diff options
-rw-r--r-- | drivers/bluetooth/btmrvl_sdio.c | 1 | ||||
-rw-r--r-- | net/bluetooth/hci_conn.c | 3 | ||||
-rw-r--r-- | net/bluetooth/hci_event.c | 1 | ||||
-rw-r--r-- | net/bluetooth/hidp/core.c | 49 | ||||
-rw-r--r-- | net/bluetooth/hidp/hidp.h | 4 | ||||
-rw-r--r-- | net/bluetooth/rfcomm/core.c | 8 |
6 files changed, 38 insertions, 28 deletions
diff --git a/drivers/bluetooth/btmrvl_sdio.c b/drivers/bluetooth/btmrvl_sdio.c index f36defa37764..57d965b7f521 100644 --- a/drivers/bluetooth/btmrvl_sdio.c +++ b/drivers/bluetooth/btmrvl_sdio.c | |||
@@ -808,6 +808,7 @@ static int btmrvl_sdio_host_to_card(struct btmrvl_private *priv, | |||
808 | 808 | ||
809 | exit: | 809 | exit: |
810 | sdio_release_host(card->func); | 810 | sdio_release_host(card->func); |
811 | kfree(tmpbuf); | ||
811 | 812 | ||
812 | return ret; | 813 | return ret; |
813 | } | 814 | } |
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index b7c4224f4e7d..b10e3cdb08f8 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c | |||
@@ -377,6 +377,9 @@ struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 | |||
377 | 377 | ||
378 | if (acl->state == BT_CONNECTED && | 378 | if (acl->state == BT_CONNECTED && |
379 | (sco->state == BT_OPEN || sco->state == BT_CLOSED)) { | 379 | (sco->state == BT_OPEN || sco->state == BT_CLOSED)) { |
380 | acl->power_save = 1; | ||
381 | hci_conn_enter_active_mode(acl); | ||
382 | |||
380 | if (lmp_esco_capable(hdev)) | 383 | if (lmp_esco_capable(hdev)) |
381 | hci_setup_sync(sco, acl->handle); | 384 | hci_setup_sync(sco, acl->handle); |
382 | else | 385 | else |
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 28517bad796c..592da5c909c1 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c | |||
@@ -1699,6 +1699,7 @@ static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_bu | |||
1699 | break; | 1699 | break; |
1700 | 1700 | ||
1701 | case 0x1c: /* SCO interval rejected */ | 1701 | case 0x1c: /* SCO interval rejected */ |
1702 | case 0x1a: /* Unsupported Remote Feature */ | ||
1702 | case 0x1f: /* Unspecified error */ | 1703 | case 0x1f: /* Unspecified error */ |
1703 | if (conn->out && conn->attempt < 2) { | 1704 | if (conn->out && conn->attempt < 2) { |
1704 | conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) | | 1705 | conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) | |
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c index 6cf526d06e21..fc6ec1e72652 100644 --- a/net/bluetooth/hidp/core.c +++ b/net/bluetooth/hidp/core.c | |||
@@ -703,29 +703,9 @@ static void hidp_close(struct hid_device *hid) | |||
703 | static int hidp_parse(struct hid_device *hid) | 703 | static int hidp_parse(struct hid_device *hid) |
704 | { | 704 | { |
705 | struct hidp_session *session = hid->driver_data; | 705 | struct hidp_session *session = hid->driver_data; |
706 | struct hidp_connadd_req *req = session->req; | ||
707 | unsigned char *buf; | ||
708 | int ret; | ||
709 | |||
710 | buf = kmalloc(req->rd_size, GFP_KERNEL); | ||
711 | if (!buf) | ||
712 | return -ENOMEM; | ||
713 | |||
714 | if (copy_from_user(buf, req->rd_data, req->rd_size)) { | ||
715 | kfree(buf); | ||
716 | return -EFAULT; | ||
717 | } | ||
718 | |||
719 | ret = hid_parse_report(session->hid, buf, req->rd_size); | ||
720 | |||
721 | kfree(buf); | ||
722 | |||
723 | if (ret) | ||
724 | return ret; | ||
725 | |||
726 | session->req = NULL; | ||
727 | 706 | ||
728 | return 0; | 707 | return hid_parse_report(session->hid, session->rd_data, |
708 | session->rd_size); | ||
729 | } | 709 | } |
730 | 710 | ||
731 | static int hidp_start(struct hid_device *hid) | 711 | static int hidp_start(struct hid_device *hid) |
@@ -770,12 +750,24 @@ static int hidp_setup_hid(struct hidp_session *session, | |||
770 | bdaddr_t src, dst; | 750 | bdaddr_t src, dst; |
771 | int err; | 751 | int err; |
772 | 752 | ||
753 | session->rd_data = kzalloc(req->rd_size, GFP_KERNEL); | ||
754 | if (!session->rd_data) | ||
755 | return -ENOMEM; | ||
756 | |||
757 | if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) { | ||
758 | err = -EFAULT; | ||
759 | goto fault; | ||
760 | } | ||
761 | session->rd_size = req->rd_size; | ||
762 | |||
773 | hid = hid_allocate_device(); | 763 | hid = hid_allocate_device(); |
774 | if (IS_ERR(hid)) | 764 | if (IS_ERR(hid)) { |
775 | return PTR_ERR(hid); | 765 | err = PTR_ERR(hid); |
766 | goto fault; | ||
767 | } | ||
776 | 768 | ||
777 | session->hid = hid; | 769 | session->hid = hid; |
778 | session->req = req; | 770 | |
779 | hid->driver_data = session; | 771 | hid->driver_data = session; |
780 | 772 | ||
781 | baswap(&src, &bt_sk(session->ctrl_sock->sk)->src); | 773 | baswap(&src, &bt_sk(session->ctrl_sock->sk)->src); |
@@ -806,6 +798,10 @@ failed: | |||
806 | hid_destroy_device(hid); | 798 | hid_destroy_device(hid); |
807 | session->hid = NULL; | 799 | session->hid = NULL; |
808 | 800 | ||
801 | fault: | ||
802 | kfree(session->rd_data); | ||
803 | session->rd_data = NULL; | ||
804 | |||
809 | return err; | 805 | return err; |
810 | } | 806 | } |
811 | 807 | ||
@@ -900,6 +896,9 @@ unlink: | |||
900 | session->hid = NULL; | 896 | session->hid = NULL; |
901 | } | 897 | } |
902 | 898 | ||
899 | kfree(session->rd_data); | ||
900 | session->rd_data = NULL; | ||
901 | |||
903 | purge: | 902 | purge: |
904 | skb_queue_purge(&session->ctrl_transmit); | 903 | skb_queue_purge(&session->ctrl_transmit); |
905 | skb_queue_purge(&session->intr_transmit); | 904 | skb_queue_purge(&session->intr_transmit); |
diff --git a/net/bluetooth/hidp/hidp.h b/net/bluetooth/hidp/hidp.h index faf3d74c3586..a4e215d50c10 100644 --- a/net/bluetooth/hidp/hidp.h +++ b/net/bluetooth/hidp/hidp.h | |||
@@ -154,7 +154,9 @@ struct hidp_session { | |||
154 | struct sk_buff_head ctrl_transmit; | 154 | struct sk_buff_head ctrl_transmit; |
155 | struct sk_buff_head intr_transmit; | 155 | struct sk_buff_head intr_transmit; |
156 | 156 | ||
157 | struct hidp_connadd_req *req; | 157 | /* Report descriptor */ |
158 | __u8 *rd_data; | ||
159 | uint rd_size; | ||
158 | }; | 160 | }; |
159 | 161 | ||
160 | static inline void hidp_schedule(struct hidp_session *session) | 162 | static inline void hidp_schedule(struct hidp_session *session) |
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c index fc5ee3296e22..89f4a59eb82b 100644 --- a/net/bluetooth/rfcomm/core.c +++ b/net/bluetooth/rfcomm/core.c | |||
@@ -252,7 +252,6 @@ static void rfcomm_session_timeout(unsigned long arg) | |||
252 | BT_DBG("session %p state %ld", s, s->state); | 252 | BT_DBG("session %p state %ld", s, s->state); |
253 | 253 | ||
254 | set_bit(RFCOMM_TIMED_OUT, &s->flags); | 254 | set_bit(RFCOMM_TIMED_OUT, &s->flags); |
255 | rfcomm_session_put(s); | ||
256 | rfcomm_schedule(RFCOMM_SCHED_TIMEO); | 255 | rfcomm_schedule(RFCOMM_SCHED_TIMEO); |
257 | } | 256 | } |
258 | 257 | ||
@@ -1151,7 +1150,11 @@ static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci) | |||
1151 | break; | 1150 | break; |
1152 | 1151 | ||
1153 | case BT_DISCONN: | 1152 | case BT_DISCONN: |
1154 | rfcomm_session_put(s); | 1153 | /* When socket is closed and we are not RFCOMM |
1154 | * initiator rfcomm_process_rx already calls | ||
1155 | * rfcomm_session_put() */ | ||
1156 | if (s->sock->sk->sk_state != BT_CLOSED) | ||
1157 | rfcomm_session_put(s); | ||
1155 | break; | 1158 | break; |
1156 | } | 1159 | } |
1157 | } | 1160 | } |
@@ -1920,6 +1923,7 @@ static inline void rfcomm_process_sessions(void) | |||
1920 | if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) { | 1923 | if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) { |
1921 | s->state = BT_DISCONN; | 1924 | s->state = BT_DISCONN; |
1922 | rfcomm_send_disc(s, 0); | 1925 | rfcomm_send_disc(s, 0); |
1926 | rfcomm_session_put(s); | ||
1923 | continue; | 1927 | continue; |
1924 | } | 1928 | } |
1925 | 1929 | ||