CVE-2023-53112

In the Linux kernel, the following vulnerability has been resolved:

drm/i915/sseu: fix max_subslices array-index-out-of-bounds access

It seems that commit bc3c5e0809ae ("drm/i915/sseu: Don't try to store EU mask internally in UAPI format") exposed a potential out-of-bounds access, reported by UBSAN as following on a laptop with a gen 11 i915 card:

UBSAN: array-index-out-of-bounds in drivers/gpu/drm/i915/gt/intelsseu.c:65:27 index 6 is out of range for type 'u16 [6]' CPU: 2 PID: 165 Comm: systemd-udevd Not tainted 6.2.0-9-generic #9-Ubuntu Hardware name: Dell Inc. XPS 13 9300/077Y9N, BIOS 1.11.0 03/22/2022 Call Trace: <TASK> showstack+0x4e/0x61 dumpstacklvl+0x4a/0x6f dumpstack+0x10/0x18 ubsanepilogue+0x9/0x3a __ubsanhandleoutofbounds.cold+0x42/0x47 gen11computesseuinfo+0x121/0x130 [i915] intelsseuinfoinit+0x15d/0x2b0 [i915] intelgtinitmmio+0x23/0x40 [i915] i915drivermmioprobe+0x129/0x400 [i915] ? intelgtprobeall+0x91/0x2e0 [i915] i915driverprobe+0xe1/0x3f0 [i915] ? drmprivacyscreenget+0x16d/0x190 [drm] ? acpidevfound+0x64/0x80 i915pciprobe+0xac/0x1b0 [i915] ...

According to the definition of sseudevinfo, eumask->hsw is limited to a maximum of GENMAXSSPERHSWSLICE (6) sub-slices, but gen11sseuinfoinit() can potentially set 8 sub-slices, in the !ISJSL_EHL(gt->i915) case.

Fix this by reserving up to 8 slots for maxsubslices in the eumask struct.

(cherry picked from commit 3cba09a6ac86ea1d456909626eb2685596c07822)