From 9542b9a452eeda0e3dd5c01cbf6f0462ebb56137 Mon Sep 17 00:00:00 2001
From: Alan Cox <alan@linux.intel.com>
Date: Mon, 30 Jul 2012 14:41:30 -0700
Subject: [PATCH] --- yaml --- r: 319943 b: refs/heads/master c:
 261eba73353edd48b0c0cb7aad59553dfc712ebc h: refs/heads/master i:   319941:
 3cf1df8ebec571500d85a881cc2dd23c61da4c1c   319939:
 63c9d4101c1f96a212fbec588bb511a40687e56f   319935:
 1cee54b27caaea2c19edf7a27c8b3997cbb573c6 v: v3

---
 [refs]                                 | 2 +-
 trunk/drivers/message/i2o/i2o_config.c | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/[refs] b/[refs]
index 90c7a0dc92ac..dac2621a1542 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 40251b8eb46e48c011939a3ddf056fe13a223319
+refs/heads/master: 261eba73353edd48b0c0cb7aad59553dfc712ebc
diff --git a/trunk/drivers/message/i2o/i2o_config.c b/trunk/drivers/message/i2o/i2o_config.c
index 098de2b35784..9a49c243a6ac 100644
--- a/trunk/drivers/message/i2o/i2o_config.c
+++ b/trunk/drivers/message/i2o/i2o_config.c
@@ -188,6 +188,13 @@ static int i2o_cfg_parms(unsigned long arg, unsigned int type)
 	if (!dev)
 		return -ENXIO;
 
+	/*
+	 * Stop users being able to try and allocate arbitary amounts
+	 * of DMA space. 64K is way more than sufficient for this.
+	 */
+	if (kcmd.oplen > 65536)
+		return -EMSGSIZE;
+
 	ops = memdup_user(kcmd.opbuf, kcmd.oplen);
 	if (IS_ERR(ops))
 		return PTR_ERR(ops);