43 files changed, 991 insertions, 470 deletions

diff --git a/fs/aio.c b/fs/aio.c
index a8ecc8313fb0..9b5ca1137419 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -625,7 +625,7 @@ void aio_complete(struct kiocb *iocb, long res, long res2)
 
         /*
          * Add a completion event to the ring buffer. Must be done holding
-         * ctx->ctx_lock to prevent other code from messing with the tail
+         * ctx->completion_lock to prevent other code from messing with the tail
          * pointer since we might be called from irq context.
          */
         spin_lock_irqsave(&ctx->completion_lock, flags);
diff --git a/fs/block_dev.c b/fs/block_dev.c
index 431b6a04ebfd..bb43ce081d6e 100644
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -1562,6 +1562,7 @@ static const struct address_space_operations def_blk_aops = {
         .writepages     = generic_writepages,
         .releasepage    = blkdev_releasepage,
         .direct_IO      = blkdev_direct_IO,
+        .is_dirty_writeback = buffer_check_dirty_writeback,
 };
 
 const struct file_operations def_blk_fops = {
diff --git a/fs/buffer.c b/fs/buffer.c
index f93392e2df12..4d7433534f5c 100644
--- a/fs/buffer.c
+++ b/fs/buffer.c
@@ -83,6 +83,40 @@ void unlock_buffer(struct buffer_head *bh)
 EXPORT_SYMBOL(unlock_buffer);
 
 /*
+ * Returns if the page has dirty or writeback buffers. If all the buffers
+ * are unlocked and clean then the PageDirty information is stale. If
+ * any of the pages are locked, it is assumed they are locked for IO.
+ */
+void buffer_check_dirty_writeback(struct page *page,
+                                     bool *dirty, bool *writeback)
+{
+        struct buffer_head *head, *bh;
+        *dirty = false;
+        *writeback = false;
+
+        BUG_ON(!PageLocked(page));
+
+        if (!page_has_buffers(page))
+                return;
+
+        if (PageWriteback(page))
+                *writeback = true;
+
+        head = page_buffers(page);
+        bh = head;
+        do {
+                if (buffer_locked(bh))
+                        *writeback = true;
+
+                if (buffer_dirty(bh))
+                        *dirty = true;
+
+                bh = bh->b_this_page;
+        } while (bh != head);
+}
+EXPORT_SYMBOL(buffer_check_dirty_writeback);
+
+/*
  * Block until a buffer comes unlocked.  This doesn't stop it
  * from becoming locked again - you have to lock it yourself
  * if you want to preserve its state.
diff --git a/fs/cachefiles/rdwr.c b/fs/cachefiles/rdwr.c
index 317f9ee9c991..ebaff368120d 100644
--- a/fs/cachefiles/rdwr.c
+++ b/fs/cachefiles/rdwr.c
@@ -12,6 +12,7 @@
 #include <linux/mount.h>
 #include <linux/slab.h>
 #include <linux/file.h>
+#include <linux/swap.h>
 #include "internal.h"
 
 /*
@@ -227,8 +228,7 @@ static void cachefiles_read_copier(struct fscache_operation *_op)
  */
 static int cachefiles_read_backing_file_one(struct cachefiles_object *object,
                                             struct fscache_retrieval *op,
-                                            struct page *netpage,
-                                            struct pagevec *pagevec)
+                                            struct page *netpage)
 {
         struct cachefiles_one_read *monitor;
         struct address_space *bmapping;
@@ -237,8 +237,6 @@ static int cachefiles_read_backing_file_one(struct cachefiles_object *object,
 
         _enter("");
 
-        pagevec_reinit(pagevec);
-
         _debug("read back %p{%lu,%d}",
                netpage, netpage->index, page_count(netpage));
 
@@ -283,9 +281,7 @@ installed_new_backing_page:
         backpage = newpage;
         newpage = NULL;
 
-        page_cache_get(backpage);
-        pagevec_add(pagevec, backpage);
-        __pagevec_lru_add_file(pagevec);
+        lru_cache_add_file(backpage);
 
 read_backing_page:
         ret = bmapping->a_ops->readpage(NULL, backpage);
@@ -452,8 +448,7 @@ int cachefiles_read_or_alloc_page(struct fscache_retrieval *op,
         if (block) {
                 /* submit the apparently valid page to the backing fs to be
                  * read from disk */
-                ret = cachefiles_read_backing_file_one(object, op, page,
-                                                       &pagevec);
+                ret = cachefiles_read_backing_file_one(object, op, page);
         } else if (cachefiles_has_space(cache, 0, 1) == 0) {
                 /* there's space in the cache we can use */
                 fscache_mark_page_cached(op, page);
@@ -482,14 +477,11 @@ static int cachefiles_read_backing_file(struct cachefiles_object *object,
 {
         struct cachefiles_one_read *monitor = NULL;
         struct address_space *bmapping = object->backer->d_inode->i_mapping;
-        struct pagevec lru_pvec;
         struct page *newpage = NULL, *netpage, *_n, *backpage = NULL;
         int ret = 0;
 
         _enter("");
 
-        pagevec_init(&lru_pvec, 0);
-
         list_for_each_entry_safe(netpage, _n, list, lru) {
                 list_del(&netpage->lru);
 
@@ -534,9 +526,7 @@ static int cachefiles_read_backing_file(struct cachefiles_object *object,
                 backpage = newpage;
                 newpage = NULL;
 
-                page_cache_get(backpage);
-                if (!pagevec_add(&lru_pvec, backpage))
-                        __pagevec_lru_add_file(&lru_pvec);
+                lru_cache_add_file(backpage);
 
         reread_backing_page:
                 ret = bmapping->a_ops->readpage(NULL, backpage);
@@ -559,9 +549,7 @@ static int cachefiles_read_backing_file(struct cachefiles_object *object,
                         goto nomem;
                 }
 
-                page_cache_get(netpage);
-                if (!pagevec_add(&lru_pvec, netpage))
-                        __pagevec_lru_add_file(&lru_pvec);
+                lru_cache_add_file(netpage);
 
                 /* install a monitor */
                 page_cache_get(netpage);
@@ -643,9 +631,7 @@ static int cachefiles_read_backing_file(struct cachefiles_object *object,
 
                 fscache_mark_page_cached(op, netpage);
 
-                page_cache_get(netpage);
-                if (!pagevec_add(&lru_pvec, netpage))
-                        __pagevec_lru_add_file(&lru_pvec);
+                lru_cache_add_file(netpage);
 
                 /* the netpage is unlocked and marked up to date here */
                 fscache_end_io(op, netpage, 0);
@@ -661,8 +647,6 @@ static int cachefiles_read_backing_file(struct cachefiles_object *object,
 
 out:
         /* tidy up */
-        pagevec_lru_add_file(&lru_pvec);
-
         if (newpage)
                 page_cache_release(newpage);
         if (netpage)
diff --git a/fs/configfs/file.c b/fs/configfs/file.c
index 2b6cb23dd14e..1d1c41f1014d 100644
--- a/fs/configfs/file.c
+++ b/fs/configfs/file.c
@@ -203,7 +203,7 @@ configfs_write_file(struct file *file, const char __user *buf, size_t count, lof
         mutex_lock(&buffer->mutex);
         len = fill_write_buffer(buffer, buf, count);
         if (len > 0)
-                len = flush_write_buffer(file->f_path.dentry, buffer, count);
+                len = flush_write_buffer(file->f_path.dentry, buffer, len);
         if (len > 0)
                 *ppos += len;
         mutex_unlock(&buffer->mutex);
diff --git a/fs/coredump.c b/fs/coredump.c
index dafafbafa731..72f816d6cad9 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -45,69 +45,79 @@
 #include <trace/events/sched.h>
 
 int core_uses_pid;
-char core_pattern[CORENAME_MAX_SIZE] = "core";
 unsigned int core_pipe_limit;
+char core_pattern[CORENAME_MAX_SIZE] = "core";
+static int core_name_size = CORENAME_MAX_SIZE;
 
 struct core_name {
         char *corename;
         int used, size;
 };
-static atomic_t call_count = ATOMIC_INIT(1);
 
 /* The maximal length of core_pattern is also specified in sysctl.c */
 
-static int expand_corename(struct core_name *cn)
+static int expand_corename(struct core_name *cn, int size)
 {
-        char *old_corename = cn->corename;
-
-        cn->size = CORENAME_MAX_SIZE * atomic_inc_return(&call_count);
-        cn->corename = krealloc(old_corename, cn->size, GFP_KERNEL);
+        char *corename = krealloc(cn->corename, size, GFP_KERNEL);
 
-        if (!cn->corename) {
-                kfree(old_corename);
+        if (!corename)
                 return -ENOMEM;
-        }
 
+        if (size > core_name_size) /* racy but harmless */
+                core_name_size = size;
+
+        cn->size = ksize(corename);
+        cn->corename = corename;
         return 0;
 }
 
+static int cn_vprintf(struct core_name *cn, const char *fmt, va_list arg)
+{
+        int free, need;
+
+again:
+        free = cn->size - cn->used;
+        need = vsnprintf(cn->corename + cn->used, free, fmt, arg);
+        if (need < free) {
+                cn->used += need;
+                return 0;
+        }
+
+        if (!expand_corename(cn, cn->size + need - free + 1))
+                goto again;
+
+        return -ENOMEM;
+}
+
 static int cn_printf(struct core_name *cn, const char *fmt, ...)
 {
-        char *cur;
-        int need;
-        int ret;
         va_list arg;
+        int ret;
 
         va_start(arg, fmt);
-        need = vsnprintf(NULL, 0, fmt, arg);
+        ret = cn_vprintf(cn, fmt, arg);
         va_end(arg);
 
-        if (likely(need < cn->size - cn->used - 1))
-                goto out_printf;
+        return ret;
+}
 
-        ret = expand_corename(cn);
-        if (ret)
-                goto expand_fail;
+static int cn_esc_printf(struct core_name *cn, const char *fmt, ...)
+{
+        int cur = cn->used;
+        va_list arg;
+        int ret;
 
-out_printf:
-        cur = cn->corename + cn->used;
         va_start(arg, fmt);
-        vsnprintf(cur, need + 1, fmt, arg);
+        ret = cn_vprintf(cn, fmt, arg);
         va_end(arg);
-        cn->used += need;
-        return 0;
 
-expand_fail:
+        for (; cur < cn->used; ++cur) {
+                if (cn->corename[cur] == '/')
+                        cn->corename[cur] = '!';
+        }
         return ret;
 }
 
-static void cn_escape(char *str)
-{
-        for (; *str; str++)
-                if (*str == '/')
-                        *str = '!';
-}
-
 static int cn_print_exe_file(struct core_name *cn)
 {
         struct file *exe_file;
@@ -115,12 +125,8 @@ static int cn_print_exe_file(struct core_name *cn)
         int ret;
 
         exe_file = get_mm_exe_file(current->mm);
-        if (!exe_file) {
-                char *commstart = cn->corename + cn->used;
-                ret = cn_printf(cn, "%s (path unknown)", current->comm);
-                cn_escape(commstart);
-                return ret;
-        }
+        if (!exe_file)
+                return cn_esc_printf(cn, "%s (path unknown)", current->comm);
 
         pathbuf = kmalloc(PATH_MAX, GFP_TEMPORARY);
         if (!pathbuf) {
@@ -134,9 +140,7 @@ static int cn_print_exe_file(struct core_name *cn)
                 goto free_buf;
         }
 
-        cn_escape(path);
-
-        ret = cn_printf(cn, "%s", path);
+        ret = cn_esc_printf(cn, "%s", path);
 
 free_buf:
         kfree(pathbuf);
@@ -157,19 +161,19 @@ static int format_corename(struct core_name *cn, struct coredump_params *cprm)
         int pid_in_pattern = 0;
         int err = 0;
 
-        cn->size = CORENAME_MAX_SIZE * atomic_read(&call_count);
-        cn->corename = kmalloc(cn->size, GFP_KERNEL);
         cn->used = 0;
-
-        if (!cn->corename)
+        cn->corename = NULL;
+        if (expand_corename(cn, core_name_size))
                 return -ENOMEM;
+        cn->corename[0] = '\0';
+
+        if (ispipe)
+                ++pat_ptr;
 
         /* Repeat as long as we have more pattern to process and more output
            space */
         while (*pat_ptr) {
                 if (*pat_ptr != '%') {
-                        if (*pat_ptr == 0)
-                                goto out;
                         err = cn_printf(cn, "%c", *pat_ptr++);
                 } else {
                         switch (*++pat_ptr) {
@@ -210,22 +214,16 @@ static int format_corename(struct core_name *cn, struct coredump_params *cprm)
                                 break;
                         }
                         /* hostname */
-                        case 'h': {
-                                char *namestart = cn->corename + cn->used;
+                        case 'h':
                                 down_read(&uts_sem);
-                                err = cn_printf(cn, "%s",
+                                err = cn_esc_printf(cn, "%s",
                                               utsname()->nodename);
                                 up_read(&uts_sem);
-                                cn_escape(namestart);
                                 break;
-                        }
                         /* executable */
-                        case 'e': {
-                                char *commstart = cn->corename + cn->used;
-                                err = cn_printf(cn, "%s", current->comm);
-                                cn_escape(commstart);
+                        case 'e':
+                                err = cn_esc_printf(cn, "%s", current->comm);
                                 break;
-                        }
                         case 'E':
                                 err = cn_print_exe_file(cn);
                                 break;
@@ -244,6 +242,7 @@ static int format_corename(struct core_name *cn, struct coredump_params *cprm)
                         return err;
         }
 
+out:
         /* Backward compatibility with core_uses_pid:
          *
          * If core_pattern does not include a %p (as is the default)
@@ -254,7 +253,6 @@ static int format_corename(struct core_name *cn, struct coredump_params *cprm)
                 if (err)
                         return err;
         }
-out:
         return ispipe;
 }
 
@@ -549,7 +547,7 @@ void do_coredump(siginfo_t *siginfo)
                 if (ispipe < 0) {
                         printk(KERN_WARNING "format_corename failed\n");
                         printk(KERN_WARNING "Aborting core\n");
-                        goto fail_corename;
+                        goto fail_unlock;
                 }
 
                 if (cprm.limit == 1) {
@@ -584,7 +582,7 @@ void do_coredump(siginfo_t *siginfo)
                         goto fail_dropcount;
                 }
 
-                helper_argv = argv_split(GFP_KERNEL, cn.corename+1, NULL);
+                helper_argv = argv_split(GFP_KERNEL, cn.corename, NULL);
                 if (!helper_argv) {
                         printk(KERN_WARNING "%s failed to allocate memory\n",
                                __func__);
@@ -601,7 +599,7 @@ void do_coredump(siginfo_t *siginfo)
 
                 argv_free(helper_argv);
                 if (retval) {
-                        printk(KERN_INFO "Core dump to %s pipe failed\n",
+                        printk(KERN_INFO "Core dump to |%s pipe failed\n",
                                cn.corename);
                         goto close_fail;
                 }
@@ -669,7 +667,6 @@ fail_dropcount:
                 atomic_dec(&core_dump_count);
 fail_unlock:
         kfree(cn.corename);
-fail_corename:
         coredump_finish(mm, core_dumped);
         revert_creds(old_cred);
 fail_creds:
diff --git a/fs/eventpoll.c b/fs/eventpoll.c
index 0cff4434880d..9ad17b15b454 100644
--- a/fs/eventpoll.c
+++ b/fs/eventpoll.c
@@ -1977,8 +1977,8 @@ SYSCALL_DEFINE6(epoll_pwait, int, epfd, struct epoll_event __user *, events,
                         return -EINVAL;
                 if (copy_from_user(&ksigmask, sigmask, sizeof(ksigmask)))
                         return -EFAULT;
-                sigdelsetmask(&ksigmask, sigmask(SIGKILL) | sigmask(SIGSTOP));
-                sigprocmask(SIG_SETMASK, &ksigmask, &sigsaved);
+                sigsaved = current->blocked;
+                set_current_blocked(&ksigmask);
         }
 
         error = sys_epoll_wait(epfd, events, maxevents, timeout);
@@ -1995,7 +1995,7 @@ SYSCALL_DEFINE6(epoll_pwait, int, epfd, struct epoll_event __user *, events,
                                sizeof(sigsaved));
                         set_restore_sigmask();
                 } else
-                        sigprocmask(SIG_SETMASK, &sigsaved, NULL);
+                        set_current_blocked(&sigsaved);
         }
 
         return error;
@@ -2022,8 +2022,8 @@ COMPAT_SYSCALL_DEFINE6(epoll_pwait, int, epfd,
                 if (copy_from_user(&csigmask, sigmask, sizeof(csigmask)))
                         return -EFAULT;
                 sigset_from_compat(&ksigmask, &csigmask);
-                sigdelsetmask(&ksigmask, sigmask(SIGKILL) | sigmask(SIGSTOP));
-                sigprocmask(SIG_SETMASK, &ksigmask, &sigsaved);
+                sigsaved = current->blocked;
+                set_current_blocked(&ksigmask);
         }
 
         err = sys_epoll_wait(epfd, events, maxevents, timeout);
@@ -2040,7 +2040,7 @@ COMPAT_SYSCALL_DEFINE6(epoll_pwait, int, epfd,
                                sizeof(sigsaved));
                         set_restore_sigmask();
                 } else
-                        sigprocmask(SIG_SETMASK, &sigsaved, NULL);
+                        set_current_blocked(&sigsaved);
         }
 
         return err;
diff --git a/fs/exec.c b/fs/exec.c
index 03b907cfd765..9c73def87642 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -932,6 +932,7 @@ static int de_thread(struct task_struct *tsk)
                  * also take its birthdate (always earlier than our own).
                  */
                 tsk->start_time = leader->start_time;
+                tsk->real_start_time = leader->real_start_time;
 
                 BUG_ON(!same_thread_group(leader, tsk));
                 BUG_ON(has_group_leader_pid(tsk));
@@ -947,9 +948,8 @@ static int de_thread(struct task_struct *tsk)
                  * Note: The old leader also uses this pid until release_task
                  *       is called.  Odd but simple and correct.
                  */
-                detach_pid(tsk, PIDTYPE_PID);
                 tsk->pid = leader->pid;
-                attach_pid(tsk, PIDTYPE_PID,  task_pid(leader));
+                change_pid(tsk, PIDTYPE_PID, task_pid(leader));
                 transfer_pid(leader, tsk, PIDTYPE_PGID);
                 transfer_pid(leader, tsk, PIDTYPE_SID);
 
@@ -1465,7 +1465,6 @@ static int do_execve_common(const char *filename,
         struct files_struct *displaced;
         bool clear_in_exec;
         int retval;
-        const struct cred *cred = current_cred();
 
         /*
          * We move the actual failure in case of RLIMIT_NPROC excess from
@@ -1474,7 +1473,7 @@ static int do_execve_common(const char *filename,
          * whether NPROC limit is still exceeded.
          */
         if ((current->flags & PF_NPROC_EXCEEDED) &&
-            atomic_read(&cred->user->processes) > rlimit(RLIMIT_NPROC)) {
+            atomic_read(&current_user()->processes) > rlimit(RLIMIT_NPROC)) {
                 retval = -EAGAIN;
                 goto out_ret;
         }
diff --git a/fs/ext3/inode.c b/fs/ext3/inode.c
index f67668f724ba..2bd85486b879 100644
--- a/fs/ext3/inode.c
+++ b/fs/ext3/inode.c
@@ -1985,6 +1985,7 @@ static const struct address_space_operations ext3_ordered_aops = {
         .direct_IO              = ext3_direct_IO,
         .migratepage            = buffer_migrate_page,
         .is_partially_uptodate  = block_is_partially_uptodate,
+        .is_dirty_writeback     = buffer_check_dirty_writeback,
         .error_remove_page      = generic_error_remove_page,
 };
 
diff --git a/fs/fat/misc.c b/fs/fat/misc.c
index 359d307b5507..628e22a5a543 100644
--- a/fs/fat/misc.c
+++ b/fs/fat/misc.c
@@ -30,7 +30,7 @@ void __fat_fs_error(struct super_block *sb, int report, const char *fmt, ...)
                 va_start(args, fmt);
                 vaf.fmt = fmt;
                 vaf.va = &args;
-                printk(KERN_ERR "FAT-fs (%s): error, %pV\n", sb->s_id, &vaf);
+                fat_msg(sb, KERN_ERR, "error, %pV", &vaf);
                 va_end(args);
         }
 
@@ -38,8 +38,7 @@ void __fat_fs_error(struct super_block *sb, int report, const char *fmt, ...)
                 panic("FAT-fs (%s): fs panic from previous error\n", sb->s_id);
         else if (opts->errors == FAT_ERRORS_RO && !(sb->s_flags & MS_RDONLY)) {
                 sb->s_flags |= MS_RDONLY;
-                printk(KERN_ERR "FAT-fs (%s): Filesystem has been "
-                                "set read-only\n", sb->s_id);
+                fat_msg(sb, KERN_ERR, "Filesystem has been set read-only");
         }
 }
 EXPORT_SYMBOL_GPL(__fat_fs_error);
diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index 9a0cdde14a08..0b578598c6ac 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -785,7 +785,7 @@ static const struct super_operations fuse_super_operations = {
 static void sanitize_global_limit(unsigned *limit)
 {
         if (*limit == 0)
-                *limit = ((num_physpages << PAGE_SHIFT) >> 13) /
+                *limit = ((totalram_pages << PAGE_SHIFT) >> 13) /
                          sizeof(struct fuse_req);
 
         if (*limit >= 1 << 16)
diff --git a/fs/hppfs/hppfs.c b/fs/hppfs/hppfs.c
index fc90ab11c340..4338ff32959d 100644
--- a/fs/hppfs/hppfs.c
+++ b/fs/hppfs/hppfs.c
@@ -69,7 +69,7 @@ static char *dentry_name(struct dentry *dentry, int extra)
         struct dentry *parent;
         char *root, *name;
         const char *seg_name;
-        int len, seg_len;
+        int len, seg_len, root_len;
 
         len = 0;
         parent = dentry;
@@ -81,7 +81,8 @@ static char *dentry_name(struct dentry *dentry, int extra)
         }
 
         root = "proc";
-        len += strlen(root);
+        root_len = strlen(root);
+        len += root_len;
         name = kmalloc(len + extra + 1, GFP_KERNEL);
         if (name == NULL)
                 return NULL;
@@ -91,7 +92,7 @@ static char *dentry_name(struct dentry *dentry, int extra)
         while (parent->d_parent != parent) {
                 if (is_pid(parent)) {
                         seg_name = "pid";
-                        seg_len = strlen("pid");
+                        seg_len = strlen(seg_name);
                 }
                 else {
                         seg_name = parent->d_name.name;
@@ -100,10 +101,10 @@ static char *dentry_name(struct dentry *dentry, int extra)
 
                 len -= seg_len + 1;
                 name[len] = '/';
-                strncpy(&name[len + 1], seg_name, seg_len);
+                memcpy(&name[len + 1], seg_name, seg_len);
                 parent = parent->d_parent;
         }
-        strncpy(name, root, strlen(root));
+        memcpy(name, root, root_len);
         return name;
 }
 
diff --git a/fs/lockd/svc.c b/fs/lockd/svc.c
index a2aa97d45670..10d6c41aecad 100644
--- a/fs/lockd/svc.c
+++ b/fs/lockd/svc.c
@@ -305,7 +305,7 @@ static int lockd_start_svc(struct svc_serv *serv)
         svc_sock_update_bufs(serv);
         serv->sv_maxconn = nlm_max_connections;
 
-        nlmsvc_task = kthread_run(lockd, nlmsvc_rqst, serv->sv_name);
+        nlmsvc_task = kthread_run(lockd, nlmsvc_rqst, "%s", serv->sv_name);
         if (IS_ERR(nlmsvc_task)) {
                 error = PTR_ERR(nlmsvc_task);
                 printk(KERN_WARNING
diff --git a/fs/ncpfs/mmap.c b/fs/ncpfs/mmap.c
index ee24df5af1f9..3c5dd55d284c 100644
--- a/fs/ncpfs/mmap.c
+++ b/fs/ncpfs/mmap.c
@@ -117,7 +117,7 @@ int ncp_mmap(struct file *file, struct vm_area_struct *vma)
                 return -EINVAL;
         /* we do not support files bigger than 4GB... We eventually 
            supports just 4GB... */
-        if (((vma->vm_end - vma->vm_start) >> PAGE_SHIFT) + vma->vm_pgoff 
+        if (vma_pages(vma) + vma->vm_pgoff
            > (1U << (32 - PAGE_SHIFT)))
                 return -EFBIG;
 
diff --git a/fs/nfs/callback.c b/fs/nfs/callback.c
index cff089a412c7..da6a43d19aa3 100644
--- a/fs/nfs/callback.c
+++ b/fs/nfs/callback.c
@@ -211,7 +211,6 @@ static int nfs_callback_start_svc(int minorversion, struct rpc_xprt *xprt,
         struct svc_rqst *rqstp;
         int (*callback_svc)(void *vrqstp);
         struct nfs_callback_data *cb_info = &nfs_callback_info[minorversion];
-        char svc_name[12];
         int ret;
 
         nfs_callback_bc_serv(minorversion, xprt, serv);
@@ -235,10 +234,10 @@ static int nfs_callback_start_svc(int minorversion, struct rpc_xprt *xprt,
 
         svc_sock_update_bufs(serv);
 
-        sprintf(svc_name, "nfsv4.%u-svc", minorversion);
         cb_info->serv = serv;
         cb_info->rqst = rqstp;
-        cb_info->task = kthread_run(callback_svc, cb_info->rqst, svc_name);
+        cb_info->task = kthread_run(callback_svc, cb_info->rqst,
+                                    "nfsv4.%u-svc", minorversion);
         if (IS_ERR(cb_info->task)) {
                 ret = PTR_ERR(cb_info->task);
                 svc_exit_thread(cb_info->rqst);
diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
index 5d051419527b..d7ed697133f0 100644
--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -33,6 +33,7 @@
 #include <linux/pagevec.h>
 #include <linux/namei.h>
 #include <linux/mount.h>
+#include <linux/swap.h>
 #include <linux/sched.h>
 #include <linux/kmemleak.h>
 #include <linux/xattr.h>
@@ -1758,7 +1759,6 @@ EXPORT_SYMBOL_GPL(nfs_unlink);
  */
 int nfs_symlink(struct inode *dir, struct dentry *dentry, const char *symname)
 {
-        struct pagevec lru_pvec;
         struct page *page;
         char *kaddr;
         struct iattr attr;
@@ -1798,11 +1798,8 @@ int nfs_symlink(struct inode *dir, struct dentry *dentry, const char *symname)
          * No big deal if we can't add this page to the page cache here.
          * READLINK will get the missing page from the server if needed.
          */
-        pagevec_init(&lru_pvec, 0);
-        if (!add_to_page_cache(page, dentry->d_inode->i_mapping, 0,
+        if (!add_to_page_cache_lru(page, dentry->d_inode->i_mapping, 0,
                                                         GFP_KERNEL)) {
-                pagevec_add(&lru_pvec, page);
-                pagevec_lru_add_file(&lru_pvec);
                 SetPageUptodate(page);
                 unlock_page(page);
         } else
diff --git a/fs/nfs/file.c b/fs/nfs/file.c
index 6b4a79f4ad1d..94e94bd11aae 100644
--- a/fs/nfs/file.c
+++ b/fs/nfs/file.c
@@ -495,6 +495,35 @@ static int nfs_release_page(struct page *page, gfp_t gfp)
         return nfs_fscache_release_page(page, gfp);
 }
 
+static void nfs_check_dirty_writeback(struct page *page,
+                                bool *dirty, bool *writeback)
+{
+        struct nfs_inode *nfsi;
+        struct address_space *mapping = page_file_mapping(page);
+
+        if (!mapping || PageSwapCache(page))
+                return;
+
+        /*
+         * Check if an unstable page is currently being committed and
+         * if so, have the VM treat it as if the page is under writeback
+         * so it will not block due to pages that will shortly be freeable.
+         */
+        nfsi = NFS_I(mapping->host);
+        if (test_bit(NFS_INO_COMMIT, &nfsi->flags)) {
+                *writeback = true;
+                return;
+        }
+
+        /*
+         * If PagePrivate() is set, then the page is not freeable and as the
+         * inode is not being committed, it's not going to be cleaned in the
+         * near future so treat it as dirty
+         */
+        if (PagePrivate(page))
+                *dirty = true;
+}
+
 /*
  * Attempt to clear the private state associated with a page when an error
  * occurs that requires the cached contents of an inode to be written back or
@@ -542,6 +571,7 @@ const struct address_space_operations nfs_file_aops = {
         .direct_IO = nfs_direct_IO,
         .migratepage = nfs_migrate_page,
         .launder_page = nfs_launder_page,
+        .is_dirty_writeback = nfs_check_dirty_writeback,
         .error_remove_page = generic_error_remove_page,
 #ifdef CONFIG_NFS_SWAP
         .swap_activate = nfs_swap_activate,
diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c
index ff10b4aa534c..55418811a55a 100644
--- a/fs/nfs/nfs4state.c
+++ b/fs/nfs/nfs4state.c
@@ -1194,7 +1194,7 @@ void nfs4_schedule_state_manager(struct nfs_client *clp)
         snprintf(buf, sizeof(buf), "%s-manager",
                         rpc_peeraddr2str(clp->cl_rpcclient, RPC_DISPLAY_ADDR));
         rcu_read_unlock();
-        task = kthread_run(nfs4_run_state_manager, clp, buf);
+        task = kthread_run(nfs4_run_state_manager, clp, "%s", buf);
         if (IS_ERR(task)) {
                 printk(KERN_ERR "%s: kthread_run: %ld\n",
                         __func__, PTR_ERR(task));
diff --git a/fs/nilfs2/alloc.c b/fs/nilfs2/alloc.c
index eed4d7b26249..741fd02e0444 100644
--- a/fs/nilfs2/alloc.c
+++ b/fs/nilfs2/alloc.c
@@ -398,6 +398,69 @@ nilfs_palloc_rest_groups_in_desc_block(const struct inode *inode,
 }
 
 /**
+ * nilfs_palloc_count_desc_blocks - count descriptor blocks number
+ * @inode: inode of metadata file using this allocator
+ * @desc_blocks: descriptor blocks number [out]
+ */
+static int nilfs_palloc_count_desc_blocks(struct inode *inode,
+                                            unsigned long *desc_blocks)
+{
+        unsigned long blknum;
+        int ret;
+
+        ret = nilfs_bmap_last_key(NILFS_I(inode)->i_bmap, &blknum);
+        if (likely(!ret))
+                *desc_blocks = DIV_ROUND_UP(
+                        blknum, NILFS_MDT(inode)->mi_blocks_per_desc_block);
+        return ret;
+}
+
+/**
+ * nilfs_palloc_mdt_file_can_grow - check potential opportunity for
+ *                                      MDT file growing
+ * @inode: inode of metadata file using this allocator
+ * @desc_blocks: known current descriptor blocks count
+ */
+static inline bool nilfs_palloc_mdt_file_can_grow(struct inode *inode,
+                                                    unsigned long desc_blocks)
+{
+        return (nilfs_palloc_groups_per_desc_block(inode) * desc_blocks) <
+                        nilfs_palloc_groups_count(inode);
+}
+
+/**
+ * nilfs_palloc_count_max_entries - count max number of entries that can be
+ *                                      described by descriptor blocks count
+ * @inode: inode of metadata file using this allocator
+ * @nused: current number of used entries
+ * @nmaxp: max number of entries [out]
+ */
+int nilfs_palloc_count_max_entries(struct inode *inode, u64 nused, u64 *nmaxp)
+{
+        unsigned long desc_blocks = 0;
+        u64 entries_per_desc_block, nmax;
+        int err;
+
+        err = nilfs_palloc_count_desc_blocks(inode, &desc_blocks);
+        if (unlikely(err))
+                return err;
+
+        entries_per_desc_block = (u64)nilfs_palloc_entries_per_group(inode) *
+                                nilfs_palloc_groups_per_desc_block(inode);
+        nmax = entries_per_desc_block * desc_blocks;
+
+        if (nused == nmax &&
+                        nilfs_palloc_mdt_file_can_grow(inode, desc_blocks))
+                nmax += entries_per_desc_block;
+
+        if (nused > nmax)
+                return -ERANGE;
+
+        *nmaxp = nmax;
+        return 0;
+}
+
+/**
  * nilfs_palloc_prepare_alloc_entry - prepare to allocate a persistent object
  * @inode: inode of metadata file using this allocator
  * @req: nilfs_palloc_req structure exchanged for the allocation
diff --git a/fs/nilfs2/alloc.h b/fs/nilfs2/alloc.h
index fb7238100548..4bd6451b5703 100644
--- a/fs/nilfs2/alloc.h
+++ b/fs/nilfs2/alloc.h
@@ -48,6 +48,8 @@ int nilfs_palloc_get_entry_block(struct inode *, __u64, int,
 void *nilfs_palloc_block_get_entry(const struct inode *, __u64,
                                    const struct buffer_head *, void *);
 
+int nilfs_palloc_count_max_entries(struct inode *, u64, u64 *);
+
 /**
  * nilfs_palloc_req - persistent allocator request and reply
  * @pr_entry_nr: entry number (vblocknr or inode number)
diff --git a/fs/nilfs2/ifile.c b/fs/nilfs2/ifile.c
index d8e65bde083c..6548c7851b48 100644
--- a/fs/nilfs2/ifile.c
+++ b/fs/nilfs2/ifile.c
@@ -160,6 +160,28 @@ int nilfs_ifile_get_inode_block(struct inode *ifile, ino_t ino,
 }
 
 /**
+ * nilfs_ifile_count_free_inodes - calculate free inodes count
+ * @ifile: ifile inode
+ * @nmaxinodes: current maximum of available inodes count [out]
+ * @nfreeinodes: free inodes count [out]
+ */
+int nilfs_ifile_count_free_inodes(struct inode *ifile,
+                                    u64 *nmaxinodes, u64 *nfreeinodes)
+{
+        u64 nused;
+        int err;
+
+        *nmaxinodes = 0;
+        *nfreeinodes = 0;
+
+        nused = atomic64_read(&NILFS_I(ifile)->i_root->inodes_count);
+        err = nilfs_palloc_count_max_entries(ifile, nused, nmaxinodes);
+        if (likely(!err))
+                *nfreeinodes = *nmaxinodes - nused;
+        return err;
+}
+
+/**
  * nilfs_ifile_read - read or get ifile inode
  * @sb: super block instance
  * @root: root object
diff --git a/fs/nilfs2/ifile.h b/fs/nilfs2/ifile.h
index 59b6f2b51df6..679674d13372 100644
--- a/fs/nilfs2/ifile.h
+++ b/fs/nilfs2/ifile.h
@@ -49,6 +49,8 @@ int nilfs_ifile_create_inode(struct inode *, ino_t *, struct buffer_head **);
 int nilfs_ifile_delete_inode(struct inode *, ino_t);
 int nilfs_ifile_get_inode_block(struct inode *, ino_t, struct buffer_head **);
 
+int nilfs_ifile_count_free_inodes(struct inode *, u64 *, u64 *);
+
 int nilfs_ifile_read(struct super_block *sb, struct nilfs_root *root,
                      size_t inode_size, struct nilfs_inode *raw_inode,
                      struct inode **inodep);
diff --git a/fs/nilfs2/inode.c b/fs/nilfs2/inode.c
index bccfec8343c5..b1a5277cfd18 100644
--- a/fs/nilfs2/inode.c
+++ b/fs/nilfs2/inode.c
@@ -54,7 +54,7 @@ void nilfs_inode_add_blocks(struct inode *inode, int n)
 
         inode_add_bytes(inode, (1 << inode->i_blkbits) * n);
         if (root)
-                atomic_add(n, &root->blocks_count);
+                atomic64_add(n, &root->blocks_count);
 }
 
 void nilfs_inode_sub_blocks(struct inode *inode, int n)
@@ -63,7 +63,7 @@ void nilfs_inode_sub_blocks(struct inode *inode, int n)
 
         inode_sub_bytes(inode, (1 << inode->i_blkbits) * n);
         if (root)
-                atomic_sub(n, &root->blocks_count);
+                atomic64_sub(n, &root->blocks_count);
 }
 
 /**
@@ -369,7 +369,7 @@ struct inode *nilfs_new_inode(struct inode *dir, umode_t mode)
                 goto failed_ifile_create_inode;
         /* reference count of i_bh inherits from nilfs_mdt_read_block() */
 
-        atomic_inc(&root->inodes_count);
+        atomic64_inc(&root->inodes_count);
         inode_init_owner(inode, dir, mode);
         inode->i_ino = ino;
         inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
@@ -801,7 +801,7 @@ void nilfs_evict_inode(struct inode *inode)
 
         ret = nilfs_ifile_delete_inode(ii->i_root->ifile, inode->i_ino);
         if (!ret)
-                atomic_dec(&ii->i_root->inodes_count);
+                atomic64_dec(&ii->i_root->inodes_count);
 
         nilfs_clear_inode(inode);
 
diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c
index a5752a589932..bd88a7461063 100644
--- a/fs/nilfs2/segment.c
+++ b/fs/nilfs2/segment.c
@@ -835,9 +835,9 @@ static int nilfs_segctor_fill_in_checkpoint(struct nilfs_sc_info *sci)
         raw_cp->cp_snapshot_list.ssl_next = 0;
         raw_cp->cp_snapshot_list.ssl_prev = 0;
         raw_cp->cp_inodes_count =
-                cpu_to_le64(atomic_read(&sci->sc_root->inodes_count));
+                cpu_to_le64(atomic64_read(&sci->sc_root->inodes_count));
         raw_cp->cp_blocks_count =
-                cpu_to_le64(atomic_read(&sci->sc_root->blocks_count));
+                cpu_to_le64(atomic64_read(&sci->sc_root->blocks_count));
         raw_cp->cp_nblk_inc =
                 cpu_to_le64(sci->sc_nblk_inc + sci->sc_nblk_this_inc);
         raw_cp->cp_create = cpu_to_le64(sci->sc_seg_ctime);
diff --git a/fs/nilfs2/super.c b/fs/nilfs2/super.c
index c7d1f9f18b09..1427de5ebf4d 100644
--- a/fs/nilfs2/super.c
+++ b/fs/nilfs2/super.c
@@ -554,8 +554,10 @@ int nilfs_attach_checkpoint(struct super_block *sb, __u64 cno, int curr_mnt,
         if (err)
                 goto failed_bh;
 
-        atomic_set(&root->inodes_count, le64_to_cpu(raw_cp->cp_inodes_count));
-        atomic_set(&root->blocks_count, le64_to_cpu(raw_cp->cp_blocks_count));
+        atomic64_set(&root->inodes_count,
+                        le64_to_cpu(raw_cp->cp_inodes_count));
+        atomic64_set(&root->blocks_count,
+                        le64_to_cpu(raw_cp->cp_blocks_count));
 
         nilfs_cpfile_put_checkpoint(nilfs->ns_cpfile, cno, bh_cp);
 
@@ -609,6 +611,7 @@ static int nilfs_statfs(struct dentry *dentry, struct kstatfs *buf)
         unsigned long overhead;
         unsigned long nrsvblocks;
         sector_t nfreeblocks;
+        u64 nmaxinodes, nfreeinodes;
         int err;
 
         /*
@@ -633,14 +636,34 @@ static int nilfs_statfs(struct dentry *dentry, struct kstatfs *buf)
         if (unlikely(err))
                 return err;
 
+        err = nilfs_ifile_count_free_inodes(root->ifile,
+                                            &nmaxinodes, &nfreeinodes);
+        if (unlikely(err)) {
+                printk(KERN_WARNING
+                        "NILFS warning: fail to count free inodes: err %d.\n",
+                        err);
+                if (err == -ERANGE) {
+                        /*
+                         * If nilfs_palloc_count_max_entries() returns
+                         * -ERANGE error code then we simply treat
+                         * curent inodes count as maximum possible and
+                         * zero as free inodes value.
+                         */
+                        nmaxinodes = atomic64_read(&root->inodes_count);
+                        nfreeinodes = 0;
+                        err = 0;
+                } else
+                        return err;
+        }
+
         buf->f_type = NILFS_SUPER_MAGIC;
         buf->f_bsize = sb->s_blocksize;
         buf->f_blocks = blocks - overhead;
         buf->f_bfree = nfreeblocks;
         buf->f_bavail = (buf->f_bfree >= nrsvblocks) ?
                 (buf->f_bfree - nrsvblocks) : 0;
-        buf->f_files = atomic_read(&root->inodes_count);
-        buf->f_ffree = 0; /* nilfs_count_free_inodes(sb); */
+        buf->f_files = nmaxinodes;
+        buf->f_ffree = nfreeinodes;
         buf->f_namelen = NILFS_NAME_LEN;
         buf->f_fsid.val[0] = (u32)id;
         buf->f_fsid.val[1] = (u32)(id >> 32);
diff --git a/fs/nilfs2/the_nilfs.c b/fs/nilfs2/the_nilfs.c
index 41e6a04a561f..94c451ce6d24 100644
--- a/fs/nilfs2/the_nilfs.c
+++ b/fs/nilfs2/the_nilfs.c
@@ -764,8 +764,8 @@ nilfs_find_or_create_root(struct the_nilfs *nilfs, __u64 cno)
         new->ifile = NULL;
         new->nilfs = nilfs;
         atomic_set(&new->count, 1);
-        atomic_set(&new->inodes_count, 0);
-        atomic_set(&new->blocks_count, 0);
+        atomic64_set(&new->inodes_count, 0);
+        atomic64_set(&new->blocks_count, 0);
 
         rb_link_node(&new->rb_node, parent, p);
         rb_insert_color(&new->rb_node, &nilfs->ns_cptree);
diff --git a/fs/nilfs2/the_nilfs.h b/fs/nilfs2/the_nilfs.h
index be1267a34cea..de8cc53b4a5c 100644
--- a/fs/nilfs2/the_nilfs.h
+++ b/fs/nilfs2/the_nilfs.h
@@ -241,8 +241,8 @@ struct nilfs_root {
         struct the_nilfs *nilfs;
         struct inode *ifile;
 
-        atomic_t inodes_count;
-        atomic_t blocks_count;
+        atomic64_t inodes_count;
+        atomic64_t blocks_count;
 };
 
 /* Special checkpoint number */
diff --git a/fs/ocfs2/alloc.c b/fs/ocfs2/alloc.c
index b8a9d87231b1..17e6bdde96c5 100644
--- a/fs/ocfs2/alloc.c
+++ b/fs/ocfs2/alloc.c
@@ -5655,7 +5655,7 @@ int ocfs2_remove_btree_range(struct inode *inode,
                                                &ref_tree, NULL);
                 if (ret) {
                         mlog_errno(ret);
-                        goto out;
+                        goto bail;
                 }
 
                 ret = ocfs2_prepare_refcount_change_for_del(inode,
@@ -5666,7 +5666,7 @@ int ocfs2_remove_btree_range(struct inode *inode,
                                                             &extra_blocks);
                 if (ret < 0) {
                         mlog_errno(ret);
-                        goto out;
+                        goto bail;
                 }
         }
 
@@ -5674,7 +5674,7 @@ int ocfs2_remove_btree_range(struct inode *inode,
                                                  extra_blocks);
         if (ret) {
                 mlog_errno(ret);
-                return ret;
+                goto bail;
         }
 
         mutex_lock(&tl_inode->i_mutex);
@@ -5734,7 +5734,7 @@ out_commit:
         ocfs2_commit_trans(osb, handle);
 out:
         mutex_unlock(&tl_inode->i_mutex);
-
+bail:
         if (meta_ac)
                 ocfs2_free_alloc_context(meta_ac);
 
diff --git a/fs/ocfs2/cluster/heartbeat.c b/fs/ocfs2/cluster/heartbeat.c
index 42252bf64b51..5c1c864e81cc 100644
--- a/fs/ocfs2/cluster/heartbeat.c
+++ b/fs/ocfs2/cluster/heartbeat.c
@@ -176,7 +176,7 @@ static void o2hb_dead_threshold_set(unsigned int threshold)
         }
 }
 
-static int o2hb_global_hearbeat_mode_set(unsigned int hb_mode)
+static int o2hb_global_heartbeat_mode_set(unsigned int hb_mode)
 {
         int ret = -1;
 
@@ -500,7 +500,7 @@ static int o2hb_issue_node_write(struct o2hb_region *reg,
         }
 
         atomic_inc(&write_wc->wc_num_reqs);
-        submit_bio(WRITE, bio);
+        submit_bio(WRITE_SYNC, bio);
 
         status = 0;
 bail:
@@ -2271,7 +2271,7 @@ ssize_t o2hb_heartbeat_group_mode_store(struct o2hb_heartbeat_group *group,
                 if (strnicmp(page, o2hb_heartbeat_mode_desc[i], len))
                         continue;
 
-                ret = o2hb_global_hearbeat_mode_set(i);
+                ret = o2hb_global_heartbeat_mode_set(i);
                 if (!ret)
                         printk(KERN_NOTICE "o2hb: Heartbeat mode set to %s\n",
                                o2hb_heartbeat_mode_desc[i]);
@@ -2304,7 +2304,7 @@ static struct configfs_attribute *o2hb_heartbeat_group_attrs[] = {
         NULL,
 };
 
-static struct configfs_item_operations o2hb_hearbeat_group_item_ops = {
+static struct configfs_item_operations o2hb_heartbeat_group_item_ops = {
         .show_attribute         = o2hb_heartbeat_group_show,
         .store_attribute        = o2hb_heartbeat_group_store,
 };
@@ -2316,7 +2316,7 @@ static struct configfs_group_operations o2hb_heartbeat_group_group_ops = {
 
 static struct config_item_type o2hb_heartbeat_group_type = {
         .ct_group_ops   = &o2hb_heartbeat_group_group_ops,
-        .ct_item_ops    = &o2hb_hearbeat_group_item_ops,
+        .ct_item_ops    = &o2hb_heartbeat_group_item_ops,
         .ct_attrs       = o2hb_heartbeat_group_attrs,
         .ct_owner       = THIS_MODULE,
 };
@@ -2389,6 +2389,9 @@ static int o2hb_region_pin(const char *region_uuid)
         assert_spin_locked(&o2hb_live_lock);
 
         list_for_each_entry(reg, &o2hb_all_regions, hr_all_item) {
+                if (reg->hr_item_dropped)
+                        continue;
+
                 uuid = config_item_name(&reg->hr_item);
 
                 /* local heartbeat */
@@ -2439,6 +2442,9 @@ static void o2hb_region_unpin(const char *region_uuid)
         assert_spin_locked(&o2hb_live_lock);
 
         list_for_each_entry(reg, &o2hb_all_regions, hr_all_item) {
+                if (reg->hr_item_dropped)
+                        continue;
+
                 uuid = config_item_name(&reg->hr_item);
                 if (region_uuid) {
                         if (strcmp(region_uuid, uuid))
@@ -2654,6 +2660,9 @@ int o2hb_get_all_regions(char *region_uuids, u8 max_regions)
 
         p = region_uuids;
         list_for_each_entry(reg, &o2hb_all_regions, hr_all_item) {
+                if (reg->hr_item_dropped)
+                        continue;
+
                 mlog(0, "Region: %s\n", config_item_name(&reg->hr_item));
                 if (numregs < max_regions) {
                         memcpy(p, config_item_name(&reg->hr_item),
diff --git a/fs/ocfs2/cluster/quorum.c b/fs/ocfs2/cluster/quorum.c
index c19897d0fe14..1ec141e758d7 100644
--- a/fs/ocfs2/cluster/quorum.c
+++ b/fs/ocfs2/cluster/quorum.c
@@ -264,7 +264,7 @@ void o2quo_hb_still_up(u8 node)
 /* This is analogous to hb_up.  as a node's connection comes up we delay the
  * quorum decision until we see it heartbeating.  the hold will be droped in
  * hb_up or hb_down.  it might be perpetuated by con_err until hb_down.  if
- * it's already heartbeating we we might be dropping a hold that conn_up got.
+ * it's already heartbeating we might be dropping a hold that conn_up got.
  * */
 void o2quo_conn_up(u8 node)
 {
diff --git a/fs/ocfs2/cluster/tcp.c b/fs/ocfs2/cluster/tcp.c
index aa88bd8bcedc..d644dc611425 100644
--- a/fs/ocfs2/cluster/tcp.c
+++ b/fs/ocfs2/cluster/tcp.c
@@ -406,6 +406,9 @@ static void sc_kref_release(struct kref *kref)
         sc->sc_node = NULL;
 
         o2net_debug_del_sc(sc);
+
+        if (sc->sc_page)
+                __free_page(sc->sc_page);
         kfree(sc);
 }
 
@@ -630,19 +633,19 @@ static void o2net_state_change(struct sock *sk)
         state_change = sc->sc_state_change;
 
         switch(sk->sk_state) {
-                /* ignore connecting sockets as they make progress */
-                case TCP_SYN_SENT:
-                case TCP_SYN_RECV:
-                        break;
-                case TCP_ESTABLISHED:
-                        o2net_sc_queue_work(sc, &sc->sc_connect_work);
-                        break;
-                default:
-                        printk(KERN_INFO "o2net: Connection to " SC_NODEF_FMT
-                              " shutdown, state %d\n",
-                              SC_NODEF_ARGS(sc), sk->sk_state);
-                        o2net_sc_queue_work(sc, &sc->sc_shutdown_work);
-                        break;
+        /* ignore connecting sockets as they make progress */
+        case TCP_SYN_SENT:
+        case TCP_SYN_RECV:
+                break;
+        case TCP_ESTABLISHED:
+                o2net_sc_queue_work(sc, &sc->sc_connect_work);
+                break;
+        default:
+                printk(KERN_INFO "o2net: Connection to " SC_NODEF_FMT
+                        " shutdown, state %d\n",
+                        SC_NODEF_ARGS(sc), sk->sk_state);
+                o2net_sc_queue_work(sc, &sc->sc_shutdown_work);
+                break;
         }
 out:
         read_unlock(&sk->sk_callback_lock);
diff --git a/fs/ocfs2/dlm/dlmlock.c b/fs/ocfs2/dlm/dlmlock.c
index 975810b98492..47e67c2d228f 100644
--- a/fs/ocfs2/dlm/dlmlock.c
+++ b/fs/ocfs2/dlm/dlmlock.c
@@ -178,6 +178,7 @@ static enum dlm_status dlmlock_master(struct dlm_ctxt *dlm,
                                      lock->ml.node);
                         }
                 } else {
+                        status = DLM_NORMAL;
                         dlm_lock_get(lock);
                         list_add_tail(&lock->list, &res->blocked);
                         kick_thread = 1;
diff --git a/fs/ocfs2/dlm/dlmrecovery.c b/fs/ocfs2/dlm/dlmrecovery.c
index e68588e6b1e8..773bd32bfd8c 100644
--- a/fs/ocfs2/dlm/dlmrecovery.c
+++ b/fs/ocfs2/dlm/dlmrecovery.c
@@ -55,9 +55,6 @@
 static void dlm_do_local_recovery_cleanup(struct dlm_ctxt *dlm, u8 dead_node);
 
 static int dlm_recovery_thread(void *data);
-void dlm_complete_recovery_thread(struct dlm_ctxt *dlm);
-int dlm_launch_recovery_thread(struct dlm_ctxt *dlm);
-void dlm_kick_recovery_thread(struct dlm_ctxt *dlm);
 static int dlm_do_recovery(struct dlm_ctxt *dlm);
 
 static int dlm_pick_recovery_master(struct dlm_ctxt *dlm);
@@ -789,7 +786,7 @@ static int dlm_request_all_locks(struct dlm_ctxt *dlm, u8 request_from,
                                  u8 dead_node)
 {
         struct dlm_lock_request lr;
-        enum dlm_status ret;
+        int ret;
 
         mlog(0, "\n");
 
@@ -802,7 +799,6 @@ static int dlm_request_all_locks(struct dlm_ctxt *dlm, u8 request_from,
         lr.dead_node = dead_node;
 
         // send message
-        ret = DLM_NOLOCKMGR;
         ret = o2net_send_message(DLM_LOCK_REQUEST_MSG, dlm->key,
                                  &lr, sizeof(lr), request_from, NULL);
 
@@ -2696,6 +2692,7 @@ int dlm_begin_reco_handler(struct o2net_msg *msg, u32 len, void *data,
                      dlm->name, br->node_idx, br->dead_node,
                      dlm->reco.dead_node, dlm->reco.new_master);
                 spin_unlock(&dlm->spinlock);
+                dlm_put(dlm);
                 return -EAGAIN;
         }
         spin_unlock(&dlm->spinlock);
diff --git a/fs/ocfs2/journal.h b/fs/ocfs2/journal.h
index a3385b63ff5e..96f9ac237e86 100644
--- a/fs/ocfs2/journal.h
+++ b/fs/ocfs2/journal.h
@@ -200,7 +200,6 @@ void ocfs2_complete_quota_recovery(struct ocfs2_super *osb);
 
 static inline void ocfs2_start_checkpoint(struct ocfs2_super *osb)
 {
-        atomic_set(&osb->needs_checkpoint, 1);
         wake_up(&osb->checkpoint_event);
 }
 
@@ -538,7 +537,7 @@ static inline int ocfs2_calc_extend_credits(struct super_block *sb,
         extent_blocks = 1 + 1 + le16_to_cpu(root_el->l_tree_depth);
 
         return bitmap_blocks + sysfile_bitmap_blocks + extent_blocks +
-               ocfs2_quota_trans_credits(sb);
+               ocfs2_quota_trans_credits(sb) + bits_wanted;
 }
 
 static inline int ocfs2_calc_symlink_credits(struct super_block *sb)
diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c
index b4a5cdf9dbc5..be3f8676a438 100644
--- a/fs/ocfs2/namei.c
+++ b/fs/ocfs2/namei.c
@@ -522,7 +522,7 @@ static int __ocfs2_mknod_locked(struct inode *dir,
 
         fe->i_last_eb_blk = 0;
         strcpy(fe->i_signature, OCFS2_INODE_SIGNATURE);
-        le32_add_cpu(&fe->i_flags, OCFS2_VALID_FL);
+        fe->i_flags |= cpu_to_le32(OCFS2_VALID_FL);
         fe->i_atime = fe->i_ctime = fe->i_mtime =
                 cpu_to_le64(CURRENT_TIME.tv_sec);
         fe->i_mtime_nsec = fe->i_ctime_nsec = fe->i_atime_nsec =
@@ -773,7 +773,7 @@ static int ocfs2_remote_dentry_delete(struct dentry *dentry)
         return ret;
 }
 
-static inline int inode_is_unlinkable(struct inode *inode)
+static inline int ocfs2_inode_is_unlinkable(struct inode *inode)
 {
         if (S_ISDIR(inode->i_mode)) {
                 if (inode->i_nlink == 2)
@@ -791,6 +791,7 @@ static int ocfs2_unlink(struct inode *dir,
 {
         int status;
         int child_locked = 0;
+        bool is_unlinkable = false;
         struct inode *inode = dentry->d_inode;
         struct inode *orphan_dir = NULL;
         struct ocfs2_super *osb = OCFS2_SB(dir->i_sb);
@@ -865,7 +866,7 @@ static int ocfs2_unlink(struct inode *dir,
                 goto leave;
         }
 
-        if (inode_is_unlinkable(inode)) {
+        if (ocfs2_inode_is_unlinkable(inode)) {
                 status = ocfs2_prepare_orphan_dir(osb, &orphan_dir,
                                                   OCFS2_I(inode)->ip_blkno,
                                                   orphan_name, &orphan_insert);
@@ -873,6 +874,7 @@ static int ocfs2_unlink(struct inode *dir,
                         mlog_errno(status);
                         goto leave;
                 }
+                is_unlinkable = true;
         }
 
         handle = ocfs2_start_trans(osb, ocfs2_unlink_credits(osb->sb));
@@ -892,15 +894,6 @@ static int ocfs2_unlink(struct inode *dir,
 
         fe = (struct ocfs2_dinode *) fe_bh->b_data;
 
-        if (inode_is_unlinkable(inode)) {
-                status = ocfs2_orphan_add(osb, handle, inode, fe_bh, orphan_name,
-                                          &orphan_insert, orphan_dir);
-                if (status < 0) {
-                        mlog_errno(status);
-                        goto leave;
-                }
-        }
-
         /* delete the name from the parent dir */
         status = ocfs2_delete_entry(handle, dir, &lookup);
         if (status < 0) {
@@ -923,6 +916,14 @@ static int ocfs2_unlink(struct inode *dir,
                 mlog_errno(status);
                 if (S_ISDIR(inode->i_mode))
                         inc_nlink(dir);
+                goto leave;
+        }
+
+        if (is_unlinkable) {
+                status = ocfs2_orphan_add(osb, handle, inode, fe_bh,
+                                orphan_name, &orphan_insert, orphan_dir);
+                if (status < 0)
+                        mlog_errno(status);
         }
 
 leave:
@@ -2012,6 +2013,21 @@ static int ocfs2_orphan_add(struct ocfs2_super *osb,
                 goto leave;
         }
 
+        /*
+         * We're going to journal the change of i_flags and i_orphaned_slot.
+         * It's safe anyway, though some callers may duplicate the journaling.
+         * Journaling within the func just make the logic look more
+         * straightforward.
+         */
+        status = ocfs2_journal_access_di(handle,
+                                         INODE_CACHE(inode),
+                                         fe_bh,
+                                         OCFS2_JOURNAL_ACCESS_WRITE);
+        if (status < 0) {
+                mlog_errno(status);
+                goto leave;
+        }
+
         /* we're a cluster, and nlink can change on disk from
          * underneath us... */
         orphan_fe = (struct ocfs2_dinode *) orphan_dir_bh->b_data;
@@ -2026,25 +2042,10 @@ static int ocfs2_orphan_add(struct ocfs2_super *osb,
                                    orphan_dir_bh, lookup);
         if (status < 0) {
                 mlog_errno(status);
-                goto leave;
-        }
-
-        /*
-         * We're going to journal the change of i_flags and i_orphaned_slot.
-         * It's safe anyway, though some callers may duplicate the journaling.
-         * Journaling within the func just make the logic look more
-         * straightforward.
-         */
-        status = ocfs2_journal_access_di(handle,
-                                         INODE_CACHE(inode),
-                                         fe_bh,
-                                         OCFS2_JOURNAL_ACCESS_WRITE);
-        if (status < 0) {
-                mlog_errno(status);
-                goto leave;
+                goto rollback;
         }
 
-        le32_add_cpu(&fe->i_flags, OCFS2_ORPHANED_FL);
+        fe->i_flags |= cpu_to_le32(OCFS2_ORPHANED_FL);
         OCFS2_I(inode)->ip_flags &= ~OCFS2_INODE_SKIP_ORPHAN_DIR;
 
         /* Record which orphan dir our inode now resides
@@ -2057,11 +2058,16 @@ static int ocfs2_orphan_add(struct ocfs2_super *osb,
         trace_ocfs2_orphan_add_end((unsigned long long)OCFS2_I(inode)->ip_blkno,
                                    osb->slot_num);
 
+rollback:
+        if (status < 0) {
+                if (S_ISDIR(inode->i_mode))
+                        ocfs2_add_links_count(orphan_fe, -1);
+                set_nlink(orphan_dir_inode, ocfs2_read_links_count(orphan_fe));
+        }
+
 leave:
         brelse(orphan_dir_bh);
 
-        if (status)
-                mlog_errno(status);
         return status;
 }
 
@@ -2434,7 +2440,7 @@ int ocfs2_mv_orphaned_inode_to_new(struct inode *dir,
         }
 
         di = (struct ocfs2_dinode *)di_bh->b_data;
-        le32_add_cpu(&di->i_flags, -OCFS2_ORPHANED_FL);
+        di->i_flags &= ~cpu_to_le32(OCFS2_ORPHANED_FL);
         di->i_orphaned_slot = 0;
         set_nlink(inode, 1);
         ocfs2_set_links_count(di, inode->i_nlink);
diff --git a/fs/ocfs2/ocfs2.h b/fs/ocfs2/ocfs2.h
index d355e6e36b36..3a903470c794 100644
--- a/fs/ocfs2/ocfs2.h
+++ b/fs/ocfs2/ocfs2.h
@@ -347,7 +347,6 @@ struct ocfs2_super
         struct task_struct *recovery_thread_task;
         int disable_recovery;
         wait_queue_head_t checkpoint_event;
-        atomic_t needs_checkpoint;
         struct ocfs2_journal *journal;
         unsigned long osb_commit_interval;
 
diff --git a/fs/ocfs2/suballoc.c b/fs/ocfs2/suballoc.c
index b7e74b580c0f..5397c07ce608 100644
--- a/fs/ocfs2/suballoc.c
+++ b/fs/ocfs2/suballoc.c
@@ -1422,7 +1422,7 @@ static int ocfs2_relink_block_group(handle_t *handle,
         int status;
         /* there is a really tiny chance the journal calls could fail,
          * but we wouldn't want inconsistent blocks in *any* case. */
-        u64 fe_ptr, bg_ptr, prev_bg_ptr;
+        u64 bg_ptr, prev_bg_ptr;
         struct ocfs2_dinode *fe = (struct ocfs2_dinode *) fe_bh->b_data;
         struct ocfs2_group_desc *bg = (struct ocfs2_group_desc *) bg_bh->b_data;
         struct ocfs2_group_desc *prev_bg = (struct ocfs2_group_desc *) prev_bg_bh->b_data;
@@ -1437,51 +1437,44 @@ static int ocfs2_relink_block_group(handle_t *handle,
                 (unsigned long long)le64_to_cpu(bg->bg_blkno),
                 (unsigned long long)le64_to_cpu(prev_bg->bg_blkno));
 
-        fe_ptr = le64_to_cpu(fe->id2.i_chain.cl_recs[chain].c_blkno);
         bg_ptr = le64_to_cpu(bg->bg_next_group);
         prev_bg_ptr = le64_to_cpu(prev_bg->bg_next_group);
 
         status = ocfs2_journal_access_gd(handle, INODE_CACHE(alloc_inode),
                                          prev_bg_bh,
                                          OCFS2_JOURNAL_ACCESS_WRITE);
-        if (status < 0) {
-                mlog_errno(status);
-                goto out_rollback;
-        }
+        if (status < 0)
+                goto out;
 
         prev_bg->bg_next_group = bg->bg_next_group;
         ocfs2_journal_dirty(handle, prev_bg_bh);
 
         status = ocfs2_journal_access_gd(handle, INODE_CACHE(alloc_inode),
                                          bg_bh, OCFS2_JOURNAL_ACCESS_WRITE);
-        if (status < 0) {
-                mlog_errno(status);
-                goto out_rollback;
-        }
+        if (status < 0)
+                goto out_rollback_prev_bg;
 
         bg->bg_next_group = fe->id2.i_chain.cl_recs[chain].c_blkno;
         ocfs2_journal_dirty(handle, bg_bh);
 
         status = ocfs2_journal_access_di(handle, INODE_CACHE(alloc_inode),
                                          fe_bh, OCFS2_JOURNAL_ACCESS_WRITE);
-        if (status < 0) {
-                mlog_errno(status);
-                goto out_rollback;
-        }
+        if (status < 0)
+                goto out_rollback_bg;
 
         fe->id2.i_chain.cl_recs[chain].c_blkno = bg->bg_blkno;
         ocfs2_journal_dirty(handle, fe_bh);
 
-out_rollback:
-        if (status < 0) {
-                fe->id2.i_chain.cl_recs[chain].c_blkno = cpu_to_le64(fe_ptr);
-                bg->bg_next_group = cpu_to_le64(bg_ptr);
-                prev_bg->bg_next_group = cpu_to_le64(prev_bg_ptr);
-        }
-
-        if (status)
+out:
+        if (status < 0)
                 mlog_errno(status);
         return status;
+
+out_rollback_bg:
+        bg->bg_next_group = cpu_to_le64(bg_ptr);
+out_rollback_prev_bg:
+        prev_bg->bg_next_group = cpu_to_le64(prev_bg_ptr);
+        goto out;
 }
 
 static inline int ocfs2_block_group_reasonably_empty(struct ocfs2_group_desc *bg,
diff --git a/fs/ocfs2/super.c b/fs/ocfs2/super.c
index 01b85165552b..854d80955bf8 100644
--- a/fs/ocfs2/super.c
+++ b/fs/ocfs2/super.c
@@ -286,10 +286,9 @@ static int ocfs2_osb_dump(struct ocfs2_super *osb, char *buf, int len)
         spin_unlock(&osb->osb_lock);
 
         out += snprintf(buf + out, len - out,
-                        "%10s => Pid: %d  Interval: %lu  Needs: %d\n", "Commit",
+                        "%10s => Pid: %d  Interval: %lu\n", "Commit",
                         (osb->commit_task ? task_pid_nr(osb->commit_task) : -1),
-                        osb->osb_commit_interval,
-                        atomic_read(&osb->needs_checkpoint));
+                        osb->osb_commit_interval);
 
         out += snprintf(buf + out, len - out,
                         "%10s => State: %d  TxnId: %lu  NumTxns: %d\n",
@@ -2154,7 +2153,6 @@ static int ocfs2_initialize_super(struct super_block *sb,
         }
 
         init_waitqueue_head(&osb->checkpoint_event);
-        atomic_set(&osb->needs_checkpoint, 0);
 
         osb->s_atime_quantum = OCFS2_DEFAULT_ATIME_QUANTUM;
 
diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c
index 2e3ea308c144..317ef0abccbb 100644
--- a/fs/ocfs2/xattr.c
+++ b/fs/ocfs2/xattr.c
@@ -2751,7 +2751,6 @@ static int ocfs2_xattr_ibody_set(struct inode *inode,
 {
         int ret;
         struct ocfs2_inode_info *oi = OCFS2_I(inode);
-        struct ocfs2_dinode *di = (struct ocfs2_dinode *)xs->inode_bh->b_data;
         struct ocfs2_xa_loc loc;
 
         if (inode->i_sb->s_blocksize == OCFS2_MIN_BLOCKSIZE)
@@ -2759,13 +2758,6 @@ static int ocfs2_xattr_ibody_set(struct inode *inode,
 
         down_write(&oi->ip_alloc_sem);
         if (!(oi->ip_dyn_features & OCFS2_INLINE_XATTR_FL)) {
-                if (!ocfs2_xattr_has_space_inline(inode, di)) {
-                        ret = -ENOSPC;
-                        goto out;
-                }
-        }
-
-        if (!(oi->ip_dyn_features & OCFS2_INLINE_XATTR_FL)) {
                 ret = ocfs2_xattr_ibody_init(inode, xs->inode_bh, ctxt);
                 if (ret) {
                         if (ret != -ENOSPC)
@@ -6499,6 +6491,16 @@ static int ocfs2_reflink_xattr_inline(struct ocfs2_xattr_reflink *args)
         }
 
         new_oi = OCFS2_I(args->new_inode);
+        /*
+         * Adjust extent record count to reserve space for extended attribute.
+         * Inline data count had been adjusted in ocfs2_duplicate_inline_data().
+         */
+        if (!(new_oi->ip_dyn_features & OCFS2_INLINE_DATA_FL) &&
+            !(ocfs2_inode_is_fast_symlink(args->new_inode))) {
+                struct ocfs2_extent_list *el = &new_di->id2.i_list;
+                le16_add_cpu(&el->l_count, -(inline_size /
+                                        sizeof(struct ocfs2_extent_rec)));
+        }
         spin_lock(&new_oi->ip_lock);
         new_oi->ip_dyn_features |= OCFS2_HAS_XATTR_FL | OCFS2_INLINE_XATTR_FL;
         new_di->i_dyn_features = cpu_to_le16(new_oi->ip_dyn_features);
diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c
index 0a22194e5d58..06ea155e1a59 100644
--- a/fs/proc/kcore.c
+++ b/fs/proc/kcore.c
@@ -408,7 +408,7 @@ static void elf_kcore_store_hdr(char *bufp, int nphdr, int dataoff)
         prpsinfo.pr_zomb        = 0;
 
         strcpy(prpsinfo.pr_fname, "vmlinux");
-        strncpy(prpsinfo.pr_psargs, saved_command_line, ELF_PRARGSZ);
+        strlcpy(prpsinfo.pr_psargs, saved_command_line, sizeof(prpsinfo.pr_psargs));
 
         nhdr->p_filesz  += notesize(&notes[1]);
         bufp = storenote(&notes[1], bufp);
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index 3e636d864d56..dbf61f6174f0 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -11,6 +11,7 @@
 #include <linux/rmap.h>
 #include <linux/swap.h>
 #include <linux/swapops.h>
+#include <linux/mmu_notifier.h>
 
 #include <asm/elf.h>
 #include <asm/uaccess.h>
@@ -688,10 +689,58 @@ const struct file_operations proc_tid_smaps_operations = {
         .release        = seq_release_private,
 };
 
+/*
+ * We do not want to have constant page-shift bits sitting in
+ * pagemap entries and are about to reuse them some time soon.
+ *
+ * Here's the "migration strategy":
+ * 1. when the system boots these bits remain what they are,
+ *    but a warning about future change is printed in log;
+ * 2. once anyone clears soft-dirty bits via clear_refs file,
+ *    these flag is set to denote, that user is aware of the
+ *    new API and those page-shift bits change their meaning.
+ *    The respective warning is printed in dmesg;
+ * 3. In a couple of releases we will remove all the mentions
+ *    of page-shift in pagemap entries.
+ */
+
+static bool soft_dirty_cleared __read_mostly;
+
+enum clear_refs_types {
+        CLEAR_REFS_ALL = 1,
+        CLEAR_REFS_ANON,
+        CLEAR_REFS_MAPPED,
+        CLEAR_REFS_SOFT_DIRTY,
+        CLEAR_REFS_LAST,
+};
+
+struct clear_refs_private {
+        struct vm_area_struct *vma;
+        enum clear_refs_types type;
+};
+
+static inline void clear_soft_dirty(struct vm_area_struct *vma,
+                unsigned long addr, pte_t *pte)
+{
+#ifdef CONFIG_MEM_SOFT_DIRTY
+        /*
+         * The soft-dirty tracker uses #PF-s to catch writes
+         * to pages, so write-protect the pte as well. See the
+         * Documentation/vm/soft-dirty.txt for full description
+         * of how soft-dirty works.
+         */
+        pte_t ptent = *pte;
+        ptent = pte_wrprotect(ptent);
+        ptent = pte_clear_flags(ptent, _PAGE_SOFT_DIRTY);
+        set_pte_at(vma->vm_mm, addr, pte, ptent);
+#endif
+}
+
 static int clear_refs_pte_range(pmd_t *pmd, unsigned long addr,
                                 unsigned long end, struct mm_walk *walk)
 {
-        struct vm_area_struct *vma = walk->private;
+        struct clear_refs_private *cp = walk->private;
+        struct vm_area_struct *vma = cp->vma;
         pte_t *pte, ptent;
         spinlock_t *ptl;
         struct page *page;
@@ -706,6 +755,11 @@ static int clear_refs_pte_range(pmd_t *pmd, unsigned long addr,
                 if (!pte_present(ptent))
                         continue;
 
+                if (cp->type == CLEAR_REFS_SOFT_DIRTY) {
+                        clear_soft_dirty(vma, addr, pte);
+                        continue;
+                }
+
                 page = vm_normal_page(vma, addr, ptent);
                 if (!page)
                         continue;
@@ -719,10 +773,6 @@ static int clear_refs_pte_range(pmd_t *pmd, unsigned long addr,
         return 0;
 }
 
-#define CLEAR_REFS_ALL 1
-#define CLEAR_REFS_ANON 2
-#define CLEAR_REFS_MAPPED 3
-
 static ssize_t clear_refs_write(struct file *file, const char __user *buf,
                                 size_t count, loff_t *ppos)
 {
@@ -730,7 +780,8 @@ static ssize_t clear_refs_write(struct file *file, const char __user *buf,
         char buffer[PROC_NUMBUF];
         struct mm_struct *mm;
         struct vm_area_struct *vma;
-        int type;
+        enum clear_refs_types type;
+        int itype;
         int rv;
 
         memset(buffer, 0, sizeof(buffer));
@@ -738,23 +789,37 @@ static ssize_t clear_refs_write(struct file *file, const char __user *buf,
                 count = sizeof(buffer) - 1;
         if (copy_from_user(buffer, buf, count))
                 return -EFAULT;
-        rv = kstrtoint(strstrip(buffer), 10, &type);
+        rv = kstrtoint(strstrip(buffer), 10, &itype);
         if (rv < 0)
                 return rv;
-        if (type < CLEAR_REFS_ALL || type > CLEAR_REFS_MAPPED)
+        type = (enum clear_refs_types)itype;
+        if (type < CLEAR_REFS_ALL || type >= CLEAR_REFS_LAST)
                 return -EINVAL;
+
+        if (type == CLEAR_REFS_SOFT_DIRTY) {
+                soft_dirty_cleared = true;
+                pr_warn_once("The pagemap bits 55-60 has changed their meaning! "
+                                "See the linux/Documentation/vm/pagemap.txt for details.\n");
+        }
+
         task = get_proc_task(file_inode(file));
         if (!task)
                 return -ESRCH;
         mm = get_task_mm(task);
         if (mm) {
+                struct clear_refs_private cp = {
+                        .type = type,
+                };
                 struct mm_walk clear_refs_walk = {
                         .pmd_entry = clear_refs_pte_range,
                         .mm = mm,
+                        .private = &cp,
                 };
                 down_read(&mm->mmap_sem);
+                if (type == CLEAR_REFS_SOFT_DIRTY)
+                        mmu_notifier_invalidate_range_start(mm, 0, -1);
                 for (vma = mm->mmap; vma; vma = vma->vm_next) {
-                        clear_refs_walk.private = vma;
+                        cp.vma = vma;
                         if (is_vm_hugetlb_page(vma))
                                 continue;
                         /*
@@ -773,6 +838,8 @@ static ssize_t clear_refs_write(struct file *file, const char __user *buf,
                         walk_page_range(vma->vm_start, vma->vm_end,
                                         &clear_refs_walk);
                 }
+                if (type == CLEAR_REFS_SOFT_DIRTY)
+                        mmu_notifier_invalidate_range_end(mm, 0, -1);
                 flush_tlb_mm(mm);
                 up_read(&mm->mmap_sem);
                 mmput(mm);
@@ -794,6 +861,7 @@ typedef struct {
 struct pagemapread {
         int pos, len;
         pagemap_entry_t *buffer;
+        bool v2;
 };
 
 #define PAGEMAP_WALK_SIZE       (PMD_SIZE)
@@ -807,14 +875,17 @@ struct pagemapread {
 #define PM_PSHIFT_BITS      6
 #define PM_PSHIFT_OFFSET    (PM_STATUS_OFFSET - PM_PSHIFT_BITS)
 #define PM_PSHIFT_MASK      (((1LL << PM_PSHIFT_BITS) - 1) << PM_PSHIFT_OFFSET)
-#define PM_PSHIFT(x)        (((u64) (x) << PM_PSHIFT_OFFSET) & PM_PSHIFT_MASK)
+#define __PM_PSHIFT(x)      (((u64) (x) << PM_PSHIFT_OFFSET) & PM_PSHIFT_MASK)
 #define PM_PFRAME_MASK      ((1LL << PM_PSHIFT_OFFSET) - 1)
 #define PM_PFRAME(x)        ((x) & PM_PFRAME_MASK)
+/* in "new" pagemap pshift bits are occupied with more status bits */
+#define PM_STATUS2(v2, x)   (__PM_PSHIFT(v2 ? x : PAGE_SHIFT))
 
+#define __PM_SOFT_DIRTY      (1LL)
 #define PM_PRESENT          PM_STATUS(4LL)
 #define PM_SWAP             PM_STATUS(2LL)
 #define PM_FILE             PM_STATUS(1LL)
-#define PM_NOT_PRESENT      PM_PSHIFT(PAGE_SHIFT)
+#define PM_NOT_PRESENT(v2)  PM_STATUS2(v2, 0)
 #define PM_END_OF_BUFFER    1
 
 static inline pagemap_entry_t make_pme(u64 val)
@@ -837,7 +908,7 @@ static int pagemap_pte_hole(unsigned long start, unsigned long end,
         struct pagemapread *pm = walk->private;
         unsigned long addr;
         int err = 0;
-        pagemap_entry_t pme = make_pme(PM_NOT_PRESENT);
+        pagemap_entry_t pme = make_pme(PM_NOT_PRESENT(pm->v2));
 
         for (addr = start; addr < end; addr += PAGE_SIZE) {
                 err = add_to_pagemap(addr, &pme, pm);
@@ -847,11 +918,12 @@ static int pagemap_pte_hole(unsigned long start, unsigned long end,
         return err;
 }
 
-static void pte_to_pagemap_entry(pagemap_entry_t *pme,
+static void pte_to_pagemap_entry(pagemap_entry_t *pme, struct pagemapread *pm,
                 struct vm_area_struct *vma, unsigned long addr, pte_t pte)
 {
         u64 frame, flags;
         struct page *page = NULL;
+        int flags2 = 0;
 
         if (pte_present(pte)) {
                 frame = pte_pfn(pte);
@@ -866,19 +938,21 @@ static void pte_to_pagemap_entry(pagemap_entry_t *pme,
                 if (is_migration_entry(entry))
                         page = migration_entry_to_page(entry);
         } else {
-                *pme = make_pme(PM_NOT_PRESENT);
+                *pme = make_pme(PM_NOT_PRESENT(pm->v2));
                 return;
         }
 
         if (page && !PageAnon(page))
                 flags |= PM_FILE;
+        if (pte_soft_dirty(pte))
+                flags2 |= __PM_SOFT_DIRTY;
 
-        *pme = make_pme(PM_PFRAME(frame) | PM_PSHIFT(PAGE_SHIFT) | flags);
+        *pme = make_pme(PM_PFRAME(frame) | PM_STATUS2(pm->v2, flags2) | flags);
 }
 
 #ifdef CONFIG_TRANSPARENT_HUGEPAGE
-static void thp_pmd_to_pagemap_entry(pagemap_entry_t *pme,
-                                        pmd_t pmd, int offset)
+static void thp_pmd_to_pagemap_entry(pagemap_entry_t *pme, struct pagemapread *pm,
+                pmd_t pmd, int offset, int pmd_flags2)
 {
         /*
          * Currently pmd for thp is always present because thp can not be
@@ -887,13 +961,13 @@ static void thp_pmd_to_pagemap_entry(pagemap_entry_t *pme,
          */
         if (pmd_present(pmd))
                 *pme = make_pme(PM_PFRAME(pmd_pfn(pmd) + offset)
-                                | PM_PSHIFT(PAGE_SHIFT) | PM_PRESENT);
+                                | PM_STATUS2(pm->v2, pmd_flags2) | PM_PRESENT);
         else
-                *pme = make_pme(PM_NOT_PRESENT);
+                *pme = make_pme(PM_NOT_PRESENT(pm->v2));
 }
 #else
-static inline void thp_pmd_to_pagemap_entry(pagemap_entry_t *pme,
-                                                pmd_t pmd, int offset)
+static inline void thp_pmd_to_pagemap_entry(pagemap_entry_t *pme, struct pagemapread *pm,
+                pmd_t pmd, int offset, int pmd_flags2)
 {
 }
 #endif
@@ -905,17 +979,20 @@ static int pagemap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end,
         struct pagemapread *pm = walk->private;
         pte_t *pte;
         int err = 0;
-        pagemap_entry_t pme = make_pme(PM_NOT_PRESENT);
+        pagemap_entry_t pme = make_pme(PM_NOT_PRESENT(pm->v2));
 
         /* find the first VMA at or above 'addr' */
         vma = find_vma(walk->mm, addr);
         if (vma && pmd_trans_huge_lock(pmd, vma) == 1) {
+                int pmd_flags2;
+
+                pmd_flags2 = (pmd_soft_dirty(*pmd) ? __PM_SOFT_DIRTY : 0);
                 for (; addr != end; addr += PAGE_SIZE) {
                         unsigned long offset;
 
                         offset = (addr & ~PAGEMAP_WALK_MASK) >>
                                         PAGE_SHIFT;
-                        thp_pmd_to_pagemap_entry(&pme, *pmd, offset);
+                        thp_pmd_to_pagemap_entry(&pme, pm, *pmd, offset, pmd_flags2);
                         err = add_to_pagemap(addr, &pme, pm);
                         if (err)
                                 break;
@@ -932,7 +1009,7 @@ static int pagemap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end,
                  * and need a new, higher one */
                 if (vma && (addr >= vma->vm_end)) {
                         vma = find_vma(walk->mm, addr);
-                        pme = make_pme(PM_NOT_PRESENT);
+                        pme = make_pme(PM_NOT_PRESENT(pm->v2));
                 }
 
                 /* check that 'vma' actually covers this address,
@@ -940,7 +1017,7 @@ static int pagemap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end,
                 if (vma && (vma->vm_start <= addr) &&
                     !is_vm_hugetlb_page(vma)) {
                         pte = pte_offset_map(pmd, addr);
-                        pte_to_pagemap_entry(&pme, vma, addr, *pte);
+                        pte_to_pagemap_entry(&pme, pm, vma, addr, *pte);
                         /* unmap before userspace copy */
                         pte_unmap(pte);
                 }
@@ -955,14 +1032,14 @@ static int pagemap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end,
 }
 
 #ifdef CONFIG_HUGETLB_PAGE
-static void huge_pte_to_pagemap_entry(pagemap_entry_t *pme,
+static void huge_pte_to_pagemap_entry(pagemap_entry_t *pme, struct pagemapread *pm,
                                         pte_t pte, int offset)
 {
         if (pte_present(pte))
                 *pme = make_pme(PM_PFRAME(pte_pfn(pte) + offset)
-                                | PM_PSHIFT(PAGE_SHIFT) | PM_PRESENT);
+                                | PM_STATUS2(pm->v2, 0) | PM_PRESENT);
         else
-                *pme = make_pme(PM_NOT_PRESENT);
+                *pme = make_pme(PM_NOT_PRESENT(pm->v2));
 }
 
 /* This function walks within one hugetlb entry in the single call */
@@ -976,7 +1053,7 @@ static int pagemap_hugetlb_range(pte_t *pte, unsigned long hmask,
 
         for (; addr != end; addr += PAGE_SIZE) {
                 int offset = (addr & ~hmask) >> PAGE_SHIFT;
-                huge_pte_to_pagemap_entry(&pme, *pte, offset);
+                huge_pte_to_pagemap_entry(&pme, pm, *pte, offset);
                 err = add_to_pagemap(addr, &pme, pm);
                 if (err)
                         return err;
@@ -1038,6 +1115,7 @@ static ssize_t pagemap_read(struct file *file, char __user *buf,
         if (!count)
                 goto out_task;
 
+        pm.v2 = soft_dirty_cleared;
         pm.len = PM_ENTRY_BYTES * (PAGEMAP_WALK_SIZE >> PAGE_SHIFT);
         pm.buffer = kmalloc(pm.len, GFP_TEMPORARY);
         ret = -ENOMEM;
@@ -1110,9 +1188,18 @@ out:
         return ret;
 }
 
+static int pagemap_open(struct inode *inode, struct file *file)
+{
+        pr_warn_once("Bits 55-60 of /proc/PID/pagemap entries are about "
+                        "to stop being page-shift some time soon. See the "
+                        "linux/Documentation/vm/pagemap.txt for details.\n");
+        return 0;
+}
+
 const struct file_operations proc_pagemap_operations = {
         .llseek         = mem_lseek, /* borrow this */
         .read           = pagemap_read,
+        .open           = pagemap_open,
 };
 #endif /* CONFIG_PROC_PAGE_MONITOR */
 
diff --git a/fs/proc/uptime.c b/fs/proc/uptime.c
index 9610ac772d7e..061894625903 100644
--- a/fs/proc/uptime.c
+++ b/fs/proc/uptime.c
@@ -20,8 +20,7 @@ static int uptime_proc_show(struct seq_file *m, void *v)
         for_each_possible_cpu(i)
                 idletime += (__force u64) kcpustat_cpu(i).cpustat[CPUTIME_IDLE];
 
-        do_posix_clock_monotonic_gettime(&uptime);
-        monotonic_to_bootbased(&uptime);
+        get_monotonic_boottime(&uptime);
         nsec = cputime64_to_jiffies64(idletime) * TICK_NSEC;
         idle.tv_sec = div_u64_rem(nsec, NSEC_PER_SEC, &rem);
         idle.tv_nsec = rem;
diff --git a/fs/proc/vmcore.c b/fs/proc/vmcore.c
index 17f7e080d7ff..28503172f2e4 100644
--- a/fs/proc/vmcore.c
+++ b/fs/proc/vmcore.c
@@ -20,6 +20,7 @@
 #include <linux/init.h>
 #include <linux/crash_dump.h>
 #include <linux/list.h>
+#include <linux/vmalloc.h>
 #include <asm/uaccess.h>
 #include <asm/io.h>
 #include "internal.h"
@@ -32,6 +33,10 @@ static LIST_HEAD(vmcore_list);
 /* Stores the pointer to the buffer containing kernel elf core headers. */
 static char *elfcorebuf;
 static size_t elfcorebuf_sz;
+static size_t elfcorebuf_sz_orig;
+
+static char *elfnotes_buf;
+static size_t elfnotes_sz;
 
 /* Total size of vmcore file. */
 static u64 vmcore_size;
@@ -118,27 +123,6 @@ static ssize_t read_from_oldmem(char *buf, size_t count,
         return read;
 }
 
-/* Maps vmcore file offset to respective physical address in memroy. */
-static u64 map_offset_to_paddr(loff_t offset, struct list_head *vc_list,
-                                        struct vmcore **m_ptr)
-{
-        struct vmcore *m;
-        u64 paddr;
-
-        list_for_each_entry(m, vc_list, list) {
-                u64 start, end;
-                start = m->offset;
-                end = m->offset + m->size - 1;
-                if (offset >= start && offset <= end) {
-                        paddr = m->paddr + offset - start;
-                        *m_ptr = m;
-                        return paddr;
-                }
-        }
-        *m_ptr = NULL;
-        return 0;
-}
-
 /* Read from the ELF header and then the crash dump. On error, negative value is
  * returned otherwise number of bytes read are returned.
  */
@@ -147,8 +131,8 @@ static ssize_t read_vmcore(struct file *file, char __user *buffer,
 {
         ssize_t acc = 0, tmp;
         size_t tsz;
-        u64 start, nr_bytes;
-        struct vmcore *curr_m = NULL;
+        u64 start;
+        struct vmcore *m = NULL;
 
         if (buflen == 0 || *fpos >= vmcore_size)
                 return 0;
@@ -159,9 +143,7 @@ static ssize_t read_vmcore(struct file *file, char __user *buffer,
 
         /* Read ELF core header */
         if (*fpos < elfcorebuf_sz) {
-                tsz = elfcorebuf_sz - *fpos;
-                if (buflen < tsz)
-                        tsz = buflen;
+                tsz = min(elfcorebuf_sz - (size_t)*fpos, buflen);
                 if (copy_to_user(buffer, elfcorebuf + *fpos, tsz))
                         return -EFAULT;
                 buflen -= tsz;
@@ -174,39 +156,161 @@ static ssize_t read_vmcore(struct file *file, char __user *buffer,
                         return acc;
         }
 
-        start = map_offset_to_paddr(*fpos, &vmcore_list, &curr_m);
-        if (!curr_m)
-                return -EINVAL;
-
-        while (buflen) {
-                tsz = min_t(size_t, buflen, PAGE_SIZE - (start & ~PAGE_MASK));
+        /* Read Elf note segment */
+        if (*fpos < elfcorebuf_sz + elfnotes_sz) {
+                void *kaddr;
 
-                /* Calculate left bytes in current memory segment. */
-                nr_bytes = (curr_m->size - (start - curr_m->paddr));
-                if (tsz > nr_bytes)
-                        tsz = nr_bytes;
-
-                tmp = read_from_oldmem(buffer, tsz, &start, 1);
-                if (tmp < 0)
-                        return tmp;
+                tsz = min(elfcorebuf_sz + elfnotes_sz - (size_t)*fpos, buflen);
+                kaddr = elfnotes_buf + *fpos - elfcorebuf_sz;
+                if (copy_to_user(buffer, kaddr, tsz))
+                        return -EFAULT;
                 buflen -= tsz;
                 *fpos += tsz;
                 buffer += tsz;
                 acc += tsz;
-                if (start >= (curr_m->paddr + curr_m->size)) {
-                        if (curr_m->list.next == &vmcore_list)
-                                return acc;     /*EOF*/
-                        curr_m = list_entry(curr_m->list.next,
-                                                struct vmcore, list);
-                        start = curr_m->paddr;
+
+                /* leave now if filled buffer already */
+                if (buflen == 0)
+                        return acc;
+        }
+
+        list_for_each_entry(m, &vmcore_list, list) {
+                if (*fpos < m->offset + m->size) {
+                        tsz = min_t(size_t, m->offset + m->size - *fpos, buflen);
+                        start = m->paddr + *fpos - m->offset;
+                        tmp = read_from_oldmem(buffer, tsz, &start, 1);
+                        if (tmp < 0)
+                                return tmp;
+                        buflen -= tsz;
+                        *fpos += tsz;
+                        buffer += tsz;
+                        acc += tsz;
+
+                        /* leave now if filled buffer already */
+                        if (buflen == 0)
+                                return acc;
                 }
         }
+
         return acc;
 }
 
+/**
+ * alloc_elfnotes_buf - allocate buffer for ELF note segment in
+ *                      vmalloc memory
+ *
+ * @notes_sz: size of buffer
+ *
+ * If CONFIG_MMU is defined, use vmalloc_user() to allow users to mmap
+ * the buffer to user-space by means of remap_vmalloc_range().
+ *
+ * If CONFIG_MMU is not defined, use vzalloc() since mmap_vmcore() is
+ * disabled and there's no need to allow users to mmap the buffer.
+ */
+static inline char *alloc_elfnotes_buf(size_t notes_sz)
+{
+#ifdef CONFIG_MMU
+        return vmalloc_user(notes_sz);
+#else
+        return vzalloc(notes_sz);
+#endif
+}
+
+/*
+ * Disable mmap_vmcore() if CONFIG_MMU is not defined. MMU is
+ * essential for mmap_vmcore() in order to map physically
+ * non-contiguous objects (ELF header, ELF note segment and memory
+ * regions in the 1st kernel pointed to by PT_LOAD entries) into
+ * virtually contiguous user-space in ELF layout.
+ */
+#ifdef CONFIG_MMU
+static int mmap_vmcore(struct file *file, struct vm_area_struct *vma)
+{
+        size_t size = vma->vm_end - vma->vm_start;
+        u64 start, end, len, tsz;
+        struct vmcore *m;
+
+        start = (u64)vma->vm_pgoff << PAGE_SHIFT;
+        end = start + size;
+
+        if (size > vmcore_size || end > vmcore_size)
+                return -EINVAL;
+
+        if (vma->vm_flags & (VM_WRITE | VM_EXEC))
+                return -EPERM;
+
+        vma->vm_flags &= ~(VM_MAYWRITE | VM_MAYEXEC);
+        vma->vm_flags |= VM_MIXEDMAP;
+
+        len = 0;
+
+        if (start < elfcorebuf_sz) {
+                u64 pfn;
+
+                tsz = min(elfcorebuf_sz - (size_t)start, size);
+                pfn = __pa(elfcorebuf + start) >> PAGE_SHIFT;
+                if (remap_pfn_range(vma, vma->vm_start, pfn, tsz,
+                                    vma->vm_page_prot))
+                        return -EAGAIN;
+                size -= tsz;
+                start += tsz;
+                len += tsz;
+
+                if (size == 0)
+                        return 0;
+        }
+
+        if (start < elfcorebuf_sz + elfnotes_sz) {
+                void *kaddr;
+
+                tsz = min(elfcorebuf_sz + elfnotes_sz - (size_t)start, size);
+                kaddr = elfnotes_buf + start - elfcorebuf_sz;
+                if (remap_vmalloc_range_partial(vma, vma->vm_start + len,
+                                                kaddr, tsz))
+                        goto fail;
+                size -= tsz;
+                start += tsz;
+                len += tsz;
+
+                if (size == 0)
+                        return 0;
+        }
+
+        list_for_each_entry(m, &vmcore_list, list) {
+                if (start < m->offset + m->size) {
+                        u64 paddr = 0;
+
+                        tsz = min_t(size_t, m->offset + m->size - start, size);
+                        paddr = m->paddr + start - m->offset;
+                        if (remap_pfn_range(vma, vma->vm_start + len,
+                                            paddr >> PAGE_SHIFT, tsz,
+                                            vma->vm_page_prot))
+                                goto fail;
+                        size -= tsz;
+                        start += tsz;
+                        len += tsz;
+
+                        if (size == 0)
+                                return 0;
+                }
+        }
+
+        return 0;
+fail:
+        do_munmap(vma->vm_mm, vma->vm_start, len);
+        return -EAGAIN;
+}
+#else
+static int mmap_vmcore(struct file *file, struct vm_area_struct *vma)
+{
+        return -ENOSYS;
+}
+#endif
+
 static const struct file_operations proc_vmcore_operations = {
         .read           = read_vmcore,
         .llseek         = default_llseek,
+        .mmap           = mmap_vmcore,
 };
 
 static struct vmcore* __init get_new_element(void)
@@ -214,61 +318,40 @@ static struct vmcore* __init get_new_element(void)
         return kzalloc(sizeof(struct vmcore), GFP_KERNEL);
 }
 
-static u64 __init get_vmcore_size_elf64(char *elfptr)
+static u64 __init get_vmcore_size(size_t elfsz, size_t elfnotesegsz,
+                                  struct list_head *vc_list)
 {
-        int i;
-        u64 size;
-        Elf64_Ehdr *ehdr_ptr;
-        Elf64_Phdr *phdr_ptr;
-
-        ehdr_ptr = (Elf64_Ehdr *)elfptr;
-        phdr_ptr = (Elf64_Phdr*)(elfptr + sizeof(Elf64_Ehdr));
-        size = sizeof(Elf64_Ehdr) + ((ehdr_ptr->e_phnum) * sizeof(Elf64_Phdr));
-        for (i = 0; i < ehdr_ptr->e_phnum; i++) {
-                size += phdr_ptr->p_memsz;
-                phdr_ptr++;
-        }
-        return size;
-}
-
-static u64 __init get_vmcore_size_elf32(char *elfptr)
-{
-        int i;
         u64 size;
-        Elf32_Ehdr *ehdr_ptr;
-        Elf32_Phdr *phdr_ptr;
+        struct vmcore *m;
 
-        ehdr_ptr = (Elf32_Ehdr *)elfptr;
-        phdr_ptr = (Elf32_Phdr*)(elfptr + sizeof(Elf32_Ehdr));
-        size = sizeof(Elf32_Ehdr) + ((ehdr_ptr->e_phnum) * sizeof(Elf32_Phdr));
-        for (i = 0; i < ehdr_ptr->e_phnum; i++) {
-                size += phdr_ptr->p_memsz;
-                phdr_ptr++;
+        size = elfsz + elfnotesegsz;
+        list_for_each_entry(m, vc_list, list) {
+                size += m->size;
         }
         return size;
 }
 
-/* Merges all the PT_NOTE headers into one. */
-static int __init merge_note_headers_elf64(char *elfptr, size_t *elfsz,
-                                                struct list_head *vc_list)
+/**
+ * update_note_header_size_elf64 - update p_memsz member of each PT_NOTE entry
+ *
+ * @ehdr_ptr: ELF header
+ *
+ * This function updates p_memsz member of each PT_NOTE entry in the
+ * program header table pointed to by @ehdr_ptr to real size of ELF
+ * note segment.
+ */
+static int __init update_note_header_size_elf64(const Elf64_Ehdr *ehdr_ptr)
 {
-        int i, nr_ptnote=0, rc=0;
-        char *tmp;
-        Elf64_Ehdr *ehdr_ptr;
-        Elf64_Phdr phdr, *phdr_ptr;
+        int i, rc=0;
+        Elf64_Phdr *phdr_ptr;
         Elf64_Nhdr *nhdr_ptr;
-        u64 phdr_sz = 0, note_off;
 
-        ehdr_ptr = (Elf64_Ehdr *)elfptr;
-        phdr_ptr = (Elf64_Phdr*)(elfptr + sizeof(Elf64_Ehdr));
+        phdr_ptr = (Elf64_Phdr *)(ehdr_ptr + 1);
         for (i = 0; i < ehdr_ptr->e_phnum; i++, phdr_ptr++) {
-                int j;
                 void *notes_section;
-                struct vmcore *new;
                 u64 offset, max_sz, sz, real_sz = 0;
                 if (phdr_ptr->p_type != PT_NOTE)
                         continue;
-                nr_ptnote++;
                 max_sz = phdr_ptr->p_memsz;
                 offset = phdr_ptr->p_offset;
                 notes_section = kmalloc(max_sz, GFP_KERNEL);
@@ -280,7 +363,7 @@ static int __init merge_note_headers_elf64(char *elfptr, size_t *elfsz,
                         return rc;
                 }
                 nhdr_ptr = notes_section;
-                for (j = 0; j < max_sz; j += sz) {
+                while (real_sz < max_sz) {
                         if (nhdr_ptr->n_namesz == 0)
                                 break;
                         sz = sizeof(Elf64_Nhdr) +
@@ -289,26 +372,122 @@ static int __init merge_note_headers_elf64(char *elfptr, size_t *elfsz,
                         real_sz += sz;
                         nhdr_ptr = (Elf64_Nhdr*)((char*)nhdr_ptr + sz);
                 }
-
-                /* Add this contiguous chunk of notes section to vmcore list.*/
-                new = get_new_element();
-                if (!new) {
-                        kfree(notes_section);
-                        return -ENOMEM;
-                }
-                new->paddr = phdr_ptr->p_offset;
-                new->size = real_sz;
-                list_add_tail(&new->list, vc_list);
-                phdr_sz += real_sz;
                 kfree(notes_section);
+                phdr_ptr->p_memsz = real_sz;
+        }
+
+        return 0;
+}
+
+/**
+ * get_note_number_and_size_elf64 - get the number of PT_NOTE program
+ * headers and sum of real size of their ELF note segment headers and
+ * data.
+ *
+ * @ehdr_ptr: ELF header
+ * @nr_ptnote: buffer for the number of PT_NOTE program headers
+ * @sz_ptnote: buffer for size of unique PT_NOTE program header
+ *
+ * This function is used to merge multiple PT_NOTE program headers
+ * into a unique single one. The resulting unique entry will have
+ * @sz_ptnote in its phdr->p_mem.
+ *
+ * It is assumed that program headers with PT_NOTE type pointed to by
+ * @ehdr_ptr has already been updated by update_note_header_size_elf64
+ * and each of PT_NOTE program headers has actual ELF note segment
+ * size in its p_memsz member.
+ */
+static int __init get_note_number_and_size_elf64(const Elf64_Ehdr *ehdr_ptr,
+                                                 int *nr_ptnote, u64 *sz_ptnote)
+{
+        int i;
+        Elf64_Phdr *phdr_ptr;
+
+        *nr_ptnote = *sz_ptnote = 0;
+
+        phdr_ptr = (Elf64_Phdr *)(ehdr_ptr + 1);
+        for (i = 0; i < ehdr_ptr->e_phnum; i++, phdr_ptr++) {
+                if (phdr_ptr->p_type != PT_NOTE)
+                        continue;
+                *nr_ptnote += 1;
+                *sz_ptnote += phdr_ptr->p_memsz;
+        }
+
+        return 0;
+}
+
+/**
+ * copy_notes_elf64 - copy ELF note segments in a given buffer
+ *
+ * @ehdr_ptr: ELF header
+ * @notes_buf: buffer into which ELF note segments are copied
+ *
+ * This function is used to copy ELF note segment in the 1st kernel
+ * into the buffer @notes_buf in the 2nd kernel. It is assumed that
+ * size of the buffer @notes_buf is equal to or larger than sum of the
+ * real ELF note segment headers and data.
+ *
+ * It is assumed that program headers with PT_NOTE type pointed to by
+ * @ehdr_ptr has already been updated by update_note_header_size_elf64
+ * and each of PT_NOTE program headers has actual ELF note segment
+ * size in its p_memsz member.
+ */
+static int __init copy_notes_elf64(const Elf64_Ehdr *ehdr_ptr, char *notes_buf)
+{
+        int i, rc=0;
+        Elf64_Phdr *phdr_ptr;
+
+        phdr_ptr = (Elf64_Phdr*)(ehdr_ptr + 1);
+
+        for (i = 0; i < ehdr_ptr->e_phnum; i++, phdr_ptr++) {
+                u64 offset;
+                if (phdr_ptr->p_type != PT_NOTE)
+                        continue;
+                offset = phdr_ptr->p_offset;
+                rc = read_from_oldmem(notes_buf, phdr_ptr->p_memsz, &offset, 0);
+                if (rc < 0)
+                        return rc;
+                notes_buf += phdr_ptr->p_memsz;
         }
 
+        return 0;
+}
+
+/* Merges all the PT_NOTE headers into one. */
+static int __init merge_note_headers_elf64(char *elfptr, size_t *elfsz,
+                                           char **notes_buf, size_t *notes_sz)
+{
+        int i, nr_ptnote=0, rc=0;
+        char *tmp;
+        Elf64_Ehdr *ehdr_ptr;
+        Elf64_Phdr phdr;
+        u64 phdr_sz = 0, note_off;
+
+        ehdr_ptr = (Elf64_Ehdr *)elfptr;
+
+        rc = update_note_header_size_elf64(ehdr_ptr);
+        if (rc < 0)
+                return rc;
+
+        rc = get_note_number_and_size_elf64(ehdr_ptr, &nr_ptnote, &phdr_sz);
+        if (rc < 0)
+                return rc;
+
+        *notes_sz = roundup(phdr_sz, PAGE_SIZE);
+        *notes_buf = alloc_elfnotes_buf(*notes_sz);
+        if (!*notes_buf)
+                return -ENOMEM;
+
+        rc = copy_notes_elf64(ehdr_ptr, *notes_buf);
+        if (rc < 0)
+                return rc;
+
         /* Prepare merged PT_NOTE program header. */
         phdr.p_type    = PT_NOTE;
         phdr.p_flags   = 0;
         note_off = sizeof(Elf64_Ehdr) +
                         (ehdr_ptr->e_phnum - nr_ptnote +1) * sizeof(Elf64_Phdr);
-        phdr.p_offset  = note_off;
+        phdr.p_offset  = roundup(note_off, PAGE_SIZE);
         phdr.p_vaddr   = phdr.p_paddr = 0;
         phdr.p_filesz  = phdr.p_memsz = phdr_sz;
         phdr.p_align   = 0;
@@ -322,6 +501,8 @@ static int __init merge_note_headers_elf64(char *elfptr, size_t *elfsz,
         i = (nr_ptnote - 1) * sizeof(Elf64_Phdr);
         *elfsz = *elfsz - i;
         memmove(tmp, tmp+i, ((*elfsz)-sizeof(Elf64_Ehdr)-sizeof(Elf64_Phdr)));
+        memset(elfptr + *elfsz, 0, i);
+        *elfsz = roundup(*elfsz, PAGE_SIZE);
 
         /* Modify e_phnum to reflect merged headers. */
         ehdr_ptr->e_phnum = ehdr_ptr->e_phnum - nr_ptnote + 1;
@@ -329,27 +510,27 @@ static int __init merge_note_headers_elf64(char *elfptr, size_t *elfsz,
         return 0;
 }
 
-/* Merges all the PT_NOTE headers into one. */
-static int __init merge_note_headers_elf32(char *elfptr, size_t *elfsz,
-                                                struct list_head *vc_list)
+/**
+ * update_note_header_size_elf32 - update p_memsz member of each PT_NOTE entry
+ *
+ * @ehdr_ptr: ELF header
+ *
+ * This function updates p_memsz member of each PT_NOTE entry in the
+ * program header table pointed to by @ehdr_ptr to real size of ELF
+ * note segment.
+ */
+static int __init update_note_header_size_elf32(const Elf32_Ehdr *ehdr_ptr)
 {
-        int i, nr_ptnote=0, rc=0;
-        char *tmp;
-        Elf32_Ehdr *ehdr_ptr;
-        Elf32_Phdr phdr, *phdr_ptr;
+        int i, rc=0;
+        Elf32_Phdr *phdr_ptr;
         Elf32_Nhdr *nhdr_ptr;
-        u64 phdr_sz = 0, note_off;
 
-        ehdr_ptr = (Elf32_Ehdr *)elfptr;
-        phdr_ptr = (Elf32_Phdr*)(elfptr + sizeof(Elf32_Ehdr));
+        phdr_ptr = (Elf32_Phdr *)(ehdr_ptr + 1);
         for (i = 0; i < ehdr_ptr->e_phnum; i++, phdr_ptr++) {
-                int j;
                 void *notes_section;
-                struct vmcore *new;
                 u64 offset, max_sz, sz, real_sz = 0;
                 if (phdr_ptr->p_type != PT_NOTE)
                         continue;
-                nr_ptnote++;
                 max_sz = phdr_ptr->p_memsz;
                 offset = phdr_ptr->p_offset;
                 notes_section = kmalloc(max_sz, GFP_KERNEL);
@@ -361,7 +542,7 @@ static int __init merge_note_headers_elf32(char *elfptr, size_t *elfsz,
                         return rc;
                 }
                 nhdr_ptr = notes_section;
-                for (j = 0; j < max_sz; j += sz) {
+                while (real_sz < max_sz) {
                         if (nhdr_ptr->n_namesz == 0)
                                 break;
                         sz = sizeof(Elf32_Nhdr) +
@@ -370,26 +551,122 @@ static int __init merge_note_headers_elf32(char *elfptr, size_t *elfsz,
                         real_sz += sz;
                         nhdr_ptr = (Elf32_Nhdr*)((char*)nhdr_ptr + sz);
                 }
-
-                /* Add this contiguous chunk of notes section to vmcore list.*/
-                new = get_new_element();
-                if (!new) {
-                        kfree(notes_section);
-                        return -ENOMEM;
-                }
-                new->paddr = phdr_ptr->p_offset;
-                new->size = real_sz;
-                list_add_tail(&new->list, vc_list);
-                phdr_sz += real_sz;
                 kfree(notes_section);
+                phdr_ptr->p_memsz = real_sz;
+        }
+
+        return 0;
+}
+
+/**
+ * get_note_number_and_size_elf32 - get the number of PT_NOTE program
+ * headers and sum of real size of their ELF note segment headers and
+ * data.
+ *
+ * @ehdr_ptr: ELF header
+ * @nr_ptnote: buffer for the number of PT_NOTE program headers
+ * @sz_ptnote: buffer for size of unique PT_NOTE program header
+ *
+ * This function is used to merge multiple PT_NOTE program headers
+ * into a unique single one. The resulting unique entry will have
+ * @sz_ptnote in its phdr->p_mem.
+ *
+ * It is assumed that program headers with PT_NOTE type pointed to by
+ * @ehdr_ptr has already been updated by update_note_header_size_elf32
+ * and each of PT_NOTE program headers has actual ELF note segment
+ * size in its p_memsz member.
+ */
+static int __init get_note_number_and_size_elf32(const Elf32_Ehdr *ehdr_ptr,
+                                                 int *nr_ptnote, u64 *sz_ptnote)
+{
+        int i;
+        Elf32_Phdr *phdr_ptr;
+
+        *nr_ptnote = *sz_ptnote = 0;
+
+        phdr_ptr = (Elf32_Phdr *)(ehdr_ptr + 1);
+        for (i = 0; i < ehdr_ptr->e_phnum; i++, phdr_ptr++) {
+                if (phdr_ptr->p_type != PT_NOTE)
+                        continue;
+                *nr_ptnote += 1;
+                *sz_ptnote += phdr_ptr->p_memsz;
+        }
+
+        return 0;
+}
+
+/**
+ * copy_notes_elf32 - copy ELF note segments in a given buffer
+ *
+ * @ehdr_ptr: ELF header
+ * @notes_buf: buffer into which ELF note segments are copied
+ *
+ * This function is used to copy ELF note segment in the 1st kernel
+ * into the buffer @notes_buf in the 2nd kernel. It is assumed that
+ * size of the buffer @notes_buf is equal to or larger than sum of the
+ * real ELF note segment headers and data.
+ *
+ * It is assumed that program headers with PT_NOTE type pointed to by
+ * @ehdr_ptr has already been updated by update_note_header_size_elf32
+ * and each of PT_NOTE program headers has actual ELF note segment
+ * size in its p_memsz member.
+ */
+static int __init copy_notes_elf32(const Elf32_Ehdr *ehdr_ptr, char *notes_buf)
+{
+        int i, rc=0;
+        Elf32_Phdr *phdr_ptr;
+
+        phdr_ptr = (Elf32_Phdr*)(ehdr_ptr + 1);
+
+        for (i = 0; i < ehdr_ptr->e_phnum; i++, phdr_ptr++) {
+                u64 offset;
+                if (phdr_ptr->p_type != PT_NOTE)
+                        continue;
+                offset = phdr_ptr->p_offset;
+                rc = read_from_oldmem(notes_buf, phdr_ptr->p_memsz, &offset, 0);
+                if (rc < 0)
+                        return rc;
+                notes_buf += phdr_ptr->p_memsz;
         }
 
+        return 0;
+}
+
+/* Merges all the PT_NOTE headers into one. */
+static int __init merge_note_headers_elf32(char *elfptr, size_t *elfsz,
+                                           char **notes_buf, size_t *notes_sz)
+{
+        int i, nr_ptnote=0, rc=0;
+        char *tmp;
+        Elf32_Ehdr *ehdr_ptr;
+        Elf32_Phdr phdr;
+        u64 phdr_sz = 0, note_off;
+
+        ehdr_ptr = (Elf32_Ehdr *)elfptr;
+
+        rc = update_note_header_size_elf32(ehdr_ptr);
+        if (rc < 0)
+                return rc;
+
+        rc = get_note_number_and_size_elf32(ehdr_ptr, &nr_ptnote, &phdr_sz);
+        if (rc < 0)
+                return rc;
+
+        *notes_sz = roundup(phdr_sz, PAGE_SIZE);
+        *notes_buf = alloc_elfnotes_buf(*notes_sz);
+        if (!*notes_buf)
+                return -ENOMEM;
+
+        rc = copy_notes_elf32(ehdr_ptr, *notes_buf);
+        if (rc < 0)
+                return rc;
+
         /* Prepare merged PT_NOTE program header. */
         phdr.p_type    = PT_NOTE;
         phdr.p_flags   = 0;
         note_off = sizeof(Elf32_Ehdr) +
                         (ehdr_ptr->e_phnum - nr_ptnote +1) * sizeof(Elf32_Phdr);
-        phdr.p_offset  = note_off;
+        phdr.p_offset  = roundup(note_off, PAGE_SIZE);
         phdr.p_vaddr   = phdr.p_paddr = 0;
         phdr.p_filesz  = phdr.p_memsz = phdr_sz;
         phdr.p_align   = 0;
@@ -403,6 +680,8 @@ static int __init merge_note_headers_elf32(char *elfptr, size_t *elfsz,
         i = (nr_ptnote - 1) * sizeof(Elf32_Phdr);
         *elfsz = *elfsz - i;
         memmove(tmp, tmp+i, ((*elfsz)-sizeof(Elf32_Ehdr)-sizeof(Elf32_Phdr)));
+        memset(elfptr + *elfsz, 0, i);
+        *elfsz = roundup(*elfsz, PAGE_SIZE);
 
         /* Modify e_phnum to reflect merged headers. */
         ehdr_ptr->e_phnum = ehdr_ptr->e_phnum - nr_ptnote + 1;
@@ -414,6 +693,7 @@ static int __init merge_note_headers_elf32(char *elfptr, size_t *elfsz,
  * the new offset fields of exported program headers. */
 static int __init process_ptload_program_headers_elf64(char *elfptr,
                                                 size_t elfsz,
+                                                size_t elfnotes_sz,
                                                 struct list_head *vc_list)
 {
         int i;
@@ -425,32 +705,38 @@ static int __init process_ptload_program_headers_elf64(char *elfptr,
         ehdr_ptr = (Elf64_Ehdr *)elfptr;
         phdr_ptr = (Elf64_Phdr*)(elfptr + sizeof(Elf64_Ehdr)); /* PT_NOTE hdr */
 
-        /* First program header is PT_NOTE header. */
-        vmcore_off = sizeof(Elf64_Ehdr) +
-                        (ehdr_ptr->e_phnum) * sizeof(Elf64_Phdr) +
-                        phdr_ptr->p_memsz; /* Note sections */
+        /* Skip Elf header, program headers and Elf note segment. */
+        vmcore_off = elfsz + elfnotes_sz;
 
         for (i = 0; i < ehdr_ptr->e_phnum; i++, phdr_ptr++) {
+                u64 paddr, start, end, size;
+
                 if (phdr_ptr->p_type != PT_LOAD)
                         continue;
 
+                paddr = phdr_ptr->p_offset;
+                start = rounddown(paddr, PAGE_SIZE);
+                end = roundup(paddr + phdr_ptr->p_memsz, PAGE_SIZE);
+                size = end - start;
+
                 /* Add this contiguous chunk of memory to vmcore list.*/
                 new = get_new_element();
                 if (!new)
                         return -ENOMEM;
-                new->paddr = phdr_ptr->p_offset;
-                new->size = phdr_ptr->p_memsz;
+                new->paddr = start;
+                new->size = size;
                 list_add_tail(&new->list, vc_list);
 
                 /* Update the program header offset. */
-                phdr_ptr->p_offset = vmcore_off;
-                vmcore_off = vmcore_off + phdr_ptr->p_memsz;
+                phdr_ptr->p_offset = vmcore_off + (paddr - start);
+                vmcore_off = vmcore_off + size;
         }
         return 0;
 }
 
 static int __init process_ptload_program_headers_elf32(char *elfptr,
                                                 size_t elfsz,
+                                                size_t elfnotes_sz,
                                                 struct list_head *vc_list)
 {
         int i;
@@ -462,43 +748,44 @@ static int __init process_ptload_program_headers_elf32(char *elfptr,
         ehdr_ptr = (Elf32_Ehdr *)elfptr;
         phdr_ptr = (Elf32_Phdr*)(elfptr + sizeof(Elf32_Ehdr)); /* PT_NOTE hdr */
 
-        /* First program header is PT_NOTE header. */
-        vmcore_off = sizeof(Elf32_Ehdr) +
-                        (ehdr_ptr->e_phnum) * sizeof(Elf32_Phdr) +
-                        phdr_ptr->p_memsz; /* Note sections */
+        /* Skip Elf header, program headers and Elf note segment. */
+        vmcore_off = elfsz + elfnotes_sz;
 
         for (i = 0; i < ehdr_ptr->e_phnum; i++, phdr_ptr++) {
+                u64 paddr, start, end, size;
+
                 if (phdr_ptr->p_type != PT_LOAD)
                         continue;
 
+                paddr = phdr_ptr->p_offset;
+                start = rounddown(paddr, PAGE_SIZE);
+                end = roundup(paddr + phdr_ptr->p_memsz, PAGE_SIZE);
+                size = end - start;
+
                 /* Add this contiguous chunk of memory to vmcore list.*/
                 new = get_new_element();
                 if (!new)
                         return -ENOMEM;
-                new->paddr = phdr_ptr->p_offset;
-                new->size = phdr_ptr->p_memsz;
+                new->paddr = start;
+                new->size = size;
                 list_add_tail(&new->list, vc_list);
 
                 /* Update the program header offset */
-                phdr_ptr->p_offset = vmcore_off;
-                vmcore_off = vmcore_off + phdr_ptr->p_memsz;
+                phdr_ptr->p_offset = vmcore_off + (paddr - start);
+                vmcore_off = vmcore_off + size;
         }
         return 0;
 }
 
 /* Sets offset fields of vmcore elements. */
-static void __init set_vmcore_list_offsets_elf64(char *elfptr,
-                                                struct list_head *vc_list)
+static void __init set_vmcore_list_offsets(size_t elfsz, size_t elfnotes_sz,
+                                           struct list_head *vc_list)
 {
         loff_t vmcore_off;
-        Elf64_Ehdr *ehdr_ptr;
         struct vmcore *m;
 
-        ehdr_ptr = (Elf64_Ehdr *)elfptr;
-
-        /* Skip Elf header and program headers. */
-        vmcore_off = sizeof(Elf64_Ehdr) +
-                        (ehdr_ptr->e_phnum) * sizeof(Elf64_Phdr);
+        /* Skip Elf header, program headers and Elf note segment. */
+        vmcore_off = elfsz + elfnotes_sz;
 
         list_for_each_entry(m, vc_list, list) {
                 m->offset = vmcore_off;
@@ -506,24 +793,12 @@ static void __init set_vmcore_list_offsets_elf64(char *elfptr,
         }
 }
 
-/* Sets offset fields of vmcore elements. */
-static void __init set_vmcore_list_offsets_elf32(char *elfptr,
-                                                struct list_head *vc_list)
+static void free_elfcorebuf(void)
 {
-        loff_t vmcore_off;
-        Elf32_Ehdr *ehdr_ptr;
-        struct vmcore *m;
-
-        ehdr_ptr = (Elf32_Ehdr *)elfptr;
-
-        /* Skip Elf header and program headers. */
-        vmcore_off = sizeof(Elf32_Ehdr) +
-                        (ehdr_ptr->e_phnum) * sizeof(Elf32_Phdr);
-
-        list_for_each_entry(m, vc_list, list) {
-                m->offset = vmcore_off;
-                vmcore_off += m->size;
-        }
+        free_pages((unsigned long)elfcorebuf, get_order(elfcorebuf_sz_orig));
+        elfcorebuf = NULL;
+        vfree(elfnotes_buf);
+        elfnotes_buf = NULL;
 }
 
 static int __init parse_crash_elf64_headers(void)
@@ -554,31 +829,32 @@ static int __init parse_crash_elf64_headers(void)
         }
 
         /* Read in all elf headers. */
-        elfcorebuf_sz = sizeof(Elf64_Ehdr) + ehdr.e_phnum * sizeof(Elf64_Phdr);
-        elfcorebuf = kmalloc(elfcorebuf_sz, GFP_KERNEL);
+        elfcorebuf_sz_orig = sizeof(Elf64_Ehdr) +
+                                ehdr.e_phnum * sizeof(Elf64_Phdr);
+        elfcorebuf_sz = elfcorebuf_sz_orig;
+        elfcorebuf = (void *)__get_free_pages(GFP_KERNEL | __GFP_ZERO,
+                                              get_order(elfcorebuf_sz_orig));
         if (!elfcorebuf)
                 return -ENOMEM;
         addr = elfcorehdr_addr;
-        rc = read_from_oldmem(elfcorebuf, elfcorebuf_sz, &addr, 0);
-        if (rc < 0) {
-                kfree(elfcorebuf);
-                return rc;
-        }
+        rc = read_from_oldmem(elfcorebuf, elfcorebuf_sz_orig, &addr, 0);
+        if (rc < 0)
+                goto fail;
 
         /* Merge all PT_NOTE headers into one. */
-        rc = merge_note_headers_elf64(elfcorebuf, &elfcorebuf_sz, &vmcore_list);
-        if (rc) {
-                kfree(elfcorebuf);
-                return rc;
-        }
+        rc = merge_note_headers_elf64(elfcorebuf, &elfcorebuf_sz,
+                                      &elfnotes_buf, &elfnotes_sz);
+        if (rc)
+                goto fail;
         rc = process_ptload_program_headers_elf64(elfcorebuf, elfcorebuf_sz,
-                                                        &vmcore_list);
-        if (rc) {
-                kfree(elfcorebuf);
-                return rc;
-        }
-        set_vmcore_list_offsets_elf64(elfcorebuf, &vmcore_list);
+                                                  elfnotes_sz, &vmcore_list);
+        if (rc)
+                goto fail;
+        set_vmcore_list_offsets(elfcorebuf_sz, elfnotes_sz, &vmcore_list);
         return 0;
+fail:
+        free_elfcorebuf();
+        return rc;
 }
 
 static int __init parse_crash_elf32_headers(void)
@@ -609,31 +885,31 @@ static int __init parse_crash_elf32_headers(void)
         }
 
         /* Read in all elf headers. */
-        elfcorebuf_sz = sizeof(Elf32_Ehdr) + ehdr.e_phnum * sizeof(Elf32_Phdr);
-        elfcorebuf = kmalloc(elfcorebuf_sz, GFP_KERNEL);
+        elfcorebuf_sz_orig = sizeof(Elf32_Ehdr) + ehdr.e_phnum * sizeof(Elf32_Phdr);
+        elfcorebuf_sz = elfcorebuf_sz_orig;
+        elfcorebuf = (void *)__get_free_pages(GFP_KERNEL | __GFP_ZERO,
+                                              get_order(elfcorebuf_sz_orig));
         if (!elfcorebuf)
                 return -ENOMEM;
         addr = elfcorehdr_addr;
-        rc = read_from_oldmem(elfcorebuf, elfcorebuf_sz, &addr, 0);
-        if (rc < 0) {
-                kfree(elfcorebuf);
-                return rc;
-        }
+        rc = read_from_oldmem(elfcorebuf, elfcorebuf_sz_orig, &addr, 0);
+        if (rc < 0)
+                goto fail;
 
         /* Merge all PT_NOTE headers into one. */
-        rc = merge_note_headers_elf32(elfcorebuf, &elfcorebuf_sz, &vmcore_list);
-        if (rc) {
-                kfree(elfcorebuf);
-                return rc;
-        }
+        rc = merge_note_headers_elf32(elfcorebuf, &elfcorebuf_sz,
+                                      &elfnotes_buf, &elfnotes_sz);
+        if (rc)
+                goto fail;
         rc = process_ptload_program_headers_elf32(elfcorebuf, elfcorebuf_sz,
-                                                                &vmcore_list);
-        if (rc) {
-                kfree(elfcorebuf);
-                return rc;
-        }
-        set_vmcore_list_offsets_elf32(elfcorebuf, &vmcore_list);
+                                                  elfnotes_sz, &vmcore_list);
+        if (rc)
+                goto fail;
+        set_vmcore_list_offsets(elfcorebuf_sz, elfnotes_sz, &vmcore_list);
         return 0;
+fail:
+        free_elfcorebuf();
+        return rc;
 }
 
 static int __init parse_crash_elf_headers(void)
@@ -655,20 +931,19 @@ static int __init parse_crash_elf_headers(void)
                 rc = parse_crash_elf64_headers();
                 if (rc)
                         return rc;
-
-                /* Determine vmcore size. */
-                vmcore_size = get_vmcore_size_elf64(elfcorebuf);
         } else if (e_ident[EI_CLASS] == ELFCLASS32) {
                 rc = parse_crash_elf32_headers();
                 if (rc)
                         return rc;
-
-                /* Determine vmcore size. */
-                vmcore_size = get_vmcore_size_elf32(elfcorebuf);
         } else {
                 pr_warn("Warning: Core image elf header is not sane\n");
                 return -EINVAL;
         }
+
+        /* Determine vmcore size. */
+        vmcore_size = get_vmcore_size(elfcorebuf_sz, elfnotes_sz,
+                                      &vmcore_list);
+
         return 0;
 }
 
@@ -711,7 +986,6 @@ void vmcore_cleanup(void)
                 list_del(&m->list);
                 kfree(m);
         }
-        kfree(elfcorebuf);
-        elfcorebuf = NULL;
+        free_elfcorebuf();
 }
 EXPORT_SYMBOL_GPL(vmcore_cleanup);