@@ -909,6 +909,10 @@ ep0_read (struct file *fd, char __user *buf, size_t len, loff_t *ptr)
909909 enum ep0_state state ;
910910
911911 spin_lock_irq (& dev -> lock );
912+ if (dev -> state <= STATE_DEV_OPENED ) {
913+ retval = - EINVAL ;
914+ goto done ;
915+ }
912916
913917 /* report fd mode change before acting on it */
914918 if (dev -> setup_abort ) {
@@ -1107,8 +1111,6 @@ ep0_write (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
11071111 struct dev_data * dev = fd -> private_data ;
11081112 ssize_t retval = - ESRCH ;
11091113
1110- spin_lock_irq (& dev -> lock );
1111-
11121114 /* report fd mode change before acting on it */
11131115 if (dev -> setup_abort ) {
11141116 dev -> setup_abort = 0 ;
@@ -1154,7 +1156,6 @@ ep0_write (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
11541156 } else
11551157 DBG (dev , "fail %s, state %d\n" , __func__ , dev -> state );
11561158
1157- spin_unlock_irq (& dev -> lock );
11581159 return retval ;
11591160}
11601161
@@ -1201,6 +1202,9 @@ ep0_poll (struct file *fd, poll_table *wait)
12011202 struct dev_data * dev = fd -> private_data ;
12021203 int mask = 0 ;
12031204
1205+ if (dev -> state <= STATE_DEV_OPENED )
1206+ return DEFAULT_POLLMASK ;
1207+
12041208 poll_wait (fd , & dev -> wait , wait );
12051209
12061210 spin_lock_irq (& dev -> lock );
@@ -1236,19 +1240,6 @@ static long dev_ioctl (struct file *fd, unsigned code, unsigned long value)
12361240 return ret ;
12371241}
12381242
1239- /* used after device configuration */
1240- static const struct file_operations ep0_io_operations = {
1241- .owner = THIS_MODULE ,
1242- .llseek = no_llseek ,
1243-
1244- .read = ep0_read ,
1245- .write = ep0_write ,
1246- .fasync = ep0_fasync ,
1247- .poll = ep0_poll ,
1248- .unlocked_ioctl = dev_ioctl ,
1249- .release = dev_release ,
1250- };
1251-
12521243/*----------------------------------------------------------------------*/
12531244
12541245/* The in-kernel gadget driver handles most ep0 issues, in particular
@@ -1772,6 +1763,14 @@ dev_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
17721763 u32 tag ;
17731764 char * kbuf ;
17741765
1766+ spin_lock_irq (& dev -> lock );
1767+ if (dev -> state > STATE_DEV_OPENED ) {
1768+ value = ep0_write (fd , buf , len , ptr );
1769+ spin_unlock_irq (& dev -> lock );
1770+ return value ;
1771+ }
1772+ spin_unlock_irq (& dev -> lock );
1773+
17751774 if (len < (USB_DT_CONFIG_SIZE + USB_DT_DEVICE_SIZE + 4 ))
17761775 return - EINVAL ;
17771776
@@ -1845,7 +1844,6 @@ dev_config (struct file *fd, const char __user *buf, size_t len, loff_t *ptr)
18451844 * on, they can work ... except in cleanup paths that
18461845 * kick in after the ep0 descriptor is closed.
18471846 */
1848- fd -> f_op = & ep0_io_operations ;
18491847 value = len ;
18501848 }
18511849 return value ;
@@ -1876,12 +1874,14 @@ dev_open (struct inode *inode, struct file *fd)
18761874 return value ;
18771875}
18781876
1879- static const struct file_operations dev_init_operations = {
1877+ static const struct file_operations ep0_operations = {
18801878 .llseek = no_llseek ,
18811879
18821880 .open = dev_open ,
1881+ .read = ep0_read ,
18831882 .write = dev_config ,
18841883 .fasync = ep0_fasync ,
1884+ .poll = ep0_poll ,
18851885 .unlocked_ioctl = dev_ioctl ,
18861886 .release = dev_release ,
18871887};
@@ -1997,7 +1997,7 @@ gadgetfs_fill_super (struct super_block *sb, void *opts, int silent)
19971997 goto Enomem ;
19981998
19991999 dev -> sb = sb ;
2000- dev -> dentry = gadgetfs_create_file (sb , CHIP , dev , & dev_init_operations );
2000+ dev -> dentry = gadgetfs_create_file (sb , CHIP , dev , & ep0_operations );
20012001 if (!dev -> dentry ) {
20022002 put_dev (dev );
20032003 goto Enomem ;
0 commit comments