> --- a/fs/hugetlbfs/inode.c > +++ b/fs/hugetlbfs/inode.c > @@ -157,7 +157,7 @@ static int hugetlbfs_file_mmap(struct file *file, struct vm_area_struct *vma) > vma_len = (loff_t)(vma->vm_end - vma->vm_start); > len = vma_len + ((loff_t)vma->vm_pgoff << PAGE_SHIFT); > /* check for overflow */ > - if (len < vma_len) > + if (vma_len > LLONG_MAX - ((loff_t)vma->vm_pgoff << PAGE_SHIFT)) > return -EINVAL; Proper fix is to make everything unsigned probably.
