Merge: [CVE-2025-21963] cifs: Fix integer overflow while processing acdirmax mount option

MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/6906

- Fix integer overflow while processing acdirmax mount option

JIRA: https://issues.redhat.com/browse/RHEL-87940

CVE: CVE-2025-21963

Signed-off-by: Paulo Alcantara <[email protected]>

Approved-by: Benjamin Coddington <[email protected]>
Approved-by: Jay Shin <[email protected]>
Approved-by: CKI KWF Bot <[email protected]>
Approved-by: David Howells <[email protected]>

Merged-by: Jan Stancek <[email protected]>

Author: jstancek

fs/smb/client/fs_context.c

@@ -1366,11 +1366,11 @@ static int smb3_fs_context_parse_param(struct fs_context *fc,
 		ctx->acregmax = HZ * result.uint_32;
 		break;
 	case Opt_acdirmax:
-		ctx->acdirmax = HZ * result.uint_32;
-		if (ctx->acdirmax > CIFS_MAX_ACTIMEO) {
+		if (result.uint_32 > CIFS_MAX_ACTIMEO / HZ) {
 			cifs_errorf(fc, "acdirmax too large\n");
 			goto cifs_parse_mount_err;
 		}
+		ctx->acdirmax = HZ * result.uint_32;
 		break;
 	case Opt_actimeo:
 		if (HZ * result.uint_32 > CIFS_MAX_ACTIMEO) {