79 files changed, 3225 insertions, 1541 deletions
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index b7c1603cd4bd..7c1e65d54872 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -501,22 +501,22 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
                }
        }
-        /*
+        if (last_bss > elf_bss) {
-         * Now fill out the bss section.  First pad the last page up
+                /*
-         * to the page boundary, and then perform a mmap to make sure
+                 * Now fill out the bss section.  First pad the last page up
-         * that there are zero-mapped pages up to and including the 
+                 * to the page boundary, and then perform a mmap to make sure
-         * last bss page.
+                 * that there are zero-mapped pages up to and including the
-         */
+                 * last bss page.
-        if (padzero(elf_bss)) {
+                 */
-                error = -EFAULT;
+                if (padzero(elf_bss)) {
-                goto out_close;
+                        error = -EFAULT;
-        }
+                        goto out_close;
+                }
-        /* What we have mapped so far */
+                /* What we have mapped so far */
-        elf_bss = ELF_PAGESTART(elf_bss + ELF_MIN_ALIGN - 1);
+                elf_bss = ELF_PAGESTART(elf_bss + ELF_MIN_ALIGN - 1);
-        /* Map the last of the bss segment */
+                /* Map the last of the bss segment */
-        if (last_bss > elf_bss) {
                down_write(&current->mm->mmap_sem);
                error = do_brk(elf_bss, last_bss - elf_bss);
                up_write(&current->mm->mmap_sem);
diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
index e83be2e4602c..15831d5c7367 100644
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -1352,6 +1352,7 @@ static int setup_bdi(struct btrfs_fs_info *info, struct backing_dev_info *bdi)
 {
        int err;
+        bdi->name = "btrfs";
        bdi->capabilities = BDI_CAP_MAP_COPY;
        err = bdi_init(bdi);
        if (err)
diff --git a/fs/buffer.c b/fs/buffer.c
index 28f320fac4d4..90a98865b0cc 100644
--- a/fs/buffer.c
+++ b/fs/buffer.c
@@ -281,7 +281,7 @@ static void free_more_memory(void)
        struct zone *zone;
        int nid;
-        wakeup_pdflush(1024);
+        wakeup_flusher_threads(1024);
        yield();
        for_each_online_node(nid) {
diff --git a/fs/char_dev.c b/fs/char_dev.c
index a173551e19d7..3cbc57f932d2 100644
--- a/fs/char_dev.c
+++ b/fs/char_dev.c
@@ -31,6 +31,7 @@
 * - no readahead or I/O queue unplugging required
 */
 struct backing_dev_info directly_mappable_cdev_bdi = {
+        .name = "char",
        .capabilities   = (
 #ifdef CONFIG_MMU
                /* permit private copies of the data to be taken */
@@ -237,8 +238,10 @@ int alloc_chrdev_region(dev_t *dev, unsigned baseminor, unsigned count,
 }
 /**
- * register_chrdev() - Register a major number for character devices.
+ * __register_chrdev() - create and register a cdev occupying a range of minors
 * @major: major device number or 0 for dynamic allocation
+ * @baseminor: first of the requested range of minor numbers
+ * @count: the number of minor numbers required
 * @name: name of this range of devices
 * @fops: file operations associated with this devices
 *
@@ -254,19 +257,17 @@ int alloc_chrdev_region(dev_t *dev, unsigned baseminor, unsigned count,
 * /dev. It only helps to keep track of the different owners of devices. If
 * your module name has only one type of devices it's ok to use e.g. the name
 * of the module here.
- *
- * This function registers a range of 256 minor numbers. The first minor number
- * is 0.
 */
-int register_chrdev(unsigned int major, const char *name,
+int __register_chrdev(unsigned int major, unsigned int baseminor,
-                    const struct file_operations *fops)
+                      unsigned int count, const char *name,
+                      const struct file_operations *fops)
 {
        struct char_device_struct *cd;
        struct cdev *cdev;
        char *s;
        int err = -ENOMEM;
-        cd = __register_chrdev_region(major, 0, 256, name);
+        cd = __register_chrdev_region(major, baseminor, count, name);
        if (IS_ERR(cd))
                return PTR_ERR(cd);
        
@@ -280,7 +281,7 @@ int register_chrdev(unsigned int major, const char *name,
        for (s = strchr(kobject_name(&cdev->kobj),'/'); s; s = strchr(s, '/'))
                *s = '!';
                
-        err = cdev_add(cdev, MKDEV(cd->major, 0), 256);
+        err = cdev_add(cdev, MKDEV(cd->major, baseminor), count);
        if (err)
                goto out;
@@ -290,7 +291,7 @@ int register_chrdev(unsigned int major, const char *name,
 out:
        kobject_put(&cdev->kobj);
 out2:
-        kfree(__unregister_chrdev_region(cd->major, 0, 256));
+        kfree(__unregister_chrdev_region(cd->major, baseminor, count));
        return err;
 }
@@ -316,10 +317,23 @@ void unregister_chrdev_region(dev_t from, unsigned count)
        }
 }
-void unregister_chrdev(unsigned int major, const char *name)
+/**
+ * __unregister_chrdev - unregister and destroy a cdev
+ * @major: major device number
+ * @baseminor: first of the range of minor numbers
+ * @count: the number of minor numbers this cdev is occupying
+ * @name: name of this range of devices
+ *
+ * Unregister and destroy the cdev occupying the region described by
+ * @major, @baseminor and @count.  This function undoes what
+ * __register_chrdev() did.
+ */
+void __unregister_chrdev(unsigned int major, unsigned int baseminor,
+                         unsigned int count, const char *name)
 {
        struct char_device_struct *cd;
-        cd = __unregister_chrdev_region(major, 0, 256);
+        cd = __unregister_chrdev_region(major, baseminor, count);
        if (cd && cd->cdev)
                cdev_del(cd->cdev);
        kfree(cd);
@@ -568,6 +582,6 @@ EXPORT_SYMBOL(cdev_alloc);
 EXPORT_SYMBOL(cdev_del);
 EXPORT_SYMBOL(cdev_add);
 EXPORT_SYMBOL(cdev_index);
-EXPORT_SYMBOL(register_chrdev);
+EXPORT_SYMBOL(__register_chrdev);
-EXPORT_SYMBOL(unregister_chrdev);
+EXPORT_SYMBOL(__unregister_chrdev);
 EXPORT_SYMBOL(directly_mappable_cdev_bdi);
diff --git a/fs/compat.c b/fs/compat.c
index 94502dab972a..6d6f98fe64a0 100644
--- a/fs/compat.c
+++ b/fs/compat.c
@@ -1485,20 +1485,15 @@ int compat_do_execve(char * filename,
        if (!bprm)
                goto out_files;
-        retval = -ERESTARTNOINTR;
+        retval = prepare_bprm_creds(bprm);
-        if (mutex_lock_interruptible(&current->cred_guard_mutex))
+        if (retval)
                goto out_free;
-        current->in_execve = 1;
-        retval = -ENOMEM;
-        bprm->cred = prepare_exec_creds();
-        if (!bprm->cred)
-                goto out_unlock;
        retval = check_unsafe_exec(bprm);
        if (retval < 0)
-                goto out_unlock;
+                goto out_free;
        clear_in_exec = retval;
+        current->in_execve = 1;
        file = open_exec(filename);
        retval = PTR_ERR(file);
@@ -1547,7 +1542,6 @@ int compat_do_execve(char * filename,
        /* execve succeeded */
        current->fs->in_exec = 0;
        current->in_execve = 0;
-        mutex_unlock(&current->cred_guard_mutex);
        acct_update_integrals(current);
        free_bprm(bprm);
        if (displaced)
@@ -1567,10 +1561,7 @@ out_file:
 out_unmark:
        if (clear_in_exec)
                current->fs->in_exec = 0;
-out_unlock:
        current->in_execve = 0;
-        mutex_unlock(&current->cred_guard_mutex);
 out_free:
        free_bprm(bprm);
diff --git a/fs/configfs/inode.c b/fs/configfs/inode.c
index 4921e7426d95..a2f746066c5d 100644
--- a/fs/configfs/inode.c
+++ b/fs/configfs/inode.c
@@ -51,6 +51,7 @@ static const struct address_space_operations configfs_aops = {
 };
 static struct backing_dev_info configfs_backing_dev_info = {
+        .name           = "configfs",
        .ra_pages       = 0,    /* No readahead */
        .capabilities   = BDI_CAP_NO_ACCT_AND_WRITEBACK,
 };
diff --git a/fs/dcache.c b/fs/dcache.c
index 9e5cd3c3a6ba..a100fa35a48f 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -32,6 +32,7 @@
 #include <linux/swap.h>
 #include <linux/bootmem.h>
 #include <linux/fs_struct.h>
+#include <linux/hardirq.h>
 #include "internal.h"
 int sysctl_vfs_cache_pressure __read_mostly = 100;
diff --git a/fs/exec.c b/fs/exec.c
index fb4f3cdda78c..172ceb6edde4 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1016,6 +1016,35 @@ out:
 EXPORT_SYMBOL(flush_old_exec);
 /*
+ * Prepare credentials and lock ->cred_guard_mutex.
+ * install_exec_creds() commits the new creds and drops the lock.
+ * Or, if exec fails before, free_bprm() should release ->cred and
+ * and unlock.
+ */
+int prepare_bprm_creds(struct linux_binprm *bprm)
+{
+        if (mutex_lock_interruptible(&current->cred_guard_mutex))
+                return -ERESTARTNOINTR;
+        bprm->cred = prepare_exec_creds();
+        if (likely(bprm->cred))
+                return 0;
+        mutex_unlock(&current->cred_guard_mutex);
+        return -ENOMEM;
+}
+void free_bprm(struct linux_binprm *bprm)
+{
+        free_arg_pages(bprm);
+        if (bprm->cred) {
+                mutex_unlock(&current->cred_guard_mutex);
+                abort_creds(bprm->cred);
+        }
+        kfree(bprm);
+}
+/*
 * install the new credentials for this executable
 */
 void install_exec_creds(struct linux_binprm *bprm)
@@ -1024,12 +1053,13 @@ void install_exec_creds(struct linux_binprm *bprm)
        commit_creds(bprm->cred);
        bprm->cred = NULL;
+        /*
-        /* cred_guard_mutex must be held at least to this point to prevent
+         * cred_guard_mutex must be held at least to this point to prevent
         * ptrace_attach() from altering our determination of the task's
-         * credentials; any time after this it may be unlocked */
+         * credentials; any time after this it may be unlocked.
+         */
        security_bprm_committed_creds(bprm);
+        mutex_unlock(&current->cred_guard_mutex);
 }
 EXPORT_SYMBOL(install_exec_creds);
@@ -1246,14 +1276,6 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs)
 EXPORT_SYMBOL(search_binary_handler);
-void free_bprm(struct linux_binprm *bprm)
-{
-        free_arg_pages(bprm);
-        if (bprm->cred)
-                abort_creds(bprm->cred);
-        kfree(bprm);
-}
 /*
 * sys_execve() executes a new program.
 */
@@ -1277,20 +1299,15 @@ int do_execve(char * filename,
        if (!bprm)
                goto out_files;
-        retval = -ERESTARTNOINTR;
+        retval = prepare_bprm_creds(bprm);
-        if (mutex_lock_interruptible(&current->cred_guard_mutex))
+        if (retval)
                goto out_free;
-        current->in_execve = 1;
-        retval = -ENOMEM;
-        bprm->cred = prepare_exec_creds();
-        if (!bprm->cred)
-                goto out_unlock;
        retval = check_unsafe_exec(bprm);
        if (retval < 0)
-                goto out_unlock;
+                goto out_free;
        clear_in_exec = retval;
+        current->in_execve = 1;
        file = open_exec(filename);
        retval = PTR_ERR(file);
@@ -1340,7 +1357,6 @@ int do_execve(char * filename,
        /* execve succeeded */
        current->fs->in_exec = 0;
        current->in_execve = 0;
-        mutex_unlock(&current->cred_guard_mutex);
        acct_update_integrals(current);
        free_bprm(bprm);
        if (displaced)
@@ -1360,10 +1376,7 @@ out_file:
 out_unmark:
        if (clear_in_exec)
                current->fs->in_exec = 0;
-out_unlock:
        current->in_execve = 0;
-        mutex_unlock(&current->cred_guard_mutex);
 out_free:
        free_bprm(bprm);
diff --git a/fs/ext2/acl.c b/fs/ext2/acl.c
index d636e1297cad..a63d44256a70 100644
--- a/fs/ext2/acl.c
+++ b/fs/ext2/acl.c
@@ -230,7 +230,7 @@ ext2_set_acl(struct inode *inode, int type, struct posix_acl *acl)
        return error;
 }
-static int
+int
 ext2_check_acl(struct inode *inode, int mask)
 {
        struct posix_acl *acl = ext2_get_acl(inode, ACL_TYPE_ACCESS);
@@ -246,12 +246,6 @@ ext2_check_acl(struct inode *inode, int mask)
        return -EAGAIN;
 }
-int
-ext2_permission(struct inode *inode, int mask)
-{
-        return generic_permission(inode, mask, ext2_check_acl);
-}
 /*
 * Initialize the ACLs of a new inode. Called from ext2_new_inode.
 *
diff --git a/fs/ext2/acl.h b/fs/ext2/acl.h
index ecefe478898f..3ff6cbb9ac44 100644
--- a/fs/ext2/acl.h
+++ b/fs/ext2/acl.h
@@ -54,13 +54,13 @@ static inline int ext2_acl_count(size_t size)
 #ifdef CONFIG_EXT2_FS_POSIX_ACL
 /* acl.c */
-extern int ext2_permission (struct inode *, int);
+extern int ext2_check_acl (struct inode *, int);
 extern int ext2_acl_chmod (struct inode *);
 extern int ext2_init_acl (struct inode *, struct inode *);
 #else
 #include <linux/sched.h>
-#define ext2_permission NULL
+#define ext2_check_acl  NULL
 #define ext2_get_acl    NULL
 #define ext2_set_acl    NULL
diff --git a/fs/ext2/file.c b/fs/ext2/file.c
index 2b9e47dc9222..a2f3afd1a1c1 100644
--- a/fs/ext2/file.c
+++ b/fs/ext2/file.c
@@ -85,6 +85,6 @@ const struct inode_operations ext2_file_inode_operations = {
        .removexattr    = generic_removexattr,
 #endif
        .setattr        = ext2_setattr,
-        .permission     = ext2_permission,
+        .check_acl      = ext2_check_acl,
        .fiemap         = ext2_fiemap,
 };
diff --git a/fs/ext2/namei.c b/fs/ext2/namei.c
index e1dedb0f7873..23701f289e98 100644
--- a/fs/ext2/namei.c
+++ b/fs/ext2/namei.c
@@ -362,6 +362,10 @@ static int ext2_rename (struct inode * old_dir, struct dentry * old_dentry,
        if (dir_de) {
                if (old_dir != new_dir)
                        ext2_set_link(old_inode, dir_de, dir_page, new_dir, 0);
+                else {
+                        kunmap(dir_page);
+                        page_cache_release(dir_page);
+                }
                inode_dec_link_count(old_dir);
        }
        return 0;
@@ -396,7 +400,7 @@ const struct inode_operations ext2_dir_inode_operations = {
        .removexattr    = generic_removexattr,
 #endif
        .setattr        = ext2_setattr,
-        .permission     = ext2_permission,
+        .check_acl      = ext2_check_acl,
 };
 const struct inode_operations ext2_special_inode_operations = {
@@ -407,5 +411,5 @@ const struct inode_operations ext2_special_inode_operations = {
        .removexattr    = generic_removexattr,
 #endif
        .setattr        = ext2_setattr,
-        .permission     = ext2_permission,
+        .check_acl      = ext2_check_acl,
 };
diff --git a/fs/ext3/acl.c b/fs/ext3/acl.c
index e167bae37ef0..c9b0df376b5f 100644
--- a/fs/ext3/acl.c
+++ b/fs/ext3/acl.c
@@ -238,7 +238,7 @@ ext3_set_acl(handle_t *handle, struct inode *inode, int type,
        return error;
 }
-static int
+int
 ext3_check_acl(struct inode *inode, int mask)
 {
        struct posix_acl *acl = ext3_get_acl(inode, ACL_TYPE_ACCESS);
@@ -254,12 +254,6 @@ ext3_check_acl(struct inode *inode, int mask)
        return -EAGAIN;
 }
-int
-ext3_permission(struct inode *inode, int mask)
-{
-        return generic_permission(inode, mask, ext3_check_acl);
-}
 /*
 * Initialize the ACLs of a new inode. Called from ext3_new_inode.
 *
diff --git a/fs/ext3/acl.h b/fs/ext3/acl.h
index 07d15a3a5969..597334626de9 100644
--- a/fs/ext3/acl.h
+++ b/fs/ext3/acl.h
@@ -54,13 +54,13 @@ static inline int ext3_acl_count(size_t size)
 #ifdef CONFIG_EXT3_FS_POSIX_ACL
 /* acl.c */
-extern int ext3_permission (struct inode *, int);
+extern int ext3_check_acl (struct inode *, int);
 extern int ext3_acl_chmod (struct inode *);
 extern int ext3_init_acl (handle_t *, struct inode *, struct inode *);
 #else  /* CONFIG_EXT3_FS_POSIX_ACL */
 #include <linux/sched.h>
-#define ext3_permission NULL
+#define ext3_check_acl NULL
 static inline int
 ext3_acl_chmod(struct inode *inode)
diff --git a/fs/ext3/file.c b/fs/ext3/file.c
index 5b49704b231b..299253214789 100644
--- a/fs/ext3/file.c
+++ b/fs/ext3/file.c
@@ -137,7 +137,7 @@ const struct inode_operations ext3_file_inode_operations = {
        .listxattr      = ext3_listxattr,
        .removexattr    = generic_removexattr,
 #endif
-        .permission     = ext3_permission,
+        .check_acl      = ext3_check_acl,
        .fiemap         = ext3_fiemap,
 };
diff --git a/fs/ext3/namei.c b/fs/ext3/namei.c
index 6ff7b9730234..aad6400c9b77 100644
--- a/fs/ext3/namei.c
+++ b/fs/ext3/namei.c
@@ -2445,7 +2445,7 @@ const struct inode_operations ext3_dir_inode_operations = {
        .listxattr      = ext3_listxattr,
        .removexattr    = generic_removexattr,
 #endif
-        .permission     = ext3_permission,
+        .check_acl      = ext3_check_acl,
 };
 const struct inode_operations ext3_special_inode_operations = {
@@ -2456,5 +2456,5 @@ const struct inode_operations ext3_special_inode_operations = {
        .listxattr      = ext3_listxattr,
        .removexattr    = generic_removexattr,
 #endif
-        .permission     = ext3_permission,
+        .check_acl      = ext3_check_acl,
 };
diff --git a/fs/ext4/acl.c b/fs/ext4/acl.c
index f6d8967149ca..0df88b2a69b0 100644
--- a/fs/ext4/acl.c
+++ b/fs/ext4/acl.c
@@ -236,7 +236,7 @@ ext4_set_acl(handle_t *handle, struct inode *inode, int type,
        return error;
 }
-static int
+int
 ext4_check_acl(struct inode *inode, int mask)
 {
        struct posix_acl *acl = ext4_get_acl(inode, ACL_TYPE_ACCESS);
@@ -252,12 +252,6 @@ ext4_check_acl(struct inode *inode, int mask)
        return -EAGAIN;
 }
-int
-ext4_permission(struct inode *inode, int mask)
-{
-        return generic_permission(inode, mask, ext4_check_acl);
-}
 /*
 * Initialize the ACLs of a new inode. Called from ext4_new_inode.
 *
diff --git a/fs/ext4/acl.h b/fs/ext4/acl.h
index 949789d2bba6..9d843d5deac4 100644
--- a/fs/ext4/acl.h
+++ b/fs/ext4/acl.h
@@ -54,13 +54,13 @@ static inline int ext4_acl_count(size_t size)
 #ifdef CONFIG_EXT4_FS_POSIX_ACL
 /* acl.c */
-extern int ext4_permission(struct inode *, int);
+extern int ext4_check_acl(struct inode *, int);
 extern int ext4_acl_chmod(struct inode *);
 extern int ext4_init_acl(handle_t *, struct inode *, struct inode *);
 #else  /* CONFIG_EXT4_FS_POSIX_ACL */
 #include <linux/sched.h>
-#define ext4_permission NULL
+#define ext4_check_acl NULL
 static inline int
 ext4_acl_chmod(struct inode *inode)
diff --git a/fs/ext4/file.c b/fs/ext4/file.c
index 3f1873fef1c6..27f3c5354c0e 100644
--- a/fs/ext4/file.c
+++ b/fs/ext4/file.c
@@ -207,7 +207,7 @@ const struct inode_operations ext4_file_inode_operations = {
        .listxattr      = ext4_listxattr,
        .removexattr    = generic_removexattr,
 #endif
-        .permission     = ext4_permission,
+        .check_acl      = ext4_check_acl,
        .fallocate      = ext4_fallocate,
        .fiemap         = ext4_fiemap,
 };
diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
index de04013d16ff..114abe5d2c1d 100644
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -2536,7 +2536,7 @@ const struct inode_operations ext4_dir_inode_operations = {
        .listxattr      = ext4_listxattr,
        .removexattr    = generic_removexattr,
 #endif
-        .permission     = ext4_permission,
+        .check_acl      = ext4_check_acl,
        .fiemap         = ext4_fiemap,
 };
@@ -2548,5 +2548,5 @@ const struct inode_operations ext4_special_inode_operations = {
        .listxattr      = ext4_listxattr,
        .removexattr    = generic_removexattr,
 #endif
-        .permission     = ext4_permission,
+        .check_acl      = ext4_check_acl,
 };
diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c
index c54226be5294..da86ef58e427 100644
--- a/fs/fs-writeback.c
+++ b/fs/fs-writeback.c
@@ -19,171 +19,223 @@
 #include <linux/sched.h>
 #include <linux/fs.h>
 #include <linux/mm.h>
+#include <linux/kthread.h>
+#include <linux/freezer.h>
 #include <linux/writeback.h>
 #include <linux/blkdev.h>
 #include <linux/backing-dev.h>
 #include <linux/buffer_head.h>
 #include "internal.h"
+#define inode_to_bdi(inode)     ((inode)->i_mapping->backing_dev_info)
-/**
+/*
- * writeback_acquire - attempt to get exclusive writeback access to a device
+ * We don't actually have pdflush, but this one is exported though /proc...
- * @bdi: the device's backing_dev_info structure
- *
- * It is a waste of resources to have more than one pdflush thread blocked on
- * a single request queue.  Exclusion at the request_queue level is obtained
- * via a flag in the request_queue's backing_dev_info.state.
- *
- * Non-request_queue-backed address_spaces will share default_backing_dev_info,
- * unless they implement their own.  Which is somewhat inefficient, as this
- * may prevent concurrent writeback against multiple devices.
 */
-static int writeback_acquire(struct backing_dev_info *bdi)
+int nr_pdflush_threads;
+/*
+ * Work items for the bdi_writeback threads
+ */
+struct bdi_work {
+        struct list_head list;
+        struct list_head wait_list;
+        struct rcu_head rcu_head;
+        unsigned long seen;
+        atomic_t pending;
+        struct super_block *sb;
+        unsigned long nr_pages;
+        enum writeback_sync_modes sync_mode;
+        unsigned long state;
+};
+enum {
+        WS_USED_B = 0,
+        WS_ONSTACK_B,
+};
+#define WS_USED (1 << WS_USED_B)
+#define WS_ONSTACK (1 << WS_ONSTACK_B)
+static inline bool bdi_work_on_stack(struct bdi_work *work)
 {
-        return !test_and_set_bit(BDI_pdflush, &bdi->state);
+        return test_bit(WS_ONSTACK_B, &work->state);
+}
+static inline void bdi_work_init(struct bdi_work *work,
+                                 struct writeback_control *wbc)
+{
+        INIT_RCU_HEAD(&work->rcu_head);
+        work->sb = wbc->sb;
+        work->nr_pages = wbc->nr_to_write;
+        work->sync_mode = wbc->sync_mode;
+        work->state = WS_USED;
+}
+static inline void bdi_work_init_on_stack(struct bdi_work *work,
+                                          struct writeback_control *wbc)
+{
+        bdi_work_init(work, wbc);
+        work->state |= WS_ONSTACK;
 }
 /**
 * writeback_in_progress - determine whether there is writeback in progress
 * @bdi: the device's backing_dev_info structure.
 *
- * Determine whether there is writeback in progress against a backing device.
+ * Determine whether there is writeback waiting to be handled against a
+ * backing device.
 */
 int writeback_in_progress(struct backing_dev_info *bdi)
 {
-        return test_bit(BDI_pdflush, &bdi->state);
+        return !list_empty(&bdi->work_list);
 }
-/**
+static void bdi_work_clear(struct bdi_work *work)
- * writeback_release - relinquish exclusive writeback access against a device.
- * @bdi: the device's backing_dev_info structure
- */
-static void writeback_release(struct backing_dev_info *bdi)
 {
-        BUG_ON(!writeback_in_progress(bdi));
+        clear_bit(WS_USED_B, &work->state);
-        clear_bit(BDI_pdflush, &bdi->state);
+        smp_mb__after_clear_bit();
+        wake_up_bit(&work->state, WS_USED_B);
 }
-static noinline void block_dump___mark_inode_dirty(struct inode *inode)
+static void bdi_work_free(struct rcu_head *head)
 {
-        if (inode->i_ino || strcmp(inode->i_sb->s_id, "bdev")) {
+        struct bdi_work *work = container_of(head, struct bdi_work, rcu_head);
-                struct dentry *dentry;
-                const char *name = "?";
-                dentry = d_find_alias(inode);
+        if (!bdi_work_on_stack(work))
-                if (dentry) {
+                kfree(work);
-                        spin_lock(&dentry->d_lock);
+        else
-                        name = (const char *) dentry->d_name.name;
+                bdi_work_clear(work);
-                }
-                printk(KERN_DEBUG
-                       "%s(%d): dirtied inode %lu (%s) on %s\n",
-                       current->comm, task_pid_nr(current), inode->i_ino,
-                       name, inode->i_sb->s_id);
-                if (dentry) {
-                        spin_unlock(&dentry->d_lock);
-                        dput(dentry);
-                }
-        }
 }
-/**
+static void wb_work_complete(struct bdi_work *work)
- *      __mark_inode_dirty -    internal function
- *      @inode: inode to mark
- *      @flags: what kind of dirty (i.e. I_DIRTY_SYNC)
- *      Mark an inode as dirty. Callers should use mark_inode_dirty or
- *      mark_inode_dirty_sync.
- *
- * Put the inode on the super block's dirty list.
- *
- * CAREFUL! We mark it dirty unconditionally, but move it onto the
- * dirty list only if it is hashed or if it refers to a blockdev.
- * If it was not hashed, it will never be added to the dirty list
- * even if it is later hashed, as it will have been marked dirty already.
- *
- * In short, make sure you hash any inodes _before_ you start marking
- * them dirty.
- *
- * This function *must* be atomic for the I_DIRTY_PAGES case -
- * set_page_dirty() is called under spinlock in several places.
- *
- * Note that for blockdevs, inode->dirtied_when represents the dirtying time of
- * the block-special inode (/dev/hda1) itself.  And the ->dirtied_when field of
- * the kernel-internal blockdev inode represents the dirtying time of the
- * blockdev's pages.  This is why for I_DIRTY_PAGES we always use
- * page->mapping->host, so the page-dirtying time is recorded in the internal
- * blockdev inode.
- */
-void __mark_inode_dirty(struct inode *inode, int flags)
 {
-        struct super_block *sb = inode->i_sb;
+        const enum writeback_sync_modes sync_mode = work->sync_mode;
        /*
-         * Don't do this for I_DIRTY_PAGES - that doesn't actually
+         * For allocated work, we can clear the done/seen bit right here.
-         * dirty the inode itself
+         * For on-stack work, we need to postpone both the clear and free
+         * to after the RCU grace period, since the stack could be invalidated
+         * as soon as bdi_work_clear() has done the wakeup.
         */
-        if (flags & (I_DIRTY_SYNC | I_DIRTY_DATASYNC)) {
+        if (!bdi_work_on_stack(work))
-                if (sb->s_op->dirty_inode)
+                bdi_work_clear(work);
-                        sb->s_op->dirty_inode(inode);
+        if (sync_mode == WB_SYNC_NONE || bdi_work_on_stack(work))
-        }
+                call_rcu(&work->rcu_head, bdi_work_free);
+}
+static void wb_clear_pending(struct bdi_writeback *wb, struct bdi_work *work)
+{
        /*
-         * make sure that changes are seen by all cpus before we test i_state
+         * The caller has retrieved the work arguments from this work,
-         * -- mikulas
+         * drop our reference. If this is the last ref, delete and free it
         */
-        smp_mb();
+        if (atomic_dec_and_test(&work->pending)) {
+                struct backing_dev_info *bdi = wb->bdi;
-        /* avoid the locking if we can */
+                spin_lock(&bdi->wb_lock);
-        if ((inode->i_state & flags) == flags)
+                list_del_rcu(&work->list);
-                return;
+                spin_unlock(&bdi->wb_lock);
-        if (unlikely(block_dump))
+                wb_work_complete(work);
-                block_dump___mark_inode_dirty(inode);
+        }
+}
-        spin_lock(&inode_lock);
-        if ((inode->i_state & flags) != flags) {
-                const int was_dirty = inode->i_state & I_DIRTY;
-                inode->i_state |= flags;
+static void bdi_queue_work(struct backing_dev_info *bdi, struct bdi_work *work)
+{
+        if (work) {
+                work->seen = bdi->wb_mask;
+                BUG_ON(!work->seen);
+                atomic_set(&work->pending, bdi->wb_cnt);
+                BUG_ON(!bdi->wb_cnt);
                /*
-                 * If the inode is being synced, just update its dirty state.
+                 * Make sure stores are seen before it appears on the list
-                 * The unlocker will place the inode on the appropriate
-                 * superblock list, based upon its state.
                 */
-                if (inode->i_state & I_SYNC)
+                smp_mb();
-                        goto out;
-                /*
+                spin_lock(&bdi->wb_lock);
-                 * Only add valid (hashed) inodes to the superblock's
+                list_add_tail_rcu(&work->list, &bdi->work_list);
-                 * dirty list.  Add blockdev inodes as well.
+                spin_unlock(&bdi->wb_lock);
-                 */
+        }
-                if (!S_ISBLK(inode->i_mode)) {
-                        if (hlist_unhashed(&inode->i_hash))
+        /*
-                                goto out;
+         * If the default thread isn't there, make sure we add it. When
-                }
+         * it gets created and wakes up, we'll run this work.
-                if (inode->i_state & (I_FREEING|I_CLEAR))
+         */
-                        goto out;
+        if (unlikely(list_empty_careful(&bdi->wb_list)))
+                wake_up_process(default_backing_dev_info.wb.task);
+        else {
+                struct bdi_writeback *wb = &bdi->wb;
                /*
-                 * If the inode was already on s_dirty/s_io/s_more_io, don't
+                 * If we failed allocating the bdi work item, wake up the wb
-                 * reposition it (that would break s_dirty time-ordering).
+                 * thread always. As a safety precaution, it'll flush out
+                 * everything
                 */
-                if (!was_dirty) {
+                if (!wb_has_dirty_io(wb)) {
-                        inode->dirtied_when = jiffies;
+                        if (work)
-                        list_move(&inode->i_list, &sb->s_dirty);
+                                wb_clear_pending(wb, work);
-                }
+                } else if (wb->task)
+                        wake_up_process(wb->task);
        }
-out:
-        spin_unlock(&inode_lock);
 }
-EXPORT_SYMBOL(__mark_inode_dirty);
+/*
+ * Used for on-stack allocated work items. The caller needs to wait until
+ * the wb threads have acked the work before it's safe to continue.
+ */
+static void bdi_wait_on_work_clear(struct bdi_work *work)
+{
+        wait_on_bit(&work->state, WS_USED_B, bdi_sched_wait,
+                    TASK_UNINTERRUPTIBLE);
+}
-static int write_inode(struct inode *inode, int sync)
+static struct bdi_work *bdi_alloc_work(struct writeback_control *wbc)
 {
-        if (inode->i_sb->s_op->write_inode && !is_bad_inode(inode))
+        struct bdi_work *work;
-                return inode->i_sb->s_op->write_inode(inode, sync);
-        return 0;
+        work = kmalloc(sizeof(*work), GFP_ATOMIC);
+        if (work)
+                bdi_work_init(work, wbc);
+        return work;
+}
+void bdi_start_writeback(struct writeback_control *wbc)
+{
+        const bool must_wait = wbc->sync_mode == WB_SYNC_ALL;
+        struct bdi_work work_stack, *work = NULL;
+        if (!must_wait)
+                work = bdi_alloc_work(wbc);
+        if (!work) {
+                work = &work_stack;
+                bdi_work_init_on_stack(work, wbc);
+        }
+        bdi_queue_work(wbc->bdi, work);
+        /*
+         * If the sync mode is WB_SYNC_ALL, block waiting for the work to
+         * complete. If not, we only need to wait for the work to be started,
+         * if we allocated it on-stack. We use the same mechanism, if the
+         * wait bit is set in the bdi_work struct, then threads will not
+         * clear pending until after they are done.
+         *
+         * Note that work == &work_stack if must_wait is true, so we don't
+         * need to do call_rcu() here ever, since the completion path will
+         * have done that for us.
+         */
+        if (must_wait || work == &work_stack) {
+                bdi_wait_on_work_clear(work);
+                if (work != &work_stack)
+                        call_rcu(&work->rcu_head, bdi_work_free);
+        }
 }
 /*
@@ -191,31 +243,32 @@ static int write_inode(struct inode *inode, int sync)
 * furthest end of its superblock's dirty-inode list.
 *
 * Before stamping the inode's ->dirtied_when, we check to see whether it is
- * already the most-recently-dirtied inode on the s_dirty list.  If that is
+ * already the most-recently-dirtied inode on the b_dirty list.  If that is
 * the case then the inode must have been redirtied while it was being written
 * out and we don't reset its dirtied_when.
 */
 static void redirty_tail(struct inode *inode)
 {
-        struct super_block *sb = inode->i_sb;
+        struct bdi_writeback *wb = &inode_to_bdi(inode)->wb;
-        if (!list_empty(&sb->s_dirty)) {
+        if (!list_empty(&wb->b_dirty)) {
-                struct inode *tail_inode;
+                struct inode *tail;
-                tail_inode = list_entry(sb->s_dirty.next, struct inode, i_list);
+                tail = list_entry(wb->b_dirty.next, struct inode, i_list);
-                if (time_before(inode->dirtied_when,
+                if (time_before(inode->dirtied_when, tail->dirtied_when))
-                                tail_inode->dirtied_when))
                        inode->dirtied_when = jiffies;
        }
-        list_move(&inode->i_list, &sb->s_dirty);
+        list_move(&inode->i_list, &wb->b_dirty);
 }
 /*
- * requeue inode for re-scanning after sb->s_io list is exhausted.
+ * requeue inode for re-scanning after bdi->b_io list is exhausted.
 */
 static void requeue_io(struct inode *inode)
 {
-        list_move(&inode->i_list, &inode->i_sb->s_more_io);
+        struct bdi_writeback *wb = &inode_to_bdi(inode)->wb;
+        list_move(&inode->i_list, &wb->b_more_io);
 }
 static void inode_sync_complete(struct inode *inode)
@@ -262,20 +315,18 @@ static void move_expired_inodes(struct list_head *delaying_queue,
 /*
 * Queue all expired dirty inodes for io, eldest first.
 */
-static void queue_io(struct super_block *sb,
+static void queue_io(struct bdi_writeback *wb, unsigned long *older_than_this)
-                                unsigned long *older_than_this)
 {
-        list_splice_init(&sb->s_more_io, sb->s_io.prev);
+        list_splice_init(&wb->b_more_io, wb->b_io.prev);
-        move_expired_inodes(&sb->s_dirty, &sb->s_io, older_than_this);
+        move_expired_inodes(&wb->b_dirty, &wb->b_io, older_than_this);
 }
-int sb_has_dirty_inodes(struct super_block *sb)
+static int write_inode(struct inode *inode, int sync)
 {
-        return !list_empty(&sb->s_dirty) ||
+        if (inode->i_sb->s_op->write_inode && !is_bad_inode(inode))
-               !list_empty(&sb->s_io) ||
+                return inode->i_sb->s_op->write_inode(inode, sync);
-               !list_empty(&sb->s_more_io);
+        return 0;
 }
-EXPORT_SYMBOL(sb_has_dirty_inodes);
 /*
 * Wait for writeback on an inode to complete.
@@ -322,11 +373,11 @@ writeback_single_inode(struct inode *inode, struct writeback_control *wbc)
        if (inode->i_state & I_SYNC) {
                /*
                 * If this inode is locked for writeback and we are not doing
-                 * writeback-for-data-integrity, move it to s_more_io so that
+                 * writeback-for-data-integrity, move it to b_more_io so that
                 * writeback can proceed with the other inodes on s_io.
                 *
                 * We'll have another go at writing back this inode when we
-                 * completed a full scan of s_io.
+                 * completed a full scan of b_io.
                 */
                if (!wait) {
                        requeue_io(inode);
@@ -371,11 +422,11 @@ writeback_single_inode(struct inode *inode, struct writeback_control *wbc)
                        /*
                         * We didn't write back all the pages.  nfs_writepages()
                         * sometimes bales out without doing anything. Redirty
-                         * the inode; Move it from s_io onto s_more_io/s_dirty.
+                         * the inode; Move it from b_io onto b_more_io/b_dirty.
                         */
                        /*
                         * akpm: if the caller was the kupdate function we put
-                         * this inode at the head of s_dirty so it gets first
+                         * this inode at the head of b_dirty so it gets first
                         * consideration.  Otherwise, move it to the tail, for
                         * the reasons described there.  I'm not really sure
                         * how much sense this makes.  Presumably I had a good
@@ -385,7 +436,7 @@ writeback_single_inode(struct inode *inode, struct writeback_control *wbc)
                        if (wbc->for_kupdate) {
                                /*
                                 * For the kupdate function we move the inode
-                                 * to s_more_io so it will get more writeout as
+                                 * to b_more_io so it will get more writeout as
                                 * soon as the queue becomes uncongested.
                                 */
                                inode->i_state |= I_DIRTY_PAGES;
@@ -434,50 +485,84 @@ writeback_single_inode(struct inode *inode, struct writeback_control *wbc)
 }
 /*
- * Write out a superblock's list of dirty inodes.  A wait will be performed
+ * For WB_SYNC_NONE writeback, the caller does not have the sb pinned
- * upon no inodes, all inodes or the final one, depending upon sync_mode.
+ * before calling writeback. So make sure that we do pin it, so it doesn't
- *
+ * go away while we are writing inodes from it.
- * If older_than_this is non-NULL, then only write out inodes which
- * had their first dirtying at a time earlier than *older_than_this.
- *
- * If we're a pdflush thread, then implement pdflush collision avoidance
- * against the entire list.
 *
- * If `bdi' is non-zero then we're being asked to writeback a specific queue.
+ * Returns 0 if the super was successfully pinned (or pinning wasn't needed),
- * This function assumes that the blockdev superblock's inodes are backed by
+ * 1 if we failed.
- * a variety of queues, so all inodes are searched.  For other superblocks,
- * assume that all inodes are backed by the same queue.
- *
- * FIXME: this linear search could get expensive with many fileystems.  But
- * how to fix?  We need to go from an address_space to all inodes which share
- * a queue with that address_space.  (Easy: have a global "dirty superblocks"
- * list).
- *
- * The inodes to be written are parked on sb->s_io.  They are moved back onto
- * sb->s_dirty as they are selected for writing.  This way, none can be missed
- * on the writer throttling path, and we get decent balancing between many
- * throttled threads: we don't want them all piling up on inode_sync_wait.
 */
-void generic_sync_sb_inodes(struct super_block *sb,
+static int pin_sb_for_writeback(struct writeback_control *wbc,
+                                   struct inode *inode)
+{
+        struct super_block *sb = inode->i_sb;
+        /*
+         * Caller must already hold the ref for this
+         */
+        if (wbc->sync_mode == WB_SYNC_ALL) {
+                WARN_ON(!rwsem_is_locked(&sb->s_umount));
+                return 0;
+        }
+        spin_lock(&sb_lock);
+        sb->s_count++;
+        if (down_read_trylock(&sb->s_umount)) {
+                if (sb->s_root) {
+                        spin_unlock(&sb_lock);
+                        return 0;
+                }
+                /*
+                 * umounted, drop rwsem again and fall through to failure
+                 */
+                up_read(&sb->s_umount);
+        }
+        sb->s_count--;
+        spin_unlock(&sb_lock);
+        return 1;
+}
+static void unpin_sb_for_writeback(struct writeback_control *wbc,
+                                   struct inode *inode)
+{
+        struct super_block *sb = inode->i_sb;
+        if (wbc->sync_mode == WB_SYNC_ALL)
+                return;
+        up_read(&sb->s_umount);
+        put_super(sb);
+}
+static void writeback_inodes_wb(struct bdi_writeback *wb,
                                struct writeback_control *wbc)
 {
+        struct super_block *sb = wbc->sb;
+        const int is_blkdev_sb = sb_is_blkdev_sb(sb);
        const unsigned long start = jiffies;    /* livelock avoidance */
-        int sync = wbc->sync_mode == WB_SYNC_ALL;
        spin_lock(&inode_lock);
-        if (!wbc->for_kupdate || list_empty(&sb->s_io))
-                queue_io(sb, wbc->older_than_this);
-        while (!list_empty(&sb->s_io)) {
+        if (!wbc->for_kupdate || list_empty(&wb->b_io))
-                struct inode *inode = list_entry(sb->s_io.prev,
+                queue_io(wb, wbc->older_than_this);
+        while (!list_empty(&wb->b_io)) {
+                struct inode *inode = list_entry(wb->b_io.prev,
                                                struct inode, i_list);
-                struct address_space *mapping = inode->i_mapping;
-                struct backing_dev_info *bdi = mapping->backing_dev_info;
                long pages_skipped;
-                if (!bdi_cap_writeback_dirty(bdi)) {
+                /*
+                 * super block given and doesn't match, skip this inode
+                 */
+                if (sb && sb != inode->i_sb) {
+                        redirty_tail(inode);
+                        continue;
+                }
+                if (!bdi_cap_writeback_dirty(wb->bdi)) {
                        redirty_tail(inode);
-                        if (sb_is_blkdev_sb(sb)) {
+                        if (is_blkdev_sb) {
                                /*
                                 * Dirty memory-backed blockdev: the ramdisk
                                 * driver does this.  Skip just this inode
@@ -497,21 +582,14 @@ void generic_sync_sb_inodes(struct super_block *sb,
                        continue;
                }
-                if (wbc->nonblocking && bdi_write_congested(bdi)) {
+                if (wbc->nonblocking && bdi_write_congested(wb->bdi)) {
                        wbc->encountered_congestion = 1;
-                        if (!sb_is_blkdev_sb(sb))
+                        if (!is_blkdev_sb)
                                break;          /* Skip a congested fs */
                        requeue_io(inode);
                        continue;               /* Skip a congested blockdev */
                }
-                if (wbc->bdi && bdi != wbc->bdi) {
-                        if (!sb_is_blkdev_sb(sb))
-                                break;          /* fs has the wrong queue */
-                        requeue_io(inode);
-                        continue;               /* blockdev has wrong queue */
-                }
                /*
                 * Was this inode dirtied after sync_sb_inodes was called?
                 * This keeps sync from extra jobs and livelock.
@@ -519,16 +597,16 @@ void generic_sync_sb_inodes(struct super_block *sb,
                if (inode_dirtied_after(inode, start))
                        break;
-                /* Is another pdflush already flushing this queue? */
+                if (pin_sb_for_writeback(wbc, inode)) {
-                if (current_is_pdflush() && !writeback_acquire(bdi))
+                        requeue_io(inode);
-                        break;
+                        continue;
+                }
                BUG_ON(inode->i_state & (I_FREEING | I_CLEAR));
                __iget(inode);
                pages_skipped = wbc->pages_skipped;
                writeback_single_inode(inode, wbc);
-                if (current_is_pdflush())
+                unpin_sb_for_writeback(wbc, inode);
-                        writeback_release(bdi);
                if (wbc->pages_skipped != pages_skipped) {
                        /*
                         * writeback is not making progress due to locked
@@ -544,144 +622,571 @@ void generic_sync_sb_inodes(struct super_block *sb,
                        wbc->more_io = 1;
                        break;
                }
-                if (!list_empty(&sb->s_more_io))
+                if (!list_empty(&wb->b_more_io))
                        wbc->more_io = 1;
        }
-        if (sync) {
+        spin_unlock(&inode_lock);
-                struct inode *inode, *old_inode = NULL;
+        /* Leave any unwritten inodes on b_io */
+}
+void writeback_inodes_wbc(struct writeback_control *wbc)
+{
+        struct backing_dev_info *bdi = wbc->bdi;
+        writeback_inodes_wb(&bdi->wb, wbc);
+}
+/*
+ * The maximum number of pages to writeout in a single bdi flush/kupdate
+ * operation.  We do this so we don't hold I_SYNC against an inode for
+ * enormous amounts of time, which would block a userspace task which has
+ * been forced to throttle against that inode.  Also, the code reevaluates
+ * the dirty each time it has written this many pages.
+ */
+#define MAX_WRITEBACK_PAGES     1024
+static inline bool over_bground_thresh(void)
+{
+        unsigned long background_thresh, dirty_thresh;
+        get_dirty_limits(&background_thresh, &dirty_thresh, NULL, NULL);
+        return (global_page_state(NR_FILE_DIRTY) +
+                global_page_state(NR_UNSTABLE_NFS) >= background_thresh);
+}
+/*
+ * Explicit flushing or periodic writeback of "old" data.
+ *
+ * Define "old": the first time one of an inode's pages is dirtied, we mark the
+ * dirtying-time in the inode's address_space.  So this periodic writeback code
+ * just walks the superblock inode list, writing back any inodes which are
+ * older than a specific point in time.
+ *
+ * Try to run once per dirty_writeback_interval.  But if a writeback event
+ * takes longer than a dirty_writeback_interval interval, then leave a
+ * one-second gap.
+ *
+ * older_than_this takes precedence over nr_to_write.  So we'll only write back
+ * all dirty pages if they are all attached to "old" mappings.
+ */
+static long wb_writeback(struct bdi_writeback *wb, long nr_pages,
+                         struct super_block *sb,
+                         enum writeback_sync_modes sync_mode, int for_kupdate)
+{
+        struct writeback_control wbc = {
+                .bdi                    = wb->bdi,
+                .sb                     = sb,
+                .sync_mode              = sync_mode,
+                .older_than_this        = NULL,
+                .for_kupdate            = for_kupdate,
+                .range_cyclic           = 1,
+        };
+        unsigned long oldest_jif;
+        long wrote = 0;
+        if (wbc.for_kupdate) {
+                wbc.older_than_this = &oldest_jif;
+                oldest_jif = jiffies -
+                                msecs_to_jiffies(dirty_expire_interval * 10);
+        }
+        for (;;) {
                /*
-                 * Data integrity sync. Must wait for all pages under writeback,
+                 * Don't flush anything for non-integrity writeback where
-                 * because there may have been pages dirtied before our sync
+                 * no nr_pages was given
-                 * call, but which had writeout started before we write it out.
-                 * In which case, the inode may not be on the dirty list, but
-                 * we still have to wait for that writeout.
                 */
-                list_for_each_entry(inode, &sb->s_inodes, i_sb_list) {
+                if (!for_kupdate && nr_pages <= 0 && sync_mode == WB_SYNC_NONE)
-                        struct address_space *mapping;
+                        break;
-                        if (inode->i_state &
+                /*
-                                        (I_FREEING|I_CLEAR|I_WILL_FREE|I_NEW))
+                 * If no specific pages were given and this is just a
-                                continue;
+                 * periodic background writeout and we are below the
-                        mapping = inode->i_mapping;
+                 * background dirty threshold, don't do anything
-                        if (mapping->nrpages == 0)
+                 */
+                if (for_kupdate && nr_pages <= 0 && !over_bground_thresh())
+                        break;
+                wbc.more_io = 0;
+                wbc.encountered_congestion = 0;
+                wbc.nr_to_write = MAX_WRITEBACK_PAGES;
+                wbc.pages_skipped = 0;
+                writeback_inodes_wb(wb, &wbc);
+                nr_pages -= MAX_WRITEBACK_PAGES - wbc.nr_to_write;
+                wrote += MAX_WRITEBACK_PAGES - wbc.nr_to_write;
+                /*
+                 * If we ran out of stuff to write, bail unless more_io got set
+                 */
+                if (wbc.nr_to_write > 0 || wbc.pages_skipped > 0) {
+                        if (wbc.more_io && !wbc.for_kupdate)
                                continue;
-                        __iget(inode);
+                        break;
-                        spin_unlock(&inode_lock);
+                }
+        }
+        return wrote;
+}
+/*
+ * Return the next bdi_work struct that hasn't been processed by this
+ * wb thread yet
+ */
+static struct bdi_work *get_next_work_item(struct backing_dev_info *bdi,
+                                           struct bdi_writeback *wb)
+{
+        struct bdi_work *work, *ret = NULL;
+        rcu_read_lock();
+        list_for_each_entry_rcu(work, &bdi->work_list, list) {
+                if (!test_and_clear_bit(wb->nr, &work->seen))
+                        continue;
+                ret = work;
+                break;
+        }
+        rcu_read_unlock();
+        return ret;
+}
+static long wb_check_old_data_flush(struct bdi_writeback *wb)
+{
+        unsigned long expired;
+        long nr_pages;
+        expired = wb->last_old_flush +
+                        msecs_to_jiffies(dirty_writeback_interval * 10);
+        if (time_before(jiffies, expired))
+                return 0;
+        wb->last_old_flush = jiffies;
+        nr_pages = global_page_state(NR_FILE_DIRTY) +
+                        global_page_state(NR_UNSTABLE_NFS) +
+                        (inodes_stat.nr_inodes - inodes_stat.nr_unused);
+        if (nr_pages)
+                return wb_writeback(wb, nr_pages, NULL, WB_SYNC_NONE, 1);
+        return 0;
+}
+/*
+ * Retrieve work items and do the writeback they describe
+ */
+long wb_do_writeback(struct bdi_writeback *wb, int force_wait)
+{
+        struct backing_dev_info *bdi = wb->bdi;
+        struct bdi_work *work;
+        long nr_pages, wrote = 0;
+        while ((work = get_next_work_item(bdi, wb)) != NULL) {
+                enum writeback_sync_modes sync_mode;
+                nr_pages = work->nr_pages;
+                /*
+                 * Override sync mode, in case we must wait for completion
+                 */
+                if (force_wait)
+                        work->sync_mode = sync_mode = WB_SYNC_ALL;
+                else
+                        sync_mode = work->sync_mode;
+                /*
+                 * If this isn't a data integrity operation, just notify
+                 * that we have seen this work and we are now starting it.
+                 */
+                if (sync_mode == WB_SYNC_NONE)
+                        wb_clear_pending(wb, work);
+                wrote += wb_writeback(wb, nr_pages, work->sb, sync_mode, 0);
+                /*
+                 * This is a data integrity writeback, so only do the
+                 * notification when we have completed the work.
+                 */
+                if (sync_mode == WB_SYNC_ALL)
+                        wb_clear_pending(wb, work);
+        }
+        /*
+         * Check for periodic writeback, kupdated() style
+         */
+        wrote += wb_check_old_data_flush(wb);
+        return wrote;
+}
+/*
+ * Handle writeback of dirty data for the device backed by this bdi. Also
+ * wakes up periodically and does kupdated style flushing.
+ */
+int bdi_writeback_task(struct bdi_writeback *wb)
+{
+        unsigned long last_active = jiffies;
+        unsigned long wait_jiffies = -1UL;
+        long pages_written;
+        while (!kthread_should_stop()) {
+                pages_written = wb_do_writeback(wb, 0);
+                if (pages_written)
+                        last_active = jiffies;
+                else if (wait_jiffies != -1UL) {
+                        unsigned long max_idle;
                        /*
-                         * We hold a reference to 'inode' so it couldn't have
+                         * Longest period of inactivity that we tolerate. If we
-                         * been removed from s_inodes list while we dropped the
+                         * see dirty data again later, the task will get
-                         * inode_lock.  We cannot iput the inode now as we can
+                         * recreated automatically.
-                         * be holding the last reference and we cannot iput it
-                         * under inode_lock. So we keep the reference and iput
-                         * it later.
                         */
-                        iput(old_inode);
+                        max_idle = max(5UL * 60 * HZ, wait_jiffies);
-                        old_inode = inode;
+                        if (time_after(jiffies, max_idle + last_active))
+                                break;
+                }
-                        filemap_fdatawait(mapping);
+                wait_jiffies = msecs_to_jiffies(dirty_writeback_interval * 10);
+                set_current_state(TASK_INTERRUPTIBLE);
+                schedule_timeout(wait_jiffies);
+                try_to_freeze();
+        }
-                        cond_resched();
+        return 0;
+}
+/*
+ * Schedule writeback for all backing devices. Expensive! If this is a data
+ * integrity operation, writeback will be complete when this returns. If
+ * we are simply called for WB_SYNC_NONE, then writeback will merely be
+ * scheduled to run.
+ */
+static void bdi_writeback_all(struct writeback_control *wbc)
+{
+        const bool must_wait = wbc->sync_mode == WB_SYNC_ALL;
+        struct backing_dev_info *bdi;
+        struct bdi_work *work;
+        LIST_HEAD(list);
+restart:
+        spin_lock(&bdi_lock);
+        list_for_each_entry(bdi, &bdi_list, bdi_list) {
+                struct bdi_work *work;
-                        spin_lock(&inode_lock);
+                if (!bdi_has_dirty_io(bdi))
+                        continue;
+                /*
+                 * If work allocation fails, do the writes inline. We drop
+                 * the lock and restart the list writeout. This should be OK,
+                 * since this happens rarely and because the writeout should
+                 * eventually make more free memory available.
+                 */
+                work = bdi_alloc_work(wbc);
+                if (!work) {
+                        struct writeback_control __wbc;
+                        /*
+                         * Not a data integrity writeout, just continue
+                         */
+                        if (!must_wait)
+                                continue;
+                        spin_unlock(&bdi_lock);
+                        __wbc = *wbc;
+                        __wbc.bdi = bdi;
+                        writeback_inodes_wbc(&__wbc);
+                        goto restart;
                }
-                spin_unlock(&inode_lock);
+                if (must_wait)
-                iput(old_inode);
+                        list_add_tail(&work->wait_list, &list);
-        } else
-                spin_unlock(&inode_lock);
+                bdi_queue_work(bdi, work);
+        }
+        spin_unlock(&bdi_lock);
-        return;         /* Leave any unwritten inodes on s_io */
+        /*
+         * If this is for WB_SYNC_ALL, wait for pending work to complete
+         * before returning.
+         */
+        while (!list_empty(&list)) {
+                work = list_entry(list.next, struct bdi_work, wait_list);
+                list_del(&work->wait_list);
+                bdi_wait_on_work_clear(work);
+                call_rcu(&work->rcu_head, bdi_work_free);
+        }
 }
-EXPORT_SYMBOL_GPL(generic_sync_sb_inodes);
-static void sync_sb_inodes(struct super_block *sb,
+/*
-                                struct writeback_control *wbc)
+ * Start writeback of `nr_pages' pages.  If `nr_pages' is zero, write back
+ * the whole world.
+ */
+void wakeup_flusher_threads(long nr_pages)
 {
-        generic_sync_sb_inodes(sb, wbc);
+        struct writeback_control wbc = {
+                .sync_mode      = WB_SYNC_NONE,
+                .older_than_this = NULL,
+                .range_cyclic   = 1,
+        };
+        if (nr_pages == 0)
+                nr_pages = global_page_state(NR_FILE_DIRTY) +
+                                global_page_state(NR_UNSTABLE_NFS);
+        wbc.nr_to_write = nr_pages;
+        bdi_writeback_all(&wbc);
 }
-/*
+static noinline void block_dump___mark_inode_dirty(struct inode *inode)
- * Start writeback of dirty pagecache data against all unlocked inodes.
+{
+        if (inode->i_ino || strcmp(inode->i_sb->s_id, "bdev")) {
+                struct dentry *dentry;
+                const char *name = "?";
+                dentry = d_find_alias(inode);
+                if (dentry) {
+                        spin_lock(&dentry->d_lock);
+                        name = (const char *) dentry->d_name.name;
+                }
+                printk(KERN_DEBUG
+                       "%s(%d): dirtied inode %lu (%s) on %s\n",
+                       current->comm, task_pid_nr(current), inode->i_ino,
+                       name, inode->i_sb->s_id);
+                if (dentry) {
+                        spin_unlock(&dentry->d_lock);
+                        dput(dentry);
+                }
+        }
+}
+/**
+ *      __mark_inode_dirty -    internal function
+ *      @inode: inode to mark
+ *      @flags: what kind of dirty (i.e. I_DIRTY_SYNC)
+ *      Mark an inode as dirty. Callers should use mark_inode_dirty or
+ *      mark_inode_dirty_sync.
 *
- * Note:
+ * Put the inode on the super block's dirty list.
- * We don't need to grab a reference to superblock here. If it has non-empty
+ *
- * ->s_dirty it's hadn't been killed yet and kill_super() won't proceed
+ * CAREFUL! We mark it dirty unconditionally, but move it onto the
- * past sync_inodes_sb() until the ->s_dirty/s_io/s_more_io lists are all
+ * dirty list only if it is hashed or if it refers to a blockdev.
- * empty. Since __sync_single_inode() regains inode_lock before it finally moves
+ * If it was not hashed, it will never be added to the dirty list
- * inode from superblock lists we are OK.
+ * even if it is later hashed, as it will have been marked dirty already.
 *
- * If `older_than_this' is non-zero then only flush inodes which have a
+ * In short, make sure you hash any inodes _before_ you start marking
- * flushtime older than *older_than_this.
+ * them dirty.
 *
- * If `bdi' is non-zero then we will scan the first inode against each
+ * This function *must* be atomic for the I_DIRTY_PAGES case -
- * superblock until we find the matching ones.  One group will be the dirty
+ * set_page_dirty() is called under spinlock in several places.
- * inodes against a filesystem.  Then when we hit the dummy blockdev superblock,
+ *
- * sync_sb_inodes will seekout the blockdev which matches `bdi'.  Maybe not
+ * Note that for blockdevs, inode->dirtied_when represents the dirtying time of
- * super-efficient but we're about to do a ton of I/O...
+ * the block-special inode (/dev/hda1) itself.  And the ->dirtied_when field of
+ * the kernel-internal blockdev inode represents the dirtying time of the
+ * blockdev's pages.  This is why for I_DIRTY_PAGES we always use
+ * page->mapping->host, so the page-dirtying time is recorded in the internal
+ * blockdev inode.
 */
-void
+void __mark_inode_dirty(struct inode *inode, int flags)
-writeback_inodes(struct writeback_control *wbc)
 {
-        struct super_block *sb;
+        struct super_block *sb = inode->i_sb;
-        might_sleep();
+        /*
-        spin_lock(&sb_lock);
+         * Don't do this for I_DIRTY_PAGES - that doesn't actually
-restart:
+         * dirty the inode itself
-        list_for_each_entry_reverse(sb, &super_blocks, s_list) {
+         */
-                if (sb_has_dirty_inodes(sb)) {
+        if (flags & (I_DIRTY_SYNC | I_DIRTY_DATASYNC)) {
-                        /* we're making our own get_super here */
+                if (sb->s_op->dirty_inode)
-                        sb->s_count++;
+                        sb->s_op->dirty_inode(inode);
-                        spin_unlock(&sb_lock);
+        }
-                        /*
-                         * If we can't get the readlock, there's no sense in
+        /*
-                         * waiting around, most of the time the FS is going to
+         * make sure that changes are seen by all cpus before we test i_state
-                         * be unmounted by the time it is released.
+         * -- mikulas
-                         */
+         */
-                        if (down_read_trylock(&sb->s_umount)) {
+        smp_mb();
-                                if (sb->s_root)
-                                        sync_sb_inodes(sb, wbc);
+        /* avoid the locking if we can */
-                                up_read(&sb->s_umount);
+        if ((inode->i_state & flags) == flags)
+                return;
+        if (unlikely(block_dump))
+                block_dump___mark_inode_dirty(inode);
+        spin_lock(&inode_lock);
+        if ((inode->i_state & flags) != flags) {
+                const int was_dirty = inode->i_state & I_DIRTY;
+                inode->i_state |= flags;
+                /*
+                 * If the inode is being synced, just update its dirty state.
+                 * The unlocker will place the inode on the appropriate
+                 * superblock list, based upon its state.
+                 */
+                if (inode->i_state & I_SYNC)
+                        goto out;
+                /*
+                 * Only add valid (hashed) inodes to the superblock's
+                 * dirty list.  Add blockdev inodes as well.
+                 */
+                if (!S_ISBLK(inode->i_mode)) {
+                        if (hlist_unhashed(&inode->i_hash))
+                                goto out;
+                }
+                if (inode->i_state & (I_FREEING|I_CLEAR))
+                        goto out;
+                /*
+                 * If the inode was already on b_dirty/b_io/b_more_io, don't
+                 * reposition it (that would break b_dirty time-ordering).
+                 */
+                if (!was_dirty) {
+                        struct bdi_writeback *wb = &inode_to_bdi(inode)->wb;
+                        struct backing_dev_info *bdi = wb->bdi;
+                        if (bdi_cap_writeback_dirty(bdi) &&
+                            !test_bit(BDI_registered, &bdi->state)) {
+                                WARN_ON(1);
+                                printk(KERN_ERR "bdi-%s not registered\n",
+                                                                bdi->name);
                        }
-                        spin_lock(&sb_lock);
-                        if (__put_super_and_need_restart(sb))
+                        inode->dirtied_when = jiffies;
-                                goto restart;
+                        list_move(&inode->i_list, &wb->b_dirty);
                }
-                if (wbc->nr_to_write <= 0)
-                        break;
        }
-        spin_unlock(&sb_lock);
+out:
+        spin_unlock(&inode_lock);
 }
+EXPORT_SYMBOL(__mark_inode_dirty);
 /*
- * writeback and wait upon the filesystem's dirty inodes.  The caller will
+ * Write out a superblock's list of dirty inodes.  A wait will be performed
- * do this in two passes - one to write, and one to wait.
+ * upon no inodes, all inodes or the final one, depending upon sync_mode.
+ *
+ * If older_than_this is non-NULL, then only write out inodes which
+ * had their first dirtying at a time earlier than *older_than_this.
 *
- * A finite limit is set on the number of pages which will be written.
+ * If we're a pdlfush thread, then implement pdflush collision avoidance
- * To prevent infinite livelock of sys_sync().
+ * against the entire list.
 *
- * We add in the number of potentially dirty inodes, because each inode write
+ * If `bdi' is non-zero then we're being asked to writeback a specific queue.
- * can dirty pagecache in the underlying blockdev.
+ * This function assumes that the blockdev superblock's inodes are backed by
+ * a variety of queues, so all inodes are searched.  For other superblocks,
+ * assume that all inodes are backed by the same queue.
+ *
+ * The inodes to be written are parked on bdi->b_io.  They are moved back onto
+ * bdi->b_dirty as they are selected for writing.  This way, none can be missed
+ * on the writer throttling path, and we get decent balancing between many
+ * throttled threads: we don't want them all piling up on inode_sync_wait.
 */
-void sync_inodes_sb(struct super_block *sb, int wait)
+static void wait_sb_inodes(struct writeback_control *wbc)
+{
+        struct inode *inode, *old_inode = NULL;
+        /*
+         * We need to be protected against the filesystem going from
+         * r/o to r/w or vice versa.
+         */
+        WARN_ON(!rwsem_is_locked(&wbc->sb->s_umount));
+        spin_lock(&inode_lock);
+        /*
+         * Data integrity sync. Must wait for all pages under writeback,
+         * because there may have been pages dirtied before our sync
+         * call, but which had writeout started before we write it out.
+         * In which case, the inode may not be on the dirty list, but
+         * we still have to wait for that writeout.
+         */
+        list_for_each_entry(inode, &wbc->sb->s_inodes, i_sb_list) {
+                struct address_space *mapping;
+                if (inode->i_state & (I_FREEING|I_CLEAR|I_WILL_FREE|I_NEW))
+                        continue;
+                mapping = inode->i_mapping;
+                if (mapping->nrpages == 0)
+                        continue;
+                __iget(inode);
+                spin_unlock(&inode_lock);
+                /*
+                 * We hold a reference to 'inode' so it couldn't have
+                 * been removed from s_inodes list while we dropped the
+                 * inode_lock.  We cannot iput the inode now as we can
+                 * be holding the last reference and we cannot iput it
+                 * under inode_lock. So we keep the reference and iput
+                 * it later.
+                 */
+                iput(old_inode);
+                old_inode = inode;
+                filemap_fdatawait(mapping);
+                cond_resched();
+                spin_lock(&inode_lock);
+        }
+        spin_unlock(&inode_lock);
+        iput(old_inode);
+}
+/**
+ * writeback_inodes_sb  -       writeback dirty inodes from given super_block
+ * @sb: the superblock
+ *
+ * Start writeback on some inodes on this super_block. No guarantees are made
+ * on how many (if any) will be written, and this function does not wait
+ * for IO completion of submitted IO. The number of pages submitted is
+ * returned.
+ */
+long writeback_inodes_sb(struct super_block *sb)
 {
        struct writeback_control wbc = {
-                .sync_mode      = wait ? WB_SYNC_ALL : WB_SYNC_NONE,
+                .sb             = sb,
+                .sync_mode      = WB_SYNC_NONE,
                .range_start    = 0,
                .range_end      = LLONG_MAX,
        };
+        unsigned long nr_dirty = global_page_state(NR_FILE_DIRTY);
+        unsigned long nr_unstable = global_page_state(NR_UNSTABLE_NFS);
+        long nr_to_write;
-        if (!wait) {
+        nr_to_write = nr_dirty + nr_unstable +
-                unsigned long nr_dirty = global_page_state(NR_FILE_DIRTY);
-                unsigned long nr_unstable = global_page_state(NR_UNSTABLE_NFS);
-                wbc.nr_to_write = nr_dirty + nr_unstable +
                        (inodes_stat.nr_inodes - inodes_stat.nr_unused);
-        } else
-                wbc.nr_to_write = LONG_MAX; /* doesn't actually matter */
-        sync_sb_inodes(sb, &wbc);
+        wbc.nr_to_write = nr_to_write;
+        bdi_writeback_all(&wbc);
+        return nr_to_write - wbc.nr_to_write;
+}
+EXPORT_SYMBOL(writeback_inodes_sb);
+/**
+ * sync_inodes_sb       -       sync sb inode pages
+ * @sb: the superblock
+ *
+ * This function writes and waits on any dirty inode belonging to this
+ * super_block. The number of pages synced is returned.
+ */
+long sync_inodes_sb(struct super_block *sb)
+{
+        struct writeback_control wbc = {
+                .sb             = sb,
+                .sync_mode      = WB_SYNC_ALL,
+                .range_start    = 0,
+                .range_end      = LLONG_MAX,
+        };
+        long nr_to_write = LONG_MAX; /* doesn't actually matter */
+        wbc.nr_to_write = nr_to_write;
+        bdi_writeback_all(&wbc);
+        wait_sb_inodes(&wbc);
+        return nr_to_write - wbc.nr_to_write;
 }
+EXPORT_SYMBOL(sync_inodes_sb);
 /**
 * write_inode_now      -       write an inode to disk
diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index f91ccc4a189d..4567db6f9430 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -801,6 +801,7 @@ static int fuse_bdi_init(struct fuse_conn *fc, struct super_block *sb)
 {
        int err;
+        fc->bdi.name = "fuse";
        fc->bdi.ra_pages = (VM_MAX_READAHEAD * 1024) / PAGE_CACHE_SIZE;
        fc->bdi.unplug_io_fn = default_unplug_io_fn;
        /* fuse does it's own writeback accounting */
diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c
index cb88dac8ccaa..a93b885311d8 100644
--- a/fs/hugetlbfs/inode.c
+++ b/fs/hugetlbfs/inode.c
@@ -44,6 +44,7 @@ static const struct inode_operations hugetlbfs_dir_inode_operations;
 static const struct inode_operations hugetlbfs_inode_operations;
 static struct backing_dev_info hugetlbfs_backing_dev_info = {
+        .name           = "hugetlbfs",
        .ra_pages       = 0,    /* No readahead */
        .capabilities   = BDI_CAP_NO_ACCT_AND_WRITEBACK,
 };
diff --git a/fs/jffs2/acl.c b/fs/jffs2/acl.c
index 8fcb6239218e..7edb62e97419 100644
--- a/fs/jffs2/acl.c
+++ b/fs/jffs2/acl.c
@@ -258,7 +258,7 @@ static int jffs2_set_acl(struct inode *inode, int type, struct posix_acl *acl)
        return rc;
 }
-static int jffs2_check_acl(struct inode *inode, int mask)
+int jffs2_check_acl(struct inode *inode, int mask)
 {
        struct posix_acl *acl;
        int rc;
@@ -274,11 +274,6 @@ static int jffs2_check_acl(struct inode *inode, int mask)
        return -EAGAIN;
 }
-int jffs2_permission(struct inode *inode, int mask)
-{
-        return generic_permission(inode, mask, jffs2_check_acl);
-}
 int jffs2_init_acl_pre(struct inode *dir_i, struct inode *inode, int *i_mode)
 {
        struct posix_acl *acl, *clone;
diff --git a/fs/jffs2/acl.h b/fs/jffs2/acl.h
index fc929f2a14f6..f0ba63e3c36b 100644
--- a/fs/jffs2/acl.h
+++ b/fs/jffs2/acl.h
@@ -26,7 +26,7 @@ struct jffs2_acl_header {
 #ifdef CONFIG_JFFS2_FS_POSIX_ACL
-extern int jffs2_permission(struct inode *, int);
+extern int jffs2_check_acl(struct inode *, int);
 extern int jffs2_acl_chmod(struct inode *);
 extern int jffs2_init_acl_pre(struct inode *, struct inode *, int *);
 extern int jffs2_init_acl_post(struct inode *);
@@ -36,7 +36,7 @@ extern struct xattr_handler jffs2_acl_default_xattr_handler;
 #else
-#define jffs2_permission                        (NULL)
+#define jffs2_check_acl                         (NULL)
 #define jffs2_acl_chmod(inode)                  (0)
 #define jffs2_init_acl_pre(dir_i,inode,mode)    (0)
 #define jffs2_init_acl_post(inode)              (0)
diff --git a/fs/jffs2/dir.c b/fs/jffs2/dir.c
index 6f60cc910f4c..7aa4417e085f 100644
--- a/fs/jffs2/dir.c
+++ b/fs/jffs2/dir.c
@@ -55,7 +55,7 @@ const struct inode_operations jffs2_dir_inode_operations =
        .rmdir =        jffs2_rmdir,
        .mknod =        jffs2_mknod,
        .rename =       jffs2_rename,
-        .permission =   jffs2_permission,
+        .check_acl =    jffs2_check_acl,
        .setattr =      jffs2_setattr,
        .setxattr =     jffs2_setxattr,
        .getxattr =     jffs2_getxattr,
diff --git a/fs/jffs2/file.c b/fs/jffs2/file.c
index 23c947539864..b7b74e299142 100644
--- a/fs/jffs2/file.c
+++ b/fs/jffs2/file.c
@@ -56,7 +56,7 @@ const struct file_operations jffs2_file_operations =
 const struct inode_operations jffs2_file_inode_operations =
 {
-        .permission =   jffs2_permission,
+        .check_acl =    jffs2_check_acl,
        .setattr =      jffs2_setattr,
        .setxattr =     jffs2_setxattr,
        .getxattr =     jffs2_getxattr,
diff --git a/fs/jffs2/symlink.c b/fs/jffs2/symlink.c
index b7339c3b6ad9..4ec11e8bda8c 100644
--- a/fs/jffs2/symlink.c
+++ b/fs/jffs2/symlink.c
@@ -21,7 +21,7 @@ const struct inode_operations jffs2_symlink_inode_operations =
 {
        .readlink =     generic_readlink,
        .follow_link =  jffs2_follow_link,
-        .permission =   jffs2_permission,
+        .check_acl =    jffs2_check_acl,
        .setattr =      jffs2_setattr,
        .setxattr =     jffs2_setxattr,
        .getxattr =     jffs2_getxattr,
diff --git a/fs/jffs2/wbuf.c b/fs/jffs2/wbuf.c
index d9a721e6db70..5ef7bac265e5 100644
--- a/fs/jffs2/wbuf.c
+++ b/fs/jffs2/wbuf.c
@@ -1268,10 +1268,20 @@ int jffs2_nor_wbuf_flash_setup(struct jffs2_sb_info *c) {
        if (!c->wbuf)
                return -ENOMEM;
+#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
+        c->wbuf_verify = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
+        if (!c->wbuf_verify) {
+                kfree(c->wbuf);
+                return -ENOMEM;
+        }
+#endif
        return 0;
 }
 void jffs2_nor_wbuf_flash_cleanup(struct jffs2_sb_info *c) {
+#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
+        kfree(c->wbuf_verify);
+#endif
        kfree(c->wbuf);
 }
diff --git a/fs/jfs/acl.c b/fs/jfs/acl.c
index a29c7c3e3fb8..d66477c34306 100644
--- a/fs/jfs/acl.c
+++ b/fs/jfs/acl.c
@@ -114,7 +114,7 @@ out:
        return rc;
 }
-static int jfs_check_acl(struct inode *inode, int mask)
+int jfs_check_acl(struct inode *inode, int mask)
 {
        struct posix_acl *acl = jfs_get_acl(inode, ACL_TYPE_ACCESS);
@@ -129,11 +129,6 @@ static int jfs_check_acl(struct inode *inode, int mask)
        return -EAGAIN;
 }
-int jfs_permission(struct inode *inode, int mask)
-{
-        return generic_permission(inode, mask, jfs_check_acl);
-}
 int jfs_init_acl(tid_t tid, struct inode *inode, struct inode *dir)
 {
        struct posix_acl *acl = NULL;
diff --git a/fs/jfs/file.c b/fs/jfs/file.c
index 7f6063acaa3b..2b70fa78e4a7 100644
--- a/fs/jfs/file.c
+++ b/fs/jfs/file.c
@@ -96,7 +96,7 @@ const struct inode_operations jfs_file_inode_operations = {
        .removexattr    = jfs_removexattr,
 #ifdef CONFIG_JFS_POSIX_ACL
        .setattr        = jfs_setattr,
-        .permission     = jfs_permission,
+        .check_acl      = jfs_check_acl,
 #endif
 };
diff --git a/fs/jfs/jfs_acl.h b/fs/jfs/jfs_acl.h
index 88475f10a389..b07bd417ef85 100644
--- a/fs/jfs/jfs_acl.h
+++ b/fs/jfs/jfs_acl.h
@@ -20,7 +20,7 @@
 #ifdef CONFIG_JFS_POSIX_ACL
-int jfs_permission(struct inode *, int);
+int jfs_check_acl(struct inode *, int);
 int jfs_init_acl(tid_t, struct inode *, struct inode *);
 int jfs_setattr(struct dentry *, struct iattr *);
diff --git a/fs/jfs/namei.c b/fs/jfs/namei.c
index 514ee2edb92a..c79a4270f083 100644
--- a/fs/jfs/namei.c
+++ b/fs/jfs/namei.c
@@ -1543,7 +1543,7 @@ const struct inode_operations jfs_dir_inode_operations = {
        .removexattr    = jfs_removexattr,
 #ifdef CONFIG_JFS_POSIX_ACL
        .setattr        = jfs_setattr,
-        .permission     = jfs_permission,
+        .check_acl      = jfs_check_acl,
 #endif
 };
diff --git a/fs/lockd/host.c b/fs/lockd/host.c
index 99d737bd4325..7cb076ac6b45 100644
--- a/fs/lockd/host.c
+++ b/fs/lockd/host.c
@@ -87,18 +87,6 @@ static unsigned int nlm_hash_address(const struct sockaddr *sap)
        return hash & (NLM_HOST_NRHASH - 1);
 }
-static void nlm_clear_port(struct sockaddr *sap)
-{
-        switch (sap->sa_family) {
-        case AF_INET:
-                ((struct sockaddr_in *)sap)->sin_port = 0;
-                break;
-        case AF_INET6:
-                ((struct sockaddr_in6 *)sap)->sin6_port = 0;
-                break;
-        }
-}
 /*
 * Common host lookup routine for server & client
 */
@@ -177,7 +165,7 @@ static struct nlm_host *nlm_lookup_host(struct nlm_lookup_host_info *ni)
        host->h_addrbuf    = nsm->sm_addrbuf;
        memcpy(nlm_addr(host), ni->sap, ni->salen);
        host->h_addrlen = ni->salen;
-        nlm_clear_port(nlm_addr(host));
+        rpc_set_port(nlm_addr(host), 0);
        memcpy(nlm_srcaddr(host), ni->src_sap, ni->src_len);
        host->h_version    = ni->version;
        host->h_proto      = ni->protocol;
diff --git a/fs/lockd/mon.c b/fs/lockd/mon.c
index 7fce1b525849..30c933188dd7 100644
--- a/fs/lockd/mon.c
+++ b/fs/lockd/mon.c
@@ -61,43 +61,6 @@ static inline struct sockaddr *nsm_addr(const struct nsm_handle *nsm)
        return (struct sockaddr *)&nsm->sm_addr;
 }
-static void nsm_display_ipv4_address(const struct sockaddr *sap, char *buf,
-                                     const size_t len)
-{
-        const struct sockaddr_in *sin = (struct sockaddr_in *)sap;
-        snprintf(buf, len, "%pI4", &sin->sin_addr.s_addr);
-}
-static void nsm_display_ipv6_address(const struct sockaddr *sap, char *buf,
-                                     const size_t len)
-{
-        const struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sap;
-        if (ipv6_addr_v4mapped(&sin6->sin6_addr))
-                snprintf(buf, len, "%pI4", &sin6->sin6_addr.s6_addr32[3]);
-        else if (sin6->sin6_scope_id != 0)
-                snprintf(buf, len, "%pI6%%%u", &sin6->sin6_addr,
-                                sin6->sin6_scope_id);
-        else
-                snprintf(buf, len, "%pI6", &sin6->sin6_addr);
-}
-static void nsm_display_address(const struct sockaddr *sap,
-                                char *buf, const size_t len)
-{
-        switch (sap->sa_family) {
-        case AF_INET:
-                nsm_display_ipv4_address(sap, buf, len);
-                break;
-        case AF_INET6:
-                nsm_display_ipv6_address(sap, buf, len);
-                break;
-        default:
-                snprintf(buf, len, "unsupported address family");
-                break;
-        }
-}
 static struct rpc_clnt *nsm_create(void)
 {
        struct sockaddr_in sin = {
@@ -307,8 +270,11 @@ static struct nsm_handle *nsm_create_handle(const struct sockaddr *sap,
        memcpy(nsm_addr(new), sap, salen);
        new->sm_addrlen = salen;
        nsm_init_private(new);
-        nsm_display_address((const struct sockaddr *)&new->sm_addr,
-                                new->sm_addrbuf, sizeof(new->sm_addrbuf));
+        if (rpc_ntop(nsm_addr(new), new->sm_addrbuf,
+                                        sizeof(new->sm_addrbuf)) == 0)
+                (void)snprintf(new->sm_addrbuf, sizeof(new->sm_addrbuf),
+                                "unsupported address family");
        memcpy(new->sm_name, hostname, hostname_len);
        new->sm_name[hostname_len] = '\0';
diff --git a/fs/locks.c b/fs/locks.c
index b6440f52178f..19ee18a6829b 100644
--- a/fs/locks.c
+++ b/fs/locks.c
@@ -768,7 +768,7 @@ static int flock_lock_file(struct file *filp, struct file_lock *request)
         * give it the opportunity to lock the file.
         */
        if (found)
-                cond_resched_bkl();
+                cond_resched();
 find_conflict:
        for_each_lock(inode, before) {
@@ -1591,7 +1591,7 @@ SYSCALL_DEFINE2(flock, unsigned int, fd, unsigned int, cmd)
        if (can_sleep)
                lock->fl_flags |= FL_SLEEP;
-        error = security_file_lock(filp, cmd);
+        error = security_file_lock(filp, lock->fl_type);
        if (error)
                goto out_free;
diff --git a/fs/namei.c b/fs/namei.c
index f3c5b278895a..d11f404667e9 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -169,19 +169,10 @@ void putname(const char *name)
 EXPORT_SYMBOL(putname);
 #endif
+/*
-/**
+ * This does basic POSIX ACL permission checking
- * generic_permission  -  check for access rights on a Posix-like filesystem
- * @inode:      inode to check access rights for
- * @mask:       right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
- * @check_acl:  optional callback to check for Posix ACLs
- *
- * Used to check for read/write/execute permissions on a file.
- * We use "fsuid" for this, letting us set arbitrary permissions
- * for filesystem access without changing the "normal" uids which
- * are used for other things..
 */
-int generic_permission(struct inode *inode, int mask,
+static int acl_permission_check(struct inode *inode, int mask,
                int (*check_acl)(struct inode *inode, int mask))
 {
        umode_t                 mode = inode->i_mode;
@@ -193,9 +184,7 @@ int generic_permission(struct inode *inode, int mask,
        else {
                if (IS_POSIXACL(inode) && (mode & S_IRWXG) && check_acl) {
                        int error = check_acl(inode, mask);
-                        if (error == -EACCES)
+                        if (error != -EAGAIN)
-                                goto check_capabilities;
-                        else if (error != -EAGAIN)
                                return error;
                }
@@ -208,8 +197,32 @@ int generic_permission(struct inode *inode, int mask,
         */
        if ((mask & ~mode) == 0)
                return 0;
+        return -EACCES;
+}
+/**
+ * generic_permission  -  check for access rights on a Posix-like filesystem
+ * @inode:      inode to check access rights for
+ * @mask:       right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
+ * @check_acl:  optional callback to check for Posix ACLs
+ *
+ * Used to check for read/write/execute permissions on a file.
+ * We use "fsuid" for this, letting us set arbitrary permissions
+ * for filesystem access without changing the "normal" uids which
+ * are used for other things..
+ */
+int generic_permission(struct inode *inode, int mask,
+                int (*check_acl)(struct inode *inode, int mask))
+{
+        int ret;
+        /*
+         * Do the basic POSIX ACL permission checks.
+         */
+        ret = acl_permission_check(inode, mask, check_acl);
+        if (ret != -EACCES)
+                return ret;
- check_capabilities:
        /*
         * Read/write DACs are always overridable.
         * Executable DACs are overridable if at least one exec bit is set.
@@ -262,7 +275,7 @@ int inode_permission(struct inode *inode, int mask)
        if (inode->i_op->permission)
                retval = inode->i_op->permission(inode, mask);
        else
-                retval = generic_permission(inode, mask, NULL);
+                retval = generic_permission(inode, mask, inode->i_op->check_acl);
        if (retval)
                return retval;
@@ -432,29 +445,22 @@ static struct dentry * cached_lookup(struct dentry * parent, struct qstr * name,
 */
 static int exec_permission_lite(struct inode *inode)
 {
-        umode_t mode = inode->i_mode;
+        int ret;
-        if (inode->i_op->permission)
+        if (inode->i_op->permission) {
-                return -EAGAIN;
+                ret = inode->i_op->permission(inode, MAY_EXEC);
+                if (!ret)
-        if (current_fsuid() == inode->i_uid)
+                        goto ok;
-                mode >>= 6;
+                return ret;
-        else if (in_group_p(inode->i_gid))
+        }
-                mode >>= 3;
+        ret = acl_permission_check(inode, MAY_EXEC, inode->i_op->check_acl);
+        if (!ret)
-        if (mode & MAY_EXEC)
-                goto ok;
-        if ((inode->i_mode & S_IXUGO) && capable(CAP_DAC_OVERRIDE))
-                goto ok;
-        if (S_ISDIR(inode->i_mode) && capable(CAP_DAC_OVERRIDE))
                goto ok;
-        if (S_ISDIR(inode->i_mode) && capable(CAP_DAC_READ_SEARCH))
+        if (capable(CAP_DAC_OVERRIDE) || capable(CAP_DAC_READ_SEARCH))
                goto ok;
-        return -EACCES;
+        return ret;
 ok:
        return security_inode_permission(inode, MAY_EXEC);
 }
@@ -853,12 +859,6 @@ static int __link_path_walk(const char *name, struct nameidata *nd)
                nd->flags |= LOOKUP_CONTINUE;
                err = exec_permission_lite(inode);
-                if (err == -EAGAIN)
-                        err = inode_permission(nd->path.dentry->d_inode,
-                                               MAY_EXEC);
-                if (!err)
-                        err = ima_path_check(&nd->path, MAY_EXEC,
-                                             IMA_COUNT_UPDATE);
                if (err)
                        break;
@@ -1533,37 +1533,42 @@ int may_open(struct path *path, int acc_mode, int flag)
        if (error)
                return error;
-        error = ima_path_check(path,
+        error = ima_path_check(path, acc_mode ?
-                               acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC),
+                               acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC) :
+                               ACC_MODE(flag) & (MAY_READ | MAY_WRITE),
                               IMA_COUNT_UPDATE);
        if (error)
                return error;
        /*
         * An append-only file must be opened in append mode for writing.
         */
        if (IS_APPEND(inode)) {
+                error = -EPERM;
                if  ((flag & FMODE_WRITE) && !(flag & O_APPEND))
-                        return -EPERM;
+                        goto err_out;
                if (flag & O_TRUNC)
-                        return -EPERM;
+                        goto err_out;
        }
        /* O_NOATIME can only be set by the owner or superuser */
        if (flag & O_NOATIME)
-                if (!is_owner_or_cap(inode))
+                if (!is_owner_or_cap(inode)) {
-                        return -EPERM;
+                        error = -EPERM;
+                        goto err_out;
+                }
        /*
         * Ensure there are no outstanding leases on the file.
         */
        error = break_lease(inode, flag);
        if (error)
-                return error;
+                goto err_out;
        if (flag & O_TRUNC) {
                error = get_write_access(inode);
                if (error)
-                        return error;
+                        goto err_out;
                /*
                 * Refuse to truncate files with mandatory locks held on them.
@@ -1581,12 +1586,17 @@ int may_open(struct path *path, int acc_mode, int flag)
                }
                put_write_access(inode);
                if (error)
-                        return error;
+                        goto err_out;
        } else
                if (flag & FMODE_WRITE)
                        vfs_dq_init(inode);
        return 0;
+err_out:
+        ima_counts_put(path, acc_mode ?
+                       acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC) :
+                       ACC_MODE(flag) & (MAY_READ | MAY_WRITE));
+        return error;
 }
 /*
diff --git a/fs/nfs/Makefile b/fs/nfs/Makefile
index 845159814de2..da7fda639eac 100644
--- a/fs/nfs/Makefile
+++ b/fs/nfs/Makefile
@@ -6,7 +6,8 @@ obj-$(CONFIG_NFS_FS) += nfs.o
 nfs-y                   := client.o dir.o file.o getroot.o inode.o super.o nfs2xdr.o \
                           direct.o pagelist.o proc.o read.o symlink.o unlink.o \
-                           write.o namespace.o mount_clnt.o
+                           write.o namespace.o mount_clnt.o \
+                           dns_resolve.o cache_lib.o
 nfs-$(CONFIG_ROOT_NFS)  += nfsroot.o
 nfs-$(CONFIG_NFS_V3)    += nfs3proc.o nfs3xdr.o
 nfs-$(CONFIG_NFS_V3_ACL)        += nfs3acl.o
diff --git a/fs/nfs/cache_lib.c b/fs/nfs/cache_lib.c
new file mode 100644
index 000000000000..b4ffd0146ea6
--- /dev/null
+++ b/fs/nfs/cache_lib.c
@@ -0,0 +1,140 @@
+/*
+ * linux/fs/nfs/cache_lib.c
+ *
+ * Helper routines for the NFS client caches
+ *
+ * Copyright (c) 2009 Trond Myklebust <Trond.Myklebust@netapp.com>
+ */
+#include <linux/kmod.h>
+#include <linux/module.h>
+#include <linux/moduleparam.h>
+#include <linux/mount.h>
+#include <linux/namei.h>
+#include <linux/sunrpc/cache.h>
+#include <linux/sunrpc/rpc_pipe_fs.h>
+#include "cache_lib.h"
+#define NFS_CACHE_UPCALL_PATHLEN 256
+#define NFS_CACHE_UPCALL_TIMEOUT 15
+static char nfs_cache_getent_prog[NFS_CACHE_UPCALL_PATHLEN] =
+                                "/sbin/nfs_cache_getent";
+static unsigned long nfs_cache_getent_timeout = NFS_CACHE_UPCALL_TIMEOUT;
+module_param_string(cache_getent, nfs_cache_getent_prog,
+                sizeof(nfs_cache_getent_prog), 0600);
+MODULE_PARM_DESC(cache_getent, "Path to the client cache upcall program");
+module_param_named(cache_getent_timeout, nfs_cache_getent_timeout, ulong, 0600);
+MODULE_PARM_DESC(cache_getent_timeout, "Timeout (in seconds) after which "
+                "the cache upcall is assumed to have failed");
+int nfs_cache_upcall(struct cache_detail *cd, char *entry_name)
+{
+        static char *envp[] = { "HOME=/",
+                "TERM=linux",
+                "PATH=/sbin:/usr/sbin:/bin:/usr/bin",
+                NULL
+        };
+        char *argv[] = {
+                nfs_cache_getent_prog,
+                cd->name,
+                entry_name,
+                NULL
+        };
+        int ret = -EACCES;
+        if (nfs_cache_getent_prog[0] == '\0')
+                goto out;
+        ret = call_usermodehelper(argv[0], argv, envp, UMH_WAIT_EXEC);
+        /*
+         * Disable the upcall mechanism if we're getting an ENOENT or
+         * EACCES error. The admin can re-enable it on the fly by using
+         * sysfs to set the 'cache_getent' parameter once the problem
+         * has been fixed.
+         */
+        if (ret == -ENOENT || ret == -EACCES)
+                nfs_cache_getent_prog[0] = '\0';
+out:
+        return ret > 0 ? 0 : ret;
+}
+/*
+ * Deferred request handling
+ */
+void nfs_cache_defer_req_put(struct nfs_cache_defer_req *dreq)
+{
+        if (atomic_dec_and_test(&dreq->count))
+                kfree(dreq);
+}
+static void nfs_dns_cache_revisit(struct cache_deferred_req *d, int toomany)
+{
+        struct nfs_cache_defer_req *dreq;
+        dreq = container_of(d, struct nfs_cache_defer_req, deferred_req);
+        complete_all(&dreq->completion);
+        nfs_cache_defer_req_put(dreq);
+}
+static struct cache_deferred_req *nfs_dns_cache_defer(struct cache_req *req)
+{
+        struct nfs_cache_defer_req *dreq;
+        dreq = container_of(req, struct nfs_cache_defer_req, req);
+        dreq->deferred_req.revisit = nfs_dns_cache_revisit;
+        atomic_inc(&dreq->count);
+        return &dreq->deferred_req;
+}
+struct nfs_cache_defer_req *nfs_cache_defer_req_alloc(void)
+{
+        struct nfs_cache_defer_req *dreq;
+        dreq = kzalloc(sizeof(*dreq), GFP_KERNEL);
+        if (dreq) {
+                init_completion(&dreq->completion);
+                atomic_set(&dreq->count, 1);
+                dreq->req.defer = nfs_dns_cache_defer;
+        }
+        return dreq;
+}
+int nfs_cache_wait_for_upcall(struct nfs_cache_defer_req *dreq)
+{
+        if (wait_for_completion_timeout(&dreq->completion,
+                        nfs_cache_getent_timeout * HZ) == 0)
+                return -ETIMEDOUT;
+        return 0;
+}
+int nfs_cache_register(struct cache_detail *cd)
+{
+        struct nameidata nd;
+        struct vfsmount *mnt;
+        int ret;
+        mnt = rpc_get_mount();
+        if (IS_ERR(mnt))
+                return PTR_ERR(mnt);
+        ret = vfs_path_lookup(mnt->mnt_root, mnt, "/cache", 0, &nd);
+        if (ret)
+                goto err;
+        ret = sunrpc_cache_register_pipefs(nd.path.dentry,
+                        cd->name, 0600, cd);
+        path_put(&nd.path);
+        if (!ret)
+                return ret;
+err:
+        rpc_put_mount();
+        return ret;
+}
+void nfs_cache_unregister(struct cache_detail *cd)
+{
+        sunrpc_cache_unregister_pipefs(cd);
+        rpc_put_mount();
+}
diff --git a/fs/nfs/cache_lib.h b/fs/nfs/cache_lib.h
new file mode 100644
index 000000000000..76f856e284e4
--- /dev/null
+++ b/fs/nfs/cache_lib.h
@@ -0,0 +1,27 @@
+/*
+ * Helper routines for the NFS client caches
+ *
+ * Copyright (c) 2009 Trond Myklebust <Trond.Myklebust@netapp.com>
+ */
+#include <linux/completion.h>
+#include <linux/sunrpc/cache.h>
+#include <asm/atomic.h>
+/*
+ * Deferred request handling
+ */
+struct nfs_cache_defer_req {
+        struct cache_req req;
+        struct cache_deferred_req deferred_req;
+        struct completion completion;
+        atomic_t count;
+};
+extern int nfs_cache_upcall(struct cache_detail *cd, char *entry_name);
+extern struct nfs_cache_defer_req *nfs_cache_defer_req_alloc(void);
+extern void nfs_cache_defer_req_put(struct nfs_cache_defer_req *dreq);
+extern int nfs_cache_wait_for_upcall(struct nfs_cache_defer_req *dreq);
+extern int nfs_cache_register(struct cache_detail *cd);
+extern void nfs_cache_unregister(struct cache_detail *cd);
diff --git a/fs/nfs/callback.c b/fs/nfs/callback.c
index 7f604c7941fb..293fa0528a6e 100644
--- a/fs/nfs/callback.c
+++ b/fs/nfs/callback.c
@@ -43,21 +43,29 @@ static struct svc_program nfs4_callback_program;
 unsigned int nfs_callback_set_tcpport;
 unsigned short nfs_callback_tcpport;
 unsigned short nfs_callback_tcpport6;
-static const int nfs_set_port_min = 0;
+#define NFS_CALLBACK_MAXPORTNR (65535U)
-static const int nfs_set_port_max = 65535;
-static int param_set_port(const char *val, struct kernel_param *kp)
+static int param_set_portnr(const char *val, struct kernel_param *kp)
 {
-        char *endp;
+        unsigned long num;
-        int num = simple_strtol(val, &endp, 0);
+        int ret;
-        if (endp == val || *endp || num < nfs_set_port_min || num > nfs_set_port_max)
+        if (!val)
+                return -EINVAL;
+        ret = strict_strtoul(val, 0, &num);
+        if (ret == -EINVAL || num > NFS_CALLBACK_MAXPORTNR)
                return -EINVAL;
-        *((int *)kp->arg) = num;
+        *((unsigned int *)kp->arg) = num;
        return 0;
 }
-module_param_call(callback_tcpport, param_set_port, param_get_int,
+static int param_get_portnr(char *buffer, struct kernel_param *kp)
-                 &nfs_callback_set_tcpport, 0644);
+{
+        return param_get_uint(buffer, kp);
+}
+#define param_check_portnr(name, p) __param_check(name, p, unsigned int);
+module_param_named(callback_tcpport, nfs_callback_set_tcpport, portnr, 0644);
 /*
 * This is the NFSv4 callback kernel thread.
diff --git a/fs/nfs/client.c b/fs/nfs/client.c
index 8d25ccb2d51d..e350bd6a2334 100644
--- a/fs/nfs/client.c
+++ b/fs/nfs/client.c
@@ -809,6 +809,9 @@ static int nfs_init_server(struct nfs_server *server,
        /* Initialise the client representation from the mount data */
        server->flags = data->flags;
        server->options = data->options;
+        server->caps |= NFS_CAP_HARDLINKS|NFS_CAP_SYMLINKS|NFS_CAP_FILEID|
+                NFS_CAP_MODE|NFS_CAP_NLINK|NFS_CAP_OWNER|NFS_CAP_OWNER_GROUP|
+                NFS_CAP_ATIME|NFS_CAP_CTIME|NFS_CAP_MTIME;
        if (data->rsize)
                server->rsize = nfs_block_size(data->rsize, NULL);
@@ -879,6 +882,7 @@ static void nfs_server_set_fsinfo(struct nfs_server *server, struct nfs_fsinfo *
                server->rsize = NFS_MAX_FILE_IO_SIZE;
        server->rpages = (server->rsize + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
+        server->backing_dev_info.name = "nfs";
        server->backing_dev_info.ra_pages = server->rpages * NFS_MAX_READAHEAD;
        if (server->wsize > max_rpc_payload)
@@ -1074,10 +1078,6 @@ struct nfs_server *nfs_create_server(const struct nfs_parsed_mount_data *data,
                (unsigned long long) server->fsid.major,
                (unsigned long long) server->fsid.minor);
-        BUG_ON(!server->nfs_client);
-        BUG_ON(!server->nfs_client->rpc_ops);
-        BUG_ON(!server->nfs_client->rpc_ops->file_inode_ops);
        spin_lock(&nfs_client_lock);
        list_add_tail(&server->client_link, &server->nfs_client->cl_superblocks);
        list_add_tail(&server->master_link, &nfs_volume_list);
@@ -1274,7 +1274,7 @@ static int nfs4_init_server(struct nfs_server *server,
        /* Initialise the client representation from the mount data */
        server->flags = data->flags;
-        server->caps |= NFS_CAP_ATOMIC_OPEN;
+        server->caps |= NFS_CAP_ATOMIC_OPEN|NFS_CAP_CHANGE_ATTR;
        server->options = data->options;
        /* Get a client record */
@@ -1359,10 +1359,6 @@ struct nfs_server *nfs4_create_server(const struct nfs_parsed_mount_data *data,
        if (server->namelen == 0 || server->namelen > NFS4_MAXNAMLEN)
                server->namelen = NFS4_MAXNAMLEN;
-        BUG_ON(!server->nfs_client);
-        BUG_ON(!server->nfs_client->rpc_ops);
-        BUG_ON(!server->nfs_client->rpc_ops->file_inode_ops);
        spin_lock(&nfs_client_lock);
        list_add_tail(&server->client_link, &server->nfs_client->cl_superblocks);
        list_add_tail(&server->master_link, &nfs_volume_list);
@@ -1400,7 +1396,7 @@ struct nfs_server *nfs4_create_referral_server(struct nfs_clone_mount *data,
        /* Initialise the client representation from the parent server */
        nfs_server_copy_userdata(server, parent_server);
-        server->caps |= NFS_CAP_ATOMIC_OPEN;
+        server->caps |= NFS_CAP_ATOMIC_OPEN|NFS_CAP_CHANGE_ATTR;
        /* Get a client representation.
         * Note: NFSv4 always uses TCP, */
diff --git a/fs/nfs/direct.c b/fs/nfs/direct.c
index e4e089a8f294..6c3210099d51 100644
--- a/fs/nfs/direct.c
+++ b/fs/nfs/direct.c
@@ -934,9 +934,6 @@ out:
 * back into its cache.  We let the server do generic write
 * parameter checking and report problems.
 *
- * We also avoid an unnecessary invocation of generic_osync_inode(),
- * as it is fairly meaningless to sync the metadata of an NFS file.
- *
 * We eliminate local atime updates, see direct read above.
 *
 * We avoid unnecessary page cache invalidations for normal cached
diff --git a/fs/nfs/dns_resolve.c b/fs/nfs/dns_resolve.c
new file mode 100644
index 000000000000..f4d54ba97cc6
--- /dev/null
+++ b/fs/nfs/dns_resolve.c
@@ -0,0 +1,335 @@
+/*
+ * linux/fs/nfs/dns_resolve.c
+ *
+ * Copyright (c) 2009 Trond Myklebust <Trond.Myklebust@netapp.com>
+ *
+ * Resolves DNS hostnames into valid ip addresses
+ */
+#include <linux/hash.h>
+#include <linux/string.h>
+#include <linux/kmod.h>
+#include <linux/module.h>
+#include <linux/socket.h>
+#include <linux/seq_file.h>
+#include <linux/inet.h>
+#include <linux/sunrpc/clnt.h>
+#include <linux/sunrpc/cache.h>
+#include <linux/sunrpc/svcauth.h>
+#include "dns_resolve.h"
+#include "cache_lib.h"
+#define NFS_DNS_HASHBITS 4
+#define NFS_DNS_HASHTBL_SIZE (1 << NFS_DNS_HASHBITS)
+static struct cache_head *nfs_dns_table[NFS_DNS_HASHTBL_SIZE];
+struct nfs_dns_ent {
+        struct cache_head h;
+        char *hostname;
+        size_t namelen;
+        struct sockaddr_storage addr;
+        size_t addrlen;
+};
+static void nfs_dns_ent_init(struct cache_head *cnew,
+                struct cache_head *ckey)
+{
+        struct nfs_dns_ent *new;
+        struct nfs_dns_ent *key;
+        new = container_of(cnew, struct nfs_dns_ent, h);
+        key = container_of(ckey, struct nfs_dns_ent, h);
+        kfree(new->hostname);
+        new->hostname = kstrndup(key->hostname, key->namelen, GFP_KERNEL);
+        if (new->hostname) {
+                new->namelen = key->namelen;
+                memcpy(&new->addr, &key->addr, key->addrlen);
+                new->addrlen = key->addrlen;
+        } else {
+                new->namelen = 0;
+                new->addrlen = 0;
+        }
+}
+static void nfs_dns_ent_put(struct kref *ref)
+{
+        struct nfs_dns_ent *item;
+        item = container_of(ref, struct nfs_dns_ent, h.ref);
+        kfree(item->hostname);
+        kfree(item);
+}
+static struct cache_head *nfs_dns_ent_alloc(void)
+{
+        struct nfs_dns_ent *item = kmalloc(sizeof(*item), GFP_KERNEL);
+        if (item != NULL) {
+                item->hostname = NULL;
+                item->namelen = 0;
+                item->addrlen = 0;
+                return &item->h;
+        }
+        return NULL;
+};
+static unsigned int nfs_dns_hash(const struct nfs_dns_ent *key)
+{
+        return hash_str(key->hostname, NFS_DNS_HASHBITS);
+}
+static void nfs_dns_request(struct cache_detail *cd,
+                struct cache_head *ch,
+                char **bpp, int *blen)
+{
+        struct nfs_dns_ent *key = container_of(ch, struct nfs_dns_ent, h);
+        qword_add(bpp, blen, key->hostname);
+        (*bpp)[-1] = '\n';
+}
+static int nfs_dns_upcall(struct cache_detail *cd,
+                struct cache_head *ch)
+{
+        struct nfs_dns_ent *key = container_of(ch, struct nfs_dns_ent, h);
+        int ret;
+        ret = nfs_cache_upcall(cd, key->hostname);
+        if (ret)
+                ret = sunrpc_cache_pipe_upcall(cd, ch, nfs_dns_request);
+        return ret;
+}
+static int nfs_dns_match(struct cache_head *ca,
+                struct cache_head *cb)
+{
+        struct nfs_dns_ent *a;
+        struct nfs_dns_ent *b;
+        a = container_of(ca, struct nfs_dns_ent, h);
+        b = container_of(cb, struct nfs_dns_ent, h);
+        if (a->namelen == 0 || a->namelen != b->namelen)
+                return 0;
+        return memcmp(a->hostname, b->hostname, a->namelen) == 0;
+}
+static int nfs_dns_show(struct seq_file *m, struct cache_detail *cd,
+                struct cache_head *h)
+{
+        struct nfs_dns_ent *item;
+        long ttl;
+        if (h == NULL) {
+                seq_puts(m, "# ip address      hostname        ttl\n");
+                return 0;
+        }
+        item = container_of(h, struct nfs_dns_ent, h);
+        ttl = (long)item->h.expiry_time - (long)get_seconds();
+        if (ttl < 0)
+                ttl = 0;
+        if (!test_bit(CACHE_NEGATIVE, &h->flags)) {
+                char buf[INET6_ADDRSTRLEN+IPV6_SCOPE_ID_LEN+1];
+                rpc_ntop((struct sockaddr *)&item->addr, buf, sizeof(buf));
+                seq_printf(m, "%15s ", buf);
+        } else
+                seq_puts(m, "<none>          ");
+        seq_printf(m, "%15s %ld\n", item->hostname, ttl);
+        return 0;
+}
+struct nfs_dns_ent *nfs_dns_lookup(struct cache_detail *cd,
+                struct nfs_dns_ent *key)
+{
+        struct cache_head *ch;
+        ch = sunrpc_cache_lookup(cd,
+                        &key->h,
+                        nfs_dns_hash(key));
+        if (!ch)
+                return NULL;
+        return container_of(ch, struct nfs_dns_ent, h);
+}
+struct nfs_dns_ent *nfs_dns_update(struct cache_detail *cd,
+                struct nfs_dns_ent *new,
+                struct nfs_dns_ent *key)
+{
+        struct cache_head *ch;
+        ch = sunrpc_cache_update(cd,
+                        &new->h, &key->h,
+                        nfs_dns_hash(key));
+        if (!ch)
+                return NULL;
+        return container_of(ch, struct nfs_dns_ent, h);
+}
+static int nfs_dns_parse(struct cache_detail *cd, char *buf, int buflen)
+{
+        char buf1[NFS_DNS_HOSTNAME_MAXLEN+1];
+        struct nfs_dns_ent key, *item;
+        unsigned long ttl;
+        ssize_t len;
+        int ret = -EINVAL;
+        if (buf[buflen-1] != '\n')
+                goto out;
+        buf[buflen-1] = '\0';
+        len = qword_get(&buf, buf1, sizeof(buf1));
+        if (len <= 0)
+                goto out;
+        key.addrlen = rpc_pton(buf1, len,
+                        (struct sockaddr *)&key.addr,
+                        sizeof(key.addr));
+        len = qword_get(&buf, buf1, sizeof(buf1));
+        if (len <= 0)
+                goto out;
+        key.hostname = buf1;
+        key.namelen = len;
+        memset(&key.h, 0, sizeof(key.h));
+        ttl = get_expiry(&buf);
+        if (ttl == 0)
+                goto out;
+        key.h.expiry_time = ttl + get_seconds();
+        ret = -ENOMEM;
+        item = nfs_dns_lookup(cd, &key);
+        if (item == NULL)
+                goto out;
+        if (key.addrlen == 0)
+                set_bit(CACHE_NEGATIVE, &key.h.flags);
+        item = nfs_dns_update(cd, &key, item);
+        if (item == NULL)
+                goto out;
+        ret = 0;
+        cache_put(&item->h, cd);
+out:
+        return ret;
+}
+static struct cache_detail nfs_dns_resolve = {
+        .owner = THIS_MODULE,
+        .hash_size = NFS_DNS_HASHTBL_SIZE,
+        .hash_table = nfs_dns_table,
+        .name = "dns_resolve",
+        .cache_put = nfs_dns_ent_put,
+        .cache_upcall = nfs_dns_upcall,
+        .cache_parse = nfs_dns_parse,
+        .cache_show = nfs_dns_show,
+        .match = nfs_dns_match,
+        .init = nfs_dns_ent_init,
+        .update = nfs_dns_ent_init,
+        .alloc = nfs_dns_ent_alloc,
+};
+static int do_cache_lookup(struct cache_detail *cd,
+                struct nfs_dns_ent *key,
+                struct nfs_dns_ent **item,
+                struct nfs_cache_defer_req *dreq)
+{
+        int ret = -ENOMEM;
+        *item = nfs_dns_lookup(cd, key);
+        if (*item) {
+                ret = cache_check(cd, &(*item)->h, &dreq->req);
+                if (ret)
+                        *item = NULL;
+        }
+        return ret;
+}
+static int do_cache_lookup_nowait(struct cache_detail *cd,
+                struct nfs_dns_ent *key,
+                struct nfs_dns_ent **item)
+{
+        int ret = -ENOMEM;
+        *item = nfs_dns_lookup(cd, key);
+        if (!*item)
+                goto out_err;
+        ret = -ETIMEDOUT;
+        if (!test_bit(CACHE_VALID, &(*item)->h.flags)
+                        || (*item)->h.expiry_time < get_seconds()
+                        || cd->flush_time > (*item)->h.last_refresh)
+                goto out_put;
+        ret = -ENOENT;
+        if (test_bit(CACHE_NEGATIVE, &(*item)->h.flags))
+                goto out_put;
+        return 0;
+out_put:
+        cache_put(&(*item)->h, cd);
+out_err:
+        *item = NULL;
+        return ret;
+}
+static int do_cache_lookup_wait(struct cache_detail *cd,
+                struct nfs_dns_ent *key,
+                struct nfs_dns_ent **item)
+{
+        struct nfs_cache_defer_req *dreq;
+        int ret = -ENOMEM;
+        dreq = nfs_cache_defer_req_alloc();
+        if (!dreq)
+                goto out;
+        ret = do_cache_lookup(cd, key, item, dreq);
+        if (ret == -EAGAIN) {
+                ret = nfs_cache_wait_for_upcall(dreq);
+                if (!ret)
+                        ret = do_cache_lookup_nowait(cd, key, item);
+        }
+        nfs_cache_defer_req_put(dreq);
+out:
+        return ret;
+}
+ssize_t nfs_dns_resolve_name(char *name, size_t namelen,
+                struct sockaddr *sa, size_t salen)
+{
+        struct nfs_dns_ent key = {
+                .hostname = name,
+                .namelen = namelen,
+        };
+        struct nfs_dns_ent *item = NULL;
+        ssize_t ret;
+        ret = do_cache_lookup_wait(&nfs_dns_resolve, &key, &item);
+        if (ret == 0) {
+                if (salen >= item->addrlen) {
+                        memcpy(sa, &item->addr, item->addrlen);
+                        ret = item->addrlen;
+                } else
+                        ret = -EOVERFLOW;
+                cache_put(&item->h, &nfs_dns_resolve);
+        } else if (ret == -ENOENT)
+                ret = -ESRCH;
+        return ret;
+}
+int nfs_dns_resolver_init(void)
+{
+        return nfs_cache_register(&nfs_dns_resolve);
+}
+void nfs_dns_resolver_destroy(void)
+{
+        nfs_cache_unregister(&nfs_dns_resolve);
+}
diff --git a/fs/nfs/dns_resolve.h b/fs/nfs/dns_resolve.h
new file mode 100644
index 000000000000..a3f0938babf7
--- /dev/null
+++ b/fs/nfs/dns_resolve.h
@@ -0,0 +1,14 @@
+/*
+ * Resolve DNS hostnames into valid ip addresses
+ */
+#ifndef __LINUX_FS_NFS_DNS_RESOLVE_H
+#define __LINUX_FS_NFS_DNS_RESOLVE_H
+#define NFS_DNS_HOSTNAME_MAXLEN (128)
+extern int nfs_dns_resolver_init(void);
+extern void nfs_dns_resolver_destroy(void);
+extern ssize_t nfs_dns_resolve_name(char *name, size_t namelen,
+                struct sockaddr *sa, size_t salen);
+#endif
diff --git a/fs/nfs/file.c b/fs/nfs/file.c
index 05062329b678..5021b75d2d1e 100644
--- a/fs/nfs/file.c
+++ b/fs/nfs/file.c
@@ -328,6 +328,42 @@ nfs_file_fsync(struct file *file, struct dentry *dentry, int datasync)
 }
 /*
+ * Decide whether a read/modify/write cycle may be more efficient
+ * then a modify/write/read cycle when writing to a page in the
+ * page cache.
+ *
+ * The modify/write/read cycle may occur if a page is read before
+ * being completely filled by the writer.  In this situation, the
+ * page must be completely written to stable storage on the server
+ * before it can be refilled by reading in the page from the server.
+ * This can lead to expensive, small, FILE_SYNC mode writes being
+ * done.
+ *
+ * It may be more efficient to read the page first if the file is
+ * open for reading in addition to writing, the page is not marked
+ * as Uptodate, it is not dirty or waiting to be committed,
+ * indicating that it was previously allocated and then modified,
+ * that there were valid bytes of data in that range of the file,
+ * and that the new data won't completely replace the old data in
+ * that range of the file.
+ */
+static int nfs_want_read_modify_write(struct file *file, struct page *page,
+                        loff_t pos, unsigned len)
+{
+        unsigned int pglen = nfs_page_length(page);
+        unsigned int offset = pos & (PAGE_CACHE_SIZE - 1);
+        unsigned int end = offset + len;
+        if ((file->f_mode & FMODE_READ) &&      /* open for read? */
+            !PageUptodate(page) &&              /* Uptodate? */
+            !PagePrivate(page) &&               /* i/o request already? */
+            pglen &&                            /* valid bytes of file? */
+            (end < pglen || offset))            /* replace all valid bytes? */
+                return 1;
+        return 0;
+}
+/*
 * This does the "real" work of the write. We must allocate and lock the
 * page to be sent back to the generic routine, which then copies the
 * data from user space.
@@ -340,15 +376,16 @@ static int nfs_write_begin(struct file *file, struct address_space *mapping,
                        struct page **pagep, void **fsdata)
 {
        int ret;
-        pgoff_t index;
+        pgoff_t index = pos >> PAGE_CACHE_SHIFT;
        struct page *page;
-        index = pos >> PAGE_CACHE_SHIFT;
+        int once_thru = 0;
        dfprintk(PAGECACHE, "NFS: write_begin(%s/%s(%ld), %u@%lld)\n",
                file->f_path.dentry->d_parent->d_name.name,
                file->f_path.dentry->d_name.name,
                mapping->host->i_ino, len, (long long) pos);
+start:
        /*
         * Prevent starvation issues if someone is doing a consistency
         * sync-to-disk
@@ -367,6 +404,13 @@ static int nfs_write_begin(struct file *file, struct address_space *mapping,
        if (ret) {
                unlock_page(page);
                page_cache_release(page);
+        } else if (!once_thru &&
+                   nfs_want_read_modify_write(file, page, pos, len)) {
+                once_thru = 1;
+                ret = nfs_readpage(file, page);
+                page_cache_release(page);
+                if (!ret)
+                        goto start;
        }
        return ret;
 }
@@ -479,6 +523,7 @@ const struct address_space_operations nfs_file_aops = {
        .invalidatepage = nfs_invalidate_page,
        .releasepage = nfs_release_page,
        .direct_IO = nfs_direct_IO,
+        .migratepage = nfs_migrate_page,
        .launder_page = nfs_launder_page,
 };
diff --git a/fs/nfs/idmap.c b/fs/nfs/idmap.c
index 86147b0ab2cf..21a84d45916f 100644
--- a/fs/nfs/idmap.c
+++ b/fs/nfs/idmap.c
@@ -101,7 +101,7 @@ static void idmap_pipe_destroy_msg(struct rpc_pipe_msg *);
 static unsigned int fnvhash32(const void *, size_t);
-static struct rpc_pipe_ops idmap_upcall_ops = {
+static const struct rpc_pipe_ops idmap_upcall_ops = {
        .upcall         = idmap_pipe_upcall,
        .downcall       = idmap_pipe_downcall,
        .destroy_msg    = idmap_pipe_destroy_msg,
@@ -119,8 +119,8 @@ nfs_idmap_new(struct nfs_client *clp)
        if (idmap == NULL)
                return -ENOMEM;
-        idmap->idmap_dentry = rpc_mkpipe(clp->cl_rpcclient->cl_dentry, "idmap",
+        idmap->idmap_dentry = rpc_mkpipe(clp->cl_rpcclient->cl_path.dentry,
-                                         idmap, &idmap_upcall_ops, 0);
+                        "idmap", idmap, &idmap_upcall_ops, 0);
        if (IS_ERR(idmap->idmap_dentry)) {
                error = PTR_ERR(idmap->idmap_dentry);
                kfree(idmap);
diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
index bd7938eda6a8..060022b4651c 100644
--- a/fs/nfs/inode.c
+++ b/fs/nfs/inode.c
@@ -46,6 +46,7 @@
 #include "iostat.h"
 #include "internal.h"
 #include "fscache.h"
+#include "dns_resolve.h"
 #define NFSDBG_FACILITY         NFSDBG_VFS
@@ -286,6 +287,11 @@ nfs_fhget(struct super_block *sb, struct nfs_fh *fh, struct nfs_fattr *fattr)
                /* We can't support update_atime(), since the server will reset it */
                inode->i_flags |= S_NOATIME|S_NOCMTIME;
                inode->i_mode = fattr->mode;
+                if ((fattr->valid & NFS_ATTR_FATTR_MODE) == 0
+                                && nfs_server_capable(inode, NFS_CAP_MODE))
+                        nfsi->cache_validity |= NFS_INO_INVALID_ATTR
+                                | NFS_INO_INVALID_ACCESS
+                                | NFS_INO_INVALID_ACL;
                /* Why so? Because we want revalidate for devices/FIFOs, and
                 * that's precisely what we have in nfs_file_inode_operations.
                 */
@@ -330,20 +336,46 @@ nfs_fhget(struct super_block *sb, struct nfs_fh *fh, struct nfs_fattr *fattr)
                nfsi->attr_gencount = fattr->gencount;
                if (fattr->valid & NFS_ATTR_FATTR_ATIME)
                        inode->i_atime = fattr->atime;
+                else if (nfs_server_capable(inode, NFS_CAP_ATIME))
+                        nfsi->cache_validity |= NFS_INO_INVALID_ATTR;
                if (fattr->valid & NFS_ATTR_FATTR_MTIME)
                        inode->i_mtime = fattr->mtime;
+                else if (nfs_server_capable(inode, NFS_CAP_MTIME))
+                        nfsi->cache_validity |= NFS_INO_INVALID_ATTR
+                                | NFS_INO_INVALID_DATA;
                if (fattr->valid & NFS_ATTR_FATTR_CTIME)
                        inode->i_ctime = fattr->ctime;
+                else if (nfs_server_capable(inode, NFS_CAP_CTIME))
+                        nfsi->cache_validity |= NFS_INO_INVALID_ATTR
+                                | NFS_INO_INVALID_ACCESS
+                                | NFS_INO_INVALID_ACL;
                if (fattr->valid & NFS_ATTR_FATTR_CHANGE)
                        nfsi->change_attr = fattr->change_attr;
+                else if (nfs_server_capable(inode, NFS_CAP_CHANGE_ATTR))
+                        nfsi->cache_validity |= NFS_INO_INVALID_ATTR
+                                | NFS_INO_INVALID_DATA;
                if (fattr->valid & NFS_ATTR_FATTR_SIZE)
                        inode->i_size = nfs_size_to_loff_t(fattr->size);
+                else
+                        nfsi->cache_validity |= NFS_INO_INVALID_ATTR
+                                | NFS_INO_INVALID_DATA
+                                | NFS_INO_REVAL_PAGECACHE;
                if (fattr->valid & NFS_ATTR_FATTR_NLINK)
                        inode->i_nlink = fattr->nlink;
+                else if (nfs_server_capable(inode, NFS_CAP_NLINK))
+                        nfsi->cache_validity |= NFS_INO_INVALID_ATTR;
                if (fattr->valid & NFS_ATTR_FATTR_OWNER)
                        inode->i_uid = fattr->uid;
+                else if (nfs_server_capable(inode, NFS_CAP_OWNER))
+                        nfsi->cache_validity |= NFS_INO_INVALID_ATTR
+                                | NFS_INO_INVALID_ACCESS
+                                | NFS_INO_INVALID_ACL;
                if (fattr->valid & NFS_ATTR_FATTR_GROUP)
                        inode->i_gid = fattr->gid;
+                else if (nfs_server_capable(inode, NFS_CAP_OWNER_GROUP))
+                        nfsi->cache_validity |= NFS_INO_INVALID_ATTR
+                                | NFS_INO_INVALID_ACCESS
+                                | NFS_INO_INVALID_ACL;
                if (fattr->valid & NFS_ATTR_FATTR_BLOCKS_USED)
                        inode->i_blocks = fattr->du.nfs2.blocks;
                if (fattr->valid & NFS_ATTR_FATTR_SPACE_USED) {
@@ -1145,6 +1177,7 @@ static int nfs_update_inode(struct inode *inode, struct nfs_fattr *fattr)
        loff_t cur_isize, new_isize;
        unsigned long invalid = 0;
        unsigned long now = jiffies;
+        unsigned long save_cache_validity;
        dfprintk(VFS, "NFS: %s(%s/%ld ct=%d info=0x%x)\n",
                        __func__, inode->i_sb->s_id, inode->i_ino,
@@ -1171,10 +1204,11 @@ static int nfs_update_inode(struct inode *inode, struct nfs_fattr *fattr)
         */
        nfsi->read_cache_jiffies = fattr->time_start;
-        if ((fattr->valid & NFS_ATTR_FATTR_CHANGE) || (fattr->valid & (NFS_ATTR_FATTR_MTIME|NFS_ATTR_FATTR_CTIME)))
+        save_cache_validity = nfsi->cache_validity;
-            nfsi->cache_validity &= ~(NFS_INO_INVALID_ATTR
+        nfsi->cache_validity &= ~(NFS_INO_INVALID_ATTR
-                    | NFS_INO_INVALID_ATIME
+                        | NFS_INO_INVALID_ATIME
-                    | NFS_INO_REVAL_PAGECACHE);
+                        | NFS_INO_REVAL_FORCED
+                        | NFS_INO_REVAL_PAGECACHE);
        /* Do atomic weak cache consistency updates */
        nfs_wcc_update_inode(inode, fattr);
@@ -1189,7 +1223,8 @@ static int nfs_update_inode(struct inode *inode, struct nfs_fattr *fattr)
                                nfs_force_lookup_revalidate(inode);
                        nfsi->change_attr = fattr->change_attr;
                }
-        }
+        } else if (server->caps & NFS_CAP_CHANGE_ATTR)
+                invalid |= save_cache_validity;
        if (fattr->valid & NFS_ATTR_FATTR_MTIME) {
                /* NFSv2/v3: Check if the mtime agrees */
@@ -1201,7 +1236,12 @@ static int nfs_update_inode(struct inode *inode, struct nfs_fattr *fattr)
                                nfs_force_lookup_revalidate(inode);
                        memcpy(&inode->i_mtime, &fattr->mtime, sizeof(inode->i_mtime));
                }
-        }
+        } else if (server->caps & NFS_CAP_MTIME)
+                invalid |= save_cache_validity & (NFS_INO_INVALID_ATTR
+                                | NFS_INO_INVALID_DATA
+                                | NFS_INO_REVAL_PAGECACHE
+                                | NFS_INO_REVAL_FORCED);
        if (fattr->valid & NFS_ATTR_FATTR_CTIME) {
                /* If ctime has changed we should definitely clear access+acl caches */
                if (!timespec_equal(&inode->i_ctime, &fattr->ctime)) {
@@ -1215,7 +1255,11 @@ static int nfs_update_inode(struct inode *inode, struct nfs_fattr *fattr)
                        }
                        memcpy(&inode->i_ctime, &fattr->ctime, sizeof(inode->i_ctime));
                }
-        }
+        } else if (server->caps & NFS_CAP_CTIME)
+                invalid |= save_cache_validity & (NFS_INO_INVALID_ATTR
+                                | NFS_INO_INVALID_ACCESS
+                                | NFS_INO_INVALID_ACL
+                                | NFS_INO_REVAL_FORCED);
        /* Check if our cached file size is stale */
        if (fattr->valid & NFS_ATTR_FATTR_SIZE) {
@@ -1231,30 +1275,50 @@ static int nfs_update_inode(struct inode *inode, struct nfs_fattr *fattr)
                        dprintk("NFS: isize change on server for file %s/%ld\n",
                                        inode->i_sb->s_id, inode->i_ino);
                }
-        }
+        } else
+                invalid |= save_cache_validity & (NFS_INO_INVALID_ATTR
+                                | NFS_INO_REVAL_PAGECACHE
+                                | NFS_INO_REVAL_FORCED);
        if (fattr->valid & NFS_ATTR_FATTR_ATIME)
                memcpy(&inode->i_atime, &fattr->atime, sizeof(inode->i_atime));
+        else if (server->caps & NFS_CAP_ATIME)
+                invalid |= save_cache_validity & (NFS_INO_INVALID_ATIME
+                                | NFS_INO_REVAL_FORCED);
        if (fattr->valid & NFS_ATTR_FATTR_MODE) {
                if ((inode->i_mode & S_IALLUGO) != (fattr->mode & S_IALLUGO)) {
                        invalid |= NFS_INO_INVALID_ATTR|NFS_INO_INVALID_ACCESS|NFS_INO_INVALID_ACL;
                        inode->i_mode = fattr->mode;
                }
-        }
+        } else if (server->caps & NFS_CAP_MODE)
+                invalid |= save_cache_validity & (NFS_INO_INVALID_ATTR
+                                | NFS_INO_INVALID_ACCESS
+                                | NFS_INO_INVALID_ACL
+                                | NFS_INO_REVAL_FORCED);
        if (fattr->valid & NFS_ATTR_FATTR_OWNER) {
                if (inode->i_uid != fattr->uid) {
                        invalid |= NFS_INO_INVALID_ATTR|NFS_INO_INVALID_ACCESS|NFS_INO_INVALID_ACL;
                        inode->i_uid = fattr->uid;
                }
-        }
+        } else if (server->caps & NFS_CAP_OWNER)
+                invalid |= save_cache_validity & (NFS_INO_INVALID_ATTR
+                                | NFS_INO_INVALID_ACCESS
+                                | NFS_INO_INVALID_ACL
+                                | NFS_INO_REVAL_FORCED);
        if (fattr->valid & NFS_ATTR_FATTR_GROUP) {
                if (inode->i_gid != fattr->gid) {
                        invalid |= NFS_INO_INVALID_ATTR|NFS_INO_INVALID_ACCESS|NFS_INO_INVALID_ACL;
                        inode->i_gid = fattr->gid;
                }
-        }
+        } else if (server->caps & NFS_CAP_OWNER_GROUP)
+                invalid |= save_cache_validity & (NFS_INO_INVALID_ATTR
+                                | NFS_INO_INVALID_ACCESS
+                                | NFS_INO_INVALID_ACL
+                                | NFS_INO_REVAL_FORCED);
        if (fattr->valid & NFS_ATTR_FATTR_NLINK) {
                if (inode->i_nlink != fattr->nlink) {
@@ -1263,7 +1327,9 @@ static int nfs_update_inode(struct inode *inode, struct nfs_fattr *fattr)
                                invalid |= NFS_INO_INVALID_DATA;
                        inode->i_nlink = fattr->nlink;
                }
-        }
+        } else if (server->caps & NFS_CAP_NLINK)
+                invalid |= save_cache_validity & (NFS_INO_INVALID_ATTR
+                                | NFS_INO_REVAL_FORCED);
        if (fattr->valid & NFS_ATTR_FATTR_SPACE_USED) {
                /*
@@ -1293,9 +1359,8 @@ static int nfs_update_inode(struct inode *inode, struct nfs_fattr *fattr)
                                || S_ISLNK(inode->i_mode)))
                invalid &= ~NFS_INO_INVALID_DATA;
        if (!nfs_have_delegation(inode, FMODE_READ) ||
-                        (nfsi->cache_validity & NFS_INO_REVAL_FORCED))
+                        (save_cache_validity & NFS_INO_REVAL_FORCED))
                nfsi->cache_validity |= invalid;
-        nfsi->cache_validity &= ~NFS_INO_REVAL_FORCED;
        return 0;
 out_changed:
@@ -1442,6 +1507,10 @@ static int __init init_nfs_fs(void)
 {
        int err;
+        err = nfs_dns_resolver_init();
+        if (err < 0)
+                goto out8;
        err = nfs_fscache_register();
        if (err < 0)
                goto out7;
@@ -1500,6 +1569,8 @@ out5:
 out6:
        nfs_fscache_unregister();
 out7:
+        nfs_dns_resolver_destroy();
+out8:
        return err;
 }
@@ -1511,6 +1582,7 @@ static void __exit exit_nfs_fs(void)
        nfs_destroy_inodecache();
        nfs_destroy_nfspagecache();
        nfs_fscache_unregister();
+        nfs_dns_resolver_destroy();
 #ifdef CONFIG_PROC_FS
        rpc_proc_unregister("nfs");
 #endif
diff --git a/fs/nfs/internal.h b/fs/nfs/internal.h
index 7dd90a6769d0..e21b1bb9972f 100644
--- a/fs/nfs/internal.h
+++ b/fs/nfs/internal.h
@@ -49,6 +49,11 @@ struct nfs_clone_mount {
 #define NFS_MAX_SECFLAVORS      (12)
 /*
+ * Value used if the user did not specify a port value.
+ */
+#define NFS_UNSPEC_PORT         (-1)
+/*
 * In-kernel mount arguments
 */
 struct nfs_parsed_mount_data {
@@ -63,6 +68,7 @@ struct nfs_parsed_mount_data {
        unsigned int            auth_flavor_len;
        rpc_authflavor_t        auth_flavors[1];
        char                    *client_address;
+        unsigned int            version;
        unsigned int            minorversion;
        char                    *fscache_uniq;
@@ -71,7 +77,7 @@ struct nfs_parsed_mount_data {
                size_t                  addrlen;
                char                    *hostname;
                u32                     version;
-                unsigned short          port;
+                int                     port;
                unsigned short          protocol;
        } mount_server;
@@ -80,7 +86,7 @@ struct nfs_parsed_mount_data {
                size_t                  addrlen;
                char                    *hostname;
                char                    *export_path;
-                unsigned short          port;
+                int                     port;
                unsigned short          protocol;
        } nfs_server;
@@ -102,6 +108,7 @@ struct nfs_mount_request {
 };
 extern int nfs_mount(struct nfs_mount_request *info);
+extern void nfs_umount(const struct nfs_mount_request *info);
 /* client.c */
 extern struct rpc_program nfs_program;
@@ -213,7 +220,6 @@ void nfs_zap_acl_cache(struct inode *inode);
 extern int nfs_wait_bit_killable(void *word);
 /* super.c */
-void nfs_parse_ip_address(char *, size_t, struct sockaddr *, size_t *);
 extern struct file_system_type nfs_xdev_fs_type;
 #ifdef CONFIG_NFS_V4
 extern struct file_system_type nfs4_xdev_fs_type;
@@ -248,6 +254,12 @@ extern void nfs_read_prepare(struct rpc_task *task, void *calldata);
 /* write.c */
 extern void nfs_write_prepare(struct rpc_task *task, void *calldata);
+#ifdef CONFIG_MIGRATION
+extern int nfs_migrate_page(struct address_space *,
+                struct page *, struct page *);
+#else
+#define nfs_migrate_page NULL
+#endif
 /* nfs4proc.c */
 extern int _nfs4_call_sync(struct nfs_server *server,
@@ -368,24 +380,3 @@ unsigned int nfs_page_array_len(unsigned int base, size_t len)
        return ((unsigned long)len + (unsigned long)base +
                PAGE_SIZE - 1) >> PAGE_SHIFT;
 }
-#define IPV6_SCOPE_DELIMITER    '%'
-/*
- * Set the port number in an address.  Be agnostic about the address
- * family.
- */
-static inline void nfs_set_port(struct sockaddr *sap, unsigned short port)
-{
-        struct sockaddr_in *ap = (struct sockaddr_in *)sap;
-        struct sockaddr_in6 *ap6 = (struct sockaddr_in6 *)sap;
-        switch (sap->sa_family) {
-        case AF_INET:
-                ap->sin_port = htons(port);
-                break;
-        case AF_INET6:
-                ap6->sin6_port = htons(port);
-                break;
-        }
-}
diff --git a/fs/nfs/mount_clnt.c b/fs/nfs/mount_clnt.c
index 38ef9eaec407..0adefc40cc89 100644
--- a/fs/nfs/mount_clnt.c
+++ b/fs/nfs/mount_clnt.c
@@ -209,6 +209,71 @@ out_mnt_err:
        goto out;
 }
+/**
+ * nfs_umount - Notify a server that we have unmounted this export
+ * @info: pointer to umount request arguments
+ *
+ * MOUNTPROC_UMNT is advisory, so we set a short timeout, and always
+ * use UDP.
+ */
+void nfs_umount(const struct nfs_mount_request *info)
+{
+        static const struct rpc_timeout nfs_umnt_timeout = {
+                .to_initval = 1 * HZ,
+                .to_maxval = 3 * HZ,
+                .to_retries = 2,
+        };
+        struct rpc_create_args args = {
+                .protocol       = IPPROTO_UDP,
+                .address        = info->sap,
+                .addrsize       = info->salen,
+                .timeout        = &nfs_umnt_timeout,
+                .servername     = info->hostname,
+                .program        = &mnt_program,
+                .version        = info->version,
+                .authflavor     = RPC_AUTH_UNIX,
+                .flags          = RPC_CLNT_CREATE_NOPING,
+        };
+        struct mountres result;
+        struct rpc_message msg  = {
+                .rpc_argp       = info->dirpath,
+                .rpc_resp       = &result,
+        };
+        struct rpc_clnt *clnt;
+        int status;
+        if (info->noresvport)
+                args.flags |= RPC_CLNT_CREATE_NONPRIVPORT;
+        clnt = rpc_create(&args);
+        if (unlikely(IS_ERR(clnt)))
+                goto out_clnt_err;
+        dprintk("NFS: sending UMNT request for %s:%s\n",
+                (info->hostname ? info->hostname : "server"), info->dirpath);
+        if (info->version == NFS_MNT3_VERSION)
+                msg.rpc_proc = &clnt->cl_procinfo[MOUNTPROC3_UMNT];
+        else
+                msg.rpc_proc = &clnt->cl_procinfo[MOUNTPROC_UMNT];
+        status = rpc_call_sync(clnt, &msg, 0);
+        rpc_shutdown_client(clnt);
+        if (unlikely(status < 0))
+                goto out_call_err;
+        return;
+out_clnt_err:
+        dprintk("NFS: failed to create UMNT RPC client, status=%ld\n",
+                        PTR_ERR(clnt));
+        return;
+out_call_err:
+        dprintk("NFS: UMNT request failed, status=%d\n", status);
+}
 /*
 * XDR encode/decode functions for MOUNT
 */
@@ -258,7 +323,7 @@ static int decode_status(struct xdr_stream *xdr, struct mountres *res)
                return -EIO;
        status = ntohl(*p);
-        for (i = 0; i <= ARRAY_SIZE(mnt_errtbl); i++) {
+        for (i = 0; i < ARRAY_SIZE(mnt_errtbl); i++) {
                if (mnt_errtbl[i].status == status) {
                        res->errno = mnt_errtbl[i].errno;
                        return 0;
@@ -309,7 +374,7 @@ static int decode_fhs_status(struct xdr_stream *xdr, struct mountres *res)
                return -EIO;
        status = ntohl(*p);
-        for (i = 0; i <= ARRAY_SIZE(mnt3_errtbl); i++) {
+        for (i = 0; i < ARRAY_SIZE(mnt3_errtbl); i++) {
                if (mnt3_errtbl[i].status == status) {
                        res->errno = mnt3_errtbl[i].errno;
                        return 0;
@@ -407,6 +472,13 @@ static struct rpc_procinfo mnt_procedures[] = {
                .p_statidx      = MOUNTPROC_MNT,
                .p_name         = "MOUNT",
        },
+        [MOUNTPROC_UMNT] = {
+                .p_proc         = MOUNTPROC_UMNT,
+                .p_encode       = (kxdrproc_t)mnt_enc_dirpath,
+                .p_arglen       = MNT_enc_dirpath_sz,
+                .p_statidx      = MOUNTPROC_UMNT,
+                .p_name         = "UMOUNT",
+        },
 };
 static struct rpc_procinfo mnt3_procedures[] = {
@@ -419,6 +491,13 @@ static struct rpc_procinfo mnt3_procedures[] = {
                .p_statidx      = MOUNTPROC3_MNT,
                .p_name         = "MOUNT",
        },
+        [MOUNTPROC3_UMNT] = {
+                .p_proc         = MOUNTPROC3_UMNT,
+                .p_encode       = (kxdrproc_t)mnt_enc_dirpath,
+                .p_arglen       = MNT_enc_dirpath_sz,
+                .p_statidx      = MOUNTPROC3_UMNT,
+                .p_name         = "UMOUNT",
+        },
 };
diff --git a/fs/nfs/nfs3proc.c b/fs/nfs/nfs3proc.c
index d0cc5ce0edfe..ee6a13f05443 100644
--- a/fs/nfs/nfs3proc.c
+++ b/fs/nfs/nfs3proc.c
@@ -299,7 +299,6 @@ static void nfs3_free_createdata(struct nfs3_createdata *data)
 /*
 * Create a regular file.
- * For now, we don't implement O_EXCL.
 */
 static int
 nfs3_proc_create(struct inode *dir, struct dentry *dentry, struct iattr *sattr,
diff --git a/fs/nfs/nfs4namespace.c b/fs/nfs/nfs4namespace.c
index 2a2a0a7143ad..2636c26d56fa 100644
--- a/fs/nfs/nfs4namespace.c
+++ b/fs/nfs/nfs4namespace.c
@@ -17,6 +17,7 @@
 #include <linux/inet.h>
 #include "internal.h"
 #include "nfs4_fs.h"
+#include "dns_resolve.h"
 #define NFSDBG_FACILITY         NFSDBG_VFS
@@ -95,6 +96,20 @@ static int nfs4_validate_fspath(const struct vfsmount *mnt_parent,
        return 0;
 }
+static size_t nfs_parse_server_name(char *string, size_t len,
+                struct sockaddr *sa, size_t salen)
+{
+        ssize_t ret;
+        ret = rpc_pton(string, len, sa, salen);
+        if (ret == 0) {
+                ret = nfs_dns_resolve_name(string, len, sa, salen);
+                if (ret < 0)
+                        ret = 0;
+        }
+        return ret;
+}
 static struct vfsmount *try_location(struct nfs_clone_mount *mountdata,
                                     char *page, char *page2,
                                     const struct nfs4_fs_location *location)
@@ -121,11 +136,12 @@ static struct vfsmount *try_location(struct nfs_clone_mount *mountdata,
                if (memchr(buf->data, IPV6_SCOPE_DELIMITER, buf->len))
                        continue;
-                nfs_parse_ip_address(buf->data, buf->len,
+                mountdata->addrlen = nfs_parse_server_name(buf->data,
-                                mountdata->addr, &mountdata->addrlen);
+                                buf->len,
-                if (mountdata->addr->sa_family == AF_UNSPEC)
+                                mountdata->addr, mountdata->addrlen);
+                if (mountdata->addrlen == 0)
                        continue;
-                nfs_set_port(mountdata->addr, NFS_PORT);
+                rpc_set_port(mountdata->addr, NFS_PORT);
                memcpy(page2, buf->data, buf->len);
                page2[buf->len] = '\0';
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 6917311f201c..be6544aef41f 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -61,6 +61,8 @@
 #define NFS4_POLL_RETRY_MIN     (HZ/10)
 #define NFS4_POLL_RETRY_MAX     (15*HZ)
+#define NFS4_MAX_LOOP_ON_RECOVER (10)
 struct nfs4_opendata;
 static int _nfs4_proc_open(struct nfs4_opendata *data);
 static int nfs4_do_fsinfo(struct nfs_server *, struct nfs_fh *, struct nfs_fsinfo *);
@@ -426,17 +428,19 @@ out:
 static int nfs4_recover_session(struct nfs4_session *session)
 {
        struct nfs_client *clp = session->clp;
+        unsigned int loop;
        int ret;
-        for (;;) {
+        for (loop = NFS4_MAX_LOOP_ON_RECOVER; loop != 0; loop--) {
                ret = nfs4_wait_clnt_recover(clp);
                if (ret != 0)
-                                return ret;
+                        break;
                if (!test_bit(NFS4CLNT_SESSION_SETUP, &clp->cl_state))
                        break;
                nfs4_schedule_state_manager(clp);
+                ret = -EIO;
        }
-        return 0;
+        return ret;
 }
 static int nfs41_setup_sequence(struct nfs4_session *session,
@@ -1444,18 +1448,20 @@ static int _nfs4_proc_open(struct nfs4_opendata *data)
 static int nfs4_recover_expired_lease(struct nfs_server *server)
 {
        struct nfs_client *clp = server->nfs_client;
+        unsigned int loop;
        int ret;
-        for (;;) {
+        for (loop = NFS4_MAX_LOOP_ON_RECOVER; loop != 0; loop--) {
                ret = nfs4_wait_clnt_recover(clp);
                if (ret != 0)
-                        return ret;
+                        break;
                if (!test_bit(NFS4CLNT_LEASE_EXPIRED, &clp->cl_state) &&
                    !test_bit(NFS4CLNT_CHECK_LEASE,&clp->cl_state))
                        break;
                nfs4_schedule_state_recovery(clp);
+                ret = -EIO;
        }
-        return 0;
+        return ret;
 }
 /*
@@ -1997,12 +2003,34 @@ static int _nfs4_server_capabilities(struct nfs_server *server, struct nfs_fh *f
        status = nfs4_call_sync(server, &msg, &args, &res, 0);
        if (status == 0) {
                memcpy(server->attr_bitmask, res.attr_bitmask, sizeof(server->attr_bitmask));
+                server->caps &= ~(NFS_CAP_ACLS|NFS_CAP_HARDLINKS|
+                                NFS_CAP_SYMLINKS|NFS_CAP_FILEID|
+                                NFS_CAP_MODE|NFS_CAP_NLINK|NFS_CAP_OWNER|
+                                NFS_CAP_OWNER_GROUP|NFS_CAP_ATIME|
+                                NFS_CAP_CTIME|NFS_CAP_MTIME);
                if (res.attr_bitmask[0] & FATTR4_WORD0_ACL)
                        server->caps |= NFS_CAP_ACLS;
                if (res.has_links != 0)
                        server->caps |= NFS_CAP_HARDLINKS;
                if (res.has_symlinks != 0)
                        server->caps |= NFS_CAP_SYMLINKS;
+                if (res.attr_bitmask[0] & FATTR4_WORD0_FILEID)
+                        server->caps |= NFS_CAP_FILEID;
+                if (res.attr_bitmask[1] & FATTR4_WORD1_MODE)
+                        server->caps |= NFS_CAP_MODE;
+                if (res.attr_bitmask[1] & FATTR4_WORD1_NUMLINKS)
+                        server->caps |= NFS_CAP_NLINK;
+                if (res.attr_bitmask[1] & FATTR4_WORD1_OWNER)
+                        server->caps |= NFS_CAP_OWNER;
+                if (res.attr_bitmask[1] & FATTR4_WORD1_OWNER_GROUP)
+                        server->caps |= NFS_CAP_OWNER_GROUP;
+                if (res.attr_bitmask[1] & FATTR4_WORD1_TIME_ACCESS)
+                        server->caps |= NFS_CAP_ATIME;
+                if (res.attr_bitmask[1] & FATTR4_WORD1_TIME_METADATA)
+                        server->caps |= NFS_CAP_CTIME;
+                if (res.attr_bitmask[1] & FATTR4_WORD1_TIME_MODIFY)
+                        server->caps |= NFS_CAP_MTIME;
                memcpy(server->cache_consistency_bitmask, res.attr_bitmask, sizeof(server->cache_consistency_bitmask));
                server->cache_consistency_bitmask[0] &= FATTR4_WORD0_CHANGE|FATTR4_WORD0_SIZE;
                server->cache_consistency_bitmask[1] &= FATTR4_WORD1_TIME_METADATA|FATTR4_WORD1_TIME_MODIFY;
diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c
index 617273e7d47f..cfc30d362f94 100644
--- a/fs/nfs/nfs4xdr.c
+++ b/fs/nfs/nfs4xdr.c
@@ -702,29 +702,12 @@ struct compound_hdr {
        u32             minorversion;
 };
-/*
+static __be32 *reserve_space(struct xdr_stream *xdr, size_t nbytes)
- * START OF "GENERIC" ENCODE ROUTINES.
+{
- *   These may look a little ugly since they are imported from a "generic"
+        __be32 *p = xdr_reserve_space(xdr, nbytes);
- * set of XDR encode/decode routines which are intended to be shared by
+        BUG_ON(!p);
- * all of our NFSv4 implementations (OpenBSD, MacOS X...).
+        return p;
- *
+}
- * If the pain of reading these is too great, it should be a straightforward
- * task to translate them into Linux-specific versions which are more
- * consistent with the style used in NFSv2/v3...
- */
-#define WRITE32(n)               *p++ = htonl(n)
-#define WRITE64(n)               do {                           \
-        *p++ = htonl((uint32_t)((n) >> 32));                            \
-        *p++ = htonl((uint32_t)(n));                                    \
-} while (0)
-#define WRITEMEM(ptr,nbytes)     do {                           \
-        p = xdr_encode_opaque_fixed(p, ptr, nbytes);            \
-} while (0)
-#define RESERVE_SPACE(nbytes)   do {                            \
-        p = xdr_reserve_space(xdr, nbytes);                     \
-        BUG_ON(!p);                                             \
-} while (0)
 static void encode_string(struct xdr_stream *xdr, unsigned int len, const char *str)
 {
@@ -749,12 +732,11 @@ static void encode_compound_hdr(struct xdr_stream *xdr,
        dprintk("encode_compound: tag=%.*s\n", (int)hdr->taglen, hdr->tag);
        BUG_ON(hdr->taglen > NFS4_MAXTAGLEN);
-        RESERVE_SPACE(12+(XDR_QUADLEN(hdr->taglen)<<2));
+        p = reserve_space(xdr, 4 + hdr->taglen + 8);
-        WRITE32(hdr->taglen);
+        p = xdr_encode_opaque(p, hdr->tag, hdr->taglen);
-        WRITEMEM(hdr->tag, hdr->taglen);
+        *p++ = cpu_to_be32(hdr->minorversion);
-        WRITE32(hdr->minorversion);
        hdr->nops_p = p;
-        WRITE32(hdr->nops);
+        *p = cpu_to_be32(hdr->nops);
 }
 static void encode_nops(struct compound_hdr *hdr)
@@ -829,55 +811,53 @@ static void encode_attrs(struct xdr_stream *xdr, const struct iattr *iap, const
                len += 16;
        else if (iap->ia_valid & ATTR_MTIME)
                len += 4;
-        RESERVE_SPACE(len);
+        p = reserve_space(xdr, len);
        /*
         * We write the bitmap length now, but leave the bitmap and the attribute
         * buffer length to be backfilled at the end of this routine.
         */
-        WRITE32(2);
+        *p++ = cpu_to_be32(2);
        q = p;
        p += 3;
        if (iap->ia_valid & ATTR_SIZE) {
                bmval0 |= FATTR4_WORD0_SIZE;
-                WRITE64(iap->ia_size);
+                p = xdr_encode_hyper(p, iap->ia_size);
        }
        if (iap->ia_valid & ATTR_MODE) {
                bmval1 |= FATTR4_WORD1_MODE;
-                WRITE32(iap->ia_mode & S_IALLUGO);
+                *p++ = cpu_to_be32(iap->ia_mode & S_IALLUGO);
        }
        if (iap->ia_valid & ATTR_UID) {
                bmval1 |= FATTR4_WORD1_OWNER;
-                WRITE32(owner_namelen);
+                p = xdr_encode_opaque(p, owner_name, owner_namelen);
-                WRITEMEM(owner_name, owner_namelen);
        }
        if (iap->ia_valid & ATTR_GID) {
                bmval1 |= FATTR4_WORD1_OWNER_GROUP;
-                WRITE32(owner_grouplen);
+                p = xdr_encode_opaque(p, owner_group, owner_grouplen);
-                WRITEMEM(owner_group, owner_grouplen);
        }
        if (iap->ia_valid & ATTR_ATIME_SET) {
                bmval1 |= FATTR4_WORD1_TIME_ACCESS_SET;
-                WRITE32(NFS4_SET_TO_CLIENT_TIME);
+                *p++ = cpu_to_be32(NFS4_SET_TO_CLIENT_TIME);
-                WRITE32(0);
+                *p++ = cpu_to_be32(0);
-                WRITE32(iap->ia_mtime.tv_sec);
+                *p++ = cpu_to_be32(iap->ia_mtime.tv_sec);
-                WRITE32(iap->ia_mtime.tv_nsec);
+                *p++ = cpu_to_be32(iap->ia_mtime.tv_nsec);
        }
        else if (iap->ia_valid & ATTR_ATIME) {
                bmval1 |= FATTR4_WORD1_TIME_ACCESS_SET;
-                WRITE32(NFS4_SET_TO_SERVER_TIME);
+                *p++ = cpu_to_be32(NFS4_SET_TO_SERVER_TIME);
        }
        if (iap->ia_valid & ATTR_MTIME_SET) {
                bmval1 |= FATTR4_WORD1_TIME_MODIFY_SET;
-                WRITE32(NFS4_SET_TO_CLIENT_TIME);
+                *p++ = cpu_to_be32(NFS4_SET_TO_CLIENT_TIME);
-                WRITE32(0);
+                *p++ = cpu_to_be32(0);
-                WRITE32(iap->ia_mtime.tv_sec);
+                *p++ = cpu_to_be32(iap->ia_mtime.tv_sec);
-                WRITE32(iap->ia_mtime.tv_nsec);
+                *p++ = cpu_to_be32(iap->ia_mtime.tv_nsec);
        }
        else if (iap->ia_valid & ATTR_MTIME) {
                bmval1 |= FATTR4_WORD1_TIME_MODIFY_SET;
-                WRITE32(NFS4_SET_TO_SERVER_TIME);
+                *p++ = cpu_to_be32(NFS4_SET_TO_SERVER_TIME);
        }
        /*
@@ -891,7 +871,7 @@ static void encode_attrs(struct xdr_stream *xdr, const struct iattr *iap, const
        len = (char *)p - (char *)q - 12;
        *q++ = htonl(bmval0);
        *q++ = htonl(bmval1);
-        *q++ = htonl(len);
+        *q = htonl(len);
 /* out: */
 }
@@ -900,9 +880,9 @@ static void encode_access(struct xdr_stream *xdr, u32 access, struct compound_hd
 {
        __be32 *p;
-        RESERVE_SPACE(8);
+        p = reserve_space(xdr, 8);
-        WRITE32(OP_ACCESS);
+        *p++ = cpu_to_be32(OP_ACCESS);
-        WRITE32(access);
+        *p = cpu_to_be32(access);
        hdr->nops++;
        hdr->replen += decode_access_maxsz;
 }
@@ -911,10 +891,10 @@ static void encode_close(struct xdr_stream *xdr, const struct nfs_closeargs *arg
 {
        __be32 *p;
-        RESERVE_SPACE(8+NFS4_STATEID_SIZE);
+        p = reserve_space(xdr, 8+NFS4_STATEID_SIZE);
-        WRITE32(OP_CLOSE);
+        *p++ = cpu_to_be32(OP_CLOSE);
-        WRITE32(arg->seqid->sequence->counter);
+        *p++ = cpu_to_be32(arg->seqid->sequence->counter);
-        WRITEMEM(arg->stateid->data, NFS4_STATEID_SIZE);
+        xdr_encode_opaque_fixed(p, arg->stateid->data, NFS4_STATEID_SIZE);
        hdr->nops++;
        hdr->replen += decode_close_maxsz;
 }
@@ -923,10 +903,10 @@ static void encode_commit(struct xdr_stream *xdr, const struct nfs_writeargs *ar
 {
        __be32 *p;
-        RESERVE_SPACE(16);
+        p = reserve_space(xdr, 16);
-        WRITE32(OP_COMMIT);
+        *p++ = cpu_to_be32(OP_COMMIT);
-        WRITE64(args->offset);
+        p = xdr_encode_hyper(p, args->offset);
-        WRITE32(args->count);
+        *p = cpu_to_be32(args->count);
        hdr->nops++;
        hdr->replen += decode_commit_maxsz;
 }
@@ -935,30 +915,28 @@ static void encode_create(struct xdr_stream *xdr, const struct nfs4_create_arg *
 {
        __be32 *p;
-        RESERVE_SPACE(8);
+        p = reserve_space(xdr, 8);
-        WRITE32(OP_CREATE);
+        *p++ = cpu_to_be32(OP_CREATE);
-        WRITE32(create->ftype);
+        *p = cpu_to_be32(create->ftype);
        switch (create->ftype) {
        case NF4LNK:
-                RESERVE_SPACE(4);
+                p = reserve_space(xdr, 4);
-                WRITE32(create->u.symlink.len);
+                *p = cpu_to_be32(create->u.symlink.len);
                xdr_write_pages(xdr, create->u.symlink.pages, 0, create->u.symlink.len);
                break;
        case NF4BLK: case NF4CHR:
-                RESERVE_SPACE(8);
+                p = reserve_space(xdr, 8);
-                WRITE32(create->u.device.specdata1);
+                *p++ = cpu_to_be32(create->u.device.specdata1);
-                WRITE32(create->u.device.specdata2);
+                *p = cpu_to_be32(create->u.device.specdata2);
                break;
        default:
                break;
        }
-        RESERVE_SPACE(4 + create->name->len);
+        encode_string(xdr, create->name->len, create->name->name);
-        WRITE32(create->name->len);
-        WRITEMEM(create->name->name, create->name->len);
        hdr->nops++;
        hdr->replen += decode_create_maxsz;
@@ -969,10 +947,10 @@ static void encode_getattr_one(struct xdr_stream *xdr, uint32_t bitmap, struct c
 {
        __be32 *p;
-        RESERVE_SPACE(12);
+        p = reserve_space(xdr, 12);
-        WRITE32(OP_GETATTR);
+        *p++ = cpu_to_be32(OP_GETATTR);
-        WRITE32(1);
+        *p++ = cpu_to_be32(1);
-        WRITE32(bitmap);
+        *p = cpu_to_be32(bitmap);
        hdr->nops++;
        hdr->replen += decode_getattr_maxsz;
 }
@@ -981,11 +959,11 @@ static void encode_getattr_two(struct xdr_stream *xdr, uint32_t bm0, uint32_t bm
 {
        __be32 *p;
-        RESERVE_SPACE(16);
+        p = reserve_space(xdr, 16);
-        WRITE32(OP_GETATTR);
+        *p++ = cpu_to_be32(OP_GETATTR);
-        WRITE32(2);
+        *p++ = cpu_to_be32(2);
-        WRITE32(bm0);
+        *p++ = cpu_to_be32(bm0);
-        WRITE32(bm1);
+        *p = cpu_to_be32(bm1);
        hdr->nops++;
        hdr->replen += decode_getattr_maxsz;
 }
@@ -1012,8 +990,8 @@ static void encode_getfh(struct xdr_stream *xdr, struct compound_hdr *hdr)
 {
        __be32 *p;
-        RESERVE_SPACE(4);
+        p = reserve_space(xdr, 4);
-        WRITE32(OP_GETFH);
+        *p = cpu_to_be32(OP_GETFH);
        hdr->nops++;
        hdr->replen += decode_getfh_maxsz;
 }
@@ -1022,10 +1000,9 @@ static void encode_link(struct xdr_stream *xdr, const struct qstr *name, struct
 {
        __be32 *p;
-        RESERVE_SPACE(8 + name->len);
+        p = reserve_space(xdr, 8 + name->len);
-        WRITE32(OP_LINK);
+        *p++ = cpu_to_be32(OP_LINK);
-        WRITE32(name->len);
+        xdr_encode_opaque(p, name->name, name->len);
-        WRITEMEM(name->name, name->len);
        hdr->nops++;
        hdr->replen += decode_link_maxsz;
 }
@@ -1052,27 +1029,27 @@ static void encode_lock(struct xdr_stream *xdr, const struct nfs_lock_args *args
 {
        __be32 *p;
-        RESERVE_SPACE(32);
+        p = reserve_space(xdr, 32);
-        WRITE32(OP_LOCK);
+        *p++ = cpu_to_be32(OP_LOCK);
-        WRITE32(nfs4_lock_type(args->fl, args->block));
+        *p++ = cpu_to_be32(nfs4_lock_type(args->fl, args->block));
-        WRITE32(args->reclaim);
+        *p++ = cpu_to_be32(args->reclaim);
-        WRITE64(args->fl->fl_start);
+        p = xdr_encode_hyper(p, args->fl->fl_start);
-        WRITE64(nfs4_lock_length(args->fl));
+        p = xdr_encode_hyper(p, nfs4_lock_length(args->fl));
-        WRITE32(args->new_lock_owner);
+        *p = cpu_to_be32(args->new_lock_owner);
        if (args->new_lock_owner){
-                RESERVE_SPACE(4+NFS4_STATEID_SIZE+32);
+                p = reserve_space(xdr, 4+NFS4_STATEID_SIZE+32);
-                WRITE32(args->open_seqid->sequence->counter);
+                *p++ = cpu_to_be32(args->open_seqid->sequence->counter);
-                WRITEMEM(args->open_stateid->data, NFS4_STATEID_SIZE);
+                p = xdr_encode_opaque_fixed(p, args->open_stateid->data, NFS4_STATEID_SIZE);
-                WRITE32(args->lock_seqid->sequence->counter);
+                *p++ = cpu_to_be32(args->lock_seqid->sequence->counter);
-                WRITE64(args->lock_owner.clientid);
+                p = xdr_encode_hyper(p, args->lock_owner.clientid);
-                WRITE32(16);
+                *p++ = cpu_to_be32(16);
-                WRITEMEM("lock id:", 8);
+                p = xdr_encode_opaque_fixed(p, "lock id:", 8);
-                WRITE64(args->lock_owner.id);
+                xdr_encode_hyper(p, args->lock_owner.id);
        }
        else {
-                RESERVE_SPACE(NFS4_STATEID_SIZE+4);
+                p = reserve_space(xdr, NFS4_STATEID_SIZE+4);
-                WRITEMEM(args->lock_stateid->data, NFS4_STATEID_SIZE);
+                p = xdr_encode_opaque_fixed(p, args->lock_stateid->data, NFS4_STATEID_SIZE);
-                WRITE32(args->lock_seqid->sequence->counter);
+                *p = cpu_to_be32(args->lock_seqid->sequence->counter);
        }
        hdr->nops++;
        hdr->replen += decode_lock_maxsz;
@@ -1082,15 +1059,15 @@ static void encode_lockt(struct xdr_stream *xdr, const struct nfs_lockt_args *ar
 {
        __be32 *p;
-        RESERVE_SPACE(52);
+        p = reserve_space(xdr, 52);
-        WRITE32(OP_LOCKT);
+        *p++ = cpu_to_be32(OP_LOCKT);
-        WRITE32(nfs4_lock_type(args->fl, 0));
+        *p++ = cpu_to_be32(nfs4_lock_type(args->fl, 0));
-        WRITE64(args->fl->fl_start);
+        p = xdr_encode_hyper(p, args->fl->fl_start);
-        WRITE64(nfs4_lock_length(args->fl));
+        p = xdr_encode_hyper(p, nfs4_lock_length(args->fl));
-        WRITE64(args->lock_owner.clientid);
+        p = xdr_encode_hyper(p, args->lock_owner.clientid);
-        WRITE32(16);
+        *p++ = cpu_to_be32(16);
-        WRITEMEM("lock id:", 8);
+        p = xdr_encode_opaque_fixed(p, "lock id:", 8);
-        WRITE64(args->lock_owner.id);
+        xdr_encode_hyper(p, args->lock_owner.id);
        hdr->nops++;
        hdr->replen += decode_lockt_maxsz;
 }
@@ -1099,13 +1076,13 @@ static void encode_locku(struct xdr_stream *xdr, const struct nfs_locku_args *ar
 {
        __be32 *p;
-        RESERVE_SPACE(12+NFS4_STATEID_SIZE+16);
+        p = reserve_space(xdr, 12+NFS4_STATEID_SIZE+16);
-        WRITE32(OP_LOCKU);
+        *p++ = cpu_to_be32(OP_LOCKU);
-        WRITE32(nfs4_lock_type(args->fl, 0));
+        *p++ = cpu_to_be32(nfs4_lock_type(args->fl, 0));
-        WRITE32(args->seqid->sequence->counter);
+        *p++ = cpu_to_be32(args->seqid->sequence->counter);
-        WRITEMEM(args->stateid->data, NFS4_STATEID_SIZE);
+        p = xdr_encode_opaque_fixed(p, args->stateid->data, NFS4_STATEID_SIZE);
-        WRITE64(args->fl->fl_start);
+        p = xdr_encode_hyper(p, args->fl->fl_start);
-        WRITE64(nfs4_lock_length(args->fl));
+        xdr_encode_hyper(p, nfs4_lock_length(args->fl));
        hdr->nops++;
        hdr->replen += decode_locku_maxsz;
 }
@@ -1115,10 +1092,9 @@ static void encode_lookup(struct xdr_stream *xdr, const struct qstr *name, struc
        int len = name->len;
        __be32 *p;
-        RESERVE_SPACE(8 + len);
+        p = reserve_space(xdr, 8 + len);
-        WRITE32(OP_LOOKUP);
+        *p++ = cpu_to_be32(OP_LOOKUP);
-        WRITE32(len);
+        xdr_encode_opaque(p, name->name, len);
-        WRITEMEM(name->name, len);
        hdr->nops++;
        hdr->replen += decode_lookup_maxsz;
 }
@@ -1127,21 +1103,21 @@ static void encode_share_access(struct xdr_stream *xdr, fmode_t fmode)
 {
        __be32 *p;
-        RESERVE_SPACE(8);
+        p = reserve_space(xdr, 8);
        switch (fmode & (FMODE_READ|FMODE_WRITE)) {
        case FMODE_READ:
-                WRITE32(NFS4_SHARE_ACCESS_READ);
+                *p++ = cpu_to_be32(NFS4_SHARE_ACCESS_READ);
                break;
        case FMODE_WRITE:
-                WRITE32(NFS4_SHARE_ACCESS_WRITE);
+                *p++ = cpu_to_be32(NFS4_SHARE_ACCESS_WRITE);
                break;
        case FMODE_READ|FMODE_WRITE:
-                WRITE32(NFS4_SHARE_ACCESS_BOTH);
+                *p++ = cpu_to_be32(NFS4_SHARE_ACCESS_BOTH);
                break;
        default:
-                WRITE32(0);
+                *p++ = cpu_to_be32(0);
        }
-        WRITE32(0);             /* for linux, share_deny = 0 always */
+        *p = cpu_to_be32(0);            /* for linux, share_deny = 0 always */
 }
 static inline void encode_openhdr(struct xdr_stream *xdr, const struct nfs_openargs *arg)
@@ -1151,29 +1127,29 @@ static inline void encode_openhdr(struct xdr_stream *xdr, const struct nfs_opena
 * opcode 4, seqid 4, share_access 4, share_deny 4, clientid 8, ownerlen 4,
 * owner 4 = 32
 */
-        RESERVE_SPACE(8);
+        p = reserve_space(xdr, 8);
-        WRITE32(OP_OPEN);
+        *p++ = cpu_to_be32(OP_OPEN);
-        WRITE32(arg->seqid->sequence->counter);
+        *p = cpu_to_be32(arg->seqid->sequence->counter);
        encode_share_access(xdr, arg->fmode);
-        RESERVE_SPACE(28);
+        p = reserve_space(xdr, 28);
-        WRITE64(arg->clientid);
+        p = xdr_encode_hyper(p, arg->clientid);
-        WRITE32(16);
+        *p++ = cpu_to_be32(16);
-        WRITEMEM("open id:", 8);
+        p = xdr_encode_opaque_fixed(p, "open id:", 8);
-        WRITE64(arg->id);
+        xdr_encode_hyper(p, arg->id);
 }
 static inline void encode_createmode(struct xdr_stream *xdr, const struct nfs_openargs *arg)
 {
        __be32 *p;
-        RESERVE_SPACE(4);
+        p = reserve_space(xdr, 4);
        switch(arg->open_flags & O_EXCL) {
        case 0:
-                WRITE32(NFS4_CREATE_UNCHECKED);
+                *p = cpu_to_be32(NFS4_CREATE_UNCHECKED);
                encode_attrs(xdr, arg->u.attrs, arg->server);
                break;
        default:
-                WRITE32(NFS4_CREATE_EXCLUSIVE);
+                *p = cpu_to_be32(NFS4_CREATE_EXCLUSIVE);
                encode_nfs4_verifier(xdr, &arg->u.verifier);
        }
 }
@@ -1182,14 +1158,14 @@ static void encode_opentype(struct xdr_stream *xdr, const struct nfs_openargs *a
 {
        __be32 *p;
-        RESERVE_SPACE(4);
+        p = reserve_space(xdr, 4);
        switch (arg->open_flags & O_CREAT) {
        case 0:
-                WRITE32(NFS4_OPEN_NOCREATE);
+                *p = cpu_to_be32(NFS4_OPEN_NOCREATE);
                break;
        default:
                BUG_ON(arg->claim != NFS4_OPEN_CLAIM_NULL);
-                WRITE32(NFS4_OPEN_CREATE);
+                *p = cpu_to_be32(NFS4_OPEN_CREATE);
                encode_createmode(xdr, arg);
        }
 }
@@ -1198,16 +1174,16 @@ static inline void encode_delegation_type(struct xdr_stream *xdr, fmode_t delega
 {
        __be32 *p;
-        RESERVE_SPACE(4);
+        p = reserve_space(xdr, 4);
        switch (delegation_type) {
        case 0:
-                WRITE32(NFS4_OPEN_DELEGATE_NONE);
+                *p = cpu_to_be32(NFS4_OPEN_DELEGATE_NONE);
                break;
        case FMODE_READ:
-                WRITE32(NFS4_OPEN_DELEGATE_READ);
+                *p = cpu_to_be32(NFS4_OPEN_DELEGATE_READ);
                break;
        case FMODE_WRITE|FMODE_READ:
-                WRITE32(NFS4_OPEN_DELEGATE_WRITE);
+                *p = cpu_to_be32(NFS4_OPEN_DELEGATE_WRITE);
                break;
        default:
                BUG();
@@ -1218,8 +1194,8 @@ static inline void encode_claim_null(struct xdr_stream *xdr, const struct qstr *
 {
        __be32 *p;
-        RESERVE_SPACE(4);
+        p = reserve_space(xdr, 4);
-        WRITE32(NFS4_OPEN_CLAIM_NULL);
+        *p = cpu_to_be32(NFS4_OPEN_CLAIM_NULL);
        encode_string(xdr, name->len, name->name);
 }
@@ -1227,8 +1203,8 @@ static inline void encode_claim_previous(struct xdr_stream *xdr, fmode_t type)
 {
        __be32 *p;
-        RESERVE_SPACE(4);
+        p = reserve_space(xdr, 4);
-        WRITE32(NFS4_OPEN_CLAIM_PREVIOUS);
+        *p = cpu_to_be32(NFS4_OPEN_CLAIM_PREVIOUS);
        encode_delegation_type(xdr, type);
 }
@@ -1236,9 +1212,9 @@ static inline void encode_claim_delegate_cur(struct xdr_stream *xdr, const struc
 {
        __be32 *p;
-        RESERVE_SPACE(4+NFS4_STATEID_SIZE);
+        p = reserve_space(xdr, 4+NFS4_STATEID_SIZE);
-        WRITE32(NFS4_OPEN_CLAIM_DELEGATE_CUR);
+        *p++ = cpu_to_be32(NFS4_OPEN_CLAIM_DELEGATE_CUR);
-        WRITEMEM(stateid->data, NFS4_STATEID_SIZE);
+        xdr_encode_opaque_fixed(p, stateid->data, NFS4_STATEID_SIZE);
        encode_string(xdr, name->len, name->name);
 }
@@ -1267,10 +1243,10 @@ static void encode_open_confirm(struct xdr_stream *xdr, const struct nfs_open_co
 {
        __be32 *p;
-        RESERVE_SPACE(4+NFS4_STATEID_SIZE+4);
+        p = reserve_space(xdr, 4+NFS4_STATEID_SIZE+4);
-        WRITE32(OP_OPEN_CONFIRM);
+        *p++ = cpu_to_be32(OP_OPEN_CONFIRM);
-        WRITEMEM(arg->stateid->data, NFS4_STATEID_SIZE);
+        p = xdr_encode_opaque_fixed(p, arg->stateid->data, NFS4_STATEID_SIZE);
-        WRITE32(arg->seqid->sequence->counter);
+        *p = cpu_to_be32(arg->seqid->sequence->counter);
        hdr->nops++;
        hdr->replen += decode_open_confirm_maxsz;
 }
@@ -1279,10 +1255,10 @@ static void encode_open_downgrade(struct xdr_stream *xdr, const struct nfs_close
 {
        __be32 *p;
-        RESERVE_SPACE(4+NFS4_STATEID_SIZE+4);
+        p = reserve_space(xdr, 4+NFS4_STATEID_SIZE+4);
-        WRITE32(OP_OPEN_DOWNGRADE);
+        *p++ = cpu_to_be32(OP_OPEN_DOWNGRADE);
-        WRITEMEM(arg->stateid->data, NFS4_STATEID_SIZE);
+        p = xdr_encode_opaque_fixed(p, arg->stateid->data, NFS4_STATEID_SIZE);
-        WRITE32(arg->seqid->sequence->counter);
+        *p = cpu_to_be32(arg->seqid->sequence->counter);
        encode_share_access(xdr, arg->fmode);
        hdr->nops++;
        hdr->replen += decode_open_downgrade_maxsz;
@@ -1294,10 +1270,9 @@ encode_putfh(struct xdr_stream *xdr, const struct nfs_fh *fh, struct compound_hd
        int len = fh->size;
        __be32 *p;
-        RESERVE_SPACE(8 + len);
+        p = reserve_space(xdr, 8 + len);
-        WRITE32(OP_PUTFH);
+        *p++ = cpu_to_be32(OP_PUTFH);
-        WRITE32(len);
+        xdr_encode_opaque(p, fh->data, len);
-        WRITEMEM(fh->data, len);
        hdr->nops++;
        hdr->replen += decode_putfh_maxsz;
 }
@@ -1306,8 +1281,8 @@ static void encode_putrootfh(struct xdr_stream *xdr, struct compound_hdr *hdr)
 {
        __be32 *p;
-        RESERVE_SPACE(4);
+        p = reserve_space(xdr, 4);
-        WRITE32(OP_PUTROOTFH);
+        *p = cpu_to_be32(OP_PUTROOTFH);
        hdr->nops++;
        hdr->replen += decode_putrootfh_maxsz;
 }
@@ -1317,26 +1292,26 @@ static void encode_stateid(struct xdr_stream *xdr, const struct nfs_open_context
        nfs4_stateid stateid;
        __be32 *p;
-        RESERVE_SPACE(NFS4_STATEID_SIZE);
+        p = reserve_space(xdr, NFS4_STATEID_SIZE);
        if (ctx->state != NULL) {
                nfs4_copy_stateid(&stateid, ctx->state, ctx->lockowner);
-                WRITEMEM(stateid.data, NFS4_STATEID_SIZE);
+                xdr_encode_opaque_fixed(p, stateid.data, NFS4_STATEID_SIZE);
        } else
-                WRITEMEM(zero_stateid.data, NFS4_STATEID_SIZE);
+                xdr_encode_opaque_fixed(p, zero_stateid.data, NFS4_STATEID_SIZE);
 }
 static void encode_read(struct xdr_stream *xdr, const struct nfs_readargs *args, struct compound_hdr *hdr)
 {
        __be32 *p;
-        RESERVE_SPACE(4);
+        p = reserve_space(xdr, 4);
-        WRITE32(OP_READ);
+        *p = cpu_to_be32(OP_READ);
        encode_stateid(xdr, args->context);
-        RESERVE_SPACE(12);
+        p = reserve_space(xdr, 12);
-        WRITE64(args->offset);
+        p = xdr_encode_hyper(p, args->offset);
-        WRITE32(args->count);
+        *p = cpu_to_be32(args->count);
        hdr->nops++;
        hdr->replen += decode_read_maxsz;
 }
@@ -1349,20 +1324,20 @@ static void encode_readdir(struct xdr_stream *xdr, const struct nfs4_readdir_arg
        };
        __be32 *p;
-        RESERVE_SPACE(12+NFS4_VERIFIER_SIZE+20);
+        p = reserve_space(xdr, 12+NFS4_VERIFIER_SIZE+20);
-        WRITE32(OP_READDIR);
+        *p++ = cpu_to_be32(OP_READDIR);
-        WRITE64(readdir->cookie);
+        p = xdr_encode_hyper(p, readdir->cookie);
-        WRITEMEM(readdir->verifier.data, NFS4_VERIFIER_SIZE);
+        p = xdr_encode_opaque_fixed(p, readdir->verifier.data, NFS4_VERIFIER_SIZE);
-        WRITE32(readdir->count >> 1);  /* We're not doing readdirplus */
+        *p++ = cpu_to_be32(readdir->count >> 1);  /* We're not doing readdirplus */
-        WRITE32(readdir->count);
+        *p++ = cpu_to_be32(readdir->count);
-        WRITE32(2);
+        *p++ = cpu_to_be32(2);
        /* Switch to mounted_on_fileid if the server supports it */
        if (readdir->bitmask[1] & FATTR4_WORD1_MOUNTED_ON_FILEID)
                attrs[0] &= ~FATTR4_WORD0_FILEID;
        else
                attrs[1] &= ~FATTR4_WORD1_MOUNTED_ON_FILEID;
-        WRITE32(attrs[0] & readdir->bitmask[0]);
+        *p++ = cpu_to_be32(attrs[0] & readdir->bitmask[0]);
-        WRITE32(attrs[1] & readdir->bitmask[1]);
+        *p = cpu_to_be32(attrs[1] & readdir->bitmask[1]);
        hdr->nops++;
        hdr->replen += decode_readdir_maxsz;
        dprintk("%s: cookie = %Lu, verifier = %08x:%08x, bitmap = %08x:%08x\n",
@@ -1378,8 +1353,8 @@ static void encode_readlink(struct xdr_stream *xdr, const struct nfs4_readlink *
 {
        __be32 *p;
-        RESERVE_SPACE(4);
+        p = reserve_space(xdr, 4);
-        WRITE32(OP_READLINK);
+        *p = cpu_to_be32(OP_READLINK);
        hdr->nops++;
        hdr->replen += decode_readlink_maxsz;
 }
@@ -1388,10 +1363,9 @@ static void encode_remove(struct xdr_stream *xdr, const struct qstr *name, struc
 {
        __be32 *p;
-        RESERVE_SPACE(8 + name->len);
+        p = reserve_space(xdr, 8 + name->len);
-        WRITE32(OP_REMOVE);
+        *p++ = cpu_to_be32(OP_REMOVE);
-        WRITE32(name->len);
+        xdr_encode_opaque(p, name->name, name->len);
-        WRITEMEM(name->name, name->len);
        hdr->nops++;
        hdr->replen += decode_remove_maxsz;
 }
@@ -1400,14 +1374,10 @@ static void encode_rename(struct xdr_stream *xdr, const struct qstr *oldname, co
 {
        __be32 *p;
-        RESERVE_SPACE(8 + oldname->len);
+        p = reserve_space(xdr, 4);
-        WRITE32(OP_RENAME);
+        *p = cpu_to_be32(OP_RENAME);
-        WRITE32(oldname->len);
+        encode_string(xdr, oldname->len, oldname->name);
-        WRITEMEM(oldname->name, oldname->len);
+        encode_string(xdr, newname->len, newname->name);
-        RESERVE_SPACE(4 + newname->len);
-        WRITE32(newname->len);
-        WRITEMEM(newname->name, newname->len);
        hdr->nops++;
        hdr->replen += decode_rename_maxsz;
 }
@@ -1416,9 +1386,9 @@ static void encode_renew(struct xdr_stream *xdr, const struct nfs_client *client
 {
        __be32 *p;
-        RESERVE_SPACE(12);
+        p = reserve_space(xdr, 12);
-        WRITE32(OP_RENEW);
+        *p++ = cpu_to_be32(OP_RENEW);
-        WRITE64(client_stateid->cl_clientid);
+        xdr_encode_hyper(p, client_stateid->cl_clientid);
        hdr->nops++;
        hdr->replen += decode_renew_maxsz;
 }
@@ -1428,8 +1398,8 @@ encode_restorefh(struct xdr_stream *xdr, struct compound_hdr *hdr)
 {
        __be32 *p;
-        RESERVE_SPACE(4);
+        p = reserve_space(xdr, 4);
-        WRITE32(OP_RESTOREFH);
+        *p = cpu_to_be32(OP_RESTOREFH);
        hdr->nops++;
        hdr->replen += decode_restorefh_maxsz;
 }
@@ -1439,16 +1409,16 @@ encode_setacl(struct xdr_stream *xdr, struct nfs_setaclargs *arg, struct compoun
 {
        __be32 *p;
-        RESERVE_SPACE(4+NFS4_STATEID_SIZE);
+        p = reserve_space(xdr, 4+NFS4_STATEID_SIZE);
-        WRITE32(OP_SETATTR);
+        *p++ = cpu_to_be32(OP_SETATTR);
-        WRITEMEM(zero_stateid.data, NFS4_STATEID_SIZE);
+        xdr_encode_opaque_fixed(p, zero_stateid.data, NFS4_STATEID_SIZE);
-        RESERVE_SPACE(2*4);
+        p = reserve_space(xdr, 2*4);
-        WRITE32(1);
+        *p++ = cpu_to_be32(1);
-        WRITE32(FATTR4_WORD0_ACL);
+        *p = cpu_to_be32(FATTR4_WORD0_ACL);
        if (arg->acl_len % 4)
                return -EINVAL;
-        RESERVE_SPACE(4);
+        p = reserve_space(xdr, 4);
-        WRITE32(arg->acl_len);
+        *p = cpu_to_be32(arg->acl_len);
        xdr_write_pages(xdr, arg->acl_pages, arg->acl_pgbase, arg->acl_len);
        hdr->nops++;
        hdr->replen += decode_setacl_maxsz;
@@ -1460,8 +1430,8 @@ encode_savefh(struct xdr_stream *xdr, struct compound_hdr *hdr)
 {
        __be32 *p;
-        RESERVE_SPACE(4);
+        p = reserve_space(xdr, 4);
-        WRITE32(OP_SAVEFH);
+        *p = cpu_to_be32(OP_SAVEFH);
        hdr->nops++;
        hdr->replen += decode_savefh_maxsz;
 }
@@ -1470,9 +1440,9 @@ static void encode_setattr(struct xdr_stream *xdr, const struct nfs_setattrargs
 {
        __be32 *p;
-        RESERVE_SPACE(4+NFS4_STATEID_SIZE);
+        p = reserve_space(xdr, 4+NFS4_STATEID_SIZE);
-        WRITE32(OP_SETATTR);
+        *p++ = cpu_to_be32(OP_SETATTR);
-        WRITEMEM(arg->stateid.data, NFS4_STATEID_SIZE);
+        xdr_encode_opaque_fixed(p, arg->stateid.data, NFS4_STATEID_SIZE);
        hdr->nops++;
        hdr->replen += decode_setattr_maxsz;
        encode_attrs(xdr, arg->iap, server);
@@ -1482,17 +1452,17 @@ static void encode_setclientid(struct xdr_stream *xdr, const struct nfs4_setclie
 {
        __be32 *p;
-        RESERVE_SPACE(4 + NFS4_VERIFIER_SIZE);
+        p = reserve_space(xdr, 4 + NFS4_VERIFIER_SIZE);
-        WRITE32(OP_SETCLIENTID);
+        *p++ = cpu_to_be32(OP_SETCLIENTID);
-        WRITEMEM(setclientid->sc_verifier->data, NFS4_VERIFIER_SIZE);
+        xdr_encode_opaque_fixed(p, setclientid->sc_verifier->data, NFS4_VERIFIER_SIZE);
        encode_string(xdr, setclientid->sc_name_len, setclientid->sc_name);
-        RESERVE_SPACE(4);
+        p = reserve_space(xdr, 4);
-        WRITE32(setclientid->sc_prog);
+        *p = cpu_to_be32(setclientid->sc_prog);
        encode_string(xdr, setclientid->sc_netid_len, setclientid->sc_netid);
        encode_string(xdr, setclientid->sc_uaddr_len, setclientid->sc_uaddr);
-        RESERVE_SPACE(4);
+        p = reserve_space(xdr, 4);
-        WRITE32(setclientid->sc_cb_ident);
+        *p = cpu_to_be32(setclientid->sc_cb_ident);
        hdr->nops++;
        hdr->replen += decode_setclientid_maxsz;
 }
@@ -1501,10 +1471,10 @@ static void encode_setclientid_confirm(struct xdr_stream *xdr, const struct nfs_
 {
        __be32 *p;
-        RESERVE_SPACE(12 + NFS4_VERIFIER_SIZE);
+        p = reserve_space(xdr, 12 + NFS4_VERIFIER_SIZE);
-        WRITE32(OP_SETCLIENTID_CONFIRM);
+        *p++ = cpu_to_be32(OP_SETCLIENTID_CONFIRM);
-        WRITE64(client_state->cl_clientid);
+        p = xdr_encode_hyper(p, client_state->cl_clientid);
-        WRITEMEM(client_state->cl_confirm.data, NFS4_VERIFIER_SIZE);
+        xdr_encode_opaque_fixed(p, client_state->cl_confirm.data, NFS4_VERIFIER_SIZE);
        hdr->nops++;
        hdr->replen += decode_setclientid_confirm_maxsz;
 }
@@ -1513,15 +1483,15 @@ static void encode_write(struct xdr_stream *xdr, const struct nfs_writeargs *arg
 {
        __be32 *p;
-        RESERVE_SPACE(4);
+        p = reserve_space(xdr, 4);
-        WRITE32(OP_WRITE);
+        *p = cpu_to_be32(OP_WRITE);
        encode_stateid(xdr, args->context);
-        RESERVE_SPACE(16);
+        p = reserve_space(xdr, 16);
-        WRITE64(args->offset);
+        p = xdr_encode_hyper(p, args->offset);
-        WRITE32(args->stable);
+        *p++ = cpu_to_be32(args->stable);
-        WRITE32(args->count);
+        *p = cpu_to_be32(args->count);
        xdr_write_pages(xdr, args->pages, args->pgbase, args->count);
        hdr->nops++;
@@ -1532,10 +1502,10 @@ static void encode_delegreturn(struct xdr_stream *xdr, const nfs4_stateid *state
 {
        __be32 *p;
-        RESERVE_SPACE(4+NFS4_STATEID_SIZE);
+        p = reserve_space(xdr, 4+NFS4_STATEID_SIZE);
-        WRITE32(OP_DELEGRETURN);
+        *p++ = cpu_to_be32(OP_DELEGRETURN);
-        WRITEMEM(stateid->data, NFS4_STATEID_SIZE);
+        xdr_encode_opaque_fixed(p, stateid->data, NFS4_STATEID_SIZE);
        hdr->nops++;
        hdr->replen += decode_delegreturn_maxsz;
 }
@@ -1548,16 +1518,16 @@ static void encode_exchange_id(struct xdr_stream *xdr,
 {
        __be32 *p;
-        RESERVE_SPACE(4 + sizeof(args->verifier->data));
+        p = reserve_space(xdr, 4 + sizeof(args->verifier->data));
-        WRITE32(OP_EXCHANGE_ID);
+        *p++ = cpu_to_be32(OP_EXCHANGE_ID);
-        WRITEMEM(args->verifier->data, sizeof(args->verifier->data));
+        xdr_encode_opaque_fixed(p, args->verifier->data, sizeof(args->verifier->data));
        encode_string(xdr, args->id_len, args->id);
-        RESERVE_SPACE(12);
+        p = reserve_space(xdr, 12);
-        WRITE32(args->flags);
+        *p++ = cpu_to_be32(args->flags);
-        WRITE32(0);     /* zero length state_protect4_a */
+        *p++ = cpu_to_be32(0);  /* zero length state_protect4_a */
-        WRITE32(0);     /* zero length implementation id array */
+        *p = cpu_to_be32(0);    /* zero length implementation id array */
        hdr->nops++;
        hdr->replen += decode_exchange_id_maxsz;
 }
@@ -1571,55 +1541,43 @@ static void encode_create_session(struct xdr_stream *xdr,
        uint32_t len;
        struct nfs_client *clp = args->client;
-        RESERVE_SPACE(4);
+        len = scnprintf(machine_name, sizeof(machine_name), "%s",
-        WRITE32(OP_CREATE_SESSION);
+                        clp->cl_ipaddr);
-        RESERVE_SPACE(8);
-        WRITE64(clp->cl_ex_clid);
-        RESERVE_SPACE(8);
+        p = reserve_space(xdr, 20 + 2*28 + 20 + len + 12);
-        WRITE32(clp->cl_seqid);                 /*Sequence id */
+        *p++ = cpu_to_be32(OP_CREATE_SESSION);
-        WRITE32(args->flags);                   /*flags */
+        p = xdr_encode_hyper(p, clp->cl_ex_clid);
+        *p++ = cpu_to_be32(clp->cl_seqid);                      /*Sequence id */
+        *p++ = cpu_to_be32(args->flags);                        /*flags */
-        RESERVE_SPACE(2*28);                    /* 2 channel_attrs */
        /* Fore Channel */
-        WRITE32(args->fc_attrs.headerpadsz);    /* header padding size */
+        *p++ = cpu_to_be32(args->fc_attrs.headerpadsz); /* header padding size */
-        WRITE32(args->fc_attrs.max_rqst_sz);    /* max req size */
+        *p++ = cpu_to_be32(args->fc_attrs.max_rqst_sz); /* max req size */
-        WRITE32(args->fc_attrs.max_resp_sz);    /* max resp size */
+        *p++ = cpu_to_be32(args->fc_attrs.max_resp_sz); /* max resp size */
-        WRITE32(args->fc_attrs.max_resp_sz_cached);     /* Max resp sz cached */
+        *p++ = cpu_to_be32(args->fc_attrs.max_resp_sz_cached);  /* Max resp sz cached */
-        WRITE32(args->fc_attrs.max_ops);        /* max operations */
+        *p++ = cpu_to_be32(args->fc_attrs.max_ops);     /* max operations */
-        WRITE32(args->fc_attrs.max_reqs);       /* max requests */
+        *p++ = cpu_to_be32(args->fc_attrs.max_reqs);    /* max requests */
-        WRITE32(0);                             /* rdmachannel_attrs */
+        *p++ = cpu_to_be32(0);                          /* rdmachannel_attrs */
        /* Back Channel */
-        WRITE32(args->fc_attrs.headerpadsz);    /* header padding size */
+        *p++ = cpu_to_be32(args->fc_attrs.headerpadsz); /* header padding size */
-        WRITE32(args->bc_attrs.max_rqst_sz);    /* max req size */
+        *p++ = cpu_to_be32(args->bc_attrs.max_rqst_sz); /* max req size */
-        WRITE32(args->bc_attrs.max_resp_sz);    /* max resp size */
+        *p++ = cpu_to_be32(args->bc_attrs.max_resp_sz); /* max resp size */
-        WRITE32(args->bc_attrs.max_resp_sz_cached);     /* Max resp sz cached */
+        *p++ = cpu_to_be32(args->bc_attrs.max_resp_sz_cached);  /* Max resp sz cached */
-        WRITE32(args->bc_attrs.max_ops);        /* max operations */
+        *p++ = cpu_to_be32(args->bc_attrs.max_ops);     /* max operations */
-        WRITE32(args->bc_attrs.max_reqs);       /* max requests */
+        *p++ = cpu_to_be32(args->bc_attrs.max_reqs);    /* max requests */
-        WRITE32(0);                             /* rdmachannel_attrs */
+        *p++ = cpu_to_be32(0);                          /* rdmachannel_attrs */
-        RESERVE_SPACE(4);
+        *p++ = cpu_to_be32(args->cb_program);           /* cb_program */
-        WRITE32(args->cb_program);              /* cb_program */
+        *p++ = cpu_to_be32(1);
+        *p++ = cpu_to_be32(RPC_AUTH_UNIX);                      /* auth_sys */
-        RESERVE_SPACE(4);                       /* # of security flavors */
-        WRITE32(1);
-        RESERVE_SPACE(4);
-        WRITE32(RPC_AUTH_UNIX);                 /* auth_sys */
        /* authsys_parms rfc1831 */
-        RESERVE_SPACE(4);
+        *p++ = cpu_to_be32((u32)clp->cl_boot_time.tv_nsec);     /* stamp */
-        WRITE32((u32)clp->cl_boot_time.tv_nsec);        /* stamp */
+        p = xdr_encode_opaque(p, machine_name, len);
-        len = scnprintf(machine_name, sizeof(machine_name), "%s",
+        *p++ = cpu_to_be32(0);                          /* UID */
-                        clp->cl_ipaddr);
+        *p++ = cpu_to_be32(0);                          /* GID */
-        RESERVE_SPACE(16 + len);
+        *p = cpu_to_be32(0);                            /* No more gids */
-        WRITE32(len);
-        WRITEMEM(machine_name, len);
-        WRITE32(0);                             /* UID */
-        WRITE32(0);                             /* GID */
-        WRITE32(0);                             /* No more gids */
        hdr->nops++;
        hdr->replen += decode_create_session_maxsz;
 }
@@ -1629,9 +1587,9 @@ static void encode_destroy_session(struct xdr_stream *xdr,
                                   struct compound_hdr *hdr)
 {
        __be32 *p;
-        RESERVE_SPACE(4 + NFS4_MAX_SESSIONID_LEN);
+        p = reserve_space(xdr, 4 + NFS4_MAX_SESSIONID_LEN);
-        WRITE32(OP_DESTROY_SESSION);
+        *p++ = cpu_to_be32(OP_DESTROY_SESSION);
-        WRITEMEM(session->sess_id.data, NFS4_MAX_SESSIONID_LEN);
+        xdr_encode_opaque_fixed(p, session->sess_id.data, NFS4_MAX_SESSIONID_LEN);
        hdr->nops++;
        hdr->replen += decode_destroy_session_maxsz;
 }
@@ -1655,8 +1613,8 @@ static void encode_sequence(struct xdr_stream *xdr,
        WARN_ON(args->sa_slotid == NFS4_MAX_SLOT_TABLE);
        slot = tp->slots + args->sa_slotid;
-        RESERVE_SPACE(4);
+        p = reserve_space(xdr, 4 + NFS4_MAX_SESSIONID_LEN + 16);
-        WRITE32(OP_SEQUENCE);
+        *p++ = cpu_to_be32(OP_SEQUENCE);
        /*
         * Sessionid + seqid + slotid + max slotid + cache_this
@@ -1670,12 +1628,11 @@ static void encode_sequence(struct xdr_stream *xdr,
                ((u32 *)session->sess_id.data)[3],
                slot->seq_nr, args->sa_slotid,
                tp->highest_used_slotid, args->sa_cache_this);
-        RESERVE_SPACE(NFS4_MAX_SESSIONID_LEN + 16);
+        p = xdr_encode_opaque_fixed(p, session->sess_id.data, NFS4_MAX_SESSIONID_LEN);
-        WRITEMEM(session->sess_id.data, NFS4_MAX_SESSIONID_LEN);
+        *p++ = cpu_to_be32(slot->seq_nr);
-        WRITE32(slot->seq_nr);
+        *p++ = cpu_to_be32(args->sa_slotid);
-        WRITE32(args->sa_slotid);
+        *p++ = cpu_to_be32(tp->highest_used_slotid);
-        WRITE32(tp->highest_used_slotid);
+        *p = cpu_to_be32(args->sa_cache_this);
-        WRITE32(args->sa_cache_this);
        hdr->nops++;
        hdr->replen += decode_sequence_maxsz;
 #endif /* CONFIG_NFS_V4_1 */
@@ -2466,68 +2423,53 @@ static int nfs4_xdr_enc_get_lease_time(struct rpc_rqst *req, uint32_t *p,
 }
 #endif /* CONFIG_NFS_V4_1 */
-/*
+static void print_overflow_msg(const char *func, const struct xdr_stream *xdr)
- * START OF "GENERIC" DECODE ROUTINES.
+{
- *   These may look a little ugly since they are imported from a "generic"
+        dprintk("nfs: %s: prematurely hit end of receive buffer. "
- * set of XDR encode/decode routines which are intended to be shared by
+                "Remaining buffer length is %tu words.\n",
- * all of our NFSv4 implementations (OpenBSD, MacOS X...).
+                func, xdr->end - xdr->p);
- *
+}
- * If the pain of reading these is too great, it should be a straightforward
- * task to translate them into Linux-specific versions which are more
- * consistent with the style used in NFSv2/v3...
- */
-#define READ32(x)         (x) = ntohl(*p++)
-#define READ64(x)         do {                  \
-        (x) = (u64)ntohl(*p++) << 32;           \
-        (x) |= ntohl(*p++);                     \
-} while (0)
-#define READTIME(x)       do {                  \
-        p++;                                    \
-        (x.tv_sec) = ntohl(*p++);               \
-        (x.tv_nsec) = ntohl(*p++);              \
-} while (0)
-#define COPYMEM(x,nbytes) do {                  \
-        memcpy((x), p, nbytes);                 \
-        p += XDR_QUADLEN(nbytes);               \
-} while (0)
-#define READ_BUF(nbytes)  do { \
-        p = xdr_inline_decode(xdr, nbytes); \
-        if (unlikely(!p)) { \
-                dprintk("nfs: %s: prematurely hit end of receive" \
-                                " buffer\n", __func__); \
-                dprintk("nfs: %s: xdr->p=%p, bytes=%u, xdr->end=%p\n", \
-                                __func__, xdr->p, nbytes, xdr->end); \
-                return -EIO; \
-        } \
-} while (0)
 static int decode_opaque_inline(struct xdr_stream *xdr, unsigned int *len, char **string)
 {
        __be32 *p;
-        READ_BUF(4);
+        p = xdr_inline_decode(xdr, 4);
-        READ32(*len);
+        if (unlikely(!p))
-        READ_BUF(*len);
+                goto out_overflow;
+        *len = be32_to_cpup(p);
+        p = xdr_inline_decode(xdr, *len);
+        if (unlikely(!p))
+                goto out_overflow;
        *string = (char *)p;
        return 0;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_compound_hdr(struct xdr_stream *xdr, struct compound_hdr *hdr)
 {
        __be32 *p;
-        READ_BUF(8);
+        p = xdr_inline_decode(xdr, 8);
-        READ32(hdr->status);
+        if (unlikely(!p))
-        READ32(hdr->taglen);
+                goto out_overflow;
+        hdr->status = be32_to_cpup(p++);
+        hdr->taglen = be32_to_cpup(p);
-        READ_BUF(hdr->taglen + 4);
+        p = xdr_inline_decode(xdr, hdr->taglen + 4);
+        if (unlikely(!p))
+                goto out_overflow;
        hdr->tag = (char *)p;
        p += XDR_QUADLEN(hdr->taglen);
-        READ32(hdr->nops);
+        hdr->nops = be32_to_cpup(p);
        if (unlikely(hdr->nops < 1))
                return nfs4_stat_to_errno(hdr->status);
        return 0;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_op_hdr(struct xdr_stream *xdr, enum nfs_opnum4 expected)
@@ -2536,18 +2478,23 @@ static int decode_op_hdr(struct xdr_stream *xdr, enum nfs_opnum4 expected)
        uint32_t opnum;
        int32_t nfserr;
-        READ_BUF(8);
+        p = xdr_inline_decode(xdr, 8);
-        READ32(opnum);
+        if (unlikely(!p))
+                goto out_overflow;
+        opnum = be32_to_cpup(p++);
        if (opnum != expected) {
                dprintk("nfs: Server returned operation"
                        " %d but we issued a request for %d\n",
                                opnum, expected);
                return -EIO;
        }
-        READ32(nfserr);
+        nfserr = be32_to_cpup(p);
        if (nfserr != NFS_OK)
                return nfs4_stat_to_errno(nfserr);
        return 0;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 /* Dummy routine */
@@ -2557,8 +2504,11 @@ static int decode_ace(struct xdr_stream *xdr, void *ace, struct nfs_client *clp)
        unsigned int strlen;
        char *str;
-        READ_BUF(12);
+        p = xdr_inline_decode(xdr, 12);
-        return decode_opaque_inline(xdr, &strlen, &str);
+        if (likely(p))
+                return decode_opaque_inline(xdr, &strlen, &str);
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_attr_bitmap(struct xdr_stream *xdr, uint32_t *bitmap)
@@ -2566,27 +2516,39 @@ static int decode_attr_bitmap(struct xdr_stream *xdr, uint32_t *bitmap)
        uint32_t bmlen;
        __be32 *p;
-        READ_BUF(4);
+        p = xdr_inline_decode(xdr, 4);
-        READ32(bmlen);
+        if (unlikely(!p))
+                goto out_overflow;
+        bmlen = be32_to_cpup(p);
        bitmap[0] = bitmap[1] = 0;
-        READ_BUF((bmlen << 2));
+        p = xdr_inline_decode(xdr, (bmlen << 2));
+        if (unlikely(!p))
+                goto out_overflow;
        if (bmlen > 0) {
-                READ32(bitmap[0]);
+                bitmap[0] = be32_to_cpup(p++);
                if (bmlen > 1)
-                        READ32(bitmap[1]);
+                        bitmap[1] = be32_to_cpup(p);
        }
        return 0;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static inline int decode_attr_length(struct xdr_stream *xdr, uint32_t *attrlen, __be32 **savep)
 {
        __be32 *p;
-        READ_BUF(4);
+        p = xdr_inline_decode(xdr, 4);
-        READ32(*attrlen);
+        if (unlikely(!p))
+                goto out_overflow;
+        *attrlen = be32_to_cpup(p);
        *savep = xdr->p;
        return 0;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_attr_supported(struct xdr_stream *xdr, uint32_t *bitmap, uint32_t *bitmask)
@@ -2609,8 +2571,10 @@ static int decode_attr_type(struct xdr_stream *xdr, uint32_t *bitmap, uint32_t *
        if (unlikely(bitmap[0] & (FATTR4_WORD0_TYPE - 1U)))
                return -EIO;
        if (likely(bitmap[0] & FATTR4_WORD0_TYPE)) {
-                READ_BUF(4);
+                p = xdr_inline_decode(xdr, 4);
-                READ32(*type);
+                if (unlikely(!p))
+                        goto out_overflow;
+                *type = be32_to_cpup(p);
                if (*type < NF4REG || *type > NF4NAMEDATTR) {
                        dprintk("%s: bad type %d\n", __func__, *type);
                        return -EIO;
@@ -2620,6 +2584,9 @@ static int decode_attr_type(struct xdr_stream *xdr, uint32_t *bitmap, uint32_t *
        }
        dprintk("%s: type=0%o\n", __func__, nfs_type2fmt[*type]);
        return ret;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_attr_change(struct xdr_stream *xdr, uint32_t *bitmap, uint64_t *change)
@@ -2631,14 +2598,19 @@ static int decode_attr_change(struct xdr_stream *xdr, uint32_t *bitmap, uint64_t
        if (unlikely(bitmap[0] & (FATTR4_WORD0_CHANGE - 1U)))
                return -EIO;
        if (likely(bitmap[0] & FATTR4_WORD0_CHANGE)) {
-                READ_BUF(8);
+                p = xdr_inline_decode(xdr, 8);
-                READ64(*change);
+                if (unlikely(!p))
+                        goto out_overflow;
+                xdr_decode_hyper(p, change);
                bitmap[0] &= ~FATTR4_WORD0_CHANGE;
                ret = NFS_ATTR_FATTR_CHANGE;
        }
        dprintk("%s: change attribute=%Lu\n", __func__,
                        (unsigned long long)*change);
        return ret;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_attr_size(struct xdr_stream *xdr, uint32_t *bitmap, uint64_t *size)
@@ -2650,13 +2622,18 @@ static int decode_attr_size(struct xdr_stream *xdr, uint32_t *bitmap, uint64_t *
        if (unlikely(bitmap[0] & (FATTR4_WORD0_SIZE - 1U)))
                return -EIO;
        if (likely(bitmap[0] & FATTR4_WORD0_SIZE)) {
-                READ_BUF(8);
+                p = xdr_inline_decode(xdr, 8);
-                READ64(*size);
+                if (unlikely(!p))
+                        goto out_overflow;
+                xdr_decode_hyper(p, size);
                bitmap[0] &= ~FATTR4_WORD0_SIZE;
                ret = NFS_ATTR_FATTR_SIZE;
        }
        dprintk("%s: file size=%Lu\n", __func__, (unsigned long long)*size);
        return ret;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_attr_link_support(struct xdr_stream *xdr, uint32_t *bitmap, uint32_t *res)
@@ -2667,12 +2644,17 @@ static int decode_attr_link_support(struct xdr_stream *xdr, uint32_t *bitmap, ui
        if (unlikely(bitmap[0] & (FATTR4_WORD0_LINK_SUPPORT - 1U)))
                return -EIO;
        if (likely(bitmap[0] & FATTR4_WORD0_LINK_SUPPORT)) {
-                READ_BUF(4);
+                p = xdr_inline_decode(xdr, 4);
-                READ32(*res);
+                if (unlikely(!p))
+                        goto out_overflow;
+                *res = be32_to_cpup(p);
                bitmap[0] &= ~FATTR4_WORD0_LINK_SUPPORT;
        }
        dprintk("%s: link support=%s\n", __func__, *res == 0 ? "false" : "true");
        return 0;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_attr_symlink_support(struct xdr_stream *xdr, uint32_t *bitmap, uint32_t *res)
@@ -2683,12 +2665,17 @@ static int decode_attr_symlink_support(struct xdr_stream *xdr, uint32_t *bitmap,
        if (unlikely(bitmap[0] & (FATTR4_WORD0_SYMLINK_SUPPORT - 1U)))
                return -EIO;
        if (likely(bitmap[0] & FATTR4_WORD0_SYMLINK_SUPPORT)) {
-                READ_BUF(4);
+                p = xdr_inline_decode(xdr, 4);
-                READ32(*res);
+                if (unlikely(!p))
+                        goto out_overflow;
+                *res = be32_to_cpup(p);
                bitmap[0] &= ~FATTR4_WORD0_SYMLINK_SUPPORT;
        }
        dprintk("%s: symlink support=%s\n", __func__, *res == 0 ? "false" : "true");
        return 0;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_attr_fsid(struct xdr_stream *xdr, uint32_t *bitmap, struct nfs_fsid *fsid)
@@ -2701,9 +2688,11 @@ static int decode_attr_fsid(struct xdr_stream *xdr, uint32_t *bitmap, struct nfs
        if (unlikely(bitmap[0] & (FATTR4_WORD0_FSID - 1U)))
                return -EIO;
        if (likely(bitmap[0] & FATTR4_WORD0_FSID)) {
-                READ_BUF(16);
+                p = xdr_inline_decode(xdr, 16);
-                READ64(fsid->major);
+                if (unlikely(!p))
-                READ64(fsid->minor);
+                        goto out_overflow;
+                p = xdr_decode_hyper(p, &fsid->major);
+                xdr_decode_hyper(p, &fsid->minor);
                bitmap[0] &= ~FATTR4_WORD0_FSID;
                ret = NFS_ATTR_FATTR_FSID;
        }
@@ -2711,6 +2700,9 @@ static int decode_attr_fsid(struct xdr_stream *xdr, uint32_t *bitmap, struct nfs
                        (unsigned long long)fsid->major,
                        (unsigned long long)fsid->minor);
        return ret;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_attr_lease_time(struct xdr_stream *xdr, uint32_t *bitmap, uint32_t *res)
@@ -2721,12 +2713,17 @@ static int decode_attr_lease_time(struct xdr_stream *xdr, uint32_t *bitmap, uint
        if (unlikely(bitmap[0] & (FATTR4_WORD0_LEASE_TIME - 1U)))
                return -EIO;
        if (likely(bitmap[0] & FATTR4_WORD0_LEASE_TIME)) {
-                READ_BUF(4);
+                p = xdr_inline_decode(xdr, 4);
-                READ32(*res);
+                if (unlikely(!p))
+                        goto out_overflow;
+                *res = be32_to_cpup(p);
                bitmap[0] &= ~FATTR4_WORD0_LEASE_TIME;
        }
        dprintk("%s: file size=%u\n", __func__, (unsigned int)*res);
        return 0;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_attr_aclsupport(struct xdr_stream *xdr, uint32_t *bitmap, uint32_t *res)
@@ -2737,12 +2734,17 @@ static int decode_attr_aclsupport(struct xdr_stream *xdr, uint32_t *bitmap, uint
        if (unlikely(bitmap[0] & (FATTR4_WORD0_ACLSUPPORT - 1U)))
                return -EIO;
        if (likely(bitmap[0] & FATTR4_WORD0_ACLSUPPORT)) {
-                READ_BUF(4);
+                p = xdr_inline_decode(xdr, 4);
-                READ32(*res);
+                if (unlikely(!p))
+                        goto out_overflow;
+                *res = be32_to_cpup(p);
                bitmap[0] &= ~FATTR4_WORD0_ACLSUPPORT;
        }
        dprintk("%s: ACLs supported=%u\n", __func__, (unsigned int)*res);
        return 0;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_attr_fileid(struct xdr_stream *xdr, uint32_t *bitmap, uint64_t *fileid)
@@ -2754,13 +2756,18 @@ static int decode_attr_fileid(struct xdr_stream *xdr, uint32_t *bitmap, uint64_t
        if (unlikely(bitmap[0] & (FATTR4_WORD0_FILEID - 1U)))
                return -EIO;
        if (likely(bitmap[0] & FATTR4_WORD0_FILEID)) {
-                READ_BUF(8);
+                p = xdr_inline_decode(xdr, 8);
-                READ64(*fileid);
+                if (unlikely(!p))
+                        goto out_overflow;
+                xdr_decode_hyper(p, fileid);
                bitmap[0] &= ~FATTR4_WORD0_FILEID;
                ret = NFS_ATTR_FATTR_FILEID;
        }
        dprintk("%s: fileid=%Lu\n", __func__, (unsigned long long)*fileid);
        return ret;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_attr_mounted_on_fileid(struct xdr_stream *xdr, uint32_t *bitmap, uint64_t *fileid)
@@ -2772,13 +2779,18 @@ static int decode_attr_mounted_on_fileid(struct xdr_stream *xdr, uint32_t *bitma
        if (unlikely(bitmap[1] & (FATTR4_WORD1_MOUNTED_ON_FILEID - 1U)))
                return -EIO;
        if (likely(bitmap[1] & FATTR4_WORD1_MOUNTED_ON_FILEID)) {
-                READ_BUF(8);
+                p = xdr_inline_decode(xdr, 8);
-                READ64(*fileid);
+                if (unlikely(!p))
+                        goto out_overflow;
+                xdr_decode_hyper(p, fileid);
                bitmap[1] &= ~FATTR4_WORD1_MOUNTED_ON_FILEID;
                ret = NFS_ATTR_FATTR_FILEID;
        }
        dprintk("%s: fileid=%Lu\n", __func__, (unsigned long long)*fileid);
        return ret;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_attr_files_avail(struct xdr_stream *xdr, uint32_t *bitmap, uint64_t *res)
@@ -2790,12 +2802,17 @@ static int decode_attr_files_avail(struct xdr_stream *xdr, uint32_t *bitmap, uin
        if (unlikely(bitmap[0] & (FATTR4_WORD0_FILES_AVAIL - 1U)))
                return -EIO;
        if (likely(bitmap[0] & FATTR4_WORD0_FILES_AVAIL)) {
-                READ_BUF(8);
+                p = xdr_inline_decode(xdr, 8);
-                READ64(*res);
+                if (unlikely(!p))
+                        goto out_overflow;
+                xdr_decode_hyper(p, res);
                bitmap[0] &= ~FATTR4_WORD0_FILES_AVAIL;
        }
        dprintk("%s: files avail=%Lu\n", __func__, (unsigned long long)*res);
        return status;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_attr_files_free(struct xdr_stream *xdr, uint32_t *bitmap, uint64_t *res)
@@ -2807,12 +2824,17 @@ static int decode_attr_files_free(struct xdr_stream *xdr, uint32_t *bitmap, uint
        if (unlikely(bitmap[0] & (FATTR4_WORD0_FILES_FREE - 1U)))
                return -EIO;
        if (likely(bitmap[0] & FATTR4_WORD0_FILES_FREE)) {
-                READ_BUF(8);
+                p = xdr_inline_decode(xdr, 8);
-                READ64(*res);
+                if (unlikely(!p))
+                        goto out_overflow;
+                xdr_decode_hyper(p, res);
                bitmap[0] &= ~FATTR4_WORD0_FILES_FREE;
        }
        dprintk("%s: files free=%Lu\n", __func__, (unsigned long long)*res);
        return status;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_attr_files_total(struct xdr_stream *xdr, uint32_t *bitmap, uint64_t *res)
@@ -2824,12 +2846,17 @@ static int decode_attr_files_total(struct xdr_stream *xdr, uint32_t *bitmap, uin
        if (unlikely(bitmap[0] & (FATTR4_WORD0_FILES_TOTAL - 1U)))
                return -EIO;
        if (likely(bitmap[0] & FATTR4_WORD0_FILES_TOTAL)) {
-                READ_BUF(8);
+                p = xdr_inline_decode(xdr, 8);
-                READ64(*res);
+                if (unlikely(!p))
+                        goto out_overflow;
+                xdr_decode_hyper(p, res);
                bitmap[0] &= ~FATTR4_WORD0_FILES_TOTAL;
        }
        dprintk("%s: files total=%Lu\n", __func__, (unsigned long long)*res);
        return status;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_pathname(struct xdr_stream *xdr, struct nfs4_pathname *path)
@@ -2838,8 +2865,10 @@ static int decode_pathname(struct xdr_stream *xdr, struct nfs4_pathname *path)
        __be32 *p;
        int status = 0;
-        READ_BUF(4);
+        p = xdr_inline_decode(xdr, 4);
-        READ32(n);
+        if (unlikely(!p))
+                goto out_overflow;
+        n = be32_to_cpup(p);
        if (n == 0)
                goto root_path;
        dprintk("path ");
@@ -2873,6 +2902,9 @@ out_eio:
        dprintk(" status %d", status);
        status = -EIO;
        goto out;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_attr_fs_locations(struct xdr_stream *xdr, uint32_t *bitmap, struct nfs4_fs_locations *res)
@@ -2890,8 +2922,10 @@ static int decode_attr_fs_locations(struct xdr_stream *xdr, uint32_t *bitmap, st
        status = decode_pathname(xdr, &res->fs_path);
        if (unlikely(status != 0))
                goto out;
-        READ_BUF(4);
+        p = xdr_inline_decode(xdr, 4);
-        READ32(n);
+        if (unlikely(!p))
+                goto out_overflow;
+        n = be32_to_cpup(p);
        if (n <= 0)
                goto out_eio;
        res->nlocations = 0;
@@ -2899,8 +2933,10 @@ static int decode_attr_fs_locations(struct xdr_stream *xdr, uint32_t *bitmap, st
                u32 m;
                struct nfs4_fs_location *loc = &res->locations[res->nlocations];
-                READ_BUF(4);
+                p = xdr_inline_decode(xdr, 4);
-                READ32(m);
+                if (unlikely(!p))
+                        goto out_overflow;
+                m = be32_to_cpup(p);
                loc->nservers = 0;
                dprintk("%s: servers ", __func__);
@@ -2939,6 +2975,8 @@ static int decode_attr_fs_locations(struct xdr_stream *xdr, uint32_t *bitmap, st
 out:
        dprintk("%s: fs_locations done, error = %d\n", __func__, status);
        return status;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
 out_eio:
        status = -EIO;
        goto out;
@@ -2953,12 +2991,17 @@ static int decode_attr_maxfilesize(struct xdr_stream *xdr, uint32_t *bitmap, uin
        if (unlikely(bitmap[0] & (FATTR4_WORD0_MAXFILESIZE - 1U)))
                return -EIO;
        if (likely(bitmap[0] & FATTR4_WORD0_MAXFILESIZE)) {
-                READ_BUF(8);
+                p = xdr_inline_decode(xdr, 8);
-                READ64(*res);
+                if (unlikely(!p))
+                        goto out_overflow;
+                xdr_decode_hyper(p, res);
                bitmap[0] &= ~FATTR4_WORD0_MAXFILESIZE;
        }
        dprintk("%s: maxfilesize=%Lu\n", __func__, (unsigned long long)*res);
        return status;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_attr_maxlink(struct xdr_stream *xdr, uint32_t *bitmap, uint32_t *maxlink)
@@ -2970,12 +3013,17 @@ static int decode_attr_maxlink(struct xdr_stream *xdr, uint32_t *bitmap, uint32_
        if (unlikely(bitmap[0] & (FATTR4_WORD0_MAXLINK - 1U)))
                return -EIO;
        if (likely(bitmap[0] & FATTR4_WORD0_MAXLINK)) {
-                READ_BUF(4);
+                p = xdr_inline_decode(xdr, 4);
-                READ32(*maxlink);
+                if (unlikely(!p))
+                        goto out_overflow;
+                *maxlink = be32_to_cpup(p);
                bitmap[0] &= ~FATTR4_WORD0_MAXLINK;
        }
        dprintk("%s: maxlink=%u\n", __func__, *maxlink);
        return status;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_attr_maxname(struct xdr_stream *xdr, uint32_t *bitmap, uint32_t *maxname)
@@ -2987,12 +3035,17 @@ static int decode_attr_maxname(struct xdr_stream *xdr, uint32_t *bitmap, uint32_
        if (unlikely(bitmap[0] & (FATTR4_WORD0_MAXNAME - 1U)))
                return -EIO;
        if (likely(bitmap[0] & FATTR4_WORD0_MAXNAME)) {
-                READ_BUF(4);
+                p = xdr_inline_decode(xdr, 4);
-                READ32(*maxname);
+                if (unlikely(!p))
+                        goto out_overflow;
+                *maxname = be32_to_cpup(p);
                bitmap[0] &= ~FATTR4_WORD0_MAXNAME;
        }
        dprintk("%s: maxname=%u\n", __func__, *maxname);
        return status;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_attr_maxread(struct xdr_stream *xdr, uint32_t *bitmap, uint32_t *res)
@@ -3005,8 +3058,10 @@ static int decode_attr_maxread(struct xdr_stream *xdr, uint32_t *bitmap, uint32_
                return -EIO;
        if (likely(bitmap[0] & FATTR4_WORD0_MAXREAD)) {
                uint64_t maxread;
-                READ_BUF(8);
+                p = xdr_inline_decode(xdr, 8);
-                READ64(maxread);
+                if (unlikely(!p))
+                        goto out_overflow;
+                xdr_decode_hyper(p, &maxread);
                if (maxread > 0x7FFFFFFF)
                        maxread = 0x7FFFFFFF;
                *res = (uint32_t)maxread;
@@ -3014,6 +3069,9 @@ static int decode_attr_maxread(struct xdr_stream *xdr, uint32_t *bitmap, uint32_
        }
        dprintk("%s: maxread=%lu\n", __func__, (unsigned long)*res);
        return status;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_attr_maxwrite(struct xdr_stream *xdr, uint32_t *bitmap, uint32_t *res)
@@ -3026,8 +3084,10 @@ static int decode_attr_maxwrite(struct xdr_stream *xdr, uint32_t *bitmap, uint32
                return -EIO;
        if (likely(bitmap[0] & FATTR4_WORD0_MAXWRITE)) {
                uint64_t maxwrite;
-                READ_BUF(8);
+                p = xdr_inline_decode(xdr, 8);
-                READ64(maxwrite);
+                if (unlikely(!p))
+                        goto out_overflow;
+                xdr_decode_hyper(p, &maxwrite);
                if (maxwrite > 0x7FFFFFFF)
                        maxwrite = 0x7FFFFFFF;
                *res = (uint32_t)maxwrite;
@@ -3035,6 +3095,9 @@ static int decode_attr_maxwrite(struct xdr_stream *xdr, uint32_t *bitmap, uint32
        }
        dprintk("%s: maxwrite=%lu\n", __func__, (unsigned long)*res);
        return status;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_attr_mode(struct xdr_stream *xdr, uint32_t *bitmap, umode_t *mode)
@@ -3047,14 +3110,19 @@ static int decode_attr_mode(struct xdr_stream *xdr, uint32_t *bitmap, umode_t *m
        if (unlikely(bitmap[1] & (FATTR4_WORD1_MODE - 1U)))
                return -EIO;
        if (likely(bitmap[1] & FATTR4_WORD1_MODE)) {
-                READ_BUF(4);
+                p = xdr_inline_decode(xdr, 4);
-                READ32(tmp);
+                if (unlikely(!p))
+                        goto out_overflow;
+                tmp = be32_to_cpup(p);
                *mode = tmp & ~S_IFMT;
                bitmap[1] &= ~FATTR4_WORD1_MODE;
                ret = NFS_ATTR_FATTR_MODE;
        }
        dprintk("%s: file mode=0%o\n", __func__, (unsigned int)*mode);
        return ret;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_attr_nlink(struct xdr_stream *xdr, uint32_t *bitmap, uint32_t *nlink)
@@ -3066,16 +3134,22 @@ static int decode_attr_nlink(struct xdr_stream *xdr, uint32_t *bitmap, uint32_t
        if (unlikely(bitmap[1] & (FATTR4_WORD1_NUMLINKS - 1U)))
                return -EIO;
        if (likely(bitmap[1] & FATTR4_WORD1_NUMLINKS)) {
-                READ_BUF(4);
+                p = xdr_inline_decode(xdr, 4);
-                READ32(*nlink);
+                if (unlikely(!p))
+                        goto out_overflow;
+                *nlink = be32_to_cpup(p);
                bitmap[1] &= ~FATTR4_WORD1_NUMLINKS;
                ret = NFS_ATTR_FATTR_NLINK;
        }
        dprintk("%s: nlink=%u\n", __func__, (unsigned int)*nlink);
        return ret;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
-static int decode_attr_owner(struct xdr_stream *xdr, uint32_t *bitmap, struct nfs_client *clp, uint32_t *uid)
+static int decode_attr_owner(struct xdr_stream *xdr, uint32_t *bitmap,
+                struct nfs_client *clp, uint32_t *uid, int may_sleep)
 {
        uint32_t len;
        __be32 *p;
@@ -3085,10 +3159,16 @@ static int decode_attr_owner(struct xdr_stream *xdr, uint32_t *bitmap, struct nf
        if (unlikely(bitmap[1] & (FATTR4_WORD1_OWNER - 1U)))
                return -EIO;
        if (likely(bitmap[1] & FATTR4_WORD1_OWNER)) {
-                READ_BUF(4);
+                p = xdr_inline_decode(xdr, 4);
-                READ32(len);
+                if (unlikely(!p))
-                READ_BUF(len);
+                        goto out_overflow;
-                if (len < XDR_MAX_NETOBJ) {
+                len = be32_to_cpup(p);
+                p = xdr_inline_decode(xdr, len);
+                if (unlikely(!p))
+                        goto out_overflow;
+                if (!may_sleep) {
+                        /* do nothing */
+                } else if (len < XDR_MAX_NETOBJ) {
                        if (nfs_map_name_to_uid(clp, (char *)p, len, uid) == 0)
                                ret = NFS_ATTR_FATTR_OWNER;
                        else
@@ -3101,9 +3181,13 @@ static int decode_attr_owner(struct xdr_stream *xdr, uint32_t *bitmap, struct nf
        }
        dprintk("%s: uid=%d\n", __func__, (int)*uid);
        return ret;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
-static int decode_attr_group(struct xdr_stream *xdr, uint32_t *bitmap, struct nfs_client *clp, uint32_t *gid)
+static int decode_attr_group(struct xdr_stream *xdr, uint32_t *bitmap,
+                struct nfs_client *clp, uint32_t *gid, int may_sleep)
 {
        uint32_t len;
        __be32 *p;
@@ -3113,10 +3197,16 @@ static int decode_attr_group(struct xdr_stream *xdr, uint32_t *bitmap, struct nf
        if (unlikely(bitmap[1] & (FATTR4_WORD1_OWNER_GROUP - 1U)))
                return -EIO;
        if (likely(bitmap[1] & FATTR4_WORD1_OWNER_GROUP)) {
-                READ_BUF(4);
+                p = xdr_inline_decode(xdr, 4);
-                READ32(len);
+                if (unlikely(!p))
-                READ_BUF(len);
+                        goto out_overflow;
-                if (len < XDR_MAX_NETOBJ) {
+                len = be32_to_cpup(p);
+                p = xdr_inline_decode(xdr, len);
+                if (unlikely(!p))
+                        goto out_overflow;
+                if (!may_sleep) {
+                        /* do nothing */
+                } else if (len < XDR_MAX_NETOBJ) {
                        if (nfs_map_group_to_gid(clp, (char *)p, len, gid) == 0)
                                ret = NFS_ATTR_FATTR_GROUP;
                        else
@@ -3129,6 +3219,9 @@ static int decode_attr_group(struct xdr_stream *xdr, uint32_t *bitmap, struct nf
        }
        dprintk("%s: gid=%d\n", __func__, (int)*gid);
        return ret;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_attr_rdev(struct xdr_stream *xdr, uint32_t *bitmap, dev_t *rdev)
@@ -3143,9 +3236,11 @@ static int decode_attr_rdev(struct xdr_stream *xdr, uint32_t *bitmap, dev_t *rde
        if (likely(bitmap[1] & FATTR4_WORD1_RAWDEV)) {
                dev_t tmp;
-                READ_BUF(8);
+                p = xdr_inline_decode(xdr, 8);
-                READ32(major);
+                if (unlikely(!p))
-                READ32(minor);
+                        goto out_overflow;
+                major = be32_to_cpup(p++);
+                minor = be32_to_cpup(p);
                tmp = MKDEV(major, minor);
                if (MAJOR(tmp) == major && MINOR(tmp) == minor)
                        *rdev = tmp;
@@ -3154,6 +3249,9 @@ static int decode_attr_rdev(struct xdr_stream *xdr, uint32_t *bitmap, dev_t *rde
        }
        dprintk("%s: rdev=(0x%x:0x%x)\n", __func__, major, minor);
        return ret;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_attr_space_avail(struct xdr_stream *xdr, uint32_t *bitmap, uint64_t *res)
@@ -3165,12 +3263,17 @@ static int decode_attr_space_avail(struct xdr_stream *xdr, uint32_t *bitmap, uin
        if (unlikely(bitmap[1] & (FATTR4_WORD1_SPACE_AVAIL - 1U)))
                return -EIO;
        if (likely(bitmap[1] & FATTR4_WORD1_SPACE_AVAIL)) {
-                READ_BUF(8);
+                p = xdr_inline_decode(xdr, 8);
-                READ64(*res);
+                if (unlikely(!p))
+                        goto out_overflow;
+                xdr_decode_hyper(p, res);
                bitmap[1] &= ~FATTR4_WORD1_SPACE_AVAIL;
        }
        dprintk("%s: space avail=%Lu\n", __func__, (unsigned long long)*res);
        return status;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_attr_space_free(struct xdr_stream *xdr, uint32_t *bitmap, uint64_t *res)
@@ -3182,12 +3285,17 @@ static int decode_attr_space_free(struct xdr_stream *xdr, uint32_t *bitmap, uint
        if (unlikely(bitmap[1] & (FATTR4_WORD1_SPACE_FREE - 1U)))
                return -EIO;
        if (likely(bitmap[1] & FATTR4_WORD1_SPACE_FREE)) {
-                READ_BUF(8);
+                p = xdr_inline_decode(xdr, 8);
-                READ64(*res);
+                if (unlikely(!p))
+                        goto out_overflow;
+                xdr_decode_hyper(p, res);
                bitmap[1] &= ~FATTR4_WORD1_SPACE_FREE;
        }
        dprintk("%s: space free=%Lu\n", __func__, (unsigned long long)*res);
        return status;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_attr_space_total(struct xdr_stream *xdr, uint32_t *bitmap, uint64_t *res)
@@ -3199,12 +3307,17 @@ static int decode_attr_space_total(struct xdr_stream *xdr, uint32_t *bitmap, uin
        if (unlikely(bitmap[1] & (FATTR4_WORD1_SPACE_TOTAL - 1U)))
                return -EIO;
        if (likely(bitmap[1] & FATTR4_WORD1_SPACE_TOTAL)) {
-                READ_BUF(8);
+                p = xdr_inline_decode(xdr, 8);
-                READ64(*res);
+                if (unlikely(!p))
+                        goto out_overflow;
+                xdr_decode_hyper(p, res);
                bitmap[1] &= ~FATTR4_WORD1_SPACE_TOTAL;
        }
        dprintk("%s: space total=%Lu\n", __func__, (unsigned long long)*res);
        return status;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_attr_space_used(struct xdr_stream *xdr, uint32_t *bitmap, uint64_t *used)
@@ -3216,14 +3329,19 @@ static int decode_attr_space_used(struct xdr_stream *xdr, uint32_t *bitmap, uint
        if (unlikely(bitmap[1] & (FATTR4_WORD1_SPACE_USED - 1U)))
                return -EIO;
        if (likely(bitmap[1] & FATTR4_WORD1_SPACE_USED)) {
-                READ_BUF(8);
+                p = xdr_inline_decode(xdr, 8);
-                READ64(*used);
+                if (unlikely(!p))
+                        goto out_overflow;
+                xdr_decode_hyper(p, used);
                bitmap[1] &= ~FATTR4_WORD1_SPACE_USED;
                ret = NFS_ATTR_FATTR_SPACE_USED;
        }
        dprintk("%s: space used=%Lu\n", __func__,
                        (unsigned long long)*used);
        return ret;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_attr_time(struct xdr_stream *xdr, struct timespec *time)
@@ -3232,12 +3350,17 @@ static int decode_attr_time(struct xdr_stream *xdr, struct timespec *time)
        uint64_t sec;
        uint32_t nsec;
-        READ_BUF(12);
+        p = xdr_inline_decode(xdr, 12);
-        READ64(sec);
+        if (unlikely(!p))
-        READ32(nsec);
+                goto out_overflow;
+        p = xdr_decode_hyper(p, &sec);
+        nsec = be32_to_cpup(p);
        time->tv_sec = (time_t)sec;
        time->tv_nsec = (long)nsec;
        return 0;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_attr_time_access(struct xdr_stream *xdr, uint32_t *bitmap, struct timespec *time)
@@ -3315,11 +3438,16 @@ static int decode_change_info(struct xdr_stream *xdr, struct nfs4_change_info *c
 {
        __be32 *p;
-        READ_BUF(20);
+        p = xdr_inline_decode(xdr, 20);
-        READ32(cinfo->atomic);
+        if (unlikely(!p))
-        READ64(cinfo->before);
+                goto out_overflow;
-        READ64(cinfo->after);
+        cinfo->atomic = be32_to_cpup(p++);
+        p = xdr_decode_hyper(p, &cinfo->before);
+        xdr_decode_hyper(p, &cinfo->after);
        return 0;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_access(struct xdr_stream *xdr, struct nfs4_accessres *access)
@@ -3331,40 +3459,62 @@ static int decode_access(struct xdr_stream *xdr, struct nfs4_accessres *access)
        status = decode_op_hdr(xdr, OP_ACCESS);
        if (status)
                return status;
-        READ_BUF(8);
+        p = xdr_inline_decode(xdr, 8);
-        READ32(supp);
+        if (unlikely(!p))
-        READ32(acc);
+                goto out_overflow;
+        supp = be32_to_cpup(p++);
+        acc = be32_to_cpup(p);
        access->supported = supp;
        access->access = acc;
        return 0;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
-static int decode_close(struct xdr_stream *xdr, struct nfs_closeres *res)
+static int decode_opaque_fixed(struct xdr_stream *xdr, void *buf, size_t len)
 {
        __be32 *p;
+        p = xdr_inline_decode(xdr, len);
+        if (likely(p)) {
+                memcpy(buf, p, len);
+                return 0;
+        }
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
+}
+static int decode_stateid(struct xdr_stream *xdr, nfs4_stateid *stateid)
+{
+        return decode_opaque_fixed(xdr, stateid->data, NFS4_STATEID_SIZE);
+}
+static int decode_close(struct xdr_stream *xdr, struct nfs_closeres *res)
+{
        int status;
        status = decode_op_hdr(xdr, OP_CLOSE);
        if (status != -EIO)
                nfs_increment_open_seqid(status, res->seqid);
-        if (status)
+        if (!status)
-                return status;
+                status = decode_stateid(xdr, &res->stateid);
-        READ_BUF(NFS4_STATEID_SIZE);
+        return status;
-        COPYMEM(res->stateid.data, NFS4_STATEID_SIZE);
+}
-        return 0;
+static int decode_verifier(struct xdr_stream *xdr, void *verifier)
+{
+        return decode_opaque_fixed(xdr, verifier, 8);
 }
 static int decode_commit(struct xdr_stream *xdr, struct nfs_writeres *res)
 {
-        __be32 *p;
        int status;
        status = decode_op_hdr(xdr, OP_COMMIT);
-        if (status)
+        if (!status)
-                return status;
+                status = decode_verifier(xdr, res->verf->verifier);
-        READ_BUF(8);
+        return status;
-        COPYMEM(res->verf->verifier, 8);
-        return 0;
 }
 static int decode_create(struct xdr_stream *xdr, struct nfs4_change_info *cinfo)
@@ -3378,10 +3528,16 @@ static int decode_create(struct xdr_stream *xdr, struct nfs4_change_info *cinfo)
                return status;
        if ((status = decode_change_info(xdr, cinfo)))
                return status;
-        READ_BUF(4);
+        p = xdr_inline_decode(xdr, 4);
-        READ32(bmlen);
+        if (unlikely(!p))
-        READ_BUF(bmlen << 2);
+                goto out_overflow;
-        return 0;
+        bmlen = be32_to_cpup(p);
+        p = xdr_inline_decode(xdr, bmlen << 2);
+        if (likely(p))
+                return 0;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_server_caps(struct xdr_stream *xdr, struct nfs4_server_caps_res *res)
@@ -3466,7 +3622,8 @@ xdr_error:
        return status;
 }
-static int decode_getfattr(struct xdr_stream *xdr, struct nfs_fattr *fattr, const struct nfs_server *server)
+static int decode_getfattr(struct xdr_stream *xdr, struct nfs_fattr *fattr,
+                const struct nfs_server *server, int may_sleep)
 {
        __be32 *savep;
        uint32_t attrlen,
@@ -3538,12 +3695,14 @@ static int decode_getfattr(struct xdr_stream *xdr, struct nfs_fattr *fattr, cons
                goto xdr_error;
        fattr->valid |= status;
-        status = decode_attr_owner(xdr, bitmap, server->nfs_client, &fattr->uid);
+        status = decode_attr_owner(xdr, bitmap, server->nfs_client,
+                        &fattr->uid, may_sleep);
        if (status < 0)
                goto xdr_error;
        fattr->valid |= status;
-        status = decode_attr_group(xdr, bitmap, server->nfs_client, &fattr->gid);
+        status = decode_attr_group(xdr, bitmap, server->nfs_client,
+                        &fattr->gid, may_sleep);
        if (status < 0)
                goto xdr_error;
        fattr->valid |= status;
@@ -3633,14 +3792,21 @@ static int decode_getfh(struct xdr_stream *xdr, struct nfs_fh *fh)
        if (status)
                return status;
-        READ_BUF(4);
+        p = xdr_inline_decode(xdr, 4);
-        READ32(len);
+        if (unlikely(!p))
+                goto out_overflow;
+        len = be32_to_cpup(p);
        if (len > NFS4_FHSIZE)
                return -EIO;
        fh->size = len;
-        READ_BUF(len);
+        p = xdr_inline_decode(xdr, len);
-        COPYMEM(fh->data, len);
+        if (unlikely(!p))
+                goto out_overflow;
+        memcpy(fh->data, p, len);
        return 0;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_link(struct xdr_stream *xdr, struct nfs4_change_info *cinfo)
@@ -3662,10 +3828,12 @@ static int decode_lock_denied (struct xdr_stream *xdr, struct file_lock *fl)
        __be32 *p;
        uint32_t namelen, type;
-        READ_BUF(32);
+        p = xdr_inline_decode(xdr, 32);
-        READ64(offset);
+        if (unlikely(!p))
-        READ64(length);
+                goto out_overflow;
-        READ32(type);
+        p = xdr_decode_hyper(p, &offset);
+        p = xdr_decode_hyper(p, &length);
+        type = be32_to_cpup(p++);
        if (fl != NULL) {
                fl->fl_start = (loff_t)offset;
                fl->fl_end = fl->fl_start + (loff_t)length - 1;
@@ -3676,23 +3844,27 @@ static int decode_lock_denied (struct xdr_stream *xdr, struct file_lock *fl)
                        fl->fl_type = F_RDLCK;
                fl->fl_pid = 0;
        }
-        READ64(clientid);
+        p = xdr_decode_hyper(p, &clientid);
-        READ32(namelen);
+        namelen = be32_to_cpup(p);
-        READ_BUF(namelen);
+        p = xdr_inline_decode(xdr, namelen);
-        return -NFS4ERR_DENIED;
+        if (likely(p))
+                return -NFS4ERR_DENIED;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_lock(struct xdr_stream *xdr, struct nfs_lock_res *res)
 {
-        __be32 *p;
        int status;
        status = decode_op_hdr(xdr, OP_LOCK);
        if (status == -EIO)
                goto out;
        if (status == 0) {
-                READ_BUF(NFS4_STATEID_SIZE);
+                status = decode_stateid(xdr, &res->stateid);
-                COPYMEM(res->stateid.data, NFS4_STATEID_SIZE);
+                if (unlikely(status))
+                        goto out;
        } else if (status == -NFS4ERR_DENIED)
                status = decode_lock_denied(xdr, NULL);
        if (res->open_seqid != NULL)
@@ -3713,16 +3885,13 @@ static int decode_lockt(struct xdr_stream *xdr, struct nfs_lockt_res *res)
 static int decode_locku(struct xdr_stream *xdr, struct nfs_locku_res *res)
 {
-        __be32 *p;
        int status;
        status = decode_op_hdr(xdr, OP_LOCKU);
        if (status != -EIO)
                nfs_increment_lock_seqid(status, res->seqid);
-        if (status == 0) {
+        if (status == 0)
-                READ_BUF(NFS4_STATEID_SIZE);
+                status = decode_stateid(xdr, &res->stateid);
-                COPYMEM(res->stateid.data, NFS4_STATEID_SIZE);
-        }
        return status;
 }
@@ -3737,34 +3906,46 @@ static int decode_space_limit(struct xdr_stream *xdr, u64 *maxsize)
        __be32 *p;
        uint32_t limit_type, nblocks, blocksize;
-        READ_BUF(12);
+        p = xdr_inline_decode(xdr, 12);
-        READ32(limit_type);
+        if (unlikely(!p))
+                goto out_overflow;
+        limit_type = be32_to_cpup(p++);
        switch (limit_type) {
        case 1:
-                READ64(*maxsize);
+                xdr_decode_hyper(p, maxsize);
                break;
        case 2:
-                READ32(nblocks);
+                nblocks = be32_to_cpup(p++);
-                READ32(blocksize);
+                blocksize = be32_to_cpup(p);
                *maxsize = (uint64_t)nblocks * (uint64_t)blocksize;
        }
        return 0;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_delegation(struct xdr_stream *xdr, struct nfs_openres *res)
 {
        __be32 *p;
        uint32_t delegation_type;
+        int status;
-        READ_BUF(4);
+        p = xdr_inline_decode(xdr, 4);
-        READ32(delegation_type);
+        if (unlikely(!p))
+                goto out_overflow;
+        delegation_type = be32_to_cpup(p);
        if (delegation_type == NFS4_OPEN_DELEGATE_NONE) {
                res->delegation_type = 0;
                return 0;
        }
-        READ_BUF(NFS4_STATEID_SIZE+4);
+        status = decode_stateid(xdr, &res->delegation);
-        COPYMEM(res->delegation.data, NFS4_STATEID_SIZE);
+        if (unlikely(status))
-        READ32(res->do_recall);
+                return status;
+        p = xdr_inline_decode(xdr, 4);
+        if (unlikely(!p))
+                goto out_overflow;
+        res->do_recall = be32_to_cpup(p);
        switch (delegation_type) {
        case NFS4_OPEN_DELEGATE_READ:
@@ -3776,6 +3957,9 @@ static int decode_delegation(struct xdr_stream *xdr, struct nfs_openres *res)
                                return -EIO;
        }
        return decode_ace(xdr, NULL, res->server->nfs_client);
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_open(struct xdr_stream *xdr, struct nfs_openres *res)
@@ -3787,23 +3971,27 @@ static int decode_open(struct xdr_stream *xdr, struct nfs_openres *res)
        status = decode_op_hdr(xdr, OP_OPEN);
        if (status != -EIO)
                nfs_increment_open_seqid(status, res->seqid);
-        if (status)
+        if (!status)
+                status = decode_stateid(xdr, &res->stateid);
+        if (unlikely(status))
                return status;
-        READ_BUF(NFS4_STATEID_SIZE);
-        COPYMEM(res->stateid.data, NFS4_STATEID_SIZE);
        decode_change_info(xdr, &res->cinfo);
-        READ_BUF(8);
+        p = xdr_inline_decode(xdr, 8);
-        READ32(res->rflags);
+        if (unlikely(!p))
-        READ32(bmlen);
+                goto out_overflow;
+        res->rflags = be32_to_cpup(p++);
+        bmlen = be32_to_cpup(p);
        if (bmlen > 10)
                goto xdr_error;
-        READ_BUF(bmlen << 2);
+        p = xdr_inline_decode(xdr, bmlen << 2);
+        if (unlikely(!p))
+                goto out_overflow;
        savewords = min_t(uint32_t, bmlen, NFS4_BITMAP_SIZE);
        for (i = 0; i < savewords; ++i)
-                READ32(res->attrset[i]);
+                res->attrset[i] = be32_to_cpup(p++);
        for (; i < NFS4_BITMAP_SIZE; i++)
                res->attrset[i] = 0;
@@ -3811,36 +3999,33 @@ static int decode_open(struct xdr_stream *xdr, struct nfs_openres *res)
 xdr_error:
        dprintk("%s: Bitmap too large! Length = %u\n", __func__, bmlen);
        return -EIO;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_open_confirm(struct xdr_stream *xdr, struct nfs_open_confirmres *res)
 {
-        __be32 *p;
        int status;
        status = decode_op_hdr(xdr, OP_OPEN_CONFIRM);
        if (status != -EIO)
                nfs_increment_open_seqid(status, res->seqid);
-        if (status)
+        if (!status)
-                return status;
+                status = decode_stateid(xdr, &res->stateid);
-        READ_BUF(NFS4_STATEID_SIZE);
+        return status;
-        COPYMEM(res->stateid.data, NFS4_STATEID_SIZE);
-        return 0;
 }
 static int decode_open_downgrade(struct xdr_stream *xdr, struct nfs_closeres *res)
 {
-        __be32 *p;
        int status;
        status = decode_op_hdr(xdr, OP_OPEN_DOWNGRADE);
        if (status != -EIO)
                nfs_increment_open_seqid(status, res->seqid);
-        if (status)
+        if (!status)
-                return status;
+                status = decode_stateid(xdr, &res->stateid);
-        READ_BUF(NFS4_STATEID_SIZE);
+        return status;
-        COPYMEM(res->stateid.data, NFS4_STATEID_SIZE);
-        return 0;
 }
 static int decode_putfh(struct xdr_stream *xdr)
@@ -3863,9 +4048,11 @@ static int decode_read(struct xdr_stream *xdr, struct rpc_rqst *req, struct nfs_
        status = decode_op_hdr(xdr, OP_READ);
        if (status)
                return status;
-        READ_BUF(8);
+        p = xdr_inline_decode(xdr, 8);
-        READ32(eof);
+        if (unlikely(!p))
-        READ32(count);
+                goto out_overflow;
+        eof = be32_to_cpup(p++);
+        count = be32_to_cpup(p);
        hdrlen = (u8 *) p - (u8 *) iov->iov_base;
        recvd = req->rq_rcv_buf.len - hdrlen;
        if (count > recvd) {
@@ -3878,6 +4065,9 @@ static int decode_read(struct xdr_stream *xdr, struct rpc_rqst *req, struct nfs_
        res->eof = eof;
        res->count = count;
        return 0;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_readdir(struct xdr_stream *xdr, struct rpc_rqst *req, struct nfs4_readdir_res *readdir)
@@ -3892,17 +4082,17 @@ static int decode_readdir(struct xdr_stream *xdr, struct rpc_rqst *req, struct n
        int             status;
        status = decode_op_hdr(xdr, OP_READDIR);
-        if (status)
+        if (!status)
+                status = decode_verifier(xdr, readdir->verifier.data);
+        if (unlikely(status))
                return status;
-        READ_BUF(8);
-        COPYMEM(readdir->verifier.data, 8);
        dprintk("%s: verifier = %08x:%08x\n",
                        __func__,
                        ((u32 *)readdir->verifier.data)[0],
                        ((u32 *)readdir->verifier.data)[1]);
-        hdrlen = (char *) p - (char *) iov->iov_base;
+        hdrlen = (char *) xdr->p - (char *) iov->iov_base;
        recvd = rcvbuf->len - hdrlen;
        if (pglen > recvd)
                pglen = recvd;
@@ -3990,8 +4180,10 @@ static int decode_readlink(struct xdr_stream *xdr, struct rpc_rqst *req)
                return status;
        /* Convert length of symlink */
-        READ_BUF(4);
+        p = xdr_inline_decode(xdr, 4);
-        READ32(len);
+        if (unlikely(!p))
+                goto out_overflow;
+        len = be32_to_cpup(p);
        if (len >= rcvbuf->page_len || len <= 0) {
                dprintk("nfs: server returned giant symlink!\n");
                return -ENAMETOOLONG;
@@ -4015,6 +4207,9 @@ static int decode_readlink(struct xdr_stream *xdr, struct rpc_rqst *req)
        kaddr[len+rcvbuf->page_base] = '\0';
        kunmap_atomic(kaddr, KM_USER0);
        return 0;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_remove(struct xdr_stream *xdr, struct nfs4_change_info *cinfo)
@@ -4112,10 +4307,16 @@ static int decode_setattr(struct xdr_stream *xdr)
        status = decode_op_hdr(xdr, OP_SETATTR);
        if (status)
                return status;
-        READ_BUF(4);
+        p = xdr_inline_decode(xdr, 4);
-        READ32(bmlen);
+        if (unlikely(!p))
-        READ_BUF(bmlen << 2);
+                goto out_overflow;
-        return 0;
+        bmlen = be32_to_cpup(p);
+        p = xdr_inline_decode(xdr, bmlen << 2);
+        if (likely(p))
+                return 0;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_setclientid(struct xdr_stream *xdr, struct nfs_client *clp)
@@ -4124,35 +4325,50 @@ static int decode_setclientid(struct xdr_stream *xdr, struct nfs_client *clp)
        uint32_t opnum;
        int32_t nfserr;
-        READ_BUF(8);
+        p = xdr_inline_decode(xdr, 8);
-        READ32(opnum);
+        if (unlikely(!p))
+                goto out_overflow;
+        opnum = be32_to_cpup(p++);
        if (opnum != OP_SETCLIENTID) {
                dprintk("nfs: decode_setclientid: Server returned operation"
                        " %d\n", opnum);
                return -EIO;
        }
-        READ32(nfserr);
+        nfserr = be32_to_cpup(p);
        if (nfserr == NFS_OK) {
-                READ_BUF(8 + NFS4_VERIFIER_SIZE);
+                p = xdr_inline_decode(xdr, 8 + NFS4_VERIFIER_SIZE);
-                READ64(clp->cl_clientid);
+                if (unlikely(!p))
-                COPYMEM(clp->cl_confirm.data, NFS4_VERIFIER_SIZE);
+                        goto out_overflow;
+                p = xdr_decode_hyper(p, &clp->cl_clientid);
+                memcpy(clp->cl_confirm.data, p, NFS4_VERIFIER_SIZE);
        } else if (nfserr == NFSERR_CLID_INUSE) {
                uint32_t len;
                /* skip netid string */
-                READ_BUF(4);
+                p = xdr_inline_decode(xdr, 4);
-                READ32(len);
+                if (unlikely(!p))
-                READ_BUF(len);
+                        goto out_overflow;
+                len = be32_to_cpup(p);
+                p = xdr_inline_decode(xdr, len);
+                if (unlikely(!p))
+                        goto out_overflow;
                /* skip uaddr string */
-                READ_BUF(4);
+                p = xdr_inline_decode(xdr, 4);
-                READ32(len);
+                if (unlikely(!p))
-                READ_BUF(len);
+                        goto out_overflow;
+                len = be32_to_cpup(p);
+                p = xdr_inline_decode(xdr, len);
+                if (unlikely(!p))
+                        goto out_overflow;
                return -NFSERR_CLID_INUSE;
        } else
                return nfs4_stat_to_errno(nfserr);
        return 0;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_setclientid_confirm(struct xdr_stream *xdr)
@@ -4169,11 +4385,16 @@ static int decode_write(struct xdr_stream *xdr, struct nfs_writeres *res)
        if (status)
                return status;
-        READ_BUF(16);
+        p = xdr_inline_decode(xdr, 16);
-        READ32(res->count);
+        if (unlikely(!p))
-        READ32(res->verf->committed);
+                goto out_overflow;
-        COPYMEM(res->verf->verifier, 8);
+        res->count = be32_to_cpup(p++);
+        res->verf->committed = be32_to_cpup(p++);
+        memcpy(res->verf->verifier, p, 8);
        return 0;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_delegreturn(struct xdr_stream *xdr)
@@ -4187,6 +4408,7 @@ static int decode_exchange_id(struct xdr_stream *xdr,
 {
        __be32 *p;
        uint32_t dummy;
+        char *dummy_str;
        int status;
        struct nfs_client *clp = res->client;
@@ -4194,36 +4416,45 @@ static int decode_exchange_id(struct xdr_stream *xdr,
        if (status)
                return status;
-        READ_BUF(8);
+        p = xdr_inline_decode(xdr, 8);
-        READ64(clp->cl_ex_clid);
+        if (unlikely(!p))
-        READ_BUF(12);
+                goto out_overflow;
-        READ32(clp->cl_seqid);
+        xdr_decode_hyper(p, &clp->cl_ex_clid);
-        READ32(clp->cl_exchange_flags);
+        p = xdr_inline_decode(xdr, 12);
+        if (unlikely(!p))
+                goto out_overflow;
+        clp->cl_seqid = be32_to_cpup(p++);
+        clp->cl_exchange_flags = be32_to_cpup(p++);
        /* We ask for SP4_NONE */
-        READ32(dummy);
+        dummy = be32_to_cpup(p);
        if (dummy != SP4_NONE)
                return -EIO;
        /* Throw away minor_id */
-        READ_BUF(8);
+        p = xdr_inline_decode(xdr, 8);
+        if (unlikely(!p))
+                goto out_overflow;
        /* Throw away Major id */
-        READ_BUF(4);
+        status = decode_opaque_inline(xdr, &dummy, &dummy_str);
-        READ32(dummy);
+        if (unlikely(status))
-        READ_BUF(dummy);
+                return status;
        /* Throw away server_scope */
-        READ_BUF(4);
+        status = decode_opaque_inline(xdr, &dummy, &dummy_str);
-        READ32(dummy);
+        if (unlikely(status))
-        READ_BUF(dummy);
+                return status;
        /* Throw away Implementation id array */
-        READ_BUF(4);
+        status = decode_opaque_inline(xdr, &dummy, &dummy_str);
-        READ32(dummy);
+        if (unlikely(status))
-        READ_BUF(dummy);
+                return status;
        return 0;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_chan_attrs(struct xdr_stream *xdr,
@@ -4232,22 +4463,35 @@ static int decode_chan_attrs(struct xdr_stream *xdr,
        __be32 *p;
        u32 nr_attrs;
-        READ_BUF(28);
+        p = xdr_inline_decode(xdr, 28);
-        READ32(attrs->headerpadsz);
+        if (unlikely(!p))
-        READ32(attrs->max_rqst_sz);
+                goto out_overflow;
-        READ32(attrs->max_resp_sz);
+        attrs->headerpadsz = be32_to_cpup(p++);
-        READ32(attrs->max_resp_sz_cached);
+        attrs->max_rqst_sz = be32_to_cpup(p++);
-        READ32(attrs->max_ops);
+        attrs->max_resp_sz = be32_to_cpup(p++);
-        READ32(attrs->max_reqs);
+        attrs->max_resp_sz_cached = be32_to_cpup(p++);
-        READ32(nr_attrs);
+        attrs->max_ops = be32_to_cpup(p++);
+        attrs->max_reqs = be32_to_cpup(p++);
+        nr_attrs = be32_to_cpup(p);
        if (unlikely(nr_attrs > 1)) {
                printk(KERN_WARNING "%s: Invalid rdma channel attrs count %u\n",
                        __func__, nr_attrs);
                return -EINVAL;
        }
-        if (nr_attrs == 1)
+        if (nr_attrs == 1) {
-                READ_BUF(4); /* skip rdma_attrs */
+                p = xdr_inline_decode(xdr, 4); /* skip rdma_attrs */
+                if (unlikely(!p))
+                        goto out_overflow;
+        }
        return 0;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
+}
+static int decode_sessionid(struct xdr_stream *xdr, struct nfs4_sessionid *sid)
+{
+        return decode_opaque_fixed(xdr, sid->data, NFS4_MAX_SESSIONID_LEN);
 }
 static int decode_create_session(struct xdr_stream *xdr,
@@ -4259,24 +4503,26 @@ static int decode_create_session(struct xdr_stream *xdr,
        struct nfs4_session *session = clp->cl_session;
        status = decode_op_hdr(xdr, OP_CREATE_SESSION);
+        if (!status)
-        if (status)
+                status = decode_sessionid(xdr, &session->sess_id);
+        if (unlikely(status))
                return status;
-        /* sessionid */
-        READ_BUF(NFS4_MAX_SESSIONID_LEN);
-        COPYMEM(&session->sess_id, NFS4_MAX_SESSIONID_LEN);
        /* seqid, flags */
-        READ_BUF(8);
+        p = xdr_inline_decode(xdr, 8);
-        READ32(clp->cl_seqid);
+        if (unlikely(!p))
-        READ32(session->flags);
+                goto out_overflow;
+        clp->cl_seqid = be32_to_cpup(p++);
+        session->flags = be32_to_cpup(p);
        /* Channel attributes */
        status = decode_chan_attrs(xdr, &session->fc_attrs);
        if (!status)
                status = decode_chan_attrs(xdr, &session->bc_attrs);
        return status;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        return -EIO;
 }
 static int decode_destroy_session(struct xdr_stream *xdr, void *dummy)
@@ -4300,7 +4546,9 @@ static int decode_sequence(struct xdr_stream *xdr,
                return 0;
        status = decode_op_hdr(xdr, OP_SEQUENCE);
-        if (status)
+        if (!status)
+                status = decode_sessionid(xdr, &id);
+        if (unlikely(status))
                goto out_err;
        /*
@@ -4309,36 +4557,43 @@ static int decode_sequence(struct xdr_stream *xdr,
         */
        status = -ESERVERFAULT;
-        slot = &res->sr_session->fc_slot_table.slots[res->sr_slotid];
-        READ_BUF(NFS4_MAX_SESSIONID_LEN + 20);
-        COPYMEM(id.data, NFS4_MAX_SESSIONID_LEN);
        if (memcmp(id.data, res->sr_session->sess_id.data,
                   NFS4_MAX_SESSIONID_LEN)) {
                dprintk("%s Invalid session id\n", __func__);
                goto out_err;
        }
+        p = xdr_inline_decode(xdr, 20);
+        if (unlikely(!p))
+                goto out_overflow;
        /* seqid */
-        READ32(dummy);
+        slot = &res->sr_session->fc_slot_table.slots[res->sr_slotid];
+        dummy = be32_to_cpup(p++);
        if (dummy != slot->seq_nr) {
                dprintk("%s Invalid sequence number\n", __func__);
                goto out_err;
        }
        /* slot id */
-        READ32(dummy);
+        dummy = be32_to_cpup(p++);
        if (dummy != res->sr_slotid) {
                dprintk("%s Invalid slot id\n", __func__);
                goto out_err;
        }
        /* highest slot id - currently not processed */
-        READ32(dummy);
+        dummy = be32_to_cpup(p++);
        /* target highest slot id - currently not processed */
-        READ32(dummy);
+        dummy = be32_to_cpup(p++);
        /* result flags - currently not processed */
-        READ32(dummy);
+        dummy = be32_to_cpup(p);
        status = 0;
 out_err:
        res->sr_status = status;
        return status;
+out_overflow:
+        print_overflow_msg(__func__, xdr);
+        status = -EIO;
+        goto out_err;
 #else  /* CONFIG_NFS_V4_1 */
        return 0;
 #endif /* CONFIG_NFS_V4_1 */
@@ -4370,7 +4625,8 @@ static int nfs4_xdr_dec_open_downgrade(struct rpc_rqst *rqstp, __be32 *p, struct
        status = decode_open_downgrade(&xdr, res);
        if (status != 0)
                goto out;
-        decode_getfattr(&xdr, res->fattr, res->server);
+        decode_getfattr(&xdr, res->fattr, res->server,
+                        !RPC_IS_ASYNC(rqstp->rq_task));
 out:
        return status;
 }
@@ -4397,7 +4653,8 @@ static int nfs4_xdr_dec_access(struct rpc_rqst *rqstp, __be32 *p, struct nfs4_ac
        status = decode_access(&xdr, res);
        if (status != 0)
                goto out;
-        decode_getfattr(&xdr, res->fattr, res->server);
+        decode_getfattr(&xdr, res->fattr, res->server,
+                        !RPC_IS_ASYNC(rqstp->rq_task));
 out:
        return status;
 }
@@ -4424,7 +4681,8 @@ static int nfs4_xdr_dec_lookup(struct rpc_rqst *rqstp, __be32 *p, struct nfs4_lo
                goto out;
        if ((status = decode_getfh(&xdr, res->fh)) != 0)
                goto out;
-        status = decode_getfattr(&xdr, res->fattr, res->server);
+        status = decode_getfattr(&xdr, res->fattr, res->server
+                        ,!RPC_IS_ASYNC(rqstp->rq_task));
 out:
        return status;
 }
@@ -4448,7 +4706,8 @@ static int nfs4_xdr_dec_lookup_root(struct rpc_rqst *rqstp, __be32 *p, struct nf
        if ((status = decode_putrootfh(&xdr)) != 0)
                goto out;
        if ((status = decode_getfh(&xdr, res->fh)) == 0)
-                status = decode_getfattr(&xdr, res->fattr, res->server);
+                status = decode_getfattr(&xdr, res->fattr, res->server,
+                                !RPC_IS_ASYNC(rqstp->rq_task));
 out:
        return status;
 }
@@ -4473,7 +4732,8 @@ static int nfs4_xdr_dec_remove(struct rpc_rqst *rqstp, __be32 *p, struct nfs_rem
                goto out;
        if ((status = decode_remove(&xdr, &res->cinfo)) != 0)
                goto out;
-        decode_getfattr(&xdr, &res->dir_attr, res->server);
+        decode_getfattr(&xdr, &res->dir_attr, res->server,
+                        !RPC_IS_ASYNC(rqstp->rq_task));
 out:
        return status;
 }
@@ -4503,11 +4763,13 @@ static int nfs4_xdr_dec_rename(struct rpc_rqst *rqstp, __be32 *p, struct nfs4_re
        if ((status = decode_rename(&xdr, &res->old_cinfo, &res->new_cinfo)) != 0)
                goto out;
        /* Current FH is target directory */
-        if (decode_getfattr(&xdr, res->new_fattr, res->server) != 0)
+        if (decode_getfattr(&xdr, res->new_fattr, res->server,
+                                !RPC_IS_ASYNC(rqstp->rq_task)) != 0)
                goto out;
        if ((status = decode_restorefh(&xdr)) != 0)
                goto out;
-        decode_getfattr(&xdr, res->old_fattr, res->server);
+        decode_getfattr(&xdr, res->old_fattr, res->server,
+                        !RPC_IS_ASYNC(rqstp->rq_task));
 out:
        return status;
 }
@@ -4540,11 +4802,13 @@ static int nfs4_xdr_dec_link(struct rpc_rqst *rqstp, __be32 *p, struct nfs4_link
         * Note order: OP_LINK leaves the directory as the current
         *             filehandle.
         */
-        if (decode_getfattr(&xdr, res->dir_attr, res->server) != 0)
+        if (decode_getfattr(&xdr, res->dir_attr, res->server,
+                                !RPC_IS_ASYNC(rqstp->rq_task)) != 0)
                goto out;
        if ((status = decode_restorefh(&xdr)) != 0)
                goto out;
-        decode_getfattr(&xdr, res->fattr, res->server);
+        decode_getfattr(&xdr, res->fattr, res->server,
+                        !RPC_IS_ASYNC(rqstp->rq_task));
 out:
        return status;
 }
@@ -4573,11 +4837,13 @@ static int nfs4_xdr_dec_create(struct rpc_rqst *rqstp, __be32 *p, struct nfs4_cr
                goto out;
        if ((status = decode_getfh(&xdr, res->fh)) != 0)
                goto out;
-        if (decode_getfattr(&xdr, res->fattr, res->server) != 0)
+        if (decode_getfattr(&xdr, res->fattr, res->server,
+                                !RPC_IS_ASYNC(rqstp->rq_task)) != 0)
                goto out;
        if ((status = decode_restorefh(&xdr)) != 0)
                goto out;
-        decode_getfattr(&xdr, res->dir_fattr, res->server);
+        decode_getfattr(&xdr, res->dir_fattr, res->server,
+                        !RPC_IS_ASYNC(rqstp->rq_task));
 out:
        return status;
 }
@@ -4609,7 +4875,8 @@ static int nfs4_xdr_dec_getattr(struct rpc_rqst *rqstp, __be32 *p, struct nfs4_g
        status = decode_putfh(&xdr);
        if (status)
                goto out;
-        status = decode_getfattr(&xdr, res->fattr, res->server);
+        status = decode_getfattr(&xdr, res->fattr, res->server,
+                        !RPC_IS_ASYNC(rqstp->rq_task));
 out:
        return status;
 }
@@ -4716,7 +4983,8 @@ static int nfs4_xdr_dec_close(struct rpc_rqst *rqstp, __be32 *p, struct nfs_clos
         *      an ESTALE error. Shouldn't be a problem,
         *      though, since fattr->valid will remain unset.
         */
-        decode_getfattr(&xdr, res->fattr, res->server);
+        decode_getfattr(&xdr, res->fattr, res->server,
+                        !RPC_IS_ASYNC(rqstp->rq_task));
 out:
        return status;
 }
@@ -4748,11 +5016,13 @@ static int nfs4_xdr_dec_open(struct rpc_rqst *rqstp, __be32 *p, struct nfs_openr
                goto out;
        if (decode_getfh(&xdr, &res->fh) != 0)
                goto out;
-        if (decode_getfattr(&xdr, res->f_attr, res->server) != 0)
+        if (decode_getfattr(&xdr, res->f_attr, res->server,
+                                !RPC_IS_ASYNC(rqstp->rq_task)) != 0)
                goto out;
        if (decode_restorefh(&xdr) != 0)
                goto out;
-        decode_getfattr(&xdr, res->dir_attr, res->server);
+        decode_getfattr(&xdr, res->dir_attr, res->server,
+                        !RPC_IS_ASYNC(rqstp->rq_task));
 out:
        return status;
 }
@@ -4800,7 +5070,8 @@ static int nfs4_xdr_dec_open_noattr(struct rpc_rqst *rqstp, __be32 *p, struct nf
        status = decode_open(&xdr, res);
        if (status)
                goto out;
-        decode_getfattr(&xdr, res->f_attr, res->server);
+        decode_getfattr(&xdr, res->f_attr, res->server,
+                        !RPC_IS_ASYNC(rqstp->rq_task));
 out:
        return status;
 }
@@ -4827,7 +5098,8 @@ static int nfs4_xdr_dec_setattr(struct rpc_rqst *rqstp, __be32 *p, struct nfs_se
        status = decode_setattr(&xdr);
        if (status)
                goto out;
-        decode_getfattr(&xdr, res->fattr, res->server);
+        decode_getfattr(&xdr, res->fattr, res->server,
+                        !RPC_IS_ASYNC(rqstp->rq_task));
 out:
        return status;
 }
@@ -5001,7 +5273,8 @@ static int nfs4_xdr_dec_write(struct rpc_rqst *rqstp, __be32 *p, struct nfs_writ
        status = decode_write(&xdr, res);
        if (status)
                goto out;
-        decode_getfattr(&xdr, res->fattr, res->server);
+        decode_getfattr(&xdr, res->fattr, res->server,
+                        !RPC_IS_ASYNC(rqstp->rq_task));
        if (!status)
                status = res->count;
 out:
@@ -5030,7 +5303,8 @@ static int nfs4_xdr_dec_commit(struct rpc_rqst *rqstp, __be32 *p, struct nfs_wri
        status = decode_commit(&xdr, res);
        if (status)
                goto out;
-        decode_getfattr(&xdr, res->fattr, res->server);
+        decode_getfattr(&xdr, res->fattr, res->server,
+                        !RPC_IS_ASYNC(rqstp->rq_task));
 out:
        return status;
 }
@@ -5194,7 +5468,8 @@ static int nfs4_xdr_dec_delegreturn(struct rpc_rqst *rqstp, __be32 *p, struct nf
        if (status != 0)
                goto out;
        status = decode_delegreturn(&xdr);
-        decode_getfattr(&xdr, res->fattr, res->server);
+        decode_getfattr(&xdr, res->fattr, res->server,
+                        !RPC_IS_ASYNC(rqstp->rq_task));
 out:
        return status;
 }
@@ -5222,7 +5497,8 @@ static int nfs4_xdr_dec_fs_locations(struct rpc_rqst *req, __be32 *p,
                goto out;
        xdr_enter_page(&xdr, PAGE_SIZE);
        status = decode_getfattr(&xdr, &res->fs_locations->fattr,
-                                 res->fs_locations->server);
+                                 res->fs_locations->server,
+                                 !RPC_IS_ASYNC(req->rq_task));
 out:
        return status;
 }
diff --git a/fs/nfs/super.c b/fs/nfs/super.c
index 0b4cbdc60abd..867f70504531 100644
--- a/fs/nfs/super.c
+++ b/fs/nfs/super.c
@@ -73,7 +73,7 @@ enum {
        Opt_cto, Opt_nocto,
        Opt_ac, Opt_noac,
        Opt_lock, Opt_nolock,
-        Opt_v2, Opt_v3,
+        Opt_v2, Opt_v3, Opt_v4,
        Opt_udp, Opt_tcp, Opt_rdma,
        Opt_acl, Opt_noacl,
        Opt_rdirplus, Opt_nordirplus,
@@ -127,6 +127,7 @@ static const match_table_t nfs_mount_option_tokens = {
        { Opt_nolock, "nolock" },
        { Opt_v2, "v2" },
        { Opt_v3, "v3" },
+        { Opt_v4, "v4" },
        { Opt_udp, "udp" },
        { Opt_tcp, "tcp" },
        { Opt_rdma, "rdma" },
@@ -158,7 +159,7 @@ static const match_table_t nfs_mount_option_tokens = {
        { Opt_mountvers, "mountvers=%s" },
        { Opt_nfsvers, "nfsvers=%s" },
        { Opt_nfsvers, "vers=%s" },
-        { Opt_minorversion, "minorversion=%u" },
+        { Opt_minorversion, "minorversion=%s" },
        { Opt_sec, "sec=%s" },
        { Opt_proto, "proto=%s" },
@@ -272,6 +273,10 @@ static const struct super_operations nfs_sops = {
 };
 #ifdef CONFIG_NFS_V4
+static int nfs4_validate_text_mount_data(void *options,
+        struct nfs_parsed_mount_data *args, const char *dev_name);
+static int nfs4_try_mount(int flags, const char *dev_name,
+        struct nfs_parsed_mount_data *data, struct vfsmount *mnt);
 static int nfs4_get_sb(struct file_system_type *fs_type,
        int flags, const char *dev_name, void *raw_data, struct vfsmount *mnt);
 static int nfs4_remote_get_sb(struct file_system_type *fs_type,
@@ -742,127 +747,23 @@ static int nfs_verify_server_address(struct sockaddr *addr)
        }
        }
+        dfprintk(MOUNT, "NFS: Invalid IP address specified\n");
        return 0;
 }
-static void nfs_parse_ipv4_address(char *string, size_t str_len,
-                                   struct sockaddr *sap, size_t *addr_len)
-{
-        struct sockaddr_in *sin = (struct sockaddr_in *)sap;
-        u8 *addr = (u8 *)&sin->sin_addr.s_addr;
-        if (str_len <= INET_ADDRSTRLEN) {
-                dfprintk(MOUNT, "NFS: parsing IPv4 address %*s\n",
-                                (int)str_len, string);
-                sin->sin_family = AF_INET;
-                *addr_len = sizeof(*sin);
-                if (in4_pton(string, str_len, addr, '\0', NULL))
-                        return;
-        }
-        sap->sa_family = AF_UNSPEC;
-        *addr_len = 0;
-}
-#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
-static int nfs_parse_ipv6_scope_id(const char *string, const size_t str_len,
-                                   const char *delim,
-                                   struct sockaddr_in6 *sin6)
-{
-        char *p;
-        size_t len;
-        if ((string + str_len) == delim)
-                return 1;
-        if (*delim != IPV6_SCOPE_DELIMITER)
-                return 0;
-        if (!(ipv6_addr_type(&sin6->sin6_addr) & IPV6_ADDR_LINKLOCAL))
-                return 0;
-        len = (string + str_len) - delim - 1;
-        p = kstrndup(delim + 1, len, GFP_KERNEL);
-        if (p) {
-                unsigned long scope_id = 0;
-                struct net_device *dev;
-                dev = dev_get_by_name(&init_net, p);
-                if (dev != NULL) {
-                        scope_id = dev->ifindex;
-                        dev_put(dev);
-                } else {
-                        if (strict_strtoul(p, 10, &scope_id) == 0) {
-                                kfree(p);
-                                return 0;
-                        }
-                }
-                kfree(p);
-                sin6->sin6_scope_id = scope_id;
-                dfprintk(MOUNT, "NFS: IPv6 scope ID = %lu\n", scope_id);
-                return 1;
-        }
-        return 0;
-}
-static void nfs_parse_ipv6_address(char *string, size_t str_len,
-                                   struct sockaddr *sap, size_t *addr_len)
-{
-        struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sap;
-        u8 *addr = (u8 *)&sin6->sin6_addr.in6_u;
-        const char *delim;
-        if (str_len <= INET6_ADDRSTRLEN) {
-                dfprintk(MOUNT, "NFS: parsing IPv6 address %*s\n",
-                                (int)str_len, string);
-                sin6->sin6_family = AF_INET6;
-                *addr_len = sizeof(*sin6);
-                if (in6_pton(string, str_len, addr,
-                                        IPV6_SCOPE_DELIMITER, &delim) != 0) {
-                        if (nfs_parse_ipv6_scope_id(string, str_len,
-                                                        delim, sin6) != 0)
-                                return;
-                }
-        }
-        sap->sa_family = AF_UNSPEC;
-        *addr_len = 0;
-}
-#else
-static void nfs_parse_ipv6_address(char *string, size_t str_len,
-                                   struct sockaddr *sap, size_t *addr_len)
-{
-        sap->sa_family = AF_UNSPEC;
-        *addr_len = 0;
-}
-#endif
 /*
- * Construct a sockaddr based on the contents of a string that contains
+ * Select between a default port value and a user-specified port value.
- * an IP address in presentation format.
+ * If a zero value is set, then autobind will be used.
- *
- * If there is a problem constructing the new sockaddr, set the address
- * family to AF_UNSPEC.
 */
-void nfs_parse_ip_address(char *string, size_t str_len,
+static void nfs_set_default_port(struct sockaddr *sap, const int parsed_port,
-                                 struct sockaddr *sap, size_t *addr_len)
+                                 const unsigned short default_port)
 {
-        unsigned int i, colons;
+        unsigned short port = default_port;
-        colons = 0;
+        if (parsed_port != NFS_UNSPEC_PORT)
-        for (i = 0; i < str_len; i++)
+                port = parsed_port;
-                if (string[i] == ':')
-                        colons++;
-        if (colons >= 2)
+        rpc_set_port(sap, port);
-                nfs_parse_ipv6_address(string, str_len, sap, addr_len);
-        else
-                nfs_parse_ipv4_address(string, str_len, sap, addr_len);
 }
 /*
@@ -904,8 +805,6 @@ static void nfs_set_mount_transport_protocol(struct nfs_parsed_mount_data *mnt)
 /*
 * Parse the value of the 'sec=' option.
- *
- * The flavor_len setting is for v4 mounts.
 */
 static int nfs_parse_security_flavors(char *value,
                                      struct nfs_parsed_mount_data *mnt)
@@ -916,53 +815,43 @@ static int nfs_parse_security_flavors(char *value,
        switch (match_token(value, nfs_secflavor_tokens, args)) {
        case Opt_sec_none:
-                mnt->auth_flavor_len = 0;
                mnt->auth_flavors[0] = RPC_AUTH_NULL;
                break;
        case Opt_sec_sys:
-                mnt->auth_flavor_len = 0;
                mnt->auth_flavors[0] = RPC_AUTH_UNIX;
                break;
        case Opt_sec_krb5:
-                mnt->auth_flavor_len = 1;
                mnt->auth_flavors[0] = RPC_AUTH_GSS_KRB5;
                break;
        case Opt_sec_krb5i:
-                mnt->auth_flavor_len = 1;
                mnt->auth_flavors[0] = RPC_AUTH_GSS_KRB5I;
                break;
        case Opt_sec_krb5p:
-                mnt->auth_flavor_len = 1;
                mnt->auth_flavors[0] = RPC_AUTH_GSS_KRB5P;
                break;
        case Opt_sec_lkey:
-                mnt->auth_flavor_len = 1;
                mnt->auth_flavors[0] = RPC_AUTH_GSS_LKEY;
                break;
        case Opt_sec_lkeyi:
-                mnt->auth_flavor_len = 1;
                mnt->auth_flavors[0] = RPC_AUTH_GSS_LKEYI;
                break;
        case Opt_sec_lkeyp:
-                mnt->auth_flavor_len = 1;
                mnt->auth_flavors[0] = RPC_AUTH_GSS_LKEYP;
                break;
        case Opt_sec_spkm:
-                mnt->auth_flavor_len = 1;
                mnt->auth_flavors[0] = RPC_AUTH_GSS_SPKM;
                break;
        case Opt_sec_spkmi:
-                mnt->auth_flavor_len = 1;
                mnt->auth_flavors[0] = RPC_AUTH_GSS_SPKMI;
                break;
        case Opt_sec_spkmp:
-                mnt->auth_flavor_len = 1;
                mnt->auth_flavors[0] = RPC_AUTH_GSS_SPKMP;
                break;
        default:
                return 0;
        }
+        mnt->auth_flavor_len = 1;
        return 1;
 }
@@ -1001,7 +890,6 @@ static int nfs_parse_mount_options(char *raw,
        while ((p = strsep(&raw, ",")) != NULL) {
                substring_t args[MAX_OPT_ARGS];
                unsigned long option;
-                int int_option;
                int token;
                if (!*p)
@@ -1047,10 +935,18 @@ static int nfs_parse_mount_options(char *raw,
                        break;
                case Opt_v2:
                        mnt->flags &= ~NFS_MOUNT_VER3;
+                        mnt->version = 2;
                        break;
                case Opt_v3:
                        mnt->flags |= NFS_MOUNT_VER3;
+                        mnt->version = 3;
                        break;
+#ifdef CONFIG_NFS_V4
+                case Opt_v4:
+                        mnt->flags &= ~NFS_MOUNT_VER3;
+                        mnt->version = 4;
+                        break;
+#endif
                case Opt_udp:
                        mnt->flags &= ~NFS_MOUNT_TCP;
                        mnt->nfs_server.protocol = XPRT_TRANSPORT_UDP;
@@ -1264,20 +1160,33 @@ static int nfs_parse_mount_options(char *raw,
                        switch (option) {
                        case NFS2_VERSION:
                                mnt->flags &= ~NFS_MOUNT_VER3;
+                                mnt->version = 2;
                                break;
                        case NFS3_VERSION:
                                mnt->flags |= NFS_MOUNT_VER3;
+                                mnt->version = 3;
                                break;
+#ifdef CONFIG_NFS_V4
+                        case NFS4_VERSION:
+                                mnt->flags &= ~NFS_MOUNT_VER3;
+                                mnt->version = 4;
+                                break;
+#endif
                        default:
                                goto out_invalid_value;
                        }
                        break;
                case Opt_minorversion:
-                        if (match_int(args, &int_option))
+                        string = match_strdup(args);
-                                return 0;
+                        if (string == NULL)
-                        if (int_option < 0 || int_option > NFS4_MAX_MINOR_VERSION)
+                                goto out_nomem;
-                                return 0;
+                        rc = strict_strtoul(string, 10, &option);
-                        mnt->minorversion = int_option;
+                        kfree(string);
+                        if (rc != 0)
+                                goto out_invalid_value;
+                        if (option > NFS4_MAX_MINOR_VERSION)
+                                goto out_invalid_value;
+                        mnt->minorversion = option;
                        break;
                /*
@@ -1352,11 +1261,14 @@ static int nfs_parse_mount_options(char *raw,
                        string = match_strdup(args);
                        if (string == NULL)
                                goto out_nomem;
-                        nfs_parse_ip_address(string, strlen(string),
+                        mnt->nfs_server.addrlen =
-                                             (struct sockaddr *)
+                                rpc_pton(string, strlen(string),
-                                                &mnt->nfs_server.address,
+                                        (struct sockaddr *)
-                                             &mnt->nfs_server.addrlen);
+                                        &mnt->nfs_server.address,
+                                        sizeof(mnt->nfs_server.address));
                        kfree(string);
+                        if (mnt->nfs_server.addrlen == 0)
+                                goto out_invalid_address;
                        break;
                case Opt_clientaddr:
                        string = match_strdup(args);
@@ -1376,11 +1288,14 @@ static int nfs_parse_mount_options(char *raw,
                        string = match_strdup(args);
                        if (string == NULL)
                                goto out_nomem;
-                        nfs_parse_ip_address(string, strlen(string),
+                        mnt->mount_server.addrlen =
-                                             (struct sockaddr *)
+                                rpc_pton(string, strlen(string),
-                                                &mnt->mount_server.address,
+                                        (struct sockaddr *)
-                                             &mnt->mount_server.addrlen);
+                                        &mnt->mount_server.address,
+                                        sizeof(mnt->mount_server.address));
                        kfree(string);
+                        if (mnt->mount_server.addrlen == 0)
+                                goto out_invalid_address;
                        break;
                case Opt_lookupcache:
                        string = match_strdup(args);
@@ -1432,8 +1347,11 @@ static int nfs_parse_mount_options(char *raw,
        return 1;
+out_invalid_address:
+        printk(KERN_INFO "NFS: bad IP address specified: %s\n", p);
+        return 0;
 out_invalid_value:
-        printk(KERN_INFO "NFS: bad mount option value specified: %s \n", p);
+        printk(KERN_INFO "NFS: bad mount option value specified: %s\n", p);
        return 0;
 out_nomem:
        printk(KERN_INFO "NFS: not enough memory to parse option\n");
@@ -1445,13 +1363,60 @@ out_security_failure:
 }
 /*
+ * Match the requested auth flavors with the list returned by
+ * the server.  Returns zero and sets the mount's authentication
+ * flavor on success; returns -EACCES if server does not support
+ * the requested flavor.
+ */
+static int nfs_walk_authlist(struct nfs_parsed_mount_data *args,
+                             struct nfs_mount_request *request)
+{
+        unsigned int i, j, server_authlist_len = *(request->auth_flav_len);
+        /*
+         * Certain releases of Linux's mountd return an empty
+         * flavor list.  To prevent behavioral regression with
+         * these servers (ie. rejecting mounts that used to
+         * succeed), revert to pre-2.6.32 behavior (no checking)
+         * if the returned flavor list is empty.
+         */
+        if (server_authlist_len == 0)
+                return 0;
+        /*
+         * We avoid sophisticated negotiating here, as there are
+         * plenty of cases where we can get it wrong, providing
+         * either too little or too much security.
+         *
+         * RFC 2623, section 2.7 suggests we SHOULD prefer the
+         * flavor listed first.  However, some servers list
+         * AUTH_NULL first.  Our caller plants AUTH_SYS, the
+         * preferred default, in args->auth_flavors[0] if user
+         * didn't specify sec= mount option.
+         */
+        for (i = 0; i < args->auth_flavor_len; i++)
+                for (j = 0; j < server_authlist_len; j++)
+                        if (args->auth_flavors[i] == request->auth_flavs[j]) {
+                                dfprintk(MOUNT, "NFS: using auth flavor %d\n",
+                                        request->auth_flavs[j]);
+                                args->auth_flavors[0] = request->auth_flavs[j];
+                                return 0;
+                        }
+        dfprintk(MOUNT, "NFS: server does not support requested auth flavor\n");
+        nfs_umount(request);
+        return -EACCES;
+}
+/*
 * Use the remote server's MOUNT service to request the NFS file handle
 * corresponding to the provided path.
 */
 static int nfs_try_mount(struct nfs_parsed_mount_data *args,
                         struct nfs_fh *root_fh)
 {
-        unsigned int auth_flavor_len = 0;
+        rpc_authflavor_t server_authlist[NFS_MAX_SECFLAVORS];
+        unsigned int server_authlist_len = ARRAY_SIZE(server_authlist);
        struct nfs_mount_request request = {
                .sap            = (struct sockaddr *)
                                                &args->mount_server.address,
@@ -1459,7 +1424,8 @@ static int nfs_try_mount(struct nfs_parsed_mount_data *args,
                .protocol       = args->mount_server.protocol,
                .fh             = root_fh,
                .noresvport     = args->flags & NFS_MOUNT_NORESVPORT,
-                .auth_flav_len  = &auth_flavor_len,
+                .auth_flav_len  = &server_authlist_len,
+                .auth_flavs     = server_authlist,
        };
        int status;
@@ -1485,23 +1451,25 @@ static int nfs_try_mount(struct nfs_parsed_mount_data *args,
                args->mount_server.addrlen = args->nfs_server.addrlen;
        }
        request.salen = args->mount_server.addrlen;
+        nfs_set_default_port(request.sap, args->mount_server.port, 0);
-        /*
-         * autobind will be used if mount_server.port == 0
-         */
-        nfs_set_port(request.sap, args->mount_server.port);
        /*
         * Now ask the mount server to map our export path
         * to a file handle.
         */
        status = nfs_mount(&request);
-        if (status == 0)
+        if (status != 0) {
-                return 0;
+                dfprintk(MOUNT, "NFS: unable to mount server %s, error %d\n",
+                                request.hostname, status);
+                return status;
+        }
-        dfprintk(MOUNT, "NFS: unable to mount server %s, error %d\n",
+        /*
-                        request.hostname, status);
+         * MNTv1 (NFSv2) does not support auth flavor negotiation.
-        return status;
+         */
+        if (args->mount_server.version != NFS_MNT3_VERSION)
+                return 0;
+        return nfs_walk_authlist(args, &request);
 }
 static int nfs_parse_simple_hostname(const char *dev_name,
@@ -1661,6 +1629,7 @@ static int nfs_validate_mount_data(void *options,
                                   const char *dev_name)
 {
        struct nfs_mount_data *data = (struct nfs_mount_data *)options;
+        struct sockaddr *sap = (struct sockaddr *)&args->nfs_server.address;
        if (data == NULL)
                goto out_no_data;
@@ -1672,10 +1641,12 @@ static int nfs_validate_mount_data(void *options,
        args->acregmax          = NFS_DEF_ACREGMAX;
        args->acdirmin          = NFS_DEF_ACDIRMIN;
        args->acdirmax          = NFS_DEF_ACDIRMAX;
-        args->mount_server.port = 0;    /* autobind unless user sets port */
+        args->mount_server.port = NFS_UNSPEC_PORT;
-        args->nfs_server.port   = 0;    /* autobind unless user sets port */
+        args->nfs_server.port   = NFS_UNSPEC_PORT;
        args->nfs_server.protocol = XPRT_TRANSPORT_TCP;
        args->auth_flavors[0]   = RPC_AUTH_UNIX;
+        args->auth_flavor_len   = 1;
+        args->minorversion      = 0;
        switch (data->version) {
        case 1:
@@ -1697,8 +1668,11 @@ static int nfs_validate_mount_data(void *options,
                        if (data->root.size > NFS3_FHSIZE || data->root.size == 0)
                                goto out_invalid_fh;
                        mntfh->size = data->root.size;
-                } else
+                        args->version = 3;
+                } else {
                        mntfh->size = NFS2_FHSIZE;
+                        args->version = 2;
+                }
                memcpy(mntfh->data, data->root.data, mntfh->size);
@@ -1720,11 +1694,9 @@ static int nfs_validate_mount_data(void *options,
                args->acdirmin          = data->acdirmin;
                args->acdirmax          = data->acdirmax;
-                memcpy(&args->nfs_server.address, &data->addr,
+                memcpy(sap, &data->addr, sizeof(data->addr));
-                       sizeof(data->addr));
                args->nfs_server.addrlen = sizeof(data->addr);
-                if (!nfs_verify_server_address((struct sockaddr *)
+                if (!nfs_verify_server_address(sap))
-                                                &args->nfs_server.address))
                        goto out_no_address;
                if (!(data->flags & NFS_MOUNT_TCP))
@@ -1772,12 +1744,18 @@ static int nfs_validate_mount_data(void *options,
                if (nfs_parse_mount_options((char *)options, args) == 0)
                        return -EINVAL;
-                if (!nfs_verify_server_address((struct sockaddr *)
+                if (!nfs_verify_server_address(sap))
-                                                &args->nfs_server.address))
                        goto out_no_address;
-                nfs_set_port((struct sockaddr *)&args->nfs_server.address,
+                if (args->version == 4)
-                                args->nfs_server.port);
+#ifdef CONFIG_NFS_V4
+                        return nfs4_validate_text_mount_data(options,
+                                                             args, dev_name);
+#else
+                        goto out_v4_not_compiled;
+#endif
+                nfs_set_default_port(sap, args->nfs_server.port, 0);
                nfs_set_mount_transport_protocol(args);
@@ -1825,6 +1803,12 @@ out_v3_not_compiled:
        return -EPROTONOSUPPORT;
 #endif /* !CONFIG_NFS_V3 */
+#ifndef CONFIG_NFS_V4
+out_v4_not_compiled:
+        dfprintk(MOUNT, "NFS: NFSv4 is not compiled into kernel\n");
+        return -EPROTONOSUPPORT;
+#endif /* !CONFIG_NFS_V4 */
 out_nomem:
        dfprintk(MOUNT, "NFS: not enough memory to handle mount options\n");
        return -ENOMEM;
@@ -2120,6 +2104,14 @@ static int nfs_get_sb(struct file_system_type *fs_type,
        if (error < 0)
                goto out;
+#ifdef CONFIG_NFS_V4
+        if (data->version == 4) {
+                error = nfs4_try_mount(flags, dev_name, data, mnt);
+                kfree(data->client_address);
+                goto out;
+        }
+#endif  /* CONFIG_NFS_V4 */
        /* Get a volume representation */
        server = nfs_create_server(data, mntfh);
        if (IS_ERR(server)) {
@@ -2317,6 +2309,43 @@ static void nfs4_validate_mount_flags(struct nfs_parsed_mount_data *args)
        args->flags &= ~(NFS_MOUNT_NONLM|NFS_MOUNT_NOACL|NFS_MOUNT_VER3);
 }
+static int nfs4_validate_text_mount_data(void *options,
+                                         struct nfs_parsed_mount_data *args,
+                                         const char *dev_name)
+{
+        struct sockaddr *sap = (struct sockaddr *)&args->nfs_server.address;
+        nfs_set_default_port(sap, args->nfs_server.port, NFS_PORT);
+        nfs_validate_transport_protocol(args);
+        nfs4_validate_mount_flags(args);
+        if (args->version != 4) {
+                dfprintk(MOUNT,
+                         "NFS4: Illegal mount version\n");
+                return -EINVAL;
+        }
+        if (args->auth_flavor_len > 1) {
+                dfprintk(MOUNT,
+                         "NFS4: Too many RPC auth flavours specified\n");
+                return -EINVAL;
+        }
+        if (args->client_address == NULL) {
+                dfprintk(MOUNT,
+                         "NFS4: mount program didn't pass callback address\n");
+                return -EINVAL;
+        }
+        return nfs_parse_devname(dev_name,
+                                   &args->nfs_server.hostname,
+                                   NFS4_MAXNAMLEN,
+                                   &args->nfs_server.export_path,
+                                   NFS4_MAXPATHLEN);
+}
 /*
 * Validate NFSv4 mount options
 */
@@ -2324,7 +2353,7 @@ static int nfs4_validate_mount_data(void *options,
                                    struct nfs_parsed_mount_data *args,
                                    const char *dev_name)
 {
-        struct sockaddr_in *ap;
+        struct sockaddr *sap = (struct sockaddr *)&args->nfs_server.address;
        struct nfs4_mount_data *data = (struct nfs4_mount_data *)options;
        char *c;
@@ -2337,23 +2366,22 @@ static int nfs4_validate_mount_data(void *options,
        args->acregmax          = NFS_DEF_ACREGMAX;
        args->acdirmin          = NFS_DEF_ACDIRMIN;
        args->acdirmax          = NFS_DEF_ACDIRMAX;
-        args->nfs_server.port   = NFS_PORT; /* 2049 unless user set port= */
+        args->nfs_server.port   = NFS_UNSPEC_PORT;
        args->auth_flavors[0]   = RPC_AUTH_UNIX;
-        args->auth_flavor_len   = 0;
+        args->auth_flavor_len   = 1;
+        args->version           = 4;
        args->minorversion      = 0;
        switch (data->version) {
        case 1:
-                ap = (struct sockaddr_in *)&args->nfs_server.address;
                if (data->host_addrlen > sizeof(args->nfs_server.address))
                        goto out_no_address;
                if (data->host_addrlen == 0)
                        goto out_no_address;
                args->nfs_server.addrlen = data->host_addrlen;
-                if (copy_from_user(ap, data->host_addr, data->host_addrlen))
+                if (copy_from_user(sap, data->host_addr, data->host_addrlen))
                        return -EFAULT;
-                if (!nfs_verify_server_address((struct sockaddr *)
+                if (!nfs_verify_server_address(sap))
-                                                &args->nfs_server.address))
                        goto out_no_address;
                if (data->auth_flavourlen) {
@@ -2399,39 +2427,14 @@ static int nfs4_validate_mount_data(void *options,
                nfs_validate_transport_protocol(args);
                break;
-        default: {
+        default:
-                int status;
                if (nfs_parse_mount_options((char *)options, args) == 0)
                        return -EINVAL;
-                if (!nfs_verify_server_address((struct sockaddr *)
+                if (!nfs_verify_server_address(sap))
-                                                &args->nfs_server.address))
                        return -EINVAL;
-                nfs_set_port((struct sockaddr *)&args->nfs_server.address,
+                return nfs4_validate_text_mount_data(options, args, dev_name);
-                                args->nfs_server.port);
-                nfs_validate_transport_protocol(args);
-                nfs4_validate_mount_flags(args);
-                if (args->auth_flavor_len > 1)
-                        goto out_inval_auth;
-                if (args->client_address == NULL)
-                        goto out_no_client_address;
-                status = nfs_parse_devname(dev_name,
-                                           &args->nfs_server.hostname,
-                                           NFS4_MAXNAMLEN,
-                                           &args->nfs_server.export_path,
-                                           NFS4_MAXPATHLEN);
-                if (status < 0)
-                        return status;
-                break;
-                }
        }
        return 0;
@@ -2448,10 +2451,6 @@ out_inval_auth:
 out_no_address:
        dfprintk(MOUNT, "NFS4: mount program didn't pass remote address\n");
        return -EINVAL;
-out_no_client_address:
-        dfprintk(MOUNT, "NFS4: mount program didn't pass callback address\n");
-        return -EINVAL;
 }
 /*
@@ -2618,6 +2617,34 @@ out_err:
        return ret;
 }
+static int nfs4_try_mount(int flags, const char *dev_name,
+                         struct nfs_parsed_mount_data *data,
+                         struct vfsmount *mnt)
+{
+        char *export_path;
+        struct vfsmount *root_mnt;
+        int error;
+        dfprintk(MOUNT, "--> nfs4_try_mount()\n");
+        export_path = data->nfs_server.export_path;
+        data->nfs_server.export_path = "/";
+        root_mnt = nfs_do_root_mount(&nfs4_remote_fs_type, flags, data,
+                        data->nfs_server.hostname);
+        data->nfs_server.export_path = export_path;
+        error = PTR_ERR(root_mnt);
+        if (IS_ERR(root_mnt))
+                goto out;
+        error = nfs_follow_remote_path(root_mnt, export_path, mnt);
+out:
+        dfprintk(MOUNT, "<-- nfs4_try_mount() = %d%s\n", error,
+                        error != 0 ? " [error]" : "");
+        return error;
+}
 /*
 * Get the superblock for an NFS4 mountpoint
 */
@@ -2625,8 +2652,6 @@ static int nfs4_get_sb(struct file_system_type *fs_type,
        int flags, const char *dev_name, void *raw_data, struct vfsmount *mnt)
 {
        struct nfs_parsed_mount_data *data;
-        char *export_path;
-        struct vfsmount *root_mnt;
        int error = -ENOMEM;
        data = kzalloc(sizeof(*data), GFP_KERNEL);
@@ -2638,17 +2663,7 @@ static int nfs4_get_sb(struct file_system_type *fs_type,
        if (error < 0)
                goto out;
-        export_path = data->nfs_server.export_path;
+        error = nfs4_try_mount(flags, dev_name, data, mnt);
-        data->nfs_server.export_path = "/";
-        root_mnt = nfs_do_root_mount(&nfs4_remote_fs_type, flags, data,
-                        data->nfs_server.hostname);
-        data->nfs_server.export_path = export_path;
-        error = PTR_ERR(root_mnt);
-        if (IS_ERR(root_mnt))
-                goto out;
-        error = nfs_follow_remote_path(root_mnt, export_path, mnt);
 out:
        kfree(data->client_address);
diff --git a/fs/nfs/write.c b/fs/nfs/write.c
index a34fae21fe10..120acadc6a84 100644
--- a/fs/nfs/write.c
+++ b/fs/nfs/write.c
@@ -13,6 +13,7 @@
 #include <linux/file.h>
 #include <linux/writeback.h>
 #include <linux/swap.h>
+#include <linux/migrate.h>
 #include <linux/sunrpc/clnt.h>
 #include <linux/nfs_fs.h>
@@ -26,6 +27,7 @@
 #include "internal.h"
 #include "iostat.h"
 #include "nfs4_fs.h"
+#include "fscache.h"
 #define NFSDBG_FACILITY         NFSDBG_PAGECACHE
@@ -218,24 +220,17 @@ static void nfs_end_page_writeback(struct page *page)
                clear_bdi_congested(&nfss->backing_dev_info, BLK_RW_ASYNC);
 }
-/*
+static struct nfs_page *nfs_find_and_lock_request(struct page *page)
- * Find an associated nfs write request, and prepare to flush it out
- * May return an error if the user signalled nfs_wait_on_request().
- */
-static int nfs_page_async_flush(struct nfs_pageio_descriptor *pgio,
-                                struct page *page)
 {
        struct inode *inode = page->mapping->host;
        struct nfs_page *req;
        int ret;
        spin_lock(&inode->i_lock);
-        for(;;) {
+        for (;;) {
                req = nfs_page_find_request_locked(page);
-                if (req == NULL) {
+                if (req == NULL)
-                        spin_unlock(&inode->i_lock);
+                        break;
-                        return 0;
-                }
                if (nfs_set_page_tag_locked(req))
                        break;
                /* Note: If we hold the page lock, as is the case in nfs_writepage,
@@ -247,23 +242,40 @@ static int nfs_page_async_flush(struct nfs_pageio_descriptor *pgio,
                ret = nfs_wait_on_request(req);
                nfs_release_request(req);
                if (ret != 0)
-                        return ret;
+                        return ERR_PTR(ret);
                spin_lock(&inode->i_lock);
        }
-        if (test_bit(PG_CLEAN, &req->wb_flags)) {
-                spin_unlock(&inode->i_lock);
-                BUG();
-        }
-        if (nfs_set_page_writeback(page) != 0) {
-                spin_unlock(&inode->i_lock);
-                BUG();
-        }
        spin_unlock(&inode->i_lock);
+        return req;
+}
+/*
+ * Find an associated nfs write request, and prepare to flush it out
+ * May return an error if the user signalled nfs_wait_on_request().
+ */
+static int nfs_page_async_flush(struct nfs_pageio_descriptor *pgio,
+                                struct page *page)
+{
+        struct nfs_page *req;
+        int ret = 0;
+        req = nfs_find_and_lock_request(page);
+        if (!req)
+                goto out;
+        ret = PTR_ERR(req);
+        if (IS_ERR(req))
+                goto out;
+        ret = nfs_set_page_writeback(page);
+        BUG_ON(ret != 0);
+        BUG_ON(test_bit(PG_CLEAN, &req->wb_flags));
        if (!nfs_pageio_add_request(pgio, req)) {
                nfs_redirty_request(req);
-                return pgio->pg_error;
+                ret = pgio->pg_error;
        }
-        return 0;
+out:
+        return ret;
 }
 static int nfs_do_writepage(struct page *page, struct writeback_control *wbc, struct nfs_pageio_descriptor *pgio)
@@ -1580,6 +1592,41 @@ int nfs_wb_page(struct inode *inode, struct page* page)
        return nfs_wb_page_priority(inode, page, FLUSH_STABLE);
 }
+#ifdef CONFIG_MIGRATION
+int nfs_migrate_page(struct address_space *mapping, struct page *newpage,
+                struct page *page)
+{
+        struct nfs_page *req;
+        int ret;
+        if (PageFsCache(page))
+                nfs_fscache_release_page(page, GFP_KERNEL);
+        req = nfs_find_and_lock_request(page);
+        ret = PTR_ERR(req);
+        if (IS_ERR(req))
+                goto out;
+        ret = migrate_page(mapping, newpage, page);
+        if (!req)
+                goto out;
+        if (ret)
+                goto out_unlock;
+        page_cache_get(newpage);
+        req->wb_page = newpage;
+        SetPagePrivate(newpage);
+        set_page_private(newpage, page_private(page));
+        ClearPagePrivate(page);
+        set_page_private(page, 0);
+        page_cache_release(page);
+out_unlock:
+        nfs_clear_page_tag_locked(req);
+        nfs_release_request(req);
+out:
+        return ret;
+}
+#endif
 int __init nfs_init_writepagecache(void)
 {
        nfs_wdata_cachep = kmem_cache_create("nfs_write_data",
diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c
index 5573508f707f..36fcabbf5186 100644
--- a/fs/nfsd/auth.c
+++ b/fs/nfsd/auth.c
@@ -34,6 +34,8 @@ int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
        int flags = nfsexp_flags(rqstp, exp);
        int ret;
+        validate_process_creds();
        /* discard any old override before preparing the new set */
        revert_creds(get_cred(current->real_cred));
        new = prepare_creds();
@@ -86,8 +88,10 @@ int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
        else
                new->cap_effective = cap_raise_nfsd_set(new->cap_effective,
                                                        new->cap_permitted);
+        validate_process_creds();
        put_cred(override_creds(new));
        put_cred(new);
+        validate_process_creds();
        return 0;
 oom:
diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c
index b92a27629fb7..d9462643155c 100644
--- a/fs/nfsd/export.c
+++ b/fs/nfsd/export.c
@@ -85,6 +85,11 @@ static void expkey_request(struct cache_detail *cd,
        (*bpp)[-1] = '\n';
 }
+static int expkey_upcall(struct cache_detail *cd, struct cache_head *h)
+{
+        return sunrpc_cache_pipe_upcall(cd, h, expkey_request);
+}
 static struct svc_expkey *svc_expkey_update(struct svc_expkey *new, struct svc_expkey *old);
 static struct svc_expkey *svc_expkey_lookup(struct svc_expkey *);
 static struct cache_detail svc_expkey_cache;
@@ -259,7 +264,7 @@ static struct cache_detail svc_expkey_cache = {
        .hash_table     = expkey_table,
        .name           = "nfsd.fh",
        .cache_put      = expkey_put,
-        .cache_request  = expkey_request,
+        .cache_upcall   = expkey_upcall,
        .cache_parse    = expkey_parse,
        .cache_show     = expkey_show,
        .match          = expkey_match,
@@ -355,6 +360,11 @@ static void svc_export_request(struct cache_detail *cd,
        (*bpp)[-1] = '\n';
 }
+static int svc_export_upcall(struct cache_detail *cd, struct cache_head *h)
+{
+        return sunrpc_cache_pipe_upcall(cd, h, svc_export_request);
+}
 static struct svc_export *svc_export_update(struct svc_export *new,
                                            struct svc_export *old);
 static struct svc_export *svc_export_lookup(struct svc_export *);
@@ -724,7 +734,7 @@ struct cache_detail svc_export_cache = {
        .hash_table     = export_table,
        .name           = "nfsd.export",
        .cache_put      = svc_export_put,
-        .cache_request  = svc_export_request,
+        .cache_upcall   = svc_export_upcall,
        .cache_parse    = svc_export_parse,
        .cache_show     = svc_export_show,
        .match          = svc_export_match,
diff --git a/fs/nfsd/nfs4idmap.c b/fs/nfsd/nfs4idmap.c
index 5b398421b051..cdfa86fa1471 100644
--- a/fs/nfsd/nfs4idmap.c
+++ b/fs/nfsd/nfs4idmap.c
@@ -146,6 +146,12 @@ idtoname_request(struct cache_detail *cd, struct cache_head *ch, char **bpp,
 }
 static int
+idtoname_upcall(struct cache_detail *cd, struct cache_head *ch)
+{
+        return sunrpc_cache_pipe_upcall(cd, ch, idtoname_request);
+}
+static int
 idtoname_match(struct cache_head *ca, struct cache_head *cb)
 {
        struct ent *a = container_of(ca, struct ent, h);
@@ -175,10 +181,10 @@ idtoname_show(struct seq_file *m, struct cache_detail *cd, struct cache_head *h)
 }
 static void
-warn_no_idmapd(struct cache_detail *detail)
+warn_no_idmapd(struct cache_detail *detail, int has_died)
 {
        printk("nfsd: nfsv4 idmapping failing: has idmapd %s?\n",
-                        detail->last_close? "died" : "not been started");
+                        has_died ? "died" : "not been started");
 }
@@ -192,7 +198,7 @@ static struct cache_detail idtoname_cache = {
        .hash_table     = idtoname_table,
        .name           = "nfs4.idtoname",
        .cache_put      = ent_put,
-        .cache_request  = idtoname_request,
+        .cache_upcall   = idtoname_upcall,
        .cache_parse    = idtoname_parse,
        .cache_show     = idtoname_show,
        .warn_no_listener = warn_no_idmapd,
@@ -325,6 +331,12 @@ nametoid_request(struct cache_detail *cd, struct cache_head *ch, char **bpp,
 }
 static int
+nametoid_upcall(struct cache_detail *cd, struct cache_head *ch)
+{
+        return sunrpc_cache_pipe_upcall(cd, ch, nametoid_request);
+}
+static int
 nametoid_match(struct cache_head *ca, struct cache_head *cb)
 {
        struct ent *a = container_of(ca, struct ent, h);
@@ -363,7 +375,7 @@ static struct cache_detail nametoid_cache = {
        .hash_table     = nametoid_table,
        .name           = "nfs4.nametoid",
        .cache_put      = ent_put,
-        .cache_request  = nametoid_request,
+        .cache_upcall   = nametoid_upcall,
        .cache_parse    = nametoid_parse,
        .cache_show     = nametoid_show,
        .warn_no_listener = warn_no_idmapd,
diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c
index 6d0847562d87..7e906c5b7671 100644
--- a/fs/nfsd/nfsctl.c
+++ b/fs/nfsd/nfsctl.c
@@ -37,6 +37,7 @@
 #include <linux/nfsd/xdr.h>
 #include <linux/nfsd/syscall.h>
 #include <linux/lockd/lockd.h>
+#include <linux/sunrpc/clnt.h>
 #include <asm/uaccess.h>
 #include <net/ipv6.h>
@@ -490,22 +491,18 @@ static ssize_t write_getfd(struct file *file, char *buf, size_t size)
 *
 * Input:
 *                      buf:    '\n'-terminated C string containing a
- *                              presentation format IPv4 address
+ *                              presentation format IP address
 *                      size:   length of C string in @buf
 * Output:
 *      On success:     returns zero if all specified locks were released;
 *                      returns one if one or more locks were not released
 *      On error:       return code is negative errno value
- *
- * Note: Only AF_INET client addresses are passed in
 */
 static ssize_t write_unlock_ip(struct file *file, char *buf, size_t size)
 {
-        struct sockaddr_in sin = {
+        struct sockaddr_storage address;
-                .sin_family     = AF_INET,
+        struct sockaddr *sap = (struct sockaddr *)&address;
-        };
+        size_t salen = sizeof(address);
-        int b1, b2, b3, b4;
-        char c;
        char *fo_path;
        /* sanity check */
@@ -519,14 +516,10 @@ static ssize_t write_unlock_ip(struct file *file, char *buf, size_t size)
        if (qword_get(&buf, fo_path, size) < 0)
                return -EINVAL;
-        /* get ipv4 address */
+        if (rpc_pton(fo_path, size, sap, salen) == 0)
-        if (sscanf(fo_path, "%u.%u.%u.%u%c", &b1, &b2, &b3, &b4, &c) != 4)
-                return -EINVAL;
-        if (b1 > 255 || b2 > 255 || b3 > 255 || b4 > 255)
                return -EINVAL;
-        sin.sin_addr.s_addr = htonl((b1 << 24) | (b2 << 16) | (b3 << 8) | b4);
-        return nlmsvc_unlock_all_by_ip((struct sockaddr *)&sin);
+        return nlmsvc_unlock_all_by_ip(sap);
 }
 /**
diff --git a/fs/nfsd/nfssvc.c b/fs/nfsd/nfssvc.c
index 492c79b7800b..24d58adfe5fd 100644
--- a/fs/nfsd/nfssvc.c
+++ b/fs/nfsd/nfssvc.c
@@ -496,7 +496,9 @@ nfsd(void *vrqstp)
                /* Lock the export hash tables for reading. */
                exp_readlock();
+                validate_process_creds();
                svc_process(rqstp);
+                validate_process_creds();
                /* Unlock export hash tables */
                exp_readunlock();
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
index 23341c1063bc..8fa09bfbcba7 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -684,6 +684,8 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type,
        __be32          err;
        int             host_err;
+        validate_process_creds();
        /*
         * If we get here, then the client has already done an "open",
         * and (hopefully) checked permission - so allow OWNER_OVERRIDE
@@ -740,6 +742,7 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type,
 out_nfserr:
        err = nfserrno(host_err);
 out:
+        validate_process_creds();
        return err;
 }
diff --git a/fs/nilfs2/btnode.c b/fs/nilfs2/btnode.c
index 7e0b61be212e..c668bca579c1 100644
--- a/fs/nilfs2/btnode.c
+++ b/fs/nilfs2/btnode.c
@@ -209,6 +209,7 @@ int nilfs_btnode_prepare_change_key(struct address_space *btnc,
                 * We cannot call radix_tree_preload for the kernels older
                 * than 2.6.23, because it is not exported for modules.
                 */
+retry:
                err = radix_tree_preload(GFP_NOFS & ~__GFP_HIGHMEM);
                if (err)
                        goto failed_unlock;
@@ -219,7 +220,6 @@ int nilfs_btnode_prepare_change_key(struct address_space *btnc,
                                       (unsigned long long)oldkey,
                                       (unsigned long long)newkey);
-retry:
                spin_lock_irq(&btnc->tree_lock);
                err = radix_tree_insert(&btnc->page_tree, newkey, obh->b_page);
                spin_unlock_irq(&btnc->tree_lock);
diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c
index b401654011a2..8a1e61545f41 100644
--- a/fs/ocfs2/aops.c
+++ b/fs/ocfs2/aops.c
@@ -1747,8 +1747,8 @@ int ocfs2_write_begin_nolock(struct address_space *mapping,
         * we know zeros will only be needed in the first and/or last cluster.
         */
        if (clusters_to_alloc || extents_to_split ||
-            wc->w_desc[0].c_needs_zero ||
+            (wc->w_clen && (wc->w_desc[0].c_needs_zero ||
-            wc->w_desc[wc->w_clen - 1].c_needs_zero)
+                            wc->w_desc[wc->w_clen - 1].c_needs_zero)))
                cluster_of_pages = 1;
        else
                cluster_of_pages = 0;
diff --git a/fs/ocfs2/dcache.c b/fs/ocfs2/dcache.c
index 2f28b7de2c8d..b4957c7d9fe2 100644
--- a/fs/ocfs2/dcache.c
+++ b/fs/ocfs2/dcache.c
@@ -85,6 +85,17 @@ static int ocfs2_dentry_revalidate(struct dentry *dentry,
                goto bail;
        }
+        /*
+         * If the last lookup failed to create dentry lock, let us
+         * redo it.
+         */
+        if (!dentry->d_fsdata) {
+                mlog(0, "Inode %llu doesn't have dentry lock, "
+                     "returning false\n",
+                     (unsigned long long)OCFS2_I(inode)->ip_blkno);
+                goto bail;
+        }
        ret = 1;
 bail:
diff --git a/fs/ocfs2/dlm/dlmfs.c b/fs/ocfs2/dlm/dlmfs.c
index 1c9efb406a96..02bf17808bdc 100644
--- a/fs/ocfs2/dlm/dlmfs.c
+++ b/fs/ocfs2/dlm/dlmfs.c
@@ -325,6 +325,7 @@ clear_fields:
 }
 static struct backing_dev_info dlmfs_backing_dev_info = {
+        .name           = "ocfs2-dlmfs",
        .ra_pages       = 0,    /* No readahead */
        .capabilities   = BDI_CAP_NO_ACCT_AND_WRITEBACK,
 };
diff --git a/fs/open.c b/fs/open.c
index dd98e8076024..31191bf513e4 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -199,7 +199,7 @@ out:
 int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,
        struct file *filp)
 {
-        int err;
+        int ret;
        struct iattr newattrs;
        /* Not pretty: "inode->i_size" shouldn't really be signed. But it is. */
@@ -214,12 +214,14 @@ int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,
        }
        /* Remove suid/sgid on truncate too */
-        newattrs.ia_valid |= should_remove_suid(dentry);
+        ret = should_remove_suid(dentry);
+        if (ret)
+                newattrs.ia_valid |= ret | ATTR_FORCE;
        mutex_lock(&dentry->d_inode->i_mutex);
-        err = notify_change(dentry, &newattrs);
+        ret = notify_change(dentry, &newattrs);
        mutex_unlock(&dentry->d_inode->i_mutex);
-        return err;
+        return ret;
 }
 static long do_sys_truncate(const char __user *pathname, loff_t length)
@@ -957,6 +959,8 @@ struct file *dentry_open(struct dentry *dentry, struct vfsmount *mnt, int flags,
        int error;
        struct file *f;
+        validate_creds(cred);
        /*
         * We must always pass in a valid mount pointer.   Historically
         * callers got away with not passing it, but we must enforce this at
diff --git a/fs/ramfs/inode.c b/fs/ramfs/inode.c
index 0ff7566c767c..a7f0110fca4c 100644
--- a/fs/ramfs/inode.c
+++ b/fs/ramfs/inode.c
@@ -46,6 +46,7 @@ static const struct super_operations ramfs_ops;
 static const struct inode_operations ramfs_dir_inode_operations;
 static struct backing_dev_info ramfs_backing_dev_info = {
+        .name           = "ramfs",
        .ra_pages       = 0,    /* No readahead */
        .capabilities   = BDI_CAP_NO_ACCT_AND_WRITEBACK |
                          BDI_CAP_MAP_DIRECT | BDI_CAP_MAP_COPY |
diff --git a/fs/super.c b/fs/super.c
index 2761d3e22ed9..9cda337ddae2 100644
--- a/fs/super.c
+++ b/fs/super.c
@@ -62,9 +62,6 @@ static struct super_block *alloc_super(struct file_system_type *type)
                        s = NULL;
                        goto out;
                }
-                INIT_LIST_HEAD(&s->s_dirty);
-                INIT_LIST_HEAD(&s->s_io);
-                INIT_LIST_HEAD(&s->s_more_io);
                INIT_LIST_HEAD(&s->s_files);
                INIT_LIST_HEAD(&s->s_instances);
                INIT_HLIST_HEAD(&s->s_anon);
@@ -171,7 +168,7 @@ int __put_super_and_need_restart(struct super_block *sb)
 *      Drops a temporary reference, frees superblock if there's no
 *      references left.
 */
-static void put_super(struct super_block *sb)
+void put_super(struct super_block *sb)
 {
        spin_lock(&sb_lock);
        __put_super(sb);
diff --git a/fs/sync.c b/fs/sync.c
index 3422ba61d86d..103cc7fdd3df 100644
--- a/fs/sync.c
+++ b/fs/sync.c
@@ -19,20 +19,22 @@
                        SYNC_FILE_RANGE_WAIT_AFTER)
 /*
- * Do the filesystem syncing work. For simple filesystems sync_inodes_sb(sb, 0)
+ * Do the filesystem syncing work. For simple filesystems
- * just dirties buffers with inodes so we have to submit IO for these buffers
+ * writeback_inodes_sb(sb) just dirties buffers with inodes so we have to
- * via __sync_blockdev(). This also speeds up the wait == 1 case since in that
+ * submit IO for these buffers via __sync_blockdev(). This also speeds up the
- * case write_inode() functions do sync_dirty_buffer() and thus effectively
+ * wait == 1 case since in that case write_inode() functions do
- * write one block at a time.
+ * sync_dirty_buffer() and thus effectively write one block at a time.
 */
 static int __sync_filesystem(struct super_block *sb, int wait)
 {
        /* Avoid doing twice syncing and cache pruning for quota sync */
-        if (!wait)
+        if (!wait) {
                writeout_quota_sb(sb, -1);
-        else
+                writeback_inodes_sb(sb);
+        } else {
                sync_quota_sb(sb, -1);
-        sync_inodes_sb(sb, wait);
+                sync_inodes_sb(sb);
+        }
        if (sb->s_op->sync_fs)
                sb->s_op->sync_fs(sb, wait);
        return __sync_blockdev(sb->s_bdev, wait);
@@ -118,7 +120,7 @@ restart:
 */
 SYSCALL_DEFINE0(sync)
 {
-        wakeup_pdflush(0);
+        wakeup_flusher_threads(0);
        sync_filesystems(0);
        sync_filesystems(1);
        if (unlikely(laptop_mode))
diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c
index 14f2d71ea3ce..0050fc40e8c9 100644
--- a/fs/sysfs/dir.c
+++ b/fs/sysfs/dir.c
@@ -760,6 +760,7 @@ static struct dentry * sysfs_lookup(struct inode *dir, struct dentry *dentry,
 const struct inode_operations sysfs_dir_inode_operations = {
        .lookup         = sysfs_lookup,
        .setattr        = sysfs_setattr,
+        .setxattr       = sysfs_setxattr,
 };
 static void remove_dir(struct sysfs_dirent *sd)
diff --git a/fs/sysfs/inode.c b/fs/sysfs/inode.c
index 555f0ff988df..e28cecf179f5 100644
--- a/fs/sysfs/inode.c
+++ b/fs/sysfs/inode.c
@@ -18,6 +18,8 @@
 #include <linux/capability.h>
 #include <linux/errno.h>
 #include <linux/sched.h>
+#include <linux/xattr.h>
+#include <linux/security.h>
 #include "sysfs.h"
 extern struct super_block * sysfs_sb;
@@ -29,12 +31,14 @@ static const struct address_space_operations sysfs_aops = {
 };
 static struct backing_dev_info sysfs_backing_dev_info = {
+        .name           = "sysfs",
        .ra_pages       = 0,    /* No readahead */
        .capabilities   = BDI_CAP_NO_ACCT_AND_WRITEBACK,
 };
 static const struct inode_operations sysfs_inode_operations ={
        .setattr        = sysfs_setattr,
+        .setxattr       = sysfs_setxattr,
 };
 int __init sysfs_inode_init(void)
@@ -42,18 +46,37 @@ int __init sysfs_inode_init(void)
        return bdi_init(&sysfs_backing_dev_info);
 }
+struct sysfs_inode_attrs *sysfs_init_inode_attrs(struct sysfs_dirent *sd)
+{
+        struct sysfs_inode_attrs *attrs;
+        struct iattr *iattrs;
+        attrs = kzalloc(sizeof(struct sysfs_inode_attrs), GFP_KERNEL);
+        if (!attrs)
+                return NULL;
+        iattrs = &attrs->ia_iattr;
+        /* assign default attributes */
+        iattrs->ia_mode = sd->s_mode;
+        iattrs->ia_uid = 0;
+        iattrs->ia_gid = 0;
+        iattrs->ia_atime = iattrs->ia_mtime = iattrs->ia_ctime = CURRENT_TIME;
+        return attrs;
+}
 int sysfs_setattr(struct dentry * dentry, struct iattr * iattr)
 {
        struct inode * inode = dentry->d_inode;
        struct sysfs_dirent * sd = dentry->d_fsdata;
-        struct iattr * sd_iattr;
+        struct sysfs_inode_attrs *sd_attrs;
+        struct iattr *iattrs;
        unsigned int ia_valid = iattr->ia_valid;
        int error;
        if (!sd)
                return -EINVAL;
-        sd_iattr = sd->s_iattr;
+        sd_attrs = sd->s_iattr;
        error = inode_change_ok(inode, iattr);
        if (error)
@@ -65,42 +88,77 @@ int sysfs_setattr(struct dentry * dentry, struct iattr * iattr)
        if (error)
                return error;
-        if (!sd_iattr) {
+        if (!sd_attrs) {
                /* setting attributes for the first time, allocate now */
-                sd_iattr = kzalloc(sizeof(struct iattr), GFP_KERNEL);
+                sd_attrs = sysfs_init_inode_attrs(sd);
-                if (!sd_iattr)
+                if (!sd_attrs)
                        return -ENOMEM;
-                /* assign default attributes */
+                sd->s_iattr = sd_attrs;
-                sd_iattr->ia_mode = sd->s_mode;
+        } else {
-                sd_iattr->ia_uid = 0;
+                /* attributes were changed at least once in past */
-                sd_iattr->ia_gid = 0;
+                iattrs = &sd_attrs->ia_iattr;
-                sd_iattr->ia_atime = sd_iattr->ia_mtime = sd_iattr->ia_ctime = CURRENT_TIME;
-                sd->s_iattr = sd_iattr;
+                if (ia_valid & ATTR_UID)
+                        iattrs->ia_uid = iattr->ia_uid;
+                if (ia_valid & ATTR_GID)
+                        iattrs->ia_gid = iattr->ia_gid;
+                if (ia_valid & ATTR_ATIME)
+                        iattrs->ia_atime = timespec_trunc(iattr->ia_atime,
+                                        inode->i_sb->s_time_gran);
+                if (ia_valid & ATTR_MTIME)
+                        iattrs->ia_mtime = timespec_trunc(iattr->ia_mtime,
+                                        inode->i_sb->s_time_gran);
+                if (ia_valid & ATTR_CTIME)
+                        iattrs->ia_ctime = timespec_trunc(iattr->ia_ctime,
+                                        inode->i_sb->s_time_gran);
+                if (ia_valid & ATTR_MODE) {
+                        umode_t mode = iattr->ia_mode;
+                        if (!in_group_p(inode->i_gid) && !capable(CAP_FSETID))
+                                mode &= ~S_ISGID;
+                        iattrs->ia_mode = sd->s_mode = mode;
+                }
        }
+        return error;
+}
-        /* attributes were changed atleast once in past */
+int sysfs_setxattr(struct dentry *dentry, const char *name, const void *value,
+                size_t size, int flags)
-        if (ia_valid & ATTR_UID)
+{
-                sd_iattr->ia_uid = iattr->ia_uid;
+        struct sysfs_dirent *sd = dentry->d_fsdata;
-        if (ia_valid & ATTR_GID)
+        struct sysfs_inode_attrs *iattrs;
-                sd_iattr->ia_gid = iattr->ia_gid;
+        void *secdata;
-        if (ia_valid & ATTR_ATIME)
+        int error;
-                sd_iattr->ia_atime = timespec_trunc(iattr->ia_atime,
+        u32 secdata_len = 0;
-                                                inode->i_sb->s_time_gran);
-        if (ia_valid & ATTR_MTIME)
+        if (!sd)
-                sd_iattr->ia_mtime = timespec_trunc(iattr->ia_mtime,
+                return -EINVAL;
-                                                inode->i_sb->s_time_gran);
+        if (!sd->s_iattr)
-        if (ia_valid & ATTR_CTIME)
+                sd->s_iattr = sysfs_init_inode_attrs(sd);
-                sd_iattr->ia_ctime = timespec_trunc(iattr->ia_ctime,
+        if (!sd->s_iattr)
-                                                inode->i_sb->s_time_gran);
+                return -ENOMEM;
-        if (ia_valid & ATTR_MODE) {
-                umode_t mode = iattr->ia_mode;
+        iattrs = sd->s_iattr;
-                if (!in_group_p(inode->i_gid) && !capable(CAP_FSETID))
+        if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN)) {
-                        mode &= ~S_ISGID;
+                const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
-                sd_iattr->ia_mode = sd->s_mode = mode;
+                error = security_inode_setsecurity(dentry->d_inode, suffix,
-        }
+                                                value, size, flags);
+                if (error)
+                        goto out;
+                error = security_inode_getsecctx(dentry->d_inode,
+                                                &secdata, &secdata_len);
+                if (error)
+                        goto out;
+                if (iattrs->ia_secdata)
+                        security_release_secctx(iattrs->ia_secdata,
+                                                iattrs->ia_secdata_len);
+                iattrs->ia_secdata = secdata;
+                iattrs->ia_secdata_len = secdata_len;
+        } else
+                return -EINVAL;
+out:
        return error;
 }
@@ -146,6 +204,7 @@ static int sysfs_count_nlink(struct sysfs_dirent *sd)
 static void sysfs_init_inode(struct sysfs_dirent *sd, struct inode *inode)
 {
        struct bin_attribute *bin_attr;
+        struct sysfs_inode_attrs *iattrs;
        inode->i_private = sysfs_get(sd);
        inode->i_mapping->a_ops = &sysfs_aops;
@@ -154,16 +213,20 @@ static void sysfs_init_inode(struct sysfs_dirent *sd, struct inode *inode)
        inode->i_ino = sd->s_ino;
        lockdep_set_class(&inode->i_mutex, &sysfs_inode_imutex_key);
-        if (sd->s_iattr) {
+        iattrs = sd->s_iattr;
+        if (iattrs) {
                /* sysfs_dirent has non-default attributes
                 * get them for the new inode from persistent copy
                 * in sysfs_dirent
                 */
-                set_inode_attr(inode, sd->s_iattr);
+                set_inode_attr(inode, &iattrs->ia_iattr);
+                if (iattrs->ia_secdata)
+                        security_inode_notifysecctx(inode,
+                                                iattrs->ia_secdata,
+                                                iattrs->ia_secdata_len);
        } else
                set_default_inode_attr(inode, sd->s_mode);
        /* initialize inode according to type */
        switch (sysfs_type(sd)) {
        case SYSFS_DIR:
diff --git a/fs/sysfs/symlink.c b/fs/sysfs/symlink.c
index 1d897ad808e0..c5081ad77026 100644
--- a/fs/sysfs/symlink.c
+++ b/fs/sysfs/symlink.c
@@ -16,6 +16,7 @@
 #include <linux/kobject.h>
 #include <linux/namei.h>
 #include <linux/mutex.h>
+#include <linux/security.h>
 #include "sysfs.h"
@@ -209,6 +210,7 @@ static void sysfs_put_link(struct dentry *dentry, struct nameidata *nd, void *co
 }
 const struct inode_operations sysfs_symlink_inode_operations = {
+        .setxattr = sysfs_setxattr,
        .readlink = generic_readlink,
        .follow_link = sysfs_follow_link,
        .put_link = sysfs_put_link,
diff --git a/fs/sysfs/sysfs.h b/fs/sysfs/sysfs.h
index 3fa0d98481e2..af4c4e7482ac 100644
--- a/fs/sysfs/sysfs.h
+++ b/fs/sysfs/sysfs.h
@@ -8,6 +8,8 @@
 * This file is released under the GPLv2.
 */
+#include <linux/fs.h>
 struct sysfs_open_dirent;
 /* type-specific structures for sysfs_dirent->s_* union members */
@@ -31,6 +33,12 @@ struct sysfs_elem_bin_attr {
        struct hlist_head       buffers;
 };
+struct sysfs_inode_attrs {
+        struct iattr    ia_iattr;
+        void            *ia_secdata;
+        u32             ia_secdata_len;
+};
 /*
 * sysfs_dirent - the building block of sysfs hierarchy.  Each and
 * every sysfs node is represented by single sysfs_dirent.
@@ -56,7 +64,7 @@ struct sysfs_dirent {
        unsigned int            s_flags;
        ino_t                   s_ino;
        umode_t                 s_mode;
-        struct iattr            *s_iattr;
+        struct sysfs_inode_attrs *s_iattr;
 };
 #define SD_DEACTIVATED_BIAS             INT_MIN
@@ -148,6 +156,8 @@ static inline void __sysfs_put(struct sysfs_dirent *sd)
 struct inode *sysfs_get_inode(struct sysfs_dirent *sd);
 void sysfs_delete_inode(struct inode *inode);
 int sysfs_setattr(struct dentry *dentry, struct iattr *iattr);
+int sysfs_setxattr(struct dentry *dentry, const char *name, const void *value,
+                size_t size, int flags);
 int sysfs_hash_and_remove(struct sysfs_dirent *dir_sd, const char *name);
 int sysfs_inode_init(void);
diff --git a/fs/ubifs/budget.c b/fs/ubifs/budget.c
index eaf6d891d46f..1c8991b0db13 100644
--- a/fs/ubifs/budget.c
+++ b/fs/ubifs/budget.c
@@ -65,26 +65,14 @@
 static int shrink_liability(struct ubifs_info *c, int nr_to_write)
 {
        int nr_written;
-        struct writeback_control wbc = {
-                .sync_mode   = WB_SYNC_NONE,
-                .range_end   = LLONG_MAX,
-                .nr_to_write = nr_to_write,
-        };
-        generic_sync_sb_inodes(c->vfs_sb, &wbc);
-        nr_written = nr_to_write - wbc.nr_to_write;
+        nr_written = writeback_inodes_sb(c->vfs_sb);
        if (!nr_written) {
                /*
                 * Re-try again but wait on pages/inodes which are being
                 * written-back concurrently (e.g., by pdflush).
                 */
-                memset(&wbc, 0, sizeof(struct writeback_control));
+                nr_written = sync_inodes_sb(c->vfs_sb);
-                wbc.sync_mode   = WB_SYNC_ALL;
-                wbc.range_end   = LLONG_MAX;
-                wbc.nr_to_write = nr_to_write;
-                generic_sync_sb_inodes(c->vfs_sb, &wbc);
-                nr_written = nr_to_write - wbc.nr_to_write;
        }
        dbg_budg("%d pages were written back", nr_written);
diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c
index 26d2e0d80465..51763aa8f4de 100644
--- a/fs/ubifs/super.c
+++ b/fs/ubifs/super.c
@@ -438,12 +438,6 @@ static int ubifs_sync_fs(struct super_block *sb, int wait)
 {
        int i, err;
        struct ubifs_info *c = sb->s_fs_info;
-        struct writeback_control wbc = {
-                .sync_mode   = WB_SYNC_ALL,
-                .range_start = 0,
-                .range_end   = LLONG_MAX,
-                .nr_to_write = LONG_MAX,
-        };
        /*
         * Zero @wait is just an advisory thing to help the file system shove
@@ -462,7 +456,7 @@ static int ubifs_sync_fs(struct super_block *sb, int wait)
         * the user be able to get more accurate results of 'statfs()' after
         * they synchronize the file system.
         */
-        generic_sync_sb_inodes(sb, &wbc);
+        sync_inodes_sb(sb);
        /*
         * Synchronize write buffers, because 'ubifs_run_commit()' does not
@@ -1971,6 +1965,7 @@ static int ubifs_fill_super(struct super_block *sb, void *data, int silent)
         *
         * Read-ahead will be disabled because @c->bdi.ra_pages is 0.
         */
+        c->bdi.name = "ubifs",
        c->bdi.capabilities = BDI_CAP_MAP_COPY;
        c->bdi.unplug_io_fn = default_unplug_io_fn;
        err  = bdi_init(&c->bdi);
diff --git a/fs/xattr.c b/fs/xattr.c
index 1c3d0af59ddf..6d4f6d3449fb 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -66,22 +66,28 @@ xattr_permission(struct inode *inode, const char *name, int mask)
        return inode_permission(inode, mask);
 }
-int
+/**
-vfs_setxattr(struct dentry *dentry, const char *name, const void *value,
+ *  __vfs_setxattr_noperm - perform setxattr operation without performing
-                size_t size, int flags)
+ *  permission checks.
+ *
+ *  @dentry - object to perform setxattr on
+ *  @name - xattr name to set
+ *  @value - value to set @name to
+ *  @size - size of @value
+ *  @flags - flags to pass into filesystem operations
+ *
+ *  returns the result of the internal setxattr or setsecurity operations.
+ *
+ *  This function requires the caller to lock the inode's i_mutex before it
+ *  is executed. It also assumes that the caller will make the appropriate
+ *  permission checks.
+ */
+int __vfs_setxattr_noperm(struct dentry *dentry, const char *name,
+                const void *value, size_t size, int flags)
 {
        struct inode *inode = dentry->d_inode;
-        int error;
+        int error = -EOPNOTSUPP;
-        error = xattr_permission(inode, name, MAY_WRITE);
-        if (error)
-                return error;
-        mutex_lock(&inode->i_mutex);
-        error = security_inode_setxattr(dentry, name, value, size, flags);
-        if (error)
-                goto out;
-        error = -EOPNOTSUPP;
        if (inode->i_op->setxattr) {
                error = inode->i_op->setxattr(dentry, name, value, size, flags);
                if (!error) {
@@ -97,6 +103,29 @@ vfs_setxattr(struct dentry *dentry, const char *name, const void *value,
                if (!error)
                        fsnotify_xattr(dentry);
        }
+        return error;
+}
+int
+vfs_setxattr(struct dentry *dentry, const char *name, const void *value,
+                size_t size, int flags)
+{
+        struct inode *inode = dentry->d_inode;
+        int error;
+        error = xattr_permission(inode, name, MAY_WRITE);
+        if (error)
+                return error;
+        mutex_lock(&inode->i_mutex);
+        error = security_inode_setxattr(dentry, name, value, size, flags);
+        if (error)
+                goto out;
+        error = __vfs_setxattr_noperm(dentry, name, value, size, flags);
 out:
        mutex_unlock(&inode->i_mutex);
        return error;
diff --git a/fs/xfs/linux-2.6/xfs_ioctl32.c b/fs/xfs/linux-2.6/xfs_ioctl32.c
index 0882d166239a..eafcc7c18706 100644
--- a/fs/xfs/linux-2.6/xfs_ioctl32.c
+++ b/fs/xfs/linux-2.6/xfs_ioctl32.c
@@ -619,7 +619,7 @@ xfs_file_compat_ioctl(
        case XFS_IOC_GETVERSION_32:
                cmd = _NATIVE_IOC(cmd, long);
                return xfs_file_ioctl(filp, cmd, p);
-        case XFS_IOC_SWAPEXT: {
+        case XFS_IOC_SWAPEXT_32: {
                struct xfs_swapext        sxp;
                struct compat_xfs_swapext __user *sxu = arg;
diff --git a/fs/xfs/linux-2.6/xfs_iops.c b/fs/xfs/linux-2.6/xfs_iops.c
index 8070b34cc287..6c32f1d63d8c 100644
--- a/fs/xfs/linux-2.6/xfs_iops.c
+++ b/fs/xfs/linux-2.6/xfs_iops.c
@@ -485,14 +485,6 @@ xfs_vn_put_link(
 }
 STATIC int
-xfs_vn_permission(
-        struct inode            *inode,
-        int                     mask)
-{
-        return generic_permission(inode, mask, xfs_check_acl);
-}
-STATIC int
 xfs_vn_getattr(
        struct vfsmount         *mnt,
        struct dentry           *dentry,
@@ -696,7 +688,7 @@ xfs_vn_fiemap(
 }
 static const struct inode_operations xfs_inode_operations = {
-        .permission             = xfs_vn_permission,
+        .check_acl              = xfs_check_acl,
        .truncate               = xfs_vn_truncate,
        .getattr                = xfs_vn_getattr,
        .setattr                = xfs_vn_setattr,
@@ -724,7 +716,7 @@ static const struct inode_operations xfs_dir_inode_operations = {
        .rmdir                  = xfs_vn_unlink,
        .mknod                  = xfs_vn_mknod,
        .rename                 = xfs_vn_rename,
-        .permission             = xfs_vn_permission,
+        .check_acl              = xfs_check_acl,
        .getattr                = xfs_vn_getattr,
        .setattr                = xfs_vn_setattr,
        .setxattr               = generic_setxattr,
@@ -749,7 +741,7 @@ static const struct inode_operations xfs_dir_ci_inode_operations = {
        .rmdir                  = xfs_vn_unlink,
        .mknod                  = xfs_vn_mknod,
        .rename                 = xfs_vn_rename,
-        .permission             = xfs_vn_permission,
+        .check_acl              = xfs_check_acl,
        .getattr                = xfs_vn_getattr,
        .setattr                = xfs_vn_setattr,
        .setxattr               = generic_setxattr,
@@ -762,7 +754,7 @@ static const struct inode_operations xfs_symlink_inode_operations = {
        .readlink               = generic_readlink,
        .follow_link            = xfs_vn_follow_link,
        .put_link               = xfs_vn_put_link,
-        .permission             = xfs_vn_permission,
+        .check_acl              = xfs_check_acl,
        .getattr                = xfs_vn_getattr,
        .setattr                = xfs_vn_setattr,
        .setxattr               = generic_setxattr,