Merge branch 'akpm' (fixes from Andrew)

Merge misc fixes from Andrew Morton.

* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
  alpha: boot: fix build breakage introduced by system.h disintegration
  memcg: initialize kmem-cache destroying work earlier
  Randy has moved
  ksm: fix m68k build: only NUMA needs pfn_to_nid
  dmi_scan: fix missing check for _DMI_ signature in smbios_present()
  Revert parts of "hlist: drop the node parameter from iterators"
  idr: remove WARN_ON_ONCE() on negative IDs
  mm/mempolicy.c: fix sp_node_init() argument ordering
  mm/mempolicy.c: fix wrong sp_node insertion
  ipc: don't allocate a copy larger than max
  ipc: fix potential oops when src msg > 4k w/ MSG_COPY

1 files changed, 4 insertions, 2 deletions

diff --git a/ipc/msg.c b/ipc/msg.c
index 950572f9d796..31cd1bf6af27 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -820,15 +820,17 @@ long do_msgrcv(int msqid, void __user *buf, size_t bufsz, long msgtyp,
 	struct msg_msg *copy = NULL;
 	unsigned long copy_number = 0;
 
+	ns = current->nsproxy->ipc_ns;
+
 	if (msqid < 0 || (long) bufsz < 0)
 		return -EINVAL;
 	if (msgflg & MSG_COPY) {
-		copy = prepare_copy(buf, bufsz, msgflg, &msgtyp, &copy_number);
+		copy = prepare_copy(buf, min_t(size_t, bufsz, ns->msg_ctlmax),
+				    msgflg, &msgtyp, &copy_number);
 		if (IS_ERR(copy))
 			return PTR_ERR(copy);
 	}
 	mode = convert_mode(&msgtyp, msgflg);
-	ns = current->nsproxy->ipc_ns;
 
 	msq = msg_lock_check(ns, msqid);
 	if (IS_ERR(msq)) {