocb)) { 806 + value = ep_io(epdata, buf, len); 807 + } else { 808 + struct kiocb_priv *priv = kzalloc(sizeof *priv, GFP_KERNEL); 809 + value = -ENOMEM; 810 + if (priv) { 811 + value = ep_aio(iocb, priv, epdata, buf, len); 812 + if (value == -EIOCBQUEUED) 813 + buf = NULL; 814 + } 815 + } 816 + out: 817 + kfree(buf); 818 + mutex_unlock(&epdata->lock); 819 + return value; 610 820 } 611 821 612 822 /*----------------------------------------------------------------------*/ ··· 693 745 /* used after endpoint configuration */ 694 746 static const struct file_operations ep_io_operations = { 695 747 .owner = THIS_MODULE, 696 - .llseek = no_llseek, 697 748 698 - .read = ep_read, 699 - .write = ep_write, 700 - .unlocked_ioctl = ep_ioctl, 749 + .open = ep_open, 701 750 .release = ep_release, 702 - 703 - .aio_read = ep_aio_read, 704 - .aio_write = ep_aio_write, 751 + .llseek = no_llseek, 752 + .read = new_sync_read, 753 + .write = new_sync_write, 754 + .unlocked_ioctl = ep_ioctl, 755 + .read_iter = ep_read_iter, 756 + .write_iter = ep_write_iter, 705 757 }; 706 758 707 759 /* ENDPOINT INITIALIZATION ··· 718 770 * speed descriptor, then optional high speed descriptor. 719 771 */ 720 772 static ssize_t 721 - ep_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr) 773 + ep_config (struct ep_data *data, const char *buf, size_t len) 722 774 { 723 - struct ep_data *data = fd->private_data; 724 775 struct usb_ep *ep; 725 776 u32 tag; 726 777 int value, length = len; 727 - 728 - value = mutex_lock_interruptible(&data->lock); 729 - if (value < 0) 730 - return value; 731 778 732 779 if (data->state != STATE_EP_READY) { 733 780 value = -EL2HLT; ··· 734 791 goto fail0; 735 792 736 793 /* we might need to change message format someday */ 737 - if (copy_from_user (&tag, buf, 4)) { 738 - goto fail1; 739 - } 794 + memcpy(&tag, buf, 4); 740 795 if (tag != 1) { 741 796 DBG(data->dev, "config %s, bad tag %d\n", data->name, tag); 742 797 goto fail0; ··· 747 806 */ 748 807 749 808 /* full/low speed descriptor, then high speed */ 750 - if (copy_from_user (&data->desc, buf, USB_DT_ENDPOINT_SIZE)) { 751 - goto fail1; 752 - } 809 + memcpy(&data->desc, buf, USB_DT_ENDPOINT_SIZE); 753 810 if (data->desc.bLength != USB_DT_ENDPOINT_SIZE 754 811 || data->desc.bDescriptorType != USB_DT_ENDPOINT) 755 812 goto fail0; 756 813 if (len != USB_DT_ENDPOINT_SIZE) { 757 814 if (len != 2 * USB_DT_ENDPOINT_SIZE) 758 815 goto fail0; 759 - if (copy_from_user (&data->hs_desc, buf + USB_DT_ENDPOINT_SIZE, 760 - USB_DT_ENDPOINT_SIZE)) { 761 - goto fail1; 762 - } 816 + memcpy(&data->hs_desc, buf + USB_DT_ENDPOINT_SIZE, 817 + USB_DT_ENDPOINT_SIZE); 763 818 if (data->hs_desc.bLength != USB_DT_ENDPOINT_SIZE 764 819 || data->hs_desc.bDescriptorType 765 820 != USB_DT_ENDPOINT) { ··· 777 840 case USB_SPEED_LOW: 778 841 case USB_SPEED_FULL: 779 842 ep->desc = &data->desc; 780 - value = usb_ep_enable(ep); 781 - if (value == 0) 782 - data->state = STATE_EP_ENABLED; 783 843 break; 784 844 case USB_SPEED_HIGH: 785 845 /* fails if caller didn't provide that descriptor... */ 786 846 ep->desc = &data->hs_desc; 787 - value = usb_ep_enable(ep); 788 - if (value == 0) 789 - data->state = STATE_EP_ENABLED; 790 847 break; 791 848 default: 792 849 DBG(data->dev, "unconnected, %s init abandoned\n", 793 850 data->name); 794 851 value = -EINVAL; 852 + goto gone; 795 853 } 854 + value = usb_ep_enable(ep); 796 855 if (value == 0) { 797 - fd->f_op = &ep_io_operations; 856 + data->state = STATE_EP_ENABLED; 798 857 value = length; 799 858 } 800 859 gone: ··· 800 867 data->desc.bDescriptorType = 0; 801 868 data->hs_desc.bDescriptorType = 0; 802 869 } 803 - mutex_unlock(&data->lock); 804 870 return value; 805 871 fail0: 806 872 value = -EINVAL; 807 - goto fail; 808 - fail1: 809 - value = -EFAULT; 810 873 goto fail; 811 874 } 812 875 ··· 830 901 mutex_unlock(&data->lock); 831 902 return value; 832 903 } 833 - 834 - /* used before endpoint configuration */ 835 - static const struct file_operations ep_config_operations = { 836 - .llseek = no_llseek, 837 - 838 - .open = ep_open, 839 - .write = ep_config, 840 - .release = ep_release, 841 - }; 842 904 843 905 /*----------------------------------------------------------------------*/ 844 906 ··· 909 989 enum ep0_state state; 910 990 911 991 spin_lock_irq (&dev->lock); 992 + if (dev->state <= STATE_DEV_OPENED) { 993 + retval = -EINVAL; 994 + goto done; 995 + } 912 996 913 997 /* report fd mode change before acting on it */ 914 998 if (dev->setup_abort) { ··· 1111 1187 struct dev_data *dev = fd->private_data; 1112 1188 ssize_t retval = -ESRCH; 1113 1189 1114 - spin_lock_irq (&dev->lock); 1115 - 1116 1190 /* report fd mode change before acting on it */ 1117 1191 if (dev->setup_abort) { 1118 1192 dev->setup_abort = 0; ··· 1156 1234 } else 1157 1235 DBG (dev, "fail %s, state %d\n", __func__, dev->state); 1158 1236 1159 - spin_unlock_irq (&dev->lock); 1160 1237 return retval; 1161 1238 } 1162 1239 ··· 1202 1281 struct dev_data *dev = fd->private_data; 1203 1282 int mask = 0; 1204 1283 1284 + if (dev->state <= STATE_DEV_OPENED) 1285 + return DEFAULT_POLLMASK; 1286 + 1205 1287 poll_wait(fd, &dev->wait, wait); 1206 1288 1207 1289 spin_lock_irq (&dev->lock); ··· 1239 1315 1240 1316 return ret; 1241 1317 } 1242 - 1243 - /* used after device configuration */ 1244 - static const struct file_operations ep0_io_operations = { 1245 - .owner = THIS_MODULE, 1246 - .llseek = no_llseek, 1247 - 1248 - .read = ep0_read, 1249 - .write = ep0_write, 1250 - .fasync = ep0_fasync, 1251 - .poll = ep0_poll, 1252 - .unlocked_ioctl = dev_ioctl, 1253 - .release = dev_release, 1254 - }; 1255 1318 1256 1319 /*----------------------------------------------------------------------*/ 1257 1320 ··· 1561 1650 goto enomem1; 1562 1651 1563 1652 data->dentry = gadgetfs_create_file (dev->sb, data->name, 1564 - data, &ep_config_operations); 1653 + data, &ep_io_operations); 1565 1654 if (!data->dentry) 1566 1655 goto enomem2; 1567 1656 list_add_tail (&data->epfiles, &dev->epfiles); ··· 1763 1852 u32 tag; 1764 1853 char *kbuf; 1765 1854 1855 + spin_lock_irq(&dev->lock); 1856 + if (dev->state > STATE_DEV_OPENED) { 1857 + value = ep0_write(fd, buf, len, ptr); 1858 + spin_unlock_irq(&dev->lock); 1859 + return value; 1860 + } 1861 + spin_unlock_irq(&dev->lock); 1862 + 1766 1863 if (len < (USB_DT_CONFIG_SIZE + USB_DT_DEVICE_SIZE + 4)) 1767 1864 return -EINVAL; 1768 1865 ··· 1844 1925 * on, they can work ... except in cleanup paths that 1845 1926 * kick in after the ep0 descriptor is closed. 1846 1927 */ 1847 - fd->f_op = &ep0_io_operations; 1848 1928 value = len; 1849 1929 } 1850 1930 return value; ··· 1874 1956 return value; 1875 1957 } 1876 1958 1877 - static const struct file_operations dev_init_operations = { 1959 + static const struct file_operations ep0_operations = { 1878 1960 .llseek = no_llseek, 1879 1961 1880 1962 .open = dev_open, 1963 + .read = ep0_read, 1881 1964 .write = dev_config, 1882 1965 .fasync = ep0_fasync, 1966 + .poll = ep0_poll, 1883 1967 .unlocked_ioctl = dev_ioctl, 1884 1968 .release = dev_release, 1885 1969 }; ··· 1997 2077 goto Enomem; 1998 2078 1999 2079 dev->sb = sb; 2000 - dev->dentry = gadgetfs_create_file(sb, CHIP, dev, &dev_init_operations); 2080 + dev->dentry = gadgetfs_create_file(sb, CHIP, dev, &ep0_operations); 2001 2081 if (!dev->dentry) { 2002 2082 put_dev(dev); 2003 2083 goto Enomem;

+2

include/linux/uio.h

··· 98 98 size_t maxsize, size_t *start); 99 99 int iov_iter_npages(const struct iov_iter *i, int maxpages); 100 100 101 + const void *dup_iter(struct iov_iter *new, struct iov_iter *old, gfp_t flags); 102 + 101 103 static inline size_t iov_iter_count(struct iov_iter *i) 102 104 { 103 105 return i->count;

+1 -1

lib/Makefile

··· 24 24 25 25 obj-y += bcd.o div64.o sort.o parser.o halfmd4.o debug_locks.o random32.o \ 26 26 bust_spinlocks.o kasprintf.o bitmap.o scatterlist.o \ 27 - gcd.o lcm.o list_sort.o uuid.o flex_array.o clz_ctz.o \ 27 + gcd.o lcm.o list_sort.o uuid.o flex_array.o iov_iter.o clz_ctz.o \ 28 28 bsearch.o find_last_bit.o find_next_bit.o llist.o memweight.o kfifo.o \ 29 29 percpu-refcount.o percpu_ida.o rhashtable.o reciprocal_div.o 30 30 obj-y += string_helpers.o

+1 -1

mm/Makefile

··· 21 21 mm_init.o mmu_context.o percpu.o slab_common.o \ 22 22 compaction.o vmacache.o \ 23 23 interval_tree.o list_lru.o workingset.o \ 24 - iov_iter.o debug.o $(mmu-y) 24 + debug.o $(mmu-y) 25 25 26 26 obj-y += init-mm.o 27 27

+15

mm/iov_iter.c lib/iov_iter.c

··· 751 751 return npages; 752 752 } 753 753 EXPORT_SYMBOL(iov_iter_npages); 754 + 755 + const void *dup_iter(struct iov_iter *new, struct iov_iter *old, gfp_t flags) 756 + { 757 + *new = *old; 758 + if (new->type & ITER_BVEC) 759 + return new->bvec = kmemdup(new->bvec, 760 + new->nr_segs * sizeof(struct bio_vec), 761 + flags); 762 + else 763 + /* iovec and kvec have identical layout */ 764 + return new->iov = kmemdup(new->iov, 765 + new->nr_segs * sizeof(struct iovec), 766 + flags); 767 + } 768 + EXPORT_SYMBOL(dup_iter);

Configure Feed

Configure Feed