From: Al Viro <viro@ZenIV.linux.org.uk>
To: Alan Stern <stern@rowland.harvard.edu>
Cc: Christoph Hellwig <hch@lst.de>, Miklos Szeredi <mszeredi@suse.cz>,
linux-aio@kvack.org, linux-fsdevel@vger.kernel.org,
Felipe Balbi <balbi@ti.com>,
linux-usb@vger.kernel.org
Subject: [PATCH 3/6] gadget/function/f_fs.c: use put iov_iter into io_data
Date: Sat, 7 Feb 2015 05:48:43 +0000 [thread overview]
Message-ID: <1423288126-31119-3-git-send-email-viro@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20150207054419.GY29656@ZenIV.linux.org.uk>
From: Al Viro <viro@zeniv.linux.org.uk>
both on aio and non-aio sides
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
drivers/usb/gadget/function/f_fs.c | 86 +++++++++++---------------------------
1 file changed, 25 insertions(+), 61 deletions(-)
diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c
index 0c120ad..11704e7 100644
--- a/drivers/usb/gadget/function/f_fs.c
+++ b/drivers/usb/gadget/function/f_fs.c
@@ -143,10 +143,9 @@ struct ffs_io_data {
bool read;
struct kiocb *kiocb;
- const struct iovec *iovec;
- unsigned long nr_segs;
- char __user *buf;
- size_t len;
+ struct iov_iter data;
+ const void *to_free;
+ char *buf;
struct mm_struct *mm;
struct work_struct work;
@@ -645,29 +644,10 @@ static void ffs_user_copy_worker(struct work_struct *work)
io_data->req->actual;
if (io_data->read && ret > 0) {
- int i;
- size_t pos = 0;
-
- /*
- * Since req->length may be bigger than io_data->len (after
- * being rounded up to maxpacketsize), we may end up with more
- * data then user space has space for.
- */
- ret = min_t(int, ret, io_data->len);
-
use_mm(io_data->mm);
- for (i = 0; i < io_data->nr_segs; i++) {
- size_t len = min_t(size_t, ret - pos,
- io_data->iovec[i].iov_len);
- if (!len)
- break;
- if (unlikely(copy_to_user(io_data->iovec[i].iov_base,
- &io_data->buf[pos], len))) {
- ret = -EFAULT;
- break;
- }
- pos += len;
- }
+ ret = copy_to_iter(io_data->buf, ret, &io_data->data);
+ if (iov_iter_count(&io_data->data))
+ ret = -EFAULT;
unuse_mm(io_data->mm);
}
@@ -677,7 +657,7 @@ static void ffs_user_copy_worker(struct work_struct *work)
io_data->kiocb->private = NULL;
if (io_data->read)
- kfree(io_data->iovec);
+ kfree(io_data->to_free);
kfree(io_data->buf);
kfree(io_data);
}
@@ -736,6 +716,7 @@ static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
* before the waiting completes, so do not assign to 'gadget' earlier
*/
struct usb_gadget *gadget = epfile->ffs->gadget;
+ size_t copied;
spin_lock_irq(&epfile->ffs->eps_lock);
/* In the meantime, endpoint got disabled or changed. */
@@ -743,34 +724,21 @@ static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
spin_unlock_irq(&epfile->ffs->eps_lock);
return -ESHUTDOWN;
}
+ data_len = iov_iter_count(&io_data->data);
/*
* Controller may require buffer size to be aligned to
* maxpacketsize of an out endpoint.
*/
- data_len = io_data->read ?
- usb_ep_align_maybe(gadget, ep->ep, io_data->len) :
- io_data->len;
+ if (io_data->read)
+ data_len = usb_ep_align_maybe(gadget, ep->ep, data_len);
spin_unlock_irq(&epfile->ffs->eps_lock);
data = kmalloc(data_len, GFP_KERNEL);
if (unlikely(!data))
return -ENOMEM;
- if (io_data->aio && !io_data->read) {
- int i;
- size_t pos = 0;
- for (i = 0; i < io_data->nr_segs; i++) {
- if (unlikely(copy_from_user(&data[pos],
- io_data->iovec[i].iov_base,
- io_data->iovec[i].iov_len))) {
- ret = -EFAULT;
- goto error;
- }
- pos += io_data->iovec[i].iov_len;
- }
- } else {
- if (!io_data->read &&
- unlikely(__copy_from_user(data, io_data->buf,
- io_data->len))) {
+ if (!io_data->read) {
+ copied = copy_from_iter(data, data_len, &io_data->data);
+ if (copied != data_len) {
ret = -EFAULT;
goto error;
}
@@ -868,10 +836,8 @@ static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
*/
ret = ep->status;
if (io_data->read && ret > 0) {
- ret = min_t(size_t, ret, io_data->len);
-
- if (unlikely(copy_to_user(io_data->buf,
- data, ret)))
+ ret = copy_to_iter(data, ret, &io_data->data);
+ if (unlikely(iov_iter_count(&io_data->data)))
ret = -EFAULT;
}
}
@@ -895,13 +861,13 @@ ffs_epfile_write(struct file *file, const char __user *buf, size_t len,
loff_t *ptr)
{
struct ffs_io_data io_data;
+ struct iovec iov = {.iov_base = buf, .iov_len = len};
ENTER();
io_data.aio = false;
io_data.read = false;
- io_data.buf = (char * __user)buf;
- io_data.len = len;
+ iov_iter_init(&io_data.data, WRITE, &iov, 1, len);
return ffs_epfile_io(file, &io_data);
}
@@ -910,13 +876,14 @@ static ssize_t
ffs_epfile_read(struct file *file, char __user *buf, size_t len, loff_t *ptr)
{
struct ffs_io_data io_data;
+ struct iovec iov = {.iov_base = buf, .iov_len = len};
ENTER();
io_data.aio = false;
io_data.read = true;
- io_data.buf = buf;
- io_data.len = len;
+ io_data.to_free = NULL;
+ iov_iter_init(&io_data.data, READ, &iov, 1, len);
return ffs_epfile_io(file, &io_data);
}
@@ -973,9 +940,7 @@ static ssize_t ffs_epfile_aio_write(struct kiocb *kiocb,
io_data->aio = true;
io_data->read = false;
io_data->kiocb = kiocb;
- io_data->iovec = iovec;
- io_data->nr_segs = nr_segs;
- io_data->len = kiocb->ki_nbytes;
+ iov_iter_init(&io_data->data, WRITE, iovec, nr_segs, kiocb->ki_nbytes);
io_data->mm = current->mm;
kiocb->private = io_data;
@@ -1013,9 +978,8 @@ static ssize_t ffs_epfile_aio_read(struct kiocb *kiocb,
io_data->aio = true;
io_data->read = true;
io_data->kiocb = kiocb;
- io_data->iovec = iovec_copy;
- io_data->nr_segs = nr_segs;
- io_data->len = kiocb->ki_nbytes;
+ io_data->to_free = iovec_copy;
+ iov_iter_init(&io_data->data, READ, iovec_copy, nr_segs, kiocb->ki_nbytes);
io_data->mm = current->mm;
kiocb->private = io_data;
@@ -1024,8 +988,8 @@ static ssize_t ffs_epfile_aio_read(struct kiocb *kiocb,
res = ffs_epfile_io(kiocb->ki_filp, io_data);
if (res != -EIOCBQUEUED) {
+ kfree(io_data->to_free);
kfree(io_data);
- kfree(iovec_copy);
}
return res;
}
--
2.1.4
--
To unsubscribe, send a message with 'unsubscribe linux-aio' in
the body to majordomo@kvack.org. For more info on Linux AIO,
see: http://www.kvack.org/aio/
Don't email: <a href=mailto:"aart@kvack.org">aart@kvack.org</a>
next prev parent reply other threads:[~2015-02-07 5:48 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-27 17:55 [RFC] split struct kiocb Christoph Hellwig
2015-01-27 17:55 ` [PATCH 1/5] fs: don't allow to complete sync iocbs through aio_complete Christoph Hellwig
2015-01-28 15:30 ` Miklos Szeredi
2015-01-28 16:57 ` Christoph Hellwig
2015-01-31 3:01 ` Maxim Patlasov
2015-01-27 17:55 ` [PATCH 2/5] fs: saner aio_complete prototype Christoph Hellwig
2015-01-31 10:04 ` Al Viro
2015-01-27 17:55 ` [PATCH 3/5] fs: remove ki_nbytes Christoph Hellwig
2015-01-31 6:08 ` Al Viro
2015-02-02 8:07 ` Christoph Hellwig
2015-02-02 8:11 ` Al Viro
2015-02-02 8:14 ` Al Viro
2015-02-02 14:26 ` Christoph Hellwig
2015-02-04 8:34 ` Al Viro
2015-02-04 18:17 ` Alan Stern
2015-02-04 19:06 ` Al Viro
2015-02-04 20:30 ` Alan Stern
2015-02-04 23:07 ` Al Viro
2015-02-05 8:24 ` Robert Baldyga
2015-02-05 8:47 ` Al Viro
2015-02-05 9:03 ` Al Viro
2015-02-05 9:15 ` Robert Baldyga
[not found] ` <20150204230733.GK29656-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2015-02-05 15:29 ` Alan Stern
2015-02-06 7:03 ` Al Viro
[not found] ` <20150206070350.GX29656-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2015-02-06 8:44 ` Robert Baldyga
2015-02-07 5:44 ` Al Viro
2015-02-07 5:48 ` [PATCH 1/6] new helper: dup_iter() Al Viro
2015-02-07 5:48 ` [PATCH 2/6] gadget/function/f_fs.c: close leaks Al Viro
2015-02-07 5:48 ` Al Viro [this message]
2015-02-07 5:48 ` [PATCH 4/6] gadget/function/f_fs.c: switch to ->{read,write}_iter() Al Viro
2015-02-07 5:48 ` [PATCH 5/6] gadgetfs: use-after-free in ->aio_read() Al Viro
2015-02-07 5:48 ` [PATCH 6/6] gadget: switch ep_io_operations to ->read_iter/->write_iter Al Viro
2015-02-02 14:20 ` [PATCH 3/5] fs: remove ki_nbytes Christoph Hellwig
2015-01-27 17:55 ` [PATCH 4/5] fs: split generic and aio kiocb Christoph Hellwig
2015-01-27 17:55 ` [PATCH 5/5] fs: add async read/write interfaces Christoph Hellwig
2015-01-31 6:29 ` Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1423288126-31119-3-git-send-email-viro@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=balbi@ti.com \
--cc=hch@lst.de \
--cc=linux-aio@kvack.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=mszeredi@suse.cz \
--cc=stern@rowland.harvard.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).