This patch (as837) fixes several mistakes in the AIO interface of the
gadgetfs driver:
The ki_retry method is not supposed to do a put on the kiocb.
The extra call to aio_put_req() causes memory corruption.
(Note: This call was removed before, by patch as691, and then
mysteriously re-introduced later.)
Even if a read transfer is cancelled, we can and should send
to the user all the data that did manage to get transferred.
Testing for AIO cancellation in the I/O completion handler
is both racy and (now) unnecessary. aio_complete() does its
own checking, in a safe manner.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
}
kfree(priv->buf);
kfree(priv);
- aio_put_req(iocb);
return len;
}
spin_lock(&epdata->dev->lock);
priv->req = NULL;
priv->epdata = NULL;
- if (priv->iv == NULL
- || unlikely(req->actual == 0)
- || unlikely(kiocbIsCancelled(iocb))) {
+
+ /* if this was a write or a read returning no data then we
+ * don't need to copy anything to userspace, so we can
+ * complete the aio request immediately.
+ */
+ if (priv->iv == NULL || unlikely(req->actual == 0)) {
kfree(req->buf);
kfree(priv);
iocb->private = NULL;
/* aio_complete() reports bytes-transferred _and_ faults */
- if (unlikely(kiocbIsCancelled(iocb)))
- aio_put_req(iocb);
- else
- aio_complete(iocb,
- req->actual ? req->actual : req->status,
+ aio_complete(iocb, req->actual ? req->actual : req->status,
req->status);
} else {
/* retry() won't report both; so we hide some faults */