Merge: [CVE-2025-21963] cifs: Fix integer overflow while processing acdirmax mount option

MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/6906

- Fix integer overflow while processing acdirmax mount option

JIRA: https://issues.redhat.com/browse/RHEL-87940

CVE: CVE-2025-21963

Signed-off-by: Paulo Alcantara <paalcant@redhat.com>

Approved-by: Benjamin Coddington <bcodding@redhat.com>
Approved-by: Jay Shin <jaeshin@redhat.com>
Approved-by: CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com>
Approved-by: David Howells <dhowells@redhat.com>

Merged-by: Jan Stancek <jstancek@redhat.com>

Author: jstancek

fs/smb/client/fs_context.c

@@ -1366,11 +1366,11 @@ static int smb3_fs_context_parse_param(struct fs_context *fc,
 		ctx->acregmax = HZ * result.uint_32;
 		break;
 	case Opt_acdirmax:
-		ctx->acdirmax = HZ * result.uint_32;
-		if (ctx->acdirmax > CIFS_MAX_ACTIMEO) {
+		if (result.uint_32 > CIFS_MAX_ACTIMEO / HZ) {
 			cifs_errorf(fc, "acdirmax too large\n");
 			goto cifs_parse_mount_err;
 		}
+		ctx->acdirmax = HZ * result.uint_32;
 		break;
 	case Opt_actimeo:
 		if (HZ * result.uint_32 > CIFS_MAX_ACTIMEO) {