Could you give attached patch a try instead of previous one.
It adds gfp mask into cn_netlink_send() call also.
If you need updated CBUS sources, feel free to ask, 
I will send updated sources with Andrew's comments resolved too.

I do not know exactly your connector version, 
so patch will probably be applied with fuzz.

feel free to contact if it does not apply, I will send
the whole sources.

Thank you.

* looking for [EMAIL PROTECTED]/connector--main--0--patch-38 to compare with
* comparing to [EMAIL PROTECTED]/connector--main--0--patch-38
M  connector.c
M  connector.h
M  cbus.c

* modified files

--- orig/drivers/connector/connector.c
+++ mod/drivers/connector/connector.c
@@ -70,7 +70,7 @@
  * then it is new message.
  *
  */
-void cn_netlink_send(struct cn_msg *msg, u32 __groups)
+void cn_netlink_send(struct cn_msg *msg, u32 __groups, int gfp_mask)
 {
        struct cn_callback_entry *n, *__cbq;
        unsigned int size;
@@ -102,7 +102,7 @@
 
        size = NLMSG_SPACE(sizeof(*msg) + msg->len);
 
-       skb = alloc_skb(size, GFP_ATOMIC);
+       skb = alloc_skb(size, gfp_mask);
        if (!skb) {
                printk(KERN_ERR "Failed to allocate new skb with size=%u.\n", 
size);
                return;
@@ -119,11 +119,11 @@
 #endif
        
        NETLINK_CB(skb).dst_groups = groups;
-
-       uskb = skb_clone(skb, GFP_ATOMIC);
-       if (uskb)
+#if 0
+       uskb = skb_clone(skb, gfp_mask);
+       if (uskb && 0)
                netlink_unicast(dev->nls, uskb, 0, 0);
-       
+#endif 
        netlink_broadcast(dev->nls, skb, 0, groups, GFP_ATOMIC);
 
        return;
@@ -158,7 +158,7 @@
        }
        spin_unlock_bh(&dev->cbdev->queue_lock);
 
-       return found;
+       return (found)?0:-ENODEV;
 }
 
 /*
@@ -181,7 +181,6 @@
                                "requested msg->len=%u[%u], nlh->nlmsg_len=%u, 
skb->len=%u.\n",
                                msg->len, NLMSG_SPACE(msg->len + sizeof(*msg)),
                                nlh->nlmsg_len, skb->len);
-               kfree_skb(skb);
                return -EINVAL;
        }
 #if 0
@@ -215,17 +214,18 @@
               skb->len, skb->data_len, skb->truesize, skb->protocol,
               skb_cloned(skb), skb_shared(skb));
 #endif
-       while (skb->len >= NLMSG_SPACE(0)) {
+       if (skb->len >= NLMSG_SPACE(0)) {
                nlh = (struct nlmsghdr *)skb->data;
+
                if (nlh->nlmsg_len < sizeof(struct cn_msg) ||
                    skb->len < nlh->nlmsg_len ||
                    nlh->nlmsg_len > CONNECTOR_MAX_MSG_SIZE) {
-#if 0
+#if 1
                        printk(KERN_INFO "nlmsg_len=%u, sizeof(*nlh)=%u\n",
                               nlh->nlmsg_len, sizeof(*nlh));
 #endif
                        kfree_skb(skb);
-                       break;
+                       goto out;
                }
 
                len = NLMSG_ALIGN(nlh->nlmsg_len);
@@ -233,22 +233,11 @@
                        len = skb->len;
 
                err = __cn_rx_skb(skb, nlh);
-               if (err) {
-#if 0
-                       if (err < 0 && (nlh->nlmsg_flags & NLM_F_ACK))
-                               netlink_ack(skb, nlh, -err);
-#endif
-                       break;
-               } else {
-#if 0
-                       if (nlh->nlmsg_flags & NLM_F_ACK)
-                               netlink_ack(skb, nlh, 0);
-#endif
-                       break;
-               }
-               skb_pull(skb, len);
+               if (err < 0)
+                       kfree_skb(skb);
        }
-                       
+
+out:
        kfree_skb(__skb);
 }
 
@@ -310,7 +299,7 @@
                        m.ack = notify_event;
 
                        memcpy(&m.id, id, sizeof(m.id));
-                       cn_netlink_send(&m, ctl->group);
+                       cn_netlink_send(&m, ctl->group, GFP_ATOMIC);
                }
        }
        spin_unlock_bh(&notify_lock);


--- orig/include/linux/connector.h
+++ mod/include/linux/connector.h
@@ -148,7 +148,7 @@
 
 int cn_add_callback(struct cb_id *, char *, void (* callback)(void *));
 void cn_del_callback(struct cb_id *);
-void cn_netlink_send(struct cn_msg *, u32);
+void cn_netlink_send(struct cn_msg *, u32, int);
 
 int cn_queue_add_callback(struct cn_queue_dev *dev, struct cn_callback *cb);
 void cn_queue_del_callback(struct cn_queue_dev *dev, struct cb_id *id);





-- 
        Evgeniy Polyakov

Crash is better than data corruption -- Arthur Grabowski

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to