15 files changed, 240 insertions, 61 deletions

diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
index 305a099b7477..67df99e2e5c8 100644
--- a/net/bluetooth/af_bluetooth.c
+++ b/net/bluetooth/af_bluetooth.c
@@ -48,41 +48,56 @@
 #define BT_DBG(D...)
 #endif
 
-#define VERSION "2.10"
+#define VERSION "2.11"
 
 /* Bluetooth sockets */
 #define BT_MAX_PROTO    8
 static struct net_proto_family *bt_proto[BT_MAX_PROTO];
+static DEFINE_RWLOCK(bt_proto_lock);
 
 int bt_sock_register(int proto, struct net_proto_family *ops)
 {
+        int err = 0;
+
         if (proto < 0 || proto >= BT_MAX_PROTO)
                 return -EINVAL;
 
+        write_lock(&bt_proto_lock);
+
         if (bt_proto[proto])
-                return -EEXIST;
+                err = -EEXIST;
+        else
+                bt_proto[proto] = ops;
 
-        bt_proto[proto] = ops;
-        return 0;
+        write_unlock(&bt_proto_lock);
+
+        return err;
 }
 EXPORT_SYMBOL(bt_sock_register);
 
 int bt_sock_unregister(int proto)
 {
+        int err = 0;
+
         if (proto < 0 || proto >= BT_MAX_PROTO)
                 return -EINVAL;
 
+        write_lock(&bt_proto_lock);
+
         if (!bt_proto[proto])
-                return -ENOENT;
+                err = -ENOENT;
+        else
+                bt_proto[proto] = NULL;
 
-        bt_proto[proto] = NULL;
-        return 0;
+        write_unlock(&bt_proto_lock);
+
+        return err;
 }
 EXPORT_SYMBOL(bt_sock_unregister);
 
 static int bt_sock_create(struct socket *sock, int proto)
 {
-        int err = 0;
+        int err;
 
         if (proto < 0 || proto >= BT_MAX_PROTO)
                 return -EINVAL;
@@ -92,11 +107,18 @@ static int bt_sock_create(struct socket *sock, int proto)
                 request_module("bt-proto-%d", proto);
         }
 #endif
+
         err = -EPROTONOSUPPORT;
+
+        read_lock(&bt_proto_lock);
+
         if (bt_proto[proto] && try_module_get(bt_proto[proto]->owner)) {
                 err = bt_proto[proto]->create(sock, proto);
                 module_put(bt_proto[proto]->owner);
         }
+
+        read_unlock(&bt_proto_lock);
+
         return err; 
 }
 
diff --git a/net/bluetooth/bnep/core.c b/net/bluetooth/bnep/core.c
index 2312d050eeed..4d3424c2421c 100644
--- a/net/bluetooth/bnep/core.c
+++ b/net/bluetooth/bnep/core.c
@@ -528,12 +528,10 @@ static struct device *bnep_get_device(struct bnep_session *session)
                 return NULL;
 
         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
-        if (!conn)
-                return NULL;
 
         hci_dev_put(hdev);
 
-        return &conn->dev;
+        return conn ? &conn->dev : NULL;
 }
 
 int bnep_add_connection(struct bnep_connadd_req *req, struct socket *sock)
diff --git a/net/bluetooth/bnep/sock.c b/net/bluetooth/bnep/sock.c
index 28c55835422a..5563db1bf526 100644
--- a/net/bluetooth/bnep/sock.c
+++ b/net/bluetooth/bnep/sock.c
@@ -43,6 +43,7 @@
 #include <linux/ioctl.h>
 #include <linux/file.h>
 #include <linux/init.h>
+#include <linux/compat.h>
 #include <net/sock.h>
 
 #include <asm/system.h>
@@ -146,24 +147,56 @@ static int bnep_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long
         return 0;
 }
 
+#ifdef CONFIG_COMPAT
+static int bnep_sock_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
+{
+        if (cmd == BNEPGETCONNLIST) {
+                struct bnep_connlist_req cl;
+                uint32_t uci;
+                int err;
+
+                if (get_user(cl.cnum, (uint32_t __user *) arg) ||
+                                get_user(uci, (u32 __user *) (arg + 4)))
+                        return -EFAULT;
+
+                cl.ci = compat_ptr(uci);
+
+                if (cl.cnum <= 0)
+                        return -EINVAL;
+        
+                err = bnep_get_connlist(&cl);
+
+                if (!err && put_user(cl.cnum, (uint32_t __user *) arg))
+                        err = -EFAULT;
+
+                return err;
+        }
+
+        return bnep_sock_ioctl(sock, cmd, arg);
+}
+#endif
+
 static const struct proto_ops bnep_sock_ops = {
-        .family     = PF_BLUETOOTH,
-        .owner      = THIS_MODULE,
-        .release    = bnep_sock_release,
-        .ioctl      = bnep_sock_ioctl,
-        .bind       = sock_no_bind,
-        .getname    = sock_no_getname,
-        .sendmsg    = sock_no_sendmsg,
-        .recvmsg    = sock_no_recvmsg,
-        .poll       = sock_no_poll,
-        .listen     = sock_no_listen,
-        .shutdown   = sock_no_shutdown,
-        .setsockopt = sock_no_setsockopt,
-        .getsockopt = sock_no_getsockopt,
-        .connect    = sock_no_connect,
-        .socketpair = sock_no_socketpair,
-        .accept     = sock_no_accept,
-        .mmap       = sock_no_mmap
+        .family         = PF_BLUETOOTH,
+        .owner          = THIS_MODULE,
+        .release        = bnep_sock_release,
+        .ioctl          = bnep_sock_ioctl,
+#ifdef CONFIG_COMPAT
+        .compat_ioctl   = bnep_sock_compat_ioctl,
+#endif
+        .bind           = sock_no_bind,
+        .getname        = sock_no_getname,
+        .sendmsg        = sock_no_sendmsg,
+        .recvmsg        = sock_no_recvmsg,
+        .poll           = sock_no_poll,
+        .listen         = sock_no_listen,
+        .shutdown       = sock_no_shutdown,
+        .setsockopt     = sock_no_setsockopt,
+        .getsockopt     = sock_no_getsockopt,
+        .connect        = sock_no_connect,
+        .socketpair     = sock_no_socketpair,
+        .accept         = sock_no_accept,
+        .mmap           = sock_no_mmap
 };
 
 static struct proto bnep_proto = {
@@ -181,7 +214,7 @@ static int bnep_sock_create(struct socket *sock, int protocol)
         if (sock->type != SOCK_RAW)
                 return -ESOCKTNOSUPPORT;
 
-        sk = sk_alloc(PF_BLUETOOTH, GFP_KERNEL, &bnep_proto, 1);
+        sk = sk_alloc(PF_BLUETOOTH, GFP_ATOMIC, &bnep_proto, 1);
         if (!sk)
                 return -ENOMEM;
 
diff --git a/net/bluetooth/cmtp/sock.c b/net/bluetooth/cmtp/sock.c
index 10ad7fd91d83..53295d33dc5c 100644
--- a/net/bluetooth/cmtp/sock.c
+++ b/net/bluetooth/cmtp/sock.c
@@ -34,6 +34,7 @@
 #include <linux/socket.h>
 #include <linux/ioctl.h>
 #include <linux/file.h>
+#include <linux/compat.h>
 #include <net/sock.h>
 
 #include <linux/isdn/capilli.h>
@@ -137,11 +138,43 @@ static int cmtp_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long
         return -EINVAL;
 }
 
+#ifdef CONFIG_COMPAT
+static int cmtp_sock_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
+{
+        if (cmd == CMTPGETCONNLIST) {
+                struct cmtp_connlist_req cl;
+                uint32_t uci;
+                int err;
+
+                if (get_user(cl.cnum, (uint32_t __user *) arg) ||
+                                get_user(uci, (u32 __user *) (arg + 4)))
+                        return -EFAULT;
+
+                cl.ci = compat_ptr(uci);
+
+                if (cl.cnum <= 0)
+                        return -EINVAL;
+        
+                err = cmtp_get_connlist(&cl);
+
+                if (!err && put_user(cl.cnum, (uint32_t __user *) arg))
+                        err = -EFAULT;
+
+                return err;
+        }
+
+        return cmtp_sock_ioctl(sock, cmd, arg);
+}
+#endif
+
 static const struct proto_ops cmtp_sock_ops = {
         .family         = PF_BLUETOOTH,
         .owner          = THIS_MODULE,
         .release        = cmtp_sock_release,
         .ioctl          = cmtp_sock_ioctl,
+#ifdef CONFIG_COMPAT
+        .compat_ioctl   = cmtp_sock_compat_ioctl,
+#endif
         .bind           = sock_no_bind,
         .getname        = sock_no_getname,
         .sendmsg        = sock_no_sendmsg,
@@ -172,7 +205,7 @@ static int cmtp_sock_create(struct socket *sock, int protocol)
         if (sock->type != SOCK_RAW)
                 return -ESOCKTNOSUPPORT;
 
-        sk = sk_alloc(PF_BLUETOOTH, GFP_KERNEL, &cmtp_proto, 1);
+        sk = sk_alloc(PF_BLUETOOTH, GFP_ATOMIC, &cmtp_proto, 1);
         if (!sk)
                 return -ENOMEM;
 
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 90e3a285a17e..6cd5711fa28a 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -51,7 +51,7 @@
 #define BT_DBG(D...)
 #endif
 
-static void hci_acl_connect(struct hci_conn *conn)
+void hci_acl_connect(struct hci_conn *conn)
 {
         struct hci_dev *hdev = conn->hdev;
         struct inquiry_entry *ie;
@@ -63,6 +63,8 @@ static void hci_acl_connect(struct hci_conn *conn)
         conn->out   = 1;
         conn->link_mode = HCI_LM_MASTER;
 
+        conn->attempt++;
+
         memset(&cp, 0, sizeof(cp));
         bacpy(&cp.bdaddr, &conn->dst);
         cp.pscan_rep_mode = 0x02;
@@ -80,7 +82,7 @@ static void hci_acl_connect(struct hci_conn *conn)
                 cp.role_switch  = 0x01;
         else
                 cp.role_switch  = 0x00;
-                
+
         hci_send_cmd(hdev, OGF_LINK_CTL, OCF_CREATE_CONN, sizeof(cp), &cp);
 }
 
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index d43d0c890975..65f094845719 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -414,9 +414,12 @@ static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
 
         if (status) {
                 if (conn && conn->state == BT_CONNECT) {
-                        conn->state = BT_CLOSED;
-                        hci_proto_connect_cfm(conn, status);
-                        hci_conn_del(conn);
+                        if (status != 0x0c || conn->attempt > 2) {
+                                conn->state = BT_CLOSED;
+                                hci_proto_connect_cfm(conn, status);
+                                hci_conn_del(conn);
+                        } else
+                                conn->state = BT_CONNECT2;
                 }
         } else {
                 if (!conn) {
@@ -728,7 +731,7 @@ static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *sk
 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
 {
         struct hci_ev_conn_complete *ev = (struct hci_ev_conn_complete *) skb->data;
-        struct hci_conn *conn;
+        struct hci_conn *conn, *pend;
 
         BT_DBG("%s", hdev->name);
 
@@ -801,6 +804,10 @@ static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *s
         if (ev->status)
                 hci_conn_del(conn);
 
+        pend = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
+        if (pend)
+                hci_acl_connect(pend);
+
         hci_dev_unlock(hdev);
 }
 
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index 1a35d343e08a..f26a9eb49945 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -618,7 +618,7 @@ static int hci_sock_create(struct socket *sock, int protocol)
 
         sock->ops = &hci_sock_ops;
 
-        sk = sk_alloc(PF_BLUETOOTH, GFP_KERNEL, &hci_sk_proto, 1);
+        sk = sk_alloc(PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto, 1);
         if (!sk)
                 return -ENOMEM;
 
diff --git a/net/bluetooth/hci_sysfs.c b/net/bluetooth/hci_sysfs.c
index 989b22d9042e..954eb74eb370 100644
--- a/net/bluetooth/hci_sysfs.c
+++ b/net/bluetooth/hci_sysfs.c
@@ -242,10 +242,14 @@ static void add_conn(void *data)
         struct hci_conn *conn = data;
         int i;
 
-        device_register(&conn->dev);
+        if (device_register(&conn->dev) < 0) {
+                BT_ERR("Failed to register connection device");
+                return;
+        }
 
         for (i = 0; conn_attrs[i]; i++)
-                device_create_file(&conn->dev, conn_attrs[i]);
+                if (device_create_file(&conn->dev, conn_attrs[i]) < 0)
+                        BT_ERR("Failed to create connection attribute");
 }
 
 void hci_conn_add_sysfs(struct hci_conn *conn)
@@ -295,11 +299,7 @@ int hci_register_sysfs(struct hci_dev *hdev)
         BT_DBG("%p name %s type %d", hdev, hdev->name, hdev->type);
 
         dev->class = bt_class;
-
-        if (hdev->parent)
-                dev->parent = hdev->parent;
-        else
-                dev->parent = &bt_platform->dev;
+        dev->parent = hdev->parent;
 
         strlcpy(dev->bus_id, hdev->name, BUS_ID_SIZE);
 
@@ -312,7 +312,8 @@ int hci_register_sysfs(struct hci_dev *hdev)
                 return err;
 
         for (i = 0; bt_attrs[i]; i++)
-                device_create_file(dev, bt_attrs[i]);
+                if (device_create_file(dev, bt_attrs[i]) < 0)
+                        BT_ERR("Failed to create device attribute");
 
         return 0;
 }
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
index 03b5dadb4951..9a562cf7406b 100644
--- a/net/bluetooth/hidp/core.c
+++ b/net/bluetooth/hidp/core.c
@@ -510,11 +510,11 @@ static int hidp_session(void *arg)
         if (intr_sk->sk_state != BT_CONNECTED)
                 wait_event_timeout(*(ctrl_sk->sk_sleep), (ctrl_sk->sk_state == BT_CLOSED), HZ);
 
-        fput(session->ctrl_sock->file);
+        fput(session->intr_sock->file);
 
         wait_event_timeout(*(intr_sk->sk_sleep), (intr_sk->sk_state == BT_CLOSED), HZ);
 
-        fput(session->intr_sock->file);
+        fput(session->ctrl_sock->file);
 
         __hidp_unlink_session(session);
 
@@ -541,12 +541,10 @@ static struct device *hidp_get_device(struct hidp_session *session)
                 return NULL;
 
         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
-        if (!conn)
-                return NULL;
 
         hci_dev_put(hdev);
 
-        return &conn->dev;
+        return conn ? &conn->dev : NULL;
 }
 
 static inline void hidp_setup_input(struct hidp_session *session, struct hidp_connadd_req *req)
diff --git a/net/bluetooth/hidp/sock.c b/net/bluetooth/hidp/sock.c
index 099646e4e2ef..407fba43c1b9 100644
--- a/net/bluetooth/hidp/sock.c
+++ b/net/bluetooth/hidp/sock.c
@@ -35,6 +35,7 @@
 #include <linux/ioctl.h>
 #include <linux/file.h>
 #include <linux/init.h>
+#include <linux/compat.h>
 #include <net/sock.h>
 
 #include "hidp.h"
@@ -143,11 +144,88 @@ static int hidp_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long
         return -EINVAL;
 }
 
+#ifdef CONFIG_COMPAT
+struct compat_hidp_connadd_req {
+        int   ctrl_sock;        // Connected control socket
+        int   intr_sock;        // Connteted interrupt socket
+        __u16 parser;
+        __u16 rd_size;
+        compat_uptr_t rd_data;
+        __u8  country;
+        __u8  subclass;
+        __u16 vendor;
+        __u16 product;
+        __u16 version;
+        __u32 flags;
+        __u32 idle_to;
+        char  name[128];
+};
+
+static int hidp_sock_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
+{
+        if (cmd == HIDPGETCONNLIST) {
+                struct hidp_connlist_req cl;
+                uint32_t uci;
+                int err;
+
+                if (get_user(cl.cnum, (uint32_t __user *) arg) ||
+                                get_user(uci, (u32 __user *) (arg + 4)))
+                        return -EFAULT;
+
+                cl.ci = compat_ptr(uci);
+
+                if (cl.cnum <= 0)
+                        return -EINVAL;
+
+                err = hidp_get_connlist(&cl);
+
+                if (!err && put_user(cl.cnum, (uint32_t __user *) arg))
+                        err = -EFAULT;
+
+                return err;
+        } else if (cmd == HIDPCONNADD) {
+                struct compat_hidp_connadd_req ca;
+                struct hidp_connadd_req __user *uca;
+
+                uca = compat_alloc_user_space(sizeof(*uca));
+
+                if (copy_from_user(&ca, (void *) arg, sizeof(ca)))
+                        return -EFAULT;
+
+                if (put_user(ca.ctrl_sock, &uca->ctrl_sock) ||
+                                put_user(ca.intr_sock, &uca->intr_sock) ||
+                                put_user(ca.parser, &uca->parser) ||
+                                put_user(ca.rd_size, &uca->parser) ||
+                                put_user(compat_ptr(ca.rd_data), &uca->rd_data) ||
+                                put_user(ca.country, &uca->country) ||
+                                put_user(ca.subclass, &uca->subclass) ||
+                                put_user(ca.vendor, &uca->vendor) ||
+                                put_user(ca.product, &uca->product) ||
+                                put_user(ca.version, &uca->version) ||
+                                put_user(ca.flags, &uca->flags) ||
+                                put_user(ca.idle_to, &uca->idle_to) ||
+                                copy_to_user(&uca->name[0], &ca.name[0], 128))
+                        return -EFAULT;
+                
+                arg = (unsigned long) uca;
+
+                /* Fall through. We don't actually write back any _changes_
+                   to the structure anyway, so there's no need to copy back
+                   into the original compat version */
+        }
+
+        return hidp_sock_ioctl(sock, cmd, arg);
+}
+#endif
+
 static const struct proto_ops hidp_sock_ops = {
         .family         = PF_BLUETOOTH,
         .owner          = THIS_MODULE,
         .release        = hidp_sock_release,
         .ioctl          = hidp_sock_ioctl,
+#ifdef CONFIG_COMPAT
+        .compat_ioctl   = hidp_sock_compat_ioctl,
+#endif
         .bind           = sock_no_bind,
         .getname        = sock_no_getname,
         .sendmsg        = sock_no_sendmsg,
@@ -178,7 +256,7 @@ static int hidp_sock_create(struct socket *sock, int protocol)
         if (sock->type != SOCK_RAW)
                 return -ESOCKTNOSUPPORT;
 
-        sk = sk_alloc(PF_BLUETOOTH, GFP_KERNEL, &hidp_proto, 1);
+        sk = sk_alloc(PF_BLUETOOTH, GFP_ATOMIC, &hidp_proto, 1);
         if (!sk)
                 return -ENOMEM;
 
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index d56f60b392ac..2b3dcb8f90fa 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -559,7 +559,7 @@ static int l2cap_sock_create(struct socket *sock, int protocol)
 
         sock->ops = &l2cap_sock_ops;
 
-        sk = l2cap_sock_alloc(sock, protocol, GFP_KERNEL);
+        sk = l2cap_sock_alloc(sock, protocol, GFP_ATOMIC);
         if (!sk)
                 return -ENOMEM;
 
@@ -2216,7 +2216,8 @@ static int __init l2cap_init(void)
                 goto error;
         }
 
-        class_create_file(bt_class, &class_attr_l2cap);
+        if (class_create_file(bt_class, &class_attr_l2cap) < 0)
+                BT_ERR("Failed to create L2CAP info file");
 
         BT_INFO("L2CAP ver %s", VERSION);
         BT_INFO("L2CAP socket layer initialized");
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
index 468df3b953f6..ddc4e9d5963e 100644
--- a/net/bluetooth/rfcomm/core.c
+++ b/net/bluetooth/rfcomm/core.c
@@ -2058,7 +2058,8 @@ static int __init rfcomm_init(void)
 
         kernel_thread(rfcomm_run, NULL, CLONE_KERNEL);
 
-        class_create_file(bt_class, &class_attr_rfcomm_dlc);
+        if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0)
+                BT_ERR("Failed to create RFCOMM info file");
 
         rfcomm_init_sockets();
 
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index 220fee04e7f2..544d65b7baa7 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -336,7 +336,8 @@ static int rfcomm_sock_create(struct socket *sock, int protocol)
 
         sock->ops = &rfcomm_sock_ops;
 
-        if (!(sk = rfcomm_sock_alloc(sock, protocol, GFP_KERNEL)))
+        sk = rfcomm_sock_alloc(sock, protocol, GFP_ATOMIC);
+        if (!sk)
                 return -ENOMEM;
 
         rfcomm_sock_init(sk, NULL);
@@ -944,7 +945,8 @@ int __init rfcomm_init_sockets(void)
         if (err < 0)
                 goto error;
 
-        class_create_file(bt_class, &class_attr_rfcomm);
+        if (class_create_file(bt_class, &class_attr_rfcomm) < 0)
+                BT_ERR("Failed to create RFCOMM info file");
 
         BT_INFO("RFCOMM socket layer initialized");
 
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
index 1958ad1b8541..b8e3a5f1c8a8 100644
--- a/net/bluetooth/rfcomm/tty.c
+++ b/net/bluetooth/rfcomm/tty.c
@@ -172,12 +172,10 @@ static struct device *rfcomm_get_device(struct rfcomm_dev *dev)
                 return NULL;
 
         conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &dev->dst);
-        if (!conn)
-                return NULL;
 
         hci_dev_put(hdev);
 
-        return &conn->dev;
+        return conn ? &conn->dev : NULL;
 }
 
 static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc)
@@ -767,6 +765,9 @@ static void rfcomm_tty_set_termios(struct tty_struct *tty, struct termios *old)
 
         BT_DBG("tty %p termios %p", tty, old);
 
+        if (!dev)
+                return;
+
         /* Handle turning off CRTSCTS */
         if ((old->c_cflag & CRTSCTS) && !(new->c_cflag & CRTSCTS)) 
                 BT_DBG("Turning off CRTSCTS unsupported");
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 7714a2ec3854..5d13d4f31753 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -452,7 +452,8 @@ static int sco_sock_create(struct socket *sock, int protocol)
 
         sock->ops = &sco_sock_ops;
 
-        if (!(sk = sco_sock_alloc(sock, protocol, GFP_KERNEL)))
+        sk = sco_sock_alloc(sock, protocol, GFP_ATOMIC);
+        if (!sk)
                 return -ENOMEM;
 
         sco_sock_init(sk, NULL);
@@ -967,7 +968,8 @@ static int __init sco_init(void)
                 goto error;
         }
 
-        class_create_file(bt_class, &class_attr_sco);
+        if (class_create_file(bt_class, &class_attr_sco) < 0)
+                BT_ERR("Failed to create SCO info file");
 
         BT_INFO("SCO (Voice Link) ver %s", VERSION);
         BT_INFO("SCO socket layer initialized");