From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Mario Limonciello <mario.limonciello@amd.com>,
Bjorn Helgaas <helgaas@kernel.org>,
"Rafael J . Wysocki" <rafael.j.wysocki@intel.com>,
Sasha Levin <sashal@kernel.org>,
rafael@kernel.org, philipp.zabel@gmail.com,
andriy.shevchenko@linux.intel.com, linux-acpi@vger.kernel.org
Subject: [PATCH AUTOSEL 6.1 09/10] ACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects
Date: Fri, 8 Sep 2023 14:02:01 -0400 [thread overview]
Message-ID: <20230908180203.3458330-9-sashal@kernel.org> (raw)
In-Reply-To: <20230908180203.3458330-1-sashal@kernel.org>
From: Mario Limonciello <mario.limonciello@amd.com>
[ Upstream commit 883cf0d4cf288313b71146ddebdf5d647b76c78b ]
If a badly constructed firmware includes multiple `ACPI_TYPE_PACKAGE`
objects while evaluating the AMD LPS0 _DSM, there will be a memory
leak. Explicitly guard against this.
Suggested-by: Bjorn Helgaas <helgaas@kernel.org>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/x86/s2idle.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/acpi/x86/s2idle.c b/drivers/acpi/x86/s2idle.c
index e499c60c45791..2e0778ddd0ad8 100644
--- a/drivers/acpi/x86/s2idle.c
+++ b/drivers/acpi/x86/s2idle.c
@@ -112,6 +112,12 @@ static void lpi_device_get_constraints_amd(void)
union acpi_object *package = &out_obj->package.elements[i];
if (package->type == ACPI_TYPE_PACKAGE) {
+ if (lpi_constraints_table) {
+ acpi_handle_err(lps0_device_handle,
+ "Duplicate constraints list\n");
+ goto free_acpi_buffer;
+ }
+
lpi_constraints_table = kcalloc(package->package.count,
sizeof(*lpi_constraints_table),
GFP_KERNEL);
--
2.40.1
next prev parent reply other threads:[~2023-09-08 18:04 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-08 18:01 [PATCH AUTOSEL 6.1 01/10] ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer Sasha Levin
2023-09-08 18:01 ` [PATCH AUTOSEL 6.1 02/10] kernel/fork: beware of __put_task_struct() calling context Sasha Levin
2023-09-08 18:01 ` [PATCH AUTOSEL 6.1 03/10] rcuscale: Move rcu_scale_writer() schedule_timeout_uninterruptible() to _idle() Sasha Levin
2023-09-08 18:01 ` [PATCH AUTOSEL 6.1 04/10] scftorture: Forgive memory-allocation failure if KASAN Sasha Levin
2023-09-08 18:01 ` [PATCH AUTOSEL 6.1 05/10] ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470 Sasha Levin
2023-09-08 18:01 ` [PATCH AUTOSEL 6.1 06/10] perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 Sasha Levin
2023-09-08 18:01 ` [PATCH AUTOSEL 6.1 07/10] perf/imx_ddr: speed up overflow frequency of cycle Sasha Levin
2023-09-08 18:02 ` [PATCH AUTOSEL 6.1 08/10] hw_breakpoint: fix single-stepping when using bpf_overflow_handler Sasha Levin
2023-09-08 18:02 ` Sasha Levin [this message]
2023-09-08 18:02 ` [PATCH AUTOSEL 6.1 10/10] selftests/nolibc: fix up kernel parameters support Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230908180203.3458330-9-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=helgaas@kernel.org \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mario.limonciello@amd.com \
--cc=philipp.zabel@gmail.com \
--cc=rafael.j.wysocki@intel.com \
--cc=rafael@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).