This is a note to let you know that I've just added the patch titled ACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects to the 6.1-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: acpi-x86-s2idle-catch-multiple-acpi_type_package-obj.patch and it can be found in the queue-6.1 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit a59bdf9a4782db92fe710b5930ddb5ef3d6cf781 Author: Mario Limonciello <mario.limonciello@xxxxxxx> Date: Fri Aug 18 14:40:03 2023 -0500 ACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects [ Upstream commit 883cf0d4cf288313b71146ddebdf5d647b76c78b ] If a badly constructed firmware includes multiple `ACPI_TYPE_PACKAGE` objects while evaluating the AMD LPS0 _DSM, there will be a memory leak. Explicitly guard against this. Suggested-by: Bjorn Helgaas <helgaas@xxxxxxxxxx> Signed-off-by: Mario Limonciello <mario.limonciello@xxxxxxx> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@xxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/drivers/acpi/x86/s2idle.c b/drivers/acpi/x86/s2idle.c index ec84da6cc1bff..5510657d4be81 100644 --- a/drivers/acpi/x86/s2idle.c +++ b/drivers/acpi/x86/s2idle.c @@ -112,6 +112,12 @@ static void lpi_device_get_constraints_amd(void) union acpi_object *package = &out_obj->package.elements[i]; if (package->type == ACPI_TYPE_PACKAGE) { + if (lpi_constraints_table) { + acpi_handle_err(lps0_device_handle, + "Duplicate constraints list\n"); + goto free_acpi_buffer; + } + lpi_constraints_table = kcalloc(package->package.count, sizeof(*lpi_constraints_table), GFP_KERNEL);