We check that: if (nmsgs > I2C_RDRW_IOCTL_MAX_MSGS) return -EINVAL; Since "nmsgs" is signed, it means the check can underflow. It's harmless, but messy. Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c index f505402..f4222a4 100644 --- a/fs/compat_ioctl.c +++ b/fs/compat_ioctl.c @@ -680,7 +680,8 @@ static int do_i2c_rdwr_ioctl(unsigned int fd, unsigned int cmd, struct i2c_msg __user *tmsgs; struct i2c_msg32 __user *umsgs; compat_caddr_t datap; - int nmsgs, i; + unsigned int nmsgs; + int i; if (get_user(nmsgs, &udata->nmsgs)) return -EFAULT; -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html