[PATCH] Bluetooth: hci_event: shut up a false-positive warning

[PATCH] Bluetooth: hci_event: shut up a false-positive warning

[Arnd Bergmann]

From: Arnd Bergmann <arnd@arndb.de>

Turning on -Wstringop-overflow globally exposed a misleading compiler
warning in bluetooth:

net/bluetooth/hci_event.c: In function 'hci_cc_read_class_of_dev':
net/bluetooth/hci_event.c:524:9: error: 'memcpy' writing 3 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=]
  524 |         memcpy(hdev->dev_class, rp->dev_class, 3);
      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The problem here is the check for hdev being NULL in bt_dev_dbg() that
leads the compiler to conclude that hdev->dev_class might be an invalid
pointer access.

Add another explicit check for the same condition to make sure gcc sees
this cannot happen.

Fixes: a9de9248064b ("[Bluetooth] Switch from OGF+OCF to using only opcodes")
Fixes: 1b56c90018f0 ("Makefile: Enable -Wstringop-overflow globally")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
 net/bluetooth/hci_event.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 5b6fd625fc09..5651e96e78da 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -516,6 +516,9 @@ static u8 hci_cc_read_class_of_dev(struct hci_dev *hdev, void *data,
 {
 	struct hci_rp_read_class_of_dev *rp = data;
 
+	if (WARN_ON(!hdev))
+		return -ENXIO;
+
 	bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
 
 	if (rp->status)
-- 
2.39.2

RE: Bluetooth: hci_event: shut up a false-positive warning

[bluez.test.bot]

[-- Attachment #1: Type: text/plain, Size: 2506 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=803455

---Test result---

Test Summary:
CheckPatch                    PASS      0.49 seconds
GitLint                       FAIL      0.55 seconds
SubjectPrefix                 PASS      0.10 seconds
BuildKernel                   PASS      27.95 seconds
CheckAllWarning               PASS      30.80 seconds
CheckSparse                   WARNING   36.13 seconds
CheckSmatch                   WARNING   99.31 seconds
BuildKernel32                 PASS      27.12 seconds
TestRunnerSetup               PASS      418.45 seconds
TestRunner_l2cap-tester       PASS      22.80 seconds
TestRunner_iso-tester         PASS      44.52 seconds
TestRunner_bnep-tester        PASS      7.03 seconds
TestRunner_mgmt-tester        PASS      162.09 seconds
TestRunner_rfcomm-tester      PASS      10.98 seconds
TestRunner_sco-tester         PASS      14.46 seconds
TestRunner_ioctl-tester       PASS      12.36 seconds
TestRunner_mesh-tester        PASS      9.12 seconds
TestRunner_smp-tester         PASS      9.84 seconds
TestRunner_userchan-tester    PASS      7.45 seconds
IncrementalBuild              PASS      25.87 seconds

Details
##############################
Test: GitLint - FAIL
Desc: Run gitlint
Output:
Bluetooth: hci_event: shut up a false-positive warning

WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search
9: B1 Line exceeds max length (143>80): "net/bluetooth/hci_event.c:524:9: error: 'memcpy' writing 3 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=]"
##############################
Test: CheckSparse - WARNING
Desc: Run sparse tool with linux kernel
Output:
net/bluetooth/hci_event.c: note: in included file (through include/net/bluetooth/hci_core.h):
##############################
Test: CheckSmatch - WARNING
Desc: Run smatch tool with source
Output:
net/bluetooth/hci_event.c: note: in included file (through include/net/bluetooth/hci_core.h):


---
Regards,
Linux Bluetooth

Re: [PATCH] Bluetooth: hci_event: shut up a false-positive warning

[kernel test robot]

Hi Arnd,

kernel test robot noticed the following build warnings:

url:    https://github.com/intel-lab-lkp/linux/commits/Arnd-Bergmann/Bluetooth-hci_event-shut-up-a-false-positive-warning/20231123-112143
base:   https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git master
patch link:    https://lore.kernel.org/r/20231122221805.3139482-1-arnd%40kernel.org
patch subject: [PATCH] Bluetooth: hci_event: shut up a false-positive warning
config: i386-randconfig-141-20231123 (https://download.01.org/0day-ci/archive/20231124/202311241707.qytKwxbE-lkp@intel.com/config)
compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
reproduce: (https://download.01.org/0day-ci/archive/20231124/202311241707.qytKwxbE-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <error27@gmail.com>
| Closes: https://lore.kernel.org/r/202311241707.qytKwxbE-lkp@intel.com/

New smatch warnings:
net/bluetooth/hci_event.c:520 hci_cc_read_class_of_dev() warn: signedness bug returning '(-6)'

Old smatch warnings:
net/bluetooth/hci_event.c:3278 hci_conn_request_evt() warn: variable dereferenced before check 'hdev' (see line 3268)

vim +520 net/bluetooth/hci_event.c

c8992cffbe7411 Luiz Augusto von Dentz 2021-12-01  514  static u8 hci_cc_read_class_of_dev(struct hci_dev *hdev, void *data,
c8992cffbe7411 Luiz Augusto von Dentz 2021-12-01  515  				   struct sk_buff *skb)
a9de9248064bfc Marcel Holtmann        2007-10-20  516  {
c8992cffbe7411 Luiz Augusto von Dentz 2021-12-01  517  	struct hci_rp_read_class_of_dev *rp = data;
e3f3a1aea8719a Luiz Augusto von Dentz 2021-12-01  518  
5f3aa66f201253 Arnd Bergmann          2023-11-22  519  	if (WARN_ON(!hdev))
5f3aa66f201253 Arnd Bergmann          2023-11-22 @520  		return -ENXIO;

This function returns u8.

5f3aa66f201253 Arnd Bergmann          2023-11-22  521  
e3f3a1aea8719a Luiz Augusto von Dentz 2021-12-01  522  	bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
a9de9248064bfc Marcel Holtmann        2007-10-20  523  
a9de9248064bfc Marcel Holtmann        2007-10-20  524  	if (rp->status)
c8992cffbe7411 Luiz Augusto von Dentz 2021-12-01  525  		return rp->status;
a9de9248064bfc Marcel Holtmann        2007-10-20  526  
a9de9248064bfc Marcel Holtmann        2007-10-20  527  	memcpy(hdev->dev_class, rp->dev_class, 3);
a9de9248064bfc Marcel Holtmann        2007-10-20  528  
e3f3a1aea8719a Luiz Augusto von Dentz 2021-12-01  529  	bt_dev_dbg(hdev, "class 0x%.2x%.2x%.2x", hdev->dev_class[2],
e3f3a1aea8719a Luiz Augusto von Dentz 2021-12-01  530  		   hdev->dev_class[1], hdev->dev_class[0]);
c8992cffbe7411 Luiz Augusto von Dentz 2021-12-01  531  
c8992cffbe7411 Luiz Augusto von Dentz 2021-12-01  532  	return rp->status;
a9de9248064bfc Marcel Holtmann        2007-10-20  533  }

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Re: Bluetooth: hci_event: shut up a false-positive warning

[Dan Carpenter]

On Wed, Nov 22, 2023 at 02:56:44PM -0800, bluez.test.bot@gmail.com wrote:
> This is automated email and please do not reply to this email!
> 
> Dear submitter,
> 
> Thank you for submitting the patches to the linux bluetooth mailing list.
> This is a CI test results with your patch series:
> PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=803455
> 
> ---Test result---
> 
> Test Summary:
> CheckPatch                    PASS      0.49 seconds
> GitLint                       FAIL      0.55 seconds
> SubjectPrefix                 PASS      0.10 seconds
> BuildKernel                   PASS      27.95 seconds
> CheckAllWarning               PASS      30.80 seconds
> CheckSparse                   WARNING   36.13 seconds
> CheckSmatch                   WARNING   99.31 seconds
> BuildKernel32                 PASS      27.12 seconds
> TestRunnerSetup               PASS      418.45 seconds
> TestRunner_l2cap-tester       PASS      22.80 seconds
> TestRunner_iso-tester         PASS      44.52 seconds
> TestRunner_bnep-tester        PASS      7.03 seconds
> TestRunner_mgmt-tester        PASS      162.09 seconds
> TestRunner_rfcomm-tester      PASS      10.98 seconds
> TestRunner_sco-tester         PASS      14.46 seconds
> TestRunner_ioctl-tester       PASS      12.36 seconds
> TestRunner_mesh-tester        PASS      9.12 seconds
> TestRunner_smp-tester         PASS      9.84 seconds
> TestRunner_userchan-tester    PASS      7.45 seconds
> IncrementalBuild              PASS      25.87 seconds
> 
> Details
> ##############################
> Test: GitLint - FAIL
> Desc: Run gitlint
> Output:
> Bluetooth: hci_event: shut up a false-positive warning
> 
> WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search
> 9: B1 Line exceeds max length (143>80): "net/bluetooth/hci_event.c:524:9: error: 'memcpy' writing 3 bytes into a region of size 0 overflows the destination [-Werror=stringop-overflow=]"
> ##############################
> Test: CheckSparse - WARNING
> Desc: Run sparse tool with linux kernel
> Output:
> net/bluetooth/hci_event.c: note: in included file (through include/net/bluetooth/hci_core.h):
> ##############################
> Test: CheckSmatch - WARNING
> Desc: Run smatch tool with source
> Output:
> net/bluetooth/hci_event.c: note: in included file (through include/net/bluetooth/hci_core.h):

This is a Sparse warning.  Smatch outputs to stdout.

regards,
dan carpenter