in_len and out_len are signed quantites copied from
user space but are only checked to see if they're >
PAGE_SIZE.  The exploit would be to pass in a negative
quantity which would pass the check.

Fix by making them unsigned.
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>