From: Arnd Bergmann <[email protected]>
Turning on -Wstringop-overflow globally exposed a misleading compiler
warning in bluetooth:
net/bluetooth/hci_event.c: In function 'hci_cc_read_class_of_dev':
net/bluetooth/hci_event.c:524:9: error: 'memcpy' writing 3 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=]
524 | memcpy(hdev->dev_class, rp->dev_class, 3);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The problem here is the check for hdev being NULL in bt_dev_dbg() that
leads the compiler to conclude that hdev->dev_class might be an invalid
pointer access.
Add another explicit check for the same condition to make sure gcc sees
this cannot happen.
Fixes: a9de9248064b ("[Bluetooth] Switch from OGF+OCF to using only opcodes")
Fixes: 1b56c90018f0 ("Makefile: Enable -Wstringop-overflow globally")
Signed-off-by: Arnd Bergmann <[email protected]>
---
net/bluetooth/hci_event.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 5b6fd625fc09..5651e96e78da 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -516,6 +516,9 @@ static u8 hci_cc_read_class_of_dev(struct hci_dev *hdev, void *data,
{
struct hci_rp_read_class_of_dev *rp = data;
+ if (WARN_ON(!hdev))
+ return -ENXIO;
+
bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
if (rp->status)
--
2.39.2
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=803455
---Test result---
Test Summary:
CheckPatch PASS 0.49 seconds
GitLint FAIL 0.55 seconds
SubjectPrefix PASS 0.10 seconds
BuildKernel PASS 27.95 seconds
CheckAllWarning PASS 30.80 seconds
CheckSparse WARNING 36.13 seconds
CheckSmatch WARNING 99.31 seconds
BuildKernel32 PASS 27.12 seconds
TestRunnerSetup PASS 418.45 seconds
TestRunner_l2cap-tester PASS 22.80 seconds
TestRunner_iso-tester PASS 44.52 seconds
TestRunner_bnep-tester PASS 7.03 seconds
TestRunner_mgmt-tester PASS 162.09 seconds
TestRunner_rfcomm-tester PASS 10.98 seconds
TestRunner_sco-tester PASS 14.46 seconds
TestRunner_ioctl-tester PASS 12.36 seconds
TestRunner_mesh-tester PASS 9.12 seconds
TestRunner_smp-tester PASS 9.84 seconds
TestRunner_userchan-tester PASS 7.45 seconds
IncrementalBuild PASS 25.87 seconds
Details
##############################
Test: GitLint - FAIL
Desc: Run gitlint
Output:
Bluetooth: hci_event: shut up a false-positive warning
WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search
9: B1 Line exceeds max length (143>80): "net/bluetooth/hci_event.c:524:9: error: 'memcpy' writing 3 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=]"
##############################
Test: CheckSparse - WARNING
Desc: Run sparse tool with linux kernel
Output:
net/bluetooth/hci_event.c: note: in included file (through include/net/bluetooth/hci_core.h):
##############################
Test: CheckSmatch - WARNING
Desc: Run smatch tool with source
Output:
net/bluetooth/hci_event.c: note: in included file (through include/net/bluetooth/hci_core.h):
---
Regards,
Linux Bluetooth
Hi Arnd,
kernel test robot noticed the following build warnings:
url: https://github.com/intel-lab-lkp/linux/commits/Arnd-Bergmann/Bluetooth-hci_event-shut-up-a-false-positive-warning/20231123-112143
base: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git master
patch link: https://lore.kernel.org/r/20231122221805.3139482-1-arnd%40kernel.org
patch subject: [PATCH] Bluetooth: hci_event: shut up a false-positive warning
config: i386-randconfig-141-20231123 (https://download.01.org/0day-ci/archive/20231124/[email protected]/config)
compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
reproduce: (https://download.01.org/0day-ci/archive/20231124/[email protected]/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <[email protected]>
| Reported-by: Dan Carpenter <[email protected]>
| Closes: https://lore.kernel.org/r/[email protected]/
New smatch warnings:
net/bluetooth/hci_event.c:520 hci_cc_read_class_of_dev() warn: signedness bug returning '(-6)'
Old smatch warnings:
net/bluetooth/hci_event.c:3278 hci_conn_request_evt() warn: variable dereferenced before check 'hdev' (see line 3268)
vim +520 net/bluetooth/hci_event.c
c8992cffbe7411 Luiz Augusto von Dentz 2021-12-01 514 static u8 hci_cc_read_class_of_dev(struct hci_dev *hdev, void *data,
c8992cffbe7411 Luiz Augusto von Dentz 2021-12-01 515 struct sk_buff *skb)
a9de9248064bfc Marcel Holtmann 2007-10-20 516 {
c8992cffbe7411 Luiz Augusto von Dentz 2021-12-01 517 struct hci_rp_read_class_of_dev *rp = data;
e3f3a1aea8719a Luiz Augusto von Dentz 2021-12-01 518
5f3aa66f201253 Arnd Bergmann 2023-11-22 519 if (WARN_ON(!hdev))
5f3aa66f201253 Arnd Bergmann 2023-11-22 @520 return -ENXIO;
This function returns u8.
5f3aa66f201253 Arnd Bergmann 2023-11-22 521
e3f3a1aea8719a Luiz Augusto von Dentz 2021-12-01 522 bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
a9de9248064bfc Marcel Holtmann 2007-10-20 523
a9de9248064bfc Marcel Holtmann 2007-10-20 524 if (rp->status)
c8992cffbe7411 Luiz Augusto von Dentz 2021-12-01 525 return rp->status;
a9de9248064bfc Marcel Holtmann 2007-10-20 526
a9de9248064bfc Marcel Holtmann 2007-10-20 527 memcpy(hdev->dev_class, rp->dev_class, 3);
a9de9248064bfc Marcel Holtmann 2007-10-20 528
e3f3a1aea8719a Luiz Augusto von Dentz 2021-12-01 529 bt_dev_dbg(hdev, "class 0x%.2x%.2x%.2x", hdev->dev_class[2],
e3f3a1aea8719a Luiz Augusto von Dentz 2021-12-01 530 hdev->dev_class[1], hdev->dev_class[0]);
c8992cffbe7411 Luiz Augusto von Dentz 2021-12-01 531
c8992cffbe7411 Luiz Augusto von Dentz 2021-12-01 532 return rp->status;
a9de9248064bfc Marcel Holtmann 2007-10-20 533 }
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
On Wed, Nov 22, 2023 at 02:56:44PM -0800, [email protected] wrote:
> This is automated email and please do not reply to this email!
>
> Dear submitter,
>
> Thank you for submitting the patches to the linux bluetooth mailing list.
> This is a CI test results with your patch series:
> PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=803455
>
> ---Test result---
>
> Test Summary:
> CheckPatch PASS 0.49 seconds
> GitLint FAIL 0.55 seconds
> SubjectPrefix PASS 0.10 seconds
> BuildKernel PASS 27.95 seconds
> CheckAllWarning PASS 30.80 seconds
> CheckSparse WARNING 36.13 seconds
> CheckSmatch WARNING 99.31 seconds
> BuildKernel32 PASS 27.12 seconds
> TestRunnerSetup PASS 418.45 seconds
> TestRunner_l2cap-tester PASS 22.80 seconds
> TestRunner_iso-tester PASS 44.52 seconds
> TestRunner_bnep-tester PASS 7.03 seconds
> TestRunner_mgmt-tester PASS 162.09 seconds
> TestRunner_rfcomm-tester PASS 10.98 seconds
> TestRunner_sco-tester PASS 14.46 seconds
> TestRunner_ioctl-tester PASS 12.36 seconds
> TestRunner_mesh-tester PASS 9.12 seconds
> TestRunner_smp-tester PASS 9.84 seconds
> TestRunner_userchan-tester PASS 7.45 seconds
> IncrementalBuild PASS 25.87 seconds
>
> Details
> ##############################
> Test: GitLint - FAIL
> Desc: Run gitlint
> Output:
> Bluetooth: hci_event: shut up a false-positive warning
>
> WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search
> 9: B1 Line exceeds max length (143>80): "net/bluetooth/hci_event.c:524:9: error: 'memcpy' writing 3 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=]"
> ##############################
> Test: CheckSparse - WARNING
> Desc: Run sparse tool with linux kernel
> Output:
> net/bluetooth/hci_event.c: note: in included file (through include/net/bluetooth/hci_core.h):
> ##############################
> Test: CheckSmatch - WARNING
> Desc: Run smatch tool with source
> Output:
> net/bluetooth/hci_event.c: note: in included file (through include/net/bluetooth/hci_core.h):
This is a Sparse warning. Smatch outputs to stdout.
regards,
dan carpenter