* [PATCH] Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
@ 2022-08-01 21:06 Luiz Augusto von Dentz
2022-08-01 21:46 ` bluez.test.bot
2022-08-01 22:21 ` [PATCH] " kernel test robot
0 siblings, 2 replies; 4+ messages in thread
From: Luiz Augusto von Dentz @ 2022-08-01 21:06 UTC (permalink / raw)
To: linux-bluetooth
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
The patch d0be8347c623: "Bluetooth: L2CAP: Fix use-after-free caused
by l2cap_chan_put" from Jul 21, 2022, leads to the following Smatch
static checker warning:
net/bluetooth/l2cap_core.c:1977 l2cap_global_chan_by_psm()
error: we previously assumed 'c' could be null (see line 1996)
Fixes: d0be8347c623: "Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put"
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
---
net/bluetooth/l2cap_core.c | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 52668662ae8d..f18d0c72713f 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -1969,11 +1969,11 @@ static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm,
bdaddr_t *dst,
u8 link_type)
{
- struct l2cap_chan *c, *c1 = NULL;
+ struct l2cap_chan *c, *tmp, *c1 = NULL;
read_lock(&chan_list_lock);
- list_for_each_entry(c, &chan_list, global_l) {
+ list_for_each_entry_safe(c, tmp, &chan_list, global_l) {
if (state && c->state != state)
continue;
@@ -1992,11 +1992,10 @@ static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm,
dst_match = !bacmp(&c->dst, dst);
if (src_match && dst_match) {
c = l2cap_chan_hold_unless_zero(c);
- if (!c)
- continue;
-
- read_unlock(&chan_list_lock);
- return c;
+ if (c) {
+ read_unlock(&chan_list_lock);
+ return c;
+ }
}
/* Closest match */
--
2.37.1
^ permalink raw reply related [flat|nested] 4+ messages in thread* RE: Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
2022-08-01 21:06 [PATCH] Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression Luiz Augusto von Dentz
@ 2022-08-01 21:46 ` bluez.test.bot
2022-08-01 22:21 ` [PATCH] " kernel test robot
1 sibling, 0 replies; 4+ messages in thread
From: bluez.test.bot @ 2022-08-01 21:46 UTC (permalink / raw)
To: linux-bluetooth, luiz.dentz
[-- Attachment #1: Type: text/plain, Size: 555 bytes --]
This is an automated email and please do not reply to this email.
Dear Submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
While preparing the CI tests, the patches you submitted couldn't be applied to the current HEAD of the repository.
----- Output -----
error: patch failed: net/bluetooth/l2cap_core.c:1992
error: net/bluetooth/l2cap_core.c: patch does not apply
hint: Use 'git am --show-current-patch' to see the failed patch
Please resolve the issue and submit the patches again.
---
Regards,
Linux Bluetooth
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
2022-08-01 21:06 [PATCH] Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression Luiz Augusto von Dentz
2022-08-01 21:46 ` bluez.test.bot
@ 2022-08-01 22:21 ` kernel test robot
1 sibling, 0 replies; 4+ messages in thread
From: kernel test robot @ 2022-08-01 22:21 UTC (permalink / raw)
To: Luiz Augusto von Dentz, linux-bluetooth; +Cc: kbuild-all
Hi Luiz,
I love your patch! Perhaps something to improve:
[auto build test WARNING on bluetooth-next/master]
[also build test WARNING on bluetooth/master linus/master v5.19 next-20220728]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Luiz-Augusto-von-Dentz/Bluetooth-L2CAP-Fix-l2cap_global_chan_by_psm-regression/20220802-050647
base: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git master
config: parisc-randconfig-r024-20220801 (https://download.01.org/0day-ci/archive/20220802/202208020648.fs6gb987-lkp@intel.com/config)
compiler: hppa-linux-gcc (GCC) 12.1.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/intel-lab-lkp/linux/commit/075988314335917c0e43d00f6a3a8ef68963b3de
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Luiz-Augusto-von-Dentz/Bluetooth-L2CAP-Fix-l2cap_global_chan_by_psm-regression/20220802-050647
git checkout 075988314335917c0e43d00f6a3a8ef68963b3de
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross W=1 O=build_dir ARCH=parisc SHELL=/bin/bash net/bluetooth/
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>):
In file included from net/bluetooth/l2cap_core.c:37:
In function 'bacmp',
inlined from 'l2cap_global_chan_by_psm' at net/bluetooth/l2cap_core.c:2003:15:
>> include/net/bluetooth/bluetooth.h:347:16: warning: 'memcmp' specified bound 6 exceeds source size 0 [-Wstringop-overread]
347 | return memcmp(ba1, ba2, sizeof(bdaddr_t));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
vim +/memcmp +347 include/net/bluetooth/bluetooth.h
^1da177e4c3f41 Linus Torvalds 2005-04-16 343
^1da177e4c3f41 Linus Torvalds 2005-04-16 344 /* Copy, swap, convert BD Address */
f53c20e93612f7 David Herrmann 2013-04-06 345 static inline int bacmp(const bdaddr_t *ba1, const bdaddr_t *ba2)
^1da177e4c3f41 Linus Torvalds 2005-04-16 346 {
^1da177e4c3f41 Linus Torvalds 2005-04-16 @347 return memcmp(ba1, ba2, sizeof(bdaddr_t));
^1da177e4c3f41 Linus Torvalds 2005-04-16 348 }
f53c20e93612f7 David Herrmann 2013-04-06 349 static inline void bacpy(bdaddr_t *dst, const bdaddr_t *src)
^1da177e4c3f41 Linus Torvalds 2005-04-16 350 {
^1da177e4c3f41 Linus Torvalds 2005-04-16 351 memcpy(dst, src, sizeof(bdaddr_t));
^1da177e4c3f41 Linus Torvalds 2005-04-16 352 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 353
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH] Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
@ 2022-08-01 22:04 Luiz Augusto von Dentz
2022-08-01 23:07 ` bluez.test.bot
0 siblings, 1 reply; 4+ messages in thread
From: Luiz Augusto von Dentz @ 2022-08-01 22:04 UTC (permalink / raw)
To: linux-bluetooth
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
The patch d0be8347c623: "Bluetooth: L2CAP: Fix use-after-free caused
by l2cap_chan_put" from Jul 21, 2022, leads to the following Smatch
static checker warning:
net/bluetooth/l2cap_core.c:1977 l2cap_global_chan_by_psm()
error: we previously assumed 'c' could be null (see line 1996)
Fixes: d0be8347c623: "Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put"
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
---
net/bluetooth/l2cap_core.c | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 77c0aac14539..cbe0cae73434 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -1970,11 +1970,11 @@ static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm,
bdaddr_t *dst,
u8 link_type)
{
- struct l2cap_chan *c, *c1 = NULL;
+ struct l2cap_chan *c, *tmp, *c1 = NULL;
read_lock(&chan_list_lock);
- list_for_each_entry(c, &chan_list, global_l) {
+ list_for_each_entry_safe(c, tmp, &chan_list, global_l) {
if (state && c->state != state)
continue;
@@ -1993,11 +1993,10 @@ static struct l2cap_chan *l2cap_global_chan_by_psm(int state, __le16 psm,
dst_match = !bacmp(&c->dst, dst);
if (src_match && dst_match) {
c = l2cap_chan_hold_unless_zero(c);
- if (!c)
- continue;
-
- read_unlock(&chan_list_lock);
- return c;
+ if (c) {
+ read_unlock(&chan_list_lock);
+ return c;
+ }
}
/* Closest match */
--
2.37.1
^ permalink raw reply related [flat|nested] 4+ messages in thread* RE: Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
2022-08-01 22:04 Luiz Augusto von Dentz
@ 2022-08-01 23:07 ` bluez.test.bot
0 siblings, 0 replies; 4+ messages in thread
From: bluez.test.bot @ 2022-08-01 23:07 UTC (permalink / raw)
To: linux-bluetooth, luiz.dentz
[-- Attachment #1: Type: text/plain, Size: 1100 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=664631
---Test result---
Test Summary:
CheckPatch PASS 1.86 seconds
GitLint PASS 0.76 seconds
SubjectPrefix PASS 0.69 seconds
BuildKernel PASS 40.33 seconds
BuildKernel32 PASS 35.03 seconds
Incremental Build with patchesPASS 48.21 seconds
TestRunner: Setup PASS 575.07 seconds
TestRunner: l2cap-tester PASS 19.89 seconds
TestRunner: bnep-tester PASS 7.90 seconds
TestRunner: mgmt-tester PASS 118.88 seconds
TestRunner: rfcomm-tester PASS 11.58 seconds
TestRunner: sco-tester PASS 11.33 seconds
TestRunner: smp-tester PASS 10.88 seconds
TestRunner: userchan-tester PASS 7.65 seconds
---
Regards,
Linux Bluetooth
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-08-01 23:08 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-08-01 21:06 [PATCH] Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression Luiz Augusto von Dentz
2022-08-01 21:46 ` bluez.test.bot
2022-08-01 22:21 ` [PATCH] " kernel test robot
-- strict thread matches above, loose matches on Subject: below --
2022-08-01 22:04 Luiz Augusto von Dentz
2022-08-01 23:07 ` bluez.test.bot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox