On Thu, Jul 20, 2023 at 10:49:52PM +0800, Linke Li wrote: > +++ b/fs/hugetlbfs/inode.c > @@ -154,10 +154,7 @@ static int hugetlbfs_file_mmap(struct file *file, struct vm_area_struct *vma) > if (vma->vm_pgoff & (~huge_page_mask(h) >> PAGE_SHIFT)) > return -EINVAL; > > - vma_len = (loff_t)(vma->vm_end - vma->vm_start); > - len = vma_len + ((loff_t)vma->vm_pgoff << PAGE_SHIFT); > - /* check for overflow */ > - if (len < vma_len) > + if (check_add_overflow(vma_len, (loff_t)vma->vm_pgoff << PAGE_SHIFT, &len)) > return -EINVAL; Doesn't this check duplicate that performed by file_mmap_ok()? Can't we just delete the check, or is there a code path that leads here while avoiding file_mmap_ok()?
