The size of things should be unsigned because negative sizes are silly. My concern is the the limit checks don't take negative values into consideration in p9_client_create() if (clnt->msize > clnt->trans_mod->maxsize) clnt->msize = clnt->trans_mod->maxsize; and in p9_tag_alloc() int alloc_msize = min(c->msize, max_size); I don't know if this is exported to user space? Hopefully it's not too late to change this. Signed-off-by: Dan Carpenter <error27@xxxxxxxxx> diff --git a/include/net/9p/client.h b/include/net/9p/client.h index 55ce72c..d479d7d 100644 --- a/include/net/9p/client.h +++ b/include/net/9p/client.h @@ -151,7 +151,7 @@ struct p9_req_t { struct p9_client { spinlock_t lock; /* protect client structure */ - int msize; + unsigned int msize; unsigned char proto_version; struct p9_trans_module *trans_mod; enum p9_trans_status status; -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html