On overflow struct_size() would return SIZE_MAX. But kzalloc() (and friends) check this already, so we can just remove the check.
Reported-by: Sashiko <[email protected]> Signed-off-by: Rob Clark <[email protected]> --- drivers/gpu/drm/msm/msm_gem_submit.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/drivers/gpu/drm/msm/msm_gem_submit.c b/drivers/gpu/drm/msm/msm_gem_submit.c index 56929e821200..3113faedd04c 100644 --- a/drivers/gpu/drm/msm/msm_gem_submit.c +++ b/drivers/gpu/drm/msm/msm_gem_submit.c @@ -36,15 +36,11 @@ static struct msm_gem_submit *submit_create(struct drm_device *dev, { static atomic_t ident = ATOMIC_INIT(0); struct msm_gem_submit *submit; - uint64_t sz; + size_t sz; int ret; sz = struct_size(submit, bos, nr_bos) + ((u64)nr_cmds * sizeof(submit->cmd[0])); - - if (sz > SIZE_MAX) - return ERR_PTR(-ENOMEM); - submit = kzalloc(sz, GFP_KERNEL | __GFP_NOWARN); if (!submit) return ERR_PTR(-ENOMEM); -- 2.55.0
