[PW_SID:1059479] [v2] Bluetooth: HIDP: cap report descriptor size in HID setup by BluezTestBot · Pull Request #3338 · BluezTestBot/bluetooth-next

BluezTestBot · 2026-02-28T17:45:56Z

hidp_setup_hid() duplicates the report descriptor from userspace based on
req->rd_size. Large values can trigger oversized copies.

Do not reject the connection when rd_size exceeds
HID_MAX_DESCRIPTOR_SIZE. Instead, cap rd_size in hidp_setup_hid()
and use the capped value for memdup_user() and session->rd_size.

This keeps compatibility with existing userspace behavior while
bounding memory usage in the HID setup path.

Signed-off-by: Yufan Chen ericterminal@gmail.com

net/bluetooth/hidp/core.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)

This patch adds workflow files for ci: [sync.yml] - The workflow file for scheduled work - Sync the repo with upstream repo and rebase the workflow branch - Review the patches in the patchwork and creates the PR if needed [ci.yml] - The workflow file for CI tasks - Run CI tests when PR is created Signed-off-by: Tedd Ho-Jeong An <tedd.an@intel.com>

hidp_setup_hid() duplicates the report descriptor from userspace based on req->rd_size. Large values can trigger oversized copies. Do not reject the connection when rd_size exceeds HID_MAX_DESCRIPTOR_SIZE. Instead, cap rd_size in hidp_setup_hid() and use the capped value for memdup_user() and session->rd_size. This keeps compatibility with existing userspace behavior while bounding memory usage in the HID setup path. Signed-off-by: Yufan Chen <ericterminal@gmail.com>

github-actions · 2026-02-28T17:49:16Z

CheckPatch
Desc: Run checkpatch.pl script
Duration: 0.32 seconds
Result: PENDING

github-actions · 2026-02-28T17:49:17Z

GitLint
Desc: Run gitlint
Duration: 0.19 seconds
Result: PENDING

github-actions · 2026-02-28T17:49:18Z

SubjectPrefix
Desc: Check subject contains "Bluetooth" prefix
Duration: 0.13 seconds
Result: PASS

github-actions · 2026-02-28T17:49:49Z

BuildKernel
Desc: Build Kernel for Bluetooth
Duration: 26.70 seconds
Result: PASS

github-actions · 2026-02-28T17:50:23Z

CheckAllWarning
Desc: Run linux kernel with all warning enabled
Duration: 29.21 seconds
Result: PASS

github-actions · 2026-02-28T17:51:00Z

CheckSparse
Desc: Run sparse tool with linux kernel
Duration: 33.20 seconds
Result: WARNING
Output:

net/bluetooth/hidp/core.c:1477:1: error: bad constant expressionnet/bluetooth/hidp/core.c:1478:1: error: bad constant expressionnet/bluetooth/hidp/core.c:1479:1: error: bad constant expressionnet/bluetooth/hidp/core.c:1480:1: error: bad constant expressionnet/bluetooth/hidp/core.c:1481:1: error: bad constant expressionnet/bluetooth/hidp/core.c:1481:1: error: bad constant expressionnet/bluetooth/hidp/core.c:1482:1: error: bad constant expression

github-actions · 2026-02-28T17:51:30Z

BuildKernel32
Desc: Build 32bit Kernel for Bluetooth
Duration: 25.72 seconds
Result: PASS

github-actions · 2026-02-28T18:01:00Z

TestRunnerSetup
Desc: Setup kernel and bluez for test-runner
Duration: 569.31 seconds
Result: PASS

github-actions · 2026-02-28T18:01:35Z

TestRunner_l2cap-tester
Desc: Run l2cap-tester with test-runner
Duration: 34.63 seconds
Result: FAIL
Output:

Total: 96, Passed: 94 (97.9%), Failed: 2, Not Run: 0

Failed Test Cases
L2CAP LE Client - Read 32k Success                   Timed out    2.398 seconds
L2CAP LE Client - RX Timestamping 32k                Timed out    1.891 seconds

github-actions · 2026-02-28T18:02:41Z

TestRunner_iso-tester
Desc: Run iso-tester with test-runner
Duration: 65.28 seconds
Result: FAIL
Output:

BUG: KASAN: slab-use-after-free in le_read_features_complete+0x7e/0x2b0
Total: 141, Passed: 141 (100.0%), Failed: 0, Not Run: 0

github-actions · 2026-02-28T18:02:48Z

TestRunner_bnep-tester
Desc: Run bnep-tester with test-runner
Duration: 6.43 seconds
Result: PASS

github-actions · 2026-02-28T18:04:53Z

TestRunner_mgmt-tester
Desc: Run mgmt-tester with test-runner
Duration: 124.24 seconds
Result: FAIL
Output:

Total: 494, Passed: 489 (99.0%), Failed: 1, Not Run: 4

Failed Test Cases
Read Exp Feature - Success                           Failed       0.112 seconds

github-actions · 2026-02-28T18:05:03Z

TestRunner_rfcomm-tester
Desc: Run rfcomm-tester with test-runner
Duration: 9.57 seconds
Result: PASS

github-actions · 2026-02-28T18:05:18Z

TestRunner_sco-tester
Desc: Run sco-tester with test-runner
Duration: 14.69 seconds
Result: FAIL
Output:

WARNING: possible circular locking dependency detected
BUG: sleeping function called from invalid context at net/core/sock.c:3782
Total: 30, Passed: 30 (100.0%), Failed: 0, Not Run: 0

github-actions · 2026-02-28T18:05:29Z

TestRunner_ioctl-tester
Desc: Run ioctl-tester with test-runner
Duration: 10.30 seconds
Result: PASS

github-actions · 2026-02-28T18:05:41Z

TestRunner_mesh-tester
Desc: Run mesh-tester with test-runner
Duration: 11.42 seconds
Result: FAIL
Output:

Total: 10, Passed: 8 (80.0%), Failed: 2, Not Run: 0

Failed Test Cases
Mesh - Send cancel - 1                               Timed out    1.786 seconds
Mesh - Send cancel - 2                               Timed out    1.996 seconds

github-actions · 2026-02-28T18:05:51Z

TestRunner_smp-tester
Desc: Run smp-tester with test-runner
Duration: 8.82 seconds
Result: PASS

github-actions · 2026-02-28T18:05:58Z

TestRunner_userchan-tester
Desc: Run userchan-tester with test-runner
Duration: 6.75 seconds
Result: PASS

github-actions · 2026-02-28T18:05:59Z

IncrementalBuild
Desc: Incremental build with the patches in the series
Duration: 0.71 seconds
Result: PENDING

tedd-an and others added 2 commits February 27, 2026 19:20

github-actions bot force-pushed the workflow branch 2 times, most recently from f27164a to e9dd054 Compare March 2, 2026 21:39

Conversation

BluezTestBot commented Feb 28, 2026

Signed-off-by: Yufan Chen ericterminal@gmail.com

Uh oh!

github-actions bot commented Feb 28, 2026

Uh oh!

github-actions bot commented Feb 28, 2026

Uh oh!

github-actions bot commented Feb 28, 2026

Uh oh!

github-actions bot commented Feb 28, 2026

Uh oh!

github-actions bot commented Feb 28, 2026

Uh oh!

github-actions bot commented Feb 28, 2026

Uh oh!

github-actions bot commented Feb 28, 2026

Uh oh!

github-actions bot commented Feb 28, 2026

Uh oh!

github-actions bot commented Feb 28, 2026

Uh oh!

github-actions bot commented Feb 28, 2026

Uh oh!

github-actions bot commented Feb 28, 2026

Uh oh!

github-actions bot commented Feb 28, 2026

Uh oh!

github-actions bot commented Feb 28, 2026

Uh oh!

github-actions bot commented Feb 28, 2026

Uh oh!

github-actions bot commented Feb 28, 2026

Uh oh!

github-actions bot commented Feb 28, 2026

Uh oh!

github-actions bot commented Feb 28, 2026

Uh oh!

github-actions bot commented Feb 28, 2026

Uh oh!

github-actions bot commented Feb 28, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants