Hi Kiran, url: https://github.com/0day-ci/linux/commits/Kiran-K/Bluetooth-Refactor-code-to-read-supported-codecs-in-getsockopt/20211115-144640 base: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git master config: i386-randconfig-m021-20211115 (attached as .config) compiler: gcc-9 (Debian 9.3.0-22) 9.3.0 If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <lkp@xxxxxxxxx> Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> New smatch warnings: net/bluetooth/hci_codec.c:388 hci_configure_msft_avdtp_open() warn: is 'cmd + 1' large enough for 'struct hci_media_service_caps'? s32min Old smatch warnings: net/bluetooth/hci_codec.c:399 hci_configure_msft_avdtp_open() error: uninitialized symbol 'err'. vim +388 net/bluetooth/hci_codec.c d9396dc909768b Kiran K 2021-11-15 359 int hci_configure_msft_avdtp_open(struct hci_dev *hdev, struct l2cap_chan *chan, d9396dc909768b Kiran K 2021-11-15 360 sockptr_t optval, int optlen) d9396dc909768b Kiran K 2021-11-15 361 { d9396dc909768b Kiran K 2021-11-15 362 struct msft_cp_avdtp_open *cmd = NULL; d9396dc909768b Kiran K 2021-11-15 363 struct hci_media_service_caps *caps; d9396dc909768b Kiran K 2021-11-15 364 int err; d9396dc909768b Kiran K 2021-11-15 365 d9396dc909768b Kiran K 2021-11-15 366 if (!optlen || optlen < sizeof(*caps)) { The kbuild-bot doesn't use cross function analysis so it doesn't know how this function is called. This check doesn't prevent negative values of "optlen" and the "!optlen" condition is not required. Of course, making "optlen" into an unsigned value changes it from a "negatives are not handled" warning into a "integer overflows are not handled" warning. One idea would be to just make sure this is called with valid values and ignore the warning. It probably should be disabled globally if you don't have the cross function database. Another idea would be to write this as: if (optlen < 0 || optlen < sizeof(*caps)) { Negatives don't really cause a problem though because copy_from_user() has a check for that added in commit 6d13de1489b6 ("uaccess: disallow > INT_MAX copy sizes"). regards, dan carpenter d9396dc909768b Kiran K 2021-11-15 367 err = -EINVAL; d9396dc909768b Kiran K 2021-11-15 368 goto fail; d9396dc909768b Kiran K 2021-11-15 369 } d9396dc909768b Kiran K 2021-11-15 370 d9396dc909768b Kiran K 2021-11-15 371 cmd = kzalloc(sizeof(*cmd) + optlen, GFP_KERNEL); d9396dc909768b Kiran K 2021-11-15 372 if (!cmd) { d9396dc909768b Kiran K 2021-11-15 373 err = -ENOMEM; d9396dc909768b Kiran K 2021-11-15 374 goto fail; d9396dc909768b Kiran K 2021-11-15 375 } d9396dc909768b Kiran K 2021-11-15 376 d9396dc909768b Kiran K 2021-11-15 377 cmd->sub_opcode = HCI_MSFT_AVDTP_OPEN; d9396dc909768b Kiran K 2021-11-15 378 cmd->handle = __cpu_to_le16(chan->conn->hcon->handle); d9396dc909768b Kiran K 2021-11-15 379 cmd->dcid = cpu_to_le16(chan->dcid); d9396dc909768b Kiran K 2021-11-15 380 cmd->omtu = cpu_to_le16(chan->omtu); d9396dc909768b Kiran K 2021-11-15 381 caps = (void *)(cmd + 1); d9396dc909768b Kiran K 2021-11-15 382 d9396dc909768b Kiran K 2021-11-15 383 if (copy_from_sockptr(caps, optval, optlen)) { d9396dc909768b Kiran K 2021-11-15 384 err = -EFAULT; d9396dc909768b Kiran K 2021-11-15 385 goto fail; d9396dc909768b Kiran K 2021-11-15 386 } d9396dc909768b Kiran K 2021-11-15 387 d9396dc909768b Kiran K 2021-11-15 @388 if (caps->category != 0x07) { --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx
