| Message ID | tencent_410DFAA59E0DBA9213DDE8DD9399584FDB07@qq.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | Bluetooth: handle value is too large should not be used in BIG | expand |
This is automated email and please do not reply to this email! Dear submitter, Thank you for submitting the patches to the linux bluetooth mailing list. This is a CI test results with your patch series: PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=862371 ---Test result--- Test Summary: CheckPatch PASS 0.47 seconds GitLint PASS 0.19 seconds SubjectPrefix PASS 0.05 seconds BuildKernel PASS 30.65 seconds CheckAllWarning PASS 33.08 seconds CheckSparse WARNING 38.43 seconds CheckSmatch WARNING 103.85 seconds BuildKernel32 PASS 29.56 seconds TestRunnerSetup PASS 533.58 seconds TestRunner_l2cap-tester PASS 18.51 seconds TestRunner_iso-tester PASS 37.01 seconds TestRunner_bnep-tester PASS 4.80 seconds TestRunner_mgmt-tester FAIL 113.65 seconds TestRunner_rfcomm-tester PASS 7.67 seconds TestRunner_sco-tester PASS 17.04 seconds TestRunner_ioctl-tester PASS 7.94 seconds TestRunner_mesh-tester PASS 5.89 seconds TestRunner_smp-tester PASS 6.91 seconds TestRunner_userchan-tester PASS 5.06 seconds IncrementalBuild PASS 28.50 seconds Details ############################## Test: CheckSparse - WARNING Desc: Run sparse tool with linux kernel Output: net/bluetooth/hci_event.c: note: in included file (through include/net/bluetooth/hci_core.h): ############################## Test: CheckSmatch - WARNING Desc: Run smatch tool with source Output: net/bluetooth/hci_event.c: note: in included file (through include/net/bluetooth/hci_core.h): ############################## Test: TestRunner_mgmt-tester - FAIL Desc: Run mgmt-tester with test-runner Output: Total: 492, Passed: 489 (99.4%), Failed: 1, Not Run: 2 Failed Test Cases LL Privacy - Add Device 5 (2 Devices to RL) Failed 0.174 seconds --- Regards, Linux Bluetooth
Dear Edward, Thank you for your patch. It’d be nice if you made the commit message about the action, like: Bluetooth: Ignore too large handle values in BIG Am 16.06.24 um 15:21 schrieb Edward Adam Davis: > hci_le_big_sync_established_evt is necessary to filter out cases where the > handle value is belone to ida id range, otherwise ida will be erroneously belone? Is it belonging? > released in hci_conn_cleanup. > > Fixes: 181a42edddf5 ("Bluetooth: Make handle of hci_conn be unique") > Reported-by: syzbot+b2545b087a01a7319474@syzkaller.appspotmail.com > Closes: https://syzkaller.appspot.com/bug?extid=b2545b087a01a7319474 > Signed-off-by: Edward Adam Davis <eadavis@qq.com> > --- > net/bluetooth/hci_event.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c > index a487f9df8145..eb1d5a2c48ee 100644 > --- a/net/bluetooth/hci_event.c > +++ b/net/bluetooth/hci_event.c > @@ -6893,6 +6893,9 @@ static void hci_le_big_sync_established_evt(struct hci_dev *hdev, void *data, > > bis = hci_conn_hash_lookup_handle(hdev, handle); > if (!bis) { > + if (handle > HCI_CONN_HANDLE_MAX) > + continue; > + Should some debug message be printed? > bis = hci_conn_add(hdev, ISO_LINK, BDADDR_ANY, > HCI_ROLE_SLAVE, handle); > if (IS_ERR(bis)) Kind regards, Paul
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index a487f9df8145..eb1d5a2c48ee 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -6893,6 +6893,9 @@ static void hci_le_big_sync_established_evt(struct hci_dev *hdev, void *data, bis = hci_conn_hash_lookup_handle(hdev, handle); if (!bis) { + if (handle > HCI_CONN_HANDLE_MAX) + continue; + bis = hci_conn_add(hdev, ISO_LINK, BDADDR_ANY, HCI_ROLE_SLAVE, handle); if (IS_ERR(bis))
hci_le_big_sync_established_evt is necessary to filter out cases where the handle value is belone to ida id range, otherwise ida will be erroneously released in hci_conn_cleanup. Fixes: 181a42edddf5 ("Bluetooth: Make handle of hci_conn be unique") Reported-by: syzbot+b2545b087a01a7319474@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=b2545b087a01a7319474 Signed-off-by: Edward Adam Davis <eadavis@qq.com> --- net/bluetooth/hci_event.c | 3 +++ 1 file changed, 3 insertions(+)