From: Namjae Jeon namjae.jeon@samsung.com
mainline inclusion from mainline-5.15-rc1 commit 4030b278368d89bba99a31e87766968cbf7909d2 category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I60T7G CVE: NA
Reference: https://git.kernel.org/torvalds/linux/c/4030b278368d
-------------------------------
Dan Carpenter pointed out that there there is a possibility of integer overflow. This patch prevent a integer overflow in wm_alloc().
Signed-off-by: Namjae Jeon namjae.jeon@samsung.com Signed-off-by: Steve French stfrench@microsoft.com Signed-off-by: Jason Yan yanaijie@huawei.com Signed-off-by: Zhong Jinghua zhongjinghua@huawei.com --- fs/cifsd/buffer_pool.c | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/fs/cifsd/buffer_pool.c b/fs/cifsd/buffer_pool.c index caf22c190634..1ee1feef1bb4 100644 --- a/fs/cifsd/buffer_pool.c +++ b/fs/cifsd/buffer_pool.c @@ -42,6 +42,9 @@ static struct wm *wm_alloc(size_t sz, gfp_t flags) struct wm *wm; size_t alloc_sz = sz + sizeof(struct wm);
+ if (sz > SIZE_MAX - sizeof(struct wm)) + return NULL; + wm = kvmalloc(alloc_sz, flags); if (!wm) return NULL;