diff options
Diffstat (limited to 'net/bluetooth')
-rw-r--r-- | net/bluetooth/hci_conn.c | 23 | ||||
-rw-r--r-- | net/bluetooth/hci_core.c | 66 | ||||
-rw-r--r-- | net/bluetooth/hci_event.c | 8 | ||||
-rw-r--r-- | net/bluetooth/hci_sock.c | 17 |
4 files changed, 73 insertions, 41 deletions
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index 0b1e460fe440..6b90a4191734 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c | |||
@@ -39,7 +39,7 @@ | |||
39 | #include <net/sock.h> | 39 | #include <net/sock.h> |
40 | 40 | ||
41 | #include <asm/system.h> | 41 | #include <asm/system.h> |
42 | #include <asm/uaccess.h> | 42 | #include <linux/uaccess.h> |
43 | #include <asm/unaligned.h> | 43 | #include <asm/unaligned.h> |
44 | 44 | ||
45 | #include <net/bluetooth/bluetooth.h> | 45 | #include <net/bluetooth/bluetooth.h> |
@@ -66,7 +66,8 @@ void hci_acl_connect(struct hci_conn *conn) | |||
66 | bacpy(&cp.bdaddr, &conn->dst); | 66 | bacpy(&cp.bdaddr, &conn->dst); |
67 | cp.pscan_rep_mode = 0x02; | 67 | cp.pscan_rep_mode = 0x02; |
68 | 68 | ||
69 | if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) { | 69 | ie = hci_inquiry_cache_lookup(hdev, &conn->dst); |
70 | if (ie) { | ||
70 | if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) { | 71 | if (inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) { |
71 | cp.pscan_rep_mode = ie->data.pscan_rep_mode; | 72 | cp.pscan_rep_mode = ie->data.pscan_rep_mode; |
72 | cp.pscan_mode = ie->data.pscan_mode; | 73 | cp.pscan_mode = ie->data.pscan_mode; |
@@ -368,8 +369,10 @@ struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 | |||
368 | 369 | ||
369 | BT_DBG("%s dst %s", hdev->name, batostr(dst)); | 370 | BT_DBG("%s dst %s", hdev->name, batostr(dst)); |
370 | 371 | ||
371 | if (!(acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst))) { | 372 | acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst); |
372 | if (!(acl = hci_conn_add(hdev, ACL_LINK, dst))) | 373 | if (!acl) { |
374 | acl = hci_conn_add(hdev, ACL_LINK, dst); | ||
375 | if (!acl) | ||
373 | return NULL; | 376 | return NULL; |
374 | } | 377 | } |
375 | 378 | ||
@@ -389,8 +392,10 @@ struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 | |||
389 | if (type == ACL_LINK) | 392 | if (type == ACL_LINK) |
390 | return acl; | 393 | return acl; |
391 | 394 | ||
392 | if (!(sco = hci_conn_hash_lookup_ba(hdev, type, dst))) { | 395 | sco = hci_conn_hash_lookup_ba(hdev, type, dst); |
393 | if (!(sco = hci_conn_add(hdev, type, dst))) { | 396 | if (!sco) { |
397 | sco = hci_conn_add(hdev, type, dst); | ||
398 | if (!sco) { | ||
394 | hci_conn_put(acl); | 399 | hci_conn_put(acl); |
395 | return NULL; | 400 | return NULL; |
396 | } | 401 | } |
@@ -647,10 +652,12 @@ int hci_get_conn_list(void __user *arg) | |||
647 | 652 | ||
648 | size = sizeof(req) + req.conn_num * sizeof(*ci); | 653 | size = sizeof(req) + req.conn_num * sizeof(*ci); |
649 | 654 | ||
650 | if (!(cl = kmalloc(size, GFP_KERNEL))) | 655 | cl = kmalloc(size, GFP_KERNEL); |
656 | if (!cl) | ||
651 | return -ENOMEM; | 657 | return -ENOMEM; |
652 | 658 | ||
653 | if (!(hdev = hci_dev_get(req.dev_id))) { | 659 | hdev = hci_dev_get(req.dev_id); |
660 | if (!hdev) { | ||
654 | kfree(cl); | 661 | kfree(cl); |
655 | return -ENODEV; | 662 | return -ENODEV; |
656 | } | 663 | } |
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c index bc2a052e518b..51c61f75a797 100644 --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c | |||
@@ -44,7 +44,7 @@ | |||
44 | #include <net/sock.h> | 44 | #include <net/sock.h> |
45 | 45 | ||
46 | #include <asm/system.h> | 46 | #include <asm/system.h> |
47 | #include <asm/uaccess.h> | 47 | #include <linux/uaccess.h> |
48 | #include <asm/unaligned.h> | 48 | #include <asm/unaligned.h> |
49 | 49 | ||
50 | #include <net/bluetooth/bluetooth.h> | 50 | #include <net/bluetooth/bluetooth.h> |
@@ -349,20 +349,23 @@ struct inquiry_entry *hci_inquiry_cache_lookup(struct hci_dev *hdev, bdaddr_t *b | |||
349 | void hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data) | 349 | void hci_inquiry_cache_update(struct hci_dev *hdev, struct inquiry_data *data) |
350 | { | 350 | { |
351 | struct inquiry_cache *cache = &hdev->inq_cache; | 351 | struct inquiry_cache *cache = &hdev->inq_cache; |
352 | struct inquiry_entry *e; | 352 | struct inquiry_entry *ie; |
353 | 353 | ||
354 | BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr)); | 354 | BT_DBG("cache %p, %s", cache, batostr(&data->bdaddr)); |
355 | 355 | ||
356 | if (!(e = hci_inquiry_cache_lookup(hdev, &data->bdaddr))) { | 356 | ie = hci_inquiry_cache_lookup(hdev, &data->bdaddr); |
357 | if (!ie) { | ||
357 | /* Entry not in the cache. Add new one. */ | 358 | /* Entry not in the cache. Add new one. */ |
358 | if (!(e = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC))) | 359 | ie = kzalloc(sizeof(struct inquiry_entry), GFP_ATOMIC); |
360 | if (!ie) | ||
359 | return; | 361 | return; |
360 | e->next = cache->list; | 362 | |
361 | cache->list = e; | 363 | ie->next = cache->list; |
364 | cache->list = ie; | ||
362 | } | 365 | } |
363 | 366 | ||
364 | memcpy(&e->data, data, sizeof(*data)); | 367 | memcpy(&ie->data, data, sizeof(*data)); |
365 | e->timestamp = jiffies; | 368 | ie->timestamp = jiffies; |
366 | cache->timestamp = jiffies; | 369 | cache->timestamp = jiffies; |
367 | } | 370 | } |
368 | 371 | ||
@@ -422,16 +425,20 @@ int hci_inquiry(void __user *arg) | |||
422 | 425 | ||
423 | hci_dev_lock_bh(hdev); | 426 | hci_dev_lock_bh(hdev); |
424 | if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX || | 427 | if (inquiry_cache_age(hdev) > INQUIRY_CACHE_AGE_MAX || |
425 | inquiry_cache_empty(hdev) || | 428 | inquiry_cache_empty(hdev) || |
426 | ir.flags & IREQ_CACHE_FLUSH) { | 429 | ir.flags & IREQ_CACHE_FLUSH) { |
427 | inquiry_cache_flush(hdev); | 430 | inquiry_cache_flush(hdev); |
428 | do_inquiry = 1; | 431 | do_inquiry = 1; |
429 | } | 432 | } |
430 | hci_dev_unlock_bh(hdev); | 433 | hci_dev_unlock_bh(hdev); |
431 | 434 | ||
432 | timeo = ir.length * msecs_to_jiffies(2000); | 435 | timeo = ir.length * msecs_to_jiffies(2000); |
433 | if (do_inquiry && (err = hci_request(hdev, hci_inq_req, (unsigned long)&ir, timeo)) < 0) | 436 | |
434 | goto done; | 437 | if (do_inquiry) { |
438 | err = hci_request(hdev, hci_inq_req, (unsigned long)&ir, timeo); | ||
439 | if (err < 0) | ||
440 | goto done; | ||
441 | } | ||
435 | 442 | ||
436 | /* for unlimited number of responses we will use buffer with 255 entries */ | 443 | /* for unlimited number of responses we will use buffer with 255 entries */ |
437 | max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp; | 444 | max_rsp = (ir.num_rsp == 0) ? 255 : ir.num_rsp; |
@@ -439,7 +446,8 @@ int hci_inquiry(void __user *arg) | |||
439 | /* cache_dump can't sleep. Therefore we allocate temp buffer and then | 446 | /* cache_dump can't sleep. Therefore we allocate temp buffer and then |
440 | * copy it to the user space. | 447 | * copy it to the user space. |
441 | */ | 448 | */ |
442 | if (!(buf = kmalloc(sizeof(struct inquiry_info) * max_rsp, GFP_KERNEL))) { | 449 | buf = kmalloc(sizeof(struct inquiry_info) *max_rsp, GFP_KERNEL); |
450 | if (!buf) { | ||
443 | err = -ENOMEM; | 451 | err = -ENOMEM; |
444 | goto done; | 452 | goto done; |
445 | } | 453 | } |
@@ -611,7 +619,8 @@ int hci_dev_close(__u16 dev) | |||
611 | struct hci_dev *hdev; | 619 | struct hci_dev *hdev; |
612 | int err; | 620 | int err; |
613 | 621 | ||
614 | if (!(hdev = hci_dev_get(dev))) | 622 | hdev = hci_dev_get(dev); |
623 | if (!hdev) | ||
615 | return -ENODEV; | 624 | return -ENODEV; |
616 | err = hci_dev_do_close(hdev); | 625 | err = hci_dev_do_close(hdev); |
617 | hci_dev_put(hdev); | 626 | hci_dev_put(hdev); |
@@ -623,7 +632,8 @@ int hci_dev_reset(__u16 dev) | |||
623 | struct hci_dev *hdev; | 632 | struct hci_dev *hdev; |
624 | int ret = 0; | 633 | int ret = 0; |
625 | 634 | ||
626 | if (!(hdev = hci_dev_get(dev))) | 635 | hdev = hci_dev_get(dev); |
636 | if (!hdev) | ||
627 | return -ENODEV; | 637 | return -ENODEV; |
628 | 638 | ||
629 | hci_req_lock(hdev); | 639 | hci_req_lock(hdev); |
@@ -663,7 +673,8 @@ int hci_dev_reset_stat(__u16 dev) | |||
663 | struct hci_dev *hdev; | 673 | struct hci_dev *hdev; |
664 | int ret = 0; | 674 | int ret = 0; |
665 | 675 | ||
666 | if (!(hdev = hci_dev_get(dev))) | 676 | hdev = hci_dev_get(dev); |
677 | if (!hdev) | ||
667 | return -ENODEV; | 678 | return -ENODEV; |
668 | 679 | ||
669 | memset(&hdev->stat, 0, sizeof(struct hci_dev_stats)); | 680 | memset(&hdev->stat, 0, sizeof(struct hci_dev_stats)); |
@@ -682,7 +693,8 @@ int hci_dev_cmd(unsigned int cmd, void __user *arg) | |||
682 | if (copy_from_user(&dr, arg, sizeof(dr))) | 693 | if (copy_from_user(&dr, arg, sizeof(dr))) |
683 | return -EFAULT; | 694 | return -EFAULT; |
684 | 695 | ||
685 | if (!(hdev = hci_dev_get(dr.dev_id))) | 696 | hdev = hci_dev_get(dr.dev_id); |
697 | if (!hdev) | ||
686 | return -ENODEV; | 698 | return -ENODEV; |
687 | 699 | ||
688 | switch (cmd) { | 700 | switch (cmd) { |
@@ -763,7 +775,8 @@ int hci_get_dev_list(void __user *arg) | |||
763 | 775 | ||
764 | size = sizeof(*dl) + dev_num * sizeof(*dr); | 776 | size = sizeof(*dl) + dev_num * sizeof(*dr); |
765 | 777 | ||
766 | if (!(dl = kzalloc(size, GFP_KERNEL))) | 778 | dl = kzalloc(size, GFP_KERNEL); |
779 | if (!dl) | ||
767 | return -ENOMEM; | 780 | return -ENOMEM; |
768 | 781 | ||
769 | dr = dl->dev_req; | 782 | dr = dl->dev_req; |
@@ -797,7 +810,8 @@ int hci_get_dev_info(void __user *arg) | |||
797 | if (copy_from_user(&di, arg, sizeof(di))) | 810 | if (copy_from_user(&di, arg, sizeof(di))) |
798 | return -EFAULT; | 811 | return -EFAULT; |
799 | 812 | ||
800 | if (!(hdev = hci_dev_get(di.dev_id))) | 813 | hdev = hci_dev_get(di.dev_id); |
814 | if (!hdev) | ||
801 | return -ENODEV; | 815 | return -ENODEV; |
802 | 816 | ||
803 | strcpy(di.name, hdev->name); | 817 | strcpy(di.name, hdev->name); |
@@ -905,7 +919,7 @@ int hci_register_dev(struct hci_dev *hdev) | |||
905 | hdev->sniff_max_interval = 800; | 919 | hdev->sniff_max_interval = 800; |
906 | hdev->sniff_min_interval = 80; | 920 | hdev->sniff_min_interval = 80; |
907 | 921 | ||
908 | tasklet_init(&hdev->cmd_task, hci_cmd_task,(unsigned long) hdev); | 922 | tasklet_init(&hdev->cmd_task, hci_cmd_task, (unsigned long) hdev); |
909 | tasklet_init(&hdev->rx_task, hci_rx_task, (unsigned long) hdev); | 923 | tasklet_init(&hdev->rx_task, hci_rx_task, (unsigned long) hdev); |
910 | tasklet_init(&hdev->tx_task, hci_tx_task, (unsigned long) hdev); | 924 | tasklet_init(&hdev->tx_task, hci_tx_task, (unsigned long) hdev); |
911 | 925 | ||
@@ -1368,7 +1382,8 @@ void hci_send_acl(struct hci_conn *conn, struct sk_buff *skb, __u16 flags) | |||
1368 | bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT; | 1382 | bt_cb(skb)->pkt_type = HCI_ACLDATA_PKT; |
1369 | hci_add_acl_hdr(skb, conn->handle, flags | ACL_START); | 1383 | hci_add_acl_hdr(skb, conn->handle, flags | ACL_START); |
1370 | 1384 | ||
1371 | if (!(list = skb_shinfo(skb)->frag_list)) { | 1385 | list = skb_shinfo(skb)->frag_list; |
1386 | if (!list) { | ||
1372 | /* Non fragmented */ | 1387 | /* Non fragmented */ |
1373 | BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len); | 1388 | BT_DBG("%s nonfrag skb %p len %d", hdev->name, skb, skb->len); |
1374 | 1389 | ||
@@ -1609,7 +1624,8 @@ static inline void hci_acldata_packet(struct hci_dev *hdev, struct sk_buff *skb) | |||
1609 | hci_conn_enter_active_mode(conn); | 1624 | hci_conn_enter_active_mode(conn); |
1610 | 1625 | ||
1611 | /* Send to upper protocol */ | 1626 | /* Send to upper protocol */ |
1612 | if ((hp = hci_proto[HCI_PROTO_L2CAP]) && hp->recv_acldata) { | 1627 | hp = hci_proto[HCI_PROTO_L2CAP]; |
1628 | if (hp && hp->recv_acldata) { | ||
1613 | hp->recv_acldata(conn, skb, flags); | 1629 | hp->recv_acldata(conn, skb, flags); |
1614 | return; | 1630 | return; |
1615 | } | 1631 | } |
@@ -1644,7 +1660,8 @@ static inline void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb) | |||
1644 | register struct hci_proto *hp; | 1660 | register struct hci_proto *hp; |
1645 | 1661 | ||
1646 | /* Send to upper protocol */ | 1662 | /* Send to upper protocol */ |
1647 | if ((hp = hci_proto[HCI_PROTO_SCO]) && hp->recv_scodata) { | 1663 | hp = hci_proto[HCI_PROTO_SCO]; |
1664 | if (hp && hp->recv_scodata) { | ||
1648 | hp->recv_scodata(conn, skb); | 1665 | hp->recv_scodata(conn, skb); |
1649 | return; | 1666 | return; |
1650 | } | 1667 | } |
@@ -1727,7 +1744,8 @@ static void hci_cmd_task(unsigned long arg) | |||
1727 | if (atomic_read(&hdev->cmd_cnt) && (skb = skb_dequeue(&hdev->cmd_q))) { | 1744 | if (atomic_read(&hdev->cmd_cnt) && (skb = skb_dequeue(&hdev->cmd_q))) { |
1728 | kfree_skb(hdev->sent_cmd); | 1745 | kfree_skb(hdev->sent_cmd); |
1729 | 1746 | ||
1730 | if ((hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC))) { | 1747 | hdev->sent_cmd = skb_clone(skb, GFP_ATOMIC); |
1748 | if (hdev->sent_cmd) { | ||
1731 | atomic_dec(&hdev->cmd_cnt); | 1749 | atomic_dec(&hdev->cmd_cnt); |
1732 | hci_send_frame(skb); | 1750 | hci_send_frame(skb); |
1733 | hdev->cmd_last_tx = jiffies; | 1751 | hdev->cmd_last_tx = jiffies; |
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 3c1957c82b61..8923b36a67a2 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c | |||
@@ -39,7 +39,7 @@ | |||
39 | #include <net/sock.h> | 39 | #include <net/sock.h> |
40 | 40 | ||
41 | #include <asm/system.h> | 41 | #include <asm/system.h> |
42 | #include <asm/uaccess.h> | 42 | #include <linux/uaccess.h> |
43 | #include <asm/unaligned.h> | 43 | #include <asm/unaligned.h> |
44 | 44 | ||
45 | #include <net/bluetooth/bluetooth.h> | 45 | #include <net/bluetooth/bluetooth.h> |
@@ -1512,10 +1512,12 @@ static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *s | |||
1512 | conn->sent -= count; | 1512 | conn->sent -= count; |
1513 | 1513 | ||
1514 | if (conn->type == ACL_LINK) { | 1514 | if (conn->type == ACL_LINK) { |
1515 | if ((hdev->acl_cnt += count) > hdev->acl_pkts) | 1515 | hdev->acl_cnt += count; |
1516 | if (hdev->acl_cnt > hdev->acl_pkts) | ||
1516 | hdev->acl_cnt = hdev->acl_pkts; | 1517 | hdev->acl_cnt = hdev->acl_pkts; |
1517 | } else { | 1518 | } else { |
1518 | if ((hdev->sco_cnt += count) > hdev->sco_pkts) | 1519 | hdev->sco_cnt += count; |
1520 | if (hdev->sco_cnt > hdev->sco_pkts) | ||
1519 | hdev->sco_cnt = hdev->sco_pkts; | 1521 | hdev->sco_cnt = hdev->sco_pkts; |
1520 | } | 1522 | } |
1521 | } | 1523 | } |
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c index 83acd164d39e..b3753bad2a55 100644 --- a/net/bluetooth/hci_sock.c +++ b/net/bluetooth/hci_sock.c | |||
@@ -43,7 +43,7 @@ | |||
43 | #include <net/sock.h> | 43 | #include <net/sock.h> |
44 | 44 | ||
45 | #include <asm/system.h> | 45 | #include <asm/system.h> |
46 | #include <asm/uaccess.h> | 46 | #include <linux/uaccess.h> |
47 | #include <asm/unaligned.h> | 47 | #include <asm/unaligned.h> |
48 | 48 | ||
49 | #include <net/bluetooth/bluetooth.h> | 49 | #include <net/bluetooth/bluetooth.h> |
@@ -125,7 +125,8 @@ void hci_send_to_sock(struct hci_dev *hdev, struct sk_buff *skb) | |||
125 | continue; | 125 | continue; |
126 | } | 126 | } |
127 | 127 | ||
128 | if (!(nskb = skb_clone(skb, GFP_ATOMIC))) | 128 | nskb = skb_clone(skb, GFP_ATOMIC); |
129 | if (!nskb) | ||
129 | continue; | 130 | continue; |
130 | 131 | ||
131 | /* Put type byte before the data */ | 132 | /* Put type byte before the data */ |
@@ -370,7 +371,8 @@ static int hci_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_le | |||
370 | } | 371 | } |
371 | 372 | ||
372 | if (haddr->hci_dev != HCI_DEV_NONE) { | 373 | if (haddr->hci_dev != HCI_DEV_NONE) { |
373 | if (!(hdev = hci_dev_get(haddr->hci_dev))) { | 374 | hdev = hci_dev_get(haddr->hci_dev); |
375 | if (!hdev) { | ||
374 | err = -ENODEV; | 376 | err = -ENODEV; |
375 | goto done; | 377 | goto done; |
376 | } | 378 | } |
@@ -457,7 +459,8 @@ static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock, | |||
457 | if (sk->sk_state == BT_CLOSED) | 459 | if (sk->sk_state == BT_CLOSED) |
458 | return 0; | 460 | return 0; |
459 | 461 | ||
460 | if (!(skb = skb_recv_datagram(sk, flags, noblock, &err))) | 462 | skb = skb_recv_datagram(sk, flags, noblock, &err); |
463 | if (!skb) | ||
461 | return err; | 464 | return err; |
462 | 465 | ||
463 | msg->msg_namelen = 0; | 466 | msg->msg_namelen = 0; |
@@ -499,7 +502,8 @@ static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock, | |||
499 | 502 | ||
500 | lock_sock(sk); | 503 | lock_sock(sk); |
501 | 504 | ||
502 | if (!(hdev = hci_pi(sk)->hdev)) { | 505 | hdev = hci_pi(sk)->hdev; |
506 | if (!hdev) { | ||
503 | err = -EBADFD; | 507 | err = -EBADFD; |
504 | goto done; | 508 | goto done; |
505 | } | 509 | } |
@@ -509,7 +513,8 @@ static int hci_sock_sendmsg(struct kiocb *iocb, struct socket *sock, | |||
509 | goto done; | 513 | goto done; |
510 | } | 514 | } |
511 | 515 | ||
512 | if (!(skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err))) | 516 | skb = bt_skb_send_alloc(sk, len, msg->msg_flags & MSG_DONTWAIT, &err); |
517 | if (!skb) | ||
513 | goto done; | 518 | goto done; |
514 | 519 | ||
515 | if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) { | 520 | if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) { |