This is a note to let you know that I've just added the patch titled HID: uhid: Over-ride the default maximum data buffer value with our own to the 6.1-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: hid-uhid-over-ride-the-default-maximum-data-buffer-value-with-our-own.patch and it can be found in the queue-6.1 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 1c5d4221240a233df2440fe75c881465cdf8da07 Mon Sep 17 00:00:00 2001 From: Lee Jones <lee@xxxxxxxxxx> Date: Mon, 23 Jan 2023 12:39:12 +0000 Subject: HID: uhid: Over-ride the default maximum data buffer value with our own From: Lee Jones <lee@xxxxxxxxxx> commit 1c5d4221240a233df2440fe75c881465cdf8da07 upstream. The default maximum data buffer size for this interface is UHID_DATA_MAX (4k). When data buffers are being processed, ensure this value is used when ensuring the sanity, rather than a value between the user provided value and HID_MAX_BUFFER_SIZE (16k). Signed-off-by: Lee Jones <lee@xxxxxxxxxx> Signed-off-by: Jiri Kosina <jkosina@xxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/hid/uhid.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/hid/uhid.c +++ b/drivers/hid/uhid.c @@ -395,6 +395,7 @@ struct hid_ll_driver uhid_hid_driver = { .parse = uhid_hid_parse, .raw_request = uhid_hid_raw_request, .output_report = uhid_hid_output_report, + .max_buffer_size = UHID_DATA_MAX, }; EXPORT_SYMBOL_GPL(uhid_hid_driver); Patches currently in stable-queue which might be from lee@xxxxxxxxxx are queue-6.1/hid-uhid-over-ride-the-default-maximum-data-buffer-value-with-our-own.patch queue-6.1/hid-core-provide-new-max_buffer_size-attribute-to-over-ride-the-default.patch