diff options
| author | Linus Torvalds <torvalds@woody.osdl.org> | 2007-01-09 12:37:18 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@woody.osdl.org> | 2007-01-09 12:37:18 -0500 |
| commit | 76a2f047880c2c7779f8950c50ee8f3855a5e6df (patch) | |
| tree | a491d075e353b1ed01b069cca4963b21085d818e | |
| parent | 97bee8e25da4dfc3b7a369fb2c2f280f5c1918c2 (diff) | |
| parent | cb48cfe8079ddda78425a16d6c1be57d822b365b (diff) | |
Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[TCP]: Fix iov_len calculation in tcp_v4_send_ack().
[NETFILTER]: nf_conntrack_netbios_ns: fix uninitialized member in expectation
[TG3]: Add PHY workaround for 5755M.
[BNX2]: Update version and reldate.
[BNX2]: Fix bug in bnx2_nvram_write().
[BNX2]: Fix 5709 Serdes detection.
[BNX2]: Don't apply CRC PHY workaround to 5709.
NetLabel: correct CIPSO tag handling when adding new DOI definitions
NetLabel: correct locking in selinux_netlbl_socket_setsid()
[Bluetooth] Correct SCO buffer for Broadcom based Dell laptops
[Bluetooth] Correct SCO buffer for Broadcom based HP laptops
[Bluetooth] Correct SCO buffer size for another ThinkPad laptop
[Bluetooth] Handle device registration failures
[Bluetooth] Fix uninitialized return value for RFCOMM sendmsg()
[Bluetooth] More checks if DLC is still attached to the TTY
[Bluetooth] Add packet size checks for CAPI messages
[X25]: Trivial, SOCK_DEBUG's in x25_facilities missing newlines
[INET]: Fix incorrect "inet_sock->is_icsk" assignment.
| -rw-r--r-- | drivers/bluetooth/hci_usb.c | 7 | ||||
| -rw-r--r-- | drivers/net/bnx2.c | 75 | ||||
| -rw-r--r-- | drivers/net/tg3.c | 17 | ||||
| -rw-r--r-- | drivers/net/tg3.h | 4 | ||||
| -rw-r--r-- | net/bluetooth/cmtp/capi.c | 39 | ||||
| -rw-r--r-- | net/bluetooth/hci_sysfs.c | 7 | ||||
| -rw-r--r-- | net/bluetooth/rfcomm/sock.c | 9 | ||||
| -rw-r--r-- | net/bluetooth/rfcomm/tty.c | 22 | ||||
| -rw-r--r-- | net/ipv4/af_inet.c | 2 | ||||
| -rw-r--r-- | net/ipv4/tcp_ipv4.c | 2 | ||||
| -rw-r--r-- | net/ipv6/af_inet6.c | 2 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_netbios_ns.c | 1 | ||||
| -rw-r--r-- | net/netlabel/netlabel_cipso_v4.c | 6 | ||||
| -rw-r--r-- | net/x25/x25_facilities.c | 12 | ||||
| -rw-r--r-- | security/selinux/ss/services.c | 4 |
15 files changed, 153 insertions, 56 deletions
diff --git a/drivers/bluetooth/hci_usb.c b/drivers/bluetooth/hci_usb.c index aeefec97fdee..6bdf593081d8 100644 --- a/drivers/bluetooth/hci_usb.c +++ b/drivers/bluetooth/hci_usb.c | |||
| @@ -117,10 +117,17 @@ static struct usb_device_id blacklist_ids[] = { | |||
| 117 | 117 | ||
| 118 | /* IBM/Lenovo ThinkPad with Broadcom chip */ | 118 | /* IBM/Lenovo ThinkPad with Broadcom chip */ |
| 119 | { USB_DEVICE(0x0a5c, 0x201e), .driver_info = HCI_WRONG_SCO_MTU }, | 119 | { USB_DEVICE(0x0a5c, 0x201e), .driver_info = HCI_WRONG_SCO_MTU }, |
| 120 | { USB_DEVICE(0x0a5c, 0x2110), .driver_info = HCI_WRONG_SCO_MTU }, | ||
| 120 | 121 | ||
| 121 | /* ANYCOM Bluetooth USB-200 and USB-250 */ | 122 | /* ANYCOM Bluetooth USB-200 and USB-250 */ |
| 122 | { USB_DEVICE(0x0a5c, 0x2111), .driver_info = HCI_RESET }, | 123 | { USB_DEVICE(0x0a5c, 0x2111), .driver_info = HCI_RESET }, |
| 123 | 124 | ||
| 125 | /* HP laptop with Broadcom chip */ | ||
| 126 | { USB_DEVICE(0x03f0, 0x171d), .driver_info = HCI_WRONG_SCO_MTU }, | ||
| 127 | |||
| 128 | /* Dell laptop with Broadcom chip */ | ||
| 129 | { USB_DEVICE(0x413c, 0x8126), .driver_info = HCI_WRONG_SCO_MTU }, | ||
| 130 | |||
| 124 | /* Microsoft Wireless Transceiver for Bluetooth 2.0 */ | 131 | /* Microsoft Wireless Transceiver for Bluetooth 2.0 */ |
| 125 | { USB_DEVICE(0x045e, 0x009c), .driver_info = HCI_RESET }, | 132 | { USB_DEVICE(0x045e, 0x009c), .driver_info = HCI_RESET }, |
| 126 | 133 | ||
diff --git a/drivers/net/bnx2.c b/drivers/net/bnx2.c index ada5e9b9988c..ca5acc4736df 100644 --- a/drivers/net/bnx2.c +++ b/drivers/net/bnx2.c | |||
| @@ -57,8 +57,8 @@ | |||
| 57 | 57 | ||
| 58 | #define DRV_MODULE_NAME "bnx2" | 58 | #define DRV_MODULE_NAME "bnx2" |
| 59 | #define PFX DRV_MODULE_NAME ": " | 59 | #define PFX DRV_MODULE_NAME ": " |
| 60 | #define DRV_MODULE_VERSION "1.5.2" | 60 | #define DRV_MODULE_VERSION "1.5.3" |
| 61 | #define DRV_MODULE_RELDATE "December 13, 2006" | 61 | #define DRV_MODULE_RELDATE "January 8, 2007" |
| 62 | 62 | ||
| 63 | #define RUN_AT(x) (jiffies + (x)) | 63 | #define RUN_AT(x) (jiffies + (x)) |
| 64 | 64 | ||
| @@ -1345,8 +1345,6 @@ bnx2_init_copper_phy(struct bnx2 *bp) | |||
| 1345 | { | 1345 | { |
| 1346 | u32 val; | 1346 | u32 val; |
| 1347 | 1347 | ||
| 1348 | bp->phy_flags |= PHY_CRC_FIX_FLAG; | ||
| 1349 | |||
| 1350 | if (bp->phy_flags & PHY_CRC_FIX_FLAG) { | 1348 | if (bp->phy_flags & PHY_CRC_FIX_FLAG) { |
| 1351 | bnx2_write_phy(bp, 0x18, 0x0c00); | 1349 | bnx2_write_phy(bp, 0x18, 0x0c00); |
| 1352 | bnx2_write_phy(bp, 0x17, 0x000a); | 1350 | bnx2_write_phy(bp, 0x17, 0x000a); |
| @@ -3085,7 +3083,7 @@ bnx2_nvram_write(struct bnx2 *bp, u32 offset, u8 *data_buf, | |||
| 3085 | int buf_size) | 3083 | int buf_size) |
| 3086 | { | 3084 | { |
| 3087 | u32 written, offset32, len32; | 3085 | u32 written, offset32, len32; |
| 3088 | u8 *buf, start[4], end[4], *flash_buffer = NULL; | 3086 | u8 *buf, start[4], end[4], *align_buf = NULL, *flash_buffer = NULL; |
| 3089 | int rc = 0; | 3087 | int rc = 0; |
| 3090 | int align_start, align_end; | 3088 | int align_start, align_end; |
| 3091 | 3089 | ||
| @@ -3113,16 +3111,17 @@ bnx2_nvram_write(struct bnx2 *bp, u32 offset, u8 *data_buf, | |||
| 3113 | } | 3111 | } |
| 3114 | 3112 | ||
| 3115 | if (align_start || align_end) { | 3113 | if (align_start || align_end) { |
| 3116 | buf = kmalloc(len32, GFP_KERNEL); | 3114 | align_buf = kmalloc(len32, GFP_KERNEL); |
| 3117 | if (buf == NULL) | 3115 | if (align_buf == NULL) |
| 3118 | return -ENOMEM; | 3116 | return -ENOMEM; |
| 3119 | if (align_start) { | 3117 | if (align_start) { |
| 3120 | memcpy(buf, start, 4); | 3118 | memcpy(align_buf, start, 4); |
| 3121 | } | 3119 | } |
| 3122 | if (align_end) { | 3120 | if (align_end) { |
| 3123 | memcpy(buf + len32 - 4, end, 4); | 3121 | memcpy(align_buf + len32 - 4, end, 4); |
| 3124 | } | 3122 | } |
| 3125 | memcpy(buf + align_start, data_buf, buf_size); | 3123 | memcpy(align_buf + align_start, data_buf, buf_size); |
| 3124 | buf = align_buf; | ||
| 3126 | } | 3125 | } |
| 3127 | 3126 | ||
| 3128 | if (bp->flash_info->buffered == 0) { | 3127 | if (bp->flash_info->buffered == 0) { |
| @@ -3256,11 +3255,8 @@ bnx2_nvram_write(struct bnx2 *bp, u32 offset, u8 *data_buf, | |||
| 3256 | } | 3255 | } |
| 3257 | 3256 | ||
| 3258 | nvram_write_end: | 3257 | nvram_write_end: |
| 3259 | if (bp->flash_info->buffered == 0) | 3258 | kfree(flash_buffer); |
| 3260 | kfree(flash_buffer); | 3259 | kfree(align_buf); |
| 3261 | |||
| 3262 | if (align_start || align_end) | ||
| 3263 | kfree(buf); | ||
| 3264 | return rc; | 3260 | return rc; |
| 3265 | } | 3261 | } |
| 3266 | 3262 | ||
| @@ -5645,6 +5641,44 @@ poll_bnx2(struct net_device *dev) | |||
| 5645 | } | 5641 | } |
| 5646 | #endif | 5642 | #endif |
| 5647 | 5643 | ||
| 5644 | static void __devinit | ||
| 5645 | bnx2_get_5709_media(struct bnx2 *bp) | ||
| 5646 | { | ||
| 5647 | u32 val = REG_RD(bp, BNX2_MISC_DUAL_MEDIA_CTRL); | ||
| 5648 | u32 bond_id = val & BNX2_MISC_DUAL_MEDIA_CTRL_BOND_ID; | ||
| 5649 | u32 strap; | ||
| 5650 | |||
| 5651 | if (bond_id == BNX2_MISC_DUAL_MEDIA_CTRL_BOND_ID_C) | ||
| 5652 | return; | ||
| 5653 | else if (bond_id == BNX2_MISC_DUAL_MEDIA_CTRL_BOND_ID_S) { | ||
| 5654 | bp->phy_flags |= PHY_SERDES_FLAG; | ||
| 5655 | return; | ||
| 5656 | } | ||
| 5657 | |||
| 5658 | if (val & BNX2_MISC_DUAL_MEDIA_CTRL_STRAP_OVERRIDE) | ||
| 5659 | strap = (val & BNX2_MISC_DUAL_MEDIA_CTRL_PHY_CTRL) >> 21; | ||
| 5660 | else | ||
| 5661 | strap = (val & BNX2_MISC_DUAL_MEDIA_CTRL_PHY_CTRL_STRAP) >> 8; | ||
| 5662 | |||
| 5663 | if (PCI_FUNC(bp->pdev->devfn) == 0) { | ||
| 5664 | switch (strap) { | ||
| 5665 | case 0x4: | ||
| 5666 | case 0x5: | ||
| 5667 | case 0x6: | ||
| 5668 | bp->phy_flags |= PHY_SERDES_FLAG; | ||
| 5669 | return; | ||
| 5670 | } | ||
| 5671 | } else { | ||
| 5672 | switch (strap) { | ||
| 5673 | case 0x1: | ||
| 5674 | case 0x2: | ||
| 5675 | case 0x4: | ||
| 5676 | bp->phy_flags |= PHY_SERDES_FLAG; | ||
| 5677 | return; | ||
| 5678 | } | ||
| 5679 | } | ||
| 5680 | } | ||
| 5681 | |||
| 5648 | static int __devinit | 5682 | static int __devinit |
| 5649 | bnx2_init_board(struct pci_dev *pdev, struct net_device *dev) | 5683 | bnx2_init_board(struct pci_dev *pdev, struct net_device *dev) |
| 5650 | { | 5684 | { |
| @@ -5865,10 +5899,9 @@ bnx2_init_board(struct pci_dev *pdev, struct net_device *dev) | |||
| 5865 | bp->phy_addr = 1; | 5899 | bp->phy_addr = 1; |
| 5866 | 5900 | ||
| 5867 | /* Disable WOL support if we are running on a SERDES chip. */ | 5901 | /* Disable WOL support if we are running on a SERDES chip. */ |
| 5868 | if (CHIP_NUM(bp) == CHIP_NUM_5709) { | 5902 | if (CHIP_NUM(bp) == CHIP_NUM_5709) |
| 5869 | if (CHIP_BOND_ID(bp) != BNX2_MISC_DUAL_MEDIA_CTRL_BOND_ID_C) | 5903 | bnx2_get_5709_media(bp); |
| 5870 | bp->phy_flags |= PHY_SERDES_FLAG; | 5904 | else if (CHIP_BOND_ID(bp) & CHIP_BOND_ID_SERDES_BIT) |
| 5871 | } else if (CHIP_BOND_ID(bp) & CHIP_BOND_ID_SERDES_BIT) | ||
| 5872 | bp->phy_flags |= PHY_SERDES_FLAG; | 5905 | bp->phy_flags |= PHY_SERDES_FLAG; |
| 5873 | 5906 | ||
| 5874 | if (bp->phy_flags & PHY_SERDES_FLAG) { | 5907 | if (bp->phy_flags & PHY_SERDES_FLAG) { |
| @@ -5880,7 +5913,9 @@ bnx2_init_board(struct pci_dev *pdev, struct net_device *dev) | |||
| 5880 | if (reg & BNX2_SHARED_HW_CFG_PHY_2_5G) | 5913 | if (reg & BNX2_SHARED_HW_CFG_PHY_2_5G) |
| 5881 | bp->phy_flags |= PHY_2_5G_CAPABLE_FLAG; | 5914 | bp->phy_flags |= PHY_2_5G_CAPABLE_FLAG; |
| 5882 | } | 5915 | } |
| 5883 | } | 5916 | } else if (CHIP_NUM(bp) == CHIP_NUM_5706 || |
| 5917 | CHIP_NUM(bp) == CHIP_NUM_5708) | ||
| 5918 | bp->phy_flags |= PHY_CRC_FIX_FLAG; | ||
| 5884 | 5919 | ||
| 5885 | if ((CHIP_ID(bp) == CHIP_ID_5708_A0) || | 5920 | if ((CHIP_ID(bp) == CHIP_ID_5708_A0) || |
| 5886 | (CHIP_ID(bp) == CHIP_ID_5708_B0) || | 5921 | (CHIP_ID(bp) == CHIP_ID_5708_B0) || |
diff --git a/drivers/net/tg3.c b/drivers/net/tg3.c index 4056ba1ff3c7..f4bf62c2a7a5 100644 --- a/drivers/net/tg3.c +++ b/drivers/net/tg3.c | |||
| @@ -68,8 +68,8 @@ | |||
| 68 | 68 | ||
| 69 | #define DRV_MODULE_NAME "tg3" | 69 | #define DRV_MODULE_NAME "tg3" |
| 70 | #define PFX DRV_MODULE_NAME ": " | 70 | #define PFX DRV_MODULE_NAME ": " |
| 71 | #define DRV_MODULE_VERSION "3.71" | 71 | #define DRV_MODULE_VERSION "3.72" |
| 72 | #define DRV_MODULE_RELDATE "December 15, 2006" | 72 | #define DRV_MODULE_RELDATE "January 8, 2007" |
| 73 | 73 | ||
| 74 | #define TG3_DEF_MAC_MODE 0 | 74 | #define TG3_DEF_MAC_MODE 0 |
| 75 | #define TG3_DEF_RX_MODE 0 | 75 | #define TG3_DEF_RX_MODE 0 |
| @@ -1015,7 +1015,12 @@ out: | |||
| 1015 | else if (tp->tg3_flags2 & TG3_FLG2_PHY_JITTER_BUG) { | 1015 | else if (tp->tg3_flags2 & TG3_FLG2_PHY_JITTER_BUG) { |
| 1016 | tg3_writephy(tp, MII_TG3_AUX_CTRL, 0x0c00); | 1016 | tg3_writephy(tp, MII_TG3_AUX_CTRL, 0x0c00); |
| 1017 | tg3_writephy(tp, MII_TG3_DSP_ADDRESS, 0x000a); | 1017 | tg3_writephy(tp, MII_TG3_DSP_ADDRESS, 0x000a); |
| 1018 | tg3_writephy(tp, MII_TG3_DSP_RW_PORT, 0x010b); | 1018 | if (tp->tg3_flags2 & TG3_FLG2_PHY_ADJUST_TRIM) { |
| 1019 | tg3_writephy(tp, MII_TG3_DSP_RW_PORT, 0x110b); | ||
| 1020 | tg3_writephy(tp, MII_TG3_TEST1, | ||
| 1021 | MII_TG3_TEST1_TRIM_EN | 0x4); | ||
| 1022 | } else | ||
| 1023 | tg3_writephy(tp, MII_TG3_DSP_RW_PORT, 0x010b); | ||
| 1019 | tg3_writephy(tp, MII_TG3_AUX_CTRL, 0x0400); | 1024 | tg3_writephy(tp, MII_TG3_AUX_CTRL, 0x0400); |
| 1020 | } | 1025 | } |
| 1021 | /* Set Extended packet length bit (bit 14) on all chips that */ | 1026 | /* Set Extended packet length bit (bit 14) on all chips that */ |
| @@ -10803,9 +10808,11 @@ static int __devinit tg3_get_invariants(struct tg3 *tp) | |||
| 10803 | 10808 | ||
| 10804 | if (tp->tg3_flags2 & TG3_FLG2_5705_PLUS) { | 10809 | if (tp->tg3_flags2 & TG3_FLG2_5705_PLUS) { |
| 10805 | if (GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5755 || | 10810 | if (GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5755 || |
| 10806 | GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5787) | 10811 | GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5787) { |
| 10807 | tp->tg3_flags2 |= TG3_FLG2_PHY_JITTER_BUG; | 10812 | tp->tg3_flags2 |= TG3_FLG2_PHY_JITTER_BUG; |
| 10808 | else if (GET_ASIC_REV(tp->pci_chip_rev_id) != ASIC_REV_5906) | 10813 | if (tp->pdev->device == PCI_DEVICE_ID_TIGON3_5755M) |
| 10814 | tp->tg3_flags2 |= TG3_FLG2_PHY_ADJUST_TRIM; | ||
| 10815 | } else if (GET_ASIC_REV(tp->pci_chip_rev_id) != ASIC_REV_5906) | ||
| 10809 | tp->tg3_flags2 |= TG3_FLG2_PHY_BER_BUG; | 10816 | tp->tg3_flags2 |= TG3_FLG2_PHY_BER_BUG; |
| 10810 | } | 10817 | } |
| 10811 | 10818 | ||
diff --git a/drivers/net/tg3.h b/drivers/net/tg3.h index cf78a7e5997b..80f59ac7ec58 100644 --- a/drivers/net/tg3.h +++ b/drivers/net/tg3.h | |||
| @@ -1658,6 +1658,9 @@ | |||
| 1658 | #define MII_TG3_EPHY_TEST 0x1f /* 5906 PHY register */ | 1658 | #define MII_TG3_EPHY_TEST 0x1f /* 5906 PHY register */ |
| 1659 | #define MII_TG3_EPHY_SHADOW_EN 0x80 | 1659 | #define MII_TG3_EPHY_SHADOW_EN 0x80 |
| 1660 | 1660 | ||
| 1661 | #define MII_TG3_TEST1 0x1e | ||
| 1662 | #define MII_TG3_TEST1_TRIM_EN 0x0010 | ||
| 1663 | |||
| 1661 | /* There are two ways to manage the TX descriptors on the tigon3. | 1664 | /* There are two ways to manage the TX descriptors on the tigon3. |
| 1662 | * Either the descriptors are in host DMA'able memory, or they | 1665 | * Either the descriptors are in host DMA'able memory, or they |
| 1663 | * exist only in the cards on-chip SRAM. All 16 send bds are under | 1666 | * exist only in the cards on-chip SRAM. All 16 send bds are under |
| @@ -2256,6 +2259,7 @@ struct tg3 { | |||
| 2256 | #define TG3_FLG2_1SHOT_MSI 0x10000000 | 2259 | #define TG3_FLG2_1SHOT_MSI 0x10000000 |
| 2257 | #define TG3_FLG2_PHY_JITTER_BUG 0x20000000 | 2260 | #define TG3_FLG2_PHY_JITTER_BUG 0x20000000 |
| 2258 | #define TG3_FLG2_NO_FWARE_REPORTED 0x40000000 | 2261 | #define TG3_FLG2_NO_FWARE_REPORTED 0x40000000 |
| 2262 | #define TG3_FLG2_PHY_ADJUST_TRIM 0x80000000 | ||
| 2259 | 2263 | ||
| 2260 | u32 split_mode_max_reqs; | 2264 | u32 split_mode_max_reqs; |
| 2261 | #define SPLIT_MODE_5704_MAX_REQ 3 | 2265 | #define SPLIT_MODE_5704_MAX_REQ 3 |
diff --git a/net/bluetooth/cmtp/capi.c b/net/bluetooth/cmtp/capi.c index be04e9fb11f6..ab166b48ce8d 100644 --- a/net/bluetooth/cmtp/capi.c +++ b/net/bluetooth/cmtp/capi.c | |||
| @@ -196,6 +196,9 @@ static void cmtp_recv_interopmsg(struct cmtp_session *session, struct sk_buff *s | |||
| 196 | 196 | ||
| 197 | switch (CAPIMSG_SUBCOMMAND(skb->data)) { | 197 | switch (CAPIMSG_SUBCOMMAND(skb->data)) { |
| 198 | case CAPI_CONF: | 198 | case CAPI_CONF: |
| 199 | if (skb->len < CAPI_MSG_BASELEN + 10) | ||
| 200 | break; | ||
| 201 | |||
| 199 | func = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 5); | 202 | func = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 5); |
| 200 | info = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 8); | 203 | info = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 8); |
| 201 | 204 | ||
| @@ -226,6 +229,9 @@ static void cmtp_recv_interopmsg(struct cmtp_session *session, struct sk_buff *s | |||
| 226 | break; | 229 | break; |
| 227 | 230 | ||
| 228 | case CAPI_FUNCTION_GET_PROFILE: | 231 | case CAPI_FUNCTION_GET_PROFILE: |
| 232 | if (skb->len < CAPI_MSG_BASELEN + 11 + sizeof(capi_profile)) | ||
| 233 | break; | ||
| 234 | |||
| 229 | controller = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 11); | 235 | controller = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 11); |
| 230 | msgnum = CAPIMSG_MSGID(skb->data); | 236 | msgnum = CAPIMSG_MSGID(skb->data); |
| 231 | 237 | ||
| @@ -246,17 +252,26 @@ static void cmtp_recv_interopmsg(struct cmtp_session *session, struct sk_buff *s | |||
| 246 | break; | 252 | break; |
| 247 | 253 | ||
| 248 | case CAPI_FUNCTION_GET_MANUFACTURER: | 254 | case CAPI_FUNCTION_GET_MANUFACTURER: |
| 255 | if (skb->len < CAPI_MSG_BASELEN + 15) | ||
| 256 | break; | ||
| 257 | |||
| 249 | controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 10); | 258 | controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 10); |
| 250 | 259 | ||
| 251 | if (!info && ctrl) { | 260 | if (!info && ctrl) { |
| 261 | int len = min_t(uint, CAPI_MANUFACTURER_LEN, | ||
| 262 | skb->data[CAPI_MSG_BASELEN + 14]); | ||
| 263 | |||
| 264 | memset(ctrl->manu, 0, CAPI_MANUFACTURER_LEN); | ||
| 252 | strncpy(ctrl->manu, | 265 | strncpy(ctrl->manu, |
| 253 | skb->data + CAPI_MSG_BASELEN + 15, | 266 | skb->data + CAPI_MSG_BASELEN + 15, len); |
| 254 | skb->data[CAPI_MSG_BASELEN + 14]); | ||
| 255 | } | 267 | } |
| 256 | 268 | ||
| 257 | break; | 269 | break; |
| 258 | 270 | ||
| 259 | case CAPI_FUNCTION_GET_VERSION: | 271 | case CAPI_FUNCTION_GET_VERSION: |
| 272 | if (skb->len < CAPI_MSG_BASELEN + 32) | ||
| 273 | break; | ||
| 274 | |||
| 260 | controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 12); | 275 | controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 12); |
| 261 | 276 | ||
| 262 | if (!info && ctrl) { | 277 | if (!info && ctrl) { |
| @@ -269,13 +284,18 @@ static void cmtp_recv_interopmsg(struct cmtp_session *session, struct sk_buff *s | |||
| 269 | break; | 284 | break; |
| 270 | 285 | ||
| 271 | case CAPI_FUNCTION_GET_SERIAL_NUMBER: | 286 | case CAPI_FUNCTION_GET_SERIAL_NUMBER: |
| 287 | if (skb->len < CAPI_MSG_BASELEN + 17) | ||
| 288 | break; | ||
| 289 | |||
| 272 | controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 12); | 290 | controller = CAPIMSG_U32(skb->data, CAPI_MSG_BASELEN + 12); |
| 273 | 291 | ||
| 274 | if (!info && ctrl) { | 292 | if (!info && ctrl) { |
| 293 | int len = min_t(uint, CAPI_SERIAL_LEN, | ||
| 294 | skb->data[CAPI_MSG_BASELEN + 16]); | ||
| 295 | |||
| 275 | memset(ctrl->serial, 0, CAPI_SERIAL_LEN); | 296 | memset(ctrl->serial, 0, CAPI_SERIAL_LEN); |
| 276 | strncpy(ctrl->serial, | 297 | strncpy(ctrl->serial, |
| 277 | skb->data + CAPI_MSG_BASELEN + 17, | 298 | skb->data + CAPI_MSG_BASELEN + 17, len); |
| 278 | skb->data[CAPI_MSG_BASELEN + 16]); | ||
| 279 | } | 299 | } |
| 280 | 300 | ||
| 281 | break; | 301 | break; |
| @@ -284,14 +304,18 @@ static void cmtp_recv_interopmsg(struct cmtp_session *session, struct sk_buff *s | |||
| 284 | break; | 304 | break; |
| 285 | 305 | ||
| 286 | case CAPI_IND: | 306 | case CAPI_IND: |
| 307 | if (skb->len < CAPI_MSG_BASELEN + 6) | ||
| 308 | break; | ||
| 309 | |||
| 287 | func = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 3); | 310 | func = CAPIMSG_U16(skb->data, CAPI_MSG_BASELEN + 3); |
| 288 | 311 | ||
| 289 | if (func == CAPI_FUNCTION_LOOPBACK) { | 312 | if (func == CAPI_FUNCTION_LOOPBACK) { |
| 313 | int len = min_t(uint, skb->len - CAPI_MSG_BASELEN - 6, | ||
| 314 | skb->data[CAPI_MSG_BASELEN + 5]); | ||
| 290 | appl = CAPIMSG_APPID(skb->data); | 315 | appl = CAPIMSG_APPID(skb->data); |
| 291 | msgnum = CAPIMSG_MSGID(skb->data); | 316 | msgnum = CAPIMSG_MSGID(skb->data); |
| 292 | cmtp_send_interopmsg(session, CAPI_RESP, appl, msgnum, func, | 317 | cmtp_send_interopmsg(session, CAPI_RESP, appl, msgnum, func, |
| 293 | skb->data + CAPI_MSG_BASELEN + 6, | 318 | skb->data + CAPI_MSG_BASELEN + 6, len); |
| 294 | skb->data[CAPI_MSG_BASELEN + 5]); | ||
| 295 | } | 319 | } |
| 296 | 320 | ||
| 297 | break; | 321 | break; |
| @@ -309,6 +333,9 @@ void cmtp_recv_capimsg(struct cmtp_session *session, struct sk_buff *skb) | |||
| 309 | 333 | ||
| 310 | BT_DBG("session %p skb %p len %d", session, skb, skb->len); | 334 | BT_DBG("session %p skb %p len %d", session, skb, skb->len); |
| 311 | 335 | ||
| 336 | if (skb->len < CAPI_MSG_BASELEN) | ||
| 337 | return; | ||
| 338 | |||
| 312 | if (CAPIMSG_COMMAND(skb->data) == CAPI_INTEROPERABILITY) { | 339 | if (CAPIMSG_COMMAND(skb->data) == CAPI_INTEROPERABILITY) { |
| 313 | cmtp_recv_interopmsg(session, skb); | 340 | cmtp_recv_interopmsg(session, skb); |
| 314 | return; | 341 | return; |
diff --git a/net/bluetooth/hci_sysfs.c b/net/bluetooth/hci_sysfs.c index d4c935692ccf..801d687ea4ef 100644 --- a/net/bluetooth/hci_sysfs.c +++ b/net/bluetooth/hci_sysfs.c | |||
| @@ -242,7 +242,7 @@ static void add_conn(struct work_struct *work) | |||
| 242 | struct hci_conn *conn = container_of(work, struct hci_conn, work); | 242 | struct hci_conn *conn = container_of(work, struct hci_conn, work); |
| 243 | int i; | 243 | int i; |
| 244 | 244 | ||
| 245 | if (device_register(&conn->dev) < 0) { | 245 | if (device_add(&conn->dev) < 0) { |
| 246 | BT_ERR("Failed to register connection device"); | 246 | BT_ERR("Failed to register connection device"); |
| 247 | return; | 247 | return; |
| 248 | } | 248 | } |
| @@ -272,6 +272,8 @@ void hci_conn_add_sysfs(struct hci_conn *conn) | |||
| 272 | 272 | ||
| 273 | dev_set_drvdata(&conn->dev, conn); | 273 | dev_set_drvdata(&conn->dev, conn); |
| 274 | 274 | ||
| 275 | device_initialize(&conn->dev); | ||
| 276 | |||
| 275 | INIT_WORK(&conn->work, add_conn); | 277 | INIT_WORK(&conn->work, add_conn); |
| 276 | 278 | ||
| 277 | schedule_work(&conn->work); | 279 | schedule_work(&conn->work); |
| @@ -287,6 +289,9 @@ void hci_conn_del_sysfs(struct hci_conn *conn) | |||
| 287 | { | 289 | { |
| 288 | BT_DBG("conn %p", conn); | 290 | BT_DBG("conn %p", conn); |
| 289 | 291 | ||
| 292 | if (!device_is_registered(&conn->dev)) | ||
| 293 | return; | ||
| 294 | |||
| 290 | INIT_WORK(&conn->work, del_conn); | 295 | INIT_WORK(&conn->work, del_conn); |
| 291 | 296 | ||
| 292 | schedule_work(&conn->work); | 297 | schedule_work(&conn->work); |
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c index 544d65b7baa7..cb7e855f0828 100644 --- a/net/bluetooth/rfcomm/sock.c +++ b/net/bluetooth/rfcomm/sock.c | |||
| @@ -557,7 +557,6 @@ static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, | |||
| 557 | struct sock *sk = sock->sk; | 557 | struct sock *sk = sock->sk; |
| 558 | struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; | 558 | struct rfcomm_dlc *d = rfcomm_pi(sk)->dlc; |
| 559 | struct sk_buff *skb; | 559 | struct sk_buff *skb; |
| 560 | int err; | ||
| 561 | int sent = 0; | 560 | int sent = 0; |
| 562 | 561 | ||
| 563 | if (msg->msg_flags & MSG_OOB) | 562 | if (msg->msg_flags & MSG_OOB) |
| @@ -572,6 +571,7 @@ static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, | |||
| 572 | 571 | ||
| 573 | while (len) { | 572 | while (len) { |
| 574 | size_t size = min_t(size_t, len, d->mtu); | 573 | size_t size = min_t(size_t, len, d->mtu); |
| 574 | int err; | ||
| 575 | 575 | ||
| 576 | skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, | 576 | skb = sock_alloc_send_skb(sk, size + RFCOMM_SKB_RESERVE, |
| 577 | msg->msg_flags & MSG_DONTWAIT, &err); | 577 | msg->msg_flags & MSG_DONTWAIT, &err); |
| @@ -582,13 +582,16 @@ static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, | |||
| 582 | err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); | 582 | err = memcpy_fromiovec(skb_put(skb, size), msg->msg_iov, size); |
| 583 | if (err) { | 583 | if (err) { |
| 584 | kfree_skb(skb); | 584 | kfree_skb(skb); |
| 585 | sent = err; | 585 | if (sent == 0) |
| 586 | sent = err; | ||
| 586 | break; | 587 | break; |
| 587 | } | 588 | } |
| 588 | 589 | ||
| 589 | err = rfcomm_dlc_send(d, skb); | 590 | err = rfcomm_dlc_send(d, skb); |
| 590 | if (err < 0) { | 591 | if (err < 0) { |
| 591 | kfree_skb(skb); | 592 | kfree_skb(skb); |
| 593 | if (sent == 0) | ||
| 594 | sent = err; | ||
| 592 | break; | 595 | break; |
| 593 | } | 596 | } |
| 594 | 597 | ||
| @@ -598,7 +601,7 @@ static int rfcomm_sock_sendmsg(struct kiocb *iocb, struct socket *sock, | |||
| 598 | 601 | ||
| 599 | release_sock(sk); | 602 | release_sock(sk); |
| 600 | 603 | ||
| 601 | return sent ? sent : err; | 604 | return sent; |
| 602 | } | 605 | } |
| 603 | 606 | ||
| 604 | static long rfcomm_sock_data_wait(struct sock *sk, long timeo) | 607 | static long rfcomm_sock_data_wait(struct sock *sk, long timeo) |
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c index e0e0d09023b2..eb2b52484c70 100644 --- a/net/bluetooth/rfcomm/tty.c +++ b/net/bluetooth/rfcomm/tty.c | |||
| @@ -697,9 +697,13 @@ static int rfcomm_tty_write_room(struct tty_struct *tty) | |||
| 697 | 697 | ||
| 698 | BT_DBG("tty %p", tty); | 698 | BT_DBG("tty %p", tty); |
| 699 | 699 | ||
| 700 | if (!dev || !dev->dlc) | ||
| 701 | return 0; | ||
| 702 | |||
| 700 | room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc); | 703 | room = rfcomm_room(dev->dlc) - atomic_read(&dev->wmem_alloc); |
| 701 | if (room < 0) | 704 | if (room < 0) |
| 702 | room = 0; | 705 | room = 0; |
| 706 | |||
| 703 | return room; | 707 | return room; |
| 704 | } | 708 | } |
| 705 | 709 | ||
| @@ -915,12 +919,14 @@ static void rfcomm_tty_unthrottle(struct tty_struct *tty) | |||
| 915 | static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty) | 919 | static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty) |
| 916 | { | 920 | { |
| 917 | struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; | 921 | struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; |
| 918 | struct rfcomm_dlc *dlc = dev->dlc; | ||
| 919 | 922 | ||
| 920 | BT_DBG("tty %p dev %p", tty, dev); | 923 | BT_DBG("tty %p dev %p", tty, dev); |
| 921 | 924 | ||
| 922 | if (!skb_queue_empty(&dlc->tx_queue)) | 925 | if (!dev || !dev->dlc) |
| 923 | return dlc->mtu; | 926 | return 0; |
| 927 | |||
| 928 | if (!skb_queue_empty(&dev->dlc->tx_queue)) | ||
| 929 | return dev->dlc->mtu; | ||
| 924 | 930 | ||
| 925 | return 0; | 931 | return 0; |
| 926 | } | 932 | } |
| @@ -928,11 +934,12 @@ static int rfcomm_tty_chars_in_buffer(struct tty_struct *tty) | |||
| 928 | static void rfcomm_tty_flush_buffer(struct tty_struct *tty) | 934 | static void rfcomm_tty_flush_buffer(struct tty_struct *tty) |
| 929 | { | 935 | { |
| 930 | struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; | 936 | struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; |
| 931 | if (!dev) | ||
| 932 | return; | ||
| 933 | 937 | ||
| 934 | BT_DBG("tty %p dev %p", tty, dev); | 938 | BT_DBG("tty %p dev %p", tty, dev); |
| 935 | 939 | ||
| 940 | if (!dev || !dev->dlc) | ||
| 941 | return; | ||
| 942 | |||
| 936 | skb_queue_purge(&dev->dlc->tx_queue); | 943 | skb_queue_purge(&dev->dlc->tx_queue); |
| 937 | 944 | ||
| 938 | if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup) | 945 | if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup) |
| @@ -952,11 +959,12 @@ static void rfcomm_tty_wait_until_sent(struct tty_struct *tty, int timeout) | |||
| 952 | static void rfcomm_tty_hangup(struct tty_struct *tty) | 959 | static void rfcomm_tty_hangup(struct tty_struct *tty) |
| 953 | { | 960 | { |
| 954 | struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; | 961 | struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; |
| 955 | if (!dev) | ||
| 956 | return; | ||
| 957 | 962 | ||
| 958 | BT_DBG("tty %p dev %p", tty, dev); | 963 | BT_DBG("tty %p dev %p", tty, dev); |
| 959 | 964 | ||
| 965 | if (!dev) | ||
| 966 | return; | ||
| 967 | |||
| 960 | rfcomm_tty_flush_buffer(tty); | 968 | rfcomm_tty_flush_buffer(tty); |
| 961 | 969 | ||
| 962 | if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) | 970 | if (test_bit(RFCOMM_RELEASE_ONHUP, &dev->flags)) |
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index 1144900d37f6..d60fd7321e63 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c | |||
| @@ -305,7 +305,7 @@ lookup_protocol: | |||
| 305 | sk->sk_reuse = 1; | 305 | sk->sk_reuse = 1; |
| 306 | 306 | ||
| 307 | inet = inet_sk(sk); | 307 | inet = inet_sk(sk); |
| 308 | inet->is_icsk = INET_PROTOSW_ICSK & answer_flags; | 308 | inet->is_icsk = (INET_PROTOSW_ICSK & answer_flags) == INET_PROTOSW_ICSK; |
| 309 | 309 | ||
| 310 | if (SOCK_RAW == sock->type) { | 310 | if (SOCK_RAW == sock->type) { |
| 311 | inet->num = protocol; | 311 | inet->num = protocol; |
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index bf7a22412bcb..12de90a5047c 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c | |||
| @@ -648,7 +648,7 @@ static void tcp_v4_send_ack(struct tcp_timewait_sock *twsk, | |||
| 648 | TCPOLEN_TIMESTAMP); | 648 | TCPOLEN_TIMESTAMP); |
| 649 | rep.opt[1] = htonl(tcp_time_stamp); | 649 | rep.opt[1] = htonl(tcp_time_stamp); |
| 650 | rep.opt[2] = htonl(ts); | 650 | rep.opt[2] = htonl(ts); |
| 651 | arg.iov[0].iov_len = TCPOLEN_TSTAMP_ALIGNED; | 651 | arg.iov[0].iov_len += TCPOLEN_TSTAMP_ALIGNED; |
| 652 | } | 652 | } |
| 653 | 653 | ||
| 654 | /* Swap the send and the receive. */ | 654 | /* Swap the send and the receive. */ |
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c index e5cd83b2205d..832a5e6e2d7e 100644 --- a/net/ipv6/af_inet6.c +++ b/net/ipv6/af_inet6.c | |||
| @@ -171,7 +171,7 @@ lookup_protocol: | |||
| 171 | sk->sk_reuse = 1; | 171 | sk->sk_reuse = 1; |
| 172 | 172 | ||
| 173 | inet = inet_sk(sk); | 173 | inet = inet_sk(sk); |
| 174 | inet->is_icsk = INET_PROTOSW_ICSK & answer_flags; | 174 | inet->is_icsk = (INET_PROTOSW_ICSK & answer_flags) == INET_PROTOSW_ICSK; |
| 175 | 175 | ||
| 176 | if (SOCK_RAW == sock->type) { | 176 | if (SOCK_RAW == sock->type) { |
| 177 | inet->num = protocol; | 177 | inet->num = protocol; |
diff --git a/net/netfilter/nf_conntrack_netbios_ns.c b/net/netfilter/nf_conntrack_netbios_ns.c index a5b234e444dc..2a48efdf0d67 100644 --- a/net/netfilter/nf_conntrack_netbios_ns.c +++ b/net/netfilter/nf_conntrack_netbios_ns.c | |||
| @@ -89,6 +89,7 @@ static int help(struct sk_buff **pskb, unsigned int protoff, | |||
| 89 | 89 | ||
| 90 | exp->expectfn = NULL; | 90 | exp->expectfn = NULL; |
| 91 | exp->flags = NF_CT_EXPECT_PERMANENT; | 91 | exp->flags = NF_CT_EXPECT_PERMANENT; |
| 92 | exp->helper = NULL; | ||
| 92 | 93 | ||
| 93 | nf_conntrack_expect_related(exp); | 94 | nf_conntrack_expect_related(exp); |
| 94 | nf_conntrack_expect_put(exp); | 95 | nf_conntrack_expect_put(exp); |
diff --git a/net/netlabel/netlabel_cipso_v4.c b/net/netlabel/netlabel_cipso_v4.c index 4afc75f9e377..73e0ff469bff 100644 --- a/net/netlabel/netlabel_cipso_v4.c +++ b/net/netlabel/netlabel_cipso_v4.c | |||
| @@ -130,12 +130,12 @@ static int netlbl_cipsov4_add_common(struct genl_info *info, | |||
| 130 | 130 | ||
| 131 | nla_for_each_nested(nla, info->attrs[NLBL_CIPSOV4_A_TAGLST], nla_rem) | 131 | nla_for_each_nested(nla, info->attrs[NLBL_CIPSOV4_A_TAGLST], nla_rem) |
| 132 | if (nla->nla_type == NLBL_CIPSOV4_A_TAG) { | 132 | if (nla->nla_type == NLBL_CIPSOV4_A_TAG) { |
| 133 | if (iter > CIPSO_V4_TAG_MAXCNT) | 133 | if (iter >= CIPSO_V4_TAG_MAXCNT) |
| 134 | return -EINVAL; | 134 | return -EINVAL; |
| 135 | doi_def->tags[iter++] = nla_get_u8(nla); | 135 | doi_def->tags[iter++] = nla_get_u8(nla); |
| 136 | } | 136 | } |
| 137 | if (iter < CIPSO_V4_TAG_MAXCNT) | 137 | while (iter < CIPSO_V4_TAG_MAXCNT) |
| 138 | doi_def->tags[iter] = CIPSO_V4_TAG_INVALID; | 138 | doi_def->tags[iter++] = CIPSO_V4_TAG_INVALID; |
| 139 | 139 | ||
| 140 | return 0; | 140 | return 0; |
| 141 | } | 141 | } |
diff --git a/net/x25/x25_facilities.c b/net/x25/x25_facilities.c index 9f42b9c9de37..27f5cc7966f6 100644 --- a/net/x25/x25_facilities.c +++ b/net/x25/x25_facilities.c | |||
| @@ -254,7 +254,7 @@ int x25_negotiate_facilities(struct sk_buff *skb, struct sock *sk, | |||
| 254 | * They want reverse charging, we won't accept it. | 254 | * They want reverse charging, we won't accept it. |
| 255 | */ | 255 | */ |
| 256 | if ((theirs.reverse & 0x01 ) && (ours->reverse & 0x01)) { | 256 | if ((theirs.reverse & 0x01 ) && (ours->reverse & 0x01)) { |
| 257 | SOCK_DEBUG(sk, "X.25: rejecting reverse charging request"); | 257 | SOCK_DEBUG(sk, "X.25: rejecting reverse charging request\n"); |
| 258 | return -1; | 258 | return -1; |
| 259 | } | 259 | } |
| 260 | 260 | ||
| @@ -262,29 +262,29 @@ int x25_negotiate_facilities(struct sk_buff *skb, struct sock *sk, | |||
| 262 | 262 | ||
| 263 | if (theirs.throughput) { | 263 | if (theirs.throughput) { |
| 264 | if (theirs.throughput < ours->throughput) { | 264 | if (theirs.throughput < ours->throughput) { |
| 265 | SOCK_DEBUG(sk, "X.25: throughput negotiated down"); | 265 | SOCK_DEBUG(sk, "X.25: throughput negotiated down\n"); |
| 266 | new->throughput = theirs.throughput; | 266 | new->throughput = theirs.throughput; |
| 267 | } | 267 | } |
| 268 | } | 268 | } |
| 269 | 269 | ||
| 270 | if (theirs.pacsize_in && theirs.pacsize_out) { | 270 | if (theirs.pacsize_in && theirs.pacsize_out) { |
| 271 | if (theirs.pacsize_in < ours->pacsize_in) { | 271 | if (theirs.pacsize_in < ours->pacsize_in) { |
| 272 | SOCK_DEBUG(sk, "X.25: packet size inwards negotiated down"); | 272 | SOCK_DEBUG(sk, "X.25: packet size inwards negotiated down\n"); |
| 273 | new->pacsize_in = theirs.pacsize_in; | 273 | new->pacsize_in = theirs.pacsize_in; |
| 274 | } | 274 | } |
| 275 | if (theirs.pacsize_out < ours->pacsize_out) { | 275 | if (theirs.pacsize_out < ours->pacsize_out) { |
| 276 | SOCK_DEBUG(sk, "X.25: packet size outwards negotiated down"); | 276 | SOCK_DEBUG(sk, "X.25: packet size outwards negotiated down\n"); |
| 277 | new->pacsize_out = theirs.pacsize_out; | 277 | new->pacsize_out = theirs.pacsize_out; |
| 278 | } | 278 | } |
| 279 | } | 279 | } |
| 280 | 280 | ||
| 281 | if (theirs.winsize_in && theirs.winsize_out) { | 281 | if (theirs.winsize_in && theirs.winsize_out) { |
| 282 | if (theirs.winsize_in < ours->winsize_in) { | 282 | if (theirs.winsize_in < ours->winsize_in) { |
| 283 | SOCK_DEBUG(sk, "X.25: window size inwards negotiated down"); | 283 | SOCK_DEBUG(sk, "X.25: window size inwards negotiated down\n"); |
| 284 | new->winsize_in = theirs.winsize_in; | 284 | new->winsize_in = theirs.winsize_in; |
| 285 | } | 285 | } |
| 286 | if (theirs.winsize_out < ours->winsize_out) { | 286 | if (theirs.winsize_out < ours->winsize_out) { |
| 287 | SOCK_DEBUG(sk, "X.25: window size outwards negotiated down"); | 287 | SOCK_DEBUG(sk, "X.25: window size outwards negotiated down\n"); |
| 288 | new->winsize_out = theirs.winsize_out; | 288 | new->winsize_out = theirs.winsize_out; |
| 289 | } | 289 | } |
| 290 | } | 290 | } |
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 372eaade3ca6..3eb1fa9f0de1 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
| @@ -2491,9 +2491,9 @@ static int selinux_netlbl_socket_setsid(struct socket *sock, u32 sid) | |||
| 2491 | 2491 | ||
| 2492 | rc = netlbl_socket_setattr(sock, &secattr); | 2492 | rc = netlbl_socket_setattr(sock, &secattr); |
| 2493 | if (rc == 0) { | 2493 | if (rc == 0) { |
| 2494 | spin_lock(&sksec->nlbl_lock); | 2494 | spin_lock_bh(&sksec->nlbl_lock); |
| 2495 | sksec->nlbl_state = NLBL_LABELED; | 2495 | sksec->nlbl_state = NLBL_LABELED; |
| 2496 | spin_unlock(&sksec->nlbl_lock); | 2496 | spin_unlock_bh(&sksec->nlbl_lock); |
| 2497 | } | 2497 | } |
| 2498 | 2498 | ||
| 2499 | netlbl_socket_setsid_return: | 2499 | netlbl_socket_setsid_return: |