gpu: nvgpu: fix untrusted loop bound in clk_set_info ioctl

In gk20a_ctrl_dev_ioctl clk_set_info: An unscrutinized value num_entries
is used as a loop bound. An attacker could control the number of times
the loop iterates.

Loop iterator is signed int which can lead to unpredictable results,
Hence change it to u32. And sanitize the num_entries parameter.

CID 1993996
Bug 3460991

Change-Id: Ib644cf19f016ab80a3f2d66f156ca863f8e138e1
Signed-off-by: Sagar Kamble <skamble@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nvgpu/+/2693942
Reviewed-by: Ramesh Mylavarapu <rmylavarapu@nvidia.com>
Reviewed-by: Sachin Nikam <snikam@nvidia.com>
Reviewed-by: svc-mobile-coverity <svc-mobile-coverity@nvidia.com>
GVS: Gerrit_Virtual_Submit

drivers/gpu/nvgpu/os/linux/ioctl_ctrl.c

@@ -1490,8 +1490,9 @@ static int nvgpu_gpu_clk_set_info(struct gk20a *g,
 
 	int fd;
 	u32 clk_domains = 0;
+	u32 num_domains;
 	u16 freq_mhz;
-	int i;
+	u32 i;
 	int ret;
 
 	nvgpu_log_fn(g, " ");
@@ -1503,6 +1504,13 @@ static int nvgpu_gpu_clk_set_info(struct gk20a *g,
 	if (!clk_domains)
 		return -EINVAL;
 
+	num_domains = hweight_long(clk_domains);
+
+	if ((args->num_entries == 0) || (args->num_entries > num_domains)) {
+		nvgpu_err(g, "invalid num_entries %u", args->num_entries);
+		return -EINVAL;
+	}
+
 	entry = (struct nvgpu_gpu_clk_info __user *)
 			(uintptr_t)args->clk_info_entries;