From 6ab35c0bff179fc16174c941cf86b7bbf999ef7a Mon Sep 17 00:00:00 2001
From: Sasha Levin <sashal@kernel.org>
Date: Sun, 2 Jan 2022 21:32:47 -0500
Subject: [PATCH] Fixes for 5.15

Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 ...c-validate-user-data-in-compat-ioctl.patch | 40 +++++++++++++++++++
 queue-5.15/series                             |  1 +
 2 files changed, 41 insertions(+)
 create mode 100644 queue-5.15/i2c-validate-user-data-in-compat-ioctl.patch

diff --git a/queue-5.15/i2c-validate-user-data-in-compat-ioctl.patch b/queue-5.15/i2c-validate-user-data-in-compat-ioctl.patch
new file mode 100644
index 00000000000..35fb7c93a0c
--- /dev/null
+++ b/queue-5.15/i2c-validate-user-data-in-compat-ioctl.patch
@@ -0,0 +1,40 @@
+From f2012be63481f17eb8aea5989a2b299a5701aa98 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 31 Dec 2021 01:47:50 +0300
+Subject: i2c: validate user data in compat ioctl
+
+From: Pavel Skripkin <paskripkin@gmail.com>
+
+[ Upstream commit bb436283e25aaf1533ce061605d23a9564447bdf ]
+
+Wrong user data may cause warning in i2c_transfer(), ex: zero msgs.
+Userspace should not be able to trigger warnings, so this patch adds
+validation checks for user data in compact ioctl to prevent reported
+warnings
+
+Reported-and-tested-by: syzbot+e417648b303855b91d8a@syzkaller.appspotmail.com
+Fixes: 7d5cb45655f2 ("i2c compat ioctls: move to ->compat_ioctl()")
+Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
+Signed-off-by: Wolfram Sang <wsa@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/i2c/i2c-dev.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/drivers/i2c/i2c-dev.c b/drivers/i2c/i2c-dev.c
+index bce0e8bb78520..cf5d049342ead 100644
+--- a/drivers/i2c/i2c-dev.c
++++ b/drivers/i2c/i2c-dev.c
+@@ -535,6 +535,9 @@ static long compat_i2cdev_ioctl(struct file *file, unsigned int cmd, unsigned lo
+ 				   sizeof(rdwr_arg)))
+ 			return -EFAULT;
+ 
++		if (!rdwr_arg.msgs || rdwr_arg.nmsgs == 0)
++			return -EINVAL;
++
+ 		if (rdwr_arg.nmsgs > I2C_RDWR_IOCTL_MAX_MSGS)
+ 			return -EINVAL;
+ 
+-- 
+2.34.1
+
diff --git a/queue-5.15/series b/queue-5.15/series
index 74e4307a8ee..0efb1433583 100644
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -48,3 +48,4 @@ net-bridge-mcast-fix-br_multicast_ctx_vlan_global_di.patch
 net-ncsi-check-for-error-return-from-call-to-nla_put.patch
 selftests-net-using-ping6-for-ipv6-in-udpgro_fwd.sh.patch
 fsl-fman-fix-missing-put_device-call-in-fman_port_pr.patch
+i2c-validate-user-data-in-compat-ioctl.patch
-- 
2.47.3