diff --git a/[refs] b/[refs]
index 519776295da9..b088d206ec62 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 550929faf89e2e2cdb3e9945ea87d383989274cf
+refs/heads/master: e910d7ebecd1aac43125944a8641b6cb1a0dfabe
diff --git a/trunk/drivers/md/dm-ioctl.c b/trunk/drivers/md/dm-ioctl.c
index afd95986d099..a651d528f80d 100644
--- a/trunk/drivers/md/dm-ioctl.c
+++ b/trunk/drivers/md/dm-ioctl.c
@@ -1566,6 +1566,14 @@ static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl **param)
 	if (copy_from_user(dmi, user, tmp.data_size))
 		goto bad;
 
+	/*
+	 * Abort if something changed the ioctl data while it was being copied.
+	 */
+	if (dmi->data_size != tmp.data_size) {
+		DMERR("rejecting ioctl: data size modified while processing parameters");
+		goto bad;
+	}
+
 	/* Wipe the user buffer so we do not return it to userspace */
 	if (secure_data && clear_user(user, tmp.data_size))
 		goto bad;