This is supposed to test for integer overflow but it is wrong and unnecessary. The size_add()/mul() macros return SIZE_MAX when there is an integer overflow. This code saves the SIZE_MAX to a u64 and then tests if the result is greater than SIZE_MAX which it never will be. Fortunately, when we try to allocate SIZE_MAX bytes the allocation will fail. We even pass __GFP_NOWARN so the allocation fails harmlessly and quietly.
Signed-off-by: Dan Carpenter <[email protected]> --- drivers/gpu/drm/msm/msm_gem_vma.c | 8 +------- 1 file changed, 1 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/msm/msm_gem_vma.c b/drivers/gpu/drm/msm/msm_gem_vma.c index 71d5238437eb..7968c2dccff0 100644 --- a/drivers/gpu/drm/msm/msm_gem_vma.c +++ b/drivers/gpu/drm/msm/msm_gem_vma.c @@ -947,15 +947,9 @@ vm_bind_job_create(struct drm_device *dev, struct drm_file *file, struct msm_gpu_submitqueue *queue, uint32_t nr_ops) { struct msm_vm_bind_job *job; - uint64_t sz; int ret; - sz = struct_size(job, ops, nr_ops); - - if (sz > SIZE_MAX) - return ERR_PTR(-ENOMEM); - - job = kzalloc(sz, GFP_KERNEL | __GFP_NOWARN); + job = kzalloc(struct_size(job, ops, nr_ops), GFP_KERNEL | __GFP_NOWARN); if (!job) return ERR_PTR(-ENOMEM); -- 2.51.0
