From 2d2a47c8395f6bc6127fc601fabd4dd0bc518a03 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 11 Apr 2024 11:22:25 +0200
Subject: [PATCH] 5.10-stable patches

added patches:
	bluetooth-btintel-fixe-build-regression.patch
	vmci-fix-possible-memcpy-run-time-warning-in-vmci_datagram_invoke_guest_handler.patch
---
 ...etooth-btintel-fixe-build-regression.patch | 39 +++++++++++++++++++
 queue-5.10/series                             |  2 +
 ...n-vmci_datagram_invoke_guest_handler.patch | 36 +++++++++++++++++
 3 files changed, 77 insertions(+)
 create mode 100644 queue-5.10/bluetooth-btintel-fixe-build-regression.patch
 create mode 100644 queue-5.10/vmci-fix-possible-memcpy-run-time-warning-in-vmci_datagram_invoke_guest_handler.patch

diff --git a/queue-5.10/bluetooth-btintel-fixe-build-regression.patch b/queue-5.10/bluetooth-btintel-fixe-build-regression.patch
new file mode 100644
index 0000000000..00b7775cf1
--- /dev/null
+++ b/queue-5.10/bluetooth-btintel-fixe-build-regression.patch
@@ -0,0 +1,39 @@
+From 6e62ebfb49eb65bdcbfc5797db55e0ce7f79c3dd Mon Sep 17 00:00:00 2001
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Date: Fri, 23 Feb 2024 12:36:23 -0500
+Subject: Bluetooth: btintel: Fixe build regression
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+commit 6e62ebfb49eb65bdcbfc5797db55e0ce7f79c3dd upstream.
+
+This fixes the following build regression:
+
+drivers-bluetooth-btintel.c-btintel_read_version()-warn:
+passing-zero-to-PTR_ERR
+
+Fixes: b79e04091010 ("Bluetooth: btintel: Fix null ptr deref in btintel_read_version")
+Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/bluetooth/btintel.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/bluetooth/btintel.c
++++ b/drivers/bluetooth/btintel.c
+@@ -344,13 +344,13 @@ int btintel_read_version(struct hci_dev
+ 	struct sk_buff *skb;
+ 
+ 	skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_CMD_TIMEOUT);
+-	if (IS_ERR_OR_NULL(skb)) {
++	if (IS_ERR(skb)) {
+ 		bt_dev_err(hdev, "Reading Intel version information failed (%ld)",
+ 			   PTR_ERR(skb));
+ 		return PTR_ERR(skb);
+ 	}
+ 
+-	if (skb->len != sizeof(*ver)) {
++	if (!skb || skb->len != sizeof(*ver)) {
+ 		bt_dev_err(hdev, "Intel version event size mismatch");
+ 		kfree_skb(skb);
+ 		return -EILSEQ;
diff --git a/queue-5.10/series b/queue-5.10/series
index 13c7b89594..526876f0a6 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -286,3 +286,5 @@ tty-n_gsm-require-cap_net_admin-to-attach-n_gsm0710-ldisc.patch
 virtio-reenable-config-if-freezing-device-failed.patch
 x86-mm-pat-fix-vm_pat-handling-in-cow-mappings.patch
 drm-i915-gt-reset-queue_priority_hint-on-parking.patch
+bluetooth-btintel-fixe-build-regression.patch
+vmci-fix-possible-memcpy-run-time-warning-in-vmci_datagram_invoke_guest_handler.patch
diff --git a/queue-5.10/vmci-fix-possible-memcpy-run-time-warning-in-vmci_datagram_invoke_guest_handler.patch b/queue-5.10/vmci-fix-possible-memcpy-run-time-warning-in-vmci_datagram_invoke_guest_handler.patch
new file mode 100644
index 0000000000..a48f3d9e30
--- /dev/null
+++ b/queue-5.10/vmci-fix-possible-memcpy-run-time-warning-in-vmci_datagram_invoke_guest_handler.patch
@@ -0,0 +1,36 @@
+From e606e4b71798cc1df20e987dde2468e9527bd376 Mon Sep 17 00:00:00 2001
+From: Vasiliy Kovalev <kovalev@altlinux.org>
+Date: Mon, 19 Feb 2024 13:53:15 +0300
+Subject: VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()
+
+From: Vasiliy Kovalev <kovalev@altlinux.org>
+
+commit e606e4b71798cc1df20e987dde2468e9527bd376 upstream.
+
+The changes are similar to those given in the commit 19b070fefd0d
+("VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()").
+
+Fix filling of the msg and msg_payload in dg_info struct, which prevents a
+possible "detected field-spanning write" of memcpy warning that is issued
+by the tracking mechanism __fortify_memcpy_chk.
+
+Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>
+Link: https://lore.kernel.org/r/20240219105315.76955-1-kovalev@altlinux.org
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/misc/vmw_vmci/vmci_datagram.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/misc/vmw_vmci/vmci_datagram.c
++++ b/drivers/misc/vmw_vmci/vmci_datagram.c
+@@ -378,7 +378,8 @@ int vmci_datagram_invoke_guest_handler(s
+ 
+ 		dg_info->in_dg_host_queue = false;
+ 		dg_info->entry = dst_entry;
+-		memcpy(&dg_info->msg, dg, VMCI_DG_SIZE(dg));
++		dg_info->msg = *dg;
++		memcpy(&dg_info->msg_payload, dg + 1, dg->payload_size);
+ 
+ 		INIT_WORK(&dg_info->work, dg_delayed_dispatch);
+ 		schedule_work(&dg_info->work);
-- 
2.39.2