From 03bdacc3d74c826668f523b295fc4008c34c8d50 Mon Sep 17 00:00:00 2001
From: Helge Deller <deller@gmx.de>
Date: Tue, 19 Dec 2006 19:28:33 +0100
Subject: [PATCH] --- yaml --- r: 57940 b: refs/heads/master c:
 06b32f3ab6df4c7489729f94bdc7093c72681d4b h: refs/heads/master v: v3

---
 [refs]          | 2 +-
 trunk/mm/mmap.c | 9 +++++++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/[refs] b/[refs]
index bbd04b1cb602..b9fc9edac5d0 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: d2f1c0fa2b346769ac35559ae3bafccf151dd446
+refs/heads/master: 06b32f3ab6df4c7489729f94bdc7093c72681d4b
diff --git a/trunk/mm/mmap.c b/trunk/mm/mmap.c
index 68b9ad2ef1d6..906ed402f7ca 100644
--- a/trunk/mm/mmap.c
+++ b/trunk/mm/mmap.c
@@ -1536,9 +1536,14 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
 	 * vma->vm_start/vm_end cannot change under us because the caller
 	 * is required to hold the mmap_sem in read mode.  We need the
 	 * anon_vma lock to serialize against concurrent expand_stacks.
+	 * Also guard against wrapping around to address 0.
 	 */
-	address += 4 + PAGE_SIZE - 1;
-	address &= PAGE_MASK;
+	if (address < PAGE_ALIGN(address+4))
+		address = PAGE_ALIGN(address+4);
+	else {
+		anon_vma_unlock(vma);
+		return -ENOMEM;
+	}
 	error = 0;
 
 	/* Somebody else might have raced and expanded it already */