| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aLNRvzXE4O9dKZoN@mozart.vkv.me>
Date: Sat, 30 Aug 2025 12:32:15 -0700
From: Calvin Owens <calvin@...nvd.org>
To: Paul Menzel <pmenzel@...gen.mpg.de>
Cc: linux-kernel@...r.kernel.org, linux-bluetooth@...r.kernel.org,
Luiz Augusto von Dentz <luiz.von.dentz@...el.com>,
oe-kbuild-all@...ts.linux.dev,
Marcel Holtmann <marcel@...tmann.org>,
Sean Wang <sean.wang@...iatek.com>,
linux-mediatek@...ts.infradead.org
Subject: Re: [PATCH] Bluetooth: btmtksdio: Fix build after header cleanup
On Saturday 08/30 at 07:11 +0200, Paul Menzel wrote:
> Dear Calvin,
>
>
> Thank you for your patch, and addressing the regression right away.
>
> Am 30.08.25 um 02:50 schrieb Calvin Owens:
> > Syzbot found a randconfig which fails after my recent patch:
> >
> > drivers/bluetooth/btmtksdio.c:442:33: error: array type has incomplete element type ‘struct h4_recv_pkt’
> > 442 | static const struct h4_recv_pkt mtk_recv_pkts[] = {
> > | ^~~~~~~~~~~~~
> > drivers/bluetooth/btmtksdio.c:443:11: error: ‘H4_RECV_ACL’ undeclared here (not in a function)
> > 443 | { H4_RECV_ACL, .recv = btmtksdio_recv_acl },
> > | ^~~~~~~~~~~
> > drivers/bluetooth/btmtksdio.c:444:11: error: ‘H4_RECV_SCO’ undeclared here (not in a function)
> > 444 | { H4_RECV_SCO, .recv = hci_recv_frame },
> > | ^~~~~~~~~~~
> > drivers/bluetooth/btmtksdio.c:445:11: error: ‘H4_RECV_EVENT’ undeclared here (not in a function)
> > 445 | { H4_RECV_EVENT, .recv = btmtksdio_recv_event },
> >
> > ...because we can have BT_MTKSDIO=y with BT_HCIUART_H4=n, and the
> > definitions used here are gated on BT_HCIUART_H4 in hci_uart.h.
>
> The drivers below seem to be affected:
>
> drivers/bluetooth/bpa10x.c: { H4_RECV_EVENT, .recv =
> hci_recv_frame },
> drivers/bluetooth/btmtksdio.c: { H4_RECV_EVENT, .recv =
> btmtksdio_recv_event },
> drivers/bluetooth/btmtkuart.c: { H4_RECV_EVENT, .recv =
> btmtkuart_recv_event },
> drivers/bluetooth/btnxpuart.c: { H4_RECV_EVENT, .recv =
> hci_recv_frame },
>
> > I think the simplest way to fix this is to remove the gate on the
> > definitions in hci_uart.h. Since the constants are macros, there's no
> > runtime cost to doing so, and nothing seems to rely on their absence in
> > the BT_HCIUART_H4=n case.
>
> Looking at the implementation, it looks like they only work with the H4
> protocol? So maybe, that should be denoted in the Kconfig files?
Thanks for looking Paul.
Yes, my fix will cause a link error with other randconfigs, which my
'make randconfig drivers/bluetooth/' test loop missed after I made the
function prototype always defined, whoops.
We do need the dependencies here, as you note. The btmtksdio case syzbot
found is the odd one out because it only uses the constants, and doesn't
call h4_recv_buf().
Hopefully this gets it all:
-----8<-----
From: Calvin Owens <calvin@...nvd.org>
Subject: [PATCH v2] Bluetooth: Fix build after header cleanup
Some Kconfig dependencies are needed after my recent cleanup, since
the core code has its own option.
Since btmtksdio does not actually call h4_recv_buf(), move the
definitions it uses outside the BT_HCIUART_H4 gate in hci_uart.h to
avoid adding a dependency for btmtksdio.
The rest I touched (bpa10x, btmtkuart, and btnxpuart) do really call
h4_recv_buf(), so the dependency is required, add it for them.
Fixes: 74bcec450eea ("Bluetooth: remove duplicate h4_recv_buf() in header")
Reported-by: kernel test robot <lkp@...el.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202508300413.OnIedvRh-lkp@intel.com/
Signed-off-by: Calvin Owens <calvin@...nvd.org>
---
drivers/bluetooth/Kconfig | 6 ++++++
drivers/bluetooth/hci_uart.h | 8 ++++----
2 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/drivers/bluetooth/Kconfig b/drivers/bluetooth/Kconfig
index 4ab32abf0f48..7df69ccb6600 100644
--- a/drivers/bluetooth/Kconfig
+++ b/drivers/bluetooth/Kconfig
@@ -312,7 +312,9 @@ config BT_HCIBCM4377
config BT_HCIBPA10X
tristate "HCI BPA10x USB driver"
+ depends on BT_HCIUART
depends on USB
+ select BT_HCIUART_H4
help
Bluetooth HCI BPA10x USB driver.
This driver provides support for the Digianswer BPA 100/105 Bluetooth
@@ -437,8 +439,10 @@ config BT_MTKSDIO
config BT_MTKUART
tristate "MediaTek HCI UART driver"
+ depends on BT_HCIUART
depends on SERIAL_DEV_BUS
depends on USB || !BT_HCIBTUSB_MTK
+ select BT_HCIUART_H4
select BT_MTK
help
MediaTek Bluetooth HCI UART driver.
@@ -483,7 +487,9 @@ config BT_VIRTIO
config BT_NXPUART
tristate "NXP protocol support"
+ depends on BT_HCIUART
depends on SERIAL_DEV_BUS
+ select BT_HCIUART_H4
select CRC32
select CRC8
help
diff --git a/drivers/bluetooth/hci_uart.h b/drivers/bluetooth/hci_uart.h
index 5ea5dd80e297..cbbe79b241ce 100644
--- a/drivers/bluetooth/hci_uart.h
+++ b/drivers/bluetooth/hci_uart.h
@@ -121,10 +121,6 @@ void hci_uart_set_flow_control(struct hci_uart *hu, bool enable);
void hci_uart_set_speeds(struct hci_uart *hu, unsigned int init_speed,
unsigned int oper_speed);
-#ifdef CONFIG_BT_HCIUART_H4
-int h4_init(void);
-int h4_deinit(void);
-
struct h4_recv_pkt {
u8 type; /* Packet type */
u8 hlen; /* Header length */
@@ -162,6 +158,10 @@ struct h4_recv_pkt {
.lsize = 2, \
.maxlen = HCI_MAX_FRAME_SIZE \
+#ifdef CONFIG_BT_HCIUART_H4
+int h4_init(void);
+int h4_deinit(void);
+
struct sk_buff *h4_recv_buf(struct hci_dev *hdev, struct sk_buff *skb,
const unsigned char *buffer, int count,
const struct h4_recv_pkt *pkts, int pkts_count);
--
2.47.2
Powered by blists - more mailing lists