From a2338fa7612bb8229ab1e2bc2e8d668af4943fcb Mon Sep 17 00:00:00 2001
From: Ketan Patil <ketanp@nvidia.com>
Date: Tue, 20 Sep 2022 05:14:51 +0000
Subject: [PATCH] video: tegra: nvmap: Fix type casting issue

CERT-C is reporting following issue:
- Casting (size + 4095UL & 0xfffffffffffff000UL) >> 12 from unsigned
long to unsigned int without checking its value may result in lost or
misinterpreted data.
Fix this by adding overflow condition.

CID 490676
Bug 3745813

Change-Id: I39b741b6150c12dcdd3de7c70bbcf89f8e692a23
Signed-off-by: Ketan Patil <ketanp@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nvidia/+/2778588
Reviewed-by: svcacv <svcacv@nvidia.com>
Reviewed-by: svc-mobile-coverity <svc-mobile-coverity@nvidia.com>
Reviewed-by: svc-mobile-cert <svc-mobile-cert@nvidia.com>
Reviewed-by: Pritesh Raithatha <praithatha@nvidia.com>
Reviewed-by: Sachin Nikam <snikam@nvidia.com>
GVS: Gerrit_Virtual_Submit <buildbot_gerritrpt@nvidia.com>
---
 drivers/video/tegra/nvmap/nvmap_init.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/drivers/video/tegra/nvmap/nvmap_init.c b/drivers/video/tegra/nvmap/nvmap_init.c
index ba2a571d..fe96818e 100644
--- a/drivers/video/tegra/nvmap/nvmap_init.c
+++ b/drivers/video/tegra/nvmap/nvmap_init.c
@@ -359,14 +359,20 @@ static void *__nvmap_dma_alloc_from_coherent(struct device *dev,
 	unsigned long flags;
 	unsigned int count, i = 0, j = 0;
 	unsigned int alloc_size;
-	unsigned long align, pageno;
+	unsigned long align, pageno, page_count;
 	void *addr = NULL;
 	struct page **pages = NULL;
 	int do_memset = 0;
 	int *bitmap_nos = NULL;
 
-	if (dma_get_attr(DMA_ATTR_ALLOC_EXACT_SIZE, attrs))
-		count = PAGE_ALIGN(size) >> PAGE_SHIFT;
+	if (dma_get_attr(DMA_ATTR_ALLOC_EXACT_SIZE, attrs)) {
+		page_count = PAGE_ALIGN(size) >> PAGE_SHIFT;
+		if (page_count > UINT_MAX) {
+			dev_err(dev, "Page count more than max value\n");
+			return NULL;
+		}
+		count = (unsigned int)page_count;
+	}
 	else
 		count = 1 << order;