Merge branch 'linus' into cont_syslog

[safe/jmp/linux-2.6] / net / bluetooth / hidp / core.c

diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
index 37ba153..bfe641b 100644 (file)
--- a/net/bluetooth/hidp/core.c
+++ b/net/bluetooth/hidp/core.c
@@ -561,8 +561,8 @@ static int hidp_session(void *arg)
 
        init_waitqueue_entry(&ctrl_wait, current);
        init_waitqueue_entry(&intr_wait, current);
-       add_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait);
-       add_wait_queue(intr_sk->sk_sleep, &intr_wait);
+       add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
+       add_wait_queue(sk_sleep(intr_sk), &intr_wait);
        while (!atomic_read(&session->terminate)) {
                set_current_state(TASK_INTERRUPTIBLE);
 
@@ -584,8 +584,8 @@ static int hidp_session(void *arg)
                schedule();
        }
        set_current_state(TASK_RUNNING);
-       remove_wait_queue(intr_sk->sk_sleep, &intr_wait);
-       remove_wait_queue(ctrl_sk->sk_sleep, &ctrl_wait);
+       remove_wait_queue(sk_sleep(intr_sk), &intr_wait);
+       remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
 
        down_write(&hidp_session_sem);
 
@@ -609,7 +609,7 @@ static int hidp_session(void *arg)
 
        fput(session->intr_sock->file);
 
-       wait_event_timeout(*(ctrl_sk->sk_sleep),
+       wait_event_timeout(*(sk_sleep(ctrl_sk)),
                (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
 
        fput(session->ctrl_sock->file);
@@ -714,29 +714,9 @@ static void hidp_close(struct hid_device *hid)
 static int hidp_parse(struct hid_device *hid)
 {
        struct hidp_session *session = hid->driver_data;
-       struct hidp_connadd_req *req = session->req;
-       unsigned char *buf;
-       int ret;
-
-       buf = kmalloc(req->rd_size, GFP_KERNEL);
-       if (!buf)
-               return -ENOMEM;
-
-       if (copy_from_user(buf, req->rd_data, req->rd_size)) {
-               kfree(buf);
-               return -EFAULT;
-       }
-
-       ret = hid_parse_report(session->hid, buf, req->rd_size);
-
-       kfree(buf);
-
-       if (ret)
-               return ret;
-
-       session->req = NULL;
 
-       return 0;
+       return hid_parse_report(session->hid, session->rd_data,
+                       session->rd_size);
 }
 
 static int hidp_start(struct hid_device *hid)
@@ -781,12 +761,24 @@ static int hidp_setup_hid(struct hidp_session *session,
        bdaddr_t src, dst;
        int err;
 
+       session->rd_data = kzalloc(req->rd_size, GFP_KERNEL);
+       if (!session->rd_data)
+               return -ENOMEM;
+
+       if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) {
+               err = -EFAULT;
+               goto fault;
+       }
+       session->rd_size = req->rd_size;
+
        hid = hid_allocate_device();
-       if (IS_ERR(hid))
-               return PTR_ERR(hid);
+       if (IS_ERR(hid)) {
+               err = PTR_ERR(hid);
+               goto fault;
+       }
 
        session->hid = hid;
-       session->req = req;
+
        hid->driver_data = session;
 
        baswap(&src, &bt_sk(session->ctrl_sock->sk)->src);
@@ -817,6 +809,10 @@ failed:
        hid_destroy_device(hid);
        session->hid = NULL;
 
+fault:
+       kfree(session->rd_data);
+       session->rd_data = NULL;
+
        return err;
 }
 
@@ -911,6 +907,9 @@ unlink:
                session->hid = NULL;
        }
 
+       kfree(session->rd_data);
+       session->rd_data = NULL;
+
 purge:
        skb_queue_purge(&session->ctrl_transmit);
        skb_queue_purge(&session->intr_transmit);