* [PATCH BlueZ 1/2] shared/uhid.c: Fix 32-bit integer truncation
@ 2025-10-17 1:57 Andrey Smirnov
2025-10-17 1:57 ` [PATCH BlueZ 2/2] hog-lib: " Andrey Smirnov
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Andrey Smirnov @ 2025-10-17 1:57 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Andrey Smirnov, Luiz Augusto von Dentz
Id paramter given to bt_uhid_set_report_reply() and
bt_uhid_get_report_reply() corresponds to a 32-bit tag value passed to
us from the kernel side of UHID. Specifying this parameter as uint8_t
breaks the synchronization after 255 request and renders the attached
BLE device inoperable.
Fixes: 92ed637ab2bc ("shared/uhid: Add dedicated functions for each UHID opcode")
Cc: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
---
src/shared/uhid.c | 4 ++--
src/shared/uhid.h | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/shared/uhid.c b/src/shared/uhid.c
index 20bd26781..207afa55e 100644
--- a/src/shared/uhid.c
+++ b/src/shared/uhid.c
@@ -495,7 +495,7 @@ int bt_uhid_input(struct bt_uhid *uhid, uint8_t number, const void *data,
return bt_uhid_send(uhid, &ev);
}
-int bt_uhid_set_report_reply(struct bt_uhid *uhid, uint8_t id, uint8_t status)
+int bt_uhid_set_report_reply(struct bt_uhid *uhid, uint32_t id, uint8_t status)
{
struct uhid_event ev;
struct uhid_set_report_reply_req *rsp = &ev.u.set_report_reply;
@@ -514,7 +514,7 @@ int bt_uhid_set_report_reply(struct bt_uhid *uhid, uint8_t id, uint8_t status)
return bt_uhid_send(uhid, &ev);
}
-int bt_uhid_get_report_reply(struct bt_uhid *uhid, uint8_t id, uint8_t number,
+int bt_uhid_get_report_reply(struct bt_uhid *uhid, uint32_t id, uint8_t number,
uint8_t status, const void *data, size_t size)
{
struct uhid_event ev;
diff --git a/src/shared/uhid.h b/src/shared/uhid.h
index e76a6e22b..be180297b 100644
--- a/src/shared/uhid.h
+++ b/src/shared/uhid.h
@@ -63,8 +63,8 @@ bool bt_uhid_created(struct bt_uhid *uhid);
bool bt_uhid_started(struct bt_uhid *uhid);
int bt_uhid_input(struct bt_uhid *uhid, uint8_t number, const void *data,
size_t size);
-int bt_uhid_set_report_reply(struct bt_uhid *uhid, uint8_t id, uint8_t status);
-int bt_uhid_get_report_reply(struct bt_uhid *uhid, uint8_t id, uint8_t number,
+int bt_uhid_set_report_reply(struct bt_uhid *uhid, uint32_t id, uint8_t status);
+int bt_uhid_get_report_reply(struct bt_uhid *uhid, uint32_t id, uint8_t number,
uint8_t status, const void *data, size_t size);
int bt_uhid_destroy(struct bt_uhid *uhid, bool force);
int bt_uhid_replay(struct bt_uhid *uhid);
--
2.43.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH BlueZ 2/2] hog-lib: Fix 32-bit integer truncation
2025-10-17 1:57 [PATCH BlueZ 1/2] shared/uhid.c: Fix 32-bit integer truncation Andrey Smirnov
@ 2025-10-17 1:57 ` Andrey Smirnov
2025-10-17 3:30 ` [BlueZ,1/2] shared/uhid.c: " bluez.test.bot
2025-10-20 13:20 ` [PATCH BlueZ 1/2] " patchwork-bot+bluetooth
2 siblings, 0 replies; 4+ messages in thread
From: Andrey Smirnov @ 2025-10-17 1:57 UTC (permalink / raw)
To: linux-bluetooth; +Cc: Andrey Smirnov, Luiz Augusto von Dentz
Id paramter stored in getrep_id and setrep_id corresponds to a 32-bit
tag value passed to us from the kernel side of UHID. Specifying this
parameter as uint16_t breaks the synchronization after 65536 request
and renders the attached BLE device inoperable.
Fixes: cdddd7e69e06 ("android/hog: implement get_report functionality")
Fixes: 83ed02d06fca ("android/hog: Implement set_report functionality")
Cc: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
---
profiles/input/hog-lib.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/profiles/input/hog-lib.c b/profiles/input/hog-lib.c
index 860c6e32d..70a1bdcbf 100644
--- a/profiles/input/hog-lib.c
+++ b/profiles/input/hog-lib.c
@@ -87,9 +87,9 @@ struct bt_hog {
uint16_t ctrlpt_handle;
uint8_t flags;
unsigned int getrep_att;
- uint16_t getrep_id;
+ uint32_t getrep_id;
unsigned int setrep_att;
- uint16_t setrep_id;
+ uint32_t setrep_id;
unsigned int report_map_id;
struct bt_scpp *scpp;
struct bt_dis *dis;
--
2.43.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* RE: [BlueZ,1/2] shared/uhid.c: Fix 32-bit integer truncation
2025-10-17 1:57 [PATCH BlueZ 1/2] shared/uhid.c: Fix 32-bit integer truncation Andrey Smirnov
2025-10-17 1:57 ` [PATCH BlueZ 2/2] hog-lib: " Andrey Smirnov
@ 2025-10-17 3:30 ` bluez.test.bot
2025-10-20 13:20 ` [PATCH BlueZ 1/2] " patchwork-bot+bluetooth
2 siblings, 0 replies; 4+ messages in thread
From: bluez.test.bot @ 2025-10-17 3:30 UTC (permalink / raw)
To: linux-bluetooth, andrew.smirnov
[-- Attachment #1: Type: text/plain, Size: 1262 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1012592
---Test result---
Test Summary:
CheckPatch PENDING 0.22 seconds
GitLint PENDING 0.29 seconds
BuildEll PASS 20.16 seconds
BluezMake PASS 2607.85 seconds
MakeCheck PASS 20.61 seconds
MakeDistcheck PASS 186.94 seconds
CheckValgrind PASS 240.86 seconds
CheckSmatch PASS 309.19 seconds
bluezmakeextell PASS 131.24 seconds
IncrementalBuild PENDING 0.29 seconds
ScanBuild PASS 929.03 seconds
Details
##############################
Test: CheckPatch - PENDING
Desc: Run checkpatch.pl script
Output:
##############################
Test: GitLint - PENDING
Desc: Run gitlint
Output:
##############################
Test: IncrementalBuild - PENDING
Desc: Incremental build with the patches in the series
Output:
---
Regards,
Linux Bluetooth
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH BlueZ 1/2] shared/uhid.c: Fix 32-bit integer truncation
2025-10-17 1:57 [PATCH BlueZ 1/2] shared/uhid.c: Fix 32-bit integer truncation Andrey Smirnov
2025-10-17 1:57 ` [PATCH BlueZ 2/2] hog-lib: " Andrey Smirnov
2025-10-17 3:30 ` [BlueZ,1/2] shared/uhid.c: " bluez.test.bot
@ 2025-10-20 13:20 ` patchwork-bot+bluetooth
2 siblings, 0 replies; 4+ messages in thread
From: patchwork-bot+bluetooth @ 2025-10-20 13:20 UTC (permalink / raw)
To: Andrey Smirnov; +Cc: linux-bluetooth, luiz.von.dentz
Hello:
This series was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>:
On Thu, 16 Oct 2025 18:57:58 -0700 you wrote:
> Id paramter given to bt_uhid_set_report_reply() and
> bt_uhid_get_report_reply() corresponds to a 32-bit tag value passed to
> us from the kernel side of UHID. Specifying this parameter as uint8_t
> breaks the synchronization after 255 request and renders the attached
> BLE device inoperable.
>
> Fixes: 92ed637ab2bc ("shared/uhid: Add dedicated functions for each UHID opcode")
> Cc: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
>
> [...]
Here is the summary with links:
- [BlueZ,1/2] shared/uhid.c: Fix 32-bit integer truncation
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=c2d072641aa9
- [BlueZ,2/2] hog-lib: Fix 32-bit integer truncation
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=50487180813d
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-10-20 13:20 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-10-17 1:57 [PATCH BlueZ 1/2] shared/uhid.c: Fix 32-bit integer truncation Andrey Smirnov
2025-10-17 1:57 ` [PATCH BlueZ 2/2] hog-lib: " Andrey Smirnov
2025-10-17 3:30 ` [BlueZ,1/2] shared/uhid.c: " bluez.test.bot
2025-10-20 13:20 ` [PATCH BlueZ 1/2] " patchwork-bot+bluetooth
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox