diff --git a/drivers/bluetooth/hci_vhci.c b/drivers/bluetooth/hci_vhci.c index 8ab26dec5f6e..f225c6a380b4 100644 --- a/drivers/bluetooth/hci_vhci.c +++ b/drivers/bluetooth/hci_vhci.c @@ -155,7 +155,7 @@ static inline ssize_t vhci_get_user(struct vhci_data *data, struct iov_iter *from) { size_t len = iov_iter_count(from); - struct sk_buff *skb; + struct sk_buff *skb = NULL; __u8 pkt_type, opcode; int ret; diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index 9832f8445d43..3acb9f605854 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c @@ -1756,9 +1756,9 @@ void hci_chan_list_flush(struct hci_conn *conn) static struct hci_chan *__hci_chan_lookup_handle(struct hci_conn *hcon, __u16 handle) { - struct hci_chan *hchan; + struct hci_chan *hchan = NULL; - list_for_each_entry(hchan, &hcon->chan_list, list) { + list_for_each_entry_safe(hchan, &hcon->chan_list, list) { if (hchan->handle == handle) return hchan; } diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 4b7fc430793c..c43a57d4d14c 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -4962,9 +4962,9 @@ static void hci_phy_link_complete_evt(struct hci_dev *hdev, static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) { struct hci_ev_logical_link_complete *ev = (void *) skb->data; - struct hci_conn *hcon; - struct hci_chan *hchan; - struct amp_mgr *mgr; + struct hci_conn *hcon = NULL; + struct hci_chan *hchan = NULL; + struct amp_mgr *mgr = NULL; BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x", hdev->name, le16_to_cpu(ev->handle), ev->phy_handle, @@ -4988,8 +4988,8 @@ static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) struct l2cap_chan *bredr_chan = mgr->bredr_chan; l2cap_chan_lock(bredr_chan); - - bredr_chan->conn->mtu = hdev->block_mtu; + if(hdev->block_mtu) + bredr_chan->conn->mtu = hdev->block_mtu; l2cap_logical_cfm(bredr_chan, hchan, 0); hci_conn_hold(hcon);