From ee249b5ccd9e57bd7dcc9904c3c928d7758eaa25 Mon Sep 17 00:00:00 2001
From: David Daney <ddaney@avtrex.com>
Date: Sat, 27 Oct 2007 23:10:20 -0700
Subject: [PATCH] --- yaml --- r: 72789 b: refs/heads/master c:
 098362e72002d01fdd18afee2e635ffdcdc89e2c h: refs/heads/master i:   72787:
 b38f694178070838628973f41080cef55f85c165 v: v3

---
 [refs]                           | 2 +-
 trunk/arch/mips/kernel/syscall.c | 9 +++++++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/[refs] b/[refs]
index 7be991e11bbf..0e72742f3447 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: c4e8308c30b0139f89bac71f3c22c8d7413b8665
+refs/heads/master: 098362e72002d01fdd18afee2e635ffdcdc89e2c
diff --git a/trunk/arch/mips/kernel/syscall.c b/trunk/arch/mips/kernel/syscall.c
index b95fe93dd646..af1bdc897488 100644
--- a/trunk/arch/mips/kernel/syscall.c
+++ b/trunk/arch/mips/kernel/syscall.c
@@ -73,7 +73,14 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr,
 
 	task_size = STACK_TOP;
 
+	if (len > task_size)
+		return -ENOMEM;
+
 	if (flags & MAP_FIXED) {
+		/* Even MAP_FIXED mappings must reside within task_size.  */
+		if (task_size - len < addr)
+			return -EINVAL;
+
 		/*
 		 * We do not accept a shared mapping if it would violate
 		 * cache aliasing constraints.
@@ -83,8 +90,6 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr,
 		return addr;
 	}
 
-	if (len > task_size)
-		return -ENOMEM;
 	do_color_align = 0;
 	if (filp || (flags & MAP_SHARED))
 		do_color_align = 1;