diff options
| author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-04-11 11:22:10 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-04-11 11:22:10 +0200 |
| commit | 97c4a94d620372df790f86a2563d7c0f6a2a238c (patch) | |
| tree | 49b79d5c2f569f7b99fb392513b0671e9bb4866d /queue-5.4 | |
| parent | d5514785b20eb99ceec73fa98a2ee054231de524 (diff) | |
| download | stable-queue-97c4a94d620372df790f86a2563d7c0f6a2a238c.tar.gz | |
5.4-stable patches
added patches:
bluetooth-btintel-fixe-build-regression.patch
vmci-fix-possible-memcpy-run-time-warning-in-vmci_datagram_invoke_guest_handler.patch
Diffstat (limited to 'queue-5.4')
3 files changed, 77 insertions, 0 deletions
diff --git a/queue-5.4/bluetooth-btintel-fixe-build-regression.patch b/queue-5.4/bluetooth-btintel-fixe-build-regression.patch new file mode 100644 index 0000000000..592f359830 --- /dev/null +++ b/queue-5.4/bluetooth-btintel-fixe-build-regression.patch @@ -0,0 +1,39 @@ +From 6e62ebfb49eb65bdcbfc5797db55e0ce7f79c3dd Mon Sep 17 00:00:00 2001 +From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> +Date: Fri, 23 Feb 2024 12:36:23 -0500 +Subject: Bluetooth: btintel: Fixe build regression + +From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> + +commit 6e62ebfb49eb65bdcbfc5797db55e0ce7f79c3dd upstream. + +This fixes the following build regression: + +drivers-bluetooth-btintel.c-btintel_read_version()-warn: +passing-zero-to-PTR_ERR + +Fixes: b79e04091010 ("Bluetooth: btintel: Fix null ptr deref in btintel_read_version") +Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + drivers/bluetooth/btintel.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/bluetooth/btintel.c ++++ b/drivers/bluetooth/btintel.c +@@ -340,13 +340,13 @@ int btintel_read_version(struct hci_dev + struct sk_buff *skb; + + skb = __hci_cmd_sync(hdev, 0xfc05, 0, NULL, HCI_CMD_TIMEOUT); +- if (IS_ERR_OR_NULL(skb)) { ++ if (IS_ERR(skb)) { + bt_dev_err(hdev, "Reading Intel version information failed (%ld)", + PTR_ERR(skb)); + return PTR_ERR(skb); + } + +- if (skb->len != sizeof(*ver)) { ++ if (!skb || skb->len != sizeof(*ver)) { + bt_dev_err(hdev, "Intel version event size mismatch"); + kfree_skb(skb); + return -EILSEQ; diff --git a/queue-5.4/series b/queue-5.4/series index b0cbe88d89..ec55fa9a1e 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -208,3 +208,5 @@ virtio-reenable-config-if-freezing-device-failed.patch x86-mm-pat-fix-vm_pat-handling-in-cow-mappings.patch drm-i915-gt-reset-queue_priority_hint-on-parking.patch x86-alternative-don-t-call-text_poke-in-lazy-tlb-mode.patch +bluetooth-btintel-fixe-build-regression.patch +vmci-fix-possible-memcpy-run-time-warning-in-vmci_datagram_invoke_guest_handler.patch diff --git a/queue-5.4/vmci-fix-possible-memcpy-run-time-warning-in-vmci_datagram_invoke_guest_handler.patch b/queue-5.4/vmci-fix-possible-memcpy-run-time-warning-in-vmci_datagram_invoke_guest_handler.patch new file mode 100644 index 0000000000..a48f3d9e30 --- /dev/null +++ b/queue-5.4/vmci-fix-possible-memcpy-run-time-warning-in-vmci_datagram_invoke_guest_handler.patch @@ -0,0 +1,36 @@ +From e606e4b71798cc1df20e987dde2468e9527bd376 Mon Sep 17 00:00:00 2001 +From: Vasiliy Kovalev <kovalev@altlinux.org> +Date: Mon, 19 Feb 2024 13:53:15 +0300 +Subject: VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() + +From: Vasiliy Kovalev <kovalev@altlinux.org> + +commit e606e4b71798cc1df20e987dde2468e9527bd376 upstream. + +The changes are similar to those given in the commit 19b070fefd0d +("VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()"). + +Fix filling of the msg and msg_payload in dg_info struct, which prevents a +possible "detected field-spanning write" of memcpy warning that is issued +by the tracking mechanism __fortify_memcpy_chk. + +Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org> +Link: https://lore.kernel.org/r/20240219105315.76955-1-kovalev@altlinux.org +Signed-off-by: Kees Cook <keescook@chromium.org> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + drivers/misc/vmw_vmci/vmci_datagram.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/misc/vmw_vmci/vmci_datagram.c ++++ b/drivers/misc/vmw_vmci/vmci_datagram.c +@@ -378,7 +378,8 @@ int vmci_datagram_invoke_guest_handler(s + + dg_info->in_dg_host_queue = false; + dg_info->entry = dst_entry; +- memcpy(&dg_info->msg, dg, VMCI_DG_SIZE(dg)); ++ dg_info->msg = *dg; ++ memcpy(&dg_info->msg_payload, dg + 1, dg->payload_size); + + INIT_WORK(&dg_info->work, dg_delayed_dispatch); + schedule_work(&dg_info->work); |