aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2015-03-13 13:55:32 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2015-03-13 13:55:32 -0400
commitf788baadbdd95b0309ab8e1565d5c425e197b8db (patch)
treeb0bd79b85eff2ee7bd36f2ab304d63ab7401645b
parentc202baf017aea0c860e53131bc55bb1af7177e76 (diff)
parent96b62a57193494010eed66ca0739c93eb4653162 (diff)
Merge branch 'gadget' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull gadgetfs fixes from Al Viro: "Assorted fixes around AIO on gadgetfs: leaks, use-after-free, troubles caused by ->f_op flipping" * 'gadget' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: gadgetfs: really get rid of switching ->f_op gadgetfs: get rid of flipping ->f_op in ep_config() gadget: switch ep_io_operations to ->read_iter/->write_iter gadgetfs: use-after-free in ->aio_read() gadget/function/f_fs.c: switch to ->{read,write}_iter() gadget/function/f_fs.c: use put iov_iter into io_data gadget/function/f_fs.c: close leaks move iov_iter.c from mm/ to lib/ new helper: dup_iter()
Diffstat
-rw-r--r--drivers/usb/gadget/function/f_fs.c204
-rw-r--r--drivers/usb/gadget/legacy/inode.c466
-rw-r--r--include/linux/uio.h2
-rw-r--r--lib/Makefile2
-rw-r--r--lib/iov_iter.c (renamed from mm/iov_iter.c)15
-rw-r--r--mm/Makefile2
6 files changed, 291 insertions, 400 deletions
diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c
index af98b096af2f..175c9956cbe3 100644
--- a/drivers/usb/gadget/function/f_fs.c
+++ b/drivers/usb/gadget/function/f_fs.c
@@ -144,10 +144,9 @@ struct ffs_io_data {
144 bool read; 144 bool read;
145 145
146 struct kiocb *kiocb; 146 struct kiocb *kiocb;
147 const struct iovec *iovec; 147 struct iov_iter data;
148 unsigned long nr_segs; 148 const void *to_free;
149 char __user *buf; 149 char *buf;
150 size_t len;
151 150
152 struct mm_struct *mm; 151 struct mm_struct *mm;
153 struct work_struct work; 152 struct work_struct work;
@@ -649,29 +648,10 @@ static void ffs_user_copy_worker(struct work_struct *work)
649 io_data->req->actual; 648 io_data->req->actual;
650 649
651 if (io_data->read && ret > 0) { 650 if (io_data->read && ret > 0) {
652 int i;
653 size_t pos = 0;
654
655 /*
656 * Since req->length may be bigger than io_data->len (after
657 * being rounded up to maxpacketsize), we may end up with more
658 * data then user space has space for.
659 */
660 ret = min_t(int, ret, io_data->len);
661
662 use_mm(io_data->mm); 651 use_mm(io_data->mm);
663 for (i = 0; i < io_data->nr_segs; i++) { 652 ret = copy_to_iter(io_data->buf, ret, &io_data->data);
664 size_t len = min_t(size_t, ret - pos, 653 if (iov_iter_count(&io_data->data))
665 io_data->iovec[i].iov_len); 654 ret = -EFAULT;
666 if (!len)
667 break;
668 if (unlikely(copy_to_user(io_data->iovec[i].iov_base,
669 &io_data->buf[pos], len))) {
670 ret = -EFAULT;
671 break;
672 }
673 pos += len;
674 }
675 unuse_mm(io_data->mm); 655 unuse_mm(io_data->mm);
676 } 656 }
677 657
@@ -684,7 +664,7 @@ static void ffs_user_copy_worker(struct work_struct *work)
684 664
685 io_data->kiocb->private = NULL; 665 io_data->kiocb->private = NULL;
686 if (io_data->read) 666 if (io_data->read)
687 kfree(io_data->iovec); 667 kfree(io_data->to_free);
688 kfree(io_data->buf); 668 kfree(io_data->buf);
689 kfree(io_data); 669 kfree(io_data);
690} 670}
@@ -743,6 +723,7 @@ static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
743 * before the waiting completes, so do not assign to 'gadget' earlier 723 * before the waiting completes, so do not assign to 'gadget' earlier
744 */ 724 */
745 struct usb_gadget *gadget = epfile->ffs->gadget; 725 struct usb_gadget *gadget = epfile->ffs->gadget;
726 size_t copied;
746 727
747 spin_lock_irq(&epfile->ffs->eps_lock); 728 spin_lock_irq(&epfile->ffs->eps_lock);
748 /* In the meantime, endpoint got disabled or changed. */ 729 /* In the meantime, endpoint got disabled or changed. */
@@ -750,34 +731,21 @@ static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
750 spin_unlock_irq(&epfile->ffs->eps_lock); 731 spin_unlock_irq(&epfile->ffs->eps_lock);
751 return -ESHUTDOWN; 732 return -ESHUTDOWN;
752 } 733 }
734 data_len = iov_iter_count(&io_data->data);
753 /* 735 /*
754 * Controller may require buffer size to be aligned to 736 * Controller may require buffer size to be aligned to
755 * maxpacketsize of an out endpoint. 737 * maxpacketsize of an out endpoint.
756 */ 738 */
757 data_len = io_data->read ? 739 if (io_data->read)
758 usb_ep_align_maybe(gadget, ep->ep, io_data->len) : 740 data_len = usb_ep_align_maybe(gadget, ep->ep, data_len);
759 io_data->len;
760 spin_unlock_irq(&epfile->ffs->eps_lock); 741 spin_unlock_irq(&epfile->ffs->eps_lock);
761 742
762 data = kmalloc(data_len, GFP_KERNEL); 743 data = kmalloc(data_len, GFP_KERNEL);
763 if (unlikely(!data)) 744 if (unlikely(!data))
764 return -ENOMEM; 745 return -ENOMEM;
765 if (io_data->aio && !io_data->read) { 746 if (!io_data->read) {
766 int i; 747 copied = copy_from_iter(data, data_len, &io_data->data);
767 size_t pos = 0; 748 if (copied != data_len) {
768 for (i = 0; i < io_data->nr_segs; i++) {
769 if (unlikely(copy_from_user(&data[pos],
770 io_data->iovec[i].iov_base,
771 io_data->iovec[i].iov_len))) {
772 ret = -EFAULT;
773 goto error;
774 }
775 pos += io_data->iovec[i].iov_len;
776 }
777 } else {
778 if (!io_data->read &&
779 unlikely(__copy_from_user(data, io_data->buf,
780 io_data->len))) {
781 ret = -EFAULT; 749 ret = -EFAULT;
782 goto error; 750 goto error;
783 } 751 }
@@ -876,10 +844,8 @@ static ssize_t ffs_epfile_io(struct file *file, struct ffs_io_data *io_data)
876 */ 844 */
877 ret = ep->status; 845 ret = ep->status;
878 if (io_data->read && ret > 0) { 846 if (io_data->read && ret > 0) {
879 ret = min_t(size_t, ret, io_data->len); 847 ret = copy_to_iter(data, ret, &io_data->data);
880 848 if (unlikely(iov_iter_count(&io_data->data)))
881 if (unlikely(copy_to_user(io_data->buf,
882 data, ret)))
883 ret = -EFAULT; 849 ret = -EFAULT;
884 } 850 }
885 } 851 }
@@ -898,37 +864,6 @@ error:
898 return ret; 864 return ret;
899} 865}
900 866
901static ssize_t
902ffs_epfile_write(struct file *file, const char __user *buf, size_t len,
903 loff_t *ptr)
904{
905 struct ffs_io_data io_data;
906
907 ENTER();
908
909 io_data.aio = false;
910 io_data.read = false;
911 io_data.buf = (char * __user)buf;
912 io_data.len = len;
913
914 return ffs_epfile_io(file, &io_data);
915}
916
917static ssize_t
918ffs_epfile_read(struct file *file, char __user *buf, size_t len, loff_t *ptr)
919{
920 struct ffs_io_data io_data;
921
922 ENTER();
923
924 io_data.aio = false;
925 io_data.read = true;
926 io_data.buf = buf;
927 io_data.len = len;
928
929 return ffs_epfile_io(file, &io_data);
930}
931
932static int 867static int
933ffs_epfile_open(struct inode *inode, struct file *file) 868ffs_epfile_open(struct inode *inode, struct file *file)
934{ 869{
@@ -965,67 +900,86 @@ static int ffs_aio_cancel(struct kiocb *kiocb)
965 return value; 900 return value;
966} 901}
967 902
968static ssize_t ffs_epfile_aio_write(struct kiocb *kiocb, 903static ssize_t ffs_epfile_write_iter(struct kiocb *kiocb, struct iov_iter *from)
969 const struct iovec *iovec,
970 unsigned long nr_segs, loff_t loff)
971{ 904{
972 struct ffs_io_data *io_data; 905 struct ffs_io_data io_data, *p = &io_data;
906 ssize_t res;
973 907
974 ENTER(); 908 ENTER();
975 909
976 io_data = kmalloc(sizeof(*io_data), GFP_KERNEL); 910 if (!is_sync_kiocb(kiocb)) {
977 if (unlikely(!io_data)) 911 p = kmalloc(sizeof(io_data), GFP_KERNEL);
978 return -ENOMEM; 912 if (unlikely(!p))
913 return -ENOMEM;
914 p->aio = true;
915 } else {
916 p->aio = false;
917 }
979 918
980 io_data->aio = true; 919 p->read = false;
981 io_data->read = false; 920 p->kiocb = kiocb;
982 io_data->kiocb = kiocb; 921 p->data = *from;
983 io_data->iovec = iovec; 922 p->mm = current->mm;
984 io_data->nr_segs = nr_segs;
985 io_data->len = kiocb->ki_nbytes;
986 io_data->mm = current->mm;
987 923
988 kiocb->private = io_data; 924 kiocb->private = p;
989 925
990 kiocb_set_cancel_fn(kiocb, ffs_aio_cancel); 926 kiocb_set_cancel_fn(kiocb, ffs_aio_cancel);
991 927
992 return ffs_epfile_io(kiocb->ki_filp, io_data); 928 res = ffs_epfile_io(kiocb->ki_filp, p);
929 if (res == -EIOCBQUEUED)
930 return res;
931 if (p->aio)
932 kfree(p);
933 else
934 *from = p->data;
935 return res;
993} 936}
994 937
995static ssize_t ffs_epfile_aio_read(struct kiocb *kiocb, 938static ssize_t ffs_epfile_read_iter(struct kiocb *kiocb, struct iov_iter *to)
996 const struct iovec *iovec,
997 unsigned long nr_segs, loff_t loff)
998{ 939{
999 struct ffs_io_data *io_data; 940 struct ffs_io_data io_data, *p = &io_data;
1000 struct iovec *iovec_copy; 941 ssize_t res;
1001 942
1002 ENTER(); 943 ENTER();
1003 944
1004 iovec_copy = kmalloc_array(nr_segs, sizeof(*iovec_copy), GFP_KERNEL); 945 if (!is_sync_kiocb(kiocb)) {
1005 if (unlikely(!iovec_copy)) 946 p = kmalloc(sizeof(io_data), GFP_KERNEL);
1006 return -ENOMEM; 947 if (unlikely(!p))
1007 948 return -ENOMEM;
1008 memcpy(iovec_copy, iovec, sizeof(struct iovec)*nr_segs); 949 p->aio = true;
1009 950 } else {
1010 io_data = kmalloc(sizeof(*io_data), GFP_KERNEL); 951 p->aio = false;
1011 if (unlikely(!io_data)) {
1012 kfree(iovec_copy);
1013 return -ENOMEM;
1014 } 952 }
1015 953
1016 io_data->aio = true; 954 p->read = true;
1017 io_data->read = true; 955 p->kiocb = kiocb;
1018 io_data->kiocb = kiocb; 956 if (p->aio) {
1019 io_data->iovec = iovec_copy; 957 p->to_free = dup_iter(&p->data, to, GFP_KERNEL);
1020 io_data->nr_segs = nr_segs; 958 if (!p->to_free) {
1021 io_data->len = kiocb->ki_nbytes; 959 kfree(p);
1022 io_data->mm = current->mm; 960 return -ENOMEM;
961 }
962 } else {
963 p->data = *to;
964 p->to_free = NULL;
965 }
966 p->mm = current->mm;
1023 967
1024 kiocb->private = io_data; 968 kiocb->private = p;
1025 969
1026 kiocb_set_cancel_fn(kiocb, ffs_aio_cancel); 970 kiocb_set_cancel_fn(kiocb, ffs_aio_cancel);
1027 971
1028 return ffs_epfile_io(kiocb->ki_filp, io_data); 972 res = ffs_epfile_io(kiocb->ki_filp, p);
973 if (res == -EIOCBQUEUED)
974 return res;
975
976 if (p->aio) {
977 kfree(p->to_free);
978 kfree(p);
979 } else {
980 *to = p->data;
981 }
982 return res;
1029} 983}
1030 984
1031static int 985static int
@@ -1105,10 +1059,10 @@ static const struct file_operations ffs_epfile_operations = {
1105 .llseek = no_llseek, 1059 .llseek = no_llseek,
1106 1060
1107 .open = ffs_epfile_open, 1061 .open = ffs_epfile_open,
1108 .write = ffs_epfile_write, 1062 .write = new_sync_write,
1109 .read = ffs_epfile_read, 1063 .read = new_sync_read,
1110 .aio_write = ffs_epfile_aio_write, 1064 .write_iter = ffs_epfile_write_iter,
1111 .aio_read = ffs_epfile_aio_read, 1065 .read_iter = ffs_epfile_read_iter,
1112 .release = ffs_epfile_release, 1066 .release = ffs_epfile_release,
1113 .unlocked_ioctl = ffs_epfile_ioctl, 1067 .unlocked_ioctl = ffs_epfile_ioctl,
1114}; 1068};
diff --git a/drivers/usb/gadget/legacy/inode.c b/drivers/usb/gadget/legacy/inode.c
index db49ec4c748e..200f9a584064 100644
--- a/drivers/usb/gadget/legacy/inode.c
+++ b/drivers/usb/gadget/legacy/inode.c
@@ -74,6 +74,8 @@ MODULE_DESCRIPTION (DRIVER_DESC);
74MODULE_AUTHOR ("David Brownell"); 74MODULE_AUTHOR ("David Brownell");
75MODULE_LICENSE ("GPL"); 75MODULE_LICENSE ("GPL");
76 76
77static int ep_open(struct inode *, struct file *);
78
77 79
78/*----------------------------------------------------------------------*/ 80/*----------------------------------------------------------------------*/
79 81
@@ -283,14 +285,15 @@ static void epio_complete (struct usb_ep *ep, struct usb_request *req)
283 * still need dev->lock to use epdata->ep. 285 * still need dev->lock to use epdata->ep.
284 */ 286 */
285static int 287static int
286get_ready_ep (unsigned f_flags, struct ep_data *epdata) 288get_ready_ep (unsigned f_flags, struct ep_data *epdata, bool is_write)
287{ 289{
288 int val; 290 int val;
289 291
290 if (f_flags & O_NONBLOCK) { 292 if (f_flags & O_NONBLOCK) {
291 if (!mutex_trylock(&epdata->lock)) 293 if (!mutex_trylock(&epdata->lock))
292 goto nonblock; 294 goto nonblock;
293 if (epdata->state != STATE_EP_ENABLED) { 295 if (epdata->state != STATE_EP_ENABLED &&
296 (!is_write || epdata->state != STATE_EP_READY)) {
294 mutex_unlock(&epdata->lock); 297 mutex_unlock(&epdata->lock);
295nonblock: 298nonblock:
296 val = -EAGAIN; 299 val = -EAGAIN;
@@ -305,18 +308,20 @@ nonblock:
305 308
306 switch (epdata->state) { 309 switch (epdata->state) {
307 case STATE_EP_ENABLED: 310 case STATE_EP_ENABLED:
311 return 0;
312 case STATE_EP_READY: /* not configured yet */
313 if (is_write)
314 return 0;
315 // FALLTHRU
316 case STATE_EP_UNBOUND: /* clean disconnect */
308 break; 317 break;
309 // case STATE_EP_DISABLED: /* "can't happen" */ 318 // case STATE_EP_DISABLED: /* "can't happen" */
310 // case STATE_EP_READY: /* "can't happen" */
311 default: /* error! */ 319 default: /* error! */
312 pr_debug ("%s: ep %p not available, state %d\n", 320 pr_debug ("%s: ep %p not available, state %d\n",
313 shortname, epdata, epdata->state); 321 shortname, epdata, epdata->state);
314 // FALLTHROUGH
315 case STATE_EP_UNBOUND: /* clean disconnect */
316 val = -ENODEV;
317 mutex_unlock(&epdata->lock);
318 } 322 }
319 return val; 323 mutex_unlock(&epdata->lock);
324 return -ENODEV;
320} 325}
321 326
322static ssize_t 327static ssize_t
@@ -363,97 +368,6 @@ ep_io (struct ep_data *epdata, void *buf, unsigned len)
363 return value; 368 return value;
364} 369}
365 370
366
367/* handle a synchronous OUT bulk/intr/iso transfer */
368static ssize_t
369ep_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr)
370{
371 struct ep_data *data = fd->private_data;
372 void *kbuf;
373 ssize_t value;
374
375 if ((value = get_ready_ep (fd->f_flags, data)) < 0)
376 return value;
377
378 /* halt any endpoint by doing a "wrong direction" i/o call */
379 if (usb_endpoint_dir_in(&data->desc)) {
380 if (usb_endpoint_xfer_isoc(&data->desc)) {
381 mutex_unlock(&data->lock);
382 return -EINVAL;
383 }
384 DBG (data->dev, "%s halt\n", data->name);
385 spin_lock_irq (&data->dev->lock);
386 if (likely (data->ep != NULL))
387 usb_ep_set_halt (data->ep);
388 spin_unlock_irq (&data->dev->lock);
389 mutex_unlock(&data->lock);
390 return -EBADMSG;
391 }
392
393 /* FIXME readahead for O_NONBLOCK and poll(); careful with ZLPs */
394
395 value = -ENOMEM;
396 kbuf = kmalloc (len, GFP_KERNEL);
397 if (unlikely (!kbuf))
398 goto free1;
399
400 value = ep_io (data, kbuf, len);
401 VDEBUG (data->dev, "%s read %zu OUT, status %d\n",
402 data->name, len, (int) value);
403 if (value >= 0 && copy_to_user (buf, kbuf, value))
404 value = -EFAULT;
405
406free1:
407 mutex_unlock(&data->lock);
408 kfree (kbuf);
409 return value;
410}
411
412/* handle a synchronous IN bulk/intr/iso transfer */
413static ssize_t
414ep_write (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
415{
416 struct ep_data *data = fd->private_data;
417 void *kbuf;
418 ssize_t value;
419
420 if ((value = get_ready_ep (fd->f_flags, data)) < 0)
421 return value;
422
423 /* halt any endpoint by doing a "wrong direction" i/o call */
424 if (!usb_endpoint_dir_in(&data->desc)) {
425 if (usb_endpoint_xfer_isoc(&data->desc)) {
426 mutex_unlock(&data->lock);
427 return -EINVAL;
428 }
429 DBG (data->dev, "%s halt\n", data->name);
430 spin_lock_irq (&data->dev->lock);
431 if (likely (data->ep != NULL))
432 usb_ep_set_halt (data->ep);
433 spin_unlock_irq (&data->dev->lock);
434 mutex_unlock(&data->lock);
435 return -EBADMSG;
436 }
437
438 /* FIXME writebehind for O_NONBLOCK and poll(), qlen = 1 */
439
440 value = -ENOMEM;
441 kbuf = memdup_user(buf, len);
442 if (IS_ERR(kbuf)) {
443 value = PTR_ERR(kbuf);
444 kbuf = NULL;
445 goto free1;
446 }
447
448 value = ep_io (data, kbuf, len);
449 VDEBUG (data->dev, "%s write %zu IN, status %d\n",
450 data->name, len, (int) value);
451free1:
452 mutex_unlock(&data->lock);
453 kfree (kbuf);
454 return value;
455}
456
457static int 371static int
458ep_release (struct inode *inode, struct file *fd) 372ep_release (struct inode *inode, struct file *fd)
459{ 373{
@@ -481,7 +395,7 @@ static long ep_ioctl(struct file *fd, unsigned code, unsigned long value)
481 struct ep_data *data = fd->private_data; 395 struct ep_data *data = fd->private_data;
482 int status; 396 int status;
483 397
484 if ((status = get_ready_ep (fd->f_flags, data)) < 0) 398 if ((status = get_ready_ep (fd->f_flags, data, false)) < 0)
485 return status; 399 return status;
486 400
487 spin_lock_irq (&data->dev->lock); 401 spin_lock_irq (&data->dev->lock);
@@ -517,8 +431,8 @@ struct kiocb_priv {
517 struct mm_struct *mm; 431 struct mm_struct *mm;
518 struct work_struct work; 432 struct work_struct work;
519 void *buf; 433 void *buf;
520 const struct iovec *iv; 434 struct iov_iter to;
521 unsigned long nr_segs; 435 const void *to_free;
522 unsigned actual; 436 unsigned actual;
523}; 437};
524 438
@@ -541,35 +455,6 @@ static int ep_aio_cancel(struct kiocb *iocb)
541 return value; 455 return value;
542} 456}
543 457
544static ssize_t ep_copy_to_user(struct kiocb_priv *priv)
545{
546 ssize_t len, total;
547 void *to_copy;
548 int i;
549
550 /* copy stuff into user buffers */
551 total = priv->actual;
552 len = 0;
553 to_copy = priv->buf;
554 for (i=0; i < priv->nr_segs; i++) {
555 ssize_t this = min((ssize_t)(priv->iv[i].iov_len), total);
556
557 if (copy_to_user(priv->iv[i].iov_base, to_copy, this)) {
558 if (len == 0)
559 len = -EFAULT;
560 break;
561 }
562
563 total -= this;
564 len += this;
565 to_copy += this;
566 if (total == 0)
567 break;
568 }
569
570 return len;
571}
572
573static void ep_user_copy_worker(struct work_struct *work) 458static void ep_user_copy_worker(struct work_struct *work)
574{ 459{
575 struct kiocb_priv *priv = container_of(work, struct kiocb_priv, work); 460 struct kiocb_priv *priv = container_of(work, struct kiocb_priv, work);
@@ -578,13 +463,16 @@ static void ep_user_copy_worker(struct work_struct *work)
578 size_t ret; 463 size_t ret;
579 464
580 use_mm(mm); 465 use_mm(mm);
581 ret = ep_copy_to_user(priv); 466 ret = copy_to_iter(priv->buf, priv->actual, &priv->to);
582 unuse_mm(mm); 467 unuse_mm(mm);
468 if (!ret)
469 ret = -EFAULT;
583 470
584 /* completing the iocb can drop the ctx and mm, don't touch mm after */ 471 /* completing the iocb can drop the ctx and mm, don't touch mm after */
585 aio_complete(iocb, ret, ret); 472 aio_complete(iocb, ret, ret);
586 473
587 kfree(priv->buf); 474 kfree(priv->buf);
475 kfree(priv->to_free);
588 kfree(priv); 476 kfree(priv);
589} 477}
590 478
@@ -603,8 +491,9 @@ static void ep_aio_complete(struct usb_ep *ep, struct usb_request *req)
603 * don't need to copy anything to userspace, so we can 491 * don't need to copy anything to userspace, so we can
604 * complete the aio request immediately. 492 * complete the aio request immediately.
605 */ 493 */
606 if (priv->iv == NULL || unlikely(req->actual == 0)) { 494 if (priv->to_free == NULL || unlikely(req->actual == 0)) {
607 kfree(req->buf); 495 kfree(req->buf);
496 kfree(priv->to_free);
608 kfree(priv); 497 kfree(priv);
609 iocb->private = NULL; 498 iocb->private = NULL;
610 /* aio_complete() reports bytes-transferred _and_ faults */ 499 /* aio_complete() reports bytes-transferred _and_ faults */
@@ -618,6 +507,7 @@ static void ep_aio_complete(struct usb_ep *ep, struct usb_request *req)
618 507
619 priv->buf = req->buf; 508 priv->buf = req->buf;
620 priv->actual = req->actual; 509 priv->actual = req->actual;
510 INIT_WORK(&priv->work, ep_user_copy_worker);
621 schedule_work(&priv->work); 511 schedule_work(&priv->work);
622 } 512 }
623 spin_unlock(&epdata->dev->lock); 513 spin_unlock(&epdata->dev->lock);
@@ -626,38 +516,17 @@ static void ep_aio_complete(struct usb_ep *ep, struct usb_request *req)
626 put_ep(epdata); 516 put_ep(epdata);
627} 517}
628 518
629static ssize_t 519static ssize_t ep_aio(struct kiocb *iocb,
630ep_aio_rwtail( 520 struct kiocb_priv *priv,
631 struct kiocb *iocb, 521 struct ep_data *epdata,
632 char *buf, 522 char *buf,
633 size_t len, 523 size_t len)
634 struct ep_data *epdata,
635 const struct iovec *iv,
636 unsigned long nr_segs
637)
638{ 524{
639 struct kiocb_priv *priv; 525 struct usb_request *req;
640 struct usb_request *req; 526 ssize_t value;
641 ssize_t value;
642 527
643 priv = kmalloc(sizeof *priv, GFP_KERNEL);
644 if (!priv) {
645 value = -ENOMEM;
646fail:
647 kfree(buf);
648 return value;
649 }
650 iocb->private = priv; 528 iocb->private = priv;
651 priv->iocb = iocb; 529 priv->iocb = iocb;
652 priv->iv = iv;
653 priv->nr_segs = nr_segs;
654 INIT_WORK(&priv->work, ep_user_copy_worker);
655
656 value = get_ready_ep(iocb->ki_filp->f_flags, epdata);
657 if (unlikely(value < 0)) {
658 kfree(priv);
659 goto fail;
660 }
661 530
662 kiocb_set_cancel_fn(iocb, ep_aio_cancel); 531 kiocb_set_cancel_fn(iocb, ep_aio_cancel);
663 get_ep(epdata); 532 get_ep(epdata);
@@ -669,75 +538,154 @@ fail:
669 * allocate or submit those if the host disconnected. 538 * allocate or submit those if the host disconnected.
670 */ 539 */
671 spin_lock_irq(&epdata->dev->lock); 540 spin_lock_irq(&epdata->dev->lock);
672 if (likely(epdata->ep)) { 541 value = -ENODEV;
673 req = usb_ep_alloc_request(epdata->ep, GFP_ATOMIC); 542 if (unlikely(epdata->ep))
674 if (likely(req)) { 543 goto fail;
675 priv->req = req;
676 req->buf = buf;
677 req->length = len;
678 req->complete = ep_aio_complete;
679 req->context = iocb;
680 value = usb_ep_queue(epdata->ep, req, GFP_ATOMIC);
681 if (unlikely(0 != value))
682 usb_ep_free_request(epdata->ep, req);
683 } else
684 value = -EAGAIN;
685 } else
686 value = -ENODEV;
687 spin_unlock_irq(&epdata->dev->lock);
688 544
689 mutex_unlock(&epdata->lock); 545 req = usb_ep_alloc_request(epdata->ep, GFP_ATOMIC);
546 value = -ENOMEM;
547 if (unlikely(!req))
548 goto fail;
690 549
691 if (unlikely(value)) { 550 priv->req = req;
692 kfree(priv); 551 req->buf = buf;
693 put_ep(epdata); 552 req->length = len;
694 } else 553 req->complete = ep_aio_complete;
695 value = -EIOCBQUEUED; 554 req->context = iocb;
555 value = usb_ep_queue(epdata->ep, req, GFP_ATOMIC);
556 if (unlikely(0 != value)) {
557 usb_ep_free_request(epdata->ep, req);
558 goto fail;
559 }
560 spin_unlock_irq(&epdata->dev->lock);
561 return -EIOCBQUEUED;
562
563fail:
564 spin_unlock_irq(&epdata->dev->lock);
565 kfree(priv->to_free);
566 kfree(priv);
567 put_ep(epdata);
696 return value; 568 return value;
697} 569}
698 570
699static ssize_t 571static ssize_t
700ep_aio_read(struct kiocb *iocb, const struct iovec *iov, 572ep_read_iter(struct kiocb *iocb, struct iov_iter *to)
701 unsigned long nr_segs, loff_t o)
702{ 573{
703 struct ep_data *epdata = iocb->ki_filp->private_data; 574 struct file *file = iocb->ki_filp;
704 char *buf; 575 struct ep_data *epdata = file->private_data;
576 size_t len = iov_iter_count(to);
577 ssize_t value;
578 char *buf;
705 579
706 if (unlikely(usb_endpoint_dir_in(&epdata->desc))) 580 if ((value = get_ready_ep(file->f_flags, epdata, false)) < 0)
707 return -EINVAL; 581 return value;
708 582
709 buf = kmalloc(iocb->ki_nbytes, GFP_KERNEL); 583 /* halt any endpoint by doing a "wrong direction" i/o call */
710 if (unlikely(!buf)) 584 if (usb_endpoint_dir_in(&epdata->desc)) {
711 return -ENOMEM; 585 if (usb_endpoint_xfer_isoc(&epdata->desc) ||
586 !is_sync_kiocb(iocb)) {
587 mutex_unlock(&epdata->lock);
588 return -EINVAL;
589 }
590 DBG (epdata->dev, "%s halt\n", epdata->name);
591 spin_lock_irq(&epdata->dev->lock);
592 if (likely(epdata->ep != NULL))
593 usb_ep_set_halt(epdata->ep);
594 spin_unlock_irq(&epdata->dev->lock);
595 mutex_unlock(&epdata->lock);
596 return -EBADMSG;
597 }
712 598
713 return ep_aio_rwtail(iocb, buf, iocb->ki_nbytes, epdata, iov, nr_segs); 599 buf = kmalloc(len, GFP_KERNEL);
600 if (unlikely(!buf)) {
601 mutex_unlock(&epdata->lock);
602 return -ENOMEM;
603 }
604 if (is_sync_kiocb(iocb)) {
605 value = ep_io(epdata, buf, len);
606 if (value >= 0 && copy_to_iter(buf, value, to))
607 value = -EFAULT;
608 } else {
609 struct kiocb_priv *priv = kzalloc(sizeof *priv, GFP_KERNEL);
610 value = -ENOMEM;
611 if (!priv)
612 goto fail;
613 priv->to_free = dup_iter(&priv->to, to, GFP_KERNEL);
614 if (!priv->to_free) {
615 kfree(priv);
616 goto fail;
617 }
618 value = ep_aio(iocb, priv, epdata, buf, len);
619 if (value == -EIOCBQUEUED)
620 buf = NULL;
621 }
622fail:
623 kfree(buf);
624 mutex_unlock(&epdata->lock);
625 return value;
714} 626}
715 627
628static ssize_t ep_config(struct ep_data *, const char *, size_t);
629
716static ssize_t 630static ssize_t
717ep_aio_write(struct kiocb *iocb, const struct iovec *iov, 631ep_write_iter(struct kiocb *iocb, struct iov_iter *from)
718 unsigned long nr_segs, loff_t o)
719{ 632{
720 struct ep_data *epdata = iocb->ki_filp->private_data; 633 struct file *file = iocb->ki_filp;
721 char *buf; 634 struct ep_data *epdata = file->private_data;
722 size_t len = 0; 635 size_t len = iov_iter_count(from);
723 int i = 0; 636 bool configured;
637 ssize_t value;
638 char *buf;
639
640 if ((value = get_ready_ep(file->f_flags, epdata, true)) < 0)
641 return value;
724 642
725 if (unlikely(!usb_endpoint_dir_in(&epdata->desc))) 643 configured = epdata->state == STATE_EP_ENABLED;
726 return -EINVAL;
727 644
728 buf = kmalloc(iocb->ki_nbytes, GFP_KERNEL); 645 /* halt any endpoint by doing a "wrong direction" i/o call */
729 if (unlikely(!buf)) 646 if (configured && !usb_endpoint_dir_in(&epdata->desc)) {
647 if (usb_endpoint_xfer_isoc(&epdata->desc) ||
648 !is_sync_kiocb(iocb)) {
649 mutex_unlock(&epdata->lock);
650 return -EINVAL;
651 }
652 DBG (epdata->dev, "%s halt\n", epdata->name);
653 spin_lock_irq(&epdata->dev->lock);
654 if (likely(epdata->ep != NULL))
655 usb_ep_set_halt(epdata->ep);
656 spin_unlock_irq(&epdata->dev->lock);
657 mutex_unlock(&epdata->lock);
658 return -EBADMSG;
659 }
660
661 buf = kmalloc(len, GFP_KERNEL);
662 if (unlikely(!buf)) {
663 mutex_unlock(&epdata->lock);
730 return -ENOMEM; 664 return -ENOMEM;
665 }
731 666
732 for (i=0; i < nr_segs; i++) { 667 if (unlikely(copy_from_iter(buf, len, from) != len)) {
733 if (unlikely(copy_from_user(&buf[len], iov[i].iov_base, 668 value = -EFAULT;
734 iov[i].iov_len) != 0)) { 669 goto out;
735 kfree(buf); 670 }
736 return -EFAULT; 671
672 if (unlikely(!configured)) {
673 value = ep_config(epdata, buf, len);
674 } else if (is_sync_kiocb(iocb)) {
675 value = ep_io(epdata, buf, len);
676 } else {
677 struct kiocb_priv *priv = kzalloc(sizeof *priv, GFP_KERNEL);
678 value = -ENOMEM;
679 if (priv) {
680 value = ep_aio(iocb, priv, epdata, buf, len);
681 if (value == -EIOCBQUEUED)
682 buf = NULL;
737 } 683 }
738 len += iov[i].iov_len;
739 } 684 }
740 return ep_aio_rwtail(iocb, buf, len, epdata, NULL, 0); 685out:
686 kfree(buf);
687 mutex_unlock(&epdata->lock);
688 return value;
741} 689}
742 690
743/*----------------------------------------------------------------------*/ 691/*----------------------------------------------------------------------*/
@@ -745,15 +693,15 @@ ep_aio_write(struct kiocb *iocb, const struct iovec *iov,
745/* used after endpoint configuration */ 693/* used after endpoint configuration */
746static const struct file_operations ep_io_operations = { 694static const struct file_operations ep_io_operations = {
747 .owner = THIS_MODULE, 695 .owner = THIS_MODULE,
748 .llseek = no_llseek,
749 696
750 .read = ep_read, 697 .open = ep_open,
751 .write = ep_write,
752 .unlocked_ioctl = ep_ioctl,
753 .release = ep_release, 698 .release = ep_release,
754 699 .llseek = no_llseek,
755 .aio_read = ep_aio_read, 700 .read = new_sync_read,
756 .aio_write = ep_aio_write, 701 .write = new_sync_write,
702 .unlocked_ioctl = ep_ioctl,
703 .read_iter = ep_read_iter,
704 .write_iter = ep_write_iter,
757}; 705};
758 706
759/* ENDPOINT INITIALIZATION 707/* ENDPOINT INITIALIZATION
@@ -770,17 +718,12 @@ static const struct file_operations ep_io_operations = {
770 * speed descriptor, then optional high speed descriptor. 718 * speed descriptor, then optional high speed descriptor.
771 */ 719 */
772static ssize_t 720static ssize_t
773ep_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr) 721ep_config (struct ep_data *data, const char *buf, size_t len)
774{ 722{
775 struct ep_data *data = fd->private_data;
776 struct usb_ep *ep; 723 struct usb_ep *ep;
777 u32 tag; 724 u32 tag;
778 int value, length = len; 725 int value, length = len;
779 726
780 value = mutex_lock_interruptible(&data->lock);
781 if (value < 0)
782 return value;
783
784 if (data->state != STATE_EP_READY) { 727 if (data->state != STATE_EP_READY) {
785 value = -EL2HLT; 728 value = -EL2HLT;
786 goto fail; 729 goto fail;
@@ -791,9 +734,7 @@ ep_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
791 goto fail0; 734 goto fail0;
792 735
793 /* we might need to change message format someday */ 736 /* we might need to change message format someday */
794 if (copy_from_user (&tag, buf, 4)) { 737 memcpy(&tag, buf, 4);
795 goto fail1;
796 }
797 if (tag != 1) { 738 if (tag != 1) {
798 DBG(data->dev, "config %s, bad tag %d\n", data->name, tag); 739 DBG(data->dev, "config %s, bad tag %d\n", data->name, tag);
799 goto fail0; 740 goto fail0;
@@ -806,19 +747,15 @@ ep_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
806 */ 747 */
807 748
808 /* full/low speed descriptor, then high speed */ 749 /* full/low speed descriptor, then high speed */
809 if (copy_from_user (&data->desc, buf, USB_DT_ENDPOINT_SIZE)) { 750 memcpy(&data->desc, buf, USB_DT_ENDPOINT_SIZE);
810 goto fail1;
811 }
812 if (data->desc.bLength != USB_DT_ENDPOINT_SIZE 751 if (data->desc.bLength != USB_DT_ENDPOINT_SIZE
813 || data->desc.bDescriptorType != USB_DT_ENDPOINT) 752 || data->desc.bDescriptorType != USB_DT_ENDPOINT)
814 goto fail0; 753 goto fail0;
815 if (len != USB_DT_ENDPOINT_SIZE) { 754 if (len != USB_DT_ENDPOINT_SIZE) {
816 if (len != 2 * USB_DT_ENDPOINT_SIZE) 755 if (len != 2 * USB_DT_ENDPOINT_SIZE)
817 goto fail0; 756 goto fail0;
818 if (copy_from_user (&data->hs_desc, buf + USB_DT_ENDPOINT_SIZE, 757 memcpy(&data->hs_desc, buf + USB_DT_ENDPOINT_SIZE,
819 USB_DT_ENDPOINT_SIZE)) { 758 USB_DT_ENDPOINT_SIZE);
820 goto fail1;
821 }
822 if (data->hs_desc.bLength != USB_DT_ENDPOINT_SIZE 759 if (data->hs_desc.bLength != USB_DT_ENDPOINT_SIZE
823 || data->hs_desc.bDescriptorType 760 || data->hs_desc.bDescriptorType
824 != USB_DT_ENDPOINT) { 761 != USB_DT_ENDPOINT) {
@@ -840,24 +777,20 @@ ep_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
840 case USB_SPEED_LOW: 777 case USB_SPEED_LOW:
841 case USB_SPEED_FULL: 778 case USB_SPEED_FULL:
842 ep->desc = &data->desc; 779 ep->desc = &data->desc;
843 value = usb_ep_enable(ep);
844 if (value == 0)
845 data->state = STATE_EP_ENABLED;
846 break; 780 break;
847 case USB_SPEED_HIGH: 781 case USB_SPEED_HIGH:
848 /* fails if caller didn't provide that descriptor... */ 782 /* fails if caller didn't provide that descriptor... */
849 ep->desc = &data->hs_desc; 783 ep->desc = &data->hs_desc;
850 value = usb_ep_enable(ep);
851 if (value == 0)
852 data->state = STATE_EP_ENABLED;
853 break; 784 break;
854 default: 785 default:
855 DBG(data->dev, "unconnected, %s init abandoned\n", 786 DBG(data->dev, "unconnected, %s init abandoned\n",
856 data->name); 787 data->name);
857 value = -EINVAL; 788 value = -EINVAL;
789 goto gone;
858 } 790 }
791 value = usb_ep_enable(ep);
859 if (value == 0) { 792 if (value == 0) {
860 fd->f_op = &ep_io_operations; 793 data->state = STATE_EP_ENABLED;
861 value = length; 794 value = length;
862 } 795 }
863gone: 796gone:
@@ -867,14 +800,10 @@ fail:
867 data->desc.bDescriptorType = 0; 800 data->desc.bDescriptorType = 0;
868 data->hs_desc.bDescriptorType = 0; 801 data->hs_desc.bDescriptorType = 0;
869 } 802 }
870 mutex_unlock(&data->lock);
871 return value; 803 return value;
872fail0: 804fail0:
873 value = -EINVAL; 805 value = -EINVAL;
874 goto fail; 806 goto fail;
875fail1:
876 value = -EFAULT;
877 goto fail;
878} 807}
879 808
880static int 809static int
@@ -902,15 +831,6 @@ ep_open (struct inode *inode, struct file *fd)
902 return value; 831 return value;
903} 832}
904 833
905/* used before endpoint configuration */
906static const struct file_operations ep_config_operations = {
907 .llseek = no_llseek,
908
909 .open = ep_open,
910 .write = ep_config,
911 .release = ep_release,
912};
913
914/*----------------------------------------------------------------------*/ 834/*----------------------------------------------------------------------*/
915 835
916/* EP0 IMPLEMENTATION can be partly in userspace. 836/* EP0 IMPLEMENTATION can be partly in userspace.
@@ -989,6 +909,10 @@ ep0_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr)
989 enum ep0_state state; 909 enum ep0_state state;
990 910
991 spin_lock_irq (&dev->lock); 911 spin_lock_irq (&dev->lock);
912 if (dev->state <= STATE_DEV_OPENED) {
913 retval = -EINVAL;
914 goto done;
915 }
992 916
993 /* report fd mode change before acting on it */ 917 /* report fd mode change before acting on it */
994 if (dev->setup_abort) { 918 if (dev->setup_abort) {
@@ -1187,8 +1111,6 @@ ep0_write (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1187 struct dev_data *dev = fd->private_data; 1111 struct dev_data *dev = fd->private_data;
1188 ssize_t retval = -ESRCH; 1112 ssize_t retval = -ESRCH;
1189 1113
1190 spin_lock_irq (&dev->lock);
1191
1192 /* report fd mode change before acting on it */ 1114 /* report fd mode change before acting on it */
1193 if (dev->setup_abort) { 1115 if (dev->setup_abort) {
1194 dev->setup_abort = 0; 1116 dev->setup_abort = 0;
@@ -1234,7 +1156,6 @@ ep0_write (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1234 } else 1156 } else
1235 DBG (dev, "fail %s, state %d\n", __func__, dev->state); 1157 DBG (dev, "fail %s, state %d\n", __func__, dev->state);
1236 1158
1237 spin_unlock_irq (&dev->lock);
1238 return retval; 1159 return retval;
1239} 1160}
1240 1161
@@ -1281,6 +1202,9 @@ ep0_poll (struct file *fd, poll_table *wait)
1281 struct dev_data *dev = fd->private_data; 1202 struct dev_data *dev = fd->private_data;
1282 int mask = 0; 1203 int mask = 0;
1283 1204
1205 if (dev->state <= STATE_DEV_OPENED)
1206 return DEFAULT_POLLMASK;
1207
1284 poll_wait(fd, &dev->wait, wait); 1208 poll_wait(fd, &dev->wait, wait);
1285 1209
1286 spin_lock_irq (&dev->lock); 1210 spin_lock_irq (&dev->lock);
@@ -1316,19 +1240,6 @@ static long dev_ioctl (struct file *fd, unsigned code, unsigned long value)
1316 return ret; 1240 return ret;
1317} 1241}
1318 1242
1319/* used after device configuration */
1320static const struct file_operations ep0_io_operations = {
1321 .owner = THIS_MODULE,
1322 .llseek = no_llseek,
1323
1324 .read = ep0_read,
1325 .write = ep0_write,
1326 .fasync = ep0_fasync,
1327 .poll = ep0_poll,
1328 .unlocked_ioctl = dev_ioctl,
1329 .release = dev_release,
1330};
1331
1332/*----------------------------------------------------------------------*/ 1243/*----------------------------------------------------------------------*/
1333 1244
1334/* The in-kernel gadget driver handles most ep0 issues, in particular 1245/* The in-kernel gadget driver handles most ep0 issues, in particular
@@ -1650,7 +1561,7 @@ static int activate_ep_files (struct dev_data *dev)
1650 goto enomem1; 1561 goto enomem1;
1651 1562
1652 data->dentry = gadgetfs_create_file (dev->sb, data->name, 1563 data->dentry = gadgetfs_create_file (dev->sb, data->name,
1653 data, &ep_config_operations); 1564 data, &ep_io_operations);
1654 if (!data->dentry) 1565 if (!data->dentry)
1655 goto enomem2; 1566 goto enomem2;
1656 list_add_tail (&data->epfiles, &dev->epfiles); 1567 list_add_tail (&data->epfiles, &dev->epfiles);
@@ -1852,6 +1763,14 @@ dev_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1852 u32 tag; 1763 u32 tag;
1853 char *kbuf; 1764 char *kbuf;
1854 1765
1766 spin_lock_irq(&dev->lock);
1767 if (dev->state > STATE_DEV_OPENED) {
1768 value = ep0_write(fd, buf, len, ptr);
1769 spin_unlock_irq(&dev->lock);
1770 return value;
1771 }
1772 spin_unlock_irq(&dev->lock);
1773
1855 if (len < (USB_DT_CONFIG_SIZE + USB_DT_DEVICE_SIZE + 4)) 1774 if (len < (USB_DT_CONFIG_SIZE + USB_DT_DEVICE_SIZE + 4))
1856 return -EINVAL; 1775 return -EINVAL;
1857 1776
@@ -1925,7 +1844,6 @@ dev_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
1925 * on, they can work ... except in cleanup paths that 1844 * on, they can work ... except in cleanup paths that
1926 * kick in after the ep0 descriptor is closed. 1845 * kick in after the ep0 descriptor is closed.
1927 */ 1846 */
1928 fd->f_op = &ep0_io_operations;
1929 value = len; 1847 value = len;
1930 } 1848 }
1931 return value; 1849 return value;
@@ -1956,12 +1874,14 @@ dev_open (struct inode *inode, struct file *fd)
1956 return value; 1874 return value;
1957} 1875}
1958 1876
1959static const struct file_operations dev_init_operations = { 1877static const struct file_operations ep0_operations = {
1960 .llseek = no_llseek, 1878 .llseek = no_llseek,
1961 1879
1962 .open = dev_open, 1880 .open = dev_open,
1881 .read = ep0_read,
1963 .write = dev_config, 1882 .write = dev_config,
1964 .fasync = ep0_fasync, 1883 .fasync = ep0_fasync,
1884 .poll = ep0_poll,
1965 .unlocked_ioctl = dev_ioctl, 1885 .unlocked_ioctl = dev_ioctl,
1966 .release = dev_release, 1886 .release = dev_release,
1967}; 1887};
@@ -2077,7 +1997,7 @@ gadgetfs_fill_super (struct super_block *sb, void *opts, int silent)
2077 goto Enomem; 1997 goto Enomem;
2078 1998
2079 dev->sb = sb; 1999 dev->sb = sb;
2080 dev->dentry = gadgetfs_create_file(sb, CHIP, dev, &dev_init_operations); 2000 dev->dentry = gadgetfs_create_file(sb, CHIP, dev, &ep0_operations);
2081 if (!dev->dentry) { 2001 if (!dev->dentry) {
2082 put_dev(dev); 2002 put_dev(dev);
2083 goto Enomem; 2003 goto Enomem;
diff --git a/include/linux/uio.h b/include/linux/uio.h
index 07a022641996..71880299ed48 100644
--- a/include/linux/uio.h
+++ b/include/linux/uio.h
@@ -98,6 +98,8 @@ ssize_t iov_iter_get_pages_alloc(struct iov_iter *i, struct page ***pages,
98 size_t maxsize, size_t *start); 98 size_t maxsize, size_t *start);
99int iov_iter_npages(const struct iov_iter *i, int maxpages); 99int iov_iter_npages(const struct iov_iter *i, int maxpages);
100 100
101const void *dup_iter(struct iov_iter *new, struct iov_iter *old, gfp_t flags);
102
101static inline size_t iov_iter_count(struct iov_iter *i) 103static inline size_t iov_iter_count(struct iov_iter *i)
102{ 104{
103 return i->count; 105 return i->count;
diff --git a/lib/Makefile b/lib/Makefile
index 87eb3bffc283..58f74d2dd396 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -24,7 +24,7 @@ obj-y += lockref.o
24 24
25obj-y += bcd.o div64.o sort.o parser.o halfmd4.o debug_locks.o random32.o \ 25obj-y += bcd.o div64.o sort.o parser.o halfmd4.o debug_locks.o random32.o \
26 bust_spinlocks.o kasprintf.o bitmap.o scatterlist.o \ 26 bust_spinlocks.o kasprintf.o bitmap.o scatterlist.o \
27 gcd.o lcm.o list_sort.o uuid.o flex_array.o clz_ctz.o \ 27 gcd.o lcm.o list_sort.o uuid.o flex_array.o iov_iter.o clz_ctz.o \
28 bsearch.o find_last_bit.o find_next_bit.o llist.o memweight.o kfifo.o \ 28 bsearch.o find_last_bit.o find_next_bit.o llist.o memweight.o kfifo.o \
29 percpu-refcount.o percpu_ida.o rhashtable.o reciprocal_div.o 29 percpu-refcount.o percpu_ida.o rhashtable.o reciprocal_div.o
30obj-y += string_helpers.o 30obj-y += string_helpers.o
diff --git a/mm/iov_iter.c b/lib/iov_iter.c
index 827732047da1..9d96e283520c 100644
--- a/mm/iov_iter.c
+++ b/lib/iov_iter.c
@@ -751,3 +751,18 @@ int iov_iter_npages(const struct iov_iter *i, int maxpages)
751 return npages; 751 return npages;
752} 752}
753EXPORT_SYMBOL(iov_iter_npages); 753EXPORT_SYMBOL(iov_iter_npages);
754
755const void *dup_iter(struct iov_iter *new, struct iov_iter *old, gfp_t flags)
756{
757 *new = *old;
758 if (new->type & ITER_BVEC)
759 return new->bvec = kmemdup(new->bvec,
760 new->nr_segs * sizeof(struct bio_vec),
761 flags);
762 else
763 /* iovec and kvec have identical layout */
764 return new->iov = kmemdup(new->iov,
765 new->nr_segs * sizeof(struct iovec),
766 flags);
767}
768EXPORT_SYMBOL(dup_iter);
diff --git a/mm/Makefile b/mm/Makefile
index 3c1caa2693bd..15dbe9903c27 100644
--- a/mm/Makefile
+++ b/mm/Makefile
@@ -21,7 +21,7 @@ obj-y := filemap.o mempool.o oom_kill.o \
21 mm_init.o mmu_context.o percpu.o slab_common.o \ 21 mm_init.o mmu_context.o percpu.o slab_common.o \
22 compaction.o vmacache.o \ 22 compaction.o vmacache.o \
23 interval_tree.o list_lru.o workingset.o \ 23 interval_tree.o list_lru.o workingset.o \
24 iov_iter.o debug.o $(mmu-y) 24 debug.o $(mmu-y)
25 25
26obj-y += init-mm.o 26obj-y += init-mm.o
27 27
generated by cgit v1.2.2 (git 2.25.0) at 2025-12-29 02:35:13 -0500