--- /dev/null
+From 6e62ebfb49eb65bdcbfc5797db55e0ce7f79c3dd Mon Sep 17 00:00:00 2001
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Date: Fri, 23 Feb 2024 12:36:23 -0500
+Subject: Bluetooth: btintel: Fixe build regression
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+commit 6e62ebfb49eb65bdcbfc5797db55e0ce7f79c3dd upstream.
+
+This fixes the following build regression:
+
+drivers-bluetooth-btintel.c-btintel_read_version()-warn:
+passing-zero-to-PTR_ERR
+
+Fixes: b79e04091010 ("Bluetooth: btintel: Fix null ptr deref in btintel_read_version")
+Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/bluetooth/btintel.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/bluetooth/btintel.c
++++ b/drivers/bluetooth/btintel.c
+@@ -344,13 +344,13 @@ int btintel_read_version(struct hci_dev
+ struct sk_buff *skb;
+
+ skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_CMD_TIMEOUT);
+- if (IS_ERR_OR_NULL(skb)) {
++ if (IS_ERR(skb)) {
+ bt_dev_err(hdev, "Reading Intel version information failed (%ld)",
+ PTR_ERR(skb));
+ return PTR_ERR(skb);
+ }
+
+- if (skb->len != sizeof(*ver)) {
++ if (!skb || skb->len != sizeof(*ver)) {
+ bt_dev_err(hdev, "Intel version event size mismatch");
+ kfree_skb(skb);
+ return -EILSEQ;
virtio-reenable-config-if-freezing-device-failed.patch
x86-mm-pat-fix-vm_pat-handling-in-cow-mappings.patch
drm-i915-gt-reset-queue_priority_hint-on-parking.patch
+bluetooth-btintel-fixe-build-regression.patch
+vmci-fix-possible-memcpy-run-time-warning-in-vmci_datagram_invoke_guest_handler.patch
--- /dev/null
+From e606e4b71798cc1df20e987dde2468e9527bd376 Mon Sep 17 00:00:00 2001
+From: Vasiliy Kovalev <kovalev@altlinux.org>
+Date: Mon, 19 Feb 2024 13:53:15 +0300
+Subject: VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()
+
+From: Vasiliy Kovalev <kovalev@altlinux.org>
+
+commit e606e4b71798cc1df20e987dde2468e9527bd376 upstream.
+
+The changes are similar to those given in the commit 19b070fefd0d
+("VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()").
+
+Fix filling of the msg and msg_payload in dg_info struct, which prevents a
+possible "detected field-spanning write" of memcpy warning that is issued
+by the tracking mechanism __fortify_memcpy_chk.
+
+Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>
+Link: https://lore.kernel.org/r/20240219105315.76955-1-kovalev@altlinux.org
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/misc/vmw_vmci/vmci_datagram.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/misc/vmw_vmci/vmci_datagram.c
++++ b/drivers/misc/vmw_vmci/vmci_datagram.c
+@@ -378,7 +378,8 @@ int vmci_datagram_invoke_guest_handler(s
+
+ dg_info->in_dg_host_queue = false;
+ dg_info->entry = dst_entry;
+- memcpy(&dg_info->msg, dg, VMCI_DG_SIZE(dg));
++ dg_info->msg = *dg;
++ memcpy(&dg_info->msg_payload, dg + 1, dg->payload_size);
+
+ INIT_WORK(&dg_info->work, dg_delayed_dispatch);
+ schedule_work(&dg_info->work);
projects / thirdparty / kernel / stable-queue.git / commitdiff
