From a47c3ef56d83e6efe41efb901d4d0ae81c9660fe Mon Sep 17 00:00:00 2001
From: Surbhi Singh <surbhis@nvidia.com>
Date: Sat, 19 Oct 2024 19:21:17 +0000
Subject: [PATCH] video: tegra: nvmap:  Fix INT08-C using overflow.h

JIRA: TMM-5724
Bug 4479044

Change-Id: I72fd476edf686a2154a8976fdeb4a686a24ddbb8
Signed-off-by: Surbhi Singh <surbhis@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3233433
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
---
 drivers/video/tegra/nvmap/nvmap_fault.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/video/tegra/nvmap/nvmap_fault.c b/drivers/video/tegra/nvmap/nvmap_fault.c
index 9dbf5af0..4366750c 100644
--- a/drivers/video/tegra/nvmap/nvmap_fault.c
+++ b/drivers/video/tegra/nvmap/nvmap_fault.c
@@ -171,8 +171,12 @@ static vm_fault_t nvmap_vma_fault(struct vm_fault *vmf)
 	unsigned long offs;
 	struct vm_area_struct *vma = vmf->vma;
 	unsigned long vmf_address = vmf->address;
+	unsigned long difference;
 
-	offs = (unsigned long)(vmf_address - vma->vm_start);
+	if (check_sub_overflow(vmf_address, (unsigned long)vma->vm_start, &difference))
+		return VM_FAULT_SIGBUS;
+
+	offs = difference;
 	priv = vma->vm_private_data;
 	if (priv == NULL || priv->handle == NULL || !priv->handle->alloc)
 		return VM_FAULT_SIGBUS;