2023-09-16 00:05:38

by Luiz Augusto von Dentz

[permalink] [raw]
Subject: [PATCH v3 1/2] Bluetooth: hci_core: Fix build warnings

From: Luiz Augusto von Dentz <[email protected]>

This fixes the following warnings:

net/bluetooth/hci_core.c: In function ‘hci_register_dev’:
net/bluetooth/hci_core.c:2620:54: warning: ‘%d’ directive output may
be truncated writing between 1 and 10 bytes into a region of size 5
[-Wformat-truncation=]
2620 | snprintf(hdev->name, sizeof(hdev->name), "hci%d", id);
| ^~
net/bluetooth/hci_core.c:2620:50: note: directive argument in the range
[0, 2147483647]
2620 | snprintf(hdev->name, sizeof(hdev->name), "hci%d", id);
| ^~~~~~~
net/bluetooth/hci_core.c:2620:9: note: ‘snprintf’ output between 5 and
14 bytes into a destination of size 8
2620 | snprintf(hdev->name, sizeof(hdev->name), "hci%d", id);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Luiz Augusto von Dentz <[email protected]>
---
include/net/bluetooth/hci_core.h | 2 +-
net/bluetooth/hci_core.c | 8 +++++---
2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
index bbad301f5781..f36c1fd5d64e 100644
--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -350,7 +350,7 @@ struct hci_dev {
struct list_head list;
struct mutex lock;

- char name[8];
+ const char *name;
unsigned long flags;
__u16 id;
__u8 bus;
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index db4f28d68d71..9e89843c259b 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -2617,7 +2617,11 @@ int hci_register_dev(struct hci_dev *hdev)
if (id < 0)
return id;

- snprintf(hdev->name, sizeof(hdev->name), "hci%d", id);
+ error = dev_set_name(&hdev->dev, "hci%u", id);
+ if (error)
+ return error;
+
+ hdev->name = dev_name(&hdev->dev);
hdev->id = id;

BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus);
@@ -2639,8 +2643,6 @@ int hci_register_dev(struct hci_dev *hdev)
if (!IS_ERR_OR_NULL(bt_debugfs))
hdev->debugfs = debugfs_create_dir(hdev->name, bt_debugfs);

- dev_set_name(&hdev->dev, "%s", hdev->name);
-
error = device_add(&hdev->dev);
if (error < 0)
goto err_wqueue;
--
2.41.0


2023-09-16 03:17:33

by bluez.test.bot

[permalink] [raw]
Subject: RE: [v3,1/2] Bluetooth: hci_core: Fix build warnings

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=784859

---Test result---

Test Summary:
CheckPatch PASS 6.97 seconds
GitLint PASS 0.76 seconds
SubjectPrefix PASS 0.15 seconds
BuildKernel PASS 46.49 seconds
CheckAllWarning PASS 50.70 seconds
CheckSparse WARNING 57.30 seconds
CheckSmatch WARNING 152.74 seconds
BuildKernel32 PASS 44.81 seconds
TestRunnerSetup PASS 682.73 seconds
TestRunner_l2cap-tester PASS 40.54 seconds
TestRunner_iso-tester PASS 82.57 seconds
TestRunner_bnep-tester PASS 14.22 seconds
TestRunner_mgmt-tester PASS 286.68 seconds
TestRunner_rfcomm-tester PASS 21.54 seconds
TestRunner_sco-tester PASS 24.71 seconds
TestRunner_ioctl-tester PASS 25.51 seconds
TestRunner_mesh-tester PASS 18.49 seconds
TestRunner_smp-tester PASS 19.47 seconds
TestRunner_userchan-tester PASS 15.43 seconds
IncrementalBuild PASS 53.32 seconds

Details
##############################
Test: CheckSparse - WARNING
Desc: Run sparse tool with linux kernel
Output:
net/bluetooth/hci_event.c: note: in included file (through include/net/bluetooth/hci_core.h):
##############################
Test: CheckSmatch - WARNING
Desc: Run smatch tool with source
Output:
net/bluetooth/hci_event.c: note: in included file (through include/net/bluetooth/hci_core.h):


---
Regards,
Linux Bluetooth

2023-09-16 05:12:15

by Luiz Augusto von Dentz

[permalink] [raw]
Subject: [PATCH v3 2/2] Bluetooth: hci_codec: Fix leaking content of local_codecs

From: Luiz Augusto von Dentz <[email protected]>

The following memory leak can be observed when the controller supports
codecs which are stored in local_codecs list but the elements are never
freed:

unreferenced object 0xffff88800221d840 (size 32):
comm "kworker/u3:0", pid 36, jiffies 4294898739 (age 127.060s)
hex dump (first 32 bytes):
f8 d3 02 03 80 88 ff ff 80 d8 21 02 80 88 ff ff ..........!.....
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffffb324f557>] __kmalloc+0x47/0x120
[<ffffffffb39ef37d>] hci_codec_list_add.isra.0+0x2d/0x160
[<ffffffffb39ef643>] hci_read_codec_capabilities+0x183/0x270
[<ffffffffb39ef9ab>] hci_read_supported_codecs+0x1bb/0x2d0
[<ffffffffb39f162e>] hci_read_local_codecs_sync+0x3e/0x60
[<ffffffffb39ff1b3>] hci_dev_open_sync+0x943/0x11e0
[<ffffffffb396d55d>] hci_power_on+0x10d/0x3f0
[<ffffffffb30c99b4>] process_one_work+0x404/0x800
[<ffffffffb30ca134>] worker_thread+0x374/0x670
[<ffffffffb30d9108>] kthread+0x188/0x1c0
[<ffffffffb304db6b>] ret_from_fork+0x2b/0x50
[<ffffffffb300206a>] ret_from_fork_asm+0x1a/0x30

Cc: [email protected]
Fixes: 8961987f3f5f ("Bluetooth: Enumerate local supported codec and cache details")
Signed-off-by: Luiz Augusto von Dentz <[email protected]>
---
net/bluetooth/hci_core.c | 1 +
net/bluetooth/hci_event.c | 1 +
net/bluetooth/hci_sync.c | 1 +
3 files changed, 3 insertions(+)

diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 9e89843c259b..195aea2198a9 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -2786,6 +2786,7 @@ void hci_release_dev(struct hci_dev *hdev)
hci_conn_params_clear_all(hdev);
hci_discovery_filter_clear(hdev);
hci_blocked_keys_clear(hdev);
+ hci_codec_list_clear(&hdev->local_codecs);
hci_dev_unlock(hdev);

ida_simple_remove(&hci_index_ida, hdev->id);
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index d532f4c139f9..d242f956dea8 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -33,6 +33,7 @@

#include "hci_request.h"
#include "hci_debugfs.h"
+#include "hci_codec.h"
#include "a2mp.h"
#include "amp.h"
#include "smp.h"
diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c
index 1be5763c261c..3640d73f9595 100644
--- a/net/bluetooth/hci_sync.c
+++ b/net/bluetooth/hci_sync.c
@@ -5074,6 +5074,7 @@ int hci_dev_close_sync(struct hci_dev *hdev)
memset(hdev->eir, 0, sizeof(hdev->eir));
memset(hdev->dev_class, 0, sizeof(hdev->dev_class));
bacpy(&hdev->random_addr, BDADDR_ANY);
+ hci_codec_list_clear(&hdev->local_codecs);

hci_dev_put(hdev);
return err;
--
2.41.0

2023-09-16 05:20:55

by kernel test robot

[permalink] [raw]
Subject: Re: [PATCH v3 1/2] Bluetooth: hci_core: Fix build warnings

Hi Luiz,

kernel test robot noticed the following build warnings:

[auto build test WARNING on linus/master]
[also build test WARNING on v6.6-rc1 next-20230915]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url: https://github.com/intel-lab-lkp/linux/commits/Luiz-Augusto-von-Dentz/Bluetooth-hci_codec-Fix-leaking-content-of-local_codecs/20230916-075018
base: linus/master
patch link: https://lore.kernel.org/r/20230915234742.3739283-1-luiz.dentz%40gmail.com
patch subject: [PATCH v3 1/2] Bluetooth: hci_core: Fix build warnings
config: parisc-randconfig-002-20230916 (https://download.01.org/0day-ci/archive/20230916/[email protected]/config)
compiler: hppa-linux-gcc (GCC) 13.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20230916/[email protected]/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <[email protected]>
| Closes: https://lore.kernel.org/oe-kbuild-all/[email protected]/

All warnings (new ones prefixed by >>):

net/bluetooth/hci_event.c: In function 'hci_cc_read_class_of_dev':
>> net/bluetooth/hci_event.c:521:9: warning: 'memcpy' writing 3 bytes into a region of size 0 overflows the destination [-Wstringop-overflow=]
521 | memcpy(hdev->dev_class, rp->dev_class, 3);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: note: destination object is likely at address zero


vim +/memcpy +521 net/bluetooth/hci_event.c

e5b0ad69c97a04f Abhishek Pandit-Subedi 2021-03-03 510
c8992cffbe7411c Luiz Augusto von Dentz 2021-12-01 511 static u8 hci_cc_read_class_of_dev(struct hci_dev *hdev, void *data,
c8992cffbe7411c Luiz Augusto von Dentz 2021-12-01 512 struct sk_buff *skb)
a9de9248064bfc8 Marcel Holtmann 2007-10-20 513 {
c8992cffbe7411c Luiz Augusto von Dentz 2021-12-01 514 struct hci_rp_read_class_of_dev *rp = data;
e3f3a1aea8719ac Luiz Augusto von Dentz 2021-12-01 515
e3f3a1aea8719ac Luiz Augusto von Dentz 2021-12-01 516 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
a9de9248064bfc8 Marcel Holtmann 2007-10-20 517
a9de9248064bfc8 Marcel Holtmann 2007-10-20 518 if (rp->status)
c8992cffbe7411c Luiz Augusto von Dentz 2021-12-01 519 return rp->status;
a9de9248064bfc8 Marcel Holtmann 2007-10-20 520
a9de9248064bfc8 Marcel Holtmann 2007-10-20 @521 memcpy(hdev->dev_class, rp->dev_class, 3);
a9de9248064bfc8 Marcel Holtmann 2007-10-20 522
e3f3a1aea8719ac Luiz Augusto von Dentz 2021-12-01 523 bt_dev_dbg(hdev, "class 0x%.2x%.2x%.2x", hdev->dev_class[2],
e3f3a1aea8719ac Luiz Augusto von Dentz 2021-12-01 524 hdev->dev_class[1], hdev->dev_class[0]);
c8992cffbe7411c Luiz Augusto von Dentz 2021-12-01 525
c8992cffbe7411c Luiz Augusto von Dentz 2021-12-01 526 return rp->status;
a9de9248064bfc8 Marcel Holtmann 2007-10-20 527 }
a9de9248064bfc8 Marcel Holtmann 2007-10-20 528

--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

2023-09-18 19:15:10

by patchwork-bot+bluetooth

[permalink] [raw]
Subject: Re: [PATCH v3 1/2] Bluetooth: hci_core: Fix build warnings

Hello:

This series was applied to bluetooth/bluetooth-next.git (master)
by Luiz Augusto von Dentz <[email protected]>:

On Fri, 15 Sep 2023 16:47:41 -0700 you wrote:
> From: Luiz Augusto von Dentz <[email protected]>
>
> This fixes the following warnings:
>
> net/bluetooth/hci_core.c: In function ‘hci_register_dev’:
> net/bluetooth/hci_core.c:2620:54: warning: ‘%d’ directive output may
> be truncated writing between 1 and 10 bytes into a region of size 5
> [-Wformat-truncation=]
> 2620 | snprintf(hdev->name, sizeof(hdev->name), "hci%d", id);
> | ^~
> net/bluetooth/hci_core.c:2620:50: note: directive argument in the range
> [0, 2147483647]
> 2620 | snprintf(hdev->name, sizeof(hdev->name), "hci%d", id);
> | ^~~~~~~
> net/bluetooth/hci_core.c:2620:9: note: ‘snprintf’ output between 5 and
> 14 bytes into a destination of size 8
> 2620 | snprintf(hdev->name, sizeof(hdev->name), "hci%d", id);
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> [...]

Here is the summary with links:
- [v3,1/2] Bluetooth: hci_core: Fix build warnings
https://git.kernel.org/bluetooth/bluetooth-next/c/0e2bdaccb10a
- [v3,2/2] Bluetooth: hci_codec: Fix leaking content of local_codecs
https://git.kernel.org/bluetooth/bluetooth-next/c/67e19b75b662

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html