From: Namjae Jeon <namjae.jeon@samsung.com> mainline inclusion from mainline-5.15-rc1 commit 4030b278368d89bba99a31e87766968cbf7909d2 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA Reference: https://git.kernel.org/torvalds/linux/c/4030b278368d ------------------------------- Dan Carpenter pointed out that there there is a possibility of integer overflow. This patch prevent a integer overflow in wm_alloc(). Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Jason Yan <yanaijie@huawei.com> Signed-off-by: Zhong Jinghua <zhongjinghua@huawei.com> --- fs/cifsd/buffer_pool.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/cifsd/buffer_pool.c b/fs/cifsd/buffer_pool.c index caf22c190634..1ee1feef1bb4 100644 --- a/fs/cifsd/buffer_pool.c +++ b/fs/cifsd/buffer_pool.c @@ -42,6 +42,9 @@ static struct wm *wm_alloc(size_t sz, gfp_t flags) struct wm *wm; size_t alloc_sz = sz + sizeof(struct wm); + if (sz > SIZE_MAX - sizeof(struct wm)) + return NULL; + wm = kvmalloc(alloc_sz, flags); if (!wm) return NULL; -- 2.31.1