!5359 CVE-2021-47121 and CVE-2021-47122

 * The link_support layer is used to add any Link Layer specific

 * framing.

 */

void caif_enroll_dev(struct net_device *dev, struct caif_dev_common *caifdev,

int caif_enroll_dev(struct net_device *dev, struct caif_dev_common *caifdev,

			struct cflayer *link_support, int head_room,

			struct cflayer **layer, int (**rcv_func)(

				struct sk_buff *, struct net_device *,

 * @fcs:	Specify if checksum is used in CAIF Framing Layer.

 * @head_room:	Head space needed by link specific protocol.

 */

void

int

cfcnfg_add_phy_layer(struct cfcnfg *cnfg,

		     struct net_device *dev, struct cflayer *phy_layer,

		     enum cfcnfg_phy_preference pref,

#include <net/caif/caif_layer.h>

struct cflayer *cfserl_create(int instance, bool use_stx);

void cfserl_release(struct cflayer *layer);

#endif

	caifd_put(caifd);

}

void caif_enroll_dev(struct net_device *dev, struct caif_dev_common *caifdev,

int caif_enroll_dev(struct net_device *dev, struct caif_dev_common *caifdev,

		     struct cflayer *link_support, int head_room,

		     struct cflayer **layer,

		     int (**rcv_func)(struct sk_buff *, struct net_device *,

	enum cfcnfg_phy_preference pref;

	struct cfcnfg *cfg = get_cfcnfg(dev_net(dev));

	struct caif_device_entry_list *caifdevs;

	int res;

	caifdevs = caif_device_list(dev_net(dev));

	caifd = caif_device_alloc(dev);

	if (!caifd)

		return;

		return -ENOMEM;

	*layer = &caifd->layer;

	spin_lock_init(&caifd->flow_lock);

	strlcpy(caifd->layer.name, dev->name,

		sizeof(caifd->layer.name));

	caifd->layer.transmit = transmit;

	cfcnfg_add_phy_layer(cfg,

	res = cfcnfg_add_phy_layer(cfg,

				dev,

				&caifd->layer,

				pref,

	mutex_unlock(&caifdevs->lock);

	if (rcv_func)

		*rcv_func = receive;

	return res;

}

EXPORT_SYMBOL(caif_enroll_dev);

	struct cflayer *layer, *link_support;

	int head_room = 0;

	struct caif_device_entry_list *caifdevs;

	int res;

	cfg = get_cfcnfg(dev_net(dev));

	caifdevs = caif_device_list(dev_net(dev));

				break;

			}

		}

		caif_enroll_dev(dev, caifdev, link_support, head_room,

		res = caif_enroll_dev(dev, caifdev, link_support, head_room,

				&layer, NULL);

		if (res)

			cfserl_release(link_support);

		caifdev->flowctrl = dev_flowctrl;

		break;

	return (struct cflayer *) this;

}

static void cfusbl_release(struct cflayer *layer)

{

	kfree(layer);

}

static struct packet_type caif_usb_type __read_mostly = {

	.type = cpu_to_be16(ETH_P_802_EX1),

};

	struct cflayer *layer, *link_support;

	struct usbnet *usbnet;

	struct usb_device *usbdev;

	int res;

	/* Check whether we have a NCM device, and find its VID/PID. */

	if (!(dev->dev.parent && dev->dev.parent->driver &&

	if (dev->num_tx_queues > 1)

		pr_warn("USB device uses more than one tx queue\n");

	caif_enroll_dev(dev, &common, link_support, CFUSB_MAX_HEADLEN,

	res = caif_enroll_dev(dev, &common, link_support, CFUSB_MAX_HEADLEN,

			&layer, &caif_usb_type.func);

	if (res)

		goto err;

	if (!pack_added)

		dev_add_pack(&caif_usb_type);

	pack_added = true;

	strlcpy(layer->name, dev->name, sizeof(layer->name));

	return 0;

err:

	cfusbl_release(link_support);

	return res;

}

static struct notifier_block caif_device_notifier = {