Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[TCP]: Fix iov_len calculation in tcp_v4_send_ack().
[NETFILTER]: nf_conntrack_netbios_ns: fix uninitialized member in expectation
[TG3]: Add PHY workaround for 5755M.
[BNX2]: Update version and reldate.
[BNX2]: Fix bug in bnx2_nvram_write().
[BNX2]: Fix 5709 Serdes detection.
[BNX2]: Don't apply CRC PHY workaround to 5709.
NetLabel: correct CIPSO tag handling when adding new DOI definitions
NetLabel: correct locking in selinux_netlbl_socket_setsid()
[Bluetooth] Correct SCO buffer for Broadcom based Dell laptops
[Bluetooth] Correct SCO buffer for Broadcom based HP laptops
[Bluetooth] Correct SCO buffer size for another ThinkPad laptop
[Bluetooth] Handle device registration failures
[Bluetooth] Fix uninitialized return value for RFCOMM sendmsg()
[Bluetooth] More checks if DLC is still attached to the TTY
[Bluetooth] Add packet size checks for CAPI messages
[X25]: Trivial, SOCK_DEBUG's in x25_facilities missing newlines
[INET]: Fix incorrect "inet_sock->is_icsk" assignment.
+7
drivers/bluetooth/hci_usb.c
+7
drivers/bluetooth/hci_usb.c
···
117
118
/* IBM/Lenovo ThinkPad with Broadcom chip */
119
{ USB_DEVICE(0x0a5c, 0x201e), .driver_info = HCI_WRONG_SCO_MTU },
120
121
/* ANYCOM Bluetooth USB-200 and USB-250 */
122
{ USB_DEVICE(0x0a5c, 0x2111), .driver_info = HCI_RESET },
123
124
/* Microsoft Wireless Transceiver for Bluetooth 2.0 */
125
{ USB_DEVICE(0x045e, 0x009c), .driver_info = HCI_RESET },
···
117
118
/* IBM/Lenovo ThinkPad with Broadcom chip */
119
{ USB_DEVICE(0x0a5c, 0x201e), .driver_info = HCI_WRONG_SCO_MTU },
120
+
{ USB_DEVICE(0x0a5c, 0x2110), .driver_info = HCI_WRONG_SCO_MTU },
121
122
/* ANYCOM Bluetooth USB-200 and USB-250 */
123
{ USB_DEVICE(0x0a5c, 0x2111), .driver_info = HCI_RESET },
124
+
125
+
/* HP laptop with Broadcom chip */
126
+
{ USB_DEVICE(0x03f0, 0x171d), .driver_info = HCI_WRONG_SCO_MTU },
127
+
128
+
/* Dell laptop with Broadcom chip */
129
+
{ USB_DEVICE(0x413c, 0x8126), .driver_info = HCI_WRONG_SCO_MTU },
130
131
/* Microsoft Wireless Transceiver for Bluetooth 2.0 */
132
{ USB_DEVICE(0x045e, 0x009c), .driver_info = HCI_RESET },
+55
-20
drivers/net/bnx2.c
+55
-20
drivers/net/bnx2.c
···
57
58
#define DRV_MODULE_NAME "bnx2"
59
#define PFX DRV_MODULE_NAME ": "
60
-
#define DRV_MODULE_VERSION "1.5.2"
61
-
#define DRV_MODULE_RELDATE "December 13, 2006"
62
63
#define RUN_AT(x) (jiffies + (x))
64
···
1344
bnx2_init_copper_phy(struct bnx2 *bp)
1345
{
1346
u32 val;
1347
-
1348
-
bp->phy_flags |= PHY_CRC_FIX_FLAG;
1349
1350
if (bp->phy_flags & PHY_CRC_FIX_FLAG) {
1351
bnx2_write_phy(bp, 0x18, 0x0c00);
···
3083
int buf_size)
3084
{
3085
u32 written, offset32, len32;
3086
-
u8 *buf, start[4], end[4], *flash_buffer = NULL;
3087
int rc = 0;
3088
int align_start, align_end;
3089
···
3111
}
3112
3113
if (align_start || align_end) {
3114
-
buf = kmalloc(len32, GFP_KERNEL);
3115
-
if (buf == NULL)
3116
return -ENOMEM;
3117
if (align_start) {
3118
-
memcpy(buf, start, 4);
3119
}
3120
if (align_end) {
3121
-
memcpy(buf + len32 - 4, end, 4);
3122
}
3123
-
memcpy(buf + align_start, data_buf, buf_size);
3124
}
3125
3126
if (bp->flash_info->buffered == 0) {
···
3255
}
3256
3257
nvram_write_end:
3258
-
if (bp->flash_info->buffered == 0)
3259
-
kfree(flash_buffer);
3260
-
3261
-
if (align_start || align_end)
3262
-
kfree(buf);
3263
return rc;
3264
}
3265
···
5641
}
5642
#endif
5643
5644
static int __devinit
5645
bnx2_init_board(struct pci_dev *pdev, struct net_device *dev)
5646
{
···
5899
bp->phy_addr = 1;
5900
5901
/* Disable WOL support if we are running on a SERDES chip. */
5902
-
if (CHIP_NUM(bp) == CHIP_NUM_5709) {
5903
-
if (CHIP_BOND_ID(bp) != BNX2_MISC_DUAL_MEDIA_CTRL_BOND_ID_C)
5904
-
bp->phy_flags |= PHY_SERDES_FLAG;
5905
-
} else if (CHIP_BOND_ID(bp) & CHIP_BOND_ID_SERDES_BIT)
5906
bp->phy_flags |= PHY_SERDES_FLAG;
5907
5908
if (bp->phy_flags & PHY_SERDES_FLAG) {
···
5913
if (reg & BNX2_SHARED_HW_CFG_PHY_2_5G)
5914
bp->phy_flags |= PHY_2_5G_CAPABLE_FLAG;
5915
}
5916
-
}
5917
5918
if ((CHIP_ID(bp) == CHIP_ID_5708_A0) ||
5919
(CHIP_ID(bp) == CHIP_ID_5708_B0) ||
···
57
58
#define DRV_MODULE_NAME "bnx2"
59
#define PFX DRV_MODULE_NAME ": "
60
+
#define DRV_MODULE_VERSION "1.5.3"
61
+
#define DRV_MODULE_RELDATE "January 8, 2007"
62
63
#define RUN_AT(x) (jiffies + (x))
64
···
1344
bnx2_init_copper_phy(struct bnx2 *bp)
1345
{
1346
u32 val;
1347
1348
if (bp->phy_flags & PHY_CRC_FIX_FLAG) {
1349
bnx2_write_phy(bp, 0x18, 0x0c00);
···
3085
int buf_size)
3086
{
3087
u32 written, offset32, len32;
3088
+
u8 *buf, start[4], end[4], *align_buf = NULL, *flash_buffer = NULL;
3089
int rc = 0;
3090
int align_start, align_end;
3091
···
3113
}
3114
3115
if (align_start || align_end) {
3116
+
align_buf = kmalloc(len32, GFP_KERNEL);
3117
+
if (align_buf == NULL)
3118
return -ENOMEM;
3119
if (align_start) {
3120
+
memcpy(align_buf, start, 4);
3121
}
3122
if (align_end) {
3123
+
memcpy(align_buf + len32 - 4, end, 4);
3124
}
3125
+
memcpy(align_buf + align_start, data_buf, buf_size);
3126
+
buf = align_buf;
3127
}
3128
3129
if (bp->flash_info->buffered == 0) {
···
3256
}
3257
3258
nvram_write_end:
3259
+
kfree(flash_buffer);
3260
+
kfree(align_buf);
3261
return rc;
3262
}
3263
···
5645
}
5646
#endif
5647
5648
+
static void __devinit
5649
+
bnx2_get_5709_media(struct bnx2 *bp)
5650
+
{
5651
+
u32 val = REG_RD(bp, BNX2_MISC_DUAL_MEDIA_CTRL);
5652
+
u32 bond_id = val & BNX2_MISC_DUAL_MEDIA_CTRL_BOND_ID;
5653
+
u32 strap;
5654
+
5655
+
if (bond_id == BNX2_MISC_DUAL_MEDIA_CTRL_BOND_ID_C)
5656
+
return;
5657
+
else if (bond_id == BNX2_MISC_DUAL_MEDIA_CTRL_BOND_ID_S) {
5658
+
bp->phy_flags |= PHY_SERDES_FLAG;
5659
+
return;
5660
+
}
5661
+
5662
+
if (val & BNX2_MISC_DUAL_MEDIA_CTRL_STRAP_OVERRIDE)
5663
+
strap = (val & BNX2_MISC_DUAL_MEDIA_CTRL_PHY_CTRL) >> 21;
5664
+
else
5665
+
strap = (val & BNX2_MISC_DUAL_MEDIA_CTRL_PHY_CTRL_STRAP) >> 8;
5666
+
5667
+
if (PCI_FUNC(bp->pdev->devfn) == 0) {
5668
+
switch (strap) {
5669
+
case 0x4:
5670
+
case 0x5:
5671
+
case 0x6:
5672
+
bp->phy_flags |= PHY_SERDES_FLAG;
5673
+
return;
5674
+
}
5675
+
} else {
5676
+
switch (strap) {
5677
+
case 0x1:
5678
+
case 0x2:
5679
+
case 0x4:
5680
+
bp->phy_flags |= PHY_SERDES_FLAG;
5681
+
return;
5682
+
}
5683
+
}
5684
+
}
5685
+
5686
static int __devinit
5687
bnx2_init_board(struct pci_dev *pdev, struct net_device *dev)
5688
{
···
5865
bp->phy_addr = 1;
5866
5867
/* Disable WOL support if we are running on a SERDES chip. */
5868
+
if (CHIP_NUM(bp) == CHIP_NUM_5709)
5869
+
bnx2_get_5709_media(bp);
5870
+
else if (CHIP_BOND_ID(bp) & CHIP_BOND_ID_SERDES_BIT)
5871
bp->phy_flags |= PHY_SERDES_FLAG;
5872
5873
if (bp->phy_flags & PHY_SERDES_FLAG) {
···
5880
if (reg & BNX2_SHARED_HW_CFG_PHY_2_5G)
5881
bp->phy_flags |= PHY_2_5G_CAPABLE_FLAG;
5882
}
5883
+
} else if (CHIP_NUM(bp) == CHIP_NUM_5706 ||
5884
+
CHIP_NUM(bp) == CHIP_NUM_5708)
5885
+
bp->phy_flags |= PHY_CRC_FIX_FLAG;
5886
5887
if ((CHIP_ID(bp) == CHIP_ID_5708_A0) ||
5888
(CHIP_ID(bp) == CHIP_ID_5708_B0) ||
+12
-5
drivers/net/tg3.c
+12
-5
drivers/net/tg3.c
···
68
69
#define DRV_MODULE_NAME "tg3"
70
#define PFX DRV_MODULE_NAME ": "
71
-
#define DRV_MODULE_VERSION "3.71"
72
-
#define DRV_MODULE_RELDATE "December 15, 2006"
73
74
#define TG3_DEF_MAC_MODE 0
75
#define TG3_DEF_RX_MODE 0
···
1015
else if (tp->tg3_flags2 & TG3_FLG2_PHY_JITTER_BUG) {
1016
tg3_writephy(tp, MII_TG3_AUX_CTRL, 0x0c00);
1017
tg3_writephy(tp, MII_TG3_DSP_ADDRESS, 0x000a);
1018
-
tg3_writephy(tp, MII_TG3_DSP_RW_PORT, 0x010b);
1019
tg3_writephy(tp, MII_TG3_AUX_CTRL, 0x0400);
1020
}
1021
/* Set Extended packet length bit (bit 14) on all chips that */
···
10808
10809
if (tp->tg3_flags2 & TG3_FLG2_5705_PLUS) {
10810
if (GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5755 ||
10811
-
GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5787)
10812
tp->tg3_flags2 |= TG3_FLG2_PHY_JITTER_BUG;
10813
-
else if (GET_ASIC_REV(tp->pci_chip_rev_id) != ASIC_REV_5906)
10814
tp->tg3_flags2 |= TG3_FLG2_PHY_BER_BUG;
10815
}
10816
···
68
69
#define DRV_MODULE_NAME "tg3"
70
#define PFX DRV_MODULE_NAME ": "
71
+
#define DRV_MODULE_VERSION "3.72"
72
+
#define DRV_MODULE_RELDATE "January 8, 2007"
73
74
#define TG3_DEF_MAC_MODE 0
75
#define TG3_DEF_RX_MODE 0
···
1015
else if (tp->tg3_flags2 & TG3_FLG2_PHY_JITTER_BUG) {
1016
tg3_writephy(tp, MII_TG3_AUX_CTRL, 0x0c00);
1017
tg3_writephy(tp, MII_TG3_DSP_ADDRESS, 0x000a);
1018
+
if (tp->tg3_flags2 & TG3_FLG2_PHY_ADJUST_TRIM) {
1019
+
tg3_writephy(tp, MII_TG3_DSP_RW_PORT, 0x110b);
1020
+
tg3_writephy(tp, MII_TG3_TEST1,
1021
+
MII_TG3_TEST1_TRIM_EN | 0x4);
1022
+
} else
1023
+
tg3_writephy(tp, MII_TG3_DSP_RW_PORT, 0x010b);
1024
tg3_writephy(tp, MII_TG3_AUX_CTRL, 0x0400);
1025
}
1026
/* Set Extended packet length bit (bit 14) on all chips that */
···
10803
10804
if (tp->tg3_flags2 & TG3_FLG2_5705_PLUS) {
10805
if (GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5755 ||
10806
+
GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5787) {
10807
tp->tg3_flags2 |= TG3_FLG2_PHY_JITTER_BUG;
10808
+
if (tp->pdev->device == PCI_DEVICE_ID_TIGON3_5755M)
10809
+
tp->tg3_flags2 |= TG3_FLG2_PHY_ADJUST_TRIM;
10810
+
} else if (GET_ASIC_REV(tp->pci_chip_rev_id) != ASIC_REV_5906)
10811
tp->tg3_flags2 |= TG3_FLG2_PHY_BER_BUG;
10812
}
10813
+4
drivers/net/tg3.h
+4
drivers/net/tg3.h
···
1658
#define MII_TG3_EPHY_TEST 0x1f /* 5906 PHY register */
1659
#define MII_TG3_EPHY_SHADOW_EN 0x80
1660
1661
/* There are two ways to manage the TX descriptors on the tigon3.
1662
* Either the descriptors are in host DMA'able memory, or they
1663
* exist only in the cards on-chip SRAM. All 16 send bds are under
···
2259
#define TG3_FLG2_1SHOT_MSI 0x10000000
2260
#define TG3_FLG2_PHY_JITTER_BUG 0x20000000
2261
#define TG3_FLG2_NO_FWARE_REPORTED 0x40000000
2262
2263
u32 split_mode_max_reqs;
2264
#define SPLIT_MODE_5704_MAX_REQ 3
···
1658
#define MII_TG3_EPHY_TEST 0x1f /* 5906 PHY register */
1659
#define MII_TG3_EPHY_SHADOW_EN 0x80
1660
1661
+
#define MII_TG3_TEST1 0x1e
1662
+
#define MII_TG3_TEST1_TRIM_EN 0x0010
1663
+
1664
/* There are two ways to manage the TX descriptors on the tigon3.
1665
* Either the descriptors are in host DMA'able memory, or they
1666
* exist only in the cards on-chip SRAM. All 16 send bds are under
···
2256
#define TG3_FLG2_1SHOT_MSI 0x10000000
2257
#define TG3_FLG2_PHY_JITTER_BUG 0x20000000
2258
#define TG3_FLG2_NO_FWARE_REPORTED 0x40000000
2259
+
#define TG3_FLG2_PHY_ADJUST_TRIM 0x80000000
2260
2261
u32 split_mode_max_reqs;
2262
#define SPLIT_MODE_5704_MAX_REQ 3
+33
-6
net/bluetooth/cmtp/capi.c
+33
-6
net/bluetooth/cmtp/capi.c
···
196
197
switch (CAPIMSG_SUBCOMMAND(skb->data)) {
198
case CAPI_CONF:
199
func = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 5);
200
info = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 8);
201
···
229
break;
230
231
case CAPI_FUNCTION_GET_PROFILE:
232
controller = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 11);
233
msgnum = CAPIMSG_MSGID(skb->data);
234
···
252
break;
253
254
case CAPI_FUNCTION_GET_MANUFACTURER:
255
controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 10);
256
257
if (!info && ctrl) {
258
strncpy(ctrl->manu,
259
-
skb->data + CAPI_MSG_BASELEN + 15,
260
-
skb->data[CAPI_MSG_BASELEN + 14]);
261
}
262
263
break;
264
265
case CAPI_FUNCTION_GET_VERSION:
266
controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 12);
267
268
if (!info && ctrl) {
···
284
break;
285
286
case CAPI_FUNCTION_GET_SERIAL_NUMBER:
287
controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 12);
288
289
if (!info && ctrl) {
290
memset(ctrl->serial, 0, CAPI_SERIAL_LEN);
291
strncpy(ctrl->serial,
292
-
skb->data + CAPI_MSG_BASELEN + 17,
293
-
skb->data[CAPI_MSG_BASELEN + 16]);
294
}
295
296
break;
···
304
break;
305
306
case CAPI_IND:
307
func = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 3);
308
309
if (func == CAPI_FUNCTION_LOOPBACK) {
310
appl = CAPIMSG_APPID(skb->data);
311
msgnum = CAPIMSG_MSGID(skb->data);
312
cmtp_send_interopmsg(session, CAPI_RESP, appl, msgnum, func,
313
-
skb->data + CAPI_MSG_BASELEN + 6,
314
-
skb->data[CAPI_MSG_BASELEN + 5]);
315
}
316
317
break;
···
332
__u32 contr;
333
334
BT_DBG("session %p skb %p len %d", session, skb, skb->len);
335
336
if (CAPIMSG_COMMAND(skb->data) == CAPI_INTEROPERABILITY) {
337
cmtp_recv_interopmsg(session, skb);
···
196
197
switch (CAPIMSG_SUBCOMMAND(skb->data)) {
198
case CAPI_CONF:
199
+
if (skb->len < CAPI_MSG_BASELEN + 10)
200
+
break;
201
+
202
func = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 5);
203
info = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 8);
204
···
226
break;
227
228
case CAPI_FUNCTION_GET_PROFILE:
229
+
if (skb->len < CAPI_MSG_BASELEN + 11 + sizeof(capi_profile))
230
+
break;
231
+
232
controller = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 11);
233
msgnum = CAPIMSG_MSGID(skb->data);
234
···
246
break;
247
248
case CAPI_FUNCTION_GET_MANUFACTURER:
249
+
if (skb->len < CAPI_MSG_BASELEN + 15)
250
+
break;
251
+
252
controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 10);
253
254
if (!info && ctrl) {
255
+
int len = min_t(uint, CAPI_MANUFACTURER_LEN,
256
+
skb->data[CAPI_MSG_BASELEN + 14]);
257
+
258
+
memset(ctrl->manu, 0, CAPI_MANUFACTURER_LEN);
259
strncpy(ctrl->manu,
260
+
skb->data + CAPI_MSG_BASELEN + 15, len);
261
}
262
263
break;
264
265
case CAPI_FUNCTION_GET_VERSION:
266
+
if (skb->len < CAPI_MSG_BASELEN + 32)
267
+
break;
268
+
269
controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 12);
270
271
if (!info && ctrl) {
···
269
break;
270
271
case CAPI_FUNCTION_GET_SERIAL_NUMBER:
272
+
if (skb->len < CAPI_MSG_BASELEN + 17)
273
+
break;
274
+
275
controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 12);
276
277
if (!info && ctrl) {
278
+
int len = min_t(uint, CAPI_SERIAL_LEN,
279
+
skb->data[CAPI_MSG_BASELEN + 16]);
280
+
281
memset(ctrl->serial, 0, CAPI_SERIAL_LEN);
282
strncpy(ctrl->serial,
283
+
skb->data + CAPI_MSG_BASELEN + 17, len);
284
}
285
286
break;
···
284
break;
285
286
case CAPI_IND:
287
+
if (skb->len < CAPI_MSG_BASELEN + 6)
288
+
break;
289
+
290
func = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 3);
291
292
if (func == CAPI_FUNCTION_LOOPBACK) {
293
+
int len = min_t(uint, skb->len - CAPI_MSG_BASELEN - 6,
294
+
skb->data[CAPI_MSG_BASELEN + 5]);
295
appl = CAPIMSG_APPID(skb->data);
296
msgnum = CAPIMSG_MSGID(skb->data);
297
cmtp_send_interopmsg(session, CAPI_RESP, appl, msgnum, func,
298
+
skb->data + CAPI_MSG_BASELEN + 6, len);
299
}
300
301
break;
···
308
__u32 contr;
309
310
BT_DBG("session %p skb %p len %d", session, skb, skb->len);
311
+
312
+
if (skb->len < CAPI_MSG_BASELEN)
313
+
return;
314
315
if (CAPIMSG_COMMAND(skb->data) == CAPI_INTEROPERABILITY) {
316
cmtp_recv_interopmsg(session, skb);
+6
-1
net/bluetooth/hci_sysfs.c
+6
-1
net/bluetooth/hci_sysfs.c
···
242
struct hci_conn *conn = container_of(work, struct hci_conn, work);
243
int i;
244
245
-
if (device_register(&conn->dev) < 0) {
246
BT_ERR("Failed to register connection device");
247
return;
248
}
···
272
273
dev_set_drvdata(&conn->dev, conn);
274
275
INIT_WORK(&conn->work, add_conn);
276
277
schedule_work(&conn->work);
···
288
void hci_conn_del_sysfs(struct hci_conn *conn)
289
{
290
BT_DBG("conn %p", conn);
291
292
INIT_WORK(&conn->work, del_conn);
293
···
242
struct hci_conn *conn = container_of(work, struct hci_conn, work);
243
int i;
244
245
+
if (device_add(&conn->dev) < 0) {
246
BT_ERR("Failed to register connection device");
247
return;
248
}
···
272
273
dev_set_drvdata(&conn->dev, conn);
274
275
+
device_initialize(&conn->dev);
276
+
277
INIT_WORK(&conn->work, add_conn);
278
279
schedule_work(&conn->work);
···
286
void hci_conn_del_sysfs(struct hci_conn *conn)
287
{
288
BT_DBG("conn %p", conn);
289
+
290
+
if (!device_is_registered(&conn->dev))
291
+
return;
292
293
INIT_WORK(&conn->work, del_conn);
294
+6
-3
net/bluetooth/rfcomm/sock.c
+6
-3
net/bluetooth/rfcomm/sock.c
···
557
struct sock *sk = sock->sk;
558
struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
559
struct sk_buff *skb;
560
-
int err;
561
int sent = 0;
562
563
if (msg->msg_flags & MSG_OOB)
···
571
572
while (len) {
573
size_t size = min_t(size_t, len, d->mtu);
574
575
skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
576
msg->msg_flags & MSG_DONTWAIT, &err);
···
582
err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
583
if (err) {
584
kfree_skb(skb);
585
-
sent = err;
586
break;
587
}
588
589
err = rfcomm_dlc_send(d, skb);
590
if (err < 0) {
591
kfree_skb(skb);
592
break;
593
}
594
···
601
602
release_sock(sk);
603
604
-
return sent ? sent : err;
605
}
606
607
static long rfcomm_sock_data_wait(struct sock *sk, long timeo)
···
557
struct sock *sk = sock->sk;
558
struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc;
559
struct sk_buff *skb;
560
int sent = 0;
561
562
if (msg->msg_flags & MSG_OOB)
···
572
573
while (len) {
574
size_t size = min_t(size_t, len, d->mtu);
575
+
int err;
576
577
skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE,
578
msg->msg_flags & MSG_DONTWAIT, &err);
···
582
err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size);
583
if (err) {
584
kfree_skb(skb);
585
+
if (sent == 0)
586
+
sent = err;
587
break;
588
}
589
590
err = rfcomm_dlc_send(d, skb);
591
if (err < 0) {
592
kfree_skb(skb);
593
+
if (sent == 0)
594
+
sent = err;
595
break;
596
}
597
···
598
599
release_sock(sk);
600
601
+
return sent;
602
}
603
604
static long rfcomm_sock_data_wait(struct sock *sk, long timeo)
+15
-7
net/bluetooth/rfcomm/tty.c
+15
-7
net/bluetooth/rfcomm/tty.c
···
697
698
BT_DBG("tty %p", tty);
699
700
room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc);
701
if (room < 0)
702
room = 0;
703
return room;
704
}
705
···
919
static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
920
{
921
struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
922
-
struct rfcomm_dlc *dlc = dev->dlc;
923
924
BT_DBG("tty %p dev %p", tty, dev);
925
926
-
if (!skb_queue_empty(&dlc->tx_queue))
927
-
return dlc->mtu;
928
929
return 0;
930
}
···
934
static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
935
{
936
struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
937
-
if (!dev)
938
-
return;
939
940
BT_DBG("tty %p dev %p", tty, dev);
941
942
skb_queue_purge(&dev->dlc->tx_queue);
943
···
959
static void rfcomm_tty_hangup(struct tty_struct *tty)
960
{
961
struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
962
-
if (!dev)
963
-
return;
964
965
BT_DBG("tty %p dev %p", tty, dev);
966
967
rfcomm_tty_flush_buffer(tty);
968
···
697
698
BT_DBG("tty %p", tty);
699
700
+
if (!dev || !dev->dlc)
701
+
return 0;
702
+
703
room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc);
704
if (room < 0)
705
room = 0;
706
+
707
return room;
708
}
709
···
915
static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty)
916
{
917
struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
918
919
BT_DBG("tty %p dev %p", tty, dev);
920
921
+
if (!dev || !dev->dlc)
922
+
return 0;
923
+
924
+
if (!skb_queue_empty(&dev->dlc->tx_queue))
925
+
return dev->dlc->mtu;
926
927
return 0;
928
}
···
928
static void rfcomm_tty_flush_buffer(struct tty_struct *tty)
929
{
930
struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
931
932
BT_DBG("tty %p dev %p", tty, dev);
933
+
934
+
if (!dev || !dev->dlc)
935
+
return;
936
937
skb_queue_purge(&dev->dlc->tx_queue);
938
···
952
static void rfcomm_tty_hangup(struct tty_struct *tty)
953
{
954
struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
955
956
BT_DBG("tty %p dev %p", tty, dev);
957
+
958
+
if (!dev)
959
+
return;
960
961
rfcomm_tty_flush_buffer(tty);
962
+1
-1
net/ipv4/af_inet.c
+1
-1
net/ipv4/af_inet.c
+1
-1
net/ipv4/tcp_ipv4.c
+1
-1
net/ipv4/tcp_ipv4.c
+1
-1
net/ipv6/af_inet6.c
+1
-1
net/ipv6/af_inet6.c
+1
net/netfilter/nf_conntrack_netbios_ns.c
+1
net/netfilter/nf_conntrack_netbios_ns.c
+3
-3
net/netlabel/netlabel_cipso_v4.c
+3
-3
net/netlabel/netlabel_cipso_v4.c
···
130
131
nla_for_each_nested(nla, info->attrs[NLBL_CIPSOV4_A_TAGLST], nla_rem)
132
if (nla->nla_type == NLBL_CIPSOV4_A_TAG) {
133
-
if (iter > CIPSO_V4_TAG_MAXCNT)
134
return -EINVAL;
135
doi_def->tags[iter++] = nla_get_u8(nla);
136
}
137
-
if (iter < CIPSO_V4_TAG_MAXCNT)
138
-
doi_def->tags[iter] = CIPSO_V4_TAG_INVALID;
139
140
return 0;
141
}
···
130
131
nla_for_each_nested(nla, info->attrs[NLBL_CIPSOV4_A_TAGLST], nla_rem)
132
if (nla->nla_type == NLBL_CIPSOV4_A_TAG) {
133
+
if (iter >= CIPSO_V4_TAG_MAXCNT)
134
return -EINVAL;
135
doi_def->tags[iter++] = nla_get_u8(nla);
136
}
137
+
while (iter < CIPSO_V4_TAG_MAXCNT)
138
+
doi_def->tags[iter++] = CIPSO_V4_TAG_INVALID;
139
140
return 0;
141
}
+6
-6
net/x25/x25_facilities.c
+6
-6
net/x25/x25_facilities.c
···
254
* They want reverse charging, we won't accept it.
255
*/
256
if ((theirs.reverse & 0x01 ) && (ours->reverse & 0x01)) {
257
-
SOCK_DEBUG(sk, "X.25: rejecting reverse charging request");
258
return -1;
259
}
260
···
262
263
if (theirs.throughput) {
264
if (theirs.throughput < ours->throughput) {
265
-
SOCK_DEBUG(sk, "X.25: throughput negotiated down");
266
new->throughput = theirs.throughput;
267
}
268
}
269
270
if (theirs.pacsize_in && theirs.pacsize_out) {
271
if (theirs.pacsize_in < ours->pacsize_in) {
272
-
SOCK_DEBUG(sk, "X.25: packet size inwards negotiated down");
273
new->pacsize_in = theirs.pacsize_in;
274
}
275
if (theirs.pacsize_out < ours->pacsize_out) {
276
-
SOCK_DEBUG(sk, "X.25: packet size outwards negotiated down");
277
new->pacsize_out = theirs.pacsize_out;
278
}
279
}
280
281
if (theirs.winsize_in && theirs.winsize_out) {
282
if (theirs.winsize_in < ours->winsize_in) {
283
-
SOCK_DEBUG(sk, "X.25: window size inwards negotiated down");
284
new->winsize_in = theirs.winsize_in;
285
}
286
if (theirs.winsize_out < ours->winsize_out) {
287
-
SOCK_DEBUG(sk, "X.25: window size outwards negotiated down");
288
new->winsize_out = theirs.winsize_out;
289
}
290
}
···
254
* They want reverse charging, we won't accept it.
255
*/
256
if ((theirs.reverse & 0x01 ) && (ours->reverse & 0x01)) {
257
+
SOCK_DEBUG(sk, "X.25: rejecting reverse charging request\n");
258
return -1;
259
}
260
···
262
263
if (theirs.throughput) {
264
if (theirs.throughput < ours->throughput) {
265
+
SOCK_DEBUG(sk, "X.25: throughput negotiated down\n");
266
new->throughput = theirs.throughput;
267
}
268
}
269
270
if (theirs.pacsize_in && theirs.pacsize_out) {
271
if (theirs.pacsize_in < ours->pacsize_in) {
272
+
SOCK_DEBUG(sk, "X.25: packet size inwards negotiated down\n");
273
new->pacsize_in = theirs.pacsize_in;
274
}
275
if (theirs.pacsize_out < ours->pacsize_out) {
276
+
SOCK_DEBUG(sk, "X.25: packet size outwards negotiated down\n");
277
new->pacsize_out = theirs.pacsize_out;
278
}
279
}
280
281
if (theirs.winsize_in && theirs.winsize_out) {
282
if (theirs.winsize_in < ours->winsize_in) {
283
+
SOCK_DEBUG(sk, "X.25: window size inwards negotiated down\n");
284
new->winsize_in = theirs.winsize_in;
285
}
286
if (theirs.winsize_out < ours->winsize_out) {
287
+
SOCK_DEBUG(sk, "X.25: window size outwards negotiated down\n");
288
new->winsize_out = theirs.winsize_out;
289
}
290
}
+2
-2
security/selinux/ss/services.c
+2
-2
security/selinux/ss/services.c