aboutsummaryrefslogtreecommitdiffstats
path: root/net/bluetooth
diff options
context:
space:
mode:
Diffstat (limited to 'net/bluetooth')
-rw-r--r--net/bluetooth/hci_conn.c23
-rw-r--r--net/bluetooth/hci_core.c66
-rw-r--r--net/bluetooth/hci_event.c8
-rw-r--r--net/bluetooth/hci_sock.c17
4 files changed, 73 insertions, 41 deletions
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index 0b1e460fe440..6b90a4191734 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -39,7 +39,7 @@
39#include <net/sock.h> 39#include <net/sock.h>
40 40
41#include <asm/system.h> 41#include <asm/system.h>
42#include <asm/uaccess.h> 42#include <linux/uaccess.h>
43#include <asm/unaligned.h> 43#include <asm/unaligned.h>
44 44
45#include <net/bluetooth/bluetooth.h> 45#include <net/bluetooth/bluetooth.h>
@@ -66,7 +66,8 @@ void hci_acl_connect(struct hci_conn *conn)
66 bacpy(&cp.bdaddr, &conn->dst); 66 bacpy(&cp.bdaddr, &conn->dst);
67 cp.pscan_rep_mode = 0x02; 67 cp.pscan_rep_mode = 0x02;
68 68
69 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) { 69 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
70 if (ie) {
70 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) { 71 if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
71 cp.pscan_rep_mode = ie->data.pscan_rep_mode; 72 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
72 cp.pscan_mode = ie->data.pscan_mode; 73 cp.pscan_mode = ie->data.pscan_mode;
@@ -368,8 +369,10 @@ struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8
368 369
369 BT_DBG("%s dst %s", hdev->name, batostr(dst)); 370 BT_DBG("%s dst %s", hdev->name, batostr(dst));
370 371
371 if (!(acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst))) { 372 acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
372 if (!(acl = hci_conn_add(hdev, ACL_LINK, dst))) 373 if (!acl) {
374 acl = hci_conn_add(hdev, ACL_LINK, dst);
375 if (!acl)
373 return NULL; 376 return NULL;
374 } 377 }
375 378
@@ -389,8 +392,10 @@ struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8
389 if (type == ACL_LINK) 392 if (type == ACL_LINK)
390 return acl; 393 return acl;
391 394
392 if (!(sco = hci_conn_hash_lookup_ba(hdev, type, dst))) { 395 sco = hci_conn_hash_lookup_ba(hdev, type, dst);
393 if (!(sco = hci_conn_add(hdev, type, dst))) { 396 if (!sco) {
397 sco = hci_conn_add(hdev, type, dst);
398 if (!sco) {
394 hci_conn_put(acl); 399 hci_conn_put(acl);
395 return NULL; 400 return NULL;
396 } 401 }
@@ -647,10 +652,12 @@ int hci_get_conn_list(void __user *arg)
647 652
648 size = sizeof(req) + req.conn_num * sizeof(*ci); 653 size = sizeof(req) + req.conn_num * sizeof(*ci);
649 654
650 if (!(cl = kmalloc(size, GFP_KERNEL))) 655 cl = kmalloc(size, GFP_KERNEL);
656 if (!cl)
651 return -ENOMEM; 657 return -ENOMEM;
652 658
653 if (!(hdev = hci_dev_get(req.dev_id))) { 659 hdev = hci_dev_get(req.dev_id);
660 if (!hdev) {
654 kfree(cl); 661 kfree(cl);
655 return -ENODEV; 662 return -ENODEV;
656 } 663 }
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index bc2a052e518b..51c61f75a797 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -44,7 +44,7 @@
44#include <net/sock.h> 44#include <net/sock.h>
45 45
46#include <asm/system.h> 46#include <asm/system.h>
47#include <asm/uaccess.h> 47#include <linux/uaccess.h>
48#include <asm/unaligned.h> 48#include <asm/unaligned.h>
49 49
50#include <net/bluetooth/bluetooth.h> 50#include <net/bluetooth/bluetooth.h>
@@ -349,20 +349,23 @@ struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev, bdaddr_t *b
349void hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data) 349void hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data)
350{ 350{
351 struct inquiry_cache *cache = &hdev->inq_cache; 351 struct inquiry_cache *cache = &hdev->inq_cache;
352 struct inquiry_entry *e; 352 struct inquiry_entry *ie;
353 353
354 BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr)); 354 BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr));
355 355
356 if (!(e = hci_inquiry_cache_lookup(hdev, &data->bdaddr))) { 356 ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr);
357 if (!ie) {
357 /* Entry not in the cache. Add new one. */ 358 /* Entry not in the cache. Add new one. */
358 if (!(e = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC))) 359 ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC);
360 if (!ie)
359 return; 361 return;
360 e->next = cache->list; 362
361 cache->list = e; 363 ie->next = cache->list;
364 cache->list = ie;
362 } 365 }
363 366
364 memcpy(&e->data, data, sizeof(*data)); 367 memcpy(&ie->data, data, sizeof(*data));
365 e->timestamp = jiffies; 368 ie->timestamp = jiffies;
366 cache->timestamp = jiffies; 369 cache->timestamp = jiffies;
367} 370}
368 371
@@ -422,16 +425,20 @@ int hci_inquiry(void __user *arg)
422 425
423 hci_dev_lock_bh(hdev); 426 hci_dev_lock_bh(hdev);
424 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX || 427 if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX ||
425 inquiry_cache_empty(hdev) || 428 inquiry_cache_empty(hdev) ||
426 ir.flags & IREQ_CACHE_FLUSH) { 429 ir.flags & IREQ_CACHE_FLUSH) {
427 inquiry_cache_flush(hdev); 430 inquiry_cache_flush(hdev);
428 do_inquiry = 1; 431 do_inquiry = 1;
429 } 432 }
430 hci_dev_unlock_bh(hdev); 433 hci_dev_unlock_bh(hdev);
431 434
432 timeo = ir.length * msecs_to_jiffies(2000); 435 timeo = ir.length * msecs_to_jiffies(2000);
433 if (do_inquiry && (err = hci_request(hdev, hci_inq_req, (unsigned long)&ir, timeo)) < 0) 436
434 goto done; 437 if (do_inquiry) {
438 err = hci_request(hdev, hci_inq_req, (unsigned long)&ir, timeo);
439 if (err < 0)
440 goto done;
441 }
435 442
436 /* for unlimited number of responses we will use buffer with 255 entries */ 443 /* for unlimited number of responses we will use buffer with 255 entries */
437 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp; 444 max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp;
@@ -439,7 +446,8 @@ int hci_inquiry(void __user *arg)
439 /* cache_dump can't sleep. Therefore we allocate temp buffer and then 446 /* cache_dump can't sleep. Therefore we allocate temp buffer and then
440 * copy it to the user space. 447 * copy it to the user space.
441 */ 448 */
442 if (!(buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL))) { 449 buf = kmalloc(sizeof(struct inquiry_info) *max_rsp, GFP_KERNEL);
450 if (!buf) {
443 err = -ENOMEM; 451 err = -ENOMEM;
444 goto done; 452 goto done;
445 } 453 }
@@ -611,7 +619,8 @@ int hci_dev_close(__u16 dev)
611 struct hci_dev *hdev; 619 struct hci_dev *hdev;
612 int err; 620 int err;
613 621
614 if (!(hdev = hci_dev_get(dev))) 622 hdev = hci_dev_get(dev);
623 if (!hdev)
615 return -ENODEV; 624 return -ENODEV;
616 err = hci_dev_do_close(hdev); 625 err = hci_dev_do_close(hdev);
617 hci_dev_put(hdev); 626 hci_dev_put(hdev);
@@ -623,7 +632,8 @@ int hci_dev_reset(__u16 dev)
623 struct hci_dev *hdev; 632 struct hci_dev *hdev;
624 int ret = 0; 633 int ret = 0;
625 634
626 if (!(hdev = hci_dev_get(dev))) 635 hdev = hci_dev_get(dev);
636 if (!hdev)
627 return -ENODEV; 637 return -ENODEV;
628 638
629 hci_req_lock(hdev); 639 hci_req_lock(hdev);
@@ -663,7 +673,8 @@ int hci_dev_reset_stat(__u16 dev)
663 struct hci_dev *hdev; 673 struct hci_dev *hdev;
664 int ret = 0; 674 int ret = 0;
665 675
666 if (!(hdev = hci_dev_get(dev))) 676 hdev = hci_dev_get(dev);
677 if (!hdev)
667 return -ENODEV; 678 return -ENODEV;
668 679
669 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats)); 680 memset(&hdev->stat, 0, sizeof(struct hci_dev_stats));
@@ -682,7 +693,8 @@ int hci_dev_cmd(unsigned int cmd, void __user *arg)
682 if (copy_from_user(&dr, arg, sizeof(dr))) 693 if (copy_from_user(&dr, arg, sizeof(dr)))
683 return -EFAULT; 694 return -EFAULT;
684 695
685 if (!(hdev = hci_dev_get(dr.dev_id))) 696 hdev = hci_dev_get(dr.dev_id);
697 if (!hdev)
686 return -ENODEV; 698 return -ENODEV;
687 699
688 switch (cmd) { 700 switch (cmd) {
@@ -763,7 +775,8 @@ int hci_get_dev_list(void __user *arg)
763 775
764 size = sizeof(*dl) + dev_num * sizeof(*dr); 776 size = sizeof(*dl) + dev_num * sizeof(*dr);
765 777
766 if (!(dl = kzalloc(size, GFP_KERNEL))) 778 dl = kzalloc(size, GFP_KERNEL);
779 if (!dl)
767 return -ENOMEM; 780 return -ENOMEM;
768 781
769 dr = dl->dev_req; 782 dr = dl->dev_req;
@@ -797,7 +810,8 @@ int hci_get_dev_info(void __user *arg)
797 if (copy_from_user(&di, arg, sizeof(di))) 810 if (copy_from_user(&di, arg, sizeof(di)))
798 return -EFAULT; 811 return -EFAULT;
799 812
800 if (!(hdev = hci_dev_get(di.dev_id))) 813 hdev = hci_dev_get(di.dev_id);
814 if (!hdev)
801 return -ENODEV; 815 return -ENODEV;
802 816
803 strcpy(di.name, hdev->name); 817 strcpy(di.name, hdev->name);
@@ -905,7 +919,7 @@ int hci_register_dev(struct hci_dev *hdev)
905 hdev->sniff_max_interval = 800; 919 hdev->sniff_max_interval = 800;
906 hdev->sniff_min_interval = 80; 920 hdev->sniff_min_interval = 80;
907 921
908 tasklet_init(&hdev->cmd_task, hci_cmd_task,(unsigned long) hdev); 922 tasklet_init(&hdev->cmd_task, hci_cmd_task, (unsigned long) hdev);
909 tasklet_init(&hdev->rx_task, hci_rx_task, (unsigned long) hdev); 923 tasklet_init(&hdev->rx_task, hci_rx_task, (unsigned long) hdev);
910 tasklet_init(&hdev->tx_task, hci_tx_task, (unsigned long) hdev); 924 tasklet_init(&hdev->tx_task, hci_tx_task, (unsigned long) hdev);
911 925
@@ -1368,7 +1382,8 @@ void hci_send_acl(struct hci_conn *conn, struct sk_buff *skb, __u16 flags)
1368 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT; 1382 bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT;
1369 hci_add_acl_hdr(skb, conn->handle, flags | ACL_START); 1383 hci_add_acl_hdr(skb, conn->handle, flags | ACL_START);
1370 1384
1371 if (!(list = skb_shinfo(skb)->frag_list)) { 1385 list = skb_shinfo(skb)->frag_list;
1386 if (!list) {
1372 /* Non fragmented */ 1387 /* Non fragmented */
1373 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len); 1388 BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len);
1374 1389
@@ -1609,7 +1624,8 @@ static inline void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb)
1609 hci_conn_enter_active_mode(conn); 1624 hci_conn_enter_active_mode(conn);
1610 1625
1611 /* Send to upper protocol */ 1626 /* Send to upper protocol */
1612 if ((hp = hci_proto[HCI_PROTO_L2CAP]) && hp->recv_acldata) { 1627 hp = hci_proto[HCI_PROTO_L2CAP];
1628 if (hp && hp->recv_acldata) {
1613 hp->recv_acldata(conn, skb, flags); 1629 hp->recv_acldata(conn, skb, flags);
1614 return; 1630 return;
1615 } 1631 }
@@ -1644,7 +1660,8 @@ static inline void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
1644 register struct hci_proto *hp; 1660 register struct hci_proto *hp;
1645 1661
1646 /* Send to upper protocol */ 1662 /* Send to upper protocol */
1647 if ((hp = hci_proto[HCI_PROTO_SCO]) && hp->recv_scodata) { 1663 hp = hci_proto[HCI_PROTO_SCO];
1664 if (hp && hp->recv_scodata) {
1648 hp->recv_scodata(conn, skb); 1665 hp->recv_scodata(conn, skb);
1649 return; 1666 return;
1650 } 1667 }
@@ -1727,7 +1744,8 @@ static void hci_cmd_task(unsigned long arg)
1727 if (atomic_read(&hdev->cmd_cnt) && (skb = skb_dequeue(&hdev->cmd_q))) { 1744 if (atomic_read(&hdev->cmd_cnt) && (skb = skb_dequeue(&hdev->cmd_q))) {
1728 kfree_skb(hdev->sent_cmd); 1745 kfree_skb(hdev->sent_cmd);
1729 1746
1730 if ((hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC))) { 1747 hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC);
1748 if (hdev->sent_cmd) {
1731 atomic_dec(&hdev->cmd_cnt); 1749 atomic_dec(&hdev->cmd_cnt);
1732 hci_send_frame(skb); 1750 hci_send_frame(skb);
1733 hdev->cmd_last_tx = jiffies; 1751 hdev->cmd_last_tx = jiffies;
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 3c1957c82b61..8923b36a67a2 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -39,7 +39,7 @@
39#include <net/sock.h> 39#include <net/sock.h>
40 40
41#include <asm/system.h> 41#include <asm/system.h>
42#include <asm/uaccess.h> 42#include <linux/uaccess.h>
43#include <asm/unaligned.h> 43#include <asm/unaligned.h>
44 44
45#include <net/bluetooth/bluetooth.h> 45#include <net/bluetooth/bluetooth.h>
@@ -1512,10 +1512,12 @@ static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *s
1512 conn->sent -= count; 1512 conn->sent -= count;
1513 1513
1514 if (conn->type == ACL_LINK) { 1514 if (conn->type == ACL_LINK) {
1515 if ((hdev->acl_cnt += count) > hdev->acl_pkts) 1515 hdev->acl_cnt += count;
1516 if (hdev->acl_cnt > hdev->acl_pkts)
1516 hdev->acl_cnt = hdev->acl_pkts; 1517 hdev->acl_cnt = hdev->acl_pkts;
1517 } else { 1518 } else {
1518 if ((hdev->sco_cnt += count) > hdev->sco_pkts) 1519 hdev->sco_cnt += count;
1520 if (hdev->sco_cnt > hdev->sco_pkts)
1519 hdev->sco_cnt = hdev->sco_pkts; 1521 hdev->sco_cnt = hdev->sco_pkts;
1520 } 1522 }
1521 } 1523 }
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index 83acd164d39e..b3753bad2a55 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -43,7 +43,7 @@
43#include <net/sock.h> 43#include <net/sock.h>
44 44
45#include <asm/system.h> 45#include <asm/system.h>
46#include <asm/uaccess.h> 46#include <linux/uaccess.h>
47#include <asm/unaligned.h> 47#include <asm/unaligned.h>
48 48
49#include <net/bluetooth/bluetooth.h> 49#include <net/bluetooth/bluetooth.h>
@@ -125,7 +125,8 @@ void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb)
125 continue; 125 continue;
126 } 126 }
127 127
128 if (!(nskb = skb_clone(skb, GFP_ATOMIC))) 128 nskb = skb_clone(skb, GFP_ATOMIC);
129 if (!nskb)
129 continue; 130 continue;
130 131
131 /* Put type byte before the data */ 132 /* Put type byte before the data */
@@ -370,7 +371,8 @@ static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_le
370 } 371 }
371 372
372 if (haddr->hci_dev != HCI_DEV_NONE) { 373 if (haddr->hci_dev != HCI_DEV_NONE) {
373 if (!(hdev = hci_dev_get(haddr->hci_dev))) { 374 hdev = hci_dev_get(haddr->hci_dev);
375 if (!hdev) {
374 err = -ENODEV; 376 err = -ENODEV;
375 goto done; 377 goto done;
376 } 378 }
@@ -457,7 +459,8 @@ static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
457 if (sk->sk_state == BT_CLOSED) 459 if (sk->sk_state == BT_CLOSED)
458 return 0; 460 return 0;
459 461
460 if (!(skb = skb_recv_datagram(sk, flags, noblock, &err))) 462 skb = skb_recv_datagram(sk, flags, noblock, &err);
463 if (!skb)
461 return err; 464 return err;
462 465
463 msg->msg_namelen = 0; 466 msg->msg_namelen = 0;
@@ -499,7 +502,8 @@ static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
499 502
500 lock_sock(sk); 503 lock_sock(sk);
501 504
502 if (!(hdev = hci_pi(sk)->hdev)) { 505 hdev = hci_pi(sk)->hdev;
506 if (!hdev) {
503 err = -EBADFD; 507 err = -EBADFD;
504 goto done; 508 goto done;
505 } 509 }
@@ -509,7 +513,8 @@ static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
509 goto done; 513 goto done;
510 } 514 }
511 515
512 if (!(skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err))) 516 skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err);
517 if (!skb)
513 goto done; 518 goto done;
514 519
515 if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) { 520 if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {