udmabuf: fix a buf size overflow issue during udmabuf creation

jira VULN-67674
cve CVE-2025-37803
commit-author Xiaogang Chen <[email protected]>
commit 021ba7f

by casting size_limit_mb to u64  when calculate pglimit.

	Signed-off-by: Xiaogang Chen<[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
	Signed-off-by: Christian König <[email protected]>
(cherry picked from commit 021ba7f)
	Signed-off-by: Marcin Wcisło <[email protected]>

Author: pvts-mat

drivers/dma-buf/udmabuf.c

@@ -212,7 +212,7 @@ static long udmabuf_create(struct miscdevice *device,
 	if (!ubuf)
 		return -ENOMEM;
 
-	pglimit = (size_limit_mb * 1024 * 1024) >> PAGE_SHIFT;
+	pglimit = ((u64)size_limit_mb * 1024 * 1024) >> PAGE_SHIFT;
 	for (i = 0; i < head->count; i++) {
 		if (!IS_ALIGNED(list[i].offset, PAGE_SIZE))
 			goto err;