ACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects

If a badly constructed firmware includes multiple `ACPI_TYPE_PACKAGE`
objects while evaluating the AMD LPS0 _DSM, there will be a memory
leak.  Explicitly guard against this.

Suggested-by: Bjorn Helgaas <helgaas@kernel.org>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>

diff --git a/drivers/acpi/x86/s2idle.c b/drivers/acpi/x86/s2idle.c
index 7711dde..508decb 100644 (file)
--- a/drivers/acpi/x86/s2idle.c
+++ b/drivers/acpi/x86/s2idle.c
@@ -113,6 +113,12 @@ static void lpi_device_get_constraints_amd(void)
                union acpi_object *package = &out_obj->package.elements[i];
 
                if (package->type == ACPI_TYPE_PACKAGE) {
+                       if (lpi_constraints_table) {
+                               acpi_handle_err(lps0_device_handle,
+                                               "Duplicate constraints list\n");
+                               goto free_acpi_buffer;
+                       }
+
                        lpi_constraints_table = kcalloc(package->package.count,
                                                        sizeof(*lpi_constraints_table),
                                                        GFP_KERNEL);