Hello Brian Gix,
The patch 275f3f648702: "Bluetooth: Fix not checking MGMT cmd pending
queue" from Mar 1, 2022, leads to the following Smatch static checker
warning:
net/bluetooth/mgmt.c:1587 mgmt_set_connectable_complete()
warn: variable dereferenced before check 'cmd' (see line 1579)
net/bluetooth/mgmt.c
1564 static void mgmt_set_connectable_complete(struct hci_dev *hdev, void *data,
1565 int err)
1566 {
1567 struct mgmt_pending_cmd *cmd = data;
1568
1569 bt_dev_dbg(hdev, "err %d", err);
1570
1571 /* Make sure cmd still outstanding. */
1572 if (cmd != pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
1573 return;
1574
1575 hci_dev_lock(hdev);
1576
1577 if (err) {
1578 u8 mgmt_err = mgmt_status(err);
1579 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
^^^^^^^
1580 goto done;
1581 }
1582
1583 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1584 new_settings(hdev, cmd->sk);
^^^^^^^
Dereferences.
1585
1586 done:
--> 1587 if (cmd)
^^^
The patch adds a new NULL check but the pointer has already been
dereferenced.
1588 mgmt_pending_remove(cmd);
1589
1590 hci_dev_unlock(hdev);
1591 }
regards,
dan carpenter
