CC: [email protected] In-Reply-To: <20211202231123.v7.1.Ic0a40b84dee3825302890aaea690e73165c71820@changeid> References: <20211202231123.v7.1.Ic0a40b84dee3825302890aaea690e73165c71820@changeid> TO: Manish Mandlik <[email protected]> TO: [email protected] TO: [email protected] CC: [email protected] CC: [email protected] CC: Manish Mandlik <[email protected]> CC: "Miao-chen Chou" <[email protected]> CC: Jakub Kicinski <[email protected]> CC: Johan Hedberg <[email protected]> CC: [email protected] CC: [email protected]
Hi Manish, Thank you for the patch! Perhaps something to improve: [auto build test WARNING on bluetooth-next/master] [also build test WARNING on next-20211203] [cannot apply to bluetooth/master v5.16-rc3] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch] url: https://github.com/0day-ci/linux/commits/Manish-Mandlik/bluetooth-Handle-MSFT-Monitor-Device-Event/20211203-151659 base: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git master :::::: branch date: 2 days ago :::::: commit date: 2 days ago config: x86_64-randconfig-m001-20211203 (https://download.01.org/0day-ci/archive/20211205/[email protected]/config) compiler: gcc-9 (Debian 9.3.0-22) 9.3.0 If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <[email protected]> Reported-by: Dan Carpenter <[email protected]> smatch warnings: net/bluetooth/msft.c:312 msft_le_cancel_monitor_advertisement_cb() error: dereferencing freed memory 'handle_data' vim +/handle_data +312 net/bluetooth/msft.c ce81843be24e9d Manish Mandlik 2021-09-21 265 182ee45da083db Luiz Augusto von Dentz 2021-10-27 266 static void msft_le_cancel_monitor_advertisement_cb(struct hci_dev *hdev, 182ee45da083db Luiz Augusto von Dentz 2021-10-27 267 u8 status, u16 opcode, 182ee45da083db Luiz Augusto von Dentz 2021-10-27 268 struct sk_buff *skb) ce81843be24e9d Manish Mandlik 2021-09-21 269 { 182ee45da083db Luiz Augusto von Dentz 2021-10-27 270 struct msft_cp_le_cancel_monitor_advertisement *cp; 182ee45da083db Luiz Augusto von Dentz 2021-10-27 271 struct msft_rp_le_cancel_monitor_advertisement *rp; 182ee45da083db Luiz Augusto von Dentz 2021-10-27 272 struct adv_monitor *monitor; 182ee45da083db Luiz Augusto von Dentz 2021-10-27 273 struct msft_monitor_advertisement_handle_data *handle_data; ce81843be24e9d Manish Mandlik 2021-09-21 274 struct msft_data *msft = hdev->msft_data; 182ee45da083db Luiz Augusto von Dentz 2021-10-27 275 int err; 182ee45da083db Luiz Augusto von Dentz 2021-10-27 276 bool pending; eb96f195e598b7 Manish Mandlik 2021-12-02 277 struct monitored_device *dev, *tmp; ce81843be24e9d Manish Mandlik 2021-09-21 278 182ee45da083db Luiz Augusto von Dentz 2021-10-27 279 if (status) 182ee45da083db Luiz Augusto von Dentz 2021-10-27 280 goto done; 182ee45da083db Luiz Augusto von Dentz 2021-10-27 281 182ee45da083db Luiz Augusto von Dentz 2021-10-27 282 rp = (struct msft_rp_le_cancel_monitor_advertisement *)skb->data; 182ee45da083db Luiz Augusto von Dentz 2021-10-27 283 if (skb->len < sizeof(*rp)) { 182ee45da083db Luiz Augusto von Dentz 2021-10-27 284 status = HCI_ERROR_UNSPECIFIED; 182ee45da083db Luiz Augusto von Dentz 2021-10-27 285 goto done; 182ee45da083db Luiz Augusto von Dentz 2021-10-27 286 } 182ee45da083db Luiz Augusto von Dentz 2021-10-27 287 182ee45da083db Luiz Augusto von Dentz 2021-10-27 288 hci_dev_lock(hdev); 182ee45da083db Luiz Augusto von Dentz 2021-10-27 289 182ee45da083db Luiz Augusto von Dentz 2021-10-27 290 cp = hci_sent_cmd_data(hdev, hdev->msft_opcode); 182ee45da083db Luiz Augusto von Dentz 2021-10-27 291 handle_data = msft_find_handle_data(hdev, cp->handle, false); 182ee45da083db Luiz Augusto von Dentz 2021-10-27 292 182ee45da083db Luiz Augusto von Dentz 2021-10-27 293 if (handle_data) { 182ee45da083db Luiz Augusto von Dentz 2021-10-27 294 monitor = idr_find(&hdev->adv_monitors_idr, 182ee45da083db Luiz Augusto von Dentz 2021-10-27 295 handle_data->mgmt_handle); 182ee45da083db Luiz Augusto von Dentz 2021-10-27 296 182ee45da083db Luiz Augusto von Dentz 2021-10-27 297 if (monitor && monitor->state == ADV_MONITOR_STATE_OFFLOADED) 182ee45da083db Luiz Augusto von Dentz 2021-10-27 298 monitor->state = ADV_MONITOR_STATE_REGISTERED; 182ee45da083db Luiz Augusto von Dentz 2021-10-27 299 182ee45da083db Luiz Augusto von Dentz 2021-10-27 300 /* Do not free the monitor if it is being removed due to 182ee45da083db Luiz Augusto von Dentz 2021-10-27 301 * suspend. It will be re-monitored on resume. 182ee45da083db Luiz Augusto von Dentz 2021-10-27 302 */ 182ee45da083db Luiz Augusto von Dentz 2021-10-27 303 if (monitor && !msft->suspending) 182ee45da083db Luiz Augusto von Dentz 2021-10-27 304 hci_free_adv_monitor(hdev, monitor); 182ee45da083db Luiz Augusto von Dentz 2021-10-27 305 182ee45da083db Luiz Augusto von Dentz 2021-10-27 306 list_del(&handle_data->list); 182ee45da083db Luiz Augusto von Dentz 2021-10-27 307 kfree(handle_data); eb96f195e598b7 Manish Mandlik 2021-12-02 308 eb96f195e598b7 Manish Mandlik 2021-12-02 309 /* Clear any monitored devices by this Adv Monitor */ eb96f195e598b7 Manish Mandlik 2021-12-02 310 list_for_each_entry_safe(dev, tmp, &hdev->monitored_devices, eb96f195e598b7 Manish Mandlik 2021-12-02 311 list) { eb96f195e598b7 Manish Mandlik 2021-12-02 @312 if (dev->handle == handle_data->mgmt_handle) { eb96f195e598b7 Manish Mandlik 2021-12-02 313 list_del(&dev->list); eb96f195e598b7 Manish Mandlik 2021-12-02 314 kfree(dev); eb96f195e598b7 Manish Mandlik 2021-12-02 315 } eb96f195e598b7 Manish Mandlik 2021-12-02 316 } 182ee45da083db Luiz Augusto von Dentz 2021-10-27 317 } 182ee45da083db Luiz Augusto von Dentz 2021-10-27 318 182ee45da083db Luiz Augusto von Dentz 2021-10-27 319 /* If remove all monitors is required, we need to continue the process 182ee45da083db Luiz Augusto von Dentz 2021-10-27 320 * here because the earlier it was paused when waiting for the 182ee45da083db Luiz Augusto von Dentz 2021-10-27 321 * response from controller. 182ee45da083db Luiz Augusto von Dentz 2021-10-27 322 */ 182ee45da083db Luiz Augusto von Dentz 2021-10-27 323 if (msft->pending_remove_handle == 0) { 182ee45da083db Luiz Augusto von Dentz 2021-10-27 324 pending = hci_remove_all_adv_monitor(hdev, &err); 182ee45da083db Luiz Augusto von Dentz 2021-10-27 325 if (pending) { 182ee45da083db Luiz Augusto von Dentz 2021-10-27 326 hci_dev_unlock(hdev); ce81843be24e9d Manish Mandlik 2021-09-21 327 return; 182ee45da083db Luiz Augusto von Dentz 2021-10-27 328 } 182ee45da083db Luiz Augusto von Dentz 2021-10-27 329 182ee45da083db Luiz Augusto von Dentz 2021-10-27 330 if (err) 182ee45da083db Luiz Augusto von Dentz 2021-10-27 331 status = HCI_ERROR_UNSPECIFIED; 182ee45da083db Luiz Augusto von Dentz 2021-10-27 332 } 182ee45da083db Luiz Augusto von Dentz 2021-10-27 333 182ee45da083db Luiz Augusto von Dentz 2021-10-27 334 hci_dev_unlock(hdev); 182ee45da083db Luiz Augusto von Dentz 2021-10-27 335 182ee45da083db Luiz Augusto von Dentz 2021-10-27 336 done: 182ee45da083db Luiz Augusto von Dentz 2021-10-27 337 if (!msft->suspending) 182ee45da083db Luiz Augusto von Dentz 2021-10-27 338 hci_remove_adv_monitor_complete(hdev, status); 182ee45da083db Luiz Augusto von Dentz 2021-10-27 339 } 182ee45da083db Luiz Augusto von Dentz 2021-10-27 340 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/[email protected] _______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
