When `next < old_addr`, `next - old_addr` arithmetic underflows
causing `extent` to be incorrect.
Make `extent` the smaller of `next - old_addr` or `old_end - old_addr`.
Reported-by: Guenter Roeck <li...@roeck-us.net>
Signed-off-by: Kalesh Singh <kaleshsi...@google.com>
---
mm/mremap.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/mm/mremap.c b/mm/mremap.c
index c5590afe7165..f554320281cc 100644
--- a/mm/mremap.c
+++ b/mm/mremap.c
@@ -358,7 +358,9 @@ static unsigned long get_extent(enum pgt_entry entry,
unsigned long old_addr,
next = (old_addr + size) & mask;
/* even if next overflowed, extent below will be ok */
- extent = (next > old_end) ? old_end - old_addr : next - old_addr;
+ extent = next - old_addr;
+ if (extent > old_end - old_addr)
+ extent = old_end - old_addr;
next = (new_addr + size) & mask;
if (extent > next - new_addr)
extent = next - new_addr;
--
2.29.2.729.g45daf8777d-goog
