gpu: host1x: address INT30-C cert violations

add checks for integer overflow in job.c

Jira HOSTX-5889

Change-Id: Id3336c5c390f2ce771492a686a57e47cc9adf9d2
Signed-off-by: Prateek Agarwal <praagarwal@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3299139
GVS: buildbot_gerritrpt <buildbot_gerritrpt@nvidia.com>
Reviewed-by: Mikko Perttunen <mperttunen@nvidia.com>

drivers/gpu/host1x/job.c

@@ -11,6 +11,7 @@
 #include <linux/iommu.h>
 #include <linux/kref.h>
 #include <linux/module.h>
+#include <linux/overflow.h>
 #include <linux/scatterlist.h>
 #include <linux/slab.h>
 #include <linux/vmalloc.h>
@@ -35,9 +36,10 @@ struct host1x_job *host1x_job_alloc(struct host1x_channel *ch,
 
 	enable_firewall = IS_ENABLED(CONFIG_TEGRA_HOST1X_FIREWALL) && !skip_firewall;
 
-	if (!enable_firewall)
+	if (!enable_firewall) {
-		num_unpins += num_cmdbufs;
+		if (check_add_overflow(num_unpins, num_cmdbufs, &num_unpins))
-
+			return NULL;
+	}
 	/* Check that we're not going to overflow */
 	total = sizeof(struct host1x_job) +
 		(u64)num_relocs * sizeof(struct host1x_reloc) +
@@ -559,7 +561,8 @@ static inline int copy_gathers(struct device *host, struct host1x_job *job,
 
 		g = &job->cmds[i].gather;
 
-		size += g->words * sizeof(u32);
+		if (check_add_overflow(size, g->words * sizeof(u32), &size))
+			return -EOVERFLOW;
 	}
 
 	/*