From 986b43f8456366659e9077a65dcdbebe136f7446 Mon Sep 17 00:00:00 2001
From: Alan Cox <alc@FreeBSD.org>
Date: Tue, 18 Jan 2005 19:50:09 +0000
Subject: [PATCH] Add checks to vm_map_findspace() to test for address wrap. 
 The conditions where this could occur are very rare, but possible.

Submitted by: Mark W. Krentel
MFC after: 2 weeks
---
 sys/vm/vm_map.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/sys/vm/vm_map.c b/sys/vm/vm_map.c
index 427ccd502c83..2104e17ad09d 100644
--- a/sys/vm/vm_map.c
+++ b/sys/vm/vm_map.c
@@ -1009,10 +1009,13 @@ vm_map_findspace(vm_map_t map, vm_offset_t start, vm_size_t length,
 	vm_map_entry_t entry;
 	vm_offset_t end, st;
 
-	/* Request must fit within min/max VM address. */
+	/*
+	 * Request must fit within min/max VM address and must avoid
+	 * address wrap.
+	 */
 	if (start < map->min_offset)
 		start = map->min_offset;
-	if (start + length > map->max_offset)
+	if (start + length > map->max_offset || start + length < start)
 		return (1);
 
 	/* Empty tree means wide open address space. */
@@ -1033,10 +1036,11 @@ vm_map_findspace(vm_map_t map, vm_offset_t start, vm_size_t length,
 
 	/*
 	 * Root is the last node that might begin its gap before
-	 * start.
+	 * start, and this is the last comparison where address
+	 * wrap might be a problem.
 	 */
 	st = (start > map->root->end) ? start : map->root->end;
-	if (st + length <= map->root->end + map->root->adj_free) {
+	if (length <= map->root->end + map->root->adj_free - st) {
 		*addr = st;
 		goto found;
 	}