Hello Chethan T N,
The patch f4f9fa0c07bb: "Bluetooth: Allow usb to auto-suspend when
SCO use non-HCI transport" from Sep 7, 2021, leads to the following
Smatch static checker warning:
net/bluetooth/hci_event.c:4534 hci_sync_conn_complete_evt()
error: uninitialized symbol 'notify_evt'.
net/bluetooth/hci_event.c
4442 static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
4443 struct sk_buff *skb)
4444 {
4445 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
4446 struct hci_conn *conn;
4447 unsigned int notify_evt;
4448
4449 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
4450
4451 hci_dev_lock(hdev);
4452
4453 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
4454 if (!conn) {
4455 if (ev->link_type == ESCO_LINK)
4456 goto unlock;
4457
4458 /* When the link type in the event indicates SCO connection
4459 * and lookup of the connection object fails, then check
4460 * if an eSCO connection object exists.
4461 *
4462 * The core limits the synchronous connections to either
4463 * SCO or eSCO. The eSCO connection is preferred and tried
4464 * to be setup first and until successfully established,
4465 * the link type will be hinted as eSCO.
4466 */
4467 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
4468 if (!conn)
4469 goto unlock;
4470 }
4471
4472 switch (ev->status) {
4473 case 0x00:
4474 /* The synchronous connection complete event should only be
4475 * sent once per new connection. Receiving a successful
4476 * complete event when the connection status is already
4477 * BT_CONNECTED means that the device is misbehaving and sent
4478 * multiple complete event packets for the same new connection.
4479 *
4480 * Registering the device more than once can corrupt kernel
4481 * memory, hence upon detecting this invalid event, we report
4482 * an error and ignore the packet.
4483 */
4484 if (conn->state == BT_CONNECTED) {
4485 bt_dev_err(hdev, "Ignoring connect complete event for existing connection");
4486 goto unlock;
4487 }
4488
4489 conn->handle = __le16_to_cpu(ev->handle);
4490 conn->state = BT_CONNECTED;
4491 conn->type = ev->link_type;
4492
4493 hci_debugfs_create_conn(conn);
4494 hci_conn_add_sysfs(conn);
4495 break;
4496
4497 case 0x10: /* Connection Accept Timeout */
4498 case 0x0d: /* Connection Rejected due to Limited Resources */
4499 case 0x11: /* Unsupported Feature or Parameter Value */
4500 case 0x1c: /* SCO interval rejected */
4501 case 0x1a: /* Unsupported Remote Feature */
4502 case 0x1e: /* Invalid LMP Parameters */
4503 case 0x1f: /* Unspecified error */
4504 case 0x20: /* Unsupported LMP Parameter value */
4505 if (conn->out) {
4506 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
4507 (hdev->esco_type & EDR_ESCO_MASK);
4508 if (hci_setup_sync(conn, conn->link->handle))
4509 goto unlock;
4510 }
4511 fallthrough;
4512
4513 default:
4514 conn->state = BT_CLOSED;
4515 break;
4516 }
4517
4518 bt_dev_dbg(hdev, "SCO connected with air mode: %02x", ev->air_mode);
4519
4520 switch (ev->air_mode) {
4521 case 0x02:
4522 notify_evt = HCI_NOTIFY_ENABLE_SCO_CVSD;
4523 break;
4524 case 0x03:
4525 notify_evt = HCI_NOTIFY_ENABLE_SCO_TRANSP;
4526 break;
notify_evt not initlaised on default: case.
4527 }
4528
4529 /* Notify only in case of SCO over HCI transport data path which
4530 * is zero and non-zero value shall be non-HCI transport data path
4531 */
4532 if (conn->codec.data_path == 0) {
4533 if (hdev->notify)
--> 4534 hdev->notify(hdev, notify_evt);
4535 }
4536
4537 hci_connect_cfm(conn, ev->status);
4538 if (ev->status)
4539 hci_conn_del(conn);
4540
4541 unlock:
4542 hci_dev_unlock(hdev);
4543 }
regards,
dan carpenter
