From cbcbbd05dcc995f657c39f40ce4325a29e673db4 Mon Sep 17 00:00:00 2001
From: "Liam R. Howlett" <Liam.Howlett@Oracle.com>
Date: Wed, 3 Feb 2021 20:07:37 -0500
Subject: [PATCH] mm/mmap: Fix alignment mess of gap searching

Signed-off-by: Liam R. Howlett <Liam.Howlett@Oracle.com>
---
 mm/mmap.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/mm/mmap.c b/mm/mmap.c
index 61af80f654e4..e8a295663759 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -1623,9 +1623,9 @@ static unsigned long unmapped_area(struct vm_unmapped_area_info *info)
 			rcu_read_unlock();
 			return -ENOMEM;
 		}
-		gap = mas.index & ~(info->align_mask);
-		gap += info->align_offset;
-	} while ((gap < mas.index) && (gap > mas.last - info->length + 1));
+		gap = mas.index;
+		gap += (info->align_offset - mas.index) & info->align_mask;
+	} while ((mas.index > gap) && (gap > mas.last - info->length + 1));
 	rcu_read_unlock();
 
 	return gap;
@@ -1655,10 +1655,9 @@ static unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info)
 			return -ENOMEM;
 		}
 
-		gap = mas.last - info->length + 1;
-		gap &= ~(info->align_mask);
-		gap += info->align_offset;
-	} while (mas.index > gap);
+		gap = mas.last + 1 - info->length;
+		gap -= (gap - info->align_offset) & info->align_mask;
+	} while ((mas.index > gap) && (mas.last > gap + info->length - 1));
 	rcu_read_unlock();
 
 	return gap;
-- 
2.50.1