* [PATCH 1/1] Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend [not found] <cover.1779634468.git.xuyq21@lenovo.com> @ 2026-05-29 8:54 ` Ren Wei 2026-05-29 12:29 ` [1/1] " bluez.test.bot 2026-05-29 15:50 ` [PATCH 1/1] " patchwork-bot+bluetooth 0 siblings, 2 replies; 3+ messages in thread From: Ren Wei @ 2026-05-29 8:54 UTC (permalink / raw) To: linux-bluetooth Cc: marcel, luiz.dentz, yuantan098, zcliangcn, bird, xuyq21, n05ec From: Yuqi Xu <xuyq21@lenovo.com> Existing advertising instances can already hold the maximum extended advertising payload. When hci_adv_bcast_annoucement() prepends the Broadcast Announcement service data to that payload, the combined data may no longer fit in the temporary buffer used to rebuild the advertising data. Reject that case before copying the existing payload and report the failure through the device log. This keeps the existing advertising data intact and avoids overrunning the temporary buffer. Fixes: 5725bc608252 ("Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance") Cc: stable@kernel.org Reported-by: Yuan Tan <yuantan098@gmail.com> Reported-by: Zhengchuan Liang <zcliangcn@gmail.com> Reported-by: Xin Liu <bird@lzu.edu.cn> Assisted-by: Codex:GPT-5.4 Signed-off-by: Yuqi Xu <xuyq21@lenovo.com> Signed-off-by: Ren Wei <n05ec@lzu.edu.cn> --- net/bluetooth/hci_sync.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/bluetooth/hci_sync.c b/net/bluetooth/hci_sync.c index fd3aacdea512..7cf37749ebaa 100644 --- a/net/bluetooth/hci_sync.c +++ b/net/bluetooth/hci_sync.c @@ -1725,6 +1725,11 @@ static int hci_adv_bcast_annoucement(struct hci_dev *hdev, struct adv_info *adv) /* Generate Broadcast ID */ get_random_bytes(bid, sizeof(bid)); len = eir_append_service_data(ad, 0, 0x1852, bid, sizeof(bid)); + if (adv->adv_data_len > sizeof(ad) - len) { + bt_dev_err(hdev, "No room for Broadcast Announcement"); + return -EINVAL; + } + memcpy(ad + len, adv->adv_data, adv->adv_data_len); hci_set_adv_instance_data(hdev, adv->instance, len + adv->adv_data_len, ad, 0, NULL); -- 2.54.0 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* RE: [1/1] Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend 2026-05-29 8:54 ` [PATCH 1/1] Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend Ren Wei @ 2026-05-29 12:29 ` bluez.test.bot 2026-05-29 15:50 ` [PATCH 1/1] " patchwork-bot+bluetooth 1 sibling, 0 replies; 3+ messages in thread From: bluez.test.bot @ 2026-05-29 12:29 UTC (permalink / raw) To: linux-bluetooth, n05ec [-- Attachment #1: Type: text/plain, Size: 3369 bytes --] This is automated email and please do not reply to this email! Dear submitter, Thank you for submitting the patches to the linux bluetooth mailing list. This is a CI test results with your patch series: PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1102742 ---Test result--- Test Summary: CheckPatch FAIL 0.73 seconds VerifyFixes PASS 0.13 seconds VerifySignedoff PASS 0.13 seconds GitLint PASS 0.33 seconds SubjectPrefix PASS 0.13 seconds BuildKernel PASS 25.45 seconds CheckAllWarning PASS 28.02 seconds CheckSparse PASS 26.96 seconds BuildKernel32 PASS 24.84 seconds TestRunnerSetup PASS 525.00 seconds TestRunner_l2cap-tester PASS 58.33 seconds TestRunner_iso-tester PASS 78.65 seconds TestRunner_bnep-tester PASS 18.91 seconds TestRunner_mgmt-tester FAIL 209.39 seconds TestRunner_rfcomm-tester PASS 25.43 seconds TestRunner_sco-tester PASS 32.59 seconds TestRunner_ioctl-tester PASS 25.65 seconds TestRunner_mesh-tester FAIL 26.60 seconds TestRunner_smp-tester PASS 23.35 seconds TestRunner_userchan-tester PASS 19.80 seconds TestRunner_6lowpan-tester PASS 22.87 seconds IncrementalBuild PASS 23.48 seconds Details ############################## Test: CheckPatch - FAIL Desc: Run checkpatch.pl script Output: [1/1] Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend WARNING: Reported-by: should be immediately followed by Closes: with a URL to the report #89: Reported-by: Yuan Tan <yuantan098@gmail.com> Reported-by: Zhengchuan Liang <zcliangcn@gmail.com> WARNING: Reported-by: should be immediately followed by Closes: with a URL to the report #90: Reported-by: Zhengchuan Liang <zcliangcn@gmail.com> Reported-by: Xin Liu <bird@lzu.edu.cn> WARNING: Reported-by: should be immediately followed by Closes: with a URL to the report #91: Reported-by: Xin Liu <bird@lzu.edu.cn> Assisted-by: Codex:GPT-5.4 total: 0 errors, 3 warnings, 0 checks, 11 lines checked NOTE: For some of the reported defects, checkpatch may be able to mechanically convert to the typical style using --fix or --fix-inplace. /github/workspace/src/patch/14600598.patch has style problems, please review. NOTE: Ignored message types: UNKNOWN_COMMIT_ID NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. ############################## Test: TestRunner_mgmt-tester - FAIL Desc: Run mgmt-tester with test-runner Output: Total: 494, Passed: 489 (99.0%), Failed: 1, Not Run: 4 Failed Test Cases Read Exp Feature - Success Failed 0.238 seconds ############################## Test: TestRunner_mesh-tester - FAIL Desc: Run mesh-tester with test-runner Output: Total: 10, Passed: 8 (80.0%), Failed: 2, Not Run: 0 Failed Test Cases Mesh - Send cancel - 1 Timed out 2.580 seconds Mesh - Send cancel - 2 Timed out 1.989 seconds https://github.com/bluez/bluetooth-next/pull/254 --- Regards, Linux Bluetooth ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH 1/1] Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend 2026-05-29 8:54 ` [PATCH 1/1] Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend Ren Wei 2026-05-29 12:29 ` [1/1] " bluez.test.bot @ 2026-05-29 15:50 ` patchwork-bot+bluetooth 1 sibling, 0 replies; 3+ messages in thread From: patchwork-bot+bluetooth @ 2026-05-29 15:50 UTC (permalink / raw) To: Ren Wei Cc: linux-bluetooth, marcel, luiz.dentz, yuantan098, zcliangcn, bird, xuyq21 Hello: This patch was applied to bluetooth/bluetooth-next.git (master) by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>: On Fri, 29 May 2026 16:54:23 +0800 you wrote: > From: Yuqi Xu <xuyq21@lenovo.com> > > Existing advertising instances can already hold the maximum extended > advertising payload. When hci_adv_bcast_annoucement() prepends the > Broadcast Announcement service data to that payload, the combined data > may no longer fit in the temporary buffer used to rebuild the > advertising data. > > [...] Here is the summary with links: - [1/1] Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend https://git.kernel.org/bluetooth/bluetooth-next/c/0bc614e5e938 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-05-29 15:50 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <cover.1779634468.git.xuyq21@lenovo.com>
2026-05-29 8:54 ` [PATCH 1/1] Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend Ren Wei
2026-05-29 12:29 ` [1/1] " bluez.test.bot
2026-05-29 15:50 ` [PATCH 1/1] " patchwork-bot+bluetooth
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox