Commit f2813e13fe for qemu.org

commit f2813e13fe910e01127271a87177a477b9438bc6
Author: Bingwu Zhang <xtex@astrafall.org>
Date:   Sat Feb 28 00:46:30 2026 +0800

    linux-user: Deal with mmap where start > reserved_va

    Fixes: 4c13048e02d9 ("linux-user: Use page_find_range_empty for mmap_find_vma_reserved")
    Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3310
    Signed-off-by: Bingwu Zhang <xtex@astrafall.org>
    Reviewed-by: Helge Deller <deller@gmx.de>
    Signed-off-by: Helge Deller <deller@gmx.de>

diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index 07175e11d5..76978a56a8 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -423,12 +423,15 @@ abi_ulong mmap_next_start;
 static abi_ulong mmap_find_vma_reserved(abi_ulong start, abi_ulong size,
                                         abi_ulong align)
 {
-    target_ulong ret;
+    target_ulong ret = -1;

-    ret = page_find_range_empty(start, reserved_va, size, align);
+    if (start <= reserved_va) {
+        ret = page_find_range_empty(start, reserved_va, size, align);
+    }
     if (ret == -1 && start > mmap_min_addr) {
         /* Restart at the beginning of the address space. */
-        ret = page_find_range_empty(mmap_min_addr, start - 1, size, align);
+        ret = page_find_range_empty(mmap_min_addr, MIN(start - 1, reserved_va),
+                                    size, align);
     }

     return ret;