This is a note to let you know that I've just added the patch titled scsi: ufs: core: Leave space for '\0' in utf8 desc string to the 5.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: scsi-ufs-core-leave-space-for-0-in-utf8-desc-string.patch and it can be found in the queue-5.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit 99b4733a7694849a9d5fa21982dcb72845cb9cae Author: Daniel Mentz <danielmentz@xxxxxxxxxx> Date: Tue Oct 17 11:20:26 2023 -0700 scsi: ufs: core: Leave space for '\0' in utf8 desc string [ Upstream commit a75a16c62a2540f11eeae4f2b50e95deefb652ea ] utf16s_to_utf8s does not NULL terminate the output string. For us to be able to add a NULL character when utf16s_to_utf8s returns, we need to make sure that there is space for such NULL character at the end of the output buffer. We can achieve this by passing an output buffer size to utf16s_to_utf8s that is one character less than what we allocated. Other call sites of utf16s_to_utf8s appear to be using the same technique where they artificially reduce the buffer size by one to leave space for a NULL character or line feed character. Fixes: 4b828fe156a6 ("scsi: ufs: revamp string descriptor reading") Reviewed-by: Mars Cheng <marscheng@xxxxxxxxxx> Reviewed-by: Bart Van Assche <bvanassche@xxxxxxx> Reviewed-by: Yen-lin Lai <yenlinlai@xxxxxxxxxx> Signed-off-by: Daniel Mentz <danielmentz@xxxxxxxxxx> Link: https://lore.kernel.org/r/20231017182026.2141163-1-danielmentz@xxxxxxxxxx Reviewed-by: Avri Altman <avri.altman@xxxxxxx> Signed-off-by: Martin K. Petersen <martin.petersen@xxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c index 9d13226d2324a..363adf489079a 100644 --- a/drivers/scsi/ufs/ufshcd.c +++ b/drivers/scsi/ufs/ufshcd.c @@ -3265,7 +3265,7 @@ int ufshcd_read_string_desc(struct ufs_hba *hba, u8 desc_index, */ ret = utf16s_to_utf8s(uc_str->uc, uc_str->len - QUERY_DESC_HDR_SIZE, - UTF16_BIG_ENDIAN, str, ascii_len); + UTF16_BIG_ENDIAN, str, ascii_len - 1); /* replace non-printable or non-ASCII characters with spaces */ for (i = 0; i < ret; i++)