28 files changed, 275 insertions, 189 deletions
diff --git a/Makefile b/Makefile
index 975461551531..fa1db9001754 100644
--- a/Makefile
+++ b/Makefile
@@ -1,8 +1,8 @@
 VERSION = 2
 PATCHLEVEL = 6
 SUBLEVEL = 34
-EXTRAVERSION = -rc4
+EXTRAVERSION = -rc5
-NAME = Man-Eating Seals of Antiquity
+NAME = Sheep on Meth
 # *DOCUMENTATION*
 # To see a list of typical targets execute "make help"
diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/include/asm/thread_info_64.h
index 9e2d9447f2ad..4827a3aeac7f 100644
--- a/arch/sparc/include/asm/thread_info_64.h
+++ b/arch/sparc/include/asm/thread_info_64.h
@@ -111,7 +111,7 @@ struct thread_info {
 #define THREAD_SHIFT PAGE_SHIFT
 #endif /* PAGE_SHIFT == 13 */
-#define PREEMPT_ACTIVE          0x4000000
+#define PREEMPT_ACTIVE          0x10000000
 /*
 * macros/functions for gaining access to the thread information structure
diff --git a/arch/sparc/kernel/irq_64.c b/arch/sparc/kernel/irq_64.c
index 454ce3a25273..830d70a3e20b 100644
--- a/arch/sparc/kernel/irq_64.c
+++ b/arch/sparc/kernel/irq_64.c
@@ -22,6 +22,7 @@
 #include <linux/seq_file.h>
 #include <linux/ftrace.h>
 #include <linux/irq.h>
+#include <linux/kmemleak.h>
 #include <asm/ptrace.h>
 #include <asm/processor.h>
@@ -46,6 +47,7 @@
 #include "entry.h"
 #include "cpumap.h"
+#include "kstack.h"
 #define NUM_IVECS       (IMAP_INR + 1)
@@ -712,24 +714,6 @@ void ack_bad_irq(unsigned int virt_irq)
 void *hardirq_stack[NR_CPUS];
 void *softirq_stack[NR_CPUS];
-static __attribute__((always_inline)) void *set_hardirq_stack(void)
-{
-        void *orig_sp, *sp = hardirq_stack[smp_processor_id()];
-        __asm__ __volatile__("mov %%sp, %0" : "=r" (orig_sp));
-        if (orig_sp < sp ||
-            orig_sp > (sp + THREAD_SIZE)) {
-                sp += THREAD_SIZE - 192 - STACK_BIAS;
-                __asm__ __volatile__("mov %0, %%sp" : : "r" (sp));
-        }
-        return orig_sp;
-}
-static __attribute__((always_inline)) void restore_hardirq_stack(void *orig_sp)
-{
-        __asm__ __volatile__("mov %0, %%sp" : : "r" (orig_sp));
-}
 void __irq_entry handler_irq(int irq, struct pt_regs *regs)
 {
        unsigned long pstate, bucket_pa;
diff --git a/arch/sparc/kernel/kstack.h b/arch/sparc/kernel/kstack.h
index 5247283d1c03..53dfb92e09fb 100644
--- a/arch/sparc/kernel/kstack.h
+++ b/arch/sparc/kernel/kstack.h
@@ -61,4 +61,23 @@ check_magic:
 }
+static inline __attribute__((always_inline)) void *set_hardirq_stack(void)
+{
+        void *orig_sp, *sp = hardirq_stack[smp_processor_id()];
+        __asm__ __volatile__("mov %%sp, %0" : "=r" (orig_sp));
+        if (orig_sp < sp ||
+            orig_sp > (sp + THREAD_SIZE)) {
+                sp += THREAD_SIZE - 192 - STACK_BIAS;
+                __asm__ __volatile__("mov %0, %%sp" : : "r" (sp));
+        }
+        return orig_sp;
+}
+static inline __attribute__((always_inline)) void restore_hardirq_stack(void *orig_sp)
+{
+        __asm__ __volatile__("mov %0, %%sp" : : "r" (orig_sp));
+}
 #endif /* _KSTACK_H */
diff --git a/arch/sparc/kernel/nmi.c b/arch/sparc/kernel/nmi.c
index 75a3d1a25356..a4bd7ba74c89 100644
--- a/arch/sparc/kernel/nmi.c
+++ b/arch/sparc/kernel/nmi.c
@@ -23,6 +23,8 @@
 #include <asm/ptrace.h>
 #include <asm/pcr.h>
+#include "kstack.h"
 /* We don't have a real NMI on sparc64, but we can fake one
 * up using profiling counter overflow interrupts and interrupt
 * levels.
@@ -92,6 +94,7 @@ static void die_nmi(const char *str, struct pt_regs *regs, int do_panic)
 notrace __kprobes void perfctr_irq(int irq, struct pt_regs *regs)
 {
        unsigned int sum, touched = 0;
+        void *orig_sp;
        clear_softint(1 << irq);
@@ -99,6 +102,8 @@ notrace __kprobes void perfctr_irq(int irq, struct pt_regs *regs)
        nmi_enter();
+        orig_sp = set_hardirq_stack();
        if (notify_die(DIE_NMI, "nmi", regs, 0,
                       pt_regs_trap_type(regs), SIGINT) == NOTIFY_STOP)
                touched = 1;
@@ -124,6 +129,8 @@ notrace __kprobes void perfctr_irq(int irq, struct pt_regs *regs)
                pcr_ops->write(pcr_enable);
        }
+        restore_hardirq_stack(orig_sp);
        nmi_exit();
 }
diff --git a/arch/sparc/kernel/rtrap_64.S b/arch/sparc/kernel/rtrap_64.S
index 83f1873c6c13..090b9e9ad5e3 100644
--- a/arch/sparc/kernel/rtrap_64.S
+++ b/arch/sparc/kernel/rtrap_64.S
@@ -130,7 +130,17 @@ rtrap_xcall:
                 nop
                call                    trace_hardirqs_on
                 nop
-                wrpr                    %l4, %pil
+                /* Do not actually set the %pil here.  We will do that
+                 * below after we clear PSTATE_IE in the %pstate register.
+                 * If we re-enable interrupts here, we can recurse down
+                 * the hardirq stack potentially endlessly, causing a
+                 * stack overflow.
+                 *
+                 * It is tempting to put this test and trace_hardirqs_on
+                 * call at the 'rt_continue' label, but that will not work
+                 * as that path hits unconditionally and we do not want to
+                 * execute this in NMI return paths, for example.
+                 */
 #endif
 rtrap_no_irq_enable:
                andcc                   %l1, TSTATE_PRIV, %l3
diff --git a/arch/sparc/kernel/unaligned_64.c b/arch/sparc/kernel/unaligned_64.c
index ebce43018c49..c752c4c479bd 100644
--- a/arch/sparc/kernel/unaligned_64.c
+++ b/arch/sparc/kernel/unaligned_64.c
@@ -50,7 +50,7 @@ static inline enum direction decode_direction(unsigned int insn)
 }
 /* 16 = double-word, 8 = extra-word, 4 = word, 2 = half-word */
-static inline int decode_access_size(unsigned int insn)
+static inline int decode_access_size(struct pt_regs *regs, unsigned int insn)
 {
        unsigned int tmp;
@@ -66,7 +66,7 @@ static inline int decode_access_size(unsigned int insn)
                return 2;
        else {
                printk("Impossible unaligned trap. insn=%08x\n", insn);
-                die_if_kernel("Byte sized unaligned access?!?!", current_thread_info()->kregs);
+                die_if_kernel("Byte sized unaligned access?!?!", regs);
                /* GCC should never warn that control reaches the end
                 * of this function without returning a value because
@@ -286,7 +286,7 @@ static void log_unaligned(struct pt_regs *regs)
 asmlinkage void kernel_unaligned_trap(struct pt_regs *regs, unsigned int insn)
 {
        enum direction dir = decode_direction(insn);
-        int size = decode_access_size(insn);
+        int size = decode_access_size(regs, insn);
        int orig_asi, asi;
        current_thread_info()->kern_una_regs = regs;
diff --git a/arch/sparc/lib/mcount.S b/arch/sparc/lib/mcount.S
index 3753e3c6e176..3ad6cbdc2163 100644
--- a/arch/sparc/lib/mcount.S
+++ b/arch/sparc/lib/mcount.S
@@ -34,7 +34,7 @@ mcount:
        cmp             %g1, %g2
        be,pn           %icc, 1f
         mov            %i7, %g3
-        save            %sp, -128, %sp
+        save            %sp, -176, %sp
        mov             %g3, %o1
        jmpl            %g1, %o7
         mov            %i7, %o0
@@ -56,7 +56,7 @@ mcount:
         nop
 5:      mov             %i7, %g2
        mov             %fp, %g3
-        save            %sp, -128, %sp
+        save            %sp, -176, %sp
        mov             %g2, %l0
        ba,pt           %xcc, ftrace_graph_caller
         mov            %g3, %l1
@@ -85,7 +85,7 @@ ftrace_caller:
        lduw            [%g1 + %lo(function_trace_stop)], %g1
        brnz,pn         %g1, ftrace_stub
         mov            %fp, %g3
-        save            %sp, -128, %sp
+        save            %sp, -176, %sp
        mov             %g2, %o1
        mov             %g2, %l0
        mov             %g3, %l1
@@ -120,7 +120,7 @@ ENTRY(ftrace_graph_caller)
 END(ftrace_graph_caller)
 ENTRY(return_to_handler)
-        save            %sp, -128, %sp
+        save            %sp, -176, %sp
        call            ftrace_return_to_handler
         mov            %fp, %o0
        jmpl            %o0 + 8, %g0
diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
index 59b4556a5b92..e790bc1fbfa3 100644
--- a/arch/x86/ia32/ia32entry.S
+++ b/arch/x86/ia32/ia32entry.S
@@ -626,7 +626,7 @@ ia32_sys_call_table:
        .quad stub32_sigreturn
        .quad stub32_clone              /* 120 */
        .quad sys_setdomainname
-        .quad sys_uname
+        .quad sys_newuname
        .quad sys_modify_ldt
        .quad compat_sys_adjtimex
        .quad sys32_mprotect            /* 125 */
diff --git a/arch/x86/kernel/dumpstack.h b/arch/x86/kernel/dumpstack.h
index e39e77168a37..e1a93be4fd44 100644
--- a/arch/x86/kernel/dumpstack.h
+++ b/arch/x86/kernel/dumpstack.h
@@ -14,6 +14,8 @@
 #define get_bp(bp) asm("movq %%rbp, %0" : "=r" (bp) :)
 #endif
+#include <linux/uaccess.h>
 extern void
 show_trace_log_lvl(struct task_struct *task, struct pt_regs *regs,
                unsigned long *stack, unsigned long bp, char *log_lvl);
@@ -42,8 +44,10 @@ static inline unsigned long rewind_frame_pointer(int n)
        get_bp(frame);
 #ifdef CONFIG_FRAME_POINTER
-        while (n--)
+        while (n--) {
-                frame = frame->next_frame;
+                if (probe_kernel_address(&frame->next_frame, frame))
+                        break;
+        }
 #endif
        return (unsigned long)frame;
diff --git a/drivers/char/pcmcia/cm4000_cs.c b/drivers/char/pcmcia/cm4000_cs.c
index c9bc896d68af..90b199f97bec 100644
--- a/drivers/char/pcmcia/cm4000_cs.c
+++ b/drivers/char/pcmcia/cm4000_cs.c
@@ -1026,14 +1026,16 @@ static ssize_t cmm_read(struct file *filp, __user char *buf, size_t count,
        xoutb(0, REG_FLAGS1(iobase));   /* clear detectCMM */
        /* last check before exit */
-        if (!io_detect_cm4000(iobase, dev))
+        if (!io_detect_cm4000(iobase, dev)) {
-                count = -ENODEV;
+                rc = -ENODEV;
+                goto release_io;
+        }
        if (test_bit(IS_INVREV, &dev->flags) && count > 0)
                str_invert_revert(dev->rbuf, count);
        if (copy_to_user(buf, dev->rbuf, count))
-                return -EFAULT;
+                rc = -EFAULT;
 release_io:
        clear_bit(LOCK_IO, &dev->flags);
diff --git a/drivers/gpu/drm/drm_stub.c b/drivers/gpu/drm/drm_stub.c
index b743411d8144..a0c365f2e521 100644
--- a/drivers/gpu/drm/drm_stub.c
+++ b/drivers/gpu/drm/drm_stub.c
@@ -516,8 +516,6 @@ void drm_put_dev(struct drm_device *dev)
        }
        driver = dev->driver;
-        drm_vblank_cleanup(dev);
        drm_lastclose(dev);
        if (drm_core_has_MTRR(dev) && drm_core_has_AGP(dev) &&
@@ -537,6 +535,8 @@ void drm_put_dev(struct drm_device *dev)
                dev->agp = NULL;
        }
+        drm_vblank_cleanup(dev);
        list_for_each_entry_safe(r_list, list_temp, &dev->maplist, head)
                drm_rmmap(dev, r_list->map);
        drm_ht_remove(&dev->map_hash);
diff --git a/drivers/isdn/gigaset/gigaset.h b/drivers/isdn/gigaset/gigaset.h
index d32efb651042..05947f9c1849 100644
--- a/drivers/isdn/gigaset/gigaset.h
+++ b/drivers/isdn/gigaset/gigaset.h
@@ -20,6 +20,7 @@
 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 #include <linux/kernel.h>
+#include <linux/sched.h>
 #include <linux/compiler.h>
 #include <linux/types.h>
 #include <linux/ctype.h>
diff --git a/drivers/pcmcia/cistpl.c b/drivers/pcmcia/cistpl.c
index f230f6543bff..854959cada3a 100644
--- a/drivers/pcmcia/cistpl.c
+++ b/drivers/pcmcia/cistpl.c
@@ -1484,6 +1484,11 @@ int pccard_validate_cis(struct pcmcia_socket *s, unsigned int *info)
        if (!s)
                return -EINVAL;
+        if (s->functions) {
+                WARN_ON(1);
+                return -EINVAL;
+        }
        /* We do not want to validate the CIS cache... */
        mutex_lock(&s->ops_mutex);
        destroy_cis_cache(s);
@@ -1639,7 +1644,7 @@ static ssize_t pccard_show_cis(struct kobject *kobj,
                count = 0;
        else {
                struct pcmcia_socket *s;
-                unsigned int chains;
+                unsigned int chains = 1;
                if (off + count > size)
                        count = size - off;
@@ -1648,7 +1653,7 @@ static ssize_t pccard_show_cis(struct kobject *kobj,
                if (!(s->state & SOCKET_PRESENT))
                        return -ENODEV;
-                if (pccard_validate_cis(s, &chains))
+                if (!s->functions && pccard_validate_cis(s, &chains))
                        return -EIO;
                if (!chains)
                        return -ENODATA;
diff --git a/drivers/pcmcia/db1xxx_ss.c b/drivers/pcmcia/db1xxx_ss.c
index 6206408e196c..2d48196a48cd 100644
--- a/drivers/pcmcia/db1xxx_ss.c
+++ b/drivers/pcmcia/db1xxx_ss.c
@@ -166,8 +166,10 @@ static int db1x_pcmcia_setup_irqs(struct db1x_pcmcia_sock *sock)
                ret = request_irq(sock->insert_irq, db1200_pcmcia_cdirq,
                                  IRQF_DISABLED, "pcmcia_insert", sock);
-                if (ret)
+                if (ret) {
+                        local_irq_restore(flags);
                        goto out1;
+                }
                ret = request_irq(sock->eject_irq, db1200_pcmcia_cdirq,
                                  IRQF_DISABLED, "pcmcia_eject", sock);
diff --git a/drivers/pcmcia/ds.c b/drivers/pcmcia/ds.c
index cb6036d89e59..4014cf8e4a26 100644
--- a/drivers/pcmcia/ds.c
+++ b/drivers/pcmcia/ds.c
@@ -687,12 +687,10 @@ static void pcmcia_requery(struct pcmcia_socket *s)
                        new_funcs = mfc.nfn;
                else
                        new_funcs = 1;
-                if (old_funcs > new_funcs) {
+                if (old_funcs != new_funcs) {
+                        /* we need to re-start */
                        pcmcia_card_remove(s, NULL);
                        pcmcia_card_add(s);
-                } else if (new_funcs > old_funcs) {
-                        s->functions = new_funcs;
-                        pcmcia_device_add(s, 1);
                }
        }
@@ -728,6 +726,8 @@ static int pcmcia_load_firmware(struct pcmcia_device *dev, char * filename)
        struct pcmcia_socket *s = dev->socket;
        const struct firmware *fw;
        int ret = -ENOMEM;
+        cistpl_longlink_mfc_t mfc;
+        int old_funcs, new_funcs = 1;
        if (!filename)
                return -EINVAL;
@@ -750,6 +750,14 @@ static int pcmcia_load_firmware(struct pcmcia_device *dev, char * filename)
                        goto release;
                }
+                /* we need to re-start if the number of functions changed */
+                old_funcs = s->functions;
+                if (!pccard_read_tuple(s, BIND_FN_ALL, CISTPL_LONGLINK_MFC,
+                                        &mfc))
+                        new_funcs = mfc.nfn;
+                if (old_funcs != new_funcs)
+                        ret = -EBUSY;
                /* update information */
                pcmcia_device_query(dev);
@@ -858,10 +866,8 @@ static inline int pcmcia_devmatch(struct pcmcia_device *dev,
        if (did->match_flags & PCMCIA_DEV_ID_MATCH_FAKE_CIS) {
                dev_dbg(&dev->dev, "device needs a fake CIS\n");
                if (!dev->socket->fake_cis)
-                        pcmcia_load_firmware(dev, did->cisfile);
+                        if (pcmcia_load_firmware(dev, did->cisfile))
+                                return 0;
-                if (!dev->socket->fake_cis)
-                        return 0;
        }
        if (did->match_flags & PCMCIA_DEV_ID_MATCH_ANONYMOUS) {
diff --git a/drivers/pcmcia/pcmcia_resource.c b/drivers/pcmcia/pcmcia_resource.c
index caec1dee2a4b..7c3d03bb4f30 100644
--- a/drivers/pcmcia/pcmcia_resource.c
+++ b/drivers/pcmcia/pcmcia_resource.c
@@ -755,12 +755,12 @@ int pcmcia_request_irq(struct pcmcia_device *p_dev, irq_req_t *req)
        else
                printk(KERN_WARNING "pcmcia: Driver needs updating to support IRQ sharing.\n");
-#ifdef CONFIG_PCMCIA_PROBE
+        /* If the interrupt is already assigned, it must be the same */
+        if (s->irq.AssignedIRQ != 0)
-        if (s->irq.AssignedIRQ != 0) {
-                /* If the interrupt is already assigned, it must be the same */
                irq = s->irq.AssignedIRQ;
-        } else {
+#ifdef CONFIG_PCMCIA_PROBE
+        if (!irq) {
                int try;
                u32 mask = s->irq_mask;
                void *data = p_dev; /* something unique to this device */
diff --git a/drivers/pcmcia/rsrc_nonstatic.c b/drivers/pcmcia/rsrc_nonstatic.c
index 559069a80a3b..a6eb7b59ba9f 100644
--- a/drivers/pcmcia/rsrc_nonstatic.c
+++ b/drivers/pcmcia/rsrc_nonstatic.c
@@ -214,7 +214,7 @@ static void do_io_probe(struct pcmcia_socket *s, unsigned int base,
                return;
        }
        for (i = base, most = 0; i < base+num; i += 8) {
-                res = claim_region(NULL, i, 8, IORESOURCE_IO, "PCMCIA ioprobe");
+                res = claim_region(s, i, 8, IORESOURCE_IO, "PCMCIA ioprobe");
                if (!res)
                        continue;
                hole = inb(i);
@@ -231,9 +231,14 @@ static void do_io_probe(struct pcmcia_socket *s, unsigned int base,
        bad = any = 0;
        for (i = base; i < base+num; i += 8) {
-                res = claim_region(NULL, i, 8, IORESOURCE_IO, "PCMCIA ioprobe");
+                res = claim_region(s, i, 8, IORESOURCE_IO, "PCMCIA ioprobe");
-                if (!res)
+                if (!res) {
+                        if (!any)
+                                printk(" excluding");
+                        if (!bad)
+                                bad = any = i;
                        continue;
+                }
                for (j = 0; j < 8; j++)
                        if (inb(i+j) != most)
                                break;
@@ -253,6 +258,7 @@ static void do_io_probe(struct pcmcia_socket *s, unsigned int base,
        }
        if (bad) {
                if ((num > 16) && (bad == base) && (i == base+num)) {
+                        sub_interval(&s_data->io_db, bad, i-bad);
                        printk(" nothing: probe failed.\n");
                        return;
                } else {
@@ -804,7 +810,7 @@ static int adjust_memory(struct pcmcia_socket *s, unsigned int action, unsigned
 static int adjust_io(struct pcmcia_socket *s, unsigned int action, unsigned long start, unsigned long end)
 {
        struct socket_data *data = s->resource_data;
-        unsigned long size = end - start + 1;
+        unsigned long size;
        int ret = 0;
 #if defined(CONFIG_X86)
@@ -814,6 +820,8 @@ static int adjust_io(struct pcmcia_socket *s, unsigned int action, unsigned long
                start = 0x100;
 #endif
+        size = end - start + 1;
        if (end < start)
                return -EINVAL;
diff --git a/drivers/serial/serial_cs.c b/drivers/serial/serial_cs.c
index 175d202ab37e..8cfa5b12ea7a 100644
--- a/drivers/serial/serial_cs.c
+++ b/drivers/serial/serial_cs.c
@@ -105,6 +105,10 @@ struct serial_cfg_mem {
 * manfid 0x0160, 0x0104
 * This card appears to have a 14.7456MHz clock.
 */
+/* Generic Modem: MD55x (GPRS/EDGE) have
+ * Elan VPU16551 UART with 14.7456MHz oscillator
+ * manfid 0x015D, 0x4C45
+ */
 static void quirk_setup_brainboxes_0104(struct pcmcia_device *link, struct uart_port *port)
 {
        port->uartclk = 14745600;
@@ -196,6 +200,11 @@ static const struct serial_quirk quirks[] = {
                .multi  = -1,
                .setup  = quirk_setup_brainboxes_0104,
        }, {
+                .manfid = 0x015D,
+                .prodid = 0x4C45,
+                .multi  = -1,
+                .setup  = quirk_setup_brainboxes_0104,
+        }, {
                .manfid = MANFID_IBM,
                .prodid = ~0,
                .multi  = -1,
diff --git a/fs/afs/mntpt.c b/fs/afs/mntpt.c
index 5e813a816ce4..b3feddc4f7d6 100644
--- a/fs/afs/mntpt.c
+++ b/fs/afs/mntpt.c
@@ -138,9 +138,9 @@ static struct vfsmount *afs_mntpt_do_automount(struct dentry *mntpt)
 {
        struct afs_super_info *super;
        struct vfsmount *mnt;
-        struct page *page = NULL;
+        struct page *page;
        size_t size;
-        char *buf, *devname = NULL, *options = NULL;
+        char *buf, *devname, *options;
        int ret;
        _enter("{%s}", mntpt->d_name.name);
@@ -150,22 +150,22 @@ static struct vfsmount *afs_mntpt_do_automount(struct dentry *mntpt)
        ret = -EINVAL;
        size = mntpt->d_inode->i_size;
        if (size > PAGE_SIZE - 1)
-                goto error;
+                goto error_no_devname;
        ret = -ENOMEM;
        devname = (char *) get_zeroed_page(GFP_KERNEL);
        if (!devname)
-                goto error;
+                goto error_no_devname;
        options = (char *) get_zeroed_page(GFP_KERNEL);
        if (!options)
-                goto error;
+                goto error_no_options;
        /* read the contents of the AFS special symlink */
        page = read_mapping_page(mntpt->d_inode->i_mapping, 0, NULL);
        if (IS_ERR(page)) {
                ret = PTR_ERR(page);
-                goto error;
+                goto error_no_page;
        }
        ret = -EIO;
@@ -196,12 +196,12 @@ static struct vfsmount *afs_mntpt_do_automount(struct dentry *mntpt)
        return mnt;
 error:
-        if (page)
+        page_cache_release(page);
-                page_cache_release(page);
+error_no_page:
-        if (devname)
+        free_page((unsigned long) options);
-                free_page((unsigned long) devname);
+error_no_options:
-        if (options)
+        free_page((unsigned long) devname);
-                free_page((unsigned long) options);
+error_no_devname:
        _leave(" = %d", ret);
        return ERR_PTR(ret);
 }
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index efb2b9400391..1cc087635a5e 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -382,8 +382,8 @@ out:
 static void ecryptfs_lower_offset_for_extent(loff_t *offset, loff_t extent_num,
                                             struct ecryptfs_crypt_stat *crypt_stat)
 {
-        (*offset) = (crypt_stat->num_header_bytes_at_front
+        (*offset) = ecryptfs_lower_header_size(crypt_stat)
-                     + (crypt_stat->extent_size * extent_num));
+                    + (crypt_stat->extent_size * extent_num);
 }
 /**
@@ -835,13 +835,13 @@ void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat)
        set_extent_mask_and_shift(crypt_stat);
        crypt_stat->iv_bytes = ECRYPTFS_DEFAULT_IV_BYTES;
        if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
-                crypt_stat->num_header_bytes_at_front = 0;
+                crypt_stat->metadata_size = ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
        else {
                if (PAGE_CACHE_SIZE <= ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE)
-                        crypt_stat->num_header_bytes_at_front =
+                        crypt_stat->metadata_size =
                                ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
                else
-                        crypt_stat->num_header_bytes_at_front = PAGE_CACHE_SIZE;
+                        crypt_stat->metadata_size = PAGE_CACHE_SIZE;
        }
 }
@@ -1108,9 +1108,9 @@ static void write_ecryptfs_marker(char *page_virt, size_t *written)
        (*written) = MAGIC_ECRYPTFS_MARKER_SIZE_BYTES;
 }
-static void
+void ecryptfs_write_crypt_stat_flags(char *page_virt,
-write_ecryptfs_flags(char *page_virt, struct ecryptfs_crypt_stat *crypt_stat,
+                                     struct ecryptfs_crypt_stat *crypt_stat,
-                     size_t *written)
+                                     size_t *written)
 {
        u32 flags = 0;
        int i;
@@ -1238,8 +1238,7 @@ ecryptfs_write_header_metadata(char *virt,
        header_extent_size = (u32)crypt_stat->extent_size;
        num_header_extents_at_front =
-                (u16)(crypt_stat->num_header_bytes_at_front
+                (u16)(crypt_stat->metadata_size / crypt_stat->extent_size);
-                      / crypt_stat->extent_size);
        put_unaligned_be32(header_extent_size, virt);
        virt += 4;
        put_unaligned_be16(num_header_extents_at_front, virt);
@@ -1292,7 +1291,8 @@ static int ecryptfs_write_headers_virt(char *page_virt, size_t max,
        offset = ECRYPTFS_FILE_SIZE_BYTES;
        write_ecryptfs_marker((page_virt + offset), &written);
        offset += written;
-        write_ecryptfs_flags((page_virt + offset), crypt_stat, &written);
+        ecryptfs_write_crypt_stat_flags((page_virt + offset), crypt_stat,
+                                        &written);
        offset += written;
        ecryptfs_write_header_metadata((page_virt + offset), crypt_stat,
                                       &written);
@@ -1382,7 +1382,7 @@ int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry)
                rc = -EINVAL;
                goto out;
        }
-        virt_len = crypt_stat->num_header_bytes_at_front;
+        virt_len = crypt_stat->metadata_size;
        order = get_order(virt_len);
        /* Released in this function */
        virt = (char *)ecryptfs_get_zeroed_pages(GFP_KERNEL, order);
@@ -1428,16 +1428,15 @@ static int parse_header_metadata(struct ecryptfs_crypt_stat *crypt_stat,
        header_extent_size = get_unaligned_be32(virt);
        virt += sizeof(__be32);
        num_header_extents_at_front = get_unaligned_be16(virt);
-        crypt_stat->num_header_bytes_at_front =
+        crypt_stat->metadata_size = (((size_t)num_header_extents_at_front
-                (((size_t)num_header_extents_at_front
+                                     * (size_t)header_extent_size));
-                  * (size_t)header_extent_size));
        (*bytes_read) = (sizeof(__be32) + sizeof(__be16));
        if ((validate_header_size == ECRYPTFS_VALIDATE_HEADER_SIZE)
-            && (crypt_stat->num_header_bytes_at_front
+            && (crypt_stat->metadata_size
                < ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE)) {
                rc = -EINVAL;
                printk(KERN_WARNING "Invalid header size: [%zd]\n",
-                       crypt_stat->num_header_bytes_at_front);
+                       crypt_stat->metadata_size);
        }
        return rc;
 }
@@ -1452,8 +1451,7 @@ static int parse_header_metadata(struct ecryptfs_crypt_stat *crypt_stat,
 */
 static void set_default_header_data(struct ecryptfs_crypt_stat *crypt_stat)
 {
-        crypt_stat->num_header_bytes_at_front =
+        crypt_stat->metadata_size = ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
-                ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
 }
 /**
@@ -1607,6 +1605,7 @@ int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry)
                                                ecryptfs_dentry,
                                                ECRYPTFS_VALIDATE_HEADER_SIZE);
        if (rc) {
+                memset(page_virt, 0, PAGE_CACHE_SIZE);
                rc = ecryptfs_read_xattr_region(page_virt, ecryptfs_inode);
                if (rc) {
                        printk(KERN_DEBUG "Valid eCryptfs headers not found in "
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index 542f625312f3..bc7115403f38 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -273,7 +273,7 @@ struct ecryptfs_crypt_stat {
        u32 flags;
        unsigned int file_version;
        size_t iv_bytes;
-        size_t num_header_bytes_at_front;
+        size_t metadata_size;
        size_t extent_size; /* Data extent size; default is 4096 */
        size_t key_size;
        size_t extent_shift;
@@ -464,6 +464,14 @@ struct ecryptfs_daemon {
 extern struct mutex ecryptfs_daemon_hash_mux;
+static inline size_t
+ecryptfs_lower_header_size(struct ecryptfs_crypt_stat *crypt_stat)
+{
+        if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
+                return 0;
+        return crypt_stat->metadata_size;
+}
 static inline struct ecryptfs_file_info *
 ecryptfs_file_to_private(struct file *file)
 {
@@ -651,6 +659,9 @@ int ecryptfs_decrypt_page(struct page *page);
 int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry);
 int ecryptfs_read_metadata(struct dentry *ecryptfs_dentry);
 int ecryptfs_new_file_context(struct dentry *ecryptfs_dentry);
+void ecryptfs_write_crypt_stat_flags(char *page_virt,
+                                     struct ecryptfs_crypt_stat *crypt_stat,
+                                     size_t *written);
 int ecryptfs_read_and_validate_header_region(char *data,
                                             struct inode *ecryptfs_inode);
 int ecryptfs_read_and_validate_xattr_region(char *page_virt,
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
index d3362faf3852..e2d4418affac 100644
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
@@ -324,6 +324,7 @@ int ecryptfs_lookup_and_interpose_lower(struct dentry *ecryptfs_dentry,
        rc = ecryptfs_read_and_validate_header_region(page_virt,
                                                      ecryptfs_dentry->d_inode);
        if (rc) {
+                memset(page_virt, 0, PAGE_CACHE_SIZE);
                rc = ecryptfs_read_and_validate_xattr_region(page_virt,
                                                             ecryptfs_dentry);
                if (rc) {
@@ -336,7 +337,7 @@ int ecryptfs_lookup_and_interpose_lower(struct dentry *ecryptfs_dentry,
                ecryptfs_dentry->d_sb)->mount_crypt_stat;
        if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) {
                if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR)
-                        file_size = (crypt_stat->num_header_bytes_at_front
+                        file_size = (crypt_stat->metadata_size
                                     + i_size_read(lower_dentry->d_inode));
                else
                        file_size = i_size_read(lower_dentry->d_inode);
@@ -388,9 +389,9 @@ static struct dentry *ecryptfs_lookup(struct inode *ecryptfs_dir_inode,
        mutex_unlock(&lower_dir_dentry->d_inode->i_mutex);
        if (IS_ERR(lower_dentry)) {
                rc = PTR_ERR(lower_dentry);
-                printk(KERN_ERR "%s: lookup_one_len() returned [%d] on "
+                ecryptfs_printk(KERN_DEBUG, "%s: lookup_one_len() returned "
-                       "lower_dentry = [%s]\n", __func__, rc,
+                                "[%d] on lower_dentry = [%s]\n", __func__, rc,
-                       ecryptfs_dentry->d_name.name);
+                                encrypted_and_encoded_name);
                goto out_d_drop;
        }
        if (lower_dentry->d_inode)
@@ -417,9 +418,9 @@ static struct dentry *ecryptfs_lookup(struct inode *ecryptfs_dir_inode,
        mutex_unlock(&lower_dir_dentry->d_inode->i_mutex);
        if (IS_ERR(lower_dentry)) {
                rc = PTR_ERR(lower_dentry);
-                printk(KERN_ERR "%s: lookup_one_len() returned [%d] on "
+                ecryptfs_printk(KERN_DEBUG, "%s: lookup_one_len() returned "
-                       "lower_dentry = [%s]\n", __func__, rc,
+                                "[%d] on lower_dentry = [%s]\n", __func__, rc,
-                       encrypted_and_encoded_name);
+                                encrypted_and_encoded_name);
                goto out_d_drop;
        }
 lookup_and_interpose:
@@ -456,8 +457,8 @@ static int ecryptfs_link(struct dentry *old_dentry, struct inode *dir,
        rc = ecryptfs_interpose(lower_new_dentry, new_dentry, dir->i_sb, 0);
        if (rc)
                goto out_lock;
-        fsstack_copy_attr_times(dir, lower_new_dentry->d_inode);
+        fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode);
-        fsstack_copy_inode_size(dir, lower_new_dentry->d_inode);
+        fsstack_copy_inode_size(dir, lower_dir_dentry->d_inode);
        old_dentry->d_inode->i_nlink =
                ecryptfs_inode_to_lower(old_dentry->d_inode)->i_nlink;
        i_size_write(new_dentry->d_inode, file_size_save);
@@ -648,38 +649,17 @@ out_lock:
        return rc;
 }
-static int
+static int ecryptfs_readlink_lower(struct dentry *dentry, char **buf,
-ecryptfs_readlink(struct dentry *dentry, char __user *buf, int bufsiz)
+                                   size_t *bufsiz)
 {
+        struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry);
        char *lower_buf;
-        size_t lower_bufsiz;
+        size_t lower_bufsiz = PATH_MAX;
-        struct dentry *lower_dentry;
-        struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
-        char *plaintext_name;
-        size_t plaintext_name_size;
        mm_segment_t old_fs;
        int rc;
-        lower_dentry = ecryptfs_dentry_to_lower(dentry);
-        if (!lower_dentry->d_inode->i_op->readlink) {
-                rc = -EINVAL;
-                goto out;
-        }
-        mount_crypt_stat = &ecryptfs_superblock_to_private(
-                                                dentry->d_sb)->mount_crypt_stat;
-        /*
-         * If the lower filename is encrypted, it will result in a significantly
-         * longer name.  If needed, truncate the name after decode and decrypt.
-         */
-        if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES)
-                lower_bufsiz = PATH_MAX;
-        else
-                lower_bufsiz = bufsiz;
-        /* Released in this function */
        lower_buf = kmalloc(lower_bufsiz, GFP_KERNEL);
-        if (lower_buf == NULL) {
+        if (!lower_buf) {
-                printk(KERN_ERR "%s: Out of memory whilst attempting to "
-                       "kmalloc [%zd] bytes\n", __func__, lower_bufsiz);
                rc = -ENOMEM;
                goto out;
        }
@@ -689,29 +669,31 @@ ecryptfs_readlink(struct dentry *dentry, char __user *buf, int bufsiz)
                                                   (char __user *)lower_buf,
                                                   lower_bufsiz);
        set_fs(old_fs);
-        if (rc >= 0) {
+        if (rc < 0)
-                rc = ecryptfs_decode_and_decrypt_filename(&plaintext_name,
+                goto out;
-                                                          &plaintext_name_size,
+        lower_bufsiz = rc;
-                                                          dentry, lower_buf,
+        rc = ecryptfs_decode_and_decrypt_filename(buf, bufsiz, dentry,
-                                                          rc);
+                                                  lower_buf, lower_bufsiz);
-                if (rc) {
+out:
-                        printk(KERN_ERR "%s: Error attempting to decode and "
-                               "decrypt filename; rc = [%d]\n", __func__,
-                                rc);
-                        goto out_free_lower_buf;
-                }
-                /* Check for bufsiz <= 0 done in sys_readlinkat() */
-                rc = copy_to_user(buf, plaintext_name,
-                                  min((size_t) bufsiz, plaintext_name_size));
-                if (rc)
-                        rc = -EFAULT;
-                else
-                        rc = plaintext_name_size;
-                kfree(plaintext_name);
-                fsstack_copy_attr_atime(dentry->d_inode, lower_dentry->d_inode);
-        }
-out_free_lower_buf:
        kfree(lower_buf);
+        return rc;
+}
+static int
+ecryptfs_readlink(struct dentry *dentry, char __user *buf, int bufsiz)
+{
+        char *kbuf;
+        size_t kbufsiz, copied;
+        int rc;
+        rc = ecryptfs_readlink_lower(dentry, &kbuf, &kbufsiz);
+        if (rc)
+                goto out;
+        copied = min_t(size_t, bufsiz, kbufsiz);
+        rc = copy_to_user(buf, kbuf, copied) ? -EFAULT : copied;
+        kfree(kbuf);
+        fsstack_copy_attr_atime(dentry->d_inode,
+                                ecryptfs_dentry_to_lower(dentry)->d_inode);
 out:
        return rc;
 }
@@ -769,7 +751,7 @@ upper_size_to_lower_size(struct ecryptfs_crypt_stat *crypt_stat,
 {
        loff_t lower_size;
-        lower_size = crypt_stat->num_header_bytes_at_front;
+        lower_size = ecryptfs_lower_header_size(crypt_stat);
        if (upper_size != 0) {
                loff_t num_extents;
@@ -1016,6 +998,28 @@ out:
        return rc;
 }
+int ecryptfs_getattr_link(struct vfsmount *mnt, struct dentry *dentry,
+                          struct kstat *stat)
+{
+        struct ecryptfs_mount_crypt_stat *mount_crypt_stat;
+        int rc = 0;
+        mount_crypt_stat = &ecryptfs_superblock_to_private(
+                                                dentry->d_sb)->mount_crypt_stat;
+        generic_fillattr(dentry->d_inode, stat);
+        if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) {
+                char *target;
+                size_t targetsiz;
+                rc = ecryptfs_readlink_lower(dentry, &target, &targetsiz);
+                if (!rc) {
+                        kfree(target);
+                        stat->size = targetsiz;
+                }
+        }
+        return rc;
+}
 int ecryptfs_getattr(struct vfsmount *mnt, struct dentry *dentry,
                     struct kstat *stat)
 {
@@ -1040,7 +1044,7 @@ ecryptfs_setxattr(struct dentry *dentry, const char *name, const void *value,
        lower_dentry = ecryptfs_dentry_to_lower(dentry);
        if (!lower_dentry->d_inode->i_op->setxattr) {
-                rc = -ENOSYS;
+                rc = -EOPNOTSUPP;
                goto out;
        }
        mutex_lock(&lower_dentry->d_inode->i_mutex);
@@ -1058,7 +1062,7 @@ ecryptfs_getxattr_lower(struct dentry *lower_dentry, const char *name,
        int rc = 0;
        if (!lower_dentry->d_inode->i_op->getxattr) {
-                rc = -ENOSYS;
+                rc = -EOPNOTSUPP;
                goto out;
        }
        mutex_lock(&lower_dentry->d_inode->i_mutex);
@@ -1085,7 +1089,7 @@ ecryptfs_listxattr(struct dentry *dentry, char *list, size_t size)
        lower_dentry = ecryptfs_dentry_to_lower(dentry);
        if (!lower_dentry->d_inode->i_op->listxattr) {
-                rc = -ENOSYS;
+                rc = -EOPNOTSUPP;
                goto out;
        }
        mutex_lock(&lower_dentry->d_inode->i_mutex);
@@ -1102,7 +1106,7 @@ static int ecryptfs_removexattr(struct dentry *dentry, const char *name)
        lower_dentry = ecryptfs_dentry_to_lower(dentry);
        if (!lower_dentry->d_inode->i_op->removexattr) {
-                rc = -ENOSYS;
+                rc = -EOPNOTSUPP;
                goto out;
        }
        mutex_lock(&lower_dentry->d_inode->i_mutex);
@@ -1133,6 +1137,7 @@ const struct inode_operations ecryptfs_symlink_iops = {
        .put_link = ecryptfs_put_link,
        .permission = ecryptfs_permission,
        .setattr = ecryptfs_setattr,
+        .getattr = ecryptfs_getattr_link,
        .setxattr = ecryptfs_setxattr,
        .getxattr = ecryptfs_getxattr,
        .listxattr = ecryptfs_listxattr,
diff --git a/fs/ecryptfs/mmap.c b/fs/ecryptfs/mmap.c
index d491237c98e7..2ee9a3a7b68c 100644
--- a/fs/ecryptfs/mmap.c
+++ b/fs/ecryptfs/mmap.c
@@ -83,6 +83,19 @@ out:
        return rc;
 }
+static void strip_xattr_flag(char *page_virt,
+                             struct ecryptfs_crypt_stat *crypt_stat)
+{
+        if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) {
+                size_t written;
+                crypt_stat->flags &= ~ECRYPTFS_METADATA_IN_XATTR;
+                ecryptfs_write_crypt_stat_flags(page_virt, crypt_stat,
+                                                &written);
+                crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
+        }
+}
 /**
 *   Header Extent:
 *     Octets 0-7:        Unencrypted file size (big-endian)
@@ -98,19 +111,6 @@ out:
 *                        (big-endian)
 *     Octet  26:         Begin RFC 2440 authentication token packet set
 */
-static void set_header_info(char *page_virt,
-                            struct ecryptfs_crypt_stat *crypt_stat)
-{
-        size_t written;
-        size_t save_num_header_bytes_at_front =
-                crypt_stat->num_header_bytes_at_front;
-        crypt_stat->num_header_bytes_at_front =
-                ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE;
-        ecryptfs_write_header_metadata(page_virt + 20, crypt_stat, &written);
-        crypt_stat->num_header_bytes_at_front =
-                save_num_header_bytes_at_front;
-}
 /**
 * ecryptfs_copy_up_encrypted_with_header
@@ -136,8 +136,7 @@ ecryptfs_copy_up_encrypted_with_header(struct page *page,
                                           * num_extents_per_page)
                                          + extent_num_in_page);
                size_t num_header_extents_at_front =
-                        (crypt_stat->num_header_bytes_at_front
+                        (crypt_stat->metadata_size / crypt_stat->extent_size);
-                         / crypt_stat->extent_size);
                if (view_extent_num < num_header_extents_at_front) {
                        /* This is a header extent */
@@ -147,9 +146,14 @@ ecryptfs_copy_up_encrypted_with_header(struct page *page,
                        memset(page_virt, 0, PAGE_CACHE_SIZE);
                        /* TODO: Support more than one header extent */
                        if (view_extent_num == 0) {
+                                size_t written;
                                rc = ecryptfs_read_xattr_region(
                                        page_virt, page->mapping->host);
-                                set_header_info(page_virt, crypt_stat);
+                                strip_xattr_flag(page_virt + 16, crypt_stat);
+                                ecryptfs_write_header_metadata(page_virt + 20,
+                                                               crypt_stat,
+                                                               &written);
                        }
                        kunmap_atomic(page_virt, KM_USER0);
                        flush_dcache_page(page);
@@ -162,7 +166,7 @@ ecryptfs_copy_up_encrypted_with_header(struct page *page,
                        /* This is an encrypted data extent */
                        loff_t lower_offset =
                                ((view_extent_num * crypt_stat->extent_size)
-                                 - crypt_stat->num_header_bytes_at_front);
+                                 - crypt_stat->metadata_size);
                        rc = ecryptfs_read_lower_page_segment(
                                page, (lower_offset >> PAGE_CACHE_SHIFT),
diff --git a/fs/ecryptfs/super.c b/fs/ecryptfs/super.c
index fcef41c1d2cf..278743c7716a 100644
--- a/fs/ecryptfs/super.c
+++ b/fs/ecryptfs/super.c
@@ -86,7 +86,6 @@ static void ecryptfs_destroy_inode(struct inode *inode)
                if (lower_dentry->d_inode) {
                        fput(inode_info->lower_file);
                        inode_info->lower_file = NULL;
-                        d_drop(lower_dentry);
                }
        }
        ecryptfs_destroy_crypt_stat(&inode_info->crypt_stat);
diff --git a/fs/quota/Kconfig b/fs/quota/Kconfig
index dad7fb247ddc..3e21b1e2ad3a 100644
--- a/fs/quota/Kconfig
+++ b/fs/quota/Kconfig
@@ -33,6 +33,14 @@ config PRINT_QUOTA_WARNING
          Note that this behavior is currently deprecated and may go away in
          future. Please use notification via netlink socket instead.
+config QUOTA_DEBUG
+        bool "Additional quota sanity checks"
+        depends on QUOTA
+        default n
+        help
+          If you say Y here, quota subsystem will perform some additional
+          sanity checks of quota internal structures. If unsure, say N.
 # Generic support for tree structured quota files. Selected when needed.
 config QUOTA_TREE
         tristate
diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c
index a0a9405b202a..788b5802a7ce 100644
--- a/fs/quota/dquot.c
+++ b/fs/quota/dquot.c
@@ -80,8 +80,6 @@
 #include <asm/uaccess.h>
-#define __DQUOT_PARANOIA
 /*
 * There are three quota SMP locks. dq_list_lock protects all lists with quotas
 * and quota formats, dqstats structure containing statistics about the lists
@@ -695,7 +693,7 @@ void dqput(struct dquot *dquot)
        if (!dquot)
                return;
-#ifdef __DQUOT_PARANOIA
+#ifdef CONFIG_QUOTA_DEBUG
        if (!atomic_read(&dquot->dq_count)) {
                printk("VFS: dqput: trying to free free dquot\n");
                printk("VFS: device %s, dquot of %s %d\n",
@@ -748,7 +746,7 @@ we_slept:
                goto we_slept;
        }
        atomic_dec(&dquot->dq_count);
-#ifdef __DQUOT_PARANOIA
+#ifdef CONFIG_QUOTA_DEBUG
        /* sanity check */
        BUG_ON(!list_empty(&dquot->dq_free));
 #endif
@@ -845,7 +843,7 @@ we_slept:
                dquot = NULL;
                goto out;
        }
-#ifdef __DQUOT_PARANOIA
+#ifdef CONFIG_QUOTA_DEBUG
        BUG_ON(!dquot->dq_sb);  /* Has somebody invalidated entry under us? */
 #endif
 out:
@@ -874,7 +872,7 @@ static int dqinit_needed(struct inode *inode, int type)
 static void add_dquot_ref(struct super_block *sb, int type)
 {
        struct inode *inode, *old_inode = NULL;
-#ifdef __DQUOT_PARANOIA
+#ifdef CONFIG_QUOTA_DEBUG
        int reserved = 0;
 #endif
@@ -882,7 +880,7 @@ static void add_dquot_ref(struct super_block *sb, int type)
        list_for_each_entry(inode, &sb->s_inodes, i_sb_list) {
                if (inode->i_state & (I_FREEING|I_CLEAR|I_WILL_FREE|I_NEW))
                        continue;
-#ifdef __DQUOT_PARANOIA
+#ifdef CONFIG_QUOTA_DEBUG
                if (unlikely(inode_get_rsv_space(inode) > 0))
                        reserved = 1;
 #endif
@@ -907,7 +905,7 @@ static void add_dquot_ref(struct super_block *sb, int type)
        spin_unlock(&inode_lock);
        iput(old_inode);
-#ifdef __DQUOT_PARANOIA
+#ifdef CONFIG_QUOTA_DEBUG
        if (reserved) {
                printk(KERN_WARNING "VFS (%s): Writes happened before quota"
                        " was turned on thus quota information is probably "
@@ -940,7 +938,7 @@ static int remove_inode_dquot_ref(struct inode *inode, int type,
        inode->i_dquot[type] = NULL;
        if (dquot) {
                if (dqput_blocks(dquot)) {
-#ifdef __DQUOT_PARANOIA
+#ifdef CONFIG_QUOTA_DEBUG
                        if (atomic_read(&dquot->dq_count) != 1)
                                printk(KERN_WARNING "VFS: Adding dquot with dq_count %d to dispose list.\n", atomic_read(&dquot->dq_count));
 #endif
diff --git a/mm/rmap.c b/mm/rmap.c
index 4bad3267537a..526704e8215d 100644
--- a/mm/rmap.c
+++ b/mm/rmap.c
@@ -730,23 +730,28 @@ void page_move_anon_rmap(struct page *page,
 * @page:       the page to add the mapping to
 * @vma:        the vm area in which the mapping is added
 * @address:    the user virtual address mapped
+ * @exclusive:  the page is exclusively owned by the current process
 */
 static void __page_set_anon_rmap(struct page *page,
-        struct vm_area_struct *vma, unsigned long address)
+        struct vm_area_struct *vma, unsigned long address, int exclusive)
 {
-        struct anon_vma_chain *avc;
+        struct anon_vma *anon_vma = vma->anon_vma;
-        struct anon_vma *anon_vma;
-        BUG_ON(!vma->anon_vma);
+        BUG_ON(!anon_vma);
        /*
-         * We must use the _oldest_ possible anon_vma for the page mapping!
+         * If the page isn't exclusively mapped into this vma,
+         * we must use the _oldest_ possible anon_vma for the
+         * page mapping!
         *
-         * So take the last AVC chain entry in the vma, which is the deepest
+         * So take the last AVC chain entry in the vma, which is
-         * ancestor, and use the anon_vma from that.
+         * the deepest ancestor, and use the anon_vma from that.
         */
-        avc = list_entry(vma->anon_vma_chain.prev, struct anon_vma_chain, same_vma);
+        if (!exclusive) {
-        anon_vma = avc->anon_vma;
+                struct anon_vma_chain *avc;
+                avc = list_entry(vma->anon_vma_chain.prev, struct anon_vma_chain, same_vma);
+                anon_vma = avc->anon_vma;
+        }
        anon_vma = (void *) anon_vma + PAGE_MAPPING_ANON;
        page->mapping = (struct address_space *) anon_vma;
@@ -802,7 +807,7 @@ void page_add_anon_rmap(struct page *page,
        VM_BUG_ON(!PageLocked(page));
        VM_BUG_ON(address < vma->vm_start || address >= vma->vm_end);
        if (first)
-                __page_set_anon_rmap(page, vma, address);
+                __page_set_anon_rmap(page, vma, address, 0);
        else
                __page_check_anon_rmap(page, vma, address);
 }
@@ -824,7 +829,7 @@ void page_add_new_anon_rmap(struct page *page,
        SetPageSwapBacked(page);
        atomic_set(&page->_mapcount, 0); /* increment count (starts at -1) */
        __inc_zone_page_state(page, NR_ANON_PAGES);
-        __page_set_anon_rmap(page, vma, address);
+        __page_set_anon_rmap(page, vma, address, 1);
        if (page_evictable(page, vma))
                lru_cache_add_lru(page, LRU_ACTIVE_ANON);
        else