Merge branch 'master'

author: Kumar Gala <galak@kernel.crashing.org> 2006-03-20 12:58:02 -0500
committer: Kumar Gala <galak@kernel.crashing.org> 2006-03-20 12:58:02 -0500
commit: 1a02e59a2970f9ed28ab51d3b08624b79e54d848 (patch)
tree: 470cce472be3b08c160e0c569648e7228651b12a /fs
parent: ebcff3c773b42bce6182ec16485abca4e53fba97 (diff)
parent: 2c276603c3e5ebf38155a9d1fbbda656d52d138e (diff)
100 files changed, 1586 insertions, 1220 deletions
diff --git a/fs/9p/9p.c b/fs/9p/9p.c
index 1a6d08761f39..f86a28d1d6a6 100644
--- a/fs/9p/9p.c
+++ b/fs/9p/9p.c
@@ -111,7 +111,6 @@ static void v9fs_t_clunk_cb(void *a, struct v9fs_fcall *tc,
        if (!rc)
                return;
-        dprintk(DEBUG_9P, "tcall id %d rcall id %d\n", tc->id, rc->id);
        v9ses = a;
        if (rc->id == RCLUNK)
                v9fs_put_idpool(fid, &v9ses->fidpool);
diff --git a/fs/9p/fid.c b/fs/9p/fid.c
index eda449778fa5..c4d13bf904d2 100644
--- a/fs/9p/fid.c
+++ b/fs/9p/fid.c
@@ -1,7 +1,7 @@
 /*
 * V9FS FID Management
 *
- *  Copyright (C) 2005 by Eric Van Hensbergen <ericvh@gmail.com>
+ *  Copyright (C) 2005, 2006 by Eric Van Hensbergen <ericvh@gmail.com>
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
@@ -40,7 +40,7 @@
 *
 */
-static int v9fs_fid_insert(struct v9fs_fid *fid, struct dentry *dentry)
+int v9fs_fid_insert(struct v9fs_fid *fid, struct dentry *dentry)
 {
        struct list_head *fid_list = (struct list_head *)dentry->d_fsdata;
        dprintk(DEBUG_9P, "fid %d (%p) dentry %s (%p)\n", fid->fid, fid,
@@ -57,7 +57,6 @@ static int v9fs_fid_insert(struct v9fs_fid *fid, struct dentry *dentry)
        }
        fid->uid = current->uid;
-        fid->pid = current->pid;
        list_add(&fid->list, fid_list);
        return 0;
 }
@@ -68,14 +67,11 @@ static int v9fs_fid_insert(struct v9fs_fid *fid, struct dentry *dentry)
 *
 */
-struct v9fs_fid *v9fs_fid_create(struct dentry *dentry,
+struct v9fs_fid *v9fs_fid_create(struct v9fs_session_info *v9ses, int fid)
-        struct v9fs_session_info *v9ses, int fid, int create)
 {
        struct v9fs_fid *new;
-        dprintk(DEBUG_9P, "fid create dentry %p, fid %d, create %d\n",
+        dprintk(DEBUG_9P, "fid create fid %d\n", fid);
-                dentry, fid, create);
        new = kmalloc(sizeof(struct v9fs_fid), GFP_KERNEL);
        if (new == NULL) {
                dprintk(DEBUG_ERROR, "Out of Memory\n");
@@ -85,19 +81,13 @@ struct v9fs_fid *v9fs_fid_create(struct dentry *dentry,
        new->fid = fid;
        new->v9ses = v9ses;
        new->fidopen = 0;
-        new->fidcreate = create;
        new->fidclunked = 0;
        new->iounit = 0;
        new->rdir_pos = 0;
        new->rdir_fcall = NULL;
+        INIT_LIST_HEAD(&new->list);
-        if (v9fs_fid_insert(new, dentry) == 0)
+        return new;
-                return new;
-        else {
-                dprintk(DEBUG_ERROR, "Problems inserting to dentry\n");
-                kfree(new);
-                return NULL;
-        }
 }
 /**
@@ -113,140 +103,29 @@ void v9fs_fid_destroy(struct v9fs_fid *fid)
 }
 /**
- * v9fs_fid_walk_up - walks from the process current directory
- *      up to the specified dentry.
- */
-static struct v9fs_fid *v9fs_fid_walk_up(struct dentry *dentry)
-{
-        int fidnum, cfidnum, err;
-        struct v9fs_fid *cfid;
-        struct dentry *cde;
-        struct v9fs_session_info *v9ses;
-        v9ses = v9fs_inode2v9ses(current->fs->pwd->d_inode);
-        cfid = v9fs_fid_lookup(current->fs->pwd);
-        if (cfid == NULL) {
-                dprintk(DEBUG_ERROR, "process cwd doesn't have a fid\n");
-                return ERR_PTR(-ENOENT);
-        }
-        cfidnum = cfid->fid;
-        cde = current->fs->pwd;
-        /* TODO: take advantage of multiwalk */
-        fidnum = v9fs_get_idpool(&v9ses->fidpool);
-        if (fidnum < 0) {
-                dprintk(DEBUG_ERROR, "could not get a new fid num\n");
-                err = -ENOENT;
-                goto clunk_fid;
-        }
-        while (cde != dentry) {
-                if (cde == cde->d_parent) {
-                        dprintk(DEBUG_ERROR, "can't find dentry\n");
-                        err = -ENOENT;
-                        goto clunk_fid;
-                }
-                err = v9fs_t_walk(v9ses, cfidnum, fidnum, "..", NULL);
-                if (err < 0) {
-                        dprintk(DEBUG_ERROR, "problem walking to parent\n");
-                        goto clunk_fid;
-                }
-                cfidnum = fidnum;
-                cde = cde->d_parent;
-        }
-        return v9fs_fid_create(dentry, v9ses, fidnum, 0);
-clunk_fid:
-        v9fs_t_clunk(v9ses, fidnum);
-        return ERR_PTR(err);
-}
-/**
 * v9fs_fid_lookup - retrieve the right fid from a  particular dentry
 * @dentry: dentry to look for fid in
 * @type: intent of lookup (operation or traversal)
 *
- * search list of fids associated with a dentry for a fid with a matching
+ * find a fid in the dentry
- * thread id or uid.  If that fails, look up the dentry's parents to see if you
+ *
- * can find a matching fid.
+ * TODO: only match fids that have the same uid as current user
 *
 */
 struct v9fs_fid *v9fs_fid_lookup(struct dentry *dentry)
 {
        struct list_head *fid_list = (struct list_head *)dentry->d_fsdata;
-        struct v9fs_fid *current_fid = NULL;
-        struct v9fs_fid *temp = NULL;
        struct v9fs_fid *return_fid = NULL;
        dprintk(DEBUG_9P, " dentry: %s (%p)\n", dentry->d_iname, dentry);
-        if (fid_list) {
+        if (fid_list)
-                list_for_each_entry_safe(current_fid, temp, fid_list, list) {
+                return_fid = list_entry(fid_list->next, struct v9fs_fid, list);
-                        if (!current_fid->fidcreate) {
-                                return_fid = current_fid;
-                                break;
-                        }
-                }
-                if (!return_fid)
-                        return_fid = current_fid;
-        }
-        /* we are at the root but didn't match */
-        if ((!return_fid) && (dentry->d_parent == dentry)) {
-                /* TODO: clone attach with new uid */
-                return_fid = current_fid;
-        }
        if (!return_fid) {
-                struct dentry *par = current->fs->pwd->d_parent;
+                dprintk(DEBUG_ERROR, "Couldn't find a fid in dentry\n");
-                int count = 1;
-                while (par != NULL) {
-                        if (par == dentry)
-                                break;
-                        count++;
-                        if (par == par->d_parent) {
-                                dprintk(DEBUG_ERROR,
-                                        "got to root without finding dentry\n");
-                                break;
-                        }
-                        par = par->d_parent;
-                }
-/* XXX - there may be some duplication we can get rid of */
-                if (par == dentry) {
-                        return_fid = v9fs_fid_walk_up(dentry);
-                        if (IS_ERR(return_fid))
-                                return_fid = NULL;
-                }
        }
        return return_fid;
 }
-struct v9fs_fid *v9fs_fid_get_created(struct dentry *dentry)
-{
-        struct list_head *fid_list;
-        struct v9fs_fid *fid, *ftmp, *ret;
-        dprintk(DEBUG_9P, " dentry: %s (%p)\n", dentry->d_iname, dentry);
-        fid_list = (struct list_head *)dentry->d_fsdata;
-        ret = NULL;
-        if (fid_list) {
-                list_for_each_entry_safe(fid, ftmp, fid_list, list) {
-                        if (fid->fidcreate && fid->pid == current->pid) {
-                                list_del(&fid->list);
-                                ret = fid;
-                                break;
-                        }
-                }
-        }
-        dprintk(DEBUG_9P, "return %p\n", ret);
-        return ret;
-}
diff --git a/fs/9p/fid.h b/fs/9p/fid.h
index 84c673a44c83..1fc2dd08d75a 100644
--- a/fs/9p/fid.h
+++ b/fs/9p/fid.h
@@ -33,7 +33,6 @@ struct v9fs_fid {
        u32 fid;
        unsigned char fidopen;    /* set when fid is opened */
-        unsigned char fidcreate;  /* set when fid was just created */
        unsigned char fidclunked; /* set when fid has already been clunked */
        struct v9fs_qid qid;
@@ -45,7 +44,6 @@ struct v9fs_fid {
        struct v9fs_fcall *rdir_fcall;
        /* management stuff */
-        pid_t pid;              /* thread associated with this fid */
        uid_t uid;              /* user associated with this fid */
        /* private data */
@@ -56,5 +54,5 @@ struct v9fs_fid {
 struct v9fs_fid *v9fs_fid_lookup(struct dentry *dentry);
 struct v9fs_fid *v9fs_fid_get_created(struct dentry *);
 void v9fs_fid_destroy(struct v9fs_fid *fid);
-struct v9fs_fid *v9fs_fid_create(struct dentry *,
+struct v9fs_fid *v9fs_fid_create(struct v9fs_session_info *, int fid);
-        struct v9fs_session_info *v9ses, int fid, int create);
+int v9fs_fid_insert(struct v9fs_fid *fid, struct dentry *dentry);
diff --git a/fs/9p/trans_fd.c b/fs/9p/trans_fd.c
index 1a28ef97a3d1..5b2ce21b10fa 100644
--- a/fs/9p/trans_fd.c
+++ b/fs/9p/trans_fd.c
@@ -80,6 +80,7 @@ static int v9fs_fd_send(struct v9fs_transport *trans, void *v, int len)
        if (!trans || trans->status != Connected || !ts)
                return -EIO;
+        oldfs = get_fs();
        set_fs(get_ds());
        /* The cast to a user pointer is valid due to the set_fs() */
        ret = vfs_write(ts->out_file, (void __user *)v, len, &ts->out_file->f_pos);
diff --git a/fs/9p/v9fs.c b/fs/9p/v9fs.c
index 5250c428fc1f..61352491ba36 100644
--- a/fs/9p/v9fs.c
+++ b/fs/9p/v9fs.c
@@ -66,7 +66,7 @@ static match_table_t tokens = {
        {Opt_afid, "afid=%u"},
        {Opt_rfdno, "rfdno=%u"},
        {Opt_wfdno, "wfdno=%u"},
-        {Opt_debug, "debug=%u"},
+        {Opt_debug, "debug=%x"},
        {Opt_name, "name=%s"},
        {Opt_remotename, "aname=%s"},
        {Opt_unix, "proto=unix"},
@@ -397,6 +397,7 @@ v9fs_session_init(struct v9fs_session_info *v9ses,
        }
        if (v9ses->afid != ~0) {
+                dprintk(DEBUG_ERROR, "afid not equal to ~0\n");
                if (v9fs_t_clunk(v9ses, v9ses->afid))
                        dprintk(DEBUG_ERROR, "clunk failed\n");
        }
diff --git a/fs/9p/v9fs_vfs.h b/fs/9p/v9fs_vfs.h
index 69cf2905dc90..a759278acaae 100644
--- a/fs/9p/v9fs_vfs.h
+++ b/fs/9p/v9fs_vfs.h
@@ -51,3 +51,4 @@ int v9fs_dir_release(struct inode *inode, struct file *filp);
 int v9fs_file_open(struct inode *inode, struct file *file);
 void v9fs_inode2stat(struct inode *inode, struct v9fs_stat *stat);
 void v9fs_dentry_release(struct dentry *);
+int v9fs_uflags2omode(int uflags);
diff --git a/fs/9p/vfs_dentry.c b/fs/9p/vfs_dentry.c
index 2dd806dac9f1..12c9cc926b71 100644
--- a/fs/9p/vfs_dentry.c
+++ b/fs/9p/vfs_dentry.c
@@ -43,47 +43,18 @@
 #include "fid.h"
 /**
- * v9fs_dentry_validate - VFS dcache hook to validate cache
+ * v9fs_dentry_delete - called when dentry refcount equals 0
- * @dentry:  dentry that is being validated
+ * @dentry:  dentry in question
- * @nd: path data
 *
- * dcache really shouldn't be used for 9P2000 as at all due to
+ * By returning 1 here we should remove cacheing of unused
- * potential attached semantics to directory traversal (walk).
+ * dentry components.
- *
- * FUTURE: look into how to use dcache to allow multi-stage
- * walks in Plan 9 & potential for better dcache operation which
- * would remain valid for Plan 9 semantics.  Older versions
- * had validation via stat for those interested.  However, since
- * stat has the same approximate overhead as walk there really
- * is no difference.  The only improvement would be from a
- * time-decay cache like NFS has and that undermines the
- * synchronous nature of 9P2000.
 *
 */
-static int v9fs_dentry_validate(struct dentry *dentry, struct nameidata *nd)
+int v9fs_dentry_delete(struct dentry *dentry)
 {
-        struct dentry *dc = current->fs->pwd;
+        dprintk(DEBUG_VFS, " dentry: %s (%p)\n", dentry->d_iname, dentry);
+        return 1;
-        dprintk(DEBUG_VFS, "dentry: %s (%p)\n", dentry->d_iname, dentry);
-        if (v9fs_fid_lookup(dentry)) {
-                dprintk(DEBUG_VFS, "VALID\n");
-                return 1;
-        }
-        while (dc != NULL) {
-                if (dc == dentry) {
-                        dprintk(DEBUG_VFS, "VALID\n");
-                        return 1;
-                }
-                if (dc == dc->d_parent)
-                        break;
-                dc = dc->d_parent;
-        }
-        dprintk(DEBUG_VFS, "INVALID\n");
-        return 0;
 }
 /**
@@ -118,6 +89,6 @@ void v9fs_dentry_release(struct dentry *dentry)
 }
 struct dentry_operations v9fs_dentry_operations = {
-        .d_revalidate = v9fs_dentry_validate,
+        .d_delete = v9fs_dentry_delete,
        .d_release = v9fs_dentry_release,
 };
diff --git a/fs/9p/vfs_file.c b/fs/9p/vfs_file.c
index c7e14d917215..de3a129698da 100644
--- a/fs/9p/vfs_file.c
+++ b/fs/9p/vfs_file.c
@@ -53,94 +53,70 @@
 int v9fs_file_open(struct inode *inode, struct file *file)
 {
        struct v9fs_session_info *v9ses = v9fs_inode2v9ses(inode);
-        struct v9fs_fid *v9fid, *fid;
+        struct v9fs_fid *vfid;
        struct v9fs_fcall *fcall = NULL;
-        int open_mode = 0;
+        int omode;
-        unsigned int iounit = 0;
+        int fid = V9FS_NOFID;
-        int newfid = -1;
+        int err;
-        long result = -1;
        dprintk(DEBUG_VFS, "inode: %p file: %p \n", inode, file);
-        v9fid = v9fs_fid_get_created(file->f_dentry);
+        vfid = v9fs_fid_lookup(file->f_dentry);
-        if (!v9fid)
+        if (!vfid) {
-                v9fid = v9fs_fid_lookup(file->f_dentry);
-        if (!v9fid) {
                dprintk(DEBUG_ERROR, "Couldn't resolve fid from dentry\n");
                return -EBADF;
        }
-        if (!v9fid->fidcreate) {
+        fid = v9fs_get_idpool(&v9ses->fidpool);
-                fid = kmalloc(sizeof(struct v9fs_fid), GFP_KERNEL);
+        if (fid < 0) {
-                if (fid == NULL) {
-                        dprintk(DEBUG_ERROR, "Out of Memory\n");
-                        return -ENOMEM;
-                }
-                fid->fidopen = 0;
-                fid->fidcreate = 0;
-                fid->fidclunked = 0;
-                fid->iounit = 0;
-                fid->v9ses = v9ses;
-                newfid = v9fs_get_idpool(&v9ses->fidpool);
-                if (newfid < 0) {
                        eprintk(KERN_WARNING, "newfid fails!\n");
                        return -ENOSPC;
                }
-                result =
+        err = v9fs_t_walk(v9ses, vfid->fid, fid, NULL, NULL);
-                    v9fs_t_walk(v9ses, v9fid->fid, newfid, NULL, NULL);
+        if (err < 0) {
-                if (result < 0) {
-                        v9fs_put_idpool(newfid, &v9ses->fidpool);
                        dprintk(DEBUG_ERROR, "rewalk didn't work\n");
-                        return -EBADF;
+                goto put_fid;
+        }
+        vfid = kmalloc(sizeof(struct v9fs_fid), GFP_KERNEL);
+        if (vfid == NULL) {
+                dprintk(DEBUG_ERROR, "out of memory\n");
+                goto clunk_fid;
                }
-                fid->fid = newfid;
-                v9fid = fid;
                /* TODO: do special things for O_EXCL, O_NOFOLLOW, O_SYNC */
                /* translate open mode appropriately */
-                open_mode = file->f_flags & 0x3;
+        omode = v9fs_uflags2omode(file->f_flags);
+        err = v9fs_t_open(v9ses, fid, omode, &fcall);
+        if (err < 0) {
+                PRINT_FCALL_ERROR("open failed", fcall);
+                goto destroy_vfid;
+        }
-                if (file->f_flags & O_EXCL)
+        file->private_data = vfid;
-                        open_mode |= V9FS_OEXCL;
+        vfid->fid = fid;
+        vfid->fidopen = 1;
+        vfid->fidclunked = 0;
+        vfid->iounit = fcall->params.ropen.iounit;
+        vfid->rdir_pos = 0;
+        vfid->rdir_fcall = NULL;
+        vfid->filp = file;
+        kfree(fcall);
-                if (v9ses->extended) {
+        return 0;
-                        if (file->f_flags & O_TRUNC)
-                                open_mode |= V9FS_OTRUNC;
-                        if (file->f_flags & O_APPEND)
+destroy_vfid:
-                                open_mode |= V9FS_OAPPEND;
+        v9fs_fid_destroy(vfid);
-                }
-                result = v9fs_t_open(v9ses, newfid, open_mode, &fcall);
+clunk_fid:
-                if (result < 0) {
+        v9fs_t_clunk(v9ses, fid);
-                        PRINT_FCALL_ERROR("open failed", fcall);
-                        kfree(fcall);
-                        return result;
-                }
-                iounit = fcall->params.ropen.iounit;
+put_fid:
+        v9fs_put_idpool(fid, &v9ses->fidpool);
                kfree(fcall);
-        } else {
-                /* create case */
-                newfid = v9fid->fid;
-                iounit = v9fid->iounit;
-                v9fid->fidcreate = 0;
-        }
-        file->private_data = v9fid;
-        v9fid->rdir_pos = 0;
-        v9fid->rdir_fcall = NULL;
-        v9fid->fidopen = 1;
-        v9fid->filp = file;
-        v9fid->iounit = iounit;
-        return 0;
+        return err;
 }
 /**
@@ -289,9 +265,7 @@ v9fs_file_write(struct file *filp, const char __user * data,
                total += result;
        } while (count);
-        if(inode->i_mapping->nrpages)
                invalidate_inode_pages2(inode->i_mapping);
        return total;
 }
diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c
index 63e5b0398e8b..3ad8455f8577 100644
--- a/fs/9p/vfs_inode.c
+++ b/fs/9p/vfs_inode.c
@@ -125,6 +125,38 @@ static int p9mode2unixmode(struct v9fs_session_info *v9ses, int mode)
        return res;
 }
+int v9fs_uflags2omode(int uflags)
+{
+        int ret;
+        ret = 0;
+        switch (uflags&3) {
+        default:
+        case O_RDONLY:
+                ret = V9FS_OREAD;
+                break;
+        case O_WRONLY:
+                ret = V9FS_OWRITE;
+                break;
+        case O_RDWR:
+                ret = V9FS_ORDWR;
+                break;
+        }
+        if (uflags & O_EXCL)
+                ret |= V9FS_OEXCL;
+        if (uflags & O_TRUNC)
+                ret |= V9FS_OTRUNC;
+        if (uflags & O_APPEND)
+                ret |= V9FS_OAPPEND;
+        return ret;
+}
 /**
 * v9fs_blank_wstat - helper function to setup a 9P stat structure
 * @v9ses: 9P session info (for determining extended mode)
@@ -163,7 +195,7 @@ v9fs_blank_wstat(struct v9fs_wstat *wstat)
 struct inode *v9fs_get_inode(struct super_block *sb, int mode)
 {
-        struct inode *inode = NULL;
+        struct inode *inode;
        struct v9fs_session_info *v9ses = sb->s_fs_info;
        dprintk(DEBUG_VFS, "super block: %p mode: %o\n", sb, mode);
@@ -222,171 +254,133 @@ struct inode *v9fs_get_inode(struct super_block *sb, int mode)
        return inode;
 }
-/**
- * v9fs_create - helper function to create files and directories
- * @dir: directory inode file is being created in
- * @file_dentry: dentry file is being created in
- * @perm: permissions file is being created with
- * @open_mode: resulting open mode for file
- *
- */
 static int
-v9fs_create(struct inode *dir,
+v9fs_create(struct v9fs_session_info *v9ses, u32 pfid, char *name,
-            struct dentry *file_dentry,
+        u32 perm, u8 mode, u32 *fidp, struct v9fs_qid *qid, u32 *iounit)
-            unsigned int perm, unsigned int open_mode)
 {
-        struct v9fs_session_info *v9ses = v9fs_inode2v9ses(dir);
+        u32 fid;
-        struct super_block *sb = dir->i_sb;
-        struct v9fs_fid *dirfid =
-            v9fs_fid_lookup(file_dentry->d_parent);
-        struct v9fs_fid *fid = NULL;
-        struct inode *file_inode = NULL;
-        struct v9fs_fcall *fcall = NULL;
-        struct v9fs_qid qid;
-        int dirfidnum = -1;
-        long newfid = -1;
-        int result = 0;
-        unsigned int iounit = 0;
-        int wfidno = -1;
        int err;
+        struct v9fs_fcall *fcall;
-        perm = unixmode2p9mode(v9ses, perm);
+        fid = v9fs_get_idpool(&v9ses->fidpool);
+        if (fid < 0) {
-        dprintk(DEBUG_VFS, "dir: %p dentry: %p perm: %o mode: %o\n", dir,
-                file_dentry, perm, open_mode);
-        if (!dirfid)
-                return -EBADF;
-        dirfidnum = dirfid->fid;
-        if (dirfidnum < 0) {
-                dprintk(DEBUG_ERROR, "No fid for the directory #%lu\n",
-                        dir->i_ino);
-                return -EBADF;
-        }
-        if (file_dentry->d_inode) {
-                dprintk(DEBUG_ERROR,
-                        "Odd. There is an inode for dir %lu, name :%s:\n",
-                        dir->i_ino, file_dentry->d_name.name);
-                return -EEXIST;
-        }
-        newfid = v9fs_get_idpool(&v9ses->fidpool);
-        if (newfid < 0) {
                eprintk(KERN_WARNING, "no free fids available\n");
                return -ENOSPC;
        }
-        result = v9fs_t_walk(v9ses, dirfidnum, newfid, NULL, &fcall);
+        err = v9fs_t_walk(v9ses, pfid, fid, NULL, &fcall);
-        if (result < 0) {
+        if (err < 0) {
                PRINT_FCALL_ERROR("clone error", fcall);
-                v9fs_put_idpool(newfid, &v9ses->fidpool);
+                goto error;
-                newfid = -1;
-                goto CleanUpFid;
        }
        kfree(fcall);
-        fcall = NULL;
-        result = v9fs_t_create(v9ses, newfid, (char *)file_dentry->d_name.name,
+        err = v9fs_t_create(v9ses, fid, name, perm, mode, &fcall);
-                               perm, open_mode, &fcall);
+        if (err < 0) {
-        if (result < 0) {
                PRINT_FCALL_ERROR("create fails", fcall);
-                goto CleanUpFid;
+                goto error;
        }
-        iounit = fcall->params.rcreate.iounit;
+        if (iounit)
-        qid = fcall->params.rcreate.qid;
+                *iounit = fcall->params.rcreate.iounit;
+        if (qid)
+                *qid = fcall->params.rcreate.qid;
+        if (fidp)
+                *fidp = fid;
        kfree(fcall);
-        fcall = NULL;
+        return 0;
-        if (!(perm&V9FS_DMDIR)) {
+error:
-                fid = v9fs_fid_create(file_dentry, v9ses, newfid, 1);
+        if (fid >= 0)
-                dprintk(DEBUG_VFS, "fid %p %d\n", fid, fid->fidcreate);
+                v9fs_put_idpool(fid, &v9ses->fidpool);
-                if (!fid) {
-                        result = -ENOMEM;
-                        goto CleanUpFid;
-                }
-                fid->qid = qid;
+        kfree(fcall);
-                fid->iounit = iounit;
+        return err;
-        } else {
+}
-                err = v9fs_t_clunk(v9ses, newfid);
-                newfid = -1;
+static struct v9fs_fid*
-                if (err < 0)
+v9fs_clone_walk(struct v9fs_session_info *v9ses, u32 fid, struct dentry *dentry)
-                        dprintk(DEBUG_ERROR, "clunk for mkdir failed: %d\n", err);
+{
-        }
+        int err;
+        u32 nfid;
+        struct v9fs_fid *ret;
+        struct v9fs_fcall *fcall;
-        /* walk to the newly created file and put the fid in the dentry */
+        nfid = v9fs_get_idpool(&v9ses->fidpool);
-        wfidno = v9fs_get_idpool(&v9ses->fidpool);
+        if (nfid < 0) {
-        if (wfidno < 0) {
                eprintk(KERN_WARNING, "no free fids available\n");
-                return -ENOSPC;
+                return ERR_PTR(-ENOSPC);
        }
-        result = v9fs_t_walk(v9ses, dirfidnum, wfidno,
+        err = v9fs_t_walk(v9ses, fid, nfid, (char *) dentry->d_name.name,
-                (char *) file_dentry->d_name.name, &fcall);
+                &fcall);
-        if (result < 0) {
-                PRINT_FCALL_ERROR("clone error", fcall);
+        if (err < 0) {
-                v9fs_put_idpool(wfidno, &v9ses->fidpool);
+                PRINT_FCALL_ERROR("walk error", fcall);
-                wfidno = -1;
+                v9fs_put_idpool(nfid, &v9ses->fidpool);
-                goto CleanUpFid;
+                goto error;
        }
        kfree(fcall);
        fcall = NULL;
+        ret = v9fs_fid_create(v9ses, nfid);
+        if (!ret) {
+                err = -ENOMEM;
+                goto clunk_fid;
+        }
-        if (!v9fs_fid_create(file_dentry, v9ses, wfidno, 0)) {
+        err = v9fs_fid_insert(ret, dentry);
-                v9fs_put_idpool(wfidno, &v9ses->fidpool);
+        if (err < 0) {
+                v9fs_fid_destroy(ret);
-                goto CleanUpFid;
+                goto clunk_fid;
        }
-        if ((perm & V9FS_DMSYMLINK) || (perm & V9FS_DMLINK) ||
+        return ret;
-            (perm & V9FS_DMNAMEDPIPE) || (perm & V9FS_DMSOCKET) ||
-            (perm & V9FS_DMDEVICE))
-                return 0;
-        result = v9fs_t_stat(v9ses, wfidno, &fcall);
+clunk_fid:
-        if (result < 0) {
+        v9fs_t_clunk(v9ses, nfid);
-                PRINT_FCALL_ERROR("stat error", fcall);
-                goto CleanUpFid;
-        }
+error:
+        kfree(fcall);
+        return ERR_PTR(err);
+}
-        file_inode = v9fs_get_inode(sb,
+struct inode *
-                p9mode2unixmode(v9ses, fcall->params.rstat.stat.mode));
+v9fs_inode_from_fid(struct v9fs_session_info *v9ses, u32 fid,
+        struct super_block *sb)
+{
+        int err, umode;
+        struct inode *ret;
+        struct v9fs_fcall *fcall;
-        if ((!file_inode) || IS_ERR(file_inode)) {
+        ret = NULL;
-                dprintk(DEBUG_ERROR, "create inode failed\n");
+        err = v9fs_t_stat(v9ses, fid, &fcall);
-                result = -EBADF;
+        if (err) {
-                goto CleanUpFid;
+                PRINT_FCALL_ERROR("stat error", fcall);
+                goto error;
        }
-        v9fs_stat2inode(&fcall->params.rstat.stat, file_inode, sb);
+        umode = p9mode2unixmode(v9ses, fcall->params.rstat.stat.mode);
-        kfree(fcall);
+        ret = v9fs_get_inode(sb, umode);
-        fcall = NULL;
+        if (IS_ERR(ret)) {
-        file_dentry->d_op = &v9fs_dentry_operations;
+                err = PTR_ERR(ret);
-        d_instantiate(file_dentry, file_inode);
+                ret = NULL;
+                goto error;
+        }
-        return 0;
+        v9fs_stat2inode(&fcall->params.rstat.stat, ret, sb);
+        kfree(fcall);
+        return ret;
-      CleanUpFid:
+error:
        kfree(fcall);
-        fcall = NULL;
+        if (ret)
+                iput(ret);
-        if (newfid >= 0) {
+        return ERR_PTR(err);
-                err = v9fs_t_clunk(v9ses, newfid);
-                if (err < 0)
-                        dprintk(DEBUG_ERROR, "clunk failed: %d\n", err);
-        }
-        if (wfidno >= 0) {
-                err = v9fs_t_clunk(v9ses, wfidno);
-                if (err < 0)
-                        dprintk(DEBUG_ERROR, "clunk failed: %d\n", err);
-        }
-        return result;
 }
 /**
@@ -440,20 +434,97 @@ static int v9fs_remove(struct inode *dir, struct dentry *file, int rmdir)
        return result;
 }
+static int
+v9fs_open_created(struct inode *inode, struct file *file)
+{
+        return 0;
+}
 /**
 * v9fs_vfs_create - VFS hook to create files
 * @inode: directory inode that is being deleted
 * @dentry:  dentry that is being deleted
- * @perm: create permissions
+ * @mode: create permissions
 * @nd: path information
 *
 */
 static int
-v9fs_vfs_create(struct inode *inode, struct dentry *dentry, int perm,
+v9fs_vfs_create(struct inode *dir, struct dentry *dentry, int mode,
                struct nameidata *nd)
 {
-        return v9fs_create(inode, dentry, perm, O_RDWR);
+        int err;
+        u32 fid, perm, iounit;
+        int flags;
+        struct v9fs_session_info *v9ses;
+        struct v9fs_fid *dfid, *vfid, *ffid;
+        struct inode *inode;
+        struct v9fs_qid qid;
+        struct file *filp;
+        inode = NULL;
+        vfid = NULL;
+        v9ses = v9fs_inode2v9ses(dir);
+        dfid = v9fs_fid_lookup(dentry->d_parent);
+        perm = unixmode2p9mode(v9ses, mode);
+        if (nd && nd->flags & LOOKUP_OPEN)
+                flags = nd->intent.open.flags - 1;
+        else
+                flags = O_RDWR;
+        err = v9fs_create(v9ses, dfid->fid, (char *) dentry->d_name.name,
+                perm, v9fs_uflags2omode(flags), &fid, &qid, &iounit);
+        if (err)
+                goto error;
+        vfid = v9fs_clone_walk(v9ses, dfid->fid, dentry);
+        if (IS_ERR(vfid)) {
+                err = PTR_ERR(vfid);
+                vfid = NULL;
+                goto error;
+        }
+        inode = v9fs_inode_from_fid(v9ses, vfid->fid, dir->i_sb);
+        if (IS_ERR(inode)) {
+                err = PTR_ERR(inode);
+                inode = NULL;
+                goto error;
+        }
+        dentry->d_op = &v9fs_dentry_operations;
+        d_instantiate(dentry, inode);
+        if (nd && nd->flags & LOOKUP_OPEN) {
+                ffid = v9fs_fid_create(v9ses, fid);
+                if (!ffid)
+                        return -ENOMEM;
+                filp = lookup_instantiate_filp(nd, dentry, v9fs_open_created);
+                if (IS_ERR(filp)) {
+                        v9fs_fid_destroy(ffid);
+                        return PTR_ERR(filp);
+                }
+                ffid->rdir_pos = 0;
+                ffid->rdir_fcall = NULL;
+                ffid->fidopen = 1;
+                ffid->iounit = iounit;
+                ffid->filp = filp;
+                filp->private_data = ffid;
+        }
+        return 0;
+error:
+        if (vfid)
+                v9fs_fid_destroy(vfid);
+        if (inode)
+                iput(inode);
+        return err;
 }
 /**
@@ -464,9 +535,57 @@ v9fs_vfs_create(struct inode *inode, struct dentry *dentry, int perm,
 *
 */
-static int v9fs_vfs_mkdir(struct inode *inode, struct dentry *dentry, int mode)
+static int v9fs_vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
 {
-        return v9fs_create(inode, dentry, mode | S_IFDIR, O_RDONLY);
+        int err;
+        u32 fid, perm;
+        struct v9fs_session_info *v9ses;
+        struct v9fs_fid *dfid, *vfid;
+        struct inode *inode;
+        inode = NULL;
+        vfid = NULL;
+        v9ses = v9fs_inode2v9ses(dir);
+        dfid = v9fs_fid_lookup(dentry->d_parent);
+        perm = unixmode2p9mode(v9ses, mode | S_IFDIR);
+        err = v9fs_create(v9ses, dfid->fid, (char *) dentry->d_name.name,
+                perm, V9FS_OREAD, &fid, NULL, NULL);
+        if (err) {
+                dprintk(DEBUG_ERROR, "create error %d\n", err);
+                goto error;
+        }
+        err = v9fs_t_clunk(v9ses, fid);
+        if (err) {
+                dprintk(DEBUG_ERROR, "clunk error %d\n", err);
+                goto error;
+        }
+        vfid = v9fs_clone_walk(v9ses, dfid->fid, dentry);
+        if (IS_ERR(vfid)) {
+                err = PTR_ERR(vfid);
+                vfid = NULL;
+                goto error;
+        }
+        inode = v9fs_inode_from_fid(v9ses, vfid->fid, dir->i_sb);
+        if (IS_ERR(inode)) {
+                err = PTR_ERR(inode);
+                inode = NULL;
+                goto error;
+        }
+        dentry->d_op = &v9fs_dentry_operations;
+        d_instantiate(dentry, inode);
+        return 0;
+error:
+        if (vfid)
+                v9fs_fid_destroy(vfid);
+        return err;
 }
 /**
@@ -491,7 +610,7 @@ static struct dentry *v9fs_vfs_lookup(struct inode *dir, struct dentry *dentry,
        int result = 0;
        dprintk(DEBUG_VFS, "dir: %p dentry: (%s) %p nameidata: %p\n",
-                dir, dentry->d_iname, dentry, nameidata);
+                dir, dentry->d_name.name, dentry, nameidata);
        sb = dir->i_sb;
        v9ses = v9fs_inode2v9ses(dir);
@@ -516,9 +635,8 @@ static struct dentry *v9fs_vfs_lookup(struct inode *dir, struct dentry *dentry,
                return ERR_PTR(-ENOSPC);
        }
-        result =
+        result = v9fs_t_walk(v9ses, dirfidnum, newfid,
-            v9fs_t_walk(v9ses, dirfidnum, newfid, (char *)dentry->d_name.name,
+                (char *)dentry->d_name.name, NULL);
-                        NULL);
        if (result < 0) {
                v9fs_put_idpool(newfid, &v9ses->fidpool);
                if (result == -ENOENT) {
@@ -551,13 +669,17 @@ static struct dentry *v9fs_vfs_lookup(struct inode *dir, struct dentry *dentry,
        inode->i_ino = v9fs_qid2ino(&fcall->params.rstat.stat.qid);
-        fid = v9fs_fid_create(dentry, v9ses, newfid, 0);
+        fid = v9fs_fid_create(v9ses, newfid);
        if (fid == NULL) {
                dprintk(DEBUG_ERROR, "couldn't insert\n");
                result = -ENOMEM;
                goto FreeFcall;
        }
+        result = v9fs_fid_insert(fid, dentry);
+        if (result < 0)
+                goto FreeFcall;
        fid->qid = fcall->params.rstat.stat.qid;
        dentry->d_op = &v9fs_dentry_operations;
@@ -886,8 +1008,8 @@ static int v9fs_readlink(struct dentry *dentry, char *buffer, int buflen)
        }
        /* copy extension buffer into buffer */
-        if (fcall->params.rstat.stat.extension.len+1 < buflen)
+        if (fcall->params.rstat.stat.extension.len < buflen)
-                buflen = fcall->params.rstat.stat.extension.len + 1;
+                buflen = fcall->params.rstat.stat.extension.len;
        memcpy(buffer, fcall->params.rstat.stat.extension.str, buflen - 1);
        buffer[buflen-1] = 0;
@@ -951,7 +1073,7 @@ static void *v9fs_vfs_follow_link(struct dentry *dentry, struct nameidata *nd)
        if (!link)
                link = ERR_PTR(-ENOMEM);
        else {
-                len = v9fs_readlink(dentry, link, PATH_MAX);
+                len = v9fs_readlink(dentry, link, strlen(link));
                if (len < 0) {
                        __putname(link);
@@ -983,53 +1105,75 @@ static void v9fs_vfs_put_link(struct dentry *dentry, struct nameidata *nd, void
 static int v9fs_vfs_mkspecial(struct inode *dir, struct dentry *dentry,
        int mode, const char *extension)
 {
-        int err, retval;
+        int err;
+        u32 fid, perm;
        struct v9fs_session_info *v9ses;
+        struct v9fs_fid *dfid, *vfid;
+        struct inode *inode;
        struct v9fs_fcall *fcall;
-        struct v9fs_fid *fid;
        struct v9fs_wstat wstat;
-        v9ses = v9fs_inode2v9ses(dir);
-        retval = -EPERM;
        fcall = NULL;
+        inode = NULL;
+        vfid = NULL;
+        v9ses = v9fs_inode2v9ses(dir);
+        dfid = v9fs_fid_lookup(dentry->d_parent);
+        perm = unixmode2p9mode(v9ses, mode);
        if (!v9ses->extended) {
                dprintk(DEBUG_ERROR, "not extended\n");
-                goto free_mem;
+                return -EPERM;
        }
-        /* issue a create */
+        err = v9fs_create(v9ses, dfid->fid, (char *) dentry->d_name.name,
-        retval = v9fs_create(dir, dentry, mode, 0);
+                perm, V9FS_OREAD, &fid, NULL, NULL);
-        if (retval != 0)
-                goto free_mem;
-        fid = v9fs_fid_get_created(dentry);
+        if (err)
-        if (!fid) {
+                goto error;
-                dprintk(DEBUG_ERROR, "couldn't resolve fid from dentry\n");
-                goto free_mem;
+        err = v9fs_t_clunk(v9ses, fid);
+        if (err)
+                goto error;
+        vfid = v9fs_clone_walk(v9ses, dfid->fid, dentry);
+        if (IS_ERR(vfid)) {
+                err = PTR_ERR(vfid);
+                vfid = NULL;
+                goto error;
+        }
+        inode = v9fs_inode_from_fid(v9ses, vfid->fid, dir->i_sb);
+        if (IS_ERR(inode)) {
+                err = PTR_ERR(inode);
+                inode = NULL;
+                goto error;
        }
        /* issue a Twstat */
        v9fs_blank_wstat(&wstat);
        wstat.muid = v9ses->name;
        wstat.extension = (char *) extension;
-        retval = v9fs_t_wstat(v9ses, fid->fid, &wstat, &fcall);
+        err = v9fs_t_wstat(v9ses, vfid->fid, &wstat, &fcall);
-        if (retval < 0) {
-                PRINT_FCALL_ERROR("wstat error", fcall);
-                goto free_mem;
-        }
-        err = v9fs_t_clunk(v9ses, fid->fid);
        if (err < 0) {
-                dprintk(DEBUG_ERROR, "clunk failed: %d\n", err);
+                PRINT_FCALL_ERROR("wstat error", fcall);
-                goto free_mem;
+                goto error;
        }
-        d_drop(dentry);         /* FID - will this also clunk? */
+        kfree(fcall);
+        dentry->d_op = &v9fs_dentry_operations;
+        d_instantiate(dentry, inode);
+        return 0;
-free_mem:
+error:
        kfree(fcall);
-        return retval;
+        if (vfid)
+                v9fs_fid_destroy(vfid);
+        if (inode)
+                iput(inode);
+        return err;
 }
 /**
diff --git a/fs/9p/vfs_super.c b/fs/9p/vfs_super.c
index 2c4fa75be025..d05318fa684e 100644
--- a/fs/9p/vfs_super.c
+++ b/fs/9p/vfs_super.c
@@ -146,7 +146,6 @@ static struct super_block *v9fs_get_sb(struct file_system_type
        inode->i_gid = gid;
        root = d_alloc_root(inode);
        if (!root) {
                retval = -ENOMEM;
                goto put_back_sb;
@@ -158,15 +157,20 @@ static struct super_block *v9fs_get_sb(struct file_system_type
        if (stat_result < 0) {
                dprintk(DEBUG_ERROR, "stat error\n");
                v9fs_t_clunk(v9ses, newfid);
-                v9fs_put_idpool(newfid, &v9ses->fidpool);
        } else {
                /* Setup the Root Inode */
-                root_fid = v9fs_fid_create(root, v9ses, newfid, 0);
+                root_fid = v9fs_fid_create(v9ses, newfid);
                if (root_fid == NULL) {
                        retval = -ENOMEM;
                        goto put_back_sb;
                }
+                retval = v9fs_fid_insert(root_fid, root);
+                if (retval < 0) {
+                        kfree(fcall);
+                        goto put_back_sb;
+                }
                root_fid->qid = fcall->params.rstat.stat.qid;
                root->d_inode->i_ino =
                    v9fs_qid2ino(&fcall->params.rstat.stat.qid);
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 1b117a441298..c2eac2a50bd2 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -938,6 +938,11 @@ static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs)
                kfree(elf_interpreter);
        } else {
                elf_entry = loc->elf_ex.e_entry;
+                if (BAD_ADDR(elf_entry)) {
+                        send_sig(SIGSEGV, current, 0);
+                        retval = -ENOEXEC; /* Nobody gets to see this, but.. */
+                        goto out_free_dentry;
+                }
        }
        kfree(elf_phdata);
diff --git a/fs/buffer.c b/fs/buffer.c
index 62cfd17dc5fe..a9b399402007 100644
--- a/fs/buffer.c
+++ b/fs/buffer.c
@@ -3060,6 +3060,7 @@ int buffer_migrate_page(struct page *newpage, struct page *page)
 {
        struct address_space *mapping = page->mapping;
        struct buffer_head *bh, *head;
+        int rc;
        if (!mapping)
                return -EAGAIN;
@@ -3069,8 +3070,9 @@ int buffer_migrate_page(struct page *newpage, struct page *page)
        head = page_buffers(page);
-        if (migrate_page_remove_references(newpage, page, 3))
+        rc = migrate_page_remove_references(newpage, page, 3);
-                return -EAGAIN;
+        if (rc)
+                return rc;
        bh = head;
        do {
diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h
index 3c03aadaff0c..7b25463d3c14 100644
--- a/fs/cifs/cifsproto.h
+++ b/fs/cifs/cifsproto.h
@@ -52,7 +52,7 @@ extern int SendReceive2(const unsigned int /* xid */ , struct cifsSesInfo *,
                        int * /* type of buf returned */ , const int long_op);
 extern int checkSMBhdr(struct smb_hdr *smb, __u16 mid);
 extern int checkSMB(struct smb_hdr *smb, __u16 mid, int length);
-extern int is_valid_oplock_break(struct smb_hdr *smb);
+extern int is_valid_oplock_break(struct smb_hdr *smb, struct TCP_Server_Info *);
 extern int is_size_safe_to_change(struct cifsInodeInfo *);
 extern struct cifsFileInfo *find_writable_file(struct cifsInodeInfo *);
 extern unsigned int smbCalcSize(struct smb_hdr *ptr);
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index 217323b0c896..b41e8b379652 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -1048,13 +1048,14 @@ CIFSSMBRead(const int xid, struct cifsTconInfo *tcon,
                        cifs_small_buf_release(iov[0].iov_base);
                else if(resp_buf_type == CIFS_LARGE_BUFFER)
                        cifs_buf_release(iov[0].iov_base);
-        } else /* return buffer to caller to free */ /* BB FIXME how do we tell caller if it is not a large buffer */ {
+        } else if(resp_buf_type != CIFS_NO_BUFFER) {
-                *buf = iov[0].iov_base;
+                /* return buffer to caller to free */ 
+                *buf = iov[0].iov_base;         
                if(resp_buf_type == CIFS_SMALL_BUFFER)
                        *pbuf_type = CIFS_SMALL_BUFFER;
                else if(resp_buf_type == CIFS_LARGE_BUFFER)
                        *pbuf_type = CIFS_LARGE_BUFFER;
-        }
+        } /* else no valid buffer on return - leave as null */
        /* Note: On -EAGAIN error only caller can retry on handle based calls
                since file handle passed in no longer valid */
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index e488603fb1e7..2a0c1f4ca0ae 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -630,7 +630,7 @@ multi_t2_fnd:
                                        smallbuf = NULL;
                        }
                        wake_up_process(task_to_wake);
-                } else if ((is_valid_oplock_break(smb_buffer) == FALSE)
+                } else if ((is_valid_oplock_break(smb_buffer, server) == FALSE)
                    && (isMultiRsp == FALSE)) {                          
                        cERROR(1, ("No task to wake, unknown frame rcvd!"));
                        cifs_dump_mem("Received Data is: ",(char *)smb_buffer,
@@ -1795,10 +1795,10 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
                           conjunction with 52K kvec constraint on arch with 4K
                           page size  */
-                if(cifs_sb->rsize < PAGE_CACHE_SIZE) {
+                if(cifs_sb->rsize < 2048) {
-                        cifs_sb->rsize = PAGE_CACHE_SIZE; 
+                        cifs_sb->rsize = 2048; 
-                        /* Windows ME does this */
+                        /* Windows ME may prefer this */
-                        cFYI(1,("Attempt to set readsize for mount to less than one page (4096)"));
+                        cFYI(1,("readsize set to minimum 2048"));
                }
                cifs_sb->mnt_uid = volume_info.linux_uid;
                cifs_sb->mnt_gid = volume_info.linux_gid;
diff --git a/fs/cifs/file.c b/fs/cifs/file.c
index d17c97d07c80..675bd2568297 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -1442,13 +1442,15 @@ ssize_t cifs_user_read(struct file *file, char __user *read_data,
                                         &bytes_read, &smb_read_data,
                                         &buf_type);
                        pSMBr = (struct smb_com_read_rsp *)smb_read_data;
-                        if (copy_to_user(current_offset, 
-                                         smb_read_data + 4 /* RFC1001 hdr */
-                                         + le16_to_cpu(pSMBr->DataOffset), 
-                                         bytes_read)) {
-                                rc = -EFAULT;
-                        }
                        if (smb_read_data) {
+                                if (copy_to_user(current_offset,
+                                                smb_read_data +
+                                                4 /* RFC1001 length field */ +
+                                                le16_to_cpu(pSMBr->DataOffset),
+                                                bytes_read)) {
+                                        rc = -EFAULT;
+                                }
                                if(buf_type == CIFS_SMALL_BUFFER)
                                        cifs_small_buf_release(smb_read_data);
                                else if(buf_type == CIFS_LARGE_BUFFER)
diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c
index 812c6bb0fe38..432ba15e2c2d 100644
--- a/fs/cifs/misc.c
+++ b/fs/cifs/misc.c
@@ -475,7 +475,7 @@ checkSMB(struct smb_hdr *smb, __u16 mid, int length)
        return 0;
 }
 int
-is_valid_oplock_break(struct smb_hdr *buf)
+is_valid_oplock_break(struct smb_hdr *buf, struct TCP_Server_Info *srv)
 {    
        struct smb_com_lock_req * pSMB = (struct smb_com_lock_req *)buf;
        struct list_head *tmp;
@@ -535,7 +535,7 @@ is_valid_oplock_break(struct smb_hdr *buf)
        read_lock(&GlobalSMBSeslock);
        list_for_each(tmp, &GlobalTreeConnectionList) {
                tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
-                if (tcon->tid == buf->Tid) {
+                if ((tcon->tid == buf->Tid) && (srv == tcon->ses->server)) {
                        cifs_stats_inc(&tcon->num_oplock_brks);
                        list_for_each(tmp1,&tcon->openFileList){
                                netfile = list_entry(tmp1,struct cifsFileInfo,
diff --git a/fs/compat.c b/fs/compat.c
index 70c5af4cc270..5333c7d7427f 100644
--- a/fs/compat.c
+++ b/fs/compat.c
@@ -1751,11 +1751,15 @@ asmlinkage long compat_sys_select(int n, compat_ulong_t __user *inp,
        ret = compat_core_sys_select(n, inp, outp, exp, &timeout);
        if (tvp) {
+                struct compat_timeval rtv;
                if (current->personality & STICKY_TIMEOUTS)
                        goto sticky;
-                tv.tv_usec = jiffies_to_usecs(do_div((*(u64*)&timeout), HZ));
+                rtv.tv_usec = jiffies_to_usecs(do_div((*(u64*)&timeout), HZ));
-                tv.tv_sec = timeout;
+                rtv.tv_sec = timeout;
-                if (copy_to_user(tvp, &tv, sizeof(tv))) {
+                if (compat_timeval_compare(&rtv, &tv) >= 0)
+                        rtv = tv;
+                if (copy_to_user(tvp, &rtv, sizeof(rtv))) {
 sticky:
                        /*
                         * If an application puts its timeval in read-only
@@ -1822,13 +1826,17 @@ asmlinkage long compat_sys_pselect7(int n, compat_ulong_t __user *inp,
        } while (!ret && !timeout && tsp && (ts.tv_sec || ts.tv_nsec));
        if (tsp && !(current->personality & STICKY_TIMEOUTS)) {
-                ts.tv_sec += timeout / HZ;
+                struct compat_timespec rts;
-                ts.tv_nsec += (timeout % HZ) * (1000000000/HZ);
-                if (ts.tv_nsec >= 1000000000) {
+                rts.tv_sec = timeout / HZ;
-                        ts.tv_sec++;
+                rts.tv_nsec = (timeout % HZ) * (NSEC_PER_SEC/HZ);
-                        ts.tv_nsec -= 1000000000;
+                if (rts.tv_nsec >= NSEC_PER_SEC) {
+                        rts.tv_sec++;
+                        rts.tv_nsec -= NSEC_PER_SEC;
                }
-                (void)copy_to_user(tsp, &ts, sizeof(ts));
+                if (compat_timespec_compare(&rts, &ts) >= 0)
+                        rts = ts;
+                copy_to_user(tsp, &rts, sizeof(rts));
        }
        if (ret == -ERESTARTNOHAND) {
@@ -1918,12 +1926,17 @@ asmlinkage long compat_sys_ppoll(struct pollfd __user *ufds,
                sigprocmask(SIG_SETMASK, &sigsaved, NULL);
        if (tsp && timeout >= 0) {
+                struct compat_timespec rts;
                if (current->personality & STICKY_TIMEOUTS)
                        goto sticky;
                /* Yes, we know it's actually an s64, but it's also positive. */
-                ts.tv_nsec = jiffies_to_usecs(do_div((*(u64*)&timeout), HZ)) * 1000;
+                rts.tv_nsec = jiffies_to_usecs(do_div((*(u64*)&timeout), HZ)) *
-                ts.tv_sec = timeout;
+                                        1000;
-                if (copy_to_user(tsp, &ts, sizeof(ts))) {
+                rts.tv_sec = timeout;
+                if (compat_timespec_compare(&rts, &ts) >= 0)
+                        rts = ts;
+                if (copy_to_user(tsp, &rts, sizeof(rts))) {
 sticky:
                        /*
                         * If an application puts its timeval in read-only
diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c
index 057e60217fc5..c666769a875d 100644
--- a/fs/compat_ioctl.c
+++ b/fs/compat_ioctl.c
@@ -446,7 +446,7 @@ static int dev_ifconf(unsigned int fd, unsigned int cmd, unsigned long arg)
        ifr = ifc.ifc_req;
        ifr32 = compat_ptr(ifc32.ifcbuf);
        for (i = 0, j = 0;
-             i + sizeof (struct ifreq32) < ifc32.ifc_len && j < ifc.ifc_len;
+             i + sizeof (struct ifreq32) <= ifc32.ifc_len && j < ifc.ifc_len;
             i += sizeof (struct ifreq32), j += sizeof (struct ifreq)) {
                if (copy_in_user(ifr32, ifr, sizeof (struct ifreq32)))
                        return -EFAULT;
@@ -2531,18 +2531,9 @@ static int rtc_ioctl(unsigned fd, unsigned cmd, unsigned long arg)
                val32 = kval;
                return put_user(val32, (unsigned int __user *)arg);
        case RTC_IRQP_SET32:
+                return sys_ioctl(fd, RTC_IRQP_SET, arg); 
        case RTC_EPOCH_SET32:
-                ret = get_user(val32, (unsigned int __user *)arg);
+                return sys_ioctl(fd, RTC_EPOCH_SET, arg);
-                if (ret)
-                        return ret;
-                kval = val32;
-                set_fs(KERNEL_DS);
-                ret = sys_ioctl(fd, (cmd == RTC_IRQP_SET32) ?
-                                RTC_IRQP_SET : RTC_EPOCH_SET,
-                                (unsigned long)&kval);
-                set_fs(oldfs);
-                return ret;
        default:
                /* unreached */
                return -ENOIOCTLCMD;
diff --git a/fs/cramfs/inode.c b/fs/cramfs/inode.c
index 7fe85415ae7c..8ad52f5bf255 100644
--- a/fs/cramfs/inode.c
+++ b/fs/cramfs/inode.c
@@ -36,7 +36,7 @@ static DECLARE_MUTEX(read_mutex);
 /* These two macros may change in future, to provide better st_ino
   semantics. */
-#define CRAMINO(x)      ((x)->offset?(x)->offset<<2:1)
+#define CRAMINO(x)      (((x)->offset && (x)->size)?(x)->offset<<2:1)
 #define OFFSET(x)       ((x)->i_ino)
@@ -66,8 +66,36 @@ static int cramfs_iget5_test(struct inode *inode, void *opaque)
 static int cramfs_iget5_set(struct inode *inode, void *opaque)
 {
+        static struct timespec zerotime;
        struct cramfs_inode *cramfs_inode = opaque;
+        inode->i_mode = cramfs_inode->mode;
+        inode->i_uid = cramfs_inode->uid;
+        inode->i_size = cramfs_inode->size;
+        inode->i_blocks = (cramfs_inode->size - 1) / 512 + 1;
+        inode->i_blksize = PAGE_CACHE_SIZE;
+        inode->i_gid = cramfs_inode->gid;
+        /* Struct copy intentional */
+        inode->i_mtime = inode->i_atime = inode->i_ctime = zerotime;
        inode->i_ino = CRAMINO(cramfs_inode);
+        /* inode->i_nlink is left 1 - arguably wrong for directories,
+           but it's the best we can do without reading the directory
+           contents.  1 yields the right result in GNU find, even
+           without -noleaf option. */
+        if (S_ISREG(inode->i_mode)) {
+                inode->i_fop = &generic_ro_fops;
+                inode->i_data.a_ops = &cramfs_aops;
+        } else if (S_ISDIR(inode->i_mode)) {
+                inode->i_op = &cramfs_dir_inode_operations;
+                inode->i_fop = &cramfs_directory_operations;
+        } else if (S_ISLNK(inode->i_mode)) {
+                inode->i_op = &page_symlink_inode_operations;
+                inode->i_data.a_ops = &cramfs_aops;
+        } else {
+                inode->i_size = 0;
+                inode->i_blocks = 0;
+                init_special_inode(inode, inode->i_mode,
+                        old_decode_dev(cramfs_inode->size));
+        }
        return 0;
 }
@@ -77,37 +105,7 @@ static struct inode *get_cramfs_inode(struct super_block *sb,
        struct inode *inode = iget5_locked(sb, CRAMINO(cramfs_inode),
                                            cramfs_iget5_test, cramfs_iget5_set,
                                            cramfs_inode);
-        static struct timespec zerotime;
        if (inode && (inode->i_state & I_NEW)) {
-                inode->i_mode = cramfs_inode->mode;
-                inode->i_uid = cramfs_inode->uid;
-                inode->i_size = cramfs_inode->size;
-                inode->i_blocks = (cramfs_inode->size - 1) / 512 + 1;
-                inode->i_blksize = PAGE_CACHE_SIZE;
-                inode->i_gid = cramfs_inode->gid;
-                /* Struct copy intentional */
-                inode->i_mtime = inode->i_atime = inode->i_ctime = zerotime;
-                inode->i_ino = CRAMINO(cramfs_inode);
-                /* inode->i_nlink is left 1 - arguably wrong for directories,
-                   but it's the best we can do without reading the directory
-                   contents.  1 yields the right result in GNU find, even
-                   without -noleaf option. */
-                if (S_ISREG(inode->i_mode)) {
-                        inode->i_fop = &generic_ro_fops;
-                        inode->i_data.a_ops = &cramfs_aops;
-                } else if (S_ISDIR(inode->i_mode)) {
-                        inode->i_op = &cramfs_dir_inode_operations;
-                        inode->i_fop = &cramfs_directory_operations;
-                } else if (S_ISLNK(inode->i_mode)) {
-                        inode->i_op = &page_symlink_inode_operations;
-                        inode->i_data.a_ops = &cramfs_aops;
-                } else {
-                        inode->i_size = 0;
-                        inode->i_blocks = 0;
-                        init_special_inode(inode, inode->i_mode,
-                                old_decode_dev(cramfs_inode->size));
-                }
                unlock_new_inode(inode);
        }
        return inode;
diff --git a/fs/dcache.c b/fs/dcache.c
index a173bba32666..11dc83092d4a 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -1736,7 +1736,7 @@ void __init vfs_caches_init(unsigned long mempages)
                        SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL, NULL);
        filp_cachep = kmem_cache_create("filp", sizeof(struct file), 0,
-                        SLAB_HWCACHE_ALIGN|SLAB_PANIC, filp_ctor, filp_dtor);
+                        SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL, NULL);
        dcache_init(mempages);
        inode_init(mempages);
diff --git a/fs/direct-io.c b/fs/direct-io.c
index 848044af7e16..27f3e787faca 100644
--- a/fs/direct-io.c
+++ b/fs/direct-io.c
@@ -1155,15 +1155,16 @@ direct_io_worker(int rw, struct kiocb *iocb, struct inode *inode,
 * For writes, i_mutex is not held on entry; it is never taken.
 *
 * DIO_LOCKING (simple locking for regular files)
- * For writes we are called under i_mutex and return with i_mutex held, even though
+ * For writes we are called under i_mutex and return with i_mutex held, even
- * it is internally dropped.
+ * though it is internally dropped.
 * For reads, i_mutex is not held on entry, but it is taken and dropped before
 * returning.
 *
 * DIO_OWN_LOCKING (filesystem provides synchronisation and handling of
 *      uninitialised data, allowing parallel direct readers and writers)
 * For writes we are called without i_mutex, return without it, never touch it.
- * For reads, i_mutex is held on entry and will be released before returning.
+ * For reads we are called under i_mutex and return with i_mutex held, even
+ * though it may be internally dropped.
 *
 * Additional i_alloc_sem locking requirements described inline below.
 */
@@ -1182,7 +1183,8 @@ __blockdev_direct_IO(int rw, struct kiocb *iocb, struct inode *inode,
        ssize_t retval = -EINVAL;
        loff_t end = offset;
        struct dio *dio;
-        int reader_with_isem = (rw == READ && dio_lock_type == DIO_OWN_LOCKING);
+        int release_i_mutex = 0;
+        int acquire_i_mutex = 0;
        if (rw & WRITE)
                current->flags |= PF_SYNCWRITE;
@@ -1225,7 +1227,6 @@ __blockdev_direct_IO(int rw, struct kiocb *iocb, struct inode *inode,
         *      writers need to grab i_alloc_sem only (i_mutex is already held)
         * For regular files using DIO_OWN_LOCKING,
         *      neither readers nor writers take any locks here
-         *      (i_mutex is already held and release for writers here)
         */
        dio->lock_type = dio_lock_type;
        if (dio_lock_type != DIO_NO_LOCKING) {
@@ -1236,7 +1237,7 @@ __blockdev_direct_IO(int rw, struct kiocb *iocb, struct inode *inode,
                        mapping = iocb->ki_filp->f_mapping;
                        if (dio_lock_type != DIO_OWN_LOCKING) {
                                mutex_lock(&inode->i_mutex);
-                                reader_with_isem = 1;
+                                release_i_mutex = 1;
                        }
                        retval = filemap_write_and_wait_range(mapping, offset,
@@ -1248,7 +1249,7 @@ __blockdev_direct_IO(int rw, struct kiocb *iocb, struct inode *inode,
                        if (dio_lock_type == DIO_OWN_LOCKING) {
                                mutex_unlock(&inode->i_mutex);
-                                reader_with_isem = 0;
+                                acquire_i_mutex = 1;
                        }
                }
@@ -1269,11 +1270,13 @@ __blockdev_direct_IO(int rw, struct kiocb *iocb, struct inode *inode,
                                nr_segs, blkbits, get_blocks, end_io, dio);
        if (rw == READ && dio_lock_type == DIO_LOCKING)
-                reader_with_isem = 0;
+                release_i_mutex = 0;
 out:
-        if (reader_with_isem)
+        if (release_i_mutex)
                mutex_unlock(&inode->i_mutex);
+        else if (acquire_i_mutex)
+                mutex_lock(&inode->i_mutex);
        if (rw & WRITE)
                current->flags &= ~PF_SYNCWRITE;
        return retval;
diff --git a/fs/exec.c b/fs/exec.c
index 055378d2513e..0b515ac53134 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -885,6 +885,12 @@ int flush_old_exec(struct linux_binprm * bprm)
        current->flags &= ~PF_RANDOMIZE;
        flush_thread();
+        /* Set the new mm task size. We have to do that late because it may
+         * depend on TIF_32BIT which is only updated in flush_thread() on
+         * some architectures like powerpc
+         */
+        current->mm->task_size = TASK_SIZE;
        if (bprm->e_uid != current->euid || bprm->e_gid != current->egid || 
            file_permission(bprm->file, MAY_READ) ||
            (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)) {
@@ -1403,7 +1409,7 @@ static void zap_threads (struct mm_struct *mm)
                do_each_thread(g,p) {
                        if (mm == p->mm && p != tsk &&
                            p->ptrace && p->parent->mm == mm) {
-                                __ptrace_unlink(p);
+                                __ptrace_detach(p, 0);
                        }
                } while_each_thread(g,p);
                write_unlock_irq(&tasklist_lock);
diff --git a/fs/ext2/dir.c b/fs/ext2/dir.c
index 7442bdd1267a..b3dbd716cd3a 100644
--- a/fs/ext2/dir.c
+++ b/fs/ext2/dir.c
@@ -256,11 +256,10 @@ ext2_readdir (struct file * filp, void * dirent, filldir_t filldir)
        unsigned long npages = dir_pages(inode);
        unsigned chunk_mask = ~(ext2_chunk_size(inode)-1);
        unsigned char *types = NULL;
-        int need_revalidate = (filp->f_version != inode->i_version);
+        int need_revalidate = filp->f_version != inode->i_version;
-        int ret;
        if (pos > inode->i_size - EXT2_DIR_REC_LEN(1))
-                goto success;
+                return 0;
        if (EXT2_HAS_INCOMPAT_FEATURE(sb, EXT2_FEATURE_INCOMPAT_FILETYPE))
                types = ext2_filetype_table;
@@ -275,12 +274,15 @@ ext2_readdir (struct file * filp, void * dirent, filldir_t filldir)
                                   "bad page in #%lu",
                                   inode->i_ino);
                        filp->f_pos += PAGE_CACHE_SIZE - offset;
-                        ret = -EIO;
+                        return -EIO;
-                        goto done;
                }
                kaddr = page_address(page);
-                if (need_revalidate) {
+                if (unlikely(need_revalidate)) {
-                        offset = ext2_validate_entry(kaddr, offset, chunk_mask);
+                        if (offset) {
+                                offset = ext2_validate_entry(kaddr, offset, chunk_mask);
+                                filp->f_pos = (n<<PAGE_CACHE_SHIFT) + offset;
+                        }
+                        filp->f_version = inode->i_version;
                        need_revalidate = 0;
                }
                de = (ext2_dirent *)(kaddr+offset);
@@ -289,9 +291,8 @@ ext2_readdir (struct file * filp, void * dirent, filldir_t filldir)
                        if (de->rec_len == 0) {
                                ext2_error(sb, __FUNCTION__,
                                        "zero-length directory entry");
-                                ret = -EIO;
                                ext2_put_page(page);
-                                goto done;
+                                return -EIO;
                        }
                        if (de->inode) {
                                int over;
@@ -306,19 +307,14 @@ ext2_readdir (struct file * filp, void * dirent, filldir_t filldir)
                                                le32_to_cpu(de->inode), d_type);
                                if (over) {
                                        ext2_put_page(page);
-                                        goto success;
+                                        return 0;
                                }
                        }
                        filp->f_pos += le16_to_cpu(de->rec_len);
                }
                ext2_put_page(page);
        }
+        return 0;
-success:
-        ret = 0;
-done:
-        filp->f_version = inode->i_version;
-        return ret;
 }
 /*
diff --git a/fs/ext2/xattr.c b/fs/ext2/xattr.c
index a2ca3107d475..86ae8e93adb9 100644
--- a/fs/ext2/xattr.c
+++ b/fs/ext2/xattr.c
@@ -792,18 +792,20 @@ ext2_xattr_delete_inode(struct inode *inode)
                ext2_free_blocks(inode, EXT2_I(inode)->i_file_acl, 1);
                get_bh(bh);
                bforget(bh);
+                unlock_buffer(bh);
        } else {
                HDR(bh)->h_refcount = cpu_to_le32(
                        le32_to_cpu(HDR(bh)->h_refcount) - 1);
                if (ce)
                        mb_cache_entry_release(ce);
+                ea_bdebug(bh, "refcount now=%d",
+                        le32_to_cpu(HDR(bh)->h_refcount));
+                unlock_buffer(bh);
                mark_buffer_dirty(bh);
                if (IS_SYNC(inode))
                        sync_dirty_buffer(bh);
                DQUOT_FREE_BLOCK(inode, 1);
        }
-        ea_bdebug(bh, "refcount now=%d", le32_to_cpu(HDR(bh)->h_refcount) - 1);
-        unlock_buffer(bh);
        EXT2_I(inode)->i_file_acl = 0;
 cleanup:
diff --git a/fs/ext3/inode.c b/fs/ext3/inode.c
index 3fc4238e9703..0384e539b88f 100644
--- a/fs/ext3/inode.c
+++ b/fs/ext3/inode.c
@@ -1624,15 +1624,14 @@ static int ext3_block_truncate_page(handle_t *handle, struct page *page,
         * For "nobh" option,  we can only work if we don't need to
         * read-in the page - otherwise we create buffers to do the IO.
         */
-        if (!page_has_buffers(page) && test_opt(inode->i_sb, NOBH)) {
+        if (!page_has_buffers(page) && test_opt(inode->i_sb, NOBH) &&
-                if (PageUptodate(page)) {
+             ext3_should_writeback_data(inode) && PageUptodate(page)) {
-                        kaddr = kmap_atomic(page, KM_USER0);
+                kaddr = kmap_atomic(page, KM_USER0);
-                        memset(kaddr + offset, 0, length);
+                memset(kaddr + offset, 0, length);
-                        flush_dcache_page(page);
+                flush_dcache_page(page);
-                        kunmap_atomic(kaddr, KM_USER0);
+                kunmap_atomic(kaddr, KM_USER0);
-                        set_page_dirty(page);
+                set_page_dirty(page);
-                        goto unlock;
+                goto unlock;
-                }
        }
        if (!page_has_buffers(page))
diff --git a/fs/ext3/namei.c b/fs/ext3/namei.c
index 8bd8ac077704..b8f5cd1e540d 100644
--- a/fs/ext3/namei.c
+++ b/fs/ext3/namei.c
@@ -2141,7 +2141,8 @@ retry:
                 * We have a transaction open.  All is sweetness.  It also sets
                 * i_size in generic_commit_write().
                 */
-                err = page_symlink(inode, symname, l);
+                err = __page_symlink(inode, symname, l,
+                                mapping_gfp_mask(inode->i_mapping) & ~__GFP_FS);
                if (err) {
                        ext3_dec_count(handle, inode);
                        ext3_mark_inode_dirty(handle, inode);
diff --git a/fs/fifo.c b/fs/fifo.c
index 923371b753ab..d13fcd3ec803 100644
--- a/fs/fifo.c
+++ b/fs/fifo.c
@@ -34,10 +34,7 @@ static int fifo_open(struct inode *inode, struct file *filp)
 {
        int ret;
-        ret = -ERESTARTSYS;
+        mutex_lock(PIPE_MUTEX(*inode));
-        if (mutex_lock_interruptible(PIPE_MUTEX(*inode)))
-                goto err_nolock_nocleanup;
        if (!inode->i_pipe) {
                ret = -ENOMEM;
                if(!pipe_new(inode))
@@ -140,8 +137,6 @@ err:
 err_nocleanup:
        mutex_unlock(PIPE_MUTEX(*inode));
-err_nolock_nocleanup:
        return ret;
 }
diff --git a/fs/file_table.c b/fs/file_table.c
index 768b58167543..44fabeaa9415 100644
--- a/fs/file_table.c
+++ b/fs/file_table.c
@@ -5,6 +5,7 @@
 *  Copyright (C) 1997 David S. Miller (davem@caip.rutgers.edu)
 */
+#include <linux/config.h>
 #include <linux/string.h>
 #include <linux/slab.h>
 #include <linux/file.h>
@@ -19,52 +20,67 @@
 #include <linux/capability.h>
 #include <linux/cdev.h>
 #include <linux/fsnotify.h>
+#include <linux/sysctl.h>
+#include <linux/percpu_counter.h>
+#include <asm/atomic.h>
 /* sysctl tunables... */
 struct files_stat_struct files_stat = {
        .max_files = NR_FILE
 };
-EXPORT_SYMBOL(files_stat); /* Needed by unix.o */
 /* public. Not pretty! */
- __cacheline_aligned_in_smp DEFINE_SPINLOCK(files_lock);
+__cacheline_aligned_in_smp DEFINE_SPINLOCK(files_lock);
-static DEFINE_SPINLOCK(filp_count_lock);
+static struct percpu_counter nr_files __cacheline_aligned_in_smp;
-/* slab constructors and destructors are called from arbitrary
+static inline void file_free_rcu(struct rcu_head *head)
- * context and must be fully threaded - use a local spinlock
- * to protect files_stat.nr_files
- */
-void filp_ctor(void *objp, struct kmem_cache *cachep, unsigned long cflags)
 {
-        if ((cflags & (SLAB_CTOR_VERIFY|SLAB_CTOR_CONSTRUCTOR)) ==
+        struct file *f =  container_of(head, struct file, f_u.fu_rcuhead);
-            SLAB_CTOR_CONSTRUCTOR) {
+        kmem_cache_free(filp_cachep, f);
-                unsigned long flags;
-                spin_lock_irqsave(&filp_count_lock, flags);
-                files_stat.nr_files++;
-                spin_unlock_irqrestore(&filp_count_lock, flags);
-        }
 }
-void filp_dtor(void *objp, struct kmem_cache *cachep, unsigned long dflags)
+static inline void file_free(struct file *f)
 {
-        unsigned long flags;
+        percpu_counter_dec(&nr_files);
-        spin_lock_irqsave(&filp_count_lock, flags);
+        call_rcu(&f->f_u.fu_rcuhead, file_free_rcu);
-        files_stat.nr_files--;
-        spin_unlock_irqrestore(&filp_count_lock, flags);
 }
-static inline void file_free_rcu(struct rcu_head *head)
+/*
+ * Return the total number of open files in the system
+ */
+static int get_nr_files(void)
 {
-        struct file *f =  container_of(head, struct file, f_u.fu_rcuhead);
+        return percpu_counter_read_positive(&nr_files);
-        kmem_cache_free(filp_cachep, f);
 }
-static inline void file_free(struct file *f)
+/*
+ * Return the maximum number of open files in the system
+ */
+int get_max_files(void)
 {
-        call_rcu(&f->f_u.fu_rcuhead, file_free_rcu);
+        return files_stat.max_files;
 }
+EXPORT_SYMBOL_GPL(get_max_files);
+/*
+ * Handle nr_files sysctl
+ */
+#if defined(CONFIG_SYSCTL) && defined(CONFIG_PROC_FS)
+int proc_nr_files(ctl_table *table, int write, struct file *filp,
+                     void __user *buffer, size_t *lenp, loff_t *ppos)
+{
+        files_stat.nr_files = get_nr_files();
+        return proc_dointvec(table, write, filp, buffer, lenp, ppos);
+}
+#else
+int proc_nr_files(ctl_table *table, int write, struct file *filp,
+                     void __user *buffer, size_t *lenp, loff_t *ppos)
+{
+        return -ENOSYS;
+}
+#endif
 /* Find an unused file structure and return a pointer to it.
 * Returns NULL, if there are no more free file structures or
@@ -78,14 +94,20 @@ struct file *get_empty_filp(void)
        /*
         * Privileged users can go above max_files
         */
-        if (files_stat.nr_files >= files_stat.max_files &&
+        if (get_nr_files() >= files_stat.max_files && !capable(CAP_SYS_ADMIN)) {
-                                !capable(CAP_SYS_ADMIN))
+                /*
-                goto over;
+                 * percpu_counters are inaccurate.  Do an expensive check before
+                 * we go and fail.
+                 */
+                if (percpu_counter_sum(&nr_files) >= files_stat.max_files)
+                        goto over;
+        }
        f = kmem_cache_alloc(filp_cachep, GFP_KERNEL);
        if (f == NULL)
                goto fail;
+        percpu_counter_inc(&nr_files);
        memset(f, 0, sizeof(*f));
        if (security_file_alloc(f))
                goto fail_sec;
@@ -101,10 +123,10 @@ struct file *get_empty_filp(void)
 over:
        /* Ran out of filps - report that */
-        if (files_stat.nr_files > old_max) {
+        if (get_nr_files() > old_max) {
                printk(KERN_INFO "VFS: file-max limit %d reached\n",
-                                        files_stat.max_files);
+                                        get_max_files());
-                old_max = files_stat.nr_files;
+                old_max = get_nr_files();
        }
        goto fail;
@@ -276,4 +298,5 @@ void __init files_init(unsigned long mempages)
        if (files_stat.max_files < NR_FILE)
                files_stat.max_files = NR_FILE;
        files_defer_init();
+        percpu_counter_init(&nr_files);
 } 
diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
index f556a0d5c0d3..0c9a2ee54c91 100644
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -66,6 +66,12 @@ static void restore_sigs(sigset_t *oldset)
        sigprocmask(SIG_SETMASK, oldset, NULL);
 }
+/*
+ * Reset request, so that it can be reused
+ *
+ * The caller must be _very_ careful to make sure, that it is holding
+ * the only reference to req
+ */
 void fuse_reset_request(struct fuse_req *req)
 {
        int preallocated = req->preallocated;
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
index 21fd59c7bc24..c72a8a97935c 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -111,6 +111,8 @@ static int fuse_dentry_revalidate(struct dentry *entry, struct nameidata *nd)
                /* Doesn't hurt to "reset" the validity timeout */
                fuse_invalidate_entry_cache(entry);
+                /* For negative dentries, always do a fresh lookup */
                if (!inode)
                        return 0;
@@ -122,6 +124,9 @@ static int fuse_dentry_revalidate(struct dentry *entry, struct nameidata *nd)
                fuse_lookup_init(req, entry->d_parent->d_inode, entry, &outarg);
                request_send(fc, req);
                err = req->out.h.error;
+                /* Zero nodeid is same as -ENOENT */
+                if (!err && !outarg.nodeid)
+                        err = -ENOENT;
                if (!err) {
                        struct fuse_inode *fi = get_fuse_inode(inode);
                        if (outarg.nodeid != get_node_id(inode)) {
@@ -190,8 +195,9 @@ static struct dentry *fuse_lookup(struct inode *dir, struct dentry *entry,
        fuse_lookup_init(req, dir, entry, &outarg);
        request_send(fc, req);
        err = req->out.h.error;
-        if (!err && ((outarg.nodeid && invalid_nodeid(outarg.nodeid)) ||
+        /* Zero nodeid is same as -ENOENT, but with valid timeout */
-                     !valid_mode(outarg.attr.mode)))
+        if (!err && outarg.nodeid &&
+            (invalid_nodeid(outarg.nodeid) || !valid_mode(outarg.attr.mode)))
                err = -EIO;
        if (!err && outarg.nodeid) {
                inode = fuse_iget(dir->i_sb, outarg.nodeid, outarg.generation,
diff --git a/fs/fuse/file.c b/fs/fuse/file.c
index 296351615b00..6f05379b0a0d 100644
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -116,9 +116,14 @@ int fuse_open_common(struct inode *inode, struct file *file, int isdir)
 /* Special case for failed iget in CREATE */
 static void fuse_release_end(struct fuse_conn *fc, struct fuse_req *req)
 {
-        u64 nodeid = req->in.h.nodeid;
+        /* If called from end_io_requests(), req has more than one
-        fuse_reset_request(req);
+           reference and fuse_reset_request() cannot work */
-        fuse_send_forget(fc, req, nodeid, 1);
+        if (fc->connected) {
+                u64 nodeid = req->in.h.nodeid;
+                fuse_reset_request(req);
+                fuse_send_forget(fc, req, nodeid, 1);
+        } else
+                fuse_put_request(fc, req);
 }
 void fuse_send_release(struct fuse_conn *fc, struct fuse_file *ff,
diff --git a/fs/jbd/checkpoint.c b/fs/jbd/checkpoint.c
index e6265a0b56b8..543ed543d1e5 100644
--- a/fs/jbd/checkpoint.c
+++ b/fs/jbd/checkpoint.c
@@ -24,75 +24,29 @@
 #include <linux/slab.h>
 /*
- * Unlink a buffer from a transaction checkpoint list.
+ * Unlink a buffer from a transaction.
 *
 * Called with j_list_lock held.
 */
-static void __buffer_unlink_first(struct journal_head *jh)
+static inline void __buffer_unlink(struct journal_head *jh)
 {
        transaction_t *transaction;
        transaction = jh->b_cp_transaction;
+        jh->b_cp_transaction = NULL;
        jh->b_cpnext->b_cpprev = jh->b_cpprev;
        jh->b_cpprev->b_cpnext = jh->b_cpnext;
-        if (transaction->t_checkpoint_list == jh) {
+        if (transaction->t_checkpoint_list == jh)
                transaction->t_checkpoint_list = jh->b_cpnext;
-                if (transaction->t_checkpoint_list == jh)
+        if (transaction->t_checkpoint_list == jh)
-                        transaction->t_checkpoint_list = NULL;
+                transaction->t_checkpoint_list = NULL;
-        }
-}
-/*
- * Unlink a buffer from a transaction checkpoint(io) list.
- *
- * Called with j_list_lock held.
- */
-static inline void __buffer_unlink(struct journal_head *jh)
-{
-        transaction_t *transaction;
-        transaction = jh->b_cp_transaction;
-        __buffer_unlink_first(jh);
-        if (transaction->t_checkpoint_io_list == jh) {
-                transaction->t_checkpoint_io_list = jh->b_cpnext;
-                if (transaction->t_checkpoint_io_list == jh)
-                        transaction->t_checkpoint_io_list = NULL;
-        }
-}
-/*
- * Move a buffer from the checkpoint list to the checkpoint io list
- *
- * Called with j_list_lock held
- */
-static inline void __buffer_relink_io(struct journal_head *jh)
-{
-        transaction_t *transaction;
-        transaction = jh->b_cp_transaction;
-        __buffer_unlink_first(jh);
-        if (!transaction->t_checkpoint_io_list) {
-                jh->b_cpnext = jh->b_cpprev = jh;
-        } else {
-                jh->b_cpnext = transaction->t_checkpoint_io_list;
-                jh->b_cpprev = transaction->t_checkpoint_io_list->b_cpprev;
-                jh->b_cpprev->b_cpnext = jh;
-                jh->b_cpnext->b_cpprev = jh;
-        }
-        transaction->t_checkpoint_io_list = jh;
 }
 /*
 * Try to release a checkpointed buffer from its transaction.
- * Returns 1 if we released it and 2 if we also released the
+ * Returns 1 if we released it.
- * whole transaction.
- *
 * Requires j_list_lock
 * Called under jbd_lock_bh_state(jh2bh(jh)), and drops it
 */
@@ -103,11 +57,12 @@ static int __try_to_free_cp_buf(struct journal_head *jh)
        if (jh->b_jlist == BJ_None && !buffer_locked(bh) && !buffer_dirty(bh)) {
                JBUFFER_TRACE(jh, "remove from checkpoint list");
-                ret = __journal_remove_checkpoint(jh) + 1;
+                __journal_remove_checkpoint(jh);
                jbd_unlock_bh_state(bh);
                journal_remove_journal_head(bh);
                BUFFER_TRACE(bh, "release");
                __brelse(bh);
+                ret = 1;
        } else {
                jbd_unlock_bh_state(bh);
        }
@@ -162,53 +117,83 @@ static void jbd_sync_bh(journal_t *journal, struct buffer_head *bh)
 }
 /*
- * Clean up transaction's list of buffers submitted for io.
+ * Clean up a transaction's checkpoint list.
- * We wait for any pending IO to complete and remove any clean
+ *
- * buffers. Note that we take the buffers in the opposite ordering
+ * We wait for any pending IO to complete and make sure any clean
- * from the one in which they were submitted for IO.
+ * buffers are removed from the transaction.
+ *
+ * Return 1 if we performed any actions which might have destroyed the
+ * checkpoint.  (journal_remove_checkpoint() deletes the transaction when
+ * the last checkpoint buffer is cleansed)
 *
 * Called with j_list_lock held.
 */
+static int __cleanup_transaction(journal_t *journal, transaction_t *transaction)
-static void __wait_cp_io(journal_t *journal, transaction_t *transaction)
 {
-        struct journal_head *jh;
+        struct journal_head *jh, *next_jh, *last_jh;
        struct buffer_head *bh;
-        tid_t this_tid;
+        int ret = 0;
-        int released = 0;
+        assert_spin_locked(&journal->j_list_lock);
-        this_tid = transaction->t_tid;
+        jh = transaction->t_checkpoint_list;
-restart:
+        if (!jh)
-        /* Didn't somebody clean up the transaction in the meanwhile */
+                return 0;
-        if (journal->j_checkpoint_transactions != transaction ||
-                transaction->t_tid != this_tid)
+        last_jh = jh->b_cpprev;
-                return;
+        next_jh = jh;
-        while (!released && transaction->t_checkpoint_io_list) {
+        do {
-                jh = transaction->t_checkpoint_io_list;
+                jh = next_jh;
                bh = jh2bh(jh);
-                if (!jbd_trylock_bh_state(bh)) {
-                        jbd_sync_bh(journal, bh);
-                        spin_lock(&journal->j_list_lock);
-                        goto restart;
-                }
                if (buffer_locked(bh)) {
                        atomic_inc(&bh->b_count);
                        spin_unlock(&journal->j_list_lock);
-                        jbd_unlock_bh_state(bh);
                        wait_on_buffer(bh);
                        /* the journal_head may have gone by now */
                        BUFFER_TRACE(bh, "brelse");
                        __brelse(bh);
-                        spin_lock(&journal->j_list_lock);
+                        goto out_return_1;
-                        goto restart;
                }
                /*
-                 * Now in whatever state the buffer currently is, we know that
+                 * This is foul
-                 * it has been written out and so we can drop it from the list
                 */
-                released = __journal_remove_checkpoint(jh);
+                if (!jbd_trylock_bh_state(bh)) {
-                jbd_unlock_bh_state(bh);
+                        jbd_sync_bh(journal, bh);
-        }
+                        goto out_return_1;
+                }
+                if (jh->b_transaction != NULL) {
+                        transaction_t *t = jh->b_transaction;
+                        tid_t tid = t->t_tid;
+                        spin_unlock(&journal->j_list_lock);
+                        jbd_unlock_bh_state(bh);
+                        log_start_commit(journal, tid);
+                        log_wait_commit(journal, tid);
+                        goto out_return_1;
+                }
+                /*
+                 * AKPM: I think the buffer_jbddirty test is redundant - it
+                 * shouldn't have NULL b_transaction?
+                 */
+                next_jh = jh->b_cpnext;
+                if (!buffer_dirty(bh) && !buffer_jbddirty(bh)) {
+                        BUFFER_TRACE(bh, "remove from checkpoint");
+                        __journal_remove_checkpoint(jh);
+                        jbd_unlock_bh_state(bh);
+                        journal_remove_journal_head(bh);
+                        __brelse(bh);
+                        ret = 1;
+                } else {
+                        jbd_unlock_bh_state(bh);
+                }
+        } while (jh != last_jh);
+        return ret;
+out_return_1:
+        spin_lock(&journal->j_list_lock);
+        return 1;
 }
 #define NR_BATCH        64
@@ -218,7 +203,9 @@ __flush_batch(journal_t *journal, struct buffer_head **bhs, int *batch_count)
 {
        int i;
+        spin_unlock(&journal->j_list_lock);
        ll_rw_block(SWRITE, *batch_count, bhs);
+        spin_lock(&journal->j_list_lock);
        for (i = 0; i < *batch_count; i++) {
                struct buffer_head *bh = bhs[i];
                clear_buffer_jwrite(bh);
@@ -234,46 +221,19 @@ __flush_batch(journal_t *journal, struct buffer_head **bhs, int *batch_count)
 * Return 1 if something happened which requires us to abort the current
 * scan of the checkpoint list.  
 *
- * Called with j_list_lock held and drops it if 1 is returned
+ * Called with j_list_lock held.
 * Called under jbd_lock_bh_state(jh2bh(jh)), and drops it
 */
-static int __process_buffer(journal_t *journal, struct journal_head *jh,
+static int __flush_buffer(journal_t *journal, struct journal_head *jh,
-                        struct buffer_head **bhs, int *batch_count)
+                        struct buffer_head **bhs, int *batch_count,
+                        int *drop_count)
 {
        struct buffer_head *bh = jh2bh(jh);
        int ret = 0;
-        if (buffer_locked(bh)) {
+        if (buffer_dirty(bh) && !buffer_locked(bh) && jh->b_jlist == BJ_None) {
-                get_bh(bh);
+                J_ASSERT_JH(jh, jh->b_transaction == NULL);
-                spin_unlock(&journal->j_list_lock);
-                jbd_unlock_bh_state(bh);
-                wait_on_buffer(bh);
-                /* the journal_head may have gone by now */
-                BUFFER_TRACE(bh, "brelse");
-                put_bh(bh);
-                ret = 1;
-        }
-        else if (jh->b_transaction != NULL) {
-                transaction_t *t = jh->b_transaction;
-                tid_t tid = t->t_tid;
-                spin_unlock(&journal->j_list_lock);
-                jbd_unlock_bh_state(bh);
-                log_start_commit(journal, tid);
-                log_wait_commit(journal, tid);
-                ret = 1;
-        }
-        else if (!buffer_dirty(bh)) {
-                J_ASSERT_JH(jh, !buffer_jbddirty(bh));
-                BUFFER_TRACE(bh, "remove from checkpoint");
-                __journal_remove_checkpoint(jh);
-                spin_unlock(&journal->j_list_lock);
-                jbd_unlock_bh_state(bh);
-                journal_remove_journal_head(bh);
-                put_bh(bh);
-                ret = 1;
-        }
-        else {
                /*
                 * Important: we are about to write the buffer, and
                 * possibly block, while still holding the journal lock.
@@ -286,30 +246,45 @@ static int __process_buffer(journal_t *journal, struct journal_head *jh,
                J_ASSERT_BH(bh, !buffer_jwrite(bh));
                set_buffer_jwrite(bh);
                bhs[*batch_count] = bh;
-                __buffer_relink_io(jh);
                jbd_unlock_bh_state(bh);
                (*batch_count)++;
                if (*batch_count == NR_BATCH) {
-                        spin_unlock(&journal->j_list_lock);
                        __flush_batch(journal, bhs, batch_count);
                        ret = 1;
                }
+        } else {
+                int last_buffer = 0;
+                if (jh->b_cpnext == jh) {
+                        /* We may be about to drop the transaction.  Tell the
+                         * caller that the lists have changed.
+                         */
+                        last_buffer = 1;
+                }
+                if (__try_to_free_cp_buf(jh)) {
+                        (*drop_count)++;
+                        ret = last_buffer;
+                }
        }
        return ret;
 }
 /*
- * Perform an actual checkpoint. We take the first transaction on the
+ * Perform an actual checkpoint.  We don't write out only enough to
- * list of transactions to be checkpointed and send all its buffers
+ * satisfy the current blocked requests: rather we submit a reasonably
- * to disk. We submit larger chunks of data at once.
+ * sized chunk of the outstanding data to disk at once for
+ * efficiency.  __log_wait_for_space() will retry if we didn't free enough.
 * 
+ * However, we _do_ take into account the amount requested so that once
+ * the IO has been queued, we can return as soon as enough of it has
+ * completed to disk.
+ *
 * The journal should be locked before calling this function.
 */
 int log_do_checkpoint(journal_t *journal)
 {
-        transaction_t *transaction;
-        tid_t this_tid;
        int result;
+        int batch_count = 0;
+        struct buffer_head *bhs[NR_BATCH];
        jbd_debug(1, "Start checkpoint\n");
@@ -324,70 +299,79 @@ int log_do_checkpoint(journal_t *journal)
                return result;
        /*
-         * OK, we need to start writing disk blocks.  Take one transaction
+         * OK, we need to start writing disk blocks.  Try to free up a
-         * and write it.
+         * quarter of the log in a single checkpoint if we can.
         */
-        spin_lock(&journal->j_list_lock);
-        if (!journal->j_checkpoint_transactions)
-                goto out;
-        transaction = journal->j_checkpoint_transactions;
-        this_tid = transaction->t_tid;
-restart:
        /*
-         * If someone cleaned up this transaction while we slept, we're
+         * AKPM: check this code.  I had a feeling a while back that it
-         * done (maybe it's a new transaction, but it fell at the same
+         * degenerates into a busy loop at unmount time.
-         * address).
         */
-        if (journal->j_checkpoint_transactions == transaction &&
+        spin_lock(&journal->j_list_lock);
-                        transaction->t_tid == this_tid) {
+        while (journal->j_checkpoint_transactions) {
-                int batch_count = 0;
+                transaction_t *transaction;
-                struct buffer_head *bhs[NR_BATCH];
+                struct journal_head *jh, *last_jh, *next_jh;
-                struct journal_head *jh;
+                int drop_count = 0;
-                int retry = 0;
+                int cleanup_ret, retry = 0;
+                tid_t this_tid;
-                while (!retry && transaction->t_checkpoint_list) {
+                transaction = journal->j_checkpoint_transactions;
+                this_tid = transaction->t_tid;
+                jh = transaction->t_checkpoint_list;
+                last_jh = jh->b_cpprev;
+                next_jh = jh;
+                do {
                        struct buffer_head *bh;
-                        jh = transaction->t_checkpoint_list;
+                        jh = next_jh;
+                        next_jh = jh->b_cpnext;
                        bh = jh2bh(jh);
                        if (!jbd_trylock_bh_state(bh)) {
                                jbd_sync_bh(journal, bh);
+                                spin_lock(&journal->j_list_lock);
                                retry = 1;
                                break;
                        }
-                        retry = __process_buffer(journal, jh, bhs,
+                        retry = __flush_buffer(journal, jh, bhs, &batch_count, &drop_count);
-                                                &batch_count);
+                        if (cond_resched_lock(&journal->j_list_lock)) {
-                        if (!retry &&
-                            lock_need_resched(&journal->j_list_lock)) {
-                                spin_unlock(&journal->j_list_lock);
                                retry = 1;
                                break;
                        }
-                }
+                } while (jh != last_jh && !retry);
                if (batch_count) {
-                        if (!retry) {
-                                spin_unlock(&journal->j_list_lock);
-                                retry = 1;
-                        }
                        __flush_batch(journal, bhs, &batch_count);
+                        retry = 1;
                }
-                if (retry) {
-                        spin_lock(&journal->j_list_lock);
-                        goto restart;
-                }
                /*
-                 * Now we have cleaned up the first transaction's checkpoint
+                 * If someone cleaned up this transaction while we slept, we're
-                 * list.  Let's clean up the second one.
+                 * done
+                 */
+                if (journal->j_checkpoint_transactions != transaction)
+                        break;
+                if (retry)
+                        continue;
+                /*
+                 * Maybe it's a new transaction, but it fell at the same
+                 * address
                 */
-                __wait_cp_io(journal, transaction);
+                if (transaction->t_tid != this_tid)
+                        continue;
+                /*
+                 * We have walked the whole transaction list without
+                 * finding anything to write to disk.  We had better be
+                 * able to make some progress or we are in trouble.
+                 */
+                cleanup_ret = __cleanup_transaction(journal, transaction);
+                J_ASSERT(drop_count != 0 || cleanup_ret != 0);
+                if (journal->j_checkpoint_transactions != transaction)
+                        break;
        }
-out:
        spin_unlock(&journal->j_list_lock);
        result = cleanup_journal_tail(journal);
        if (result < 0)
                return result;
        return 0;
 }
@@ -472,91 +456,52 @@ int cleanup_journal_tail(journal_t *journal)
 /* Checkpoint list management */
 /*
- * journal_clean_one_cp_list
- *
- * Find all the written-back checkpoint buffers in the given list and release them.
- *
- * Called with the journal locked.
- * Called with j_list_lock held.
- * Returns number of bufers reaped (for debug)
- */
-static int journal_clean_one_cp_list(struct journal_head *jh, int *released)
-{
-        struct journal_head *last_jh;
-        struct journal_head *next_jh = jh;
-        int ret, freed = 0;
-        *released = 0;
-        if (!jh)
-                return 0;
-        last_jh = jh->b_cpprev;
-        do {
-                jh = next_jh;
-                next_jh = jh->b_cpnext;
-                /* Use trylock because of the ranking */
-                if (jbd_trylock_bh_state(jh2bh(jh))) {
-                        ret = __try_to_free_cp_buf(jh);
-                        if (ret) {
-                                freed++;
-                                if (ret == 2) {
-                                        *released = 1;
-                                        return freed;
-                                }
-                        }
-                }
-                /*
-                 * This function only frees up some memory if possible so we
-                 * dont have an obligation to finish processing. Bail out if
-                 * preemption requested:
-                 */
-                if (need_resched())
-                        return freed;
-        } while (jh != last_jh);
-        return freed;
-}
-/*
 * journal_clean_checkpoint_list
 *
 * Find all the written-back checkpoint buffers in the journal and release them.
 *
 * Called with the journal locked.
 * Called with j_list_lock held.
- * Returns number of buffers reaped (for debug)
+ * Returns number of bufers reaped (for debug)
 */
 int __journal_clean_checkpoint_list(journal_t *journal)
 {
        transaction_t *transaction, *last_transaction, *next_transaction;
-        int ret = 0, released;
+        int ret = 0;
        transaction = journal->j_checkpoint_transactions;
-        if (!transaction)
+        if (transaction == 0)
                goto out;
        last_transaction = transaction->t_cpprev;
        next_transaction = transaction;
        do {
+                struct journal_head *jh;
                transaction = next_transaction;
                next_transaction = transaction->t_cpnext;
-                ret += journal_clean_one_cp_list(transaction->
+                jh = transaction->t_checkpoint_list;
-                                t_checkpoint_list, &released);
+                if (jh) {
-                if (need_resched())
+                        struct journal_head *last_jh = jh->b_cpprev;
-                        goto out;
+                        struct journal_head *next_jh = jh;
-                if (released)
-                        continue;
+                        do {
-                /*
+                                jh = next_jh;
-                 * It is essential that we are as careful as in the case of
+                                next_jh = jh->b_cpnext;
-                 * t_checkpoint_list with removing the buffer from the list as
+                                /* Use trylock because of the ranknig */
-                 * we can possibly see not yet submitted buffers on io_list
+                                if (jbd_trylock_bh_state(jh2bh(jh)))
-                 */
+                                        ret += __try_to_free_cp_buf(jh);
-                ret += journal_clean_one_cp_list(transaction->
+                                /*
-                                t_checkpoint_io_list, &released);
+                                 * This function only frees up some memory
-                if (need_resched())
+                                 * if possible so we dont have an obligation
-                        goto out;
+                                 * to finish processing. Bail out if preemption
+                                 * requested:
+                                 */
+                                if (need_resched())
+                                        goto out;
+                        } while (jh != last_jh);
+                }
        } while (transaction != last_transaction);
 out:
        return ret;
@@ -571,22 +516,18 @@ out:
 * buffer updates committed in that transaction have safely been stored
 * elsewhere on disk.  To achieve this, all of the buffers in a
 * transaction need to be maintained on the transaction's checkpoint
- * lists until they have been rewritten, at which point this function is
+ * list until they have been rewritten, at which point this function is
 * called to remove the buffer from the existing transaction's
- * checkpoint lists.
+ * checkpoint list.
- *
- * The function returns 1 if it frees the transaction, 0 otherwise.
 *
 * This function is called with the journal locked.
 * This function is called with j_list_lock held.
- * This function is called with jbd_lock_bh_state(jh2bh(jh))
 */
-int __journal_remove_checkpoint(struct journal_head *jh)
+void __journal_remove_checkpoint(struct journal_head *jh)
 {
        transaction_t *transaction;
        journal_t *journal;
-        int ret = 0;
        JBUFFER_TRACE(jh, "entry");
@@ -597,10 +538,8 @@ int __journal_remove_checkpoint(struct journal_head *jh)
        journal = transaction->t_journal;
        __buffer_unlink(jh);
-        jh->b_cp_transaction = NULL;
-        if (transaction->t_checkpoint_list != NULL ||
+        if (transaction->t_checkpoint_list != NULL)
-            transaction->t_checkpoint_io_list != NULL)
                goto out;
        JBUFFER_TRACE(jh, "transaction has no more buffers");
@@ -626,10 +565,8 @@ int __journal_remove_checkpoint(struct journal_head *jh)
        /* Just in case anybody was waiting for more transactions to be
           checkpointed... */
        wake_up(&journal->j_wait_logspace);
-        ret = 1;
 out:
        JBUFFER_TRACE(jh, "exit");
-        return ret;
 }
 /*
@@ -691,7 +628,6 @@ void __journal_drop_transaction(journal_t *journal, transaction_t *transaction)
        J_ASSERT(transaction->t_shadow_list == NULL);
        J_ASSERT(transaction->t_log_list == NULL);
        J_ASSERT(transaction->t_checkpoint_list == NULL);
-        J_ASSERT(transaction->t_checkpoint_io_list == NULL);
        J_ASSERT(transaction->t_updates == 0);
        J_ASSERT(journal->j_committing_transaction != transaction);
        J_ASSERT(journal->j_running_transaction != transaction);
diff --git a/fs/jbd/commit.c b/fs/jbd/commit.c
index 29e62d98bae6..002ad2bbc769 100644
--- a/fs/jbd/commit.c
+++ b/fs/jbd/commit.c
@@ -829,8 +829,7 @@ restart_loop:
        journal->j_committing_transaction = NULL;
        spin_unlock(&journal->j_state_lock);
-        if (commit_transaction->t_checkpoint_list == NULL &&
+        if (commit_transaction->t_checkpoint_list == NULL) {
-            commit_transaction->t_checkpoint_io_list == NULL) {
                __journal_drop_transaction(journal, commit_transaction);
        } else {
                if (journal->j_checkpoint_transactions == NULL) {
diff --git a/fs/jffs2/nodelist.c b/fs/jffs2/nodelist.c
index b635e167a3fa..d4d0c41490cd 100644
--- a/fs/jffs2/nodelist.c
+++ b/fs/jffs2/nodelist.c
@@ -406,7 +406,8 @@ static int check_node_data(struct jffs2_sb_info *c, struct jffs2_tmp_dnode_info
        int err = 0, pointed = 0;
        struct jffs2_eraseblock *jeb;
        unsigned char *buffer;
-        uint32_t crc, ofs, retlen, len;
+        uint32_t crc, ofs, len;
+        size_t retlen;
        BUG_ON(tn->csize == 0);
diff --git a/fs/jffs2/readinode.c b/fs/jffs2/readinode.c
index 5f0652df5d47..f1695642d0f7 100644
--- a/fs/jffs2/readinode.c
+++ b/fs/jffs2/readinode.c
@@ -112,7 +112,7 @@ static struct jffs2_raw_node_ref *jffs2_first_valid_node(struct jffs2_raw_node_r
 *          negative error code on failure.
 */
 static inline int read_direntry(struct jffs2_sb_info *c, struct jffs2_raw_node_ref *ref,
-                                struct jffs2_raw_dirent *rd, uint32_t read, struct jffs2_full_dirent **fdp,
+                                struct jffs2_raw_dirent *rd, size_t read, struct jffs2_full_dirent **fdp,
                                uint32_t *latest_mctime, uint32_t *mctime_ver)
 {
        struct jffs2_full_dirent *fd;
diff --git a/fs/jffs2/scan.c b/fs/jffs2/scan.c
index 3e51dd1da8aa..cf55b221fc2b 100644
--- a/fs/jffs2/scan.c
+++ b/fs/jffs2/scan.c
@@ -233,7 +233,7 @@ int jffs2_scan_medium(struct jffs2_sb_info *c)
                c->nextblock->dirty_size = 0;
        }
 #ifdef CONFIG_JFFS2_FS_WRITEBUFFER
-        if (!jffs2_can_mark_obsolete(c) && c->nextblock && (c->nextblock->free_size % c->wbuf_pagesize)) {
+        if (!jffs2_can_mark_obsolete(c) && c->wbuf_pagesize && c->nextblock && (c->nextblock->free_size % c->wbuf_pagesize)) {
                /* If we're going to start writing into a block which already
                   contains data, and the end of the data isn't page-aligned,
                   skip a little and align it. */
diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c
index 2967b7393415..79b5404db100 100644
--- a/fs/jfs/jfs_dmap.c
+++ b/fs/jfs/jfs_dmap.c
@@ -532,10 +532,10 @@ dbUpdatePMap(struct inode *ipbmap,
                lastlblkno = lblkno;
+                LOGSYNC_LOCK(log, flags);
                if (mp->lsn != 0) {
                        /* inherit older/smaller lsn */
                        logdiff(diffp, mp->lsn, log);
-                        LOGSYNC_LOCK(log, flags);
                        if (difft < diffp) {
                                mp->lsn = lsn;
@@ -548,20 +548,17 @@ dbUpdatePMap(struct inode *ipbmap,
                        logdiff(diffp, mp->clsn, log);
                        if (difft > diffp)
                                mp->clsn = tblk->clsn;
-                        LOGSYNC_UNLOCK(log, flags);
                } else {
                        mp->log = log;
                        mp->lsn = lsn;
                        /* insert bp after tblock in logsync list */
-                        LOGSYNC_LOCK(log, flags);
                        log->count++;
                        list_add(&mp->synclist, &tblk->synclist);
                        mp->clsn = tblk->clsn;
-                        LOGSYNC_UNLOCK(log, flags);
                }
+                LOGSYNC_UNLOCK(log, flags);
        }
        /* write the last buffer. */
diff --git a/fs/jfs/jfs_imap.c b/fs/jfs/jfs_imap.c
index 31b4aa13dd4b..4efa0d0eec39 100644
--- a/fs/jfs/jfs_imap.c
+++ b/fs/jfs/jfs_imap.c
@@ -2844,11 +2844,11 @@ diUpdatePMap(struct inode *ipimap,
         */
        lsn = tblk->lsn;
        log = JFS_SBI(tblk->sb)->log;
+        LOGSYNC_LOCK(log, flags);
        if (mp->lsn != 0) {
                /* inherit older/smaller lsn */
                logdiff(difft, lsn, log);
                logdiff(diffp, mp->lsn, log);
-                LOGSYNC_LOCK(log, flags);
                if (difft < diffp) {
                        mp->lsn = lsn;
                        /* move mp after tblock in logsync list */
@@ -2860,17 +2860,15 @@ diUpdatePMap(struct inode *ipimap,
                logdiff(diffp, mp->clsn, log);
                if (difft > diffp)
                        mp->clsn = tblk->clsn;
-                LOGSYNC_UNLOCK(log, flags);
        } else {
                mp->log = log;
                mp->lsn = lsn;
                /* insert mp after tblock in logsync list */
-                LOGSYNC_LOCK(log, flags);
                log->count++;
                list_add(&mp->synclist, &tblk->synclist);
                mp->clsn = tblk->clsn;
-                LOGSYNC_UNLOCK(log, flags);
        }
+        LOGSYNC_UNLOCK(log, flags);
        write_metapage(mp);
        return (0);
 }
diff --git a/fs/lockd/clntlock.c b/fs/lockd/clntlock.c
index 3eaf6e701087..da6354baa0b8 100644
--- a/fs/lockd/clntlock.c
+++ b/fs/lockd/clntlock.c
@@ -111,9 +111,10 @@ long nlmclnt_block(struct nlm_rqst *req, long timeout)
 /*
 * The server lockd has called us back to tell us the lock was granted
 */
-u32
+u32 nlmclnt_grant(const struct sockaddr_in *addr, const struct nlm_lock *lock)
-nlmclnt_grant(struct nlm_lock *lock)
 {
+        const struct file_lock *fl = &lock->fl;
+        const struct nfs_fh *fh = &lock->fh;
        struct nlm_wait *block;
        u32 res = nlm_lck_denied;
@@ -122,14 +123,20 @@ nlmclnt_grant(struct nlm_lock *lock)
         * Warning: must not use cookie to match it!
         */
        list_for_each_entry(block, &nlm_blocked, b_list) {
-                if (nlm_compare_locks(block->b_lock, &lock->fl)) {
+                struct file_lock *fl_blocked = block->b_lock;
-                        /* Alright, we found a lock. Set the return status
-                         * and wake up the caller
+                if (!nlm_compare_locks(fl_blocked, fl))
-                         */
+                        continue;
-                        block->b_status = NLM_LCK_GRANTED;
+                if (!nlm_cmp_addr(&block->b_host->h_addr, addr))
-                        wake_up(&block->b_wait);
+                        continue;
-                        res = nlm_granted;
+                if (nfs_compare_fh(NFS_FH(fl_blocked->fl_file->f_dentry->d_inode) ,fh) != 0)
-                }
+                        continue;
+                /* Alright, we found a lock. Set the return status
+                 * and wake up the caller
+                 */
+                block->b_status = NLM_LCK_GRANTED;
+                wake_up(&block->b_wait);
+                res = nlm_granted;
        }
        return res;
 }
diff --git a/fs/lockd/clntproc.c b/fs/lockd/clntproc.c
index 220058d8616d..970b6a6aa337 100644
--- a/fs/lockd/clntproc.c
+++ b/fs/lockd/clntproc.c
@@ -662,12 +662,18 @@ nlmclnt_unlock(struct nlm_rqst *req, struct file_lock *fl)
         * reclaimed while we're stuck in the unlock call. */
        fl->fl_u.nfs_fl.flags &= ~NFS_LCK_GRANTED;
+        /*
+         * Note: the server is supposed to either grant us the unlock
+         * request, or to deny it with NLM_LCK_DENIED_GRACE_PERIOD. In either
+         * case, we want to unlock.
+         */
+        do_vfs_lock(fl);
        if (req->a_flags & RPC_TASK_ASYNC) {
                status = nlmclnt_async_call(req, NLMPROC_UNLOCK,
                                        &nlmclnt_unlock_ops);
                /* Hrmf... Do the unlock early since locks_remove_posix()
                 * really expects us to free the lock synchronously */
-                do_vfs_lock(fl);
                if (status < 0) {
                        nlmclnt_release_lockargs(req);
                        kfree(req);
@@ -680,7 +686,6 @@ nlmclnt_unlock(struct nlm_rqst *req, struct file_lock *fl)
        if (status < 0)
                return status;
-        do_vfs_lock(fl);
        if (resp->status == NLM_LCK_GRANTED)
                return 0;
diff --git a/fs/lockd/svc4proc.c b/fs/lockd/svc4proc.c
index 4063095d849e..b10f913aa06a 100644
--- a/fs/lockd/svc4proc.c
+++ b/fs/lockd/svc4proc.c
@@ -228,7 +228,7 @@ nlm4svc_proc_granted(struct svc_rqst *rqstp, struct nlm_args *argp,
        resp->cookie = argp->cookie;
        dprintk("lockd: GRANTED       called\n");
-        resp->status = nlmclnt_grant(&argp->lock);
+        resp->status = nlmclnt_grant(&rqstp->rq_addr, &argp->lock);
        dprintk("lockd: GRANTED       status %d\n", ntohl(resp->status));
        return rpc_success;
 }
diff --git a/fs/lockd/svcproc.c b/fs/lockd/svcproc.c
index 3bc437e0cf5b..35681d9cf1fc 100644
--- a/fs/lockd/svcproc.c
+++ b/fs/lockd/svcproc.c
@@ -256,7 +256,7 @@ nlmsvc_proc_granted(struct svc_rqst *rqstp, struct nlm_args *argp,
        resp->cookie = argp->cookie;
        dprintk("lockd: GRANTED       called\n");
-        resp->status = nlmclnt_grant(&argp->lock);
+        resp->status = nlmclnt_grant(&rqstp->rq_addr, &argp->lock);
        dprintk("lockd: GRANTED       status %d\n", ntohl(resp->status));
        return rpc_success;
 }
diff --git a/fs/namei.c b/fs/namei.c
index e28de846c591..8dc2b038d5d9 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -2224,13 +2224,17 @@ int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_de
 * and other special files.  --ADM
 */
 asmlinkage long sys_linkat(int olddfd, const char __user *oldname,
-                           int newdfd, const char __user *newname)
+                           int newdfd, const char __user *newname,
+                           int flags)
 {
        struct dentry *new_dentry;
        struct nameidata nd, old_nd;
        int error;
        char * to;
+        if (flags != 0)
+                return -EINVAL;
        to = getname(newname);
        if (IS_ERR(to))
                return PTR_ERR(to);
@@ -2263,7 +2267,7 @@ exit:
 asmlinkage long sys_link(const char __user *oldname, const char __user *newname)
 {
-        return sys_linkat(AT_FDCWD, oldname, AT_FDCWD, newname);
+        return sys_linkat(AT_FDCWD, oldname, AT_FDCWD, newname, 0);
 }
 /*
@@ -2609,13 +2613,15 @@ void page_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie)
        }
 }
-int page_symlink(struct inode *inode, const char *symname, int len)
+int __page_symlink(struct inode *inode, const char *symname, int len,
+                gfp_t gfp_mask)
 {
        struct address_space *mapping = inode->i_mapping;
-        struct page *page = grab_cache_page(mapping, 0);
+        struct page *page;
        int err = -ENOMEM;
        char *kaddr;
+        page = find_or_create_page(mapping, 0, gfp_mask);
        if (!page)
                goto fail;
        err = mapping->a_ops->prepare_write(NULL, page, 0, len-1);
@@ -2650,6 +2656,12 @@ fail:
        return err;
 }
+int page_symlink(struct inode *inode, const char *symname, int len)
+{
+        return __page_symlink(inode, symname, len,
+                        mapping_gfp_mask(inode->i_mapping));
+}
 struct inode_operations page_symlink_inode_operations = {
        .readlink       = generic_readlink,
        .follow_link    = page_follow_link_light,
@@ -2668,6 +2680,7 @@ EXPORT_SYMBOL(lookup_one_len);
 EXPORT_SYMBOL(page_follow_link_light);
 EXPORT_SYMBOL(page_put_link);
 EXPORT_SYMBOL(page_readlink);
+EXPORT_SYMBOL(__page_symlink);
 EXPORT_SYMBOL(page_symlink);
 EXPORT_SYMBOL(page_symlink_inode_operations);
 EXPORT_SYMBOL(path_lookup);
diff --git a/fs/namespace.c b/fs/namespace.c
index 058a44865beb..39c81a8d6316 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1338,7 +1338,7 @@ struct namespace *dup_namespace(struct task_struct *tsk, struct fs_struct *fs)
        new_ns = kmalloc(sizeof(struct namespace), GFP_KERNEL);
        if (!new_ns)
-                goto out;
+                return NULL;
        atomic_set(&new_ns->count, 1);
        INIT_LIST_HEAD(&new_ns->list);
@@ -1352,7 +1352,7 @@ struct namespace *dup_namespace(struct task_struct *tsk, struct fs_struct *fs)
        if (!new_ns->root) {
                up_write(&namespace_sem);
                kfree(new_ns);
-                goto out;
+                return NULL;
        }
        spin_lock(&vfsmount_lock);
        list_add_tail(&new_ns->list, &new_ns->root->mnt_list);
@@ -1393,7 +1393,6 @@ struct namespace *dup_namespace(struct task_struct *tsk, struct fs_struct *fs)
        if (altrootmnt)
                mntput(altrootmnt);
-out:
        return new_ns;
 }
diff --git a/fs/nfs/direct.c b/fs/nfs/direct.c
index 04ab2fc360e7..4e9b3a1b36c5 100644
--- a/fs/nfs/direct.c
+++ b/fs/nfs/direct.c
@@ -57,6 +57,7 @@
 #define NFSDBG_FACILITY         NFSDBG_VFS
 #define MAX_DIRECTIO_SIZE       (4096UL << PAGE_SHIFT)
+static void nfs_free_user_pages(struct page **pages, int npages, int do_dirty);
 static kmem_cache_t *nfs_direct_cachep;
 /*
@@ -107,6 +108,15 @@ nfs_get_user_pages(int rw, unsigned long user_addr, size_t size,
                                        page_count, (rw == READ), 0,
                                        *pages, NULL);
                up_read(&current->mm->mmap_sem);
+                /*
+                 * If we got fewer pages than expected from get_user_pages(),
+                 * the user buffer runs off the end of a mapping; return EFAULT.
+                 */
+                if (result >= 0 && result < page_count) {
+                        nfs_free_user_pages(*pages, result, 0);
+                        *pages = NULL;
+                        result = -EFAULT;
+                }
        }
        return result;
 }
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 984ca3454d04..f8c0066e02e1 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -1430,7 +1430,7 @@ static int nfs4_proc_get_root(struct nfs_server *server, struct nfs_fh *fhandle,
        if (status == 0)
                status = nfs4_do_fsinfo(server, fhandle, info);
 out:
-        return status;
+        return nfs4_map_errors(status);
 }
 static int _nfs4_proc_getattr(struct nfs_server *server, struct nfs_fh *fhandle, struct nfs_fattr *fattr)
diff --git a/fs/ntfs/ChangeLog b/fs/ntfs/ChangeLog
index 02f44094bda9..9d8ffa89e2c2 100644
--- a/fs/ntfs/ChangeLog
+++ b/fs/ntfs/ChangeLog
@@ -1,9 +1,9 @@
 ToDo/Notes:
        - Find and fix bugs.
        - The only places in the kernel where a file is resized are
-          ntfs_file_write*() and ntfs_truncate() for both of which i_sem is
+          ntfs_file_write*() and ntfs_truncate() for both of which i_mutex is
          held.  Just have to be careful in read-/writepage and other helpers
-          not running under i_sem that we play nice...  Also need to be careful
+          not running under i_mutex that we play nice.  Also need to be careful
          with initialized_size extension in ntfs_file_write*() and writepage.
          UPDATE: The only things that need to be checked are the compressed
          write and the other attribute resize/write cases like index
@@ -19,6 +19,24 @@ ToDo/Notes:
        - Enable the code for setting the NT4 compatibility flag when we start
          making NTFS 1.2 specific modifications.
+2.1.26 - Minor bug fixes and updates.
+        - Fix a potential overflow in file.c where a cast to s64 was missing in
+          a left shift of a page index.
+        - The struct inode has had its i_sem semaphore changed to a mutex named
+          i_mutex.
+        - We have struct kmem_cache now so use it instead of the typedef
+          kmem_cache_t.  (Pekka Enberg)
+        - Implement support for sector sizes above 512 bytes (up to the maximum
+          supported by NTFS which is 4096 bytes).
+        - Do more detailed reporting of why we cannot mount read-write by
+          special casing the VOLUME_MODIFIED_BY_CHKDSK flag.
+        - Miscellaneous updates to layout.h.
+        - Cope with attribute list attribute having invalid flags.  Windows
+          copes with this and even chkdsk does not detect or fix this so we
+          have to cope with it, too.  Thanks to Pawel Kot for reporting the
+          problem.
 2.1.25 - (Almost) fully implement write(2) and truncate(2).
        - Change ntfs_map_runlist_nolock(), ntfs_attr_find_vcn_nolock() and
@@ -373,7 +391,7 @@ ToDo/Notes:
          single one of them had an mst error.  (Thanks to Ken MacFerrin for
          the bug report.)
        - Fix error handling in fs/ntfs/quota.c::ntfs_mark_quotas_out_of_date()
-          where we failed to release i_sem on the $Quota/$Q attribute inode.
+          where we failed to release i_mutex on the $Quota/$Q attribute inode.
        - Fix bug in handling of bad inodes in fs/ntfs/namei.c::ntfs_lookup().
        - Add mapping of unmapped buffers to all remaining code paths, i.e.
          fs/ntfs/aops.c::ntfs_write_mst_block(), mft.c::ntfs_sync_mft_mirror(),
@@ -874,7 +892,7 @@ ToDo/Notes:
          clusters. (Philipp Thomas)
        - attrib.c::load_attribute_list(): Fix bug when initialized_size is a
          multiple of the block_size but not the cluster size. (Szabolcs
-          Szakacsits <szaka@sienet.hu>)
+          Szakacsits)
 2.1.2 - Important bug fixes aleviating the hangs in statfs.
@@ -884,7 +902,7 @@ ToDo/Notes:
        - Add handling for initialized_size != data_size in compressed files.
        - Reduce function local stack usage from 0x3d4 bytes to just noise in
-          fs/ntfs/upcase.c. (Randy Dunlap <rdunlap@xenotime.net>)
+          fs/ntfs/upcase.c. (Randy Dunlap)
        - Remove compiler warnings for newer gcc.
        - Pages are no longer kmapped by mm/filemap.c::generic_file_write()
          around calls to ->{prepare,commit}_write.  Adapt NTFS appropriately
@@ -1201,11 +1219,11 @@ ToDo/Notes:
          the kernel. We probably want a kernel generic init_address_space()
          function...
        - Drop BKL from ntfs_readdir() after consultation with Al Viro. The
-          only caller of ->readdir() is vfs_readdir() which holds i_sem during
+          only caller of ->readdir() is vfs_readdir() which holds i_mutex
-          the call, and i_sem is sufficient protection against changes in the
+          during the call, and i_mutex is sufficient protection against changes
-          directory inode (including ->i_size).
+          in the directory inode (including ->i_size).
        - Use generic_file_llseek() for directories (as opposed to
-          default_llseek()) as this downs i_sem instead of the BKL which is
+          default_llseek()) as this downs i_mutex instead of the BKL which is
          what we now need for exclusion against ->f_pos changes considering we
          no longer take the BKL in ntfs_readdir().
diff --git a/fs/ntfs/Makefile b/fs/ntfs/Makefile
index d0d45d1c853a..d95fac7fdeb6 100644
--- a/fs/ntfs/Makefile
+++ b/fs/ntfs/Makefile
@@ -6,7 +6,7 @@ ntfs-objs := aops.o attrib.o collate.o compress.o debug.o dir.o file.o \
             index.o inode.o mft.o mst.o namei.o runlist.o super.o sysctl.o \
             unistr.o upcase.o
-EXTRA_CFLAGS = -DNTFS_VERSION=\"2.1.25\"
+EXTRA_CFLAGS = -DNTFS_VERSION=\"2.1.26\"
 ifeq ($(CONFIG_NTFS_DEBUG),y)
 EXTRA_CFLAGS += -DDEBUG
diff --git a/fs/ntfs/aops.c b/fs/ntfs/aops.c
index 1c0a4315876a..7e361da770b3 100644
--- a/fs/ntfs/aops.c
+++ b/fs/ntfs/aops.c
@@ -2,7 +2,7 @@
 * aops.c - NTFS kernel address space operations and page cache handling.
 *          Part of the Linux-NTFS project.
 *
- * Copyright (c) 2001-2005 Anton Altaparmakov
+ * Copyright (c) 2001-2006 Anton Altaparmakov
 * Copyright (c) 2002 Richard Russon
 *
 * This program/include file is free software; you can redistribute it and/or
@@ -200,8 +200,8 @@ static int ntfs_read_block(struct page *page)
        /* $MFT/$DATA must have its complete runlist in memory at all times. */
        BUG_ON(!ni->runlist.rl && !ni->mft_no && !NInoAttr(ni));
-        blocksize_bits = VFS_I(ni)->i_blkbits;
+        blocksize = vol->sb->s_blocksize;
-        blocksize = 1 << blocksize_bits;
+        blocksize_bits = vol->sb->s_blocksize_bits;
        if (!page_has_buffers(page)) {
                create_empty_buffers(page, blocksize, 0);
@@ -569,10 +569,8 @@ static int ntfs_write_block(struct page *page, struct writeback_control *wbc)
        BUG_ON(!NInoNonResident(ni));
        BUG_ON(NInoMstProtected(ni));
+        blocksize = vol->sb->s_blocksize;
-        blocksize_bits = vi->i_blkbits;
+        blocksize_bits = vol->sb->s_blocksize_bits;
-        blocksize = 1 << blocksize_bits;
        if (!page_has_buffers(page)) {
                BUG_ON(!PageUptodate(page));
                create_empty_buffers(page, blocksize,
@@ -949,8 +947,8 @@ static int ntfs_write_mst_block(struct page *page,
         */
        BUG_ON(!(is_mft || S_ISDIR(vi->i_mode) ||
                        (NInoAttr(ni) && ni->type == AT_INDEX_ALLOCATION)));
-        bh_size_bits = vi->i_blkbits;
+        bh_size = vol->sb->s_blocksize;
-        bh_size = 1 << bh_size_bits;
+        bh_size_bits = vol->sb->s_blocksize_bits;
        max_bhs = PAGE_CACHE_SIZE / bh_size;
        BUG_ON(!max_bhs);
        BUG_ON(max_bhs > MAX_BUF_PER_PAGE);
@@ -1596,7 +1594,7 @@ void mark_ntfs_record_dirty(struct page *page, const unsigned int ofs) {
        BUG_ON(!PageUptodate(page));
        end = ofs + ni->itype.index.block_size;
-        bh_size = 1 << VFS_I(ni)->i_blkbits;
+        bh_size = VFS_I(ni)->i_sb->s_blocksize;
        spin_lock(&mapping->private_lock);
        if (unlikely(!page_has_buffers(page))) {
                spin_unlock(&mapping->private_lock);
diff --git a/fs/ntfs/file.c b/fs/ntfs/file.c
index fb413d3d8618..5027d3d1b3fe 100644
--- a/fs/ntfs/file.c
+++ b/fs/ntfs/file.c
@@ -1,7 +1,7 @@
 /*
 * file.c - NTFS kernel file operations.  Part of the Linux-NTFS project.
 *
- * Copyright (c) 2001-2005 Anton Altaparmakov
+ * Copyright (c) 2001-2006 Anton Altaparmakov
 *
 * This program/include file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as published
@@ -248,7 +248,7 @@ do_non_resident_extend:
                 * enough to make ntfs_writepage() work.
                 */
                write_lock_irqsave(&ni->size_lock, flags);
-                ni->initialized_size = (index + 1) << PAGE_CACHE_SHIFT;
+                ni->initialized_size = (s64)(index + 1) << PAGE_CACHE_SHIFT;
                if (ni->initialized_size > new_init_size)
                        ni->initialized_size = new_init_size;
                write_unlock_irqrestore(&ni->size_lock, flags);
@@ -529,8 +529,8 @@ static int ntfs_prepare_pages_for_non_resident_write(struct page **pages,
                        "index 0x%lx, nr_pages 0x%x, pos 0x%llx, bytes 0x%zx.",
                        vi->i_ino, ni->type, pages[0]->index, nr_pages,
                        (long long)pos, bytes);
-        blocksize_bits = vi->i_blkbits;
+        blocksize = vol->sb->s_blocksize;
-        blocksize = 1 << blocksize_bits;
+        blocksize_bits = vol->sb->s_blocksize_bits;
        u = 0;
        do {
                struct page *page = pages[u];
@@ -1525,7 +1525,7 @@ static inline int ntfs_commit_pages_after_non_resident_write(
        vi = pages[0]->mapping->host;
        ni = NTFS_I(vi);
-        blocksize = 1 << vi->i_blkbits;
+        blocksize = vi->i_sb->s_blocksize;
        end = pos + bytes;
        u = 0;
        do {
diff --git a/fs/ntfs/inode.c b/fs/ntfs/inode.c
index ea1bd3feea1b..55263b7de9c0 100644
--- a/fs/ntfs/inode.c
+++ b/fs/ntfs/inode.c
@@ -677,13 +677,28 @@ static int ntfs_read_locked_inode(struct inode *vi)
                ntfs_debug("Attribute list found in inode 0x%lx.", vi->i_ino);
                NInoSetAttrList(ni);
                a = ctx->attr;
-                if (a->flags & ATTR_IS_ENCRYPTED ||
+                if (a->flags & ATTR_COMPRESSION_MASK) {
-                                a->flags & ATTR_COMPRESSION_MASK ||
-                                a->flags & ATTR_IS_SPARSE) {
                        ntfs_error(vi->i_sb, "Attribute list attribute is "
-                                        "compressed/encrypted/sparse.");
+                                        "compressed.");
                        goto unm_err_out;
                }
+                if (a->flags & ATTR_IS_ENCRYPTED ||
+                                a->flags & ATTR_IS_SPARSE) {
+                        if (a->non_resident) {
+                                ntfs_error(vi->i_sb, "Non-resident attribute "
+                                                "list attribute is encrypted/"
+                                                "sparse.");
+                                goto unm_err_out;
+                        }
+                        ntfs_warning(vi->i_sb, "Resident attribute list "
+                                        "attribute in inode 0x%lx is marked "
+                                        "encrypted/sparse which is not true.  "
+                                        "However, Windows allows this and "
+                                        "chkdsk does not detect or correct it "
+                                        "so we will just ignore the invalid "
+                                        "flags and pretend they are not set.",
+                                        vi->i_ino);
+                }
                /* Now allocate memory for the attribute list. */
                ni->attr_list_size = (u32)ntfs_attr_size(a);
                ni->attr_list = ntfs_malloc_nofs(ni->attr_list_size);
@@ -1809,19 +1824,33 @@ int ntfs_read_inode_mount(struct inode *vi)
        } else /* if (!err) */ {
                ATTR_LIST_ENTRY *al_entry, *next_al_entry;
                u8 *al_end;
+                static const char *es = "  Not allowed.  $MFT is corrupt.  "
+                                "You should run chkdsk.";
                ntfs_debug("Attribute list attribute found in $MFT.");
                NInoSetAttrList(ni);
                a = ctx->attr;
-                if (a->flags & ATTR_IS_ENCRYPTED ||
+                if (a->flags & ATTR_COMPRESSION_MASK) {
-                                a->flags & ATTR_COMPRESSION_MASK ||
-                                a->flags & ATTR_IS_SPARSE) {
                        ntfs_error(sb, "Attribute list attribute is "
-                                        "compressed/encrypted/sparse. Not "
+                                        "compressed.%s", es);
-                                        "allowed. $MFT is corrupt. You should "
-                                        "run chkdsk.");
                        goto put_err_out;
                }
+                if (a->flags & ATTR_IS_ENCRYPTED ||
+                                a->flags & ATTR_IS_SPARSE) {
+                        if (a->non_resident) {
+                                ntfs_error(sb, "Non-resident attribute list "
+                                                "attribute is encrypted/"
+                                                "sparse.%s", es);
+                                goto put_err_out;
+                        }
+                        ntfs_warning(sb, "Resident attribute list attribute "
+                                        "in $MFT system file is marked "
+                                        "encrypted/sparse which is not true.  "
+                                        "However, Windows allows this and "
+                                        "chkdsk does not detect or correct it "
+                                        "so we will just ignore the invalid "
+                                        "flags and pretend they are not set.");
+                }
                /* Now allocate memory for the attribute list. */
                ni->attr_list_size = (u32)ntfs_attr_size(a);
                ni->attr_list = ntfs_malloc_nofs(ni->attr_list_size);
diff --git a/fs/ntfs/layout.h b/fs/ntfs/layout.h
index f5678d5d7919..bb408d4dcbb0 100644
--- a/fs/ntfs/layout.h
+++ b/fs/ntfs/layout.h
@@ -838,15 +838,19 @@ enum {
           F_A_DEVICE, F_A_DIRECTORY, F_A_SPARSE_FILE, F_A_REPARSE_POINT,
           F_A_COMPRESSED, and F_A_ENCRYPTED and preserves the rest.  This mask
           is used to to obtain all flags that are valid for setting. */
        /*
-         * The following flags are only present in the FILE_NAME attribute (in
+         * The following flag is only present in the FILE_NAME attribute (in
         * the field file_attributes).
         */
        FILE_ATTR_DUP_FILE_NAME_INDEX_PRESENT   = const_cpu_to_le32(0x10000000),
        /* Note, this is a copy of the corresponding bit from the mft record,
           telling us whether this is a directory or not, i.e. whether it has
           an index root attribute or not. */
+        /*
+         * The following flag is present both in the STANDARD_INFORMATION
+         * attribute and in the FILE_NAME attribute (in the field
+         * file_attributes).
+         */
        FILE_ATTR_DUP_VIEW_INDEX_PRESENT        = const_cpu_to_le32(0x20000000),
        /* Note, this is a copy of the corresponding bit from the mft record,
           telling us whether this file has a view index present (eg. object id
@@ -1071,9 +1075,15 @@ typedef struct {
                                           modified. */
 /* 20*/ sle64 last_access_time;         /* Time this mft record was last
                                           accessed. */
-/* 28*/ sle64 allocated_size;           /* Byte size of allocated space for the
+/* 28*/ sle64 allocated_size;           /* Byte size of on-disk allocated space
-                                           data attribute. NOTE: Is a multiple
+                                           for the data attribute.  So for
-                                           of the cluster size. */
+                                           normal $DATA, this is the
+                                           allocated_size from the unnamed
+                                           $DATA attribute and for compressed
+                                           and/or sparse $DATA, this is the
+                                           compressed_size from the unnamed
+                                           $DATA attribute.  NOTE: This is a
+                                           multiple of the cluster size. */
 /* 30*/ sle64 data_size;                /* Byte size of actual data in data
                                           attribute. */
 /* 38*/ FILE_ATTR_FLAGS file_attributes;        /* Flags describing the file. */
@@ -1904,12 +1914,13 @@ enum {
        VOLUME_DELETE_USN_UNDERWAY      = const_cpu_to_le16(0x0010),
        VOLUME_REPAIR_OBJECT_ID         = const_cpu_to_le16(0x0020),
+        VOLUME_CHKDSK_UNDERWAY          = const_cpu_to_le16(0x4000),
        VOLUME_MODIFIED_BY_CHKDSK       = const_cpu_to_le16(0x8000),
-        VOLUME_FLAGS_MASK               = const_cpu_to_le16(0x803f),
+        VOLUME_FLAGS_MASK               = const_cpu_to_le16(0xc03f),
        /* To make our life easier when checking if we must mount read-only. */
-        VOLUME_MUST_MOUNT_RO_MASK       = const_cpu_to_le16(0x8027),
+        VOLUME_MUST_MOUNT_RO_MASK       = const_cpu_to_le16(0xc027),
 } __attribute__ ((__packed__));
 typedef le16 VOLUME_FLAGS;
diff --git a/fs/ntfs/mft.c b/fs/ntfs/mft.c
index 0c65cbb8c5cf..6499aafc2258 100644
--- a/fs/ntfs/mft.c
+++ b/fs/ntfs/mft.c
@@ -1,7 +1,7 @@
 /**
 * mft.c - NTFS kernel mft record operations. Part of the Linux-NTFS project.
 *
- * Copyright (c) 2001-2005 Anton Altaparmakov
+ * Copyright (c) 2001-2006 Anton Altaparmakov
 * Copyright (c) 2002 Richard Russon
 *
 * This program/include file is free software; you can redistribute it and/or
@@ -473,7 +473,7 @@ int ntfs_sync_mft_mirror(ntfs_volume *vol, const unsigned long mft_no,
        runlist_element *rl;
        unsigned int block_start, block_end, m_start, m_end, page_ofs;
        int i_bhs, nr_bhs, err = 0;
-        unsigned char blocksize_bits = vol->mftmirr_ino->i_blkbits;
+        unsigned char blocksize_bits = vol->sb->s_blocksize_bits;
        ntfs_debug("Entering for inode 0x%lx.", mft_no);
        BUG_ON(!max_bhs);
@@ -672,8 +672,8 @@ int write_mft_record_nolock(ntfs_inode *ni, MFT_RECORD *m, int sync)
 {
        ntfs_volume *vol = ni->vol;
        struct page *page = ni->page;
-        unsigned char blocksize_bits = vol->mft_ino->i_blkbits;
+        unsigned int blocksize = vol->sb->s_blocksize;
-        unsigned int blocksize = 1 << blocksize_bits;
+        unsigned char blocksize_bits = vol->sb->s_blocksize_bits;
        int max_bhs = vol->mft_record_size / blocksize;
        struct buffer_head *bhs[max_bhs];
        struct buffer_head *bh, *head;
diff --git a/fs/ntfs/ntfs.h b/fs/ntfs/ntfs.h
index 446b5014115c..653d2a5c4899 100644
--- a/fs/ntfs/ntfs.h
+++ b/fs/ntfs/ntfs.h
@@ -50,11 +50,11 @@ typedef enum {
 /* Global variables. */
 /* Slab caches (from super.c). */
-extern kmem_cache_t *ntfs_name_cache;
+extern struct kmem_cache *ntfs_name_cache;
-extern kmem_cache_t *ntfs_inode_cache;
+extern struct kmem_cache *ntfs_inode_cache;
-extern kmem_cache_t *ntfs_big_inode_cache;
+extern struct kmem_cache *ntfs_big_inode_cache;
-extern kmem_cache_t *ntfs_attr_ctx_cache;
+extern struct kmem_cache *ntfs_attr_ctx_cache;
-extern kmem_cache_t *ntfs_index_ctx_cache;
+extern struct kmem_cache *ntfs_index_ctx_cache;
 /* The various operations structs defined throughout the driver files. */
 extern struct address_space_operations ntfs_aops;
diff --git a/fs/ntfs/super.c b/fs/ntfs/super.c
index c3a3f1a8310b..368a8ec10668 100644
--- a/fs/ntfs/super.c
+++ b/fs/ntfs/super.c
@@ -1,7 +1,7 @@
 /*
 * super.c - NTFS kernel super block handling. Part of the Linux-NTFS project.
 *
- * Copyright (c) 2001-2005 Anton Altaparmakov
+ * Copyright (c) 2001-2006 Anton Altaparmakov
 * Copyright (c) 2001,2002 Richard Russon
 *
 * This program/include file is free software; you can redistribute it and/or
@@ -22,6 +22,7 @@
 #include <linux/stddef.h>
 #include <linux/init.h>
+#include <linux/slab.h>
 #include <linux/string.h>
 #include <linux/spinlock.h>
 #include <linux/blkdev.h>       /* For bdev_hardsect_size(). */
@@ -471,9 +472,16 @@ static int ntfs_remount(struct super_block *sb, int *flags, char *opt)
                        ntfs_error(sb, "Volume is dirty and read-only%s", es);
                        return -EROFS;
                }
+                if (vol->vol_flags & VOLUME_MODIFIED_BY_CHKDSK) {
+                        ntfs_error(sb, "Volume has been modified by chkdsk "
+                                        "and is read-only%s", es);
+                        return -EROFS;
+                }
                if (vol->vol_flags & VOLUME_MUST_MOUNT_RO_MASK) {
-                        ntfs_error(sb, "Volume has unsupported flags set and "
+                        ntfs_error(sb, "Volume has unsupported flags set "
-                                        "is read-only%s", es);
+                                        "(0x%x) and is read-only%s",
+                                        (unsigned)le16_to_cpu(vol->vol_flags),
+                                        es);
                        return -EROFS;
                }
                if (ntfs_set_volume_flags(vol, VOLUME_IS_DIRTY)) {
@@ -641,7 +649,7 @@ static struct buffer_head *read_ntfs_boot_sector(struct super_block *sb,
 {
        const char *read_err_str = "Unable to read %s boot sector.";
        struct buffer_head *bh_primary, *bh_backup;
-        long nr_blocks = NTFS_SB(sb)->nr_blocks;
+        sector_t nr_blocks = NTFS_SB(sb)->nr_blocks;
        /* Try to read primary boot sector. */
        if ((bh_primary = sb_bread(sb, 0))) {
@@ -688,13 +696,18 @@ hotfix_primary_boot_sector:
                /*
                 * If we managed to read sector zero and the volume is not
                 * read-only, copy the found, valid backup boot sector to the
-                 * primary boot sector.
+                 * primary boot sector.  Note we only copy the actual boot
+                 * sector structure, not the actual whole device sector as that
+                 * may be bigger and would potentially damage the $Boot system
+                 * file (FIXME: Would be nice to know if the backup boot sector
+                 * on a large sector device contains the whole boot loader or
+                 * just the first 512 bytes).
                 */
                if (!(sb->s_flags & MS_RDONLY)) {
                        ntfs_warning(sb, "Hot-fix: Recovering invalid primary "
                                        "boot sector from backup copy.");
                        memcpy(bh_primary->b_data, bh_backup->b_data,
-                                        sb->s_blocksize);
+                                        NTFS_BLOCK_SIZE);
                        mark_buffer_dirty(bh_primary);
                        sync_dirty_buffer(bh_primary);
                        if (buffer_uptodate(bh_primary)) {
@@ -733,9 +746,13 @@ static BOOL parse_ntfs_boot_sector(ntfs_volume *vol, const NTFS_BOOT_SECTOR *b)
                        vol->sector_size);
        ntfs_debug("vol->sector_size_bits = %i (0x%x)", vol->sector_size_bits,
                        vol->sector_size_bits);
-        if (vol->sector_size != vol->sb->s_blocksize)
+        if (vol->sector_size < vol->sb->s_blocksize) {
-                ntfs_warning(vol->sb, "The boot sector indicates a sector size "
+                ntfs_error(vol->sb, "Sector size (%i) is smaller than the "
-                                "different from the device sector size.");
+                                "device block size (%lu).  This is not "
+                                "supported.  Sorry.", vol->sector_size,
+                                vol->sb->s_blocksize);
+                return FALSE;
+        }
        ntfs_debug("sectors_per_cluster = 0x%x", b->bpb.sectors_per_cluster);
        sectors_per_cluster_bits = ffs(b->bpb.sectors_per_cluster) - 1;
        ntfs_debug("sectors_per_cluster_bits = 0x%x",
@@ -748,16 +765,11 @@ static BOOL parse_ntfs_boot_sector(ntfs_volume *vol, const NTFS_BOOT_SECTOR *b)
        ntfs_debug("vol->cluster_size = %i (0x%x)", vol->cluster_size,
                        vol->cluster_size);
        ntfs_debug("vol->cluster_size_mask = 0x%x", vol->cluster_size_mask);
-        ntfs_debug("vol->cluster_size_bits = %i (0x%x)",
+        ntfs_debug("vol->cluster_size_bits = %i", vol->cluster_size_bits);
-                        vol->cluster_size_bits, vol->cluster_size_bits);
+        if (vol->cluster_size < vol->sector_size) {
-        if (vol->sector_size > vol->cluster_size) {
+                ntfs_error(vol->sb, "Cluster size (%i) is smaller than the "
-                ntfs_error(vol->sb, "Sector sizes above the cluster size are "
+                                "sector size (%i).  This is not supported.  "
-                                "not supported.  Sorry.");
+                                "Sorry.", vol->cluster_size, vol->sector_size);
-                return FALSE;
-        }
-        if (vol->sb->s_blocksize > vol->cluster_size) {
-                ntfs_error(vol->sb, "Cluster sizes smaller than the device "
-                                "sector size are not supported.  Sorry.");
                return FALSE;
        }
        clusters_per_mft_record = b->clusters_per_mft_record;
@@ -786,11 +798,18 @@ static BOOL parse_ntfs_boot_sector(ntfs_volume *vol, const NTFS_BOOT_SECTOR *b)
         * we store $MFT/$DATA, the table of mft records in the page cache.
         */
        if (vol->mft_record_size > PAGE_CACHE_SIZE) {
-                ntfs_error(vol->sb, "Mft record size %i (0x%x) exceeds the "
+                ntfs_error(vol->sb, "Mft record size (%i) exceeds the "
-                                "page cache size on your system %lu (0x%lx).  "
+                                "PAGE_CACHE_SIZE on your system (%lu).  "
                                "This is not supported.  Sorry.",
-                                vol->mft_record_size, vol->mft_record_size,
+                                vol->mft_record_size, PAGE_CACHE_SIZE);
-                                PAGE_CACHE_SIZE, PAGE_CACHE_SIZE);
+                return FALSE;
+        }
+        /* We cannot support mft record sizes below the sector size. */
+        if (vol->mft_record_size < vol->sector_size) {
+                ntfs_error(vol->sb, "Mft record size (%i) is smaller than the "
+                                "sector size (%i).  This is not supported.  "
+                                "Sorry.", vol->mft_record_size,
+                                vol->sector_size);
                return FALSE;
        }
        clusters_per_index_record = b->clusters_per_index_record;
@@ -816,6 +835,14 @@ static BOOL parse_ntfs_boot_sector(ntfs_volume *vol, const NTFS_BOOT_SECTOR *b)
        ntfs_debug("vol->index_record_size_bits = %i (0x%x)",
                        vol->index_record_size_bits,
                        vol->index_record_size_bits);
+        /* We cannot support index record sizes below the sector size. */
+        if (vol->index_record_size < vol->sector_size) {
+                ntfs_error(vol->sb, "Index record size (%i) is smaller than "
+                                "the sector size (%i).  This is not "
+                                "supported.  Sorry.", vol->index_record_size,
+                                vol->sector_size);
+                return FALSE;
+        }
        /*
         * Get the size of the volume in clusters and check for 64-bit-ness.
         * Windows currently only uses 32 bits to save the clusters so we do
@@ -845,15 +872,18 @@ static BOOL parse_ntfs_boot_sector(ntfs_volume *vol, const NTFS_BOOT_SECTOR *b)
        }
        ll = sle64_to_cpu(b->mft_lcn);
        if (ll >= vol->nr_clusters) {
-                ntfs_error(vol->sb, "MFT LCN is beyond end of volume.  Weird.");
+                ntfs_error(vol->sb, "MFT LCN (%lli, 0x%llx) is beyond end of "
+                                "volume.  Weird.", (unsigned long long)ll,
+                                (unsigned long long)ll);
                return FALSE;
        }
        vol->mft_lcn = ll;
        ntfs_debug("vol->mft_lcn = 0x%llx", (long long)vol->mft_lcn);
        ll = sle64_to_cpu(b->mftmirr_lcn);
        if (ll >= vol->nr_clusters) {
-                ntfs_error(vol->sb, "MFTMirr LCN is beyond end of volume.  "
+                ntfs_error(vol->sb, "MFTMirr LCN (%lli, 0x%llx) is beyond end "
-                                "Weird.");
+                                "of volume.  Weird.", (unsigned long long)ll,
+                                (unsigned long long)ll);
                return FALSE;
        }
        vol->mftmirr_lcn = ll;
@@ -1822,11 +1852,24 @@ get_ctx_vol_failed:
        /* Make sure that no unsupported volume flags are set. */
        if (vol->vol_flags & VOLUME_MUST_MOUNT_RO_MASK) {
                static const char *es1a = "Volume is dirty";
-                static const char *es1b = "Volume has unsupported flags set";
+                static const char *es1b = "Volume has been modified by chkdsk";
-                static const char *es2 = ".  Run chkdsk and mount in Windows.";
+                static const char *es1c = "Volume has unsupported flags set";
-                const char *es1;
+                static const char *es2a = ".  Run chkdsk and mount in Windows.";
-                
+                static const char *es2b = ".  Mount in Windows.";
-                es1 = vol->vol_flags & VOLUME_IS_DIRTY ? es1a : es1b;
+                const char *es1, *es2;
+                es2 = es2a;
+                if (vol->vol_flags & VOLUME_IS_DIRTY)
+                        es1 = es1a;
+                else if (vol->vol_flags & VOLUME_MODIFIED_BY_CHKDSK) {
+                        es1 = es1b;
+                        es2 = es2b;
+                } else {
+                        es1 = es1c;
+                        ntfs_warning(sb, "Unsupported volume flags 0x%x "
+                                        "encountered.",
+                                        (unsigned)le16_to_cpu(vol->vol_flags));
+                }
                /* If a read-write mount, convert it to a read-only mount. */
                if (!(sb->s_flags & MS_RDONLY)) {
                        if (!(vol->on_errors & (ON_ERRORS_REMOUNT_RO |
@@ -2685,7 +2728,7 @@ static int ntfs_fill_super(struct super_block *sb, void *opt, const int silent)
        ntfs_volume *vol;
        struct buffer_head *bh;
        struct inode *tmp_ino;
-        int result;
+        int blocksize, result;
        ntfs_debug("Entering.");
 #ifndef NTFS_RW
@@ -2724,60 +2767,85 @@ static int ntfs_fill_super(struct super_block *sb, void *opt, const int silent)
        if (!parse_options(vol, (char*)opt))
                goto err_out_now;
+        /* We support sector sizes up to the PAGE_CACHE_SIZE. */
+        if (bdev_hardsect_size(sb->s_bdev) > PAGE_CACHE_SIZE) {
+                if (!silent)
+                        ntfs_error(sb, "Device has unsupported sector size "
+                                        "(%i).  The maximum supported sector "
+                                        "size on this architecture is %lu "
+                                        "bytes.",
+                                        bdev_hardsect_size(sb->s_bdev),
+                                        PAGE_CACHE_SIZE);
+                goto err_out_now;
+        }
        /*
-         * TODO: Fail safety check. In the future we should really be able to
+         * Setup the device access block size to NTFS_BLOCK_SIZE or the hard
-         * cope with this being the case, but for now just bail out.
+         * sector size, whichever is bigger.
         */
-        if (bdev_hardsect_size(sb->s_bdev) > NTFS_BLOCK_SIZE) {
+        blocksize = sb_min_blocksize(sb, NTFS_BLOCK_SIZE);
+        if (blocksize < NTFS_BLOCK_SIZE) {
                if (!silent)
-                        ntfs_error(sb, "Device has unsupported hardsect_size.");
+                        ntfs_error(sb, "Unable to set device block size.");
                goto err_out_now;
        }
+        BUG_ON(blocksize != sb->s_blocksize);
-        /* Setup the device access block size to NTFS_BLOCK_SIZE. */
+        ntfs_debug("Set device block size to %i bytes (block size bits %i).",
-        if (sb_set_blocksize(sb, NTFS_BLOCK_SIZE) != NTFS_BLOCK_SIZE) {
+                        blocksize, sb->s_blocksize_bits);
+        /* Determine the size of the device in units of block_size bytes. */
+        if (!i_size_read(sb->s_bdev->bd_inode)) {
                if (!silent)
-                        ntfs_error(sb, "Unable to set block size.");
+                        ntfs_error(sb, "Unable to determine device size.");
                goto err_out_now;
        }
-        /* Get the size of the device in units of NTFS_BLOCK_SIZE bytes. */
        vol->nr_blocks = i_size_read(sb->s_bdev->bd_inode) >>
-                        NTFS_BLOCK_SIZE_BITS;
+                        sb->s_blocksize_bits;
        /* Read the boot sector and return unlocked buffer head to it. */
        if (!(bh = read_ntfs_boot_sector(sb, silent))) {
                if (!silent)
                        ntfs_error(sb, "Not an NTFS volume.");
                goto err_out_now;
        }
        /*
-         * Extract the data from the boot sector and setup the ntfs super block
+         * Extract the data from the boot sector and setup the ntfs volume
         * using it.
         */
        result = parse_ntfs_boot_sector(vol, (NTFS_BOOT_SECTOR*)bh->b_data);
-        /* Initialize the cluster and mft allocators. */
-        ntfs_setup_allocators(vol);
        brelse(bh);
        if (!result) {
                if (!silent)
                        ntfs_error(sb, "Unsupported NTFS filesystem.");
                goto err_out_now;
        }
        /*
-         * TODO: When we start coping with sector sizes different from
+         * If the boot sector indicates a sector size bigger than the current
-         * NTFS_BLOCK_SIZE, we now probably need to set the blocksize of the
+         * device block size, switch the device block size to the sector size.
-         * device (probably to NTFS_BLOCK_SIZE).
+         * TODO: It may be possible to support this case even when the set
+         * below fails, we would just be breaking up the i/o for each sector
+         * into multiple blocks for i/o purposes but otherwise it should just
+         * work.  However it is safer to leave disabled until someone hits this
+         * error message and then we can get them to try it without the setting
+         * so we know for sure that it works.
         */
+        if (vol->sector_size > blocksize) {
+                blocksize = sb_set_blocksize(sb, vol->sector_size);
+                if (blocksize != vol->sector_size) {
+                        if (!silent)
+                                ntfs_error(sb, "Unable to set device block "
+                                                "size to sector size (%i).",
+                                                vol->sector_size);
+                        goto err_out_now;
+                }
+                BUG_ON(blocksize != sb->s_blocksize);
+                vol->nr_blocks = i_size_read(sb->s_bdev->bd_inode) >>
+                                sb->s_blocksize_bits;
+                ntfs_debug("Changed device block size to %i bytes (block size "
+                                "bits %i) to match volume sector size.",
+                                blocksize, sb->s_blocksize_bits);
+        }
+        /* Initialize the cluster and mft allocators. */
+        ntfs_setup_allocators(vol);
        /* Setup remaining fields in the super block. */
        sb->s_magic = NTFS_SB_MAGIC;
        /*
         * Ntfs allows 63 bits for the file size, i.e. correct would be:
         *      sb->s_maxbytes = ~0ULL >> 1;
@@ -2787,9 +2855,8 @@ static int ntfs_fill_super(struct super_block *sb, void *opt, const int silent)
         * without overflowing the index or to 2^63 - 1, whichever is smaller.
         */
        sb->s_maxbytes = MAX_LFS_FILESIZE;
+        /* Ntfs measures time in 100ns intervals. */
        sb->s_time_gran = 100;
        /*
         * Now load the metadata required for the page cache and our address
         * space operations to function. We do this by setting up a specialised
@@ -2987,14 +3054,14 @@ err_out_now:
 * strings of the maximum length allowed by NTFS, which is NTFS_MAX_NAME_LEN
 * (255) Unicode characters + a terminating NULL Unicode character.
 */
-kmem_cache_t *ntfs_name_cache;
+struct kmem_cache *ntfs_name_cache;
 /* Slab caches for efficient allocation/deallocation of inodes. */
-kmem_cache_t *ntfs_inode_cache;
+struct kmem_cache *ntfs_inode_cache;
-kmem_cache_t *ntfs_big_inode_cache;
+struct kmem_cache *ntfs_big_inode_cache;
 /* Init once constructor for the inode slab cache. */
-static void ntfs_big_inode_init_once(void *foo, kmem_cache_t *cachep,
+static void ntfs_big_inode_init_once(void *foo, struct kmem_cache *cachep,
                unsigned long flags)
 {
        ntfs_inode *ni = (ntfs_inode *)foo;
@@ -3008,8 +3075,8 @@ static void ntfs_big_inode_init_once(void *foo, kmem_cache_t *cachep,
 * Slab caches to optimize allocations and deallocations of attribute search
 * contexts and index contexts, respectively.
 */
-kmem_cache_t *ntfs_attr_ctx_cache;
+struct kmem_cache *ntfs_attr_ctx_cache;
-kmem_cache_t *ntfs_index_ctx_cache;
+struct kmem_cache *ntfs_index_ctx_cache;
 /* Driver wide semaphore. */
 DECLARE_MUTEX(ntfs_lock);
diff --git a/fs/ntfs/upcase.c b/fs/ntfs/upcase.c
index 879cdf1d5bd3..9101807dc81a 100644
--- a/fs/ntfs/upcase.c
+++ b/fs/ntfs/upcase.c
@@ -3,10 +3,7 @@
 *            Part of the Linux-NTFS project.
 *
 * Copyright (c) 2001 Richard Russon <ntfs@flatcap.org>
- * Copyright (c) 2001-2004 Anton Altaparmakov
+ * Copyright (c) 2001-2006 Anton Altaparmakov
- *
- * Modified for mkntfs inclusion 9 June 2001 by Anton Altaparmakov.
- * Modified for kernel inclusion 10 September 2001 by Anton Altparmakov.
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the Free
@@ -75,12 +72,13 @@ ntfschar *generate_default_upcase(void)
        if (!uc)
                return uc;
        memset(uc, 0, default_upcase_len * sizeof(ntfschar));
+        /* Generate the little endian Unicode upcase table used by ntfs. */
        for (i = 0; i < default_upcase_len; i++)
                uc[i] = cpu_to_le16(i);
        for (r = 0; uc_run_table[r][0]; r++)
                for (i = uc_run_table[r][0]; i < uc_run_table[r][1]; i++)
-                        uc[i] = cpu_to_le16((le16_to_cpu(uc[i]) +
+                        uc[i] = cpu_to_le16(le16_to_cpu(uc[i]) +
-                                        uc_run_table[r][2]));
+                                        uc_run_table[r][2]);
        for (r = 0; uc_dup_table[r][0]; r++)
                for (i = uc_dup_table[r][0]; i < uc_dup_table[r][1]; i += 2)
                        uc[i + 1] = cpu_to_le16(le16_to_cpu(uc[i + 1]) - 1);
diff --git a/fs/ntfs/volume.h b/fs/ntfs/volume.h
index 375cd20a9f61..406ab55dfb32 100644
--- a/fs/ntfs/volume.h
+++ b/fs/ntfs/volume.h
@@ -2,7 +2,7 @@
 * volume.h - Defines for volume structures in NTFS Linux kernel driver. Part
 *            of the Linux-NTFS project.
 *
- * Copyright (c) 2001-2005 Anton Altaparmakov
+ * Copyright (c) 2001-2006 Anton Altaparmakov
 * Copyright (c) 2002 Richard Russon
 *
 * This program/include file is free software; you can redistribute it and/or
@@ -41,10 +41,8 @@ typedef struct {
         * structure has stabilized... (AIA)
         */
        /* Device specifics. */
-        struct super_block *sb;         /* Pointer back to the super_block,
+        struct super_block *sb;         /* Pointer back to the super_block. */
-                                           so we don't have to get the offset
+        LCN nr_blocks;                  /* Number of sb->s_blocksize bytes
-                                           every time. */
-        LCN nr_blocks;                  /* Number of NTFS_BLOCK_SIZE bytes
                                           sized blocks on the device. */
        /* Configuration provided by user at mount time. */
        unsigned long flags;            /* Miscellaneous flags, see below. */
@@ -141,8 +139,8 @@ typedef enum {
        NV_ShowSystemFiles,     /* 1: Return system files in ntfs_readdir(). */
        NV_CaseSensitive,       /* 1: Treat file names as case sensitive and
                                      create filenames in the POSIX namespace.
-                                      Otherwise be case insensitive and create
+                                      Otherwise be case insensitive but still
-                                      file names in WIN32 namespace. */
+                                      create file names in POSIX namespace. */
        NV_LogFileEmpty,        /* 1: $LogFile journal is empty. */
        NV_QuotaOutOfDate,      /* 1: $Quota is out of date. */
        NV_UsnJrnlStamped,      /* 1: $UsnJrnl has been stamped. */
@@ -153,7 +151,7 @@ typedef enum {
 * Macro tricks to expand the NVolFoo(), NVolSetFoo(), and NVolClearFoo()
 * functions.
 */
-#define NVOL_FNS(flag)                                  \
+#define DEFINE_NVOL_BIT_OPS(flag)                                       \
 static inline int NVol##flag(ntfs_volume *vol)          \
 {                                                       \
        return test_bit(NV_##flag, &(vol)->flags);      \
@@ -168,12 +166,12 @@ static inline void NVolClear##flag(ntfs_volume *vol)	\
 }
 /* Emit the ntfs volume bitops functions. */
-NVOL_FNS(Errors)
+DEFINE_NVOL_BIT_OPS(Errors)
-NVOL_FNS(ShowSystemFiles)
+DEFINE_NVOL_BIT_OPS(ShowSystemFiles)
-NVOL_FNS(CaseSensitive)
+DEFINE_NVOL_BIT_OPS(CaseSensitive)
-NVOL_FNS(LogFileEmpty)
+DEFINE_NVOL_BIT_OPS(LogFileEmpty)
-NVOL_FNS(QuotaOutOfDate)
+DEFINE_NVOL_BIT_OPS(QuotaOutOfDate)
-NVOL_FNS(UsnJrnlStamped)
+DEFINE_NVOL_BIT_OPS(UsnJrnlStamped)
-NVOL_FNS(SparseEnabled)
+DEFINE_NVOL_BIT_OPS(SparseEnabled)
 #endif /* _LINUX_NTFS_VOLUME_H */
diff --git a/fs/ocfs2/cluster/masklog.c b/fs/ocfs2/cluster/masklog.c
index fd741cea5705..636593bf4d17 100644
--- a/fs/ocfs2/cluster/masklog.c
+++ b/fs/ocfs2/cluster/masklog.c
@@ -74,6 +74,7 @@ struct mlog_attribute {
 #define define_mask(_name) {                    \
        .attr = {                               \
                .name = #_name,                 \
+                .owner = THIS_MODULE,           \
                .mode = S_IRUGO | S_IWUSR,      \
        },                                      \
        .mask = ML_##_name,                     \
diff --git a/fs/ocfs2/cluster/masklog.h b/fs/ocfs2/cluster/masklog.h
index e8c56a3d9c64..2cadc3009c83 100644
--- a/fs/ocfs2/cluster/masklog.h
+++ b/fs/ocfs2/cluster/masklog.h
@@ -256,7 +256,7 @@ extern struct mlog_bits mlog_and_bits, mlog_not_bits;
        }                                                               \
 } while (0)
-#if (BITS_PER_LONG == 32) || defined(CONFIG_X86_64)
+#if (BITS_PER_LONG == 32) || defined(CONFIG_X86_64) || (defined(CONFIG_UML_X86) && defined(CONFIG_64BIT))
 #define MLFi64 "lld"
 #define MLFu64 "llu"
 #define MLFx64 "llx"
diff --git a/fs/ocfs2/cluster/nodemanager.c b/fs/ocfs2/cluster/nodemanager.c
index cf7828f23361..e1fceb8aa32d 100644
--- a/fs/ocfs2/cluster/nodemanager.c
+++ b/fs/ocfs2/cluster/nodemanager.c
@@ -756,7 +756,7 @@ static int __init init_o2nm(void)
        if (!ocfs2_table_header) {
                printk(KERN_ERR "nodemanager: unable to register sysctl\n");
                ret = -ENOMEM; /* or something. */
-                goto out;
+                goto out_o2net;
        }
        ret = o2net_register_hb_callbacks();
@@ -780,6 +780,8 @@ out_callbacks:
        o2net_unregister_hb_callbacks();
 out_sysctl:
        unregister_sysctl_table(ocfs2_table_header);
+out_o2net:
+        o2net_exit();
 out:
        return ret;
 }
diff --git a/fs/ocfs2/cluster/tcp.c b/fs/ocfs2/cluster/tcp.c
index d22d4cf08db1..0f60cc0d3985 100644
--- a/fs/ocfs2/cluster/tcp.c
+++ b/fs/ocfs2/cluster/tcp.c
@@ -1318,7 +1318,7 @@ static void o2net_start_connect(void *arg)
 {
        struct o2net_node *nn = arg;
        struct o2net_sock_container *sc = NULL;
-        struct o2nm_node *node = NULL;
+        struct o2nm_node *node = NULL, *mynode = NULL;
        struct socket *sock = NULL;
        struct sockaddr_in myaddr = {0, }, remoteaddr = {0, };
        int ret = 0;
@@ -1334,6 +1334,12 @@ static void o2net_start_connect(void *arg)
                goto out;
        }
+        mynode = o2nm_get_node_by_num(o2nm_this_node());
+        if (mynode == NULL) {
+                ret = 0;
+                goto out;
+        }
        spin_lock(&nn->nn_lock);
        /* see if we already have one pending or have given up */
        if (nn->nn_sc || nn->nn_persistent_error)
@@ -1361,12 +1367,14 @@ static void o2net_start_connect(void *arg)
        sock->sk->sk_allocation = GFP_ATOMIC;
        myaddr.sin_family = AF_INET;
+        myaddr.sin_addr.s_addr = (__force u32)mynode->nd_ipv4_address;
        myaddr.sin_port = (__force u16)htons(0); /* any port */
        ret = sock->ops->bind(sock, (struct sockaddr *)&myaddr,
                              sizeof(myaddr));
        if (ret) {
-                mlog(0, "bind failed: %d\n", ret);
+                mlog(ML_ERROR, "bind failed with %d at address %u.%u.%u.%u\n",
+                     ret, NIPQUAD(mynode->nd_ipv4_address));
                goto out;
        }
@@ -1407,6 +1415,8 @@ out:
                sc_put(sc);
        if (node)
                o2nm_node_put(node);
+        if (mynode)
+                o2nm_node_put(mynode);
        return;
 }
diff --git a/fs/ocfs2/cluster/tcp.h b/fs/ocfs2/cluster/tcp.h
index a6f4585501c8..616ff2b8434a 100644
--- a/fs/ocfs2/cluster/tcp.h
+++ b/fs/ocfs2/cluster/tcp.h
@@ -85,13 +85,10 @@ enum {
        O2NET_DRIVER_READY,
 };
-int o2net_init_tcp_sock(struct inode *inode);
 int o2net_send_message(u32 msg_type, u32 key, void *data, u32 len,
                       u8 target_node, int *status);
 int o2net_send_message_vec(u32 msg_type, u32 key, struct kvec *vec,
                           size_t veclen, u8 target_node, int *status);
-int o2net_broadcast_message(u32 msg_type, u32 key, void *data, u32 len,
-                            struct inode *group);
 int o2net_register_handler(u32 msg_type, u32 key, u32 max_len,
                           o2net_msg_handler_func *func, void *data,
@@ -107,7 +104,5 @@ void o2net_disconnect_node(struct o2nm_node *node);
 int o2net_init(void);
 void o2net_exit(void);
-int o2net_proc_init(struct proc_dir_entry *parent);
-void o2net_proc_exit(struct proc_dir_entry *parent);
 #endif /* O2CLUSTER_TCP_H */
diff --git a/fs/ocfs2/dlm/dlmcommon.h b/fs/ocfs2/dlm/dlmcommon.h
index 42eb53b5293b..9c772583744a 100644
--- a/fs/ocfs2/dlm/dlmcommon.h
+++ b/fs/ocfs2/dlm/dlmcommon.h
@@ -37,9 +37,7 @@
 #define DLM_THREAD_SHUFFLE_INTERVAL    5     // flush everything every 5 passes
 #define DLM_THREAD_MS                  200   // flush at least every 200 ms
-#define DLM_HASH_BITS     7
+#define DLM_HASH_BUCKETS     (PAGE_SIZE / sizeof(struct hlist_head))
-#define DLM_HASH_SIZE     (1 << DLM_HASH_BITS)
-#define DLM_HASH_MASK     (DLM_HASH_SIZE - 1)
 enum dlm_ast_type {
        DLM_AST = 0,
@@ -87,7 +85,7 @@ enum dlm_ctxt_state {
 struct dlm_ctxt
 {
        struct list_head list;
-        struct list_head *resources;
+        struct hlist_head *lockres_hash;
        struct list_head dirty_list;
        struct list_head purge_list;
        struct list_head pending_asts;
@@ -208,13 +206,16 @@ static inline void __dlm_set_joining_node(struct dlm_ctxt *dlm,
 #define DLM_LOCK_RES_IN_PROGRESS          0x00000010
 #define DLM_LOCK_RES_MIGRATING            0x00000020
+/* max milliseconds to wait to sync up a network failure with a node death */
+#define DLM_NODE_DEATH_WAIT_MAX (5 * 1000)
 #define DLM_PURGE_INTERVAL_MS   (8 * 1000)
 struct dlm_lock_resource
 {
        /* WARNING: Please see the comment in dlm_init_lockres before
         * adding fields here. */
-        struct list_head list;
+        struct hlist_node hash_node;
        struct kref      refs;
        /* please keep these next 3 in this order
@@ -658,6 +659,7 @@ int dlm_launch_recovery_thread(struct dlm_ctxt *dlm);
 void dlm_complete_recovery_thread(struct dlm_ctxt *dlm);
 void dlm_wait_for_recovery(struct dlm_ctxt *dlm);
 int dlm_is_node_dead(struct dlm_ctxt *dlm, u8 node);
+int dlm_wait_for_node_death(struct dlm_ctxt *dlm, u8 node, int timeout);
 void dlm_put(struct dlm_ctxt *dlm);
 struct dlm_ctxt *dlm_grab(struct dlm_ctxt *dlm);
diff --git a/fs/ocfs2/dlm/dlmconvert.c b/fs/ocfs2/dlm/dlmconvert.c
index 6001b22a997d..f66e2d818ccd 100644
--- a/fs/ocfs2/dlm/dlmconvert.c
+++ b/fs/ocfs2/dlm/dlmconvert.c
@@ -392,6 +392,11 @@ static enum dlm_status dlm_send_remote_convert_request(struct dlm_ctxt *dlm,
        } else {
                mlog_errno(tmpret);
                if (dlm_is_host_down(tmpret)) {
+                        /* instead of logging the same network error over
+                         * and over, sleep here and wait for the heartbeat
+                         * to notice the node is dead.  times out after 5s. */
+                        dlm_wait_for_node_death(dlm, res->owner, 
+                                                DLM_NODE_DEATH_WAIT_MAX);
                        ret = DLM_RECOVERING;
                        mlog(0, "node %u died so returning DLM_RECOVERING "
                             "from convert message!\n", res->owner);
@@ -421,7 +426,7 @@ int dlm_convert_lock_handler(struct o2net_msg *msg, u32 len, void *data)
        struct dlm_lockstatus *lksb;
        enum dlm_status status = DLM_NORMAL;
        u32 flags;
-        int call_ast = 0, kick_thread = 0;
+        int call_ast = 0, kick_thread = 0, ast_reserved = 0;
        if (!dlm_grab(dlm)) {
                dlm_error(DLM_REJECTED);
@@ -490,6 +495,7 @@ int dlm_convert_lock_handler(struct o2net_msg *msg, u32 len, void *data)
        status = __dlm_lockres_state_to_status(res);
        if (status == DLM_NORMAL) {
                __dlm_lockres_reserve_ast(res);
+                ast_reserved = 1;
                res->state |= DLM_LOCK_RES_IN_PROGRESS;
                status = __dlmconvert_master(dlm, res, lock, flags,
                                             cnv->requested_type,
@@ -512,10 +518,10 @@ leave:
        else
                dlm_lock_put(lock);
-        /* either queue the ast or release it */
+        /* either queue the ast or release it, if reserved */
        if (call_ast)
                dlm_queue_ast(dlm, lock);
-        else
+        else if (ast_reserved)
                dlm_lockres_release_ast(dlm, res);
        if (kick_thread)
diff --git a/fs/ocfs2/dlm/dlmdebug.c b/fs/ocfs2/dlm/dlmdebug.c
index f339fe27975a..54f61b76ab51 100644
--- a/fs/ocfs2/dlm/dlmdebug.c
+++ b/fs/ocfs2/dlm/dlmdebug.c
@@ -117,8 +117,8 @@ EXPORT_SYMBOL_GPL(dlm_print_one_lock);
 void dlm_dump_lock_resources(struct dlm_ctxt *dlm)
 {
        struct dlm_lock_resource *res;
-        struct list_head *iter;
+        struct hlist_node *iter;
-        struct list_head *bucket;
+        struct hlist_head *bucket;
        int i;
        mlog(ML_NOTICE, "struct dlm_ctxt: %s, node=%u, key=%u\n",
@@ -129,12 +129,10 @@ void dlm_dump_lock_resources(struct dlm_ctxt *dlm)
        }
        spin_lock(&dlm->spinlock);
-        for (i=0; i<DLM_HASH_SIZE; i++) {
+        for (i=0; i<DLM_HASH_BUCKETS; i++) {
-                bucket = &(dlm->resources[i]);
+                bucket = &(dlm->lockres_hash[i]);
-                list_for_each(iter, bucket) {
+                hlist_for_each_entry(res, iter, bucket, hash_node)
-                        res = list_entry(iter, struct dlm_lock_resource, list);
                        dlm_print_one_lock_resource(res);
-                }
        }
        spin_unlock(&dlm->spinlock);
 }
diff --git a/fs/ocfs2/dlm/dlmdomain.c b/fs/ocfs2/dlm/dlmdomain.c
index 6ee30837389c..8f3a9e3106fd 100644
--- a/fs/ocfs2/dlm/dlmdomain.c
+++ b/fs/ocfs2/dlm/dlmdomain.c
@@ -77,26 +77,26 @@ static void dlm_unregister_domain_handlers(struct dlm_ctxt *dlm);
 void __dlm_unhash_lockres(struct dlm_lock_resource *lockres)
 {
-        list_del_init(&lockres->list);
+        hlist_del_init(&lockres->hash_node);
        dlm_lockres_put(lockres);
 }
 void __dlm_insert_lockres(struct dlm_ctxt *dlm,
                       struct dlm_lock_resource *res)
 {
-        struct list_head *bucket;
+        struct hlist_head *bucket;
        struct qstr *q;
        assert_spin_locked(&dlm->spinlock);
        q = &res->lockname;
        q->hash = full_name_hash(q->name, q->len);
-        bucket = &(dlm->resources[q->hash & DLM_HASH_MASK]);
+        bucket = &(dlm->lockres_hash[q->hash % DLM_HASH_BUCKETS]);
        /* get a reference for our hashtable */
        dlm_lockres_get(res);
-        list_add_tail(&res->list, bucket);
+        hlist_add_head(&res->hash_node, bucket);
 }
 struct dlm_lock_resource * __dlm_lookup_lockres(struct dlm_ctxt *dlm,
@@ -104,9 +104,9 @@ struct dlm_lock_resource * __dlm_lookup_lockres(struct dlm_ctxt *dlm,
                                         unsigned int len)
 {
        unsigned int hash;
-        struct list_head *iter;
+        struct hlist_node *iter;
        struct dlm_lock_resource *tmpres=NULL;
-        struct list_head *bucket;
+        struct hlist_head *bucket;
        mlog_entry("%.*s\n", len, name);
@@ -114,11 +114,11 @@ struct dlm_lock_resource * __dlm_lookup_lockres(struct dlm_ctxt *dlm,
        hash = full_name_hash(name, len);
-        bucket = &(dlm->resources[hash & DLM_HASH_MASK]);
+        bucket = &(dlm->lockres_hash[hash % DLM_HASH_BUCKETS]);
        /* check for pre-existing lock */
-        list_for_each(iter, bucket) {
+        hlist_for_each(iter, bucket) {
-                tmpres = list_entry(iter, struct dlm_lock_resource, list);
+                tmpres = hlist_entry(iter, struct dlm_lock_resource, hash_node);
                if (tmpres->lockname.len == len &&
                    memcmp(tmpres->lockname.name, name, len) == 0) {
                        dlm_lockres_get(tmpres);
@@ -193,8 +193,8 @@ static int dlm_wait_on_domain_helper(const char *domain)
 static void dlm_free_ctxt_mem(struct dlm_ctxt *dlm)
 {
-        if (dlm->resources)
+        if (dlm->lockres_hash)
-                free_page((unsigned long) dlm->resources);
+                free_page((unsigned long) dlm->lockres_hash);
        if (dlm->name)
                kfree(dlm->name);
@@ -303,10 +303,10 @@ static void dlm_migrate_all_locks(struct dlm_ctxt *dlm)
        mlog(0, "Migrating locks from domain %s\n", dlm->name);
 restart:
        spin_lock(&dlm->spinlock);
-        for (i=0; i<DLM_HASH_SIZE; i++) {
+        for (i = 0; i < DLM_HASH_BUCKETS; i++) {
-                while (!list_empty(&dlm->resources[i])) {
+                while (!hlist_empty(&dlm->lockres_hash[i])) {
-                        res = list_entry(dlm->resources[i].next,
+                        res = hlist_entry(dlm->lockres_hash[i].first,
-                                     struct dlm_lock_resource, list);
+                                          struct dlm_lock_resource, hash_node);
                        /* need reference when manually grabbing lockres */
                        dlm_lockres_get(res);
                        /* this should unhash the lockres
@@ -1191,18 +1191,17 @@ static struct dlm_ctxt *dlm_alloc_ctxt(const char *domain,
                goto leave;
        }
-        dlm->resources = (struct list_head *) __get_free_page(GFP_KERNEL);
+        dlm->lockres_hash = (struct hlist_head *) __get_free_page(GFP_KERNEL);
-        if (!dlm->resources) {
+        if (!dlm->lockres_hash) {
                mlog_errno(-ENOMEM);
                kfree(dlm->name);
                kfree(dlm);
                dlm = NULL;
                goto leave;
        }
-        memset(dlm->resources, 0, PAGE_SIZE);
-        for (i=0; i<DLM_HASH_SIZE; i++)
+        for (i=0; i<DLM_HASH_BUCKETS; i++)
-                INIT_LIST_HEAD(&dlm->resources[i]);
+                INIT_HLIST_HEAD(&dlm->lockres_hash[i]);
        strcpy(dlm->name, domain);
        dlm->key = key;
diff --git a/fs/ocfs2/dlm/dlmlock.c b/fs/ocfs2/dlm/dlmlock.c
index d1a0038557a3..671d4ff222cc 100644
--- a/fs/ocfs2/dlm/dlmlock.c
+++ b/fs/ocfs2/dlm/dlmlock.c
@@ -220,6 +220,17 @@ static enum dlm_status dlmlock_remote(struct dlm_ctxt *dlm,
                        dlm_error(status);
                dlm_revert_pending_lock(res, lock);
                dlm_lock_put(lock);
+        } else if (dlm_is_recovery_lock(res->lockname.name, 
+                                        res->lockname.len)) {
+                /* special case for the $RECOVERY lock.
+                 * there will never be an AST delivered to put
+                 * this lock on the proper secondary queue
+                 * (granted), so do it manually. */
+                mlog(0, "%s: $RECOVERY lock for this node (%u) is "
+                     "mastered by %u; got lock, manually granting (no ast)\n",
+                     dlm->name, dlm->node_num, res->owner);
+                list_del_init(&lock->list);
+                list_add_tail(&lock->list, &res->granted);
        }
        spin_unlock(&res->spinlock);
@@ -646,7 +657,19 @@ retry_lock:
                        mlog(0, "retrying lock with migration/"
                             "recovery/in progress\n");
                        msleep(100);
-                        dlm_wait_for_recovery(dlm);
+                        /* no waiting for dlm_reco_thread */
+                        if (recovery) {
+                                if (status == DLM_RECOVERING) {
+                                        mlog(0, "%s: got RECOVERING "
+                                             "for $REOCVERY lock, master "
+                                             "was %u\n", dlm->name, 
+                                             res->owner);
+                                        dlm_wait_for_node_death(dlm, res->owner, 
+                                                        DLM_NODE_DEATH_WAIT_MAX);
+                                }
+                        } else {
+                                dlm_wait_for_recovery(dlm);
+                        }
                        goto retry_lock;
                }
diff --git a/fs/ocfs2/dlm/dlmmaster.c b/fs/ocfs2/dlm/dlmmaster.c
index a3194fe173d9..847dd3cc4cf5 100644
--- a/fs/ocfs2/dlm/dlmmaster.c
+++ b/fs/ocfs2/dlm/dlmmaster.c
@@ -564,7 +564,7 @@ static void dlm_lockres_release(struct kref *kref)
        /* By the time we're ready to blow this guy away, we shouldn't
         * be on any lists. */
-        BUG_ON(!list_empty(&res->list));
+        BUG_ON(!hlist_unhashed(&res->hash_node));
        BUG_ON(!list_empty(&res->granted));
        BUG_ON(!list_empty(&res->converting));
        BUG_ON(!list_empty(&res->blocked));
@@ -605,7 +605,7 @@ static void dlm_init_lockres(struct dlm_ctxt *dlm,
        init_waitqueue_head(&res->wq);
        spin_lock_init(&res->spinlock);
-        INIT_LIST_HEAD(&res->list);
+        INIT_HLIST_NODE(&res->hash_node);
        INIT_LIST_HEAD(&res->granted);
        INIT_LIST_HEAD(&res->converting);
        INIT_LIST_HEAD(&res->blocked);
@@ -2482,7 +2482,9 @@ top:
                                atomic_set(&mle->woken, 1);
                                spin_unlock(&mle->spinlock);
                                wake_up(&mle->wq);
-                                /* final put will take care of list removal */
+                                /* do not need events any longer, so detach 
+                                 * from heartbeat */
+                                __dlm_mle_detach_hb_events(dlm, mle);
                                __dlm_put_mle(mle);
                        }
                        continue;
@@ -2537,6 +2539,9 @@ top:
                        spin_unlock(&res->spinlock);
                        dlm_lockres_put(res);
+                        /* about to get rid of mle, detach from heartbeat */
+                        __dlm_mle_detach_hb_events(dlm, mle);
                        /* dump the mle */
                        spin_lock(&dlm->master_lock);
                        __dlm_put_mle(mle);
diff --git a/fs/ocfs2/dlm/dlmrecovery.c b/fs/ocfs2/dlm/dlmrecovery.c
index 186e9a76aa58..1e232000f3f7 100644
--- a/fs/ocfs2/dlm/dlmrecovery.c
+++ b/fs/ocfs2/dlm/dlmrecovery.c
@@ -278,6 +278,24 @@ int dlm_is_node_dead(struct dlm_ctxt *dlm, u8 node)
        return dead;
 }
+int dlm_wait_for_node_death(struct dlm_ctxt *dlm, u8 node, int timeout)
+{
+        if (timeout) {
+                mlog(ML_NOTICE, "%s: waiting %dms for notification of "
+                     "death of node %u\n", dlm->name, timeout, node);
+                wait_event_timeout(dlm->dlm_reco_thread_wq,
+                           dlm_is_node_dead(dlm, node),
+                           msecs_to_jiffies(timeout));
+        } else {
+                mlog(ML_NOTICE, "%s: waiting indefinitely for notification "
+                     "of death of node %u\n", dlm->name, node);
+                wait_event(dlm->dlm_reco_thread_wq,
+                           dlm_is_node_dead(dlm, node));
+        }
+        /* for now, return 0 */
+        return 0;
+}
 /* callers of the top-level api calls (dlmlock/dlmunlock) should
 * block on the dlm->reco.event when recovery is in progress.
 * the dlm recovery thread will set this state when it begins
@@ -1675,7 +1693,10 @@ static void dlm_finish_local_lockres_recovery(struct dlm_ctxt *dlm,
                                              u8 dead_node, u8 new_master)
 {
        int i;
-        struct list_head *iter, *iter2, *bucket;
+        struct list_head *iter, *iter2;
+        struct hlist_node *hash_iter;
+        struct hlist_head *bucket;
        struct dlm_lock_resource *res;
        mlog_entry_void();
@@ -1699,10 +1720,9 @@ static void dlm_finish_local_lockres_recovery(struct dlm_ctxt *dlm,
         * for now we need to run the whole hash, clear
         * the RECOVERING state and set the owner
         * if necessary */
-        for (i=0; i<DLM_HASH_SIZE; i++) {
+        for (i = 0; i < DLM_HASH_BUCKETS; i++) {
-                bucket = &(dlm->resources[i]);
+                bucket = &(dlm->lockres_hash[i]);
-                list_for_each(iter, bucket) {
+                hlist_for_each_entry(res, hash_iter, bucket, hash_node) {
-                        res = list_entry (iter, struct dlm_lock_resource, list);
                        if (res->state & DLM_LOCK_RES_RECOVERING) {
                                if (res->owner == dead_node) {
                                        mlog(0, "(this=%u) res %.*s owner=%u "
@@ -1834,10 +1854,10 @@ static void dlm_free_dead_locks(struct dlm_ctxt *dlm,
 static void dlm_do_local_recovery_cleanup(struct dlm_ctxt *dlm, u8 dead_node)
 {
-        struct list_head *iter;
+        struct hlist_node *iter;
        struct dlm_lock_resource *res;
        int i;
-        struct list_head *bucket;
+        struct hlist_head *bucket;
        struct dlm_lock *lock;
@@ -1858,10 +1878,9 @@ static void dlm_do_local_recovery_cleanup(struct dlm_ctxt *dlm, u8 dead_node)
         *    can be kicked again to see if any ASTs or BASTs
         *    need to be fired as a result.
         */
-        for (i=0; i<DLM_HASH_SIZE; i++) {
+        for (i = 0; i < DLM_HASH_BUCKETS; i++) {
-                bucket = &(dlm->resources[i]);
+                bucket = &(dlm->lockres_hash[i]);
-                list_for_each(iter, bucket) {
+                hlist_for_each_entry(res, iter, bucket, hash_node) {
-                        res = list_entry (iter, struct dlm_lock_resource, list);
                        /* always prune any $RECOVERY entries for dead nodes,
                         * otherwise hangs can occur during later recovery */
                        if (dlm_is_recovery_lock(res->lockname.name,
@@ -2032,6 +2051,30 @@ again:
                             dlm->reco.new_master);
                        status = -EEXIST;
                } else {
+                        status = 0;
+                        /* see if recovery was already finished elsewhere */
+                        spin_lock(&dlm->spinlock);
+                        if (dlm->reco.dead_node == O2NM_INVALID_NODE_NUM) {
+                                status = -EINVAL;       
+                                mlog(0, "%s: got reco EX lock, but "
+                                     "node got recovered already\n", dlm->name);
+                                if (dlm->reco.new_master != O2NM_INVALID_NODE_NUM) {
+                                        mlog(ML_ERROR, "%s: new master is %u "
+                                             "but no dead node!\n", 
+                                             dlm->name, dlm->reco.new_master);
+                                        BUG();
+                                }
+                        }
+                        spin_unlock(&dlm->spinlock);
+                }
+                /* if this node has actually become the recovery master,
+                 * set the master and send the messages to begin recovery */
+                if (!status) {
+                        mlog(0, "%s: dead=%u, this=%u, sending "
+                             "begin_reco now\n", dlm->name, 
+                             dlm->reco.dead_node, dlm->node_num);
                        status = dlm_send_begin_reco_message(dlm,
                                      dlm->reco.dead_node);
                        /* this always succeeds */
diff --git a/fs/ocfs2/extent_map.c b/fs/ocfs2/extent_map.c
index b6ba292e9544..e6f207eebab4 100644
--- a/fs/ocfs2/extent_map.c
+++ b/fs/ocfs2/extent_map.c
@@ -181,6 +181,12 @@ static int ocfs2_extent_map_find_leaf(struct inode *inode,
                        ret = -EBADR;
                        if (rec_end > OCFS2_I(inode)->ip_clusters) {
                                mlog_errno(ret);
+                                ocfs2_error(inode->i_sb,
+                                            "Extent %d at e_blkno %"MLFu64" of inode %"MLFu64" goes past ip_clusters of %u\n",
+                                            i,
+                                            le64_to_cpu(rec->e_blkno),
+                                            OCFS2_I(inode)->ip_blkno,
+                                            OCFS2_I(inode)->ip_clusters);
                                goto out_free;
                        }
@@ -226,6 +232,12 @@ static int ocfs2_extent_map_find_leaf(struct inode *inode,
                        ret = -EBADR;
                        if (blkno) {
                                mlog_errno(ret);
+                                ocfs2_error(inode->i_sb,
+                                            "Multiple extents for (cpos = %u, clusters = %u) on inode %"MLFu64"; e_blkno %"MLFu64" and rec %d at e_blkno %"MLFu64"\n",
+                                            cpos, clusters,
+                                            OCFS2_I(inode)->ip_blkno,
+                                            blkno, i,
+                                            le64_to_cpu(rec->e_blkno));
                                goto out_free;
                        }
@@ -238,6 +250,10 @@ static int ocfs2_extent_map_find_leaf(struct inode *inode,
                 */
                ret = -EBADR;
                if (!blkno) {
+                        ocfs2_error(inode->i_sb,
+                                    "No record found for (cpos = %u, clusters = %u) on inode %"MLFu64"\n",
+                                    cpos, clusters,
+                                    OCFS2_I(inode)->ip_blkno);
                        mlog_errno(ret);
                        goto out_free;
                }
@@ -266,6 +282,20 @@ static int ocfs2_extent_map_find_leaf(struct inode *inode,
        for (i = 0; i < le16_to_cpu(el->l_next_free_rec); i++) {
                rec = &el->l_recs[i];
+                if ((le32_to_cpu(rec->e_cpos) + le32_to_cpu(rec->e_clusters)) >
+                    OCFS2_I(inode)->ip_clusters) {
+                        ret = -EBADR;
+                        mlog_errno(ret);
+                        ocfs2_error(inode->i_sb,
+                                    "Extent %d at e_blkno %"MLFu64" of inode %"MLFu64" goes past ip_clusters of %u\n",
+                                    i,
+                                    le64_to_cpu(rec->e_blkno),
+                                    OCFS2_I(inode)->ip_blkno,
+                                    OCFS2_I(inode)->ip_clusters);
+                        return ret;
+                }
                ret = ocfs2_extent_map_insert(inode, rec,
                                              le16_to_cpu(el->l_tree_depth));
                if (ret) {
@@ -526,6 +556,10 @@ static int ocfs2_extent_map_insert(struct inode *inode,
                    OCFS2_I(inode)->ip_map.em_clusters) {
                        ret = -EBADR;
                        mlog_errno(ret);
+                        ocfs2_error(inode->i_sb,
+                                    "Zero e_clusters on non-tail extent record at e_blkno %"MLFu64" on inode %"MLFu64"\n",
+                                    le64_to_cpu(rec->e_blkno),
+                                    OCFS2_I(inode)->ip_blkno);
                        return ret;
                }
@@ -588,12 +622,12 @@ static int ocfs2_extent_map_insert(struct inode *inode,
 * Existing record in the extent map:
 *
 *      cpos = 10, len = 10
- *      |---------|
+ *      |---------|
 *
 * New Record:
 *
 *      cpos = 10, len = 20
- *      |------------------|
+ *      |------------------|
 *
 * The passed record is the new on-disk record.  The new_clusters value
 * is how many clusters were added to the file.  If the append is a
diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c
index 1715bc90e705..8a4048b55fdc 100644
--- a/fs/ocfs2/file.c
+++ b/fs/ocfs2/file.c
@@ -933,9 +933,6 @@ static ssize_t ocfs2_file_aio_write(struct kiocb *iocb,
        struct file *filp = iocb->ki_filp;
        struct inode *inode = filp->f_dentry->d_inode;
        loff_t newsize, saved_pos;
-#ifdef OCFS2_ORACORE_WORKAROUNDS
-        struct ocfs2_super *osb = OCFS2_SB(inode->i_sb);
-#endif
        mlog_entry("(0x%p, 0x%p, %u, '%.*s')\n", filp, buf,
                   (unsigned int)count,
@@ -951,14 +948,6 @@ static ssize_t ocfs2_file_aio_write(struct kiocb *iocb,
                return -EIO;
        }
-#ifdef OCFS2_ORACORE_WORKAROUNDS
-        /* ugh, work around some applications which open everything O_DIRECT +
-         * O_APPEND and really don't mean to use O_DIRECT. */
-        if (osb->s_mount_opt & OCFS2_MOUNT_COMPAT_OCFS &&
-            (filp->f_flags & O_APPEND) && (filp->f_flags & O_DIRECT)) 
-                filp->f_flags &= ~O_DIRECT;
-#endif
        mutex_lock(&inode->i_mutex);
        /* to match setattr's i_mutex -> i_alloc_sem -> rw_lock ordering */
        if (filp->f_flags & O_DIRECT) {
@@ -1079,27 +1068,7 @@ static ssize_t ocfs2_file_aio_write(struct kiocb *iocb,
        /* communicate with ocfs2_dio_end_io */
        ocfs2_iocb_set_rw_locked(iocb);
-#ifdef OCFS2_ORACORE_WORKAROUNDS
+        ret = generic_file_aio_write_nolock(iocb, &local_iov, 1, &iocb->ki_pos);
-        if (osb->s_mount_opt & OCFS2_MOUNT_COMPAT_OCFS &&
-            filp->f_flags & O_DIRECT) {
-                unsigned int saved_flags = filp->f_flags;
-                int sector_size = 1 << osb->s_sectsize_bits;
-                if ((saved_pos & (sector_size - 1)) ||
-                    (count & (sector_size - 1)) ||
-                    ((unsigned long)buf & (sector_size - 1))) {
-                        filp->f_flags |= O_SYNC;
-                        filp->f_flags &= ~O_DIRECT;
-                }
-                ret = generic_file_aio_write_nolock(iocb, &local_iov, 1,
-                                                    &iocb->ki_pos);
-                filp->f_flags = saved_flags;
-        } else
-#endif
-                ret = generic_file_aio_write_nolock(iocb, &local_iov, 1,
-                                                    &iocb->ki_pos);
        /* buffered aio wouldn't have proper lock coverage today */
        BUG_ON(ret == -EIOCBQUEUED && !(filp->f_flags & O_DIRECT));
@@ -1140,9 +1109,6 @@ static ssize_t ocfs2_file_aio_read(struct kiocb *iocb,
        int ret = 0, rw_level = -1, have_alloc_sem = 0;
        struct file *filp = iocb->ki_filp;
        struct inode *inode = filp->f_dentry->d_inode;
-#ifdef OCFS2_ORACORE_WORKAROUNDS
-        struct ocfs2_super *osb = OCFS2_SB(inode->i_sb);
-#endif
        mlog_entry("(0x%p, 0x%p, %u, '%.*s')\n", filp, buf,
                   (unsigned int)count,
@@ -1155,21 +1121,6 @@ static ssize_t ocfs2_file_aio_read(struct kiocb *iocb,
                goto bail;
        }
-#ifdef OCFS2_ORACORE_WORKAROUNDS
-        if (osb->s_mount_opt & OCFS2_MOUNT_COMPAT_OCFS) {
-                if (filp->f_flags & O_DIRECT) {
-                        int sector_size = 1 << osb->s_sectsize_bits;
-                        if ((pos & (sector_size - 1)) ||
-                            (count & (sector_size - 1)) ||
-                            ((unsigned long)buf & (sector_size - 1)) ||
-                            (i_size_read(inode) & (sector_size -1))) {
-                                filp->f_flags &= ~O_DIRECT;
-                        }
-                }
-        }
-#endif
        /* 
         * buffered reads protect themselves in ->readpage().  O_DIRECT reads
         * need locks to protect pending reads from racing with truncate.
diff --git a/fs/ocfs2/heartbeat.c b/fs/ocfs2/heartbeat.c
index 0bbd22f46c80..cbfd45a97a63 100644
--- a/fs/ocfs2/heartbeat.c
+++ b/fs/ocfs2/heartbeat.c
@@ -67,6 +67,7 @@ void ocfs2_init_node_maps(struct ocfs2_super *osb)
        ocfs2_node_map_init(&osb->mounted_map);
        ocfs2_node_map_init(&osb->recovery_map);
        ocfs2_node_map_init(&osb->umount_map);
+        ocfs2_node_map_init(&osb->osb_recovering_orphan_dirs);
 }
 static void ocfs2_do_node_down(int node_num,
diff --git a/fs/ocfs2/inode.c b/fs/ocfs2/inode.c
index 8122489c5762..315472a5c192 100644
--- a/fs/ocfs2/inode.c
+++ b/fs/ocfs2/inode.c
@@ -41,6 +41,7 @@
 #include "dlmglue.h"
 #include "extent_map.h"
 #include "file.h"
+#include "heartbeat.h"
 #include "inode.h"
 #include "journal.h"
 #include "namei.h"
@@ -544,6 +545,42 @@ bail:
        return status;
 }
+/* 
+ * Serialize with orphan dir recovery. If the process doing
+ * recovery on this orphan dir does an iget() with the dir
+ * i_mutex held, we'll deadlock here. Instead we detect this
+ * and exit early - recovery will wipe this inode for us.
+ */
+static int ocfs2_check_orphan_recovery_state(struct ocfs2_super *osb,
+                                             int slot)
+{
+        int ret = 0;
+        spin_lock(&osb->osb_lock);
+        if (ocfs2_node_map_test_bit(osb, &osb->osb_recovering_orphan_dirs, slot)) {
+                mlog(0, "Recovery is happening on orphan dir %d, will skip "
+                     "this inode\n", slot);
+                ret = -EDEADLK;
+                goto out;
+        }
+        /* This signals to the orphan recovery process that it should
+         * wait for us to handle the wipe. */
+        osb->osb_orphan_wipes[slot]++;
+out:
+        spin_unlock(&osb->osb_lock);
+        return ret;
+}
+static void ocfs2_signal_wipe_completion(struct ocfs2_super *osb,
+                                         int slot)
+{
+        spin_lock(&osb->osb_lock);
+        osb->osb_orphan_wipes[slot]--;
+        spin_unlock(&osb->osb_lock);
+        wake_up(&osb->osb_wipe_event);
+}
 static int ocfs2_wipe_inode(struct inode *inode,
                            struct buffer_head *di_bh)
 {
@@ -555,6 +592,11 @@ static int ocfs2_wipe_inode(struct inode *inode,
        /* We've already voted on this so it should be readonly - no
         * spinlock needed. */
        orphaned_slot = OCFS2_I(inode)->ip_orphaned_slot;
+        status = ocfs2_check_orphan_recovery_state(osb, orphaned_slot);
+        if (status)
+                return status;
        orphan_dir_inode = ocfs2_get_system_file_inode(osb,
                                                       ORPHAN_DIR_SYSTEM_INODE,
                                                       orphaned_slot);
@@ -597,6 +639,7 @@ bail_unlock_dir:
        brelse(orphan_dir_bh);
 bail:
        iput(orphan_dir_inode);
+        ocfs2_signal_wipe_completion(osb, orphaned_slot);
        return status;
 }
@@ -822,7 +865,8 @@ void ocfs2_delete_inode(struct inode *inode)
        status = ocfs2_wipe_inode(inode, di_bh);
        if (status < 0) {
-                mlog_errno(status);
+                if (status != -EDEADLK)
+                        mlog_errno(status);
                goto bail_unlock_inode;
        }
diff --git a/fs/ocfs2/journal.c b/fs/ocfs2/journal.c
index fa0bcac5ceae..4be801f4559b 100644
--- a/fs/ocfs2/journal.c
+++ b/fs/ocfs2/journal.c
@@ -1408,21 +1408,17 @@ bail:
        return status;
 }
-static int ocfs2_recover_orphans(struct ocfs2_super *osb,
+static int ocfs2_queue_orphans(struct ocfs2_super *osb,
-                                 int slot)
+                               int slot,
+                               struct inode **head)
 {
-        int status = 0;
+        int status;
-        int have_disk_lock = 0;
-        struct inode *inode = NULL;
-        struct inode *iter;
        struct inode *orphan_dir_inode = NULL;
+        struct inode *iter;
        unsigned long offset, blk, local;
        struct buffer_head *bh = NULL;
        struct ocfs2_dir_entry *de;
        struct super_block *sb = osb->sb;
-        struct ocfs2_inode_info *oi;
-        mlog(0, "Recover inodes from orphan dir in slot %d\n", slot);
        orphan_dir_inode = ocfs2_get_system_file_inode(osb,
                                                       ORPHAN_DIR_SYSTEM_INODE,
@@ -1430,17 +1426,15 @@ static int ocfs2_recover_orphans(struct ocfs2_super *osb,
        if  (!orphan_dir_inode) {
                status = -ENOENT;
                mlog_errno(status);
-                goto out;
+                return status;
-        }
+        }       
        mutex_lock(&orphan_dir_inode->i_mutex);
        status = ocfs2_meta_lock(orphan_dir_inode, NULL, NULL, 0);
        if (status < 0) {
-                mutex_unlock(&orphan_dir_inode->i_mutex);
                mlog_errno(status);
                goto out;
        }
-        have_disk_lock = 1;
        offset = 0;
        iter = NULL;
@@ -1451,11 +1445,10 @@ static int ocfs2_recover_orphans(struct ocfs2_super *osb,
                if (!bh)
                        status = -EINVAL;
                if (status < 0) {
-                        mutex_unlock(&orphan_dir_inode->i_mutex);
                        if (bh)
                                brelse(bh);
                        mlog_errno(status);
-                        goto out;
+                        goto out_unlock;
                }
                local = 0;
@@ -1465,11 +1458,10 @@ static int ocfs2_recover_orphans(struct ocfs2_super *osb,
                        if (!ocfs2_check_dir_entry(orphan_dir_inode,
                                                  de, bh, local)) {
-                                mutex_unlock(&orphan_dir_inode->i_mutex);
                                status = -EINVAL;
                                mlog_errno(status);
                                brelse(bh);
-                                goto out;
+                                goto out_unlock;
                        }
                        local += le16_to_cpu(de->rec_len);
@@ -1504,18 +1496,95 @@ static int ocfs2_recover_orphans(struct ocfs2_super *osb,
                        mlog(0, "queue orphan %"MLFu64"\n",
                             OCFS2_I(iter)->ip_blkno);
-                        OCFS2_I(iter)->ip_next_orphan = inode;
+                        /* No locking is required for the next_orphan
-                        inode = iter;
+                         * queue as there is only ever a single
+                         * process doing orphan recovery. */
+                        OCFS2_I(iter)->ip_next_orphan = *head;
+                        *head = iter;
                }
                brelse(bh);
        }
-        mutex_unlock(&orphan_dir_inode->i_mutex);
+out_unlock:
        ocfs2_meta_unlock(orphan_dir_inode, 0);
-        have_disk_lock = 0;
+out:
+        mutex_unlock(&orphan_dir_inode->i_mutex);
        iput(orphan_dir_inode);
-        orphan_dir_inode = NULL;
+        return status;
+}
+static int ocfs2_orphan_recovery_can_continue(struct ocfs2_super *osb,
+                                              int slot)
+{
+        int ret;
+        spin_lock(&osb->osb_lock);
+        ret = !osb->osb_orphan_wipes[slot];
+        spin_unlock(&osb->osb_lock);
+        return ret;
+}
+static void ocfs2_mark_recovering_orphan_dir(struct ocfs2_super *osb,
+                                             int slot)
+{
+        spin_lock(&osb->osb_lock);
+        /* Mark ourselves such that new processes in delete_inode()
+         * know to quit early. */
+        ocfs2_node_map_set_bit(osb, &osb->osb_recovering_orphan_dirs, slot);
+        while (osb->osb_orphan_wipes[slot]) {
+                /* If any processes are already in the middle of an
+                 * orphan wipe on this dir, then we need to wait for
+                 * them. */
+                spin_unlock(&osb->osb_lock);
+                wait_event_interruptible(osb->osb_wipe_event,
+                                         ocfs2_orphan_recovery_can_continue(osb, slot));
+                spin_lock(&osb->osb_lock);
+        }
+        spin_unlock(&osb->osb_lock);
+}
+static void ocfs2_clear_recovering_orphan_dir(struct ocfs2_super *osb,
+                                              int slot)
+{
+        ocfs2_node_map_clear_bit(osb, &osb->osb_recovering_orphan_dirs, slot);
+}
+/*
+ * Orphan recovery. Each mounted node has it's own orphan dir which we
+ * must run during recovery. Our strategy here is to build a list of
+ * the inodes in the orphan dir and iget/iput them. The VFS does
+ * (most) of the rest of the work.
+ *
+ * Orphan recovery can happen at any time, not just mount so we have a
+ * couple of extra considerations.
+ *
+ * - We grab as many inodes as we can under the orphan dir lock -
+ *   doing iget() outside the orphan dir risks getting a reference on
+ *   an invalid inode.
+ * - We must be sure not to deadlock with other processes on the
+ *   system wanting to run delete_inode(). This can happen when they go
+ *   to lock the orphan dir and the orphan recovery process attempts to
+ *   iget() inside the orphan dir lock. This can be avoided by
+ *   advertising our state to ocfs2_delete_inode().
+ */
+static int ocfs2_recover_orphans(struct ocfs2_super *osb,
+                                 int slot)
+{
+        int ret = 0;
+        struct inode *inode = NULL;
+        struct inode *iter;
+        struct ocfs2_inode_info *oi;
+        mlog(0, "Recover inodes from orphan dir in slot %d\n", slot);
+        ocfs2_mark_recovering_orphan_dir(osb, slot);
+        ret = ocfs2_queue_orphans(osb, slot, &inode);
+        ocfs2_clear_recovering_orphan_dir(osb, slot);
+        /* Error here should be noted, but we want to continue with as
+         * many queued inodes as we've got. */
+        if (ret)
+                mlog_errno(ret);
        while (inode) {
                oi = OCFS2_I(inode);
@@ -1541,14 +1610,7 @@ static int ocfs2_recover_orphans(struct ocfs2_super *osb,
                inode = iter;
        }
-out:
+        return ret;
-        if (have_disk_lock)
-                ocfs2_meta_unlock(orphan_dir_inode, 0);
-        if (orphan_dir_inode)
-                iput(orphan_dir_inode);
-        return status;
 }
 static int ocfs2_wait_on_mount(struct ocfs2_super *osb)
@@ -1584,10 +1646,9 @@ static int ocfs2_commit_thread(void *arg)
        while (!(kthread_should_stop() &&
                 atomic_read(&journal->j_num_trans) == 0)) {
-                wait_event_interruptible_timeout(osb->checkpoint_event,
+                wait_event_interruptible(osb->checkpoint_event,
-                                                 atomic_read(&journal->j_num_trans)
+                                         atomic_read(&journal->j_num_trans)
-                                                 || kthread_should_stop(),
+                                         || kthread_should_stop());
-                                                 OCFS2_CHECKPOINT_INTERVAL);
                status = ocfs2_commit_cache(osb);
                if (status < 0)
diff --git a/fs/ocfs2/journal.h b/fs/ocfs2/journal.h
index 7d0a816184fa..2f3a6acdac45 100644
--- a/fs/ocfs2/journal.h
+++ b/fs/ocfs2/journal.h
@@ -29,8 +29,6 @@
 #include <linux/fs.h>
 #include <linux/jbd.h>
-#define OCFS2_CHECKPOINT_INTERVAL        (8 * HZ)
 enum ocfs2_journal_state {
        OCFS2_JOURNAL_FREE = 0,
        OCFS2_JOURNAL_LOADED,
diff --git a/fs/ocfs2/ocfs2.h b/fs/ocfs2/ocfs2.h
index 8d8e4779df92..e89de9b6e491 100644
--- a/fs/ocfs2/ocfs2.h
+++ b/fs/ocfs2/ocfs2.h
@@ -174,9 +174,6 @@ enum ocfs2_mount_options
        OCFS2_MOUNT_NOINTR  = 1 << 2,   /* Don't catch signals */
        OCFS2_MOUNT_ERRORS_PANIC = 1 << 3, /* Panic on errors */
        OCFS2_MOUNT_DATA_WRITEBACK = 1 << 4, /* No data ordering */
-#ifdef OCFS2_ORACORE_WORKAROUNDS
-        OCFS2_MOUNT_COMPAT_OCFS = 1 << 30, /* ocfs1 compatibility mode */
-#endif
 };
 #define OCFS2_OSB_SOFT_RO       0x0001
@@ -290,6 +287,10 @@ struct ocfs2_super
        struct inode                    *osb_tl_inode;
        struct buffer_head              *osb_tl_bh;
        struct work_struct              osb_truncate_log_wq;
+        struct ocfs2_node_map           osb_recovering_orphan_dirs;
+        unsigned int                    *osb_orphan_wipes;
+        wait_queue_head_t               osb_wipe_event;
 };
 #define OCFS2_SB(sb)        ((struct ocfs2_super *)(sb)->s_fs_info)
diff --git a/fs/ocfs2/ocfs2_fs.h b/fs/ocfs2/ocfs2_fs.h
index dfb8a5bedfc8..c5b1ac547c15 100644
--- a/fs/ocfs2/ocfs2_fs.h
+++ b/fs/ocfs2/ocfs2_fs.h
@@ -138,7 +138,6 @@
 /* Journal limits (in bytes) */
 #define OCFS2_MIN_JOURNAL_SIZE          (4 * 1024 * 1024)
-#define OCFS2_MAX_JOURNAL_SIZE          (500 * 1024 * 1024)
 struct ocfs2_system_inode_info {
        char    *si_name;
diff --git a/fs/ocfs2/super.c b/fs/ocfs2/super.c
index 046824b6b625..8dd3aafec499 100644
--- a/fs/ocfs2/super.c
+++ b/fs/ocfs2/super.c
@@ -1325,6 +1325,16 @@ static int ocfs2_initialize_super(struct super_block *sb,
        }
        mlog(ML_NOTICE, "max_slots for this device: %u\n", osb->max_slots);
+        init_waitqueue_head(&osb->osb_wipe_event);
+        osb->osb_orphan_wipes = kcalloc(osb->max_slots,
+                                        sizeof(*osb->osb_orphan_wipes),
+                                        GFP_KERNEL);
+        if (!osb->osb_orphan_wipes) {
+                status = -ENOMEM;
+                mlog_errno(status);
+                goto bail;
+        }
        osb->s_feature_compat =
                le32_to_cpu(OCFS2_RAW_SB(di)->s_feature_compat);
        osb->s_feature_ro_compat =
@@ -1638,6 +1648,7 @@ static void ocfs2_delete_osb(struct ocfs2_super *osb)
        if (osb->slot_info)
                ocfs2_free_slot_info(osb->slot_info);
+        kfree(osb->osb_orphan_wipes);
        /* FIXME
         * This belongs in journal shutdown, but because we have to
         * allocate osb->journal at the start of ocfs2_initalize_osb(),
diff --git a/fs/partitions/ibm.c b/fs/partitions/ibm.c
index 78010ad60e47..1e4a93835fed 100644
--- a/fs/partitions/ibm.c
+++ b/fs/partitions/ibm.c
@@ -52,6 +52,7 @@ int
 ibm_partition(struct parsed_partitions *state, struct block_device *bdev)
 {
        int blocksize, offset, size;
+        loff_t i_size;
        dasd_information_t *info;
        struct hd_geometry *geo;
        char type[5] = {0,};
@@ -63,6 +64,13 @@ ibm_partition(struct parsed_partitions *state, struct block_device *bdev)
        unsigned char *data;
        Sector sect;
+        blocksize = bdev_hardsect_size(bdev);
+        if (blocksize <= 0)
+                return 0;
+        i_size = i_size_read(bdev->bd_inode);
+        if (i_size == 0)
+                return 0;
        if ((info = kmalloc(sizeof(dasd_information_t), GFP_KERNEL)) == NULL)
                goto out_noinfo;
        if ((geo = kmalloc(sizeof(struct hd_geometry), GFP_KERNEL)) == NULL)
@@ -73,9 +81,6 @@ ibm_partition(struct parsed_partitions *state, struct block_device *bdev)
        if (ioctl_by_bdev(bdev, BIODASDINFO, (unsigned long)info) != 0 ||
            ioctl_by_bdev(bdev, HDIO_GETGEO, (unsigned long)geo) != 0)
                goto out_noioctl;
-        
-        if ((blocksize = bdev_hardsect_size(bdev)) <= 0)
-                goto out_badsect;
        /*
         * Get volume label, extract name and type.
@@ -111,7 +116,7 @@ ibm_partition(struct parsed_partitions *state, struct block_device *bdev)
                } else {
                        printk("CMS1/%8s:", name);
                        offset = (info->label_block + 1);
-                        size = bdev->bd_inode->i_size >> 9;
+                        size = i_size >> 9;
                }
                put_partition(state, 1, offset*(blocksize >> 9),
                                 size-offset*(blocksize >> 9));
@@ -168,7 +173,7 @@ ibm_partition(struct parsed_partitions *state, struct block_device *bdev)
                else
                        printk("(nonl)/%8s:", name);
                offset = (info->label_block + 1);
-                size = (bdev->bd_inode->i_size >> 9);
+                size = i_size >> 9;
                put_partition(state, 1, offset*(blocksize >> 9),
                                 size-offset*(blocksize >> 9));
        }
@@ -180,7 +185,6 @@ ibm_partition(struct parsed_partitions *state, struct block_device *bdev)
        return 1;
        
 out_readerr:
-out_badsect:
 out_noioctl:
        kfree(label);
 out_nolab:
diff --git a/fs/pipe.c b/fs/pipe.c
index d722579df79a..8aada8e426f4 100644
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -605,7 +605,7 @@ struct file_operations rdwr_fifo_fops = {
        .fasync         = pipe_rdwr_fasync,
 };
-struct file_operations read_pipe_fops = {
+static struct file_operations read_pipe_fops = {
        .llseek         = no_llseek,
        .read           = pipe_read,
        .readv          = pipe_readv,
@@ -617,7 +617,7 @@ struct file_operations read_pipe_fops = {
        .fasync         = pipe_read_fasync,
 };
-struct file_operations write_pipe_fops = {
+static struct file_operations write_pipe_fops = {
        .llseek         = no_llseek,
        .read           = bad_pipe_r,
        .write          = pipe_write,
@@ -629,7 +629,7 @@ struct file_operations write_pipe_fops = {
        .fasync         = pipe_write_fasync,
 };
-struct file_operations rdwr_pipe_fops = {
+static struct file_operations rdwr_pipe_fops = {
        .llseek         = no_llseek,
        .read           = pipe_read,
        .readv          = pipe_readv,
diff --git a/fs/proc/inode.c b/fs/proc/inode.c
index 6573f31f1fd9..075d3e945602 100644
--- a/fs/proc/inode.c
+++ b/fs/proc/inode.c
@@ -204,10 +204,6 @@ int proc_fill_super(struct super_block *s, void *data, int silent)
        root_inode = proc_get_inode(s, PROC_ROOT_INO, &proc_root);
        if (!root_inode)
                goto out_no_root;
-        /*
-         * Fixup the root inode's nlink value
-         */
-        root_inode->i_nlink += nr_processes();
        root_inode->i_uid = 0;
        root_inode->i_gid = 0;
        s->s_root = d_alloc_root(root_inode);
diff --git a/fs/proc/root.c b/fs/proc/root.c
index 68896283c8ae..c3fd3611112f 100644
--- a/fs/proc/root.c
+++ b/fs/proc/root.c
@@ -80,16 +80,16 @@ void __init proc_root_init(void)
        proc_bus = proc_mkdir("bus", NULL);
 }
-static struct dentry *proc_root_lookup(struct inode * dir, struct dentry * dentry, struct nameidata *nd)
+static int proc_root_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat
+)
 {
-        /*
+        generic_fillattr(dentry->d_inode, stat);
-         * nr_threads is actually protected by the tasklist_lock;
+        stat->nlink = proc_root.nlink + nr_processes();
-         * however, it's conventional to do reads, especially for
+        return 0;
-         * reporting, without any locking whatsoever.
+}
-         */
-        if (dir->i_ino == PROC_ROOT_INO) /* check for safety... */
-                dir->i_nlink = proc_root.nlink + nr_threads;
+static struct dentry *proc_root_lookup(struct inode * dir, struct dentry * dentry, struct nameidata *nd)
+{
        if (!proc_lookup(dir, dentry, nd)) {
                return NULL;
        }
@@ -134,6 +134,7 @@ static struct file_operations proc_root_operations = {
 */
 static struct inode_operations proc_root_inode_operations = {
        .lookup         = proc_root_lookup,
+        .getattr        = proc_root_getattr,
 };
 /*
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index 0eaad41f4658..91b7c15ab373 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -204,7 +204,6 @@ static void smaps_pte_range(struct vm_area_struct *vma, pmd_t *pmd,
 {
        pte_t *pte, ptent;
        spinlock_t *ptl;
-        unsigned long pfn;
        struct page *page;
        pte = pte_offset_map_lock(vma->vm_mm, pmd, addr, &ptl);
@@ -214,12 +213,12 @@ static void smaps_pte_range(struct vm_area_struct *vma, pmd_t *pmd,
                        continue;
                mss->resident += PAGE_SIZE;
-                pfn = pte_pfn(ptent);
-                if (!pfn_valid(pfn))
+                page = vm_normal_page(vma, addr, ptent);
+                if (!page)
                        continue;
-                page = pfn_to_page(pfn);
+                if (page_mapcount(page) >= 2) {
-                if (page_count(page) >= 2) {
                        if (pte_dirty(ptent))
                                mss->shared_dirty += PAGE_SIZE;
                        else
@@ -289,7 +288,7 @@ static int show_smap(struct seq_file *m, void *v)
        struct mem_size_stats mss;
        memset(&mss, 0, sizeof mss);
-        if (vma->vm_mm)
+        if (vma->vm_mm && !is_vm_hugetlb_page(vma))
                smaps_pgd_range(vma, vma->vm_start, vma->vm_end, &mss);
        return show_map_internal(m, v, &mss);
 }
diff --git a/fs/ramfs/inode.c b/fs/ramfs/inode.c
index c66bd5e4c05c..14bd2246fb6d 100644
--- a/fs/ramfs/inode.c
+++ b/fs/ramfs/inode.c
@@ -27,6 +27,7 @@
 #include <linux/fs.h>
 #include <linux/pagemap.h>
 #include <linux/highmem.h>
+#include <linux/time.h>
 #include <linux/init.h>
 #include <linux/string.h>
 #include <linux/smp_lock.h>
@@ -104,6 +105,7 @@ ramfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
                d_instantiate(dentry, inode);
                dget(dentry);   /* Extra count - pin the dentry in core */
                error = 0;
+                dir->i_mtime = dir->i_ctime = CURRENT_TIME;
        }
        return error;
 }
@@ -135,6 +137,7 @@ static int ramfs_symlink(struct inode * dir, struct dentry *dentry, const char *
                                inode->i_gid = dir->i_gid;
                        d_instantiate(dentry, inode);
                        dget(dentry);
+                        dir->i_mtime = dir->i_ctime = CURRENT_TIME;
                } else
                        iput(inode);
        }
diff --git a/fs/reiserfs/file.c b/fs/reiserfs/file.c
index f3473176c83a..be12879bb179 100644
--- a/fs/reiserfs/file.c
+++ b/fs/reiserfs/file.c
@@ -1464,13 +1464,11 @@ static ssize_t reiserfs_file_write(struct file *file,	/* the file we are going t
                   partially overwritten pages, if needed. And lock the pages,
                   so that nobody else can access these until we are done.
                   We get number of actual blocks needed as a result. */
-                blocks_to_allocate =
+                res = reiserfs_prepare_file_region_for_write(inode, pos,
-                    reiserfs_prepare_file_region_for_write(inode, pos,
+                                                             num_pages,
-                                                           num_pages,
+                                                             write_bytes,
-                                                           write_bytes,
+                                                             prepared_pages);
-                                                           prepared_pages);
+                if (res < 0) {
-                if (blocks_to_allocate < 0) {
-                        res = blocks_to_allocate;
                        reiserfs_release_claimed_blocks(inode->i_sb,
                                                        num_pages <<
                                                        (PAGE_CACHE_SHIFT -
@@ -1478,6 +1476,8 @@ static ssize_t reiserfs_file_write(struct file *file,	/* the file we are going t
                        break;
                }
+                blocks_to_allocate = res;
                /* First we correct our estimate of how many blocks we need */
                reiserfs_release_claimed_blocks(inode->i_sb,
                                                (num_pages <<
diff --git a/fs/reiserfs/inode.c b/fs/reiserfs/inode.c
index b33d67bba2fd..d60f6238c66a 100644
--- a/fs/reiserfs/inode.c
+++ b/fs/reiserfs/inode.c
@@ -627,11 +627,6 @@ int reiserfs_get_block(struct inode *inode, sector_t block,
        reiserfs_write_lock(inode->i_sb);
        version = get_inode_item_key_version(inode);
-        if (block < 0) {
-                reiserfs_write_unlock(inode->i_sb);
-                return -EIO;
-        }
        if (!file_capable(inode, block)) {
                reiserfs_write_unlock(inode->i_sb);
                return -EFBIG;
@@ -934,12 +929,13 @@ int reiserfs_get_block(struct inode *inode, sector_t block,
                                     //pos_in_item * inode->i_sb->s_blocksize,
                                     TYPE_INDIRECT, 3); // key type is unimportant
+                        RFALSE(cpu_key_k_offset(&tmp_key) > cpu_key_k_offset(&key),
+                               "green-805: invalid offset");
                        blocks_needed =
                            1 +
                            ((cpu_key_k_offset(&key) -
                              cpu_key_k_offset(&tmp_key)) >> inode->i_sb->
                             s_blocksize_bits);
-                        RFALSE(blocks_needed < 0, "green-805: invalid offset");
                        if (blocks_needed == 1) {
                                un = &unf_single;
diff --git a/fs/reiserfs/journal.c b/fs/reiserfs/journal.c
index b7a179560ab4..5a9d2722fa0a 100644
--- a/fs/reiserfs/journal.c
+++ b/fs/reiserfs/journal.c
@@ -2319,8 +2319,7 @@ static int journal_read(struct super_block *p_s_sb)
                return 1;
        }
        jh = (struct reiserfs_journal_header *)(journal->j_header_bh->b_data);
-        if (le32_to_cpu(jh->j_first_unflushed_offset) >= 0 &&
+        if (le32_to_cpu(jh->j_first_unflushed_offset) <
-            le32_to_cpu(jh->j_first_unflushed_offset) <
            SB_ONDISK_JOURNAL_SIZE(p_s_sb)
            && le32_to_cpu(jh->j_last_flush_trans_id) > 0) {
                oldest_start =
diff --git a/fs/reiserfs/namei.c b/fs/reiserfs/namei.c
index c8123308e060..284f7852de8b 100644
--- a/fs/reiserfs/namei.c
+++ b/fs/reiserfs/namei.c
@@ -247,7 +247,7 @@ static int linear_search_in_dir_item(struct cpu_key *key,
                /* mark, that this generation number is used */
                if (de->de_gen_number_bit_string)
                        set_bit(GET_GENERATION_NUMBER(deh_offset(deh)),
-                                (unsigned long *)de->de_gen_number_bit_string);
+                                de->de_gen_number_bit_string);
                // calculate pointer to name and namelen
                de->de_entry_num = i;
@@ -431,7 +431,7 @@ static int reiserfs_add_entry(struct reiserfs_transaction_handle *th,
        struct reiserfs_de_head *deh;
        INITIALIZE_PATH(path);
        struct reiserfs_dir_entry de;
-        int bit_string[MAX_GENERATION_NUMBER / (sizeof(int) * 8) + 1];
+        DECLARE_BITMAP(bit_string, MAX_GENERATION_NUMBER + 1);
        int gen_number;
        char small_buf[32 + DEH_SIZE];  /* 48 bytes now and we avoid kmalloc
                                           if we create file with short name */
@@ -486,7 +486,7 @@ static int reiserfs_add_entry(struct reiserfs_transaction_handle *th,
        /* find the proper place for the new entry */
        memset(bit_string, 0, sizeof(bit_string));
-        de.de_gen_number_bit_string = (char *)bit_string;
+        de.de_gen_number_bit_string = bit_string;
        retval = reiserfs_find_entry(dir, name, namelen, &path, &de);
        if (retval != NAME_NOT_FOUND) {
                if (buffer != small_buf)
@@ -508,7 +508,7 @@ static int reiserfs_add_entry(struct reiserfs_transaction_handle *th,
        }
        gen_number =
-            find_first_zero_bit((unsigned long *)bit_string,
+            find_first_zero_bit(bit_string,
                                MAX_GENERATION_NUMBER + 1);
        if (gen_number > MAX_GENERATION_NUMBER) {
                /* there is no free generation number */
diff --git a/fs/reiserfs/super.c b/fs/reiserfs/super.c
index ef5e5414e7a8..d63da756eb49 100644
--- a/fs/reiserfs/super.c
+++ b/fs/reiserfs/super.c
@@ -1124,8 +1124,6 @@ static void handle_attrs(struct super_block *s)
                                         "reiserfs: cannot support attributes until flag is set in super-block");
                        REISERFS_SB(s)->s_mount_opt &= ~(1 << REISERFS_ATTRS);
                }
-        } else if (le32_to_cpu(rs->s_flags) & reiserfs_attrs_cleared) {
-                REISERFS_SB(s)->s_mount_opt |= (1 << REISERFS_ATTRS);
        }
 }
diff --git a/fs/reiserfs/xattr_acl.c b/fs/reiserfs/xattr_acl.c
index 43de3ba83332..ab8894c3b9e5 100644
--- a/fs/reiserfs/xattr_acl.c
+++ b/fs/reiserfs/xattr_acl.c
@@ -228,7 +228,8 @@ struct posix_acl *reiserfs_get_acl(struct inode *inode, int type)
                acl = ERR_PTR(retval);
        } else {
                acl = posix_acl_from_disk(value, retval);
-                *p_acl = posix_acl_dup(acl);
+                if (!IS_ERR(acl))
+                        *p_acl = posix_acl_dup(acl);
        }
        kfree(value);
diff --git a/fs/select.c b/fs/select.c
index bc60a3e14ef3..1815a57d2255 100644
--- a/fs/select.c
+++ b/fs/select.c
@@ -398,11 +398,15 @@ asmlinkage long sys_select(int n, fd_set __user *inp, fd_set __user *outp,
        ret = core_sys_select(n, inp, outp, exp, &timeout);
        if (tvp) {
+                struct timeval rtv;
                if (current->personality & STICKY_TIMEOUTS)
                        goto sticky;
-                tv.tv_usec = jiffies_to_usecs(do_div((*(u64*)&timeout), HZ));
+                rtv.tv_usec = jiffies_to_usecs(do_div((*(u64*)&timeout), HZ));
-                tv.tv_sec = timeout;
+                rtv.tv_sec = timeout;
-                if (copy_to_user(tvp, &tv, sizeof(tv))) {
+                if (timeval_compare(&rtv, &tv) >= 0)
+                        rtv = tv;
+                if (copy_to_user(tvp, &rtv, sizeof(rtv))) {
 sticky:
                        /*
                         * If an application puts its timeval in read-only
@@ -460,11 +464,16 @@ asmlinkage long sys_pselect7(int n, fd_set __user *inp, fd_set __user *outp,
        ret = core_sys_select(n, inp, outp, exp, &timeout);
        if (tsp) {
+                struct timespec rts;
                if (current->personality & STICKY_TIMEOUTS)
                        goto sticky;
-                ts.tv_nsec = jiffies_to_usecs(do_div((*(u64*)&timeout), HZ)) * 1000;
+                rts.tv_nsec = jiffies_to_usecs(do_div((*(u64*)&timeout), HZ)) *
-                ts.tv_sec = timeout;
+                                                1000;
-                if (copy_to_user(tsp, &ts, sizeof(ts))) {
+                rts.tv_sec = timeout;
+                if (timespec_compare(&rts, &ts) >= 0)
+                        rts = ts;
+                if (copy_to_user(tsp, &rts, sizeof(rts))) {
 sticky:
                        /*
                         * If an application puts its timeval in read-only
@@ -758,12 +767,17 @@ asmlinkage long sys_ppoll(struct pollfd __user *ufds, unsigned int nfds,
                sigprocmask(SIG_SETMASK, &sigsaved, NULL);
        if (tsp && timeout >= 0) {
+                struct timespec rts;
                if (current->personality & STICKY_TIMEOUTS)
                        goto sticky;
                /* Yes, we know it's actually an s64, but it's also positive. */
-                ts.tv_nsec = jiffies_to_usecs(do_div((*(u64*)&timeout), HZ)) * 1000;
+                rts.tv_nsec = jiffies_to_usecs(do_div((*(u64*)&timeout), HZ)) *
-                ts.tv_sec = timeout;
+                                                1000;
-                if (copy_to_user(tsp, &ts, sizeof(ts))) {
+                rts.tv_sec = timeout;
+                if (timespec_compare(&rts, &ts) >= 0)
+                        rts = ts;
+                if (copy_to_user(tsp, &rts, sizeof(rts))) {
                sticky:
                        /*
                         * If an application puts its timeval in read-only
diff --git a/fs/stat.c b/fs/stat.c
index 24211b030f39..9948cc1685a4 100644
--- a/fs/stat.c
+++ b/fs/stat.c
@@ -261,6 +261,7 @@ asmlinkage long sys_newlstat(char __user *filename, struct stat __user *statbuf)
        return error;
 }
+#ifndef __ARCH_WANT_STAT64
 asmlinkage long sys_newfstatat(int dfd, char __user *filename,
                                struct stat __user *statbuf, int flag)
 {
@@ -281,6 +282,7 @@ asmlinkage long sys_newfstatat(int dfd, char __user *filename,
 out:
        return error;
 }
+#endif
 asmlinkage long sys_newfstat(unsigned int fd, struct stat __user *statbuf)
 {
@@ -395,6 +397,26 @@ asmlinkage long sys_fstat64(unsigned long fd, struct stat64 __user * statbuf)
        return error;
 }
+asmlinkage long sys_fstatat64(int dfd, char __user *filename,
+                               struct stat64 __user *statbuf, int flag)
+{
+        struct kstat stat;
+        int error = -EINVAL;
+        if ((flag & ~AT_SYMLINK_NOFOLLOW) != 0)
+                goto out;
+        if (flag & AT_SYMLINK_NOFOLLOW)
+                error = vfs_lstat_fd(dfd, filename, &stat);
+        else
+                error = vfs_stat_fd(dfd, filename, &stat);
+        if (!error)
+                error = cp_new_stat64(&stat, statbuf);
+out:
+        return error;
+}
 #endif /* __ARCH_WANT_STAT64 */
 void inode_add_bytes(struct inode *inode, loff_t bytes)
diff --git a/fs/super.c b/fs/super.c
index 30294218fa63..e20b5580afd5 100644
--- a/fs/super.c
+++ b/fs/super.c
@@ -666,6 +666,16 @@ static int test_bdev_super(struct super_block *s, void *data)
        return (void *)s->s_bdev == data;
 }
+static void bdev_uevent(struct block_device *bdev, enum kobject_action action)
+{
+        if (bdev->bd_disk) {
+                if (bdev->bd_part)
+                        kobject_uevent(&bdev->bd_part->kobj, action);
+                else
+                        kobject_uevent(&bdev->bd_disk->kobj, action);
+        }
+}
 struct super_block *get_sb_bdev(struct file_system_type *fs_type,
        int flags, const char *dev_name, void *data,
        int (*fill_super)(struct super_block *, void *, int))
@@ -707,8 +717,10 @@ struct super_block *get_sb_bdev(struct file_system_type *fs_type,
                        up_write(&s->s_umount);
                        deactivate_super(s);
                        s = ERR_PTR(error);
-                } else
+                } else {
                        s->s_flags |= MS_ACTIVE;
+                        bdev_uevent(bdev, KOBJ_MOUNT);
+                }
        }
        return s;
@@ -724,6 +736,7 @@ void kill_block_super(struct super_block *sb)
 {
        struct block_device *bdev = sb->s_bdev;
+        bdev_uevent(bdev, KOBJ_UMOUNT);
        generic_shutdown_super(sb);
        sync_blockdev(bdev);
        close_bdev_excl(bdev);
diff --git a/fs/udf/inode.c b/fs/udf/inode.c
index 395e582ee542..d04cff2273b6 100644
--- a/fs/udf/inode.c
+++ b/fs/udf/inode.c
@@ -1045,10 +1045,14 @@ static void udf_fill_inode(struct inode *inode, struct buffer_head *bh)
        }
        inode->i_uid = le32_to_cpu(fe->uid);
-        if ( inode->i_uid == -1 ) inode->i_uid = UDF_SB(inode->i_sb)->s_uid;
+        if (inode->i_uid == -1 || UDF_QUERY_FLAG(inode->i_sb,
+                                        UDF_FLAG_UID_IGNORE))
+                inode->i_uid = UDF_SB(inode->i_sb)->s_uid;
        inode->i_gid = le32_to_cpu(fe->gid);
-        if ( inode->i_gid == -1 ) inode->i_gid = UDF_SB(inode->i_sb)->s_gid;
+        if (inode->i_gid == -1 || UDF_QUERY_FLAG(inode->i_sb,
+                                        UDF_FLAG_GID_IGNORE))
+                inode->i_gid = UDF_SB(inode->i_sb)->s_gid;
        inode->i_nlink = le16_to_cpu(fe->fileLinkCount);
        if (!inode->i_nlink)
@@ -1335,10 +1339,14 @@ udf_update_inode(struct inode *inode, int do_sync)
                return err;
        }
-        if (inode->i_uid != UDF_SB(inode->i_sb)->s_uid)
+        if (UDF_QUERY_FLAG(inode->i_sb, UDF_FLAG_UID_FORGET))
+                fe->uid = cpu_to_le32(-1);
+        else if (inode->i_uid != UDF_SB(inode->i_sb)->s_uid)
                fe->uid = cpu_to_le32(inode->i_uid);
-        if (inode->i_gid != UDF_SB(inode->i_sb)->s_gid)
+        if (UDF_QUERY_FLAG(inode->i_sb, UDF_FLAG_GID_FORGET))
+                fe->gid = cpu_to_le32(-1);
+        else if (inode->i_gid != UDF_SB(inode->i_sb)->s_gid)
                fe->gid = cpu_to_le32(inode->i_gid);
        udfperms =      ((inode->i_mode & S_IRWXO)     ) |
diff --git a/fs/udf/super.c b/fs/udf/super.c
index 4a6f49adc609..368d8f81fe54 100644
--- a/fs/udf/super.c
+++ b/fs/udf/super.c
@@ -269,7 +269,7 @@ enum {
        Opt_gid, Opt_uid, Opt_umask, Opt_session, Opt_lastblock,
        Opt_anchor, Opt_volume, Opt_partition, Opt_fileset,
        Opt_rootdir, Opt_utf8, Opt_iocharset,
-        Opt_err
+        Opt_err, Opt_uforget, Opt_uignore, Opt_gforget, Opt_gignore
 };
 static match_table_t tokens = {
@@ -282,6 +282,10 @@ static match_table_t tokens = {
        {Opt_adinicb, "adinicb"},
        {Opt_shortad, "shortad"},
        {Opt_longad, "longad"},
+        {Opt_uforget, "uid=forget"},
+        {Opt_uignore, "uid=ignore"},
+        {Opt_gforget, "gid=forget"},
+        {Opt_gignore, "gid=ignore"},
        {Opt_gid, "gid=%u"},
        {Opt_uid, "uid=%u"},
        {Opt_umask, "umask=%o"},
@@ -414,6 +418,18 @@ udf_parse_options(char *options, struct udf_options *uopt)
                                uopt->flags |= (1 << UDF_FLAG_NLS_MAP);
                                break;
 #endif
+                        case Opt_uignore:
+                                uopt->flags |= (1 << UDF_FLAG_UID_IGNORE);
+                                break;
+                        case Opt_uforget:
+                                uopt->flags |= (1 << UDF_FLAG_UID_FORGET);
+                                break;
+                        case Opt_gignore:
+                            uopt->flags |= (1 << UDF_FLAG_GID_IGNORE);
+                                break;
+                        case Opt_gforget:
+                            uopt->flags |= (1 << UDF_FLAG_GID_FORGET);
+                                break;
                        default:
                                printk(KERN_ERR "udf: bad mount option \"%s\" "
                                                "or missing value\n", p);
diff --git a/fs/udf/udf_sb.h b/fs/udf/udf_sb.h
index 663669810be6..110f8d62616f 100644
--- a/fs/udf/udf_sb.h
+++ b/fs/udf/udf_sb.h
@@ -20,6 +20,10 @@
 #define UDF_FLAG_VARCONV                8
 #define UDF_FLAG_NLS_MAP                9
 #define UDF_FLAG_UTF8                   10
+#define UDF_FLAG_UID_FORGET     11    /* save -1 for uid to disk */
+#define UDF_FLAG_UID_IGNORE     12    /* use sb uid instead of on disk uid */
+#define UDF_FLAG_GID_FORGET     13
+#define UDF_FLAG_GID_IGNORE     14
 #define UDF_PART_FLAG_UNALLOC_BITMAP    0x0001
 #define UDF_PART_FLAG_UNALLOC_TABLE     0x0002
diff --git a/fs/xfs/linux-2.6/xfs_aops.c b/fs/xfs/linux-2.6/xfs_aops.c
index 8f2beec526cf..74d8be87f983 100644
--- a/fs/xfs/linux-2.6/xfs_aops.c
+++ b/fs/xfs/linux-2.6/xfs_aops.c
@@ -540,7 +540,7 @@ xfs_probe_cluster(
        /* First sum forwards in this page */
        do {
-                if (mapped != buffer_mapped(bh))
+                if (!buffer_uptodate(bh) || (mapped != buffer_mapped(bh)))
                        return total;
                total += bh->b_size;
        } while ((bh = bh->b_this_page) != head);
diff --git a/fs/xfs/quota/xfs_qm.c b/fs/xfs/quota/xfs_qm.c
index 53a00fb217fa..7c0e39dc6189 100644
--- a/fs/xfs/quota/xfs_qm.c
+++ b/fs/xfs/quota/xfs_qm.c
@@ -68,6 +68,9 @@ kmem_zone_t	*qm_dqzone;
 kmem_zone_t     *qm_dqtrxzone;
 STATIC kmem_shaker_t    xfs_qm_shaker;
+STATIC cred_t   xfs_zerocr;
+STATIC xfs_inode_t      xfs_zeroino;
 STATIC void     xfs_qm_list_init(xfs_dqlist_t *, char *, int);
 STATIC void     xfs_qm_list_destroy(xfs_dqlist_t *);
@@ -1393,8 +1396,6 @@ xfs_qm_qino_alloc(
        xfs_trans_t     *tp;
        int             error;
        unsigned long   s;
-        cred_t          zerocr;
-        xfs_inode_t     zeroino;
        int             committed;
        tp = xfs_trans_alloc(mp, XFS_TRANS_QM_QINOCREATE);
@@ -1406,11 +1407,9 @@ xfs_qm_qino_alloc(
                xfs_trans_cancel(tp, 0);
                return error;
        }
-        memset(&zerocr, 0, sizeof(zerocr));
-        memset(&zeroino, 0, sizeof(zeroino));
-        if ((error = xfs_dir_ialloc(&tp, &zeroino, S_IFREG, 1, 0,
+        if ((error = xfs_dir_ialloc(&tp, &xfs_zeroino, S_IFREG, 1, 0,
-                                   &zerocr, 0, 1, ip, &committed))) {
+                                   &xfs_zerocr, 0, 1, ip, &committed))) {
                xfs_trans_cancel(tp, XFS_TRANS_RELEASE_LOG_RES |
                                 XFS_TRANS_ABORT);
                return error;
diff --git a/fs/xfs/xfs_rtalloc.c b/fs/xfs/xfs_rtalloc.c
index 06fc061c50fc..5b413946b1c5 100644
--- a/fs/xfs/xfs_rtalloc.c
+++ b/fs/xfs/xfs_rtalloc.c
@@ -130,7 +130,8 @@ xfs_growfs_rt_alloc(
                /*
                 * Lock the inode.
                 */
-                if ((error = xfs_trans_iget(mp, tp, ino, 0, XFS_ILOCK_EXCL, &ip)))
+                if ((error = xfs_trans_iget(mp, tp, ino, 0,
+                                                XFS_ILOCK_EXCL, &ip)))
                        goto error_exit;
                XFS_BMAP_INIT(&flist, &firstblock);
                /*
@@ -170,8 +171,8 @@ xfs_growfs_rt_alloc(
                        /*
                         * Lock the bitmap inode.
                         */
-                        if ((error = xfs_trans_iget(mp, tp, ino, 0, XFS_ILOCK_EXCL,
+                        if ((error = xfs_trans_iget(mp, tp, ino, 0,
-                                        &ip)))
+                                                        XFS_ILOCK_EXCL, &ip)))
                                goto error_exit;
                        /*
                         * Get a buffer for the block.
@@ -2023,8 +2024,8 @@ xfs_growfs_rt(
                /*
                 * Lock out other callers by grabbing the bitmap inode lock.
                 */
-                if ((error = xfs_trans_iget(mp, tp, 0, mp->m_sb.sb_rbmino,
+                if ((error = xfs_trans_iget(mp, tp, mp->m_sb.sb_rbmino, 0,
-                                XFS_ILOCK_EXCL, &ip)))
+                                                XFS_ILOCK_EXCL, &ip)))
                        goto error_exit;
                ASSERT(ip == mp->m_rbmip);
                /*
@@ -2037,8 +2038,8 @@ xfs_growfs_rt(
                /*
                 * Get the summary inode into the transaction.
                 */
-                if ((error = xfs_trans_iget(mp, tp, mp->m_sb.sb_rsumino,
+                if ((error = xfs_trans_iget(mp, tp, mp->m_sb.sb_rsumino, 0,
-                                0, XFS_ILOCK_EXCL, &ip)))
+                                                XFS_ILOCK_EXCL, &ip)))
                        goto error_exit;
                ASSERT(ip == mp->m_rsumip);
                /*
@@ -2158,10 +2159,9 @@ xfs_rtallocate_extent(
        /*
         * Lock out other callers by grabbing the bitmap inode lock.
         */
-        error = xfs_trans_iget(mp, tp, mp->m_sb.sb_rbmino, 0, XFS_ILOCK_EXCL, &ip);
+        if ((error = xfs_trans_iget(mp, tp, mp->m_sb.sb_rbmino, 0,
-        if (error) {
+                                        XFS_ILOCK_EXCL, &ip)))
                return error;
-        }
        sumbp = NULL;
        /*
         * Allocate by size, or near another block, or exactly at some block.
@@ -2221,10 +2221,9 @@ xfs_rtfree_extent(
        /*
         * Synchronize by locking the bitmap inode.
         */
-        error = xfs_trans_iget(mp, tp, mp->m_sb.sb_rbmino, 0, XFS_ILOCK_EXCL, &ip);
+        if ((error = xfs_trans_iget(mp, tp, mp->m_sb.sb_rbmino, 0,
-        if (error) {
+                                        XFS_ILOCK_EXCL, &ip)))
                return error;
-        }
 #if defined(__KERNEL__) && defined(DEBUG)
        /*
         * Check to see that this whole range is currently allocated.
@@ -2365,8 +2364,8 @@ xfs_rtpick_extent(
        __uint64_t      seq;            /* sequence number of file creation */
        __uint64_t      *seqp;          /* pointer to seqno in inode */
-        error = xfs_trans_iget(mp, tp, mp->m_sb.sb_rbmino, 0, XFS_ILOCK_EXCL, &ip);
+        if ((error = xfs_trans_iget(mp, tp, mp->m_sb.sb_rbmino, 0,
-        if (error)
+                                        XFS_ILOCK_EXCL, &ip)))
                return error;
        ASSERT(ip == mp->m_rbmip);
        seqp = (__uint64_t *)&ip->i_d.di_atime;
author	Kumar Gala <galak@kernel.crashing.org>	2006-03-20 12:58:02 -0500
committer	Kumar Gala <galak@kernel.crashing.org>	2006-03-20 12:58:02 -0500
commit	1a02e59a2970f9ed28ab51d3b08624b79e54d848 (patch)
tree	470cce472be3b08c160e0c569648e7228651b12a /fs
parent	ebcff3c773b42bce6182ec16485abca4e53fba97 (diff)
parent	2c276603c3e5ebf38155a9d1fbbda656d52d138e (diff)