From 3bd3d9b269cfe6a0bffa4331a5dddb51a81eef03 Mon Sep 17 00:00:00 2001
From: Thomas Schoebel-Theuer <tst@1und1.de>
Date: Wed, 3 Nov 2021 14:44:17 +0100
Subject: [PATCH] mapfree: safeguard calling conventions

---
 kernel/lib_mapfree.c | 43 ++++++++++++++++++++++++++++++-------------
 1 file changed, 30 insertions(+), 13 deletions(-)

diff --git a/kernel/lib_mapfree.c b/kernel/lib_mapfree.c
index 67824d34..d5acf8bd 100644
--- a/kernel/lib_mapfree.c
+++ b/kernel/lib_mapfree.c
@@ -154,13 +154,20 @@ void _mapfree_put(struct mapfree_info *mf)
 
 void mapfree_put(struct mapfree_info *mf)
 {
-	if (likely(mf && mf->mf_hash < MAPFREE_HASH)) {
-		unsigned int hash = mf->mf_hash;
+	unsigned int hash;
 
-		down_write(&mf_table[hash].hash_mutex);
-		_mapfree_put(mf);
-		up_write(&mf_table[hash].hash_mutex);
+	if (unlikely(!mf))
+		return;
+
+	hash = mf->mf_hash;
+	if (unlikely(hash >= MAPFREE_HASH)) {
+		MARS_ERR("Bad mapfree hash %d\n", hash);
+		return;
 	}
+
+	down_write(&mf_table[hash].hash_mutex);
+	_mapfree_put(mf);
+	up_write(&mf_table[hash].hash_mutex);
 }
 EXPORT_SYMBOL_GPL(mapfree_put);
 
@@ -334,16 +341,26 @@ EXPORT_SYMBOL_GPL(mapfree_get);
 
 void mapfree_set(struct mapfree_info *mf, loff_t min, loff_t max)
 {
-	if (likely(mf && mf->mf_hash < MAPFREE_HASH)) {
-		struct mf_hash_anchor *mha = &mf_table[mf->mf_hash];
+	struct mf_hash_anchor *mha;
+	unsigned int hash;
 
-		down_write(&mha->hash_mutex);
-		if (!mf->mf_min[0] || mf->mf_min[0] > min)
-			mf->mf_min[0] = min;
-		if (max >= 0 && mf->mf_max < max)
-			mf->mf_max = max;
-		up_write(&mha->hash_mutex);
+	if (unlikely(!mf))
+		return;
+
+	hash = mf->mf_hash;
+	if (unlikely(hash >= MAPFREE_HASH)) {
+		MARS_ERR("Bad mapfree hash %d\n", hash);
+		return;
 	}
+
+	mha = &mf_table[hash];
+
+	down_write(&mha->hash_mutex);
+	if (!mf->mf_min[0] || mf->mf_min[0] > min)
+		mf->mf_min[0] = min;
+	if (max >= 0 && mf->mf_max < max)
+		mf->mf_max = max;
+	up_write(&mha->hash_mutex);
 }
 EXPORT_SYMBOL_GPL(mapfree_set);