aboutsummaryrefslogtreecommitdiff
path: root/net/bluetooth
AgeCommit message (Collapse)Author
2007-07-31[BLUETOOTH]: pass (host-endian) cmd length as explicit argument to ↵Al Viro
l2cap_conf_req() Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31[BLUETOOTH] l2cap: endianness annotationsAl Viro
no code changes, just documenting existing types Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31[BLUETOOTH]: Fix endianness bug in l2cap_sock_listen()Al Viro
We loop through psm values, calling __l2cap_get_sock_by_addr(psm, ...) until we get NULL; then we set ->psm of our socket to htobs(psm). IOW, we find unused psm value and put it into our socket. So far, so good, but... __l2cap_get_sock_by_addr() compares its argument with ->psm of sockets. IOW, the entire thing works correctly only on little-endian. On big-endian we'll get "no socket with such psm" on the first iteration, since we won't find a socket with ->psm == 0x1001. We will happily conclude that 0x1001 is unused and slap htobs(0x1001) (i.e. 0x110) into ->psm of our socket. Of course, the next time around the same thing will repeat and we'll just get a fsckload of sockets with the same ->psm assigned. Fix: pass htobs(psm) to __l2cap_get_sock_by_addr() there. All other callers are already passing little-endian values and all places that store something in ->psm are storing little-endian. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-31[IRDA]: Fix rfcomm use-after-freeMarcel Holtmann
Adrian Bunk wrote: > Commit 8de0a15483b357d0f0b821330ec84d1660cadc4e added the following > use-after-free in net/bluetooth/rfcomm/tty.c: > > <-- snip --> > > ... > static int rfcomm_dev_add(struct rfcomm_dev_req *req, struct rfcomm_dlc *dlc) > { > ... > if (IS_ERR(dev->tty_dev)) { > list_del(&dev->list); > kfree(dev); > return PTR_ERR(dev->tty_dev); > } > ... > > <-- snip --> > > Spotted by the Coverity checker. really good catch. I fully overlooked that one. The attached patch should fix it. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-19[NET] BLUETOOTH: Fix whitespace errors.YOSHIFUJI Hideaki
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
2007-07-17Freezer: make kernel threads nonfreezable by defaultRafael J. Wysocki
Currently, the freezer treats all tasks as freezable, except for the kernel threads that explicitly set the PF_NOFREEZE flag for themselves. This approach is problematic, since it requires every kernel thread to either set PF_NOFREEZE explicitly, or call try_to_freeze(), even if it doesn't care for the freezing of tasks at all. It seems better to only require the kernel threads that want to or need to be frozen to use some freezer-related code and to remove any freezer-related code from the other (nonfreezable) kernel threads, which is done in this patch. The patch causes all kernel threads to be nonfreezable by default (ie. to have PF_NOFREEZE set by default) and introduces the set_freezable() function that should be called by the freezable kernel threads in order to unset PF_NOFREEZE. It also makes all of the currently freezable kernel threads call set_freezable(), so it shouldn't cause any (intentional) change of behaviour to appear. Additionally, it updates documentation to describe the freezing of tasks more accurately. [akpm@linux-foundation.org: build fixes] Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> Acked-by: Nigel Cunningham <nigel@nigel.suspend2.net> Cc: Pavel Machek <pavel@ucw.cz> Cc: Oleg Nesterov <oleg@tv-sign.ru> Cc: Gautham R Shenoy <ego@in.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-11[Bluetooth] Add basics to better support and handle eSCO linksMarcel Holtmann
To better support and handle eSCO links in the future a bunch of constants needs to be added and some basic routines need to be updated. This is the initial step. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-07-11[Bluetooth] Keep rfcomm_dev on the list until it is freedVille Tervo
This patch changes the RFCOMM TTY release process so that the TTY is kept on the list until it is really freed. A new device flag is used to keep track of released TTYs. Signed-off-by: Ville Tervo <ville.tervo@nokia.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-07-11[Bluetooth] Hangup TTY before releasing rfcomm_devMikko Rapeli
The core problem is that RFCOMM socket layer ioctl can release rfcomm_dev struct while RFCOMM TTY layer is still actively using it. Calling tty_vhangup() is needed for a synchronous hangup before rfcomm_dev is freed. Addresses the oops at http://bugzilla.kernel.org/show_bug.cgi?id=7509 Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-07-11[Bluetooth] Add hci_recv_fragment() helper functionMarcel Holtmann
Most drivers must handle fragmented HCI data packets and events. This patch adds a generic function for their reassembly to the Bluetooth core layer and thus allows to shrink the complexity of the drivers. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-07-07Fix use-after-free oops in Bluetooth HID.David Woodhouse
When cleaning up HIDP sessions, we currently close the ACL connection before deregistering the input device. Closing the ACL connection schedules a workqueue to remove the associated objects from sysfs, but the input device still refers to them -- and if the workqueue happens to run before the input device removal, the kernel will oops when trying to look up PHYSDEVPATH for the removed input device. Fix this by deregistering the input device before closing the connections. Signed-off-by: David Woodhouse <dwmw2@infradead.org> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-05-24[Bluetooth] Fix L2CAP configuration parameter handlingMarcel Holtmann
The L2CAP configuration parameter handling was missing the support for rejecting unknown options. The capability to reject unknown options is mandatory since the Bluetooth 1.2 specification. This patch implements its and also simplifies the parameter parsing. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-05-17[BLUETOOTH]: Fix locking in hci_sock_dev_event().Satyam Sharma
We presently use lock_sock() to acquire a lock on a socket in hci_sock_dev_event(), but this goes BUG because lock_sock() can sleep and we're already holding a read-write spinlock at that point. So, we must use the non-sleeping BH version, bh_lock_sock(). However, hci_sock_dev_event() is called from user context and hence using simply bh_lock_sock() will deadlock against a concurrent softirq that tries to acquire a lock on the same socket. Hence, disabling BH's before acquiring the socket lock and enable them afterwards, is the proper solution to fix socket locking in hci_sock_dev_event(). Signed-off-by: Satyam Sharma <ssatyam@cse.iitk.ac.in> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-05-11Merge branch 'upstream-fixes' of ↵Linus Torvalds
master.kernel.org:/pub/scm/linux/kernel/git/jikos/hid * 'upstream-fixes' of master.kernel.org:/pub/scm/linux/kernel/git/jikos/hid: USB HID: hiddev - fix race between hiddev_send_event() and hiddev_release() HID: add hooks for getkeycode() and setkeycode() methods HID: switch to using input_dev->dev.parent USB HID: Logitech wheel 0x046d/0xc294 needs HID_QUIRK_NOGET quirk USB HID: usb_buffer_free() cleanup USB HID: report descriptor of Cypress USB barcode readers needs fixup Bluetooth HID: HIDP - don't initialize force feedback USB HID: update CONFIG_USB_HIDINPUT_POWERBOOK description HID: add input mappings for non-working keys on Logitech S510 remote
2007-05-10[Bluetooth] Switch to using input_dev->dev.parentMarcel Holtmann
In preparation for struct class_device -> struct device input core conversion, switch to using input_dev->dev.parent when specifying device position in sysfs tree. Also, do not access input_dev->private directly, use helpers and do not use kfree() on input device, use input_free_device() instead. Signed-off-by: Dmitry Torokhov <dtor@mail.ru> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-05-10[S390] Kconfig: unwanted menus for s390.Martin Schwidefsky
Disable some more menus in the configuration files that are of no interest to a s390 machine. Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2007-05-09Bluetooth HID: HIDP - don't initialize force feedbackJiri Kosina
The current implementation of force feedback for HID devices is USB-transport only and therefore calling hid_ff_init() from hidp code is not going to work (plus it creates unwanted dependency of hidp on usbhid). Remove the hid_ff_init() until either the hid-ff is made transport-independent, or at least support for bluetooth transport is added. Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-05-08header cleaning: don't include smp_lock.h when not usedRandy Dunlap
Remove includes of <linux/smp_lock.h> where it is not used/needed. Suggested by Al Viro. Builds cleanly on x86_64, i386, alpha, ia64, powerpc, sparc, sparc64, and arm (all 59 defconfigs). Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-05-07Fix bluetooth HCI sysfs compileLinus Torvalds
More fallout from the removal of "struct subsystem" from the core device model. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-05-05[Bluetooth] Disconnect L2CAP connection after last RFCOMM DLCMarcel Holtmann
The RFCOMM specification says that the device closing the last DLC on a particular session is responsible for closing the multiplexer by closing the corresponding L2CAP channel. Signed-off-by: Ville Tervo <ville.tervo@nokia.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-05-05[Bluetooth] Check that device is in rfcomm_dev_list before deletingMarcel Holtmann
If RFCOMM_RELEASE_ONHUP flag is on and rfcomm_release_dev is called before connection is closed, rfcomm_dev is deleted twice from the rfcomm_dev_list and refcount is messed up. This patch adds a check before deleting device that the device actually is listed. Signed-off-by: Ville Tervo <ville.tervo@nokia.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-05-05[Bluetooth] Use in-kernel sockets APIMarcel Holtmann
The kernel provides a new convenient way to access the sockets API for in-kernel users. It is a good idea to actually use it. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-05-05[Bluetooth] Attach host adapters to the Bluetooth busMarcel Holtmann
The Bluetooth host adapters are attached to the Bluetooth class and the low-level connections are children of these class devices. Having class devices as parent of bus devices breaks a lot of reasonable assumptions about sysfs. The host adapters should be attached to the Bluetooth bus to simplify the dependency resolving. For compatibility an additional symlink from the Bluetooth class will be used. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-05-05[Bluetooth] Fix L2CAP and HCI setsockopt() information leaksMarcel Holtmann
The L2CAP and HCI setsockopt() implementations have a small information leak that makes it possible to leak kernel stack memory to userspace. If the optlen parameter is 0, no data will be copied by copy_from_user(), but the uninitialized stack buffer will be read and stored later. A call to getsockopt() can now retrieve the leaked information. To fix this problem the stack buffer given to copy_from_user() must be initialized with the current settings. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-04-26[BLUETOOTH] rfcomm_worker(): fix wakeup raceAndrew Morton
Set TASK_INTERRUPTIBLE prior to testing the flag to avoid missed wakeups. Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-04-25[NET]: cleanup extra semicolonsStephen Hemminger
Spring cleaning time... There seems to be a lot of places in the network code that have extra bogus semicolons after conditionals. Most commonly is a bogus semicolon after: switch() { } Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-04-25[SK_BUFF]: Introduce skb_copy_from_linear_data{_offset}Arnaldo Carvalho de Melo
To clearly state the intent of copying from linear sk_buffs, _offset being a overly long variant but interesting for the sake of saving some bytes. Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
2007-04-25[SK_BUFF]: Convert skb->tail to sk_buff_data_tArnaldo Carvalho de Melo
So that it is also an offset from skb->head, reduces its size from 8 to 4 bytes on 64bit architectures, allowing us to combine the 4 bytes hole left by the layer headers conversion, reducing struct sk_buff size to 256 bytes, i.e. 4 64byte cachelines, and since the sk_buff slab cache is SLAB_HWCACHE_ALIGN... :-) Many calculations that previously required that skb->{transport,network, mac}_header be first converted to a pointer now can be done directly, being meaningful as offsets or pointers. Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-04-25[SK_BUFF]: Introduce skb_transport_header(skb)Arnaldo Carvalho de Melo
For the places where we need a pointer to the transport header, it is still legal to touch skb->h.raw directly if just adding to, subtracting from or setting it to another layer header. Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-04-25[SK_BUFF]: Introduce skb_reset_transport_header(skb)Arnaldo Carvalho de Melo
For the common, open coded 'skb->h.raw = skb->data' operation, so that we can later turn skb->h.raw into a offset, reducing the size of struct sk_buff in 64bit land while possibly keeping it as a pointer on 32bit. This one touches just the most simple cases: skb->h.raw = skb->data; skb->h.raw = {skb_push|[__]skb_pull}() The next ones will handle the slightly more "complex" cases. Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-04-25[SK_BUFF]: Introduce skb_mac_header()Arnaldo Carvalho de Melo
For the places where we need a pointer to the mac header, it is still legal to touch skb->mac.raw directly if just adding to, subtracting from or setting it to another layer header. This one also converts some more cases to skb_reset_mac_header() that my regex missed as it had no spaces before nor after '=', ugh. Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-04-25[SK_BUFF]: Introduce skb_reset_mac_header(skb)Arnaldo Carvalho de Melo
For the common, open coded 'skb->mac.raw = skb->data' operation, so that we can later turn skb->mac.raw into a offset, reducing the size of struct sk_buff in 64bit land while possibly keeping it as a pointer on 32bit. This one touches just the most simple case, next will handle the slightly more "complex" cases. Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-04-25[ETH]: Make eth_type_trans set skb->dev like the other *_type_transArnaldo Carvalho de Melo
One less thing for drivers writers to worry about. Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-04-25[NET] BLUETOOTH: Use cpu_to_le{16,32}() where appropriate.YOSHIFUJI Hideaki
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-29[PATCH] bluetooth hid quirks: mightymouse quirkJiri Kosina
I have a bugreport that scrollwheel of bluetooth version of apple mightymouse doesn't work. The USB version of mightymouse works, as there is a quirk for handling scrollwheel in hid/usbhid for it. Now that bluetooth git tree is hooked to generic hid layer, it could easily use the quirks which are already present in generic hid parser, hid-input, etc. Below is a simple patch against bluetooth git tree, which adds quirk handling to current bluetooth hidp code, and sets quirk flags for device 0x05ac/0x030c, which is the bluetooth version of the apple mightymouse. Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-22[NET]: fix up misplaced inlines.Dave Jones
Turning up the warnings on gcc makes it emit warnings about the placement of 'inline' in function declarations. Here's everything that was under net/ Signed-off-by: Dave Jones <davej@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-08[PATCH] bluetooth: fix socket locking in hci_sock_dev_event()Jiri Kosina
[Bluetooth] Fix socket locking in hci_sock_dev_event() hci_sock_dev_event() uses bh_lock_sock() to lock the socket lock. This is not deadlock-safe against locking of the same socket lock in l2cap_connect_cfm() from softirq context. In addition to that, hci_sock_dev_event() doesn't seem to be called from softirq context, so it is safe to use lock_sock()/release_sock() instead. The lockdep warning can be triggered on my T42p simply by switching the Bluetooth off by the keyboard button. ================================= [ INFO: inconsistent lock state ] 2.6.21-rc2 #4 --------------------------------- inconsistent {in-softirq-W} -> {softirq-on-W} usage. khubd/156 [HC0[0]:SC0[0]:HE1:SE1] takes: (slock-AF_BLUETOOTH){-+..}, at: [<e0ca5520>] hci_sock_dev_event+0xa8/0xc5 [bluetooth] {in-softirq-W} state was registered at: [<c012d1db>] mark_lock+0x59/0x414 [<e0cef688>] l2cap_connect_cfm+0x4e/0x11f [l2cap] [<c012dfd7>] __lock_acquire+0x3e5/0xb99 [<e0cef688>] l2cap_connect_cfm+0x4e/0x11f [l2cap] [<c012e7f2>] lock_acquire+0x67/0x81 [<e0cef688>] l2cap_connect_cfm+0x4e/0x11f [l2cap] [<c036ee72>] _spin_lock+0x29/0x34 [<e0cef688>] l2cap_connect_cfm+0x4e/0x11f [l2cap] [<e0cef688>] l2cap_connect_cfm+0x4e/0x11f [l2cap] [<e0ca17c3>] hci_send_cmd+0x126/0x14f [bluetooth] [<e0ca4ce4>] hci_event_packet+0x729/0xebd [bluetooth] [<e0ca205b>] hci_rx_task+0x2a/0x20f [bluetooth] [<e0ca209d>] hci_rx_task+0x6c/0x20f [bluetooth] [<c012d7be>] trace_hardirqs_on+0x10d/0x14e [<c011ac85>] tasklet_action+0x3d/0x68 [<c011abba>] __do_softirq+0x41/0x92 [<c011ac32>] do_softirq+0x27/0x3d [<c0105134>] do_IRQ+0x7b/0x8f [<c0103dec>] common_interrupt+0x24/0x34 [<c0103df6>] common_interrupt+0x2e/0x34 [<c0248e65>] acpi_processor_idle+0x1b3/0x34a [<c0248e68>] acpi_processor_idle+0x1b6/0x34a [<c010232b>] cpu_idle+0x39/0x4e [<c04bab0c>] start_kernel+0x372/0x37a [<c04ba42b>] unknown_bootoption+0x0/0x202 [<ffffffff>] 0xffffffff Signed-off-by: Jiri Kosina <jkosina@suse.cz> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-02-26[Bluetooth] Make use of device_move() for RFCOMM TTY devicesMarcel Holtmann
In the case of bound RFCOMM TTY devices the parent is not available before its usage. So when opening a RFCOMM TTY device, move it to the corresponding ACL device as a child. When closing the device, move it back to the virtual device tree. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-02-26[Bluetooth] Add open and close callbacks for HID deviceMarcel Holtmann
The open and close callbacks for the HID device are not optional, but for the Bluetooth HID report mode support it is enough to add empty dummy callbacks. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-02-26[Bluetooth] Add support for using the HID subsystemMarcel Holtmann
This patch extends the current Bluetooth HID support to use the new HID subsystem and adds full report mode support. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-02-26[Bluetooth] Fix wrong put_user() from HIDP compat ioctl patchMarcel Holtmann
The compat ioctl patch copied the parser version field into the report descriptor size field by mistake. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-02-14[PATCH] remove many unneeded #includes of sched.hTim Schmielau
After Al Viro (finally) succeeded in removing the sched.h #include in module.h recently, it makes sense again to remove other superfluous sched.h includes. There are quite a lot of files which include it but don't actually need anything defined in there. Presumably these includes were once needed for macros that used to live in sched.h, but moved to other header files in the course of cleaning it up. To ease the pain, this time I did not fiddle with any header files and only removed #includes from .c-files, which tend to cause less trouble. Compile tested against 2.6.20-rc2 and 2.6.20-rc2-mm2 (with offsets) on alpha, arm, i386, ia64, mips, powerpc, and x86_64 with allnoconfig, defconfig, allmodconfig, and allyesconfig as well as a few randconfigs on x86_64 and all configs in arch/arm/configs on arm. I also checked that no new warnings were introduced by the patch (actually, some warnings are removed that were emitted by unnecessarily included header files). Signed-off-by: Tim Schmielau <tim@physik3.uni-rostock.de> Acked-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-02-10[NET] BLUETOOTH: Fix whitespace errors.YOSHIFUJI Hideaki
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-02-09[PATCH] hidp __user annotationsAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-01-22[Bluetooth] Restrict well known PSM to privileged usersMarcel Holtmann
The PSM values below 0x1001 of L2CAP are reserved for well known services. Restrict the possibility to bind them to privileged users. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-01-22[Bluetooth] Missing endian swapping for L2CAP socket listMarcel Holtmann
The PSM value in the L2CAP socket list must be converted to host order before printing it. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-01-09[Bluetooth] Handle device registration failuresMarcel Holtmann
In the case the device registration for a new Bluetooth low-level connection fails there is no need to unregister it when the temporary data structure has been removed. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-01-09[Bluetooth] Fix uninitialized return value for RFCOMM sendmsg()Marcel Holtmann
When calling send() with a zero length parameter on a RFCOMM socket it returns a positive value. In this rare case the variable err is used uninitialized and unfortunately its value is returned. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-01-09[Bluetooth] More checks if DLC is still attached to the TTYMarcel Holtmann
If the DLC device is no longer attached to the TTY device, then return errors or default values for various callbacks of the TTY layer. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-01-09[Bluetooth] Add packet size checks for CAPI messagesMarcel Holtmann
With malformed packets it might be possible to overwrite internal CMTP and CAPI data structures. This patch adds additional length checks to prevent these kinds of remote attacks. Signed-off-by: Marcel Holtmann <marcel@holtmann.org>