The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to stable@vger.kernel.org.

thanks,

greg k-h

------------------ original commit in Linus's tree ------------------

From d9bcd462daf34aebb8de9ad7f76de0198bb5a0f0 Mon Sep 17 00:00:00 2001

From: Heiner Kallweit hkallweit1@gmail.com Date: Fri, 24 Nov 2017 07:47:50 +0100 Subject: [PATCH] eeprom: at24: check at24_read/write arguments

So far we completely rely on the caller to provide valid arguments. To be on the safe side perform an own sanity check.

Cc: stable@vger.kernel.org Signed-off-by: Heiner Kallweit hkallweit1@gmail.com Signed-off-by: Bartosz Golaszewski brgl@bgdev.pl

diff --git a/drivers/misc/eeprom/at24.c b/drivers/misc/eeprom/at24.c index 8ca6772b3baf..305a7a464d09 100644 --- a/drivers/misc/eeprom/at24.c +++ b/drivers/misc/eeprom/at24.c @@ -569,6 +569,9 @@ static int at24_read(void *priv, unsigned int off, void *val, size_t count) if (unlikely(!count)) return count;

+ if (off + count > at24->chip.byte_len) + return -EINVAL; + client = at24_translate_offset(at24, &off);

ret = pm_runtime_get_sync(&client->dev); @@ -614,6 +617,9 @@ static int at24_write(void *priv, unsigned int off, void *val, size_t count) if (unlikely(!count)) return -EINVAL;

+ if (off + count > at24->chip.byte_len) + return -EINVAL; + client = at24_translate_offset(at24, &off);

ret = pm_runtime_get_sync(&client->dev);