From: Dan Carpenter <dan.carpenter@oracle.com>
To: kbuild@lists.01.org, Kiran K <kiran.k@intel.com>,
linux-bluetooth@vger.kernel.org
Cc: lkp@intel.com, kbuild-all@lists.01.org,
ravishankar.srivatsa@intel.com, chethan.tumkur.narayan@intel.com,
luiz.von.dentz@intel.com, Kiran K <kiran.k@intel.com>
Subject: Re: [PATCH v3 08/13] Bluetooth: Implement MSFT avdtp open command
Date: Fri, 19 Nov 2021 17:27:53 +0300 [thread overview]
Message-ID: <202111190204.lssqaO96-lkp@intel.com> (raw)
In-Reply-To: <20211115064914.2345-8-kiran.k@intel.com>
Hi Kiran,
url: https://github.com/0day-ci/linux/commits/Kiran-K/Bluetooth-Refactor-code-to-read-supported-codecs-in-getsockopt/20211115-144640
base: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git master
config: i386-randconfig-m021-20211115 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
New smatch warnings:
net/bluetooth/hci_codec.c:388 hci_configure_msft_avdtp_open() warn: is 'cmd + 1' large enough for 'struct hci_media_service_caps'? s32min
Old smatch warnings:
net/bluetooth/hci_codec.c:399 hci_configure_msft_avdtp_open() error: uninitialized symbol 'err'.
vim +388 net/bluetooth/hci_codec.c
d9396dc909768b Kiran K 2021-11-15 359 int hci_configure_msft_avdtp_open(struct hci_dev *hdev, struct l2cap_chan *chan,
d9396dc909768b Kiran K 2021-11-15 360 sockptr_t optval, int optlen)
d9396dc909768b Kiran K 2021-11-15 361 {
d9396dc909768b Kiran K 2021-11-15 362 struct msft_cp_avdtp_open *cmd = NULL;
d9396dc909768b Kiran K 2021-11-15 363 struct hci_media_service_caps *caps;
d9396dc909768b Kiran K 2021-11-15 364 int err;
d9396dc909768b Kiran K 2021-11-15 365
d9396dc909768b Kiran K 2021-11-15 366 if (!optlen || optlen < sizeof(*caps)) {
The kbuild-bot doesn't use cross function analysis so it doesn't know
how this function is called. This check doesn't prevent negative values
of "optlen" and the "!optlen" condition is not required. Of course,
making "optlen" into an unsigned value changes it from a "negatives are
not handled" warning into a "integer overflows are not handled" warning.
One idea would be to just make sure this is called with valid values and
ignore the warning. It probably should be disabled globally if you
don't have the cross function database. Another idea would be to
write this as:
if (optlen < 0 || optlen < sizeof(*caps)) {
Negatives don't really cause a problem though because copy_from_user()
has a check for that added in commit 6d13de1489b6 ("uaccess: disallow >
INT_MAX copy sizes").
regards,
dan carpenter
d9396dc909768b Kiran K 2021-11-15 367 err = -EINVAL;
d9396dc909768b Kiran K 2021-11-15 368 goto fail;
d9396dc909768b Kiran K 2021-11-15 369 }
d9396dc909768b Kiran K 2021-11-15 370
d9396dc909768b Kiran K 2021-11-15 371 cmd = kzalloc(sizeof(*cmd) + optlen, GFP_KERNEL);
d9396dc909768b Kiran K 2021-11-15 372 if (!cmd) {
d9396dc909768b Kiran K 2021-11-15 373 err = -ENOMEM;
d9396dc909768b Kiran K 2021-11-15 374 goto fail;
d9396dc909768b Kiran K 2021-11-15 375 }
d9396dc909768b Kiran K 2021-11-15 376
d9396dc909768b Kiran K 2021-11-15 377 cmd->sub_opcode = HCI_MSFT_AVDTP_OPEN;
d9396dc909768b Kiran K 2021-11-15 378 cmd->handle = __cpu_to_le16(chan->conn->hcon->handle);
d9396dc909768b Kiran K 2021-11-15 379 cmd->dcid = cpu_to_le16(chan->dcid);
d9396dc909768b Kiran K 2021-11-15 380 cmd->omtu = cpu_to_le16(chan->omtu);
d9396dc909768b Kiran K 2021-11-15 381 caps = (void *)(cmd + 1);
d9396dc909768b Kiran K 2021-11-15 382
d9396dc909768b Kiran K 2021-11-15 383 if (copy_from_sockptr(caps, optval, optlen)) {
d9396dc909768b Kiran K 2021-11-15 384 err = -EFAULT;
d9396dc909768b Kiran K 2021-11-15 385 goto fail;
d9396dc909768b Kiran K 2021-11-15 386 }
d9396dc909768b Kiran K 2021-11-15 387
d9396dc909768b Kiran K 2021-11-15 @388 if (caps->category != 0x07) {
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
next prev parent reply other threads:[~2021-11-19 14:28 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-15 6:49 [PATCH v3 01/13] Bluetooth: Refactor code to read supported codecs in getsockopt Kiran K
2021-11-15 6:49 ` [PATCH v3 02/13] Bluetooth: Support reading of codecs supported over l2cap socket Kiran K
2021-11-15 6:49 ` [PATCH v3 03/13] Bluetooth: btintel: cache offload use case data Kiran K
2021-11-15 6:49 ` [PATCH v3 04/13] Bluetooth: Pass transport type in get_data_path_id Kiran K
2021-11-15 6:49 ` [PATCH v3 05/13] Bluetooth: btintel: Add support to fetch data path id for a2dp offload Kiran K
2021-11-15 6:49 ` [PATCH v3 06/13] Bluetooth: Remove unused member in struct hci_vnd_codec_v2 Kiran K
2021-11-15 6:49 ` [PATCH v3 07/13] Bluetooth: Read Output codec capabilities Kiran K
2021-11-15 6:49 ` [PATCH v3 08/13] Bluetooth: Implement MSFT avdtp open command Kiran K
2021-11-15 21:23 ` Luiz Augusto von Dentz
2021-11-19 8:11 ` K, Kiran
2021-11-19 14:27 ` Dan Carpenter [this message]
2021-11-15 6:49 ` [PATCH v3 09/13] Bluetooth: Handle MSFT avdtp open event Kiran K
2021-11-15 6:49 ` [PATCH v3 10/13] " Kiran K
2021-11-15 17:53 ` kernel test robot
2021-11-15 6:49 ` [PATCH v3 11/13] Bluetooth: Implment MSFT avdtp start command Kiran K
2021-11-15 6:49 ` [PATCH v3 12/13] Bluetooth: Implment MSFT avdtp suspend command Kiran K
2021-11-15 6:49 ` [PATCH v3 13/13] Bluetooth: Implment MSFT avdtp close command Kiran K
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202111190204.lssqaO96-lkp@intel.com \
--to=dan.carpenter@oracle.com \
--cc=chethan.tumkur.narayan@intel.com \
--cc=kbuild-all@lists.01.org \
--cc=kbuild@lists.01.org \
--cc=kiran.k@intel.com \
--cc=linux-bluetooth@vger.kernel.org \
--cc=lkp@intel.com \
--cc=luiz.von.dentz@intel.com \
--cc=ravishankar.srivatsa@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).