From 4a4300f0e80bec1c160d64c46d68c40480ddfbc7 Mon Sep 17 00:00:00 2001
From: praagarwal <praagarwal@nvidia.com>
Date: Sun, 9 Feb 2025 14:20:02 +0000
Subject: [PATCH] gpu: host1x: address INT30-C cert violations

add checks for integer overflow in job.c

Jira HOSTX-5889

Change-Id: Id3336c5c390f2ce771492a686a57e47cc9adf9d2
Signed-off-by: Prateek Agarwal <praagarwal@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3299139
GVS: buildbot_gerritrpt <buildbot_gerritrpt@nvidia.com>
Reviewed-by: Mikko Perttunen <mperttunen@nvidia.com>
---
 drivers/gpu/host1x/job.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/drivers/gpu/host1x/job.c b/drivers/gpu/host1x/job.c
index ae1d966c..e992e935 100644
--- a/drivers/gpu/host1x/job.c
+++ b/drivers/gpu/host1x/job.c
@@ -11,6 +11,7 @@
 #include <linux/iommu.h>
 #include <linux/kref.h>
 #include <linux/module.h>
+#include <linux/overflow.h>
 #include <linux/scatterlist.h>
 #include <linux/slab.h>
 #include <linux/vmalloc.h>
@@ -35,9 +36,10 @@ struct host1x_job *host1x_job_alloc(struct host1x_channel *ch,
 
 	enable_firewall = IS_ENABLED(CONFIG_TEGRA_HOST1X_FIREWALL) && !skip_firewall;
 
-	if (!enable_firewall)
-		num_unpins += num_cmdbufs;
-
+	if (!enable_firewall) {
+		if (check_add_overflow(num_unpins, num_cmdbufs, &num_unpins))
+			return NULL;
+	}
 	/* Check that we're not going to overflow */
 	total = sizeof(struct host1x_job) +
 		(u64)num_relocs * sizeof(struct host1x_reloc) +
@@ -559,7 +561,8 @@ static inline int copy_gathers(struct device *host, struct host1x_job *job,
 
 		g = &job->cmds[i].gather;
 
-		size += g->words * sizeof(u32);
+		if (check_add_overflow(size, g->words * sizeof(u32), &size))
+			return -EOVERFLOW;
 	}
 
 	/*