This is a note to let you know that I've just added the patch titled PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun to the 5.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: pci-sysfs-fix-dsm_label_utf16s_to_utf8s-buffer-overr.patch and it can be found in the queue-5.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit 2d12acd59a55ebd6e30e4ee8eec0d08a57af6a05 Author: Krzysztof WilczyÅ?ski <kw@xxxxxxxxx> Date: Thu Jun 3 00:01:12 2021 +0000 PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun [ Upstream commit bdcdaa13ad96f1a530711c29e6d4b8311eff767c ] "utf16s_to_utf8s(..., buf, PAGE_SIZE)" puts up to PAGE_SIZE bytes into "buf" and returns the number of bytes it actually put there. If it wrote PAGE_SIZE bytes, the newline added by dsm_label_utf16s_to_utf8s() would overrun "buf". Reduce the size available for utf16s_to_utf8s() to use so there is always space for the newline. [bhelgaas: reorder patch in series, commit log] Fixes: 6058989bad05 ("PCI: Export ACPI _DSM provided firmware instance number and string name to sysfs") Link: https://lore.kernel.org/r/20210603000112.703037-7-kw@xxxxxxxxx Reported-by: Joe Perches <joe@xxxxxxxxxxx> Signed-off-by: Krzysztof WilczyÅ?ski <kw@xxxxxxxxx> Signed-off-by: Bjorn Helgaas <bhelgaas@xxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/drivers/pci/pci-label.c b/drivers/pci/pci-label.c index a5910f942857..9fb4ef568f40 100644 --- a/drivers/pci/pci-label.c +++ b/drivers/pci/pci-label.c @@ -162,7 +162,7 @@ static void dsm_label_utf16s_to_utf8s(union acpi_object *obj, char *buf) len = utf16s_to_utf8s((const wchar_t *)obj->buffer.pointer, obj->buffer.length, UTF16_LITTLE_ENDIAN, - buf, PAGE_SIZE); + buf, PAGE_SIZE - 1); buf[len] = '\n'; }