Patch "Bluetooth: hci_event: shut up a false-positive warning" has been added to the 6.1-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Fri, 22 Dec 2023 18:02:48 -0500

This is a note to let you know that I've just added the patch titled

    Bluetooth: hci_event: shut up a false-positive warning

to the 6.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     bluetooth-hci_event-shut-up-a-false-positive-warning.patch
and it can be found in the queue-6.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 4b4870b16776a4abede8b33c9caf6d35901d94d1
Author: Arnd Bergmann <arnd@xxxxxxxx>
Date:   Wed Nov 22 23:17:44 2023 +0100

    Bluetooth: hci_event: shut up a false-positive warning
    
    [ Upstream commit a5812c68d849505ea657f653446512b85887f813 ]
    
    Turning on -Wstringop-overflow globally exposed a misleading compiler
    warning in bluetooth:
    
    net/bluetooth/hci_event.c: In function 'hci_cc_read_class_of_dev':
    net/bluetooth/hci_event.c:524:9: error: 'memcpy' writing 3 bytes into a
    region of size 0 overflows the destination [-Werror=stringop-overflow=]
      524 |         memcpy(hdev->dev_class, rp->dev_class, 3);
          |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    The problem here is the check for hdev being NULL in bt_dev_dbg() that
    leads the compiler to conclude that hdev->dev_class might be an invalid
    pointer access.
    
    Add another explicit check for the same condition to make sure gcc sees
    this cannot happen.
    
    Fixes: a9de9248064b ("[Bluetooth] Switch from OGF+OCF to using only opcodes")
    Fixes: 1b56c90018f0 ("Makefile: Enable -Wstringop-overflow globally")
    Signed-off-by: Arnd Bergmann <arnd@xxxxxxxx>
    Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index c86a45344fe28..5e406e8716a0e 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -515,6 +515,9 @@ static u8 hci_cc_read_class_of_dev(struct hci_dev *hdev, void *data,
 {
 	struct hci_rp_read_class_of_dev *rp = data;
 
+	if (WARN_ON(!hdev))
+		return HCI_ERROR_UNSPECIFIED;
+
 	bt_dev_dbg(hdev, "status 0x%2.2x", rp->status);
 
 	if (rp->status)







