!7281 llc: make llc_ui_sendmsg() more robust against bonding changes

 */

static int llc_ui_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)

{

	DECLARE_SOCKADDR(struct sockaddr_llc *, addr, msg->msg_name);

	struct sock *sk = sock->sk;

	struct llc_sock *llc = llc_sk(sk);

	DECLARE_SOCKADDR(struct sockaddr_llc *, addr, msg->msg_name);

	int flags = msg->msg_flags;

	int noblock = flags & MSG_DONTWAIT;

	int rc = -EINVAL, copied = 0, hdrlen, hh_len;

	struct sk_buff *skb = NULL;

	struct net_device *dev;

	size_t size = 0;

	int rc = -EINVAL, copied = 0, hdrlen;

	dprintk("%s: sending from %02X to %02X\n", __func__,

		llc->laddr.lsap, llc->daddr.lsap);

		if (rc)

			goto out;

	}

	hdrlen = llc->dev->hard_header_len + llc_ui_header_len(sk, addr);

	dev = llc->dev;

	hh_len = LL_RESERVED_SPACE(dev);

	hdrlen = llc_ui_header_len(sk, addr);

	size = hdrlen + len;

	if (size > llc->dev->mtu)

		size = llc->dev->mtu;

	size = min_t(size_t, size, READ_ONCE(dev->mtu));

	copied = size - hdrlen;

	rc = -EINVAL;

	if (copied < 0)

		goto out;

	release_sock(sk);

	skb = sock_alloc_send_skb(sk, size, noblock, &rc);

	skb = sock_alloc_send_skb(sk, hh_len + size, noblock, &rc);

	lock_sock(sk);

	if (!skb)

		goto out;

	skb->dev      = llc->dev;

	if (sock_flag(sk, SOCK_ZAPPED) ||

	    llc->dev != dev ||

	    hdrlen != llc_ui_header_len(sk, addr) ||

	    hh_len != LL_RESERVED_SPACE(dev) ||

	    size > READ_ONCE(dev->mtu))

		goto out;

	skb->dev      = dev;

	skb->protocol = llc_proto_type(addr->sllc_arphrd);

	skb_reserve(skb, hdrlen);

	skb_reserve(skb, hh_len + hdrlen);

	rc = memcpy_from_msg(skb_put(skb, copied), msg, copied);

	if (rc)

		goto out;