Index: drivers/message/i2o/proc-osm.c
===================================================================
--- a/drivers/message/i2o/proc-osm.c	(revision 100)
+++ b/drivers/message/i2o/proc-osm.c	(revision 103)
@@ -2049,7 +2049,7 @@
 {
 	struct i2o_controller *c;
 
-	i2o_proc_dir_root = proc_mkdir("i2o", 0);
+	i2o_proc_dir_root = proc_mkdir("i2o", NULL);
 	if(!i2o_proc_dir_root)
 		return -1;
 
@@ -2075,7 +2075,7 @@
 	list_for_each_entry(c, &i2o_controllers, list)
 		i2o_proc_iop_remove(i2o_proc_dir_root, c);
 
-	remove_proc_entry("i2o", 0);
+	remove_proc_entry("i2o", NULL);
 
 	return 0;
 };
Index: drivers/message/i2o/config-osm.c
===================================================================
--- a/drivers/message/i2o/config-osm.c	(revision 100)
+++ b/drivers/message/i2o/config-osm.c	(revision 103)
@@ -711,9 +711,9 @@
 #if BITS_PER_LONG == 64
 static int i2o_cfg_passthru32(unsigned fd, unsigned cmnd, unsigned long arg, struct file *file)
 {
-	struct i2o_cmd_passthru32 *cmd = (struct i2o_cmd_passthru32 *)arg;
+	struct i2o_cmd_passthru32 __user *cmd;
 	struct i2o_controller *c;
-	u32 *user_msg = (u32*)(u64)cmd->msg;
+	u32 *user_msg;
 	u32 *reply = NULL;
 	u32 *user_reply = NULL;
 	u32 size = 0;
@@ -726,10 +726,16 @@
 	i2o_status_block *sb;
 	struct i2o_message *msg;
 	u32 m;
+	unsigned int iop;
 
-	c = i2o_find_iop(cmd->iop);
+	cmd = (struct i2o_cmd_passthru32 __user *)arg;
+
+	if (get_user(iop, &cmd->iop) || get_user(user_msg, &cmd->msg))
+		return -EFAULT;
+
+	c = i2o_find_iop(iop);
 	if(!c) {
-		DBG("controller %d not found\n", cmd->iop);
+		DBG("controller %d not found\n", iop);
                 return -ENXIO;
 	}
 
@@ -896,7 +902,7 @@
 {
 	struct i2o_cmd_passthru __user*cmd=(struct i2o_cmd_passthru __user*)arg;
 	struct i2o_controller *c;
-	u32 __user *user_msg = (u32 __user *)cmd->msg;
+	u32 __user *user_msg;
 	u32 *reply = NULL;
 	u32 __user *user_reply = NULL;
 	u32 size = 0;
@@ -911,11 +917,14 @@
 	i2o_status_block *sb;
 	struct i2o_message *msg;
 	u32 m;
+	unsigned int iop;
 
-	printk(KERN_INFO "iop: %d\n", cmd->iop);
-	c = i2o_find_iop(cmd->iop);
+	if (get_user(iop, &cmd->iop) || get_user(user_msg, &cmd->msg))
+		return -EFAULT;
+
+	c = i2o_find_iop(iop);
 	if(!c) {
-		DBG("controller %d not found\n", cmd->iop);
+		DBG("controller %d not found\n", iop);
                 return -ENXIO;
 	}
 
Index: drivers/message/i2o/pci.c
===================================================================
--- a/drivers/message/i2o/pci.c	(revision 100)
+++ b/drivers/message/i2o/pci.c	(revision 103)
@@ -480,8 +480,6 @@
 	if(mv == I2O_QUEUE_EMPTY) {
 		mv=I2O_REPLY_READ32(c);
 		if(unlikely(mv == I2O_QUEUE_EMPTY)) {
-			printk(KERN_INFO "i2o: interrupt and message queue "
-			       "empty!\n");
 			return IRQ_NONE;
 		} else
 			DBG("960 bug detected\n");