From: Namjae Jeon <namjae.jeon@samsung.com>
Date: Sun, 4 Apr 2021 08:52:58 +0000 (+0900)
Subject: cifsd: prevent a integer overflow in wm_alloc()
X-Git-Tag: v5.15-rc1~183^2~47
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4030b278368d89bba99a31e87766968cbf7909d2;p=thirdparty%2Fkernel%2Flinux.git

cifsd: prevent a integer overflow in wm_alloc()

Dan Carpenter pointed out that there there is a possibility of
integer overflow. This patch prevent a integer overflow in wm_alloc().

Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
---

diff --git a/fs/cifsd/buffer_pool.c b/fs/cifsd/buffer_pool.c
index caf22c1906348..1ee1feef1bb45 100644
--- a/fs/cifsd/buffer_pool.c
+++ b/fs/cifsd/buffer_pool.c
@@ -42,6 +42,9 @@ static struct wm *wm_alloc(size_t sz, gfp_t flags)
 	struct wm *wm;
 	size_t alloc_sz = sz + sizeof(struct wm);
 
+	if (sz > SIZE_MAX - sizeof(struct wm))
+		return NULL;
+
 	wm = kvmalloc(alloc_sz, flags);
 	if (!wm)
 		return NULL;