| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202209271905.QsqJ4LF2-lkp@intel.com>
Date: Tue, 27 Sep 2022 19:26:28 +0800
From: kernel test robot <lkp@...el.com>
To: Sungwoo Kim <iam@...g-woo.kim>
Cc: llvm@...ts.linux.dev, kbuild-all@...ts.01.org,
syzkaller@...glegroups.com, Sungwoo Kim <iam@...g-woo.kim>,
Marcel Holtmann <marcel@...tmann.org>,
Johan Hedberg <johan.hedberg@...il.com>,
Luiz Augusto von Dentz <luiz.dentz@...il.com>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>,
linux-bluetooth@...r.kernel.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Bluetooth: L2CAP: fix an illegal state transition from
BT_DISCONN
Hi Sungwoo,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on bluetooth/master]
[also build test WARNING on bluetooth-next/master linus/master v6.0-rc7 next-20220923]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Sungwoo-Kim/Bluetooth-L2CAP-fix-an-illegal-state-transition-from-BT_DISCONN/20220927-100055
base: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth.git master
config: i386-randconfig-a011-20220926
compiler: clang version 14.0.6 (https://github.com/llvm/llvm-project f28c006a5895fc0e329fe15fead81e37457cb1d1)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/intel-lab-lkp/linux/commit/c033280cb0996b25511763ada18ac95fa544219f
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Sungwoo-Kim/Bluetooth-L2CAP-fix-an-illegal-state-transition-from-BT_DISCONN/20220927-100055
git checkout c033280cb0996b25511763ada18ac95fa544219f
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=i386 SHELL=/bin/bash net/bluetooth/
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@...el.com>
All warnings (new ones prefixed by >>):
>> net/bluetooth/l2cap_core.c:4310:6: warning: variable 'err' is used uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized]
if (chan->state == BT_DISCONN)
^~~~~~~~~~~~~~~~~~~~~~~~~
net/bluetooth/l2cap_core.c:4346:9: note: uninitialized use occurs here
return err;
^~~
net/bluetooth/l2cap_core.c:4310:2: note: remove the 'if' if its condition is always false
if (chan->state == BT_DISCONN)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/bluetooth/l2cap_core.c:4281:9: note: initialize the variable 'err' to silence this warning
int err;
^
= 0
1 warning generated.
vim +4310 net/bluetooth/l2cap_core.c
4272
4273 static int l2cap_connect_create_rsp(struct l2cap_conn *conn,
4274 struct l2cap_cmd_hdr *cmd, u16 cmd_len,
4275 u8 *data)
4276 {
4277 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
4278 u16 scid, dcid, result, status;
4279 struct l2cap_chan *chan;
4280 u8 req[128];
4281 int err;
4282
4283 if (cmd_len < sizeof(*rsp))
4284 return -EPROTO;
4285
4286 scid = __le16_to_cpu(rsp->scid);
4287 dcid = __le16_to_cpu(rsp->dcid);
4288 result = __le16_to_cpu(rsp->result);
4289 status = __le16_to_cpu(rsp->status);
4290
4291 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x",
4292 dcid, scid, result, status);
4293
4294 mutex_lock(&conn->chan_lock);
4295
4296 if (scid) {
4297 chan = __l2cap_get_chan_by_scid(conn, scid);
4298 if (!chan) {
4299 err = -EBADSLT;
4300 goto unlock;
4301 }
4302 } else {
4303 chan = __l2cap_get_chan_by_ident(conn, cmd->ident);
4304 if (!chan) {
4305 err = -EBADSLT;
4306 goto unlock;
4307 }
4308 }
4309
> 4310 if (chan->state == BT_DISCONN)
4311 goto unlock;
4312
4313 err = 0;
4314
4315 l2cap_chan_lock(chan);
4316
4317 switch (result) {
4318 case L2CAP_CR_SUCCESS:
4319 l2cap_state_change(chan, BT_CONFIG);
4320 chan->ident = 0;
4321 chan->dcid = dcid;
4322 clear_bit(CONF_CONNECT_PEND, &chan->conf_state);
4323
4324 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
4325 break;
4326
4327 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
4328 l2cap_build_conf_req(chan, req, sizeof(req)), req);
4329 chan->num_conf_req++;
4330 break;
4331
4332 case L2CAP_CR_PEND:
4333 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
4334 break;
4335
4336 default:
4337 l2cap_chan_del(chan, ECONNREFUSED);
4338 break;
4339 }
4340
4341 l2cap_chan_unlock(chan);
4342
4343 unlock:
4344 mutex_unlock(&conn->chan_lock);
4345
4346 return err;
4347 }
4348
--
0-DAY CI Kernel Test Service
https://01.org/lkp
View attachment "config" of type "text/plain" (147927 bytes)
Powered by blists - more mailing lists