From: kernel test robot <lkp@intel.com>
To: kbuild@lists.01.org
Subject: [linux-next:master 3872/6512] net/bluetooth/smp.c:1633 smp_user_confirm_reply() warn: variable dereferenced before check 'conn' (see line 1631)
Date: Tue, 23 Mar 2021 17:52:16 +0800 [thread overview]
Message-ID: <202103231707.WGPkaRxh-lkp@intel.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 6438 bytes --]
CC: kbuild-all(a)lists.01.org
CC: Linux Memory Management List <linux-mm@kvack.org>
TO: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
CC: Marcel Holtmann <marcel@holtmann.org>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
head: d949689e7383cd5271470f2b99dbe2fd3199bffd
commit: 2e1614f7d61e407f1a8e7935a2903a6fa3cb0b11 [3872/6512] Bluetooth: SMP: Convert BT_ERR/BT_DBG to bt_dev_err/bt_dev_dbg
:::::: branch date: 3 hours ago
:::::: commit date: 8 days ago
config: powerpc-randconfig-m031-20210323 (attached as .config)
compiler: powerpc-linux-gcc (GCC) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch warnings:
net/bluetooth/smp.c:1633 smp_user_confirm_reply() warn: variable dereferenced before check 'conn' (see line 1631)
vim +/conn +1633 net/bluetooth/smp.c
760b018b6cf08e Johan Hedberg 2014-06-06 1622
2b64d153a0cc9d Brian Gix 2011-12-21 1623 int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
2b64d153a0cc9d Brian Gix 2011-12-21 1624 {
b10e8017bd9d02 Johan Hedberg 2014-06-27 1625 struct l2cap_conn *conn = hcon->l2cap_data;
5d88cc73dded31 Johan Hedberg 2014-08-08 1626 struct l2cap_chan *chan;
2b64d153a0cc9d Brian Gix 2011-12-21 1627 struct smp_chan *smp;
2b64d153a0cc9d Brian Gix 2011-12-21 1628 u32 value;
fc75cc8684d21d Johan Hedberg 2014-09-05 1629 int err;
2b64d153a0cc9d Brian Gix 2011-12-21 1630
2e1614f7d61e40 Luiz Augusto von Dentz 2021-03-15 @1631 bt_dev_dbg(conn->hcon->hdev, "");
2b64d153a0cc9d Brian Gix 2011-12-21 1632
fc75cc8684d21d Johan Hedberg 2014-09-05 @1633 if (!conn)
2b64d153a0cc9d Brian Gix 2011-12-21 1634 return -ENOTCONN;
2b64d153a0cc9d Brian Gix 2011-12-21 1635
5d88cc73dded31 Johan Hedberg 2014-08-08 1636 chan = conn->smp;
5d88cc73dded31 Johan Hedberg 2014-08-08 1637 if (!chan)
5d88cc73dded31 Johan Hedberg 2014-08-08 1638 return -ENOTCONN;
5d88cc73dded31 Johan Hedberg 2014-08-08 1639
fc75cc8684d21d Johan Hedberg 2014-09-05 1640 l2cap_chan_lock(chan);
fc75cc8684d21d Johan Hedberg 2014-09-05 1641 if (!chan->data) {
fc75cc8684d21d Johan Hedberg 2014-09-05 1642 err = -ENOTCONN;
fc75cc8684d21d Johan Hedberg 2014-09-05 1643 goto unlock;
fc75cc8684d21d Johan Hedberg 2014-09-05 1644 }
fc75cc8684d21d Johan Hedberg 2014-09-05 1645
5d88cc73dded31 Johan Hedberg 2014-08-08 1646 smp = chan->data;
2b64d153a0cc9d Brian Gix 2011-12-21 1647
760b018b6cf08e Johan Hedberg 2014-06-06 1648 if (test_bit(SMP_FLAG_SC, &smp->flags)) {
760b018b6cf08e Johan Hedberg 2014-06-06 1649 err = sc_user_reply(smp, mgmt_op, passkey);
760b018b6cf08e Johan Hedberg 2014-06-06 1650 goto unlock;
760b018b6cf08e Johan Hedberg 2014-06-06 1651 }
760b018b6cf08e Johan Hedberg 2014-06-06 1652
2b64d153a0cc9d Brian Gix 2011-12-21 1653 switch (mgmt_op) {
2b64d153a0cc9d Brian Gix 2011-12-21 1654 case MGMT_OP_USER_PASSKEY_REPLY:
2b64d153a0cc9d Brian Gix 2011-12-21 1655 value = le32_to_cpu(passkey);
943a732ab6440f Johan Hedberg 2014-03-18 1656 memset(smp->tk, 0, sizeof(smp->tk));
2e1614f7d61e40 Luiz Augusto von Dentz 2021-03-15 1657 bt_dev_dbg(conn->hcon->hdev, "PassKey: %d", value);
943a732ab6440f Johan Hedberg 2014-03-18 1658 put_unaligned_le32(value, smp->tk);
19186c7b45c134 Gustavo A. R. Silva 2020-07-08 1659 fallthrough;
2b64d153a0cc9d Brian Gix 2011-12-21 1660 case MGMT_OP_USER_CONFIRM_REPLY:
4a74d65868f10d Johan Hedberg 2014-05-20 1661 set_bit(SMP_FLAG_TK_VALID, &smp->flags);
2b64d153a0cc9d Brian Gix 2011-12-21 1662 break;
2b64d153a0cc9d Brian Gix 2011-12-21 1663 case MGMT_OP_USER_PASSKEY_NEG_REPLY:
2b64d153a0cc9d Brian Gix 2011-12-21 1664 case MGMT_OP_USER_CONFIRM_NEG_REPLY:
84794e119a22f6 Johan Hedberg 2013-11-06 1665 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
fc75cc8684d21d Johan Hedberg 2014-09-05 1666 err = 0;
fc75cc8684d21d Johan Hedberg 2014-09-05 1667 goto unlock;
2b64d153a0cc9d Brian Gix 2011-12-21 1668 default:
84794e119a22f6 Johan Hedberg 2013-11-06 1669 smp_failure(conn, SMP_PASSKEY_ENTRY_FAILED);
fc75cc8684d21d Johan Hedberg 2014-09-05 1670 err = -EOPNOTSUPP;
fc75cc8684d21d Johan Hedberg 2014-09-05 1671 goto unlock;
2b64d153a0cc9d Brian Gix 2011-12-21 1672 }
2b64d153a0cc9d Brian Gix 2011-12-21 1673
fc75cc8684d21d Johan Hedberg 2014-09-05 1674 err = 0;
fc75cc8684d21d Johan Hedberg 2014-09-05 1675
2b64d153a0cc9d Brian Gix 2011-12-21 1676 /* If it is our turn to send Pairing Confirm, do so now */
1cc6114402f864 Johan Hedberg 2014-05-20 1677 if (test_bit(SMP_FLAG_CFM_PENDING, &smp->flags)) {
1cc6114402f864 Johan Hedberg 2014-05-20 1678 u8 rsp = smp_confirm(smp);
1cc6114402f864 Johan Hedberg 2014-05-20 1679 if (rsp)
1cc6114402f864 Johan Hedberg 2014-05-20 1680 smp_failure(conn, rsp);
1cc6114402f864 Johan Hedberg 2014-05-20 1681 }
2b64d153a0cc9d Brian Gix 2011-12-21 1682
fc75cc8684d21d Johan Hedberg 2014-09-05 1683 unlock:
fc75cc8684d21d Johan Hedberg 2014-09-05 1684 l2cap_chan_unlock(chan);
fc75cc8684d21d Johan Hedberg 2014-09-05 1685 return err;
2b64d153a0cc9d Brian Gix 2011-12-21 1686 }
2b64d153a0cc9d Brian Gix 2011-12-21 1687
:::::: The code at line 1633 was first introduced by commit
:::::: fc75cc8684d21d3649b28c4c37d4ce3f000759e4 Bluetooth: Fix locking of the SMP context
:::::: TO: Johan Hedberg <johan.hedberg@intel.com>
:::::: CC: Marcel Holtmann <marcel@holtmann.org>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 25715 bytes --]
next reply other threads:[~2021-03-23 9:52 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-23 9:52 kernel test robot [this message]
2021-03-23 12:43 [linux-next:master 3872/6512] net/bluetooth/smp.c:1633 smp_user_confirm_reply() warn: variable dereferenced before check 'conn' (see line 1631) Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202103231707.WGPkaRxh-lkp@intel.com \
--to=lkp@intel.com \
--cc=kbuild@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.