Commit 76a2f047 authored by Linus Torvalds's avatar Linus Torvalds

Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
  [TCP]: Fix iov_len calculation in tcp_v4_send_ack().
  [NETFILTER]: nf_conntrack_netbios_ns: fix uninitialized member in expectation
  [TG3]: Add PHY workaround for 5755M.
  [BNX2]: Update version and reldate.
  [BNX2]: Fix bug in bnx2_nvram_write().
  [BNX2]: Fix 5709 Serdes detection.
  [BNX2]: Don't apply CRC PHY workaround to 5709.
  NetLabel: correct CIPSO tag handling when adding new DOI definitions
  NetLabel: correct locking in selinux_netlbl_socket_setsid()
  [Bluetooth] Correct SCO buffer for Broadcom based Dell laptops
  [Bluetooth] Correct SCO buffer for Broadcom based HP laptops
  [Bluetooth] Correct SCO buffer size for another ThinkPad laptop
  [Bluetooth] Handle device registration failures
  [Bluetooth] Fix uninitialized return value for RFCOMM sendmsg()
  [Bluetooth] More checks if DLC is still attached to the TTY
  [Bluetooth] Add packet size checks for CAPI messages
  [X25]: Trivial, SOCK_DEBUG's in x25_facilities missing newlines
  [INET]: Fix incorrect "inet_sock->is_icsk" assignment.
parents 97bee8e2 cb48cfe8
...@@ -117,10 +117,17 @@ static struct usb_device_id blacklist_ids[] = { ...@@ -117,10 +117,17 @@ static struct usb_device_id blacklist_ids[] = {
/* IBM/Lenovo ThinkPad with Broadcom chip */ /* IBM/Lenovo ThinkPad with Broadcom chip */
{ USB_DEVICE(0x0a5c, 0x201e), .driver_info = HCI_WRONG_SCO_MTU }, { USB_DEVICE(0x0a5c, 0x201e), .driver_info = HCI_WRONG_SCO_MTU },
{ USB_DEVICE(0x0a5c, 0x2110), .driver_info = HCI_WRONG_SCO_MTU },
/* ANYCOM Bluetooth USB-200 and USB-250 */ /* ANYCOM Bluetooth USB-200 and USB-250 */
{ USB_DEVICE(0x0a5c, 0x2111), .driver_info = HCI_RESET }, { USB_DEVICE(0x0a5c, 0x2111), .driver_info = HCI_RESET },
/* HP laptop with Broadcom chip */
{ USB_DEVICE(0x03f0, 0x171d), .driver_info = HCI_WRONG_SCO_MTU },
/* Dell laptop with Broadcom chip */
{ USB_DEVICE(0x413c, 0x8126), .driver_info = HCI_WRONG_SCO_MTU },
/* Microsoft Wireless Transceiver for Bluetooth 2.0 */ /* Microsoft Wireless Transceiver for Bluetooth 2.0 */
{ USB_DEVICE(0x045e, 0x009c), .driver_info = HCI_RESET }, { USB_DEVICE(0x045e, 0x009c), .driver_info = HCI_RESET },
......
...@@ -57,8 +57,8 @@ ...@@ -57,8 +57,8 @@
#define DRV_MODULE_NAME "bnx2" #define DRV_MODULE_NAME "bnx2"
#define PFX DRV_MODULE_NAME ": " #define PFX DRV_MODULE_NAME ": "
#define DRV_MODULE_VERSION "1.5.2" #define DRV_MODULE_VERSION "1.5.3"
#define DRV_MODULE_RELDATE "December 13, 2006" #define DRV_MODULE_RELDATE "January 8, 2007"
#define RUN_AT(x) (jiffies + (x)) #define RUN_AT(x) (jiffies + (x))
...@@ -1345,8 +1345,6 @@ bnx2_init_copper_phy(struct bnx2 *bp) ...@@ -1345,8 +1345,6 @@ bnx2_init_copper_phy(struct bnx2 *bp)
{ {
u32 val; u32 val;
bp->phy_flags |= PHY_CRC_FIX_FLAG;
if (bp->phy_flags & PHY_CRC_FIX_FLAG) { if (bp->phy_flags & PHY_CRC_FIX_FLAG) {
bnx2_write_phy(bp, 0x18, 0x0c00); bnx2_write_phy(bp, 0x18, 0x0c00);
bnx2_write_phy(bp, 0x17, 0x000a); bnx2_write_phy(bp, 0x17, 0x000a);
...@@ -3085,7 +3083,7 @@ bnx2_nvram_write(struct bnx2 *bp, u32 offset, u8 *data_buf, ...@@ -3085,7 +3083,7 @@ bnx2_nvram_write(struct bnx2 *bp, u32 offset, u8 *data_buf,
int buf_size) int buf_size)
{ {
u32 written, offset32, len32; u32 written, offset32, len32;
u8 *buf, start[4], end[4], *flash_buffer = NULL; u8 *buf, start[4], end[4], *align_buf = NULL, *flash_buffer = NULL;
int rc = 0; int rc = 0;
int align_start, align_end; int align_start, align_end;
...@@ -3113,16 +3111,17 @@ bnx2_nvram_write(struct bnx2 *bp, u32 offset, u8 *data_buf, ...@@ -3113,16 +3111,17 @@ bnx2_nvram_write(struct bnx2 *bp, u32 offset, u8 *data_buf,
} }
if (align_start || align_end) { if (align_start || align_end) {
buf = kmalloc(len32, GFP_KERNEL); align_buf = kmalloc(len32, GFP_KERNEL);
if (buf == NULL) if (align_buf == NULL)
return -ENOMEM; return -ENOMEM;
if (align_start) { if (align_start) {
memcpy(buf, start, 4); memcpy(align_buf, start, 4);
} }
if (align_end) { if (align_end) {
memcpy(buf + len32 - 4, end, 4); memcpy(align_buf + len32 - 4, end, 4);
} }
memcpy(buf + align_start, data_buf, buf_size); memcpy(align_buf + align_start, data_buf, buf_size);
buf = align_buf;
} }
if (bp->flash_info->buffered == 0) { if (bp->flash_info->buffered == 0) {
...@@ -3256,11 +3255,8 @@ bnx2_nvram_write(struct bnx2 *bp, u32 offset, u8 *data_buf, ...@@ -3256,11 +3255,8 @@ bnx2_nvram_write(struct bnx2 *bp, u32 offset, u8 *data_buf,
} }
nvram_write_end: nvram_write_end:
if (bp->flash_info->buffered == 0) kfree(flash_buffer);
kfree(flash_buffer); kfree(align_buf);
if (align_start || align_end)
kfree(buf);
return rc; return rc;
} }
...@@ -5645,6 +5641,44 @@ poll_bnx2(struct net_device *dev) ...@@ -5645,6 +5641,44 @@ poll_bnx2(struct net_device *dev)
} }
#endif #endif
static void __devinit
bnx2_get_5709_media(struct bnx2 *bp)
{
u32 val = REG_RD(bp, BNX2_MISC_DUAL_MEDIA_CTRL);
u32 bond_id = val & BNX2_MISC_DUAL_MEDIA_CTRL_BOND_ID;
u32 strap;
if (bond_id == BNX2_MISC_DUAL_MEDIA_CTRL_BOND_ID_C)
return;
else if (bond_id == BNX2_MISC_DUAL_MEDIA_CTRL_BOND_ID_S) {
bp->phy_flags |= PHY_SERDES_FLAG;
return;
}
if (val & BNX2_MISC_DUAL_MEDIA_CTRL_STRAP_OVERRIDE)
strap = (val & BNX2_MISC_DUAL_MEDIA_CTRL_PHY_CTRL) >> 21;
else
strap = (val & BNX2_MISC_DUAL_MEDIA_CTRL_PHY_CTRL_STRAP) >> 8;
if (PCI_FUNC(bp->pdev->devfn) == 0) {
switch (strap) {
case 0x4:
case 0x5:
case 0x6:
bp->phy_flags |= PHY_SERDES_FLAG;
return;
}
} else {
switch (strap) {
case 0x1:
case 0x2:
case 0x4:
bp->phy_flags |= PHY_SERDES_FLAG;
return;
}
}
}
static int __devinit static int __devinit
bnx2_init_board(struct pci_dev *pdev, struct net_device *dev) bnx2_init_board(struct pci_dev *pdev, struct net_device *dev)
{ {
...@@ -5865,10 +5899,9 @@ bnx2_init_board(struct pci_dev *pdev, struct net_device *dev) ...@@ -5865,10 +5899,9 @@ bnx2_init_board(struct pci_dev *pdev, struct net_device *dev)
bp->phy_addr = 1; bp->phy_addr = 1;
/* Disable WOL support if we are running on a SERDES chip. */ /* Disable WOL support if we are running on a SERDES chip. */
if (CHIP_NUM(bp) == CHIP_NUM_5709) { if (CHIP_NUM(bp) == CHIP_NUM_5709)
if (CHIP_BOND_ID(bp) != BNX2_MISC_DUAL_MEDIA_CTRL_BOND_ID_C) bnx2_get_5709_media(bp);
bp->phy_flags |= PHY_SERDES_FLAG; else if (CHIP_BOND_ID(bp) & CHIP_BOND_ID_SERDES_BIT)
} else if (CHIP_BOND_ID(bp) & CHIP_BOND_ID_SERDES_BIT)
bp->phy_flags |= PHY_SERDES_FLAG; bp->phy_flags |= PHY_SERDES_FLAG;
if (bp->phy_flags & PHY_SERDES_FLAG) { if (bp->phy_flags & PHY_SERDES_FLAG) {
...@@ -5880,7 +5913,9 @@ bnx2_init_board(struct pci_dev *pdev, struct net_device *dev) ...@@ -5880,7 +5913,9 @@ bnx2_init_board(struct pci_dev *pdev, struct net_device *dev)
if (reg & BNX2_SHARED_HW_CFG_PHY_2_5G) if (reg & BNX2_SHARED_HW_CFG_PHY_2_5G)
bp->phy_flags |= PHY_2_5G_CAPABLE_FLAG; bp->phy_flags |= PHY_2_5G_CAPABLE_FLAG;
} }
} } else if (CHIP_NUM(bp) == CHIP_NUM_5706 ||
CHIP_NUM(bp) == CHIP_NUM_5708)
bp->phy_flags |= PHY_CRC_FIX_FLAG;
if ((CHIP_ID(bp) == CHIP_ID_5708_A0) || if ((CHIP_ID(bp) == CHIP_ID_5708_A0) ||
(CHIP_ID(bp) == CHIP_ID_5708_B0) || (CHIP_ID(bp) == CHIP_ID_5708_B0) ||
......
...@@ -68,8 +68,8 @@ ...@@ -68,8 +68,8 @@
#define DRV_MODULE_NAME "tg3" #define DRV_MODULE_NAME "tg3"
#define PFX DRV_MODULE_NAME ": " #define PFX DRV_MODULE_NAME ": "
#define DRV_MODULE_VERSION "3.71" #define DRV_MODULE_VERSION "3.72"
#define DRV_MODULE_RELDATE "December 15, 2006" #define DRV_MODULE_RELDATE "January 8, 2007"
#define TG3_DEF_MAC_MODE 0 #define TG3_DEF_MAC_MODE 0
#define TG3_DEF_RX_MODE 0 #define TG3_DEF_RX_MODE 0
...@@ -1015,7 +1015,12 @@ static int tg3_phy_reset(struct tg3 *tp) ...@@ -1015,7 +1015,12 @@ static int tg3_phy_reset(struct tg3 *tp)
else if (tp->tg3_flags2 & TG3_FLG2_PHY_JITTER_BUG) { else if (tp->tg3_flags2 & TG3_FLG2_PHY_JITTER_BUG) {
tg3_writephy(tp, MII_TG3_AUX_CTRL, 0x0c00); tg3_writephy(tp, MII_TG3_AUX_CTRL, 0x0c00);
tg3_writephy(tp, MII_TG3_DSP_ADDRESS, 0x000a); tg3_writephy(tp, MII_TG3_DSP_ADDRESS, 0x000a);
tg3_writephy(tp, MII_TG3_DSP_RW_PORT, 0x010b); if (tp->tg3_flags2 & TG3_FLG2_PHY_ADJUST_TRIM) {
tg3_writephy(tp, MII_TG3_DSP_RW_PORT, 0x110b);
tg3_writephy(tp, MII_TG3_TEST1,
MII_TG3_TEST1_TRIM_EN | 0x4);
} else
tg3_writephy(tp, MII_TG3_DSP_RW_PORT, 0x010b);
tg3_writephy(tp, MII_TG3_AUX_CTRL, 0x0400); tg3_writephy(tp, MII_TG3_AUX_CTRL, 0x0400);
} }
/* Set Extended packet length bit (bit 14) on all chips that */ /* Set Extended packet length bit (bit 14) on all chips that */
...@@ -10803,9 +10808,11 @@ static int __devinit tg3_get_invariants(struct tg3 *tp) ...@@ -10803,9 +10808,11 @@ static int __devinit tg3_get_invariants(struct tg3 *tp)
if (tp->tg3_flags2 & TG3_FLG2_5705_PLUS) { if (tp->tg3_flags2 & TG3_FLG2_5705_PLUS) {
if (GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5755 || if (GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5755 ||
GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5787) GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5787) {
tp->tg3_flags2 |= TG3_FLG2_PHY_JITTER_BUG; tp->tg3_flags2 |= TG3_FLG2_PHY_JITTER_BUG;
else if (GET_ASIC_REV(tp->pci_chip_rev_id) != ASIC_REV_5906) if (tp->pdev->device == PCI_DEVICE_ID_TIGON3_5755M)
tp->tg3_flags2 |= TG3_FLG2_PHY_ADJUST_TRIM;
} else if (GET_ASIC_REV(tp->pci_chip_rev_id) != ASIC_REV_5906)
tp->tg3_flags2 |= TG3_FLG2_PHY_BER_BUG; tp->tg3_flags2 |= TG3_FLG2_PHY_BER_BUG;
} }
......
...@@ -1658,6 +1658,9 @@ ...@@ -1658,6 +1658,9 @@
#define MII_TG3_EPHY_TEST 0x1f /* 5906 PHY register */ #define MII_TG3_EPHY_TEST 0x1f /* 5906 PHY register */
#define MII_TG3_EPHY_SHADOW_EN 0x80 #define MII_TG3_EPHY_SHADOW_EN 0x80
#define MII_TG3_TEST1 0x1e
#define MII_TG3_TEST1_TRIM_EN 0x0010
/* There are two ways to manage the TX descriptors on the tigon3. /* There are two ways to manage the TX descriptors on the tigon3.
* Either the descriptors are in host DMA'able memory, or they * Either the descriptors are in host DMA'able memory, or they
* exist only in the cards on-chip SRAM. All 16 send bds are under * exist only in the cards on-chip SRAM. All 16 send bds are under
...@@ -2256,6 +2259,7 @@ struct tg3 { ...@@ -2256,6 +2259,7 @@ struct tg3 {
#define TG3_FLG2_1SHOT_MSI 0x10000000 #define TG3_FLG2_1SHOT_MSI 0x10000000
#define TG3_FLG2_PHY_JITTER_BUG 0x20000000 #define TG3_FLG2_PHY_JITTER_BUG 0x20000000
#define TG3_FLG2_NO_FWARE_REPORTED 0x40000000 #define TG3_FLG2_NO_FWARE_REPORTED 0x40000000
#define TG3_FLG2_PHY_ADJUST_TRIM 0x80000000
u32 split_mode_max_reqs; u32 split_mode_max_reqs;
#define SPLIT_MODE_5704_MAX_REQ 3 #define SPLIT_MODE_5704_MAX_REQ 3
......
...@@ -196,6 +196,9 @@ static void cmtp_recv_interopmsg(struct cmtp_session *session, struct sk_buff *s ...@@ -196,6 +196,9 @@ static void cmtp_recv_interopmsg(struct cmtp_session *session, struct sk_buff *s
switch (CAPIMSG_SUBCOMMAND(skb->data)) { switch (CAPIMSG_SUBCOMMAND(skb->data)) {
case CAPI_CONF: case CAPI_CONF:
if (skb->len < CAPI_MSG_BASELEN + 10)
break;
func = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 5); func = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 5);
info = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 8); info = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 8);
...@@ -226,6 +229,9 @@ static void cmtp_recv_interopmsg(struct cmtp_session *session, struct sk_buff *s ...@@ -226,6 +229,9 @@ static void cmtp_recv_interopmsg(struct cmtp_session *session, struct sk_buff *s
break; break;
case CAPI_FUNCTION_GET_PROFILE: case CAPI_FUNCTION_GET_PROFILE:
if (skb->len < CAPI_MSG_BASELEN + 11 + sizeof(capi_profile))
break;
controller = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 11); controller = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 11);
msgnum = CAPIMSG_MSGID(skb->data); msgnum = CAPIMSG_MSGID(skb->data);
...@@ -246,17 +252,26 @@ static void cmtp_recv_interopmsg(struct cmtp_session *session, struct sk_buff *s ...@@ -246,17 +252,26 @@ static void cmtp_recv_interopmsg(struct cmtp_session *session, struct sk_buff *s
break; break;
case CAPI_FUNCTION_GET_MANUFACTURER: case CAPI_FUNCTION_GET_MANUFACTURER:
if (skb->len < CAPI_MSG_BASELEN + 15)
break;
controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 10); controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 10);
if (!info && ctrl) { if (!info && ctrl) {
int len = min_t(uint, CAPI_MANUFACTURER_LEN,
skb->data[CAPI_MSG_BASELEN + 14]);
memset(ctrl->manu, 0, CAPI_MANUFACTURER_LEN);
strncpy(ctrl->manu, strncpy(ctrl->manu,
skb->data + CAPI_MSG_BASELEN + 15, skb->data + CAPI_MSG_BASELEN + 15, len);
skb->data[CAPI_MSG_BASELEN + 14]);
} }
break; break;
case CAPI_FUNCTION_GET_VERSION: case CAPI_FUNCTION_GET_VERSION:
if (skb->len < CAPI_MSG_BASELEN + 32)
break;
controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 12); controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 12);
if (!info && ctrl) { if (!info && ctrl) {
...@@ -269,13 +284,18 @@ static void cmtp_recv_interopmsg(struct cmtp_session *session, struct sk_buff *s ...@@ -269,13 +284,18 @@ static void cmtp_recv_interopmsg(struct cmtp_session *session, struct sk_buff *s
break; break;
case CAPI_FUNCTION_GET_SERIAL_NUMBER: case CAPI_FUNCTION_GET_SERIAL_NUMBER:
if (skb->len < CAPI_MSG_BASELEN + 17)
break;
controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 12); controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 12);
if (!info && ctrl) { if (!info && ctrl) {
int len = min_t(uint, CAPI_SERIAL_LEN,
skb->data[CAPI_MSG_BASELEN + 16]);
memset(ctrl->serial, 0, CAPI_SERIAL_LEN); memset(ctrl->serial, 0, CAPI_SERIAL_LEN);
strncpy(ctrl->serial, strncpy(ctrl->serial,
skb->data + CAPI_MSG_BASELEN + 17, skb->data + CAPI_MSG_BASELEN + 17, len);
skb->data[CAPI_MSG_BASELEN + 16]);
} }
break; break;
...@@ -284,14 +304,18 @@ static void cmtp_recv_interopmsg(struct cmtp_session *session, struct sk_buff *s ...@@ -284,14 +304,18 @@ static void cmtp_recv_interopmsg(struct cmtp_session *session, struct sk_buff *s
break; break;
case CAPI_IND: case CAPI_IND:
if (skb->len < CAPI_MSG_BASELEN + 6)
break;
func = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 3); func = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 3);
if (func == CAPI_FUNCTION_LOOPBACK) { if (func == CAPI_FUNCTION_LOOPBACK) {
int len = min_t(uint, skb->len - CAPI_MSG_BASELEN - 6,
skb->data[CAPI_MSG_BASELEN + 5]);
appl = CAPIMSG_APPID(skb->data); appl = CAPIMSG_APPID(skb->data);
msgnum = CAPIMSG_MSGID(skb->data); msgnum = CAPIMSG_MSGID(skb->data);
cmtp_send_interopmsg(session, CAPI_RESP, appl, msgnum, func, cmtp_send_interopmsg(session, CAPI_RESP, appl, msgnum, func,
skb->data + CAPI_MSG_BASELEN + 6, skb->data + CAPI_MSG_BASELEN + 6, len);
skb->data[CAPI_MSG_BASELEN + 5]);
} }
break; break;
...@@ -309,6 +333,9 @@ void cmtp_recv_capimsg(struct cmtp_session *session, struct sk_buff *skb) ...@@ -309,6 +333,9 @@ void cmtp_recv_capimsg(struct cmtp_session *session, struct sk_buff *skb)
BT_DBG("session %p skb %p len %d", session, skb, skb->len); BT_DBG("session %p skb %p len %d", session, skb, skb->len);
if (skb->len < CAPI_MSG_BASELEN)
return;
if (CAPIMSG_COMMAND(skb->data) == CAPI_INTEROPERABILITY) { if (CAPIMSG_COMMAND(skb->data) == CAPI_INTEROPERABILITY) {
cmtp_recv_interopmsg(session, skb); cmtp_recv_interopmsg(session, skb);
return; return;
......
...@@ -242,7 +242,7 @@ static void add_conn(struct work_struct *work) ...@@ -242,7 +242,7 @@ static void add_conn(struct work_struct *work)
struct hci_conn *conn = container_of(work, struct hci_conn, work); struct hci_conn *conn = container_of(work, struct hci_conn, work);
int i; int i;
if (device_register(&conn->dev) < 0) { if (device_add(&conn->dev) < 0) {
BT_ERR("Failed to register connection device"); BT_ERR("Failed to register connection device");
return; return;
} }
...@@ -272,6 +272,8 @@ void hci_conn_add_sysfs(struct hci_conn *conn) ...@@ -272,6 +272,8 @@ void hci_conn_add_sysfs(struct hci_conn *conn)
dev_set_drvdata(&conn->dev, conn); dev_set_drvdata(&conn->dev, conn);
device_initialize(&conn->dev);
INIT_WORK(&conn->work, add_conn); INIT_WORK(&conn->work, add_conn);
schedule_work(&conn->work); schedule_work(&conn->work);
...@@ -287,6 +289,9 @@ void hci_conn_del_sysfs(struct hci_conn *conn) ...@@ -287,6 +289,9 @@ void hci_conn_del_sysfs(struct hci_conn *conn)
{ {
BT_DBG("conn %p", conn); BT_DBG("conn %p", conn);
if (!device_is_registered(&conn->dev))
return;
INIT_WORK(&conn->work, del_conn); INIT_WORK(&conn->work, del_conn);
schedule_work(&conn->work); schedule_work(&conn->work);
......
...@@ -557,7 +557,6 @@ static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, ...@@ -557,7 +557,6 @@ static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
struct sock *sk = sock->sk; struct sock *sk = sock->sk;
struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
struct sk_buff *skb; struct sk_buff *skb;
int err;
int sent = 0; int sent = 0;
if (msg->msg_flags & MSG_OOB) if (msg->msg_flags & MSG_OOB)
...@@ -572,6 +571,7 @@ static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, ...@@ -572,6 +571,7 @@ static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
while (len) { while (len) {
size_t size = min_t(size_t, len, d->mtu); size_t size = min_t(size_t, len, d->mtu);
int err;
skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
msg->msg_flags & MSG_DONTWAIT, &err); msg->msg_flags & MSG_DONTWAIT, &err);
...@@ -582,13 +582,16 @@ static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, ...@@ -582,13 +582,16 @@ static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
if (err) { if (err) {
kfree_skb(skb); kfree_skb(skb);
sent = err; if (sent == 0)
sent = err;
break; break;
} }
err = rfcomm_dlc_send(d, skb); err = rfcomm_dlc_send(d, skb);
if (err < 0) { if (err < 0) {
kfree_skb(skb); kfree_skb(skb);
if (sent == 0)
sent = err;
break; break;
} }
...@@ -598,7 +601,7 @@ static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, ...@@ -598,7 +601,7 @@ static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
release_sock(sk); release_sock(sk);
return sent ? sent : err; return sent;
} }
static long rfcomm_sock_data_wait(struct sock *sk, long timeo) static long rfcomm_sock_data_wait(struct sock *sk, long timeo)
......
...@@ -697,9 +697,13 @@ static int rfcomm_tty_write_room(struct tty_struct *tty) ...@@ -697,9 +697,13 @@ static int rfcomm_tty_write_room(struct tty_struct *tty)
BT_DBG("tty %p", tty); BT_DBG("tty %p", tty);
if (!dev || !dev->dlc)
return 0;
room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc); room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc);
if (room < 0) if (room < 0)
room = 0; room = 0;
return room; return room;
} }
...@@ -915,12 +919,14 @@ static void rfcomm_tty_unthrottle(struct tty_struct *tty) ...@@ -915,12 +919,14 @@ static void rfcomm_tty_unthrottle(struct tty_struct *tty)
static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty) static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
{ {
struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
struct rfcomm_dlc *dlc = dev->dlc;
BT_DBG("tty %p dev %p", tty, dev); BT_DBG("tty %p dev %p", tty, dev);
if (!skb_queue_empty(&dlc->tx_queue)) if (!dev || !dev->dlc)
return dlc->mtu; return 0;
if (!skb_queue_empty(&dev->dlc->tx_queue))
return dev->dlc->mtu;
return 0; return 0;
} }
...@@ -928,11 +934,12 @@ static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty) ...@@ -928,11 +934,12 @@ static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
static void rfcomm_tty_flush_buffer(struct tty_struct *tty) static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
{ {
struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
if (!dev)
return;
BT_DBG("tty %p dev %p", tty, dev); BT_DBG("tty %p dev %p", tty, dev);
if (!dev || !dev->dlc)
return;
skb_queue_purge(&dev->dlc->tx_queue); skb_queue_purge(&dev->dlc->tx_queue);
if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup) if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup)
...@@ -952,11 +959,12 @@ static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout) ...@@ -952,11 +959,12 @@ static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout)
static void rfcomm_tty_hangup(struct tty_struct *tty) static void rfcomm_tty_hangup(struct tty_struct *tty)
{ {
struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
if (!dev)
return;
BT_DBG("tty %p dev %p", tty, dev); BT_DBG("tty %p dev %p", tty, dev);
if (!dev)
return;
rfcomm_tty_flush_buffer(tty); rfcomm_tty_flush_buffer(tty);
if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags))
......
...@@ -305,7 +305,7 @@ static int inet_create(struct socket *sock, int protocol) ...@@ -305,7 +305,7 @@ static int inet_create(struct socket *sock, int protocol)
sk->sk_reuse = 1; sk->sk_reuse = 1;
inet = inet_sk(sk); inet = inet_sk(sk);
inet->is_icsk = INET_PROTOSW_ICSK & answer_flags; inet->is_icsk = (INET_PROTOSW_ICSK & answer_flags) == INET_PROTOSW_ICSK;
if (SOCK_RAW == sock->type) { if (SOCK_RAW == sock->type) {
inet->num = protocol; inet->num = protocol;
......
...@@ -648,7 +648,7 @@ static void tcp_v4_send_ack(struct tcp_timewait_sock *twsk, ...@@ -648,7 +648,7 @@ static void tcp_v4_send_ack(struct tcp_timewait_sock *twsk,
TCPOLEN_TIMESTAMP); TCPOLEN_TIMESTAMP);
rep.opt[1] = htonl(tcp_time_stamp); rep.opt[1] = htonl(tcp_time_stamp);
rep.opt[2] = htonl(ts); rep.opt[2] = htonl(ts);
arg.iov[0].iov_len = TCPOLEN_TSTAMP_ALIGNED; arg.iov[0].iov_len += TCPOLEN_TSTAMP_ALIGNED;
} }
/* Swap the send and the receive. */ /* Swap the send and the receive. */
......
...@@ -171,7 +171,7 @@ static int inet6_create(struct socket *sock, int protocol) ...@@ -171,7 +171,7 @@ static int inet6_create(struct socket *sock, int protocol)
sk->sk_reuse = 1; sk->sk_reuse = 1;
inet = inet_sk(sk); inet = inet_sk(sk);
inet->is_icsk = INET_PROTOSW_ICSK & answer_flags; inet->is_icsk = (INET_PROTOSW_ICSK & answer_flags) == INET_PROTOSW_ICSK;
if (SOCK_RAW == sock->type) { if (SOCK_RAW == sock->type) {
inet->num = protocol; inet->num = protocol;
......
...@@ -89,6 +89,7 @@ static int help(struct sk_buff **pskb, unsigned int protoff, ...@@ -89,6 +89,7 @@ static int help(struct sk_buff **pskb, unsigned int protoff,
exp->expectfn = NULL; exp->expectfn = NULL;
exp->flags = NF_CT_EXPECT_PERMANENT; exp->flags = NF_CT_EXPECT_PERMANENT;
exp->helper = NULL;
nf_conntrack_expect_related(exp); nf_conntrack_expect_related(exp);
nf_conntrack_expect_put(exp); nf_conntrack_expect_put(exp);
......
...@@ -130,12 +130,12 @@ static int netlbl_cipsov4_add_common(struct genl_info *info, ...@@ -130,12 +130,12 @@ static int netlbl_cipsov4_add_common(struct genl_info *info,
nla_for_each_nested(nla, info->attrs[NLBL_CIPSOV4_A_TAGLST], nla_rem) nla_for_each_nested(nla, info->attrs[NLBL_CIPSOV4_A_TAGLST], nla_rem)
if (nla->nla_type == NLBL_CIPSOV4_A_TAG) { if (nla->nla_type == NLBL_CIPSOV4_A_TAG) {
if (iter > CIPSO_V4_TAG_MAXCNT) if (iter >= CIPSO_V4_TAG_MAXCNT)
return -EINVAL; return -EINVAL;
doi_def->tags[iter++] = nla_get_u8(nla); doi_def->tags[iter++] = nla_get_u8(nla);
} }
if (iter < CIPSO_V4_TAG_MAXCNT) while (iter < CIPSO_V4_TAG_MAXCNT)
doi_def->tags[iter] = CIPSO_V4_TAG_INVALID; doi_def->tags[iter++] = CIPSO_V4_TAG_INVALID;
return 0; return 0;
} }
......
...@@ -254,7 +254,7 @@ int x25_negotiate_facilities(struct sk_buff *skb, struct sock *sk, ...@@ -254,7 +254,7 @@ int x25_negotiate_facilities(struct sk_buff *skb, struct sock *sk,
* They want reverse charging, we won't accept it. * They want reverse charging, we won't accept it.
*/ */
if ((theirs.reverse & 0x01 ) && (ours->reverse & 0x01)) { if ((theirs.reverse & 0x01 ) && (ours->reverse & 0x01)) {
SOCK_DEBUG(sk, "X.25: rejecting reverse charging request"); SOCK_DEBUG(sk, "X.25: rejecting reverse charging request\n");
return -1; return -1;
} }
...@@ -262,29 +262,29 @@ int x25_negotiate_facilities(struct sk_buff *skb, struct sock *sk, ...@@ -262,29 +262,29 @@ int x25_negotiate_facilities(struct sk_buff *skb, struct sock *sk,
if (theirs.throughput) { if (theirs.throughput) {
if (theirs.throughput < ours->throughput) { if (theirs.throughput < ours->throughput) {
SOCK_DEBUG(sk, "X.25: throughput negotiated down"); SOCK_DEBUG(sk, "X.25: throughput negotiated down\n");
new->throughput = theirs.throughput; new->throughput = theirs.throughput;
} }
} }
if (theirs.pacsize_in && theirs.pacsize_out) { if (theirs.pacsize_in && theirs.pacsize_out) {
if (theirs.pacsize_in < ours->pacsize_in) { if (theirs.pacsize_in < ours->pacsize_in) {
SOCK_DEBUG(sk, "X.25: packet size inwards negotiated down"); SOCK_DEBUG(sk, "X.25: packet size inwards negotiated down\n");
new->pacsize_in = theirs.pacsize_in; new->pacsize_in = theirs.pacsize_in;
} }
if (theirs.pacsize_out < ours->pacsize_out) { if (theirs.pacsize_out < ours->pacsize_out) {
SOCK_DEBUG(sk, "X.25: packet size outwards negotiated down"); SOCK_DEBUG(sk, "X.25: packet size outwards negotiated down\n");
new->pacsize_out = theirs.pacsize_out; new->pacsize_out = theirs.pacsize_out;
} }
} }
if (theirs.winsize_in && theirs.winsize_out) { if (theirs.winsize_in && theirs.winsize_out) {
if (theirs.winsize_in < ours->winsize_in) { if (theirs.winsize_in < ours->winsize_in) {
SOCK_DEBUG(sk, "X.25: window size inwards negotiated down"); SOCK_DEBUG(sk, "X.25: window size inwards negotiated down\n");
new->winsize_in = theirs.winsize_in; new->winsize_in = theirs.winsize_in;
} }
if (theirs.winsize_out < ours->winsize_out) { if (theirs.winsize_out < ours->winsize_out) {
SOCK_DEBUG(sk, "X.25: window size outwards negotiated down"); SOCK_DEBUG(sk, "X.25: window size outwards negotiated down\n");
new->winsize_out = theirs.winsize_out; new->winsize_out = theirs.winsize_out;
} }
} }
......
...@@ -2491,9 +2491,9 @@ static int selinux_netlbl_socket_setsid(struct socket *sock, u32 sid) ...@@ -2491,9 +2491,9 @@ static int selinux_netlbl_socket_setsid(struct socket *sock, u32 sid)
rc = netlbl_socket_setattr(sock, &secattr); rc = netlbl_socket_setattr(sock, &secattr);
if (rc == 0) { if (rc == 0) {
spin_lock(&sksec->nlbl_lock); spin_lock_bh(&sksec->nlbl_lock);
sksec->nlbl_state = NLBL_LABELED; sksec->nlbl_state = NLBL_LABELED;
spin_unlock(&sksec->nlbl_lock); spin_unlock_bh(&sksec->nlbl_lock);
} }
netlbl_socket_setsid_return: netlbl_socket_setsid_return:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment