io_uring: fix overflows checks in provide buffers

stable inclusion
from stable-v5.10.36
commit cbbc13b115b8f18e0a714d89f87fbdc499acfe2d
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I94JIH
CVE: CVE-2021-47040

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=tags/v5.10.37&id=cbbc13b115b8f18e0a714d89f87fbdc499acfe2d



--------------------------------

[ Upstream commit 38134ada ]

Colin reported before possible overflow and sign extension problems in
io_provide_buffers_prep(). As Linus pointed out previous attempt did nothing
useful, see d81269fe ("io_uring: fix provide_buffers sign extension").

Do that with help of check_<op>_overflow helpers. And fix struct
io_provide_buf::len type, as it doesn't make much sense to keep it
signed.

Reported-by: Colin Ian King <colin.king@canonical.com>
Fixes: efe68c1c ("io_uring: validate the full range of provided buffers for access")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/46538827e70fce5f6cdb50897cff4cacc490f380.1618488258.git.asml.silence@gmail.com


Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Long Li <leo.lilong@huawei.com>