ANDROID: ashmem: fix overflow on __page_align

When passing a very large size to __page_align, an integer overflow
happens. To make this unreachable, add a maximum size.

Bug: 426506201
Change-Id: I1139cc2b569df1187e7f55ded598bee192b2d6c9
Signed-off-by: Alice Ryhl <aliceryhl@google.com>

drivers/staging/android/ashmem_rust.rs

@@ -37,6 +37,8 @@ const ASHMEM_FULL_NAME_LEN: usize = bindings::ASHMEM_FULL_NAME_LEN as usize;
 const ASHMEM_NAME_PREFIX_LEN: usize = bindings::ASHMEM_NAME_PREFIX_LEN as usize;
 const ASHMEM_NAME_PREFIX: [u8; ASHMEM_NAME_PREFIX_LEN] = *b"dev/ashmem/";
 
+const ASHMEM_MAX_SIZE: usize = usize::MAX >> 1;
+
 const PROT_READ: usize = bindings::PROT_READ as usize;
 const PROT_EXEC: usize = bindings::PROT_EXEC as usize;
 const PROT_WRITE: usize = bindings::PROT_WRITE as usize;
@@ -157,7 +159,7 @@ impl MiscDevice for Ashmem {
         let asma = &mut *me.inner.lock();
 
         // User needs to SET_SIZE before mapping.
-        if asma.size == 0 {
+        if asma.size == 0 || asma.size >= ASHMEM_MAX_SIZE {
             return Err(EINVAL);
         }