[BlueZ] btdev: Do not call auth_complete with NULL conn

Message ID	20231014194120.1884126-1-arkadiusz.bokowy@gmail.com
State	New
Headers	show Return-Path: <linux-bluetooth-owner@vger.kernel.org> From: Arkadiusz Bokowy <arkadiusz.bokowy@gmail.com> To: linux-bluetooth@vger.kernel.org Cc: Arkadiusz Bokowy <arkadiusz.bokowy@gmail.com> Subject: [PATCH BlueZ] btdev: Do not call auth_complete with NULL conn Date: Sat, 14 Oct 2023 21:41:20 +0200 Message-Id: <20231014194120.1884126-1-arkadiusz.bokowy@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	[BlueZ] btdev: Do not call auth_complete with NULL conn \| expand [BlueZ] btdev: Do not call auth_complete with NULL conn

Message ID

20231014194120.1884126-1-arkadiusz.bokowy@gmail.com

State

New

Headers

From: Arkadiusz Bokowy <arkadiusz.bokowy@gmail.com>
To: linux-bluetooth@vger.kernel.org
Cc: Arkadiusz Bokowy <arkadiusz.bokowy@gmail.com>
Subject: [PATCH BlueZ] btdev: Do not call auth_complete with NULL conn
Date: Sat, 14 Oct 2023 21:41:20 +0200
Message-Id: <20231014194120.1884126-1-arkadiusz.bokowy@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

[BlueZ] btdev: Do not call auth_complete with NULL conn | expand

Commit Message

Arkadiusz Bokowy Oct. 14, 2023, 7:41 p.m. UTC

Make sure that the auto_complete() function will not be called with the
NULL connection, because it is required by that function.

** NOTE FOR REVIEWERS **
The change in the cmd_link_key_reply_complete() function was done based
on the code from other *_complete() functions. In most of them, in case
of NULL connection the conn_complete() was used instead. But I'm not
100% sure that it's the right approach (not even 90% sure...).
---
 emulator/btdev.c | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

Comments

bluez.test.bot@gmail.com Oct. 14, 2023, 9:16 p.m. UTC | #1

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=793242

---Test result---

Test Summary:
CheckPatch                    PASS      0.52 seconds
GitLint                       PASS      0.35 seconds
BuildEll                      PASS      29.36 seconds
BluezMake                     PASS      900.58 seconds
MakeCheck                     PASS      12.56 seconds
MakeDistcheck                 PASS      178.02 seconds
CheckValgrind                 PASS      277.59 seconds
CheckSmatch                   WARNING   368.83 seconds
bluezmakeextell               PASS      119.38 seconds
IncrementalBuild              PASS      753.77 seconds
ScanBuild                     WARNING   1122.62 seconds

Details
##############################
Test: CheckSmatch - WARNING
Desc: Run smatch tool with source
Output:
emulator/btdev.c:420:29: warning: Variable length array is used.
##############################
Test: ScanBuild - WARNING
Desc: Run Scan Build
Output:
emulator/btdev.c:1083:10: warning: Although the value stored to 'conn' is used in the enclosing expression, the value is never actually read from 'conn'
        while ((conn = queue_find(dev->conns, match_handle,
                ^      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
emulator/btdev.c:1334:24: warning: Access to field 'link' results in a dereference of a null pointer (loaded from variable 'conn')
        pending_conn_del(dev, conn->link->dev);
                              ^~~~~~~~~~
2 warnings generated.



---
Regards,
Linux Bluetooth

diff --git a/emulator/btdev.c b/emulator/btdev.c
index c76b89db9..2564d96f2 100644
--- a/emulator/btdev.c
+++ b/emulator/btdev.c
@@ -1453,7 +1453,7 @@  static void auth_complete(struct btdev_conn *conn, uint8_t status)
 
 	memset(&ev, 0, sizeof(ev));
 
-	ev.handle = conn ? cpu_to_le16(conn->handle) : 0x0000;
+	ev.handle = cpu_to_le16(conn->handle);
 	ev.status = status;
 
 	send_event(conn->dev, BT_HCI_EVT_AUTH_COMPLETE, &ev, sizeof(ev));
@@ -1491,10 +1491,10 @@  static int cmd_link_key_reply_complete(struct btdev *dev, const void *data,
 		status = BT_HCI_ERR_AUTH_FAILURE;
 
 done:
-	auth_complete(conn, status);
-
 	if (conn)
 		auth_complete(conn->link, status);
+	else
+		conn_complete(dev, cmd->bdaddr, status);
 
 	return 0;
 }
@@ -1681,28 +1681,25 @@  static int cmd_pin_code_neg_reply_complete(struct btdev *dev, const void *data,
 							uint8_t len)
 {
 	const struct bt_hci_cmd_pin_code_request_neg_reply *cmd = data;
+	const uint8_t status = BT_HCI_ERR_PIN_OR_KEY_MISSING;
 	struct btdev *remote;
 	struct btdev_conn *conn;
-	uint8_t status;
 
 	remote = find_btdev_by_bdaddr(cmd->bdaddr);
 	if (!remote)
 		return 0;
 
-	status = BT_HCI_ERR_PIN_OR_KEY_MISSING;
-
 	conn = queue_find(dev->conns, match_bdaddr, cmd->bdaddr);
 	if (conn)
 		auth_complete(conn, status);
 	else
-		conn_complete(dev, cmd->bdaddr, BT_HCI_ERR_PIN_OR_KEY_MISSING);
+		conn_complete(dev, cmd->bdaddr, status);
 
 	if (conn) {
 		if (remote->pin_len)
 			auth_complete(conn->link, status);
 	} else {
-		conn_complete(remote, dev->bdaddr,
-					BT_HCI_ERR_PIN_OR_KEY_MISSING);
+		conn_complete(remote, dev->bdaddr, status);
 	}
 
 	return 0;