Add checks to vm_map_findspace() to test for address wrap. The conditions

where this could occur are very rare, but possible.

Submitted by: Mark W. Krentel
MFC after: 2 weeks

1 files changed, 8 insertions, 4 deletions

diff --git a/sys/vm/vm_map.c b/sys/vm/vm_map.c
index 427ccd5..2104e17 100644
--- a/sys/vm/vm_map.c
+++ b/sys/vm/vm_map.c
@@ -1009,10 +1009,13 @@ vm_map_findspace(vm_map_t map, vm_offset_t start, vm_size_t length,
 	vm_map_entry_t entry;
 	vm_offset_t end, st;
 
-	/* Request must fit within min/max VM address. */
+	/*
+	 * Request must fit within min/max VM address and must avoid
+	 * address wrap.
+	 */
 	if (start < map->min_offset)
 		start = map->min_offset;
-	if (start + length > map->max_offset)
+	if (start + length > map->max_offset || start + length < start)
 		return (1);
 
 	/* Empty tree means wide open address space. */
@@ -1033,10 +1036,11 @@ vm_map_findspace(vm_map_t map, vm_offset_t start, vm_size_t length,
 
 	/*
 	 * Root is the last node that might begin its gap before
-	 * start.
+	 * start, and this is the last comparison where address
+	 * wrap might be a problem.
 	 */
 	st = (start > map->root->end) ? start : map->root->end;
-	if (st + length <= map->root->end + map->root->adj_free) {
+	if (length <= map->root->end + map->root->adj_free - st) {
 		*addr = st;
 		goto found;
 	}