--- fs/xfs/xfs_fsops.c.orig	2007-04-26 16:05:38.126936000 +1000
+++ fs/xfs/xfs_fsops.c	2007-04-26 16:17:03.385762000 +1000
@@ -148,6 +148,20 @@
 		return error;
 	ASSERT(bp);
 	xfs_buf_relse(bp);
+	/*
+	 * Device drivers seem to be pathological liars... so, guess we
+	 * better check that the size isn't something completely insane.
+	 * Same check is done during mount, so we wont create something
+	 * here that we cannot later mount, at least.
+	 */
+#if XFS_BIG_BLKNOS     /* Limited by ULONG_MAX of page cache index */
+	if (unlikely(
+	    (nb >> (PAGE_CACHE_SHIFT - sbp->sb_blocklog)) > ULONG_MAX))
+#else                  /* Limited by UINT_MAX of sectors */
+	if (unlikely(
+	    (nb << (sbp->sb_blocklog - BBSHIFT)) > UINT_MAX))
+#endif
+	    return XFS_ERROR(E2BIG);
 
 	new = nb;	/* use new as a temporary here */
 	nb_mod = do_div(new, mp->m_sb.sb_agblocks);
--- fs/xfs/xfs_rtalloc.c.orig	2007-04-26 16:16:34.695969000 +1000
+++ fs/xfs/xfs_rtalloc.c	2007-04-26 16:22:43.227000750 +1000
@@ -1893,6 +1893,20 @@
 	ASSERT(bp);
 	xfs_buf_relse(bp);
 	/*
+	 * Device drivers seem to be pathological liars... so, guess we
+	 * better check that the size isn't something completely insane.
+	 * Same check is done during mount, so we wont create something
+	 * here that we cannot later mount, at least.
+	 */
+#if XFS_BIG_BLKNOS     /* Limited by ULONG_MAX of page cache index */
+	if (unlikely(
+	    (nrblocks >> (PAGE_CACHE_SHIFT - sbp->sb_blocklog)) > ULONG_MAX))
+#else                  /* Limited by UINT_MAX of sectors */
+	if (unlikely(
+	    (nrblocks << (sbp->sb_blocklog - BBSHIFT)) > UINT_MAX))
+#endif
+		return XFS_ERROR(E2BIG);
+	/*
 	 * Calculate new parameters.  These are the final values to be reached.
 	 */
 	nrextents = nrblocks;