19 files changed, 287 insertions, 179 deletions
diff --git a/fs/Kconfig b/fs/Kconfig
index b5e582bd769d..97673c955484 100644
--- a/fs/Kconfig
+++ b/fs/Kconfig
@@ -53,7 +53,6 @@ config EXPORTFS
 config FILE_LOCKING
        bool "Enable POSIX file locking API" if EMBEDDED
        default y
-        select BKL # while lockd still uses it.
        help
          This option enables standard file locking support, required
          for filesystems like NFS and for the flock() system
diff --git a/fs/Kconfig.binfmt b/fs/Kconfig.binfmt
index bb4cc5b8abc8..79e2ca7973b7 100644
--- a/fs/Kconfig.binfmt
+++ b/fs/Kconfig.binfmt
@@ -42,7 +42,7 @@ config BINFMT_ELF_FDPIC
 config CORE_DUMP_DEFAULT_ELF_HEADERS
        bool "Write ELF core dumps with partial segments"
-        default n
+        default y
        depends on BINFMT_ELF && ELF_CORE
        help
          ELF core dump files describe each memory mapping of the crashed
@@ -60,7 +60,7 @@ config CORE_DUMP_DEFAULT_ELF_HEADERS
          inherited.  See Documentation/filesystems/proc.txt for details.
          This config option changes the default setting of coredump_filter
-          seen at boot time.  If unsure, say N.
+          seen at boot time.  If unsure, say Y.
 config BINFMT_FLAT
        bool "Kernel support for flat binaries"
diff --git a/fs/eventpoll.c b/fs/eventpoll.c
index 256bb7bb102a..8cf07242067d 100644
--- a/fs/eventpoll.c
+++ b/fs/eventpoll.c
@@ -77,9 +77,6 @@
 /* Maximum number of nesting allowed inside epoll sets */
 #define EP_MAX_NESTS 4
-/* Maximum msec timeout value storeable in a long int */
-#define EP_MAX_MSTIMEO min(1000ULL * MAX_SCHEDULE_TIMEOUT / HZ, (LONG_MAX - 999ULL) / HZ)
 #define EP_MAX_EVENTS (INT_MAX / sizeof(struct epoll_event))
 #define EP_UNACTIVE_PTR ((void *) -1L)
@@ -1117,18 +1114,22 @@ static int ep_send_events(struct eventpoll *ep,
 static int ep_poll(struct eventpoll *ep, struct epoll_event __user *events,
                   int maxevents, long timeout)
 {
-        int res, eavail;
+        int res, eavail, timed_out = 0;
        unsigned long flags;
-        long jtimeout;
+        long slack;
        wait_queue_t wait;
+        struct timespec end_time;
-        /*
+        ktime_t expires, *to = NULL;
-         * Calculate the timeout by checking for the "infinite" value (-1)
-         * and the overflow condition. The passed timeout is in milliseconds,
+        if (timeout > 0) {
-         * that why (t * HZ) / 1000.
+                ktime_get_ts(&end_time);
-         */
+                timespec_add_ns(&end_time, (u64)timeout * NSEC_PER_MSEC);
-        jtimeout = (timeout < 0 || timeout >= EP_MAX_MSTIMEO) ?
+                slack = select_estimate_accuracy(&end_time);
-                MAX_SCHEDULE_TIMEOUT : (timeout * HZ + 999) / 1000;
+                to = &expires;
+                *to = timespec_to_ktime(end_time);
+        } else if (timeout == 0) {
+                timed_out = 1;
+        }
 retry:
        spin_lock_irqsave(&ep->lock, flags);
@@ -1150,7 +1151,7 @@ retry:
                         * to TASK_INTERRUPTIBLE before doing the checks.
                         */
                        set_current_state(TASK_INTERRUPTIBLE);
-                        if (!list_empty(&ep->rdllist) || !jtimeout)
+                        if (!list_empty(&ep->rdllist) || timed_out)
                                break;
                        if (signal_pending(current)) {
                                res = -EINTR;
@@ -1158,7 +1159,9 @@ retry:
                        }
                        spin_unlock_irqrestore(&ep->lock, flags);
-                        jtimeout = schedule_timeout(jtimeout);
+                        if (!schedule_hrtimeout_range(to, slack, HRTIMER_MODE_ABS))
+                                timed_out = 1;
                        spin_lock_irqsave(&ep->lock, flags);
                }
                __remove_wait_queue(&ep->wq, &wait);
@@ -1176,7 +1179,7 @@ retry:
         * more luck.
         */
        if (!res && eavail &&
-            !(res = ep_send_events(ep, events, maxevents)) && jtimeout)
+            !(res = ep_send_events(ep, events, maxevents)) && !timed_out)
                goto retry;
        return res;
diff --git a/fs/exec.c b/fs/exec.c
index 3aa75b8888a1..99d33a1371e9 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -66,6 +66,12 @@ char core_pattern[CORENAME_MAX_SIZE] = "core";
 unsigned int core_pipe_limit;
 int suid_dumpable = 0;
+struct core_name {
+        char *corename;
+        int used, size;
+};
+static atomic_t call_count = ATOMIC_INIT(1);
 /* The maximal length of core_pattern is also specified in sysctl.c */
 static LIST_HEAD(formats);
@@ -1003,7 +1009,7 @@ int flush_old_exec(struct linux_binprm * bprm)
        bprm->mm = NULL;                /* We're using it now */
-        current->flags &= ~PF_RANDOMIZE;
+        current->flags &= ~(PF_RANDOMIZE | PF_KTHREAD);
        flush_thread();
        current->personality &= ~bprm->per_clear;
@@ -1083,14 +1089,14 @@ EXPORT_SYMBOL(setup_new_exec);
 */
 int prepare_bprm_creds(struct linux_binprm *bprm)
 {
-        if (mutex_lock_interruptible(&current->cred_guard_mutex))
+        if (mutex_lock_interruptible(&current->signal->cred_guard_mutex))
                return -ERESTARTNOINTR;
        bprm->cred = prepare_exec_creds();
        if (likely(bprm->cred))
                return 0;
-        mutex_unlock(&current->cred_guard_mutex);
+        mutex_unlock(&current->signal->cred_guard_mutex);
        return -ENOMEM;
 }
@@ -1098,7 +1104,7 @@ void free_bprm(struct linux_binprm *bprm)
 {
        free_arg_pages(bprm);
        if (bprm->cred) {
-                mutex_unlock(&current->cred_guard_mutex);
+                mutex_unlock(&current->signal->cred_guard_mutex);
                abort_creds(bprm->cred);
        }
        kfree(bprm);
@@ -1119,13 +1125,13 @@ void install_exec_creds(struct linux_binprm *bprm)
         * credentials; any time after this it may be unlocked.
         */
        security_bprm_committed_creds(bprm);
-        mutex_unlock(&current->cred_guard_mutex);
+        mutex_unlock(&current->signal->cred_guard_mutex);
 }
 EXPORT_SYMBOL(install_exec_creds);
 /*
 * determine how safe it is to execute the proposed program
- * - the caller must hold current->cred_guard_mutex to protect against
+ * - the caller must hold ->cred_guard_mutex to protect against
 *   PTRACE_ATTACH
 */
 int check_unsafe_exec(struct linux_binprm *bprm)
@@ -1406,7 +1412,6 @@ int do_execve(const char * filename,
        if (retval < 0)
                goto out;
-        current->flags &= ~PF_KTHREAD;
        retval = search_binary_handler(bprm,regs);
        if (retval < 0)
                goto out;
@@ -1459,127 +1464,148 @@ void set_binfmt(struct linux_binfmt *new)
 EXPORT_SYMBOL(set_binfmt);
+static int expand_corename(struct core_name *cn)
+{
+        char *old_corename = cn->corename;
+        cn->size = CORENAME_MAX_SIZE * atomic_inc_return(&call_count);
+        cn->corename = krealloc(old_corename, cn->size, GFP_KERNEL);
+        if (!cn->corename) {
+                kfree(old_corename);
+                return -ENOMEM;
+        }
+        return 0;
+}
+static int cn_printf(struct core_name *cn, const char *fmt, ...)
+{
+        char *cur;
+        int need;
+        int ret;
+        va_list arg;
+        va_start(arg, fmt);
+        need = vsnprintf(NULL, 0, fmt, arg);
+        va_end(arg);
+        if (likely(need < cn->size - cn->used - 1))
+                goto out_printf;
+        ret = expand_corename(cn);
+        if (ret)
+                goto expand_fail;
+out_printf:
+        cur = cn->corename + cn->used;
+        va_start(arg, fmt);
+        vsnprintf(cur, need + 1, fmt, arg);
+        va_end(arg);
+        cn->used += need;
+        return 0;
+expand_fail:
+        return ret;
+}
 /* format_corename will inspect the pattern parameter, and output a
 * name into corename, which must have space for at least
 * CORENAME_MAX_SIZE bytes plus one byte for the zero terminator.
 */
-static int format_corename(char *corename, long signr)
+static int format_corename(struct core_name *cn, long signr)
 {
        const struct cred *cred = current_cred();
        const char *pat_ptr = core_pattern;
        int ispipe = (*pat_ptr == '|');
-        char *out_ptr = corename;
-        char *const out_end = corename + CORENAME_MAX_SIZE;
-        int rc;
        int pid_in_pattern = 0;
+        int err = 0;
+        cn->size = CORENAME_MAX_SIZE * atomic_read(&call_count);
+        cn->corename = kmalloc(cn->size, GFP_KERNEL);
+        cn->used = 0;
+        if (!cn->corename)
+                return -ENOMEM;
        /* Repeat as long as we have more pattern to process and more output
           space */
        while (*pat_ptr) {
                if (*pat_ptr != '%') {
-                        if (out_ptr == out_end)
+                        if (*pat_ptr == 0)
                                goto out;
-                        *out_ptr++ = *pat_ptr++;
+                        err = cn_printf(cn, "%c", *pat_ptr++);
                } else {
                        switch (*++pat_ptr) {
+                        /* single % at the end, drop that */
                        case 0:
                                goto out;
                        /* Double percent, output one percent */
                        case '%':
-                                if (out_ptr == out_end)
+                                err = cn_printf(cn, "%c", '%');
-                                        goto out;
-                                *out_ptr++ = '%';
                                break;
                        /* pid */
                        case 'p':
                                pid_in_pattern = 1;
-                                rc = snprintf(out_ptr, out_end - out_ptr,
+                                err = cn_printf(cn, "%d",
-                                              "%d", task_tgid_vnr(current));
+                                              task_tgid_vnr(current));
-                                if (rc > out_end - out_ptr)
-                                        goto out;
-                                out_ptr += rc;
                                break;
                        /* uid */
                        case 'u':
-                                rc = snprintf(out_ptr, out_end - out_ptr,
+                                err = cn_printf(cn, "%d", cred->uid);
-                                              "%d", cred->uid);
-                                if (rc > out_end - out_ptr)
-                                        goto out;
-                                out_ptr += rc;
                                break;
                        /* gid */
                        case 'g':
-                                rc = snprintf(out_ptr, out_end - out_ptr,
+                                err = cn_printf(cn, "%d", cred->gid);
-                                              "%d", cred->gid);
-                                if (rc > out_end - out_ptr)
-                                        goto out;
-                                out_ptr += rc;
                                break;
                        /* signal that caused the coredump */
                        case 's':
-                                rc = snprintf(out_ptr, out_end - out_ptr,
+                                err = cn_printf(cn, "%ld", signr);
-                                              "%ld", signr);
-                                if (rc > out_end - out_ptr)
-                                        goto out;
-                                out_ptr += rc;
                                break;
                        /* UNIX time of coredump */
                        case 't': {
                                struct timeval tv;
                                do_gettimeofday(&tv);
-                                rc = snprintf(out_ptr, out_end - out_ptr,
+                                err = cn_printf(cn, "%lu", tv.tv_sec);
-                                              "%lu", tv.tv_sec);
-                                if (rc > out_end - out_ptr)
-                                        goto out;
-                                out_ptr += rc;
                                break;
                        }
                        /* hostname */
                        case 'h':
                                down_read(&uts_sem);
-                                rc = snprintf(out_ptr, out_end - out_ptr,
+                                err = cn_printf(cn, "%s",
-                                              "%s", utsname()->nodename);
+                                              utsname()->nodename);
                                up_read(&uts_sem);
-                                if (rc > out_end - out_ptr)
-                                        goto out;
-                                out_ptr += rc;
                                break;
                        /* executable */
                        case 'e':
-                                rc = snprintf(out_ptr, out_end - out_ptr,
+                                err = cn_printf(cn, "%s", current->comm);
-                                              "%s", current->comm);
-                                if (rc > out_end - out_ptr)
-                                        goto out;
-                                out_ptr += rc;
                                break;
                        /* core limit size */
                        case 'c':
-                                rc = snprintf(out_ptr, out_end - out_ptr,
+                                err = cn_printf(cn, "%lu",
-                                              "%lu", rlimit(RLIMIT_CORE));
+                                              rlimit(RLIMIT_CORE));
-                                if (rc > out_end - out_ptr)
-                                        goto out;
-                                out_ptr += rc;
                                break;
                        default:
                                break;
                        }
                        ++pat_ptr;
                }
+                if (err)
+                        return err;
        }
        /* Backward compatibility with core_uses_pid:
         *
         * If core_pattern does not include a %p (as is the default)
         * and core_uses_pid is set, then .%pid will be appended to
         * the filename. Do not do this for piped commands. */
        if (!ispipe && !pid_in_pattern && core_uses_pid) {
-                rc = snprintf(out_ptr, out_end - out_ptr,
+                err = cn_printf(cn, ".%d", task_tgid_vnr(current));
-                              ".%d", task_tgid_vnr(current));
+                if (err)
-                if (rc > out_end - out_ptr)
+                        return err;
-                        goto out;
-                out_ptr += rc;
        }
 out:
-        *out_ptr = 0;
        return ispipe;
 }
@@ -1856,7 +1882,7 @@ static int umh_pipe_setup(struct subprocess_info *info)
 void do_coredump(long signr, int exit_code, struct pt_regs *regs)
 {
        struct core_state core_state;
-        char corename[CORENAME_MAX_SIZE + 1];
+        struct core_name cn;
        struct mm_struct *mm = current->mm;
        struct linux_binfmt * binfmt;
        const struct cred *old_cred;
@@ -1911,7 +1937,13 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
         */
        clear_thread_flag(TIF_SIGPENDING);
-        ispipe = format_corename(corename, signr);
+        ispipe = format_corename(&cn, signr);
+        if (ispipe == -ENOMEM) {
+                printk(KERN_WARNING "format_corename failed\n");
+                printk(KERN_WARNING "Aborting core\n");
+                goto fail_corename;
+        }
        if (ispipe) {
                int dump_count;
@@ -1948,7 +1980,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
                        goto fail_dropcount;
                }
-                helper_argv = argv_split(GFP_KERNEL, corename+1, NULL);
+                helper_argv = argv_split(GFP_KERNEL, cn.corename+1, NULL);
                if (!helper_argv) {
                        printk(KERN_WARNING "%s failed to allocate memory\n",
                               __func__);
@@ -1961,7 +1993,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
                argv_free(helper_argv);
                if (retval) {
                        printk(KERN_INFO "Core dump to %s pipe failed\n",
-                               corename);
+                               cn.corename);
                        goto close_fail;
                }
        } else {
@@ -1970,7 +2002,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
                if (cprm.limit < binfmt->min_coredump)
                        goto fail_unlock;
-                cprm.file = filp_open(corename,
+                cprm.file = filp_open(cn.corename,
                                 O_CREAT | 2 | O_NOFOLLOW | O_LARGEFILE | flag,
                                 0600);
                if (IS_ERR(cprm.file))
@@ -2012,6 +2044,8 @@ fail_dropcount:
        if (ispipe)
                atomic_dec(&core_dump_count);
 fail_unlock:
+        kfree(cn.corename);
+fail_corename:
        coredump_finish(mm);
        revert_creds(old_cred);
 fail_creds:
diff --git a/fs/fcntl.c b/fs/fcntl.c
index f8cc34f542c3..ecc8b3954ed6 100644
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -640,7 +640,7 @@ static void fasync_free_rcu(struct rcu_head *head)
 * match the state "is the filp on a fasync list".
 *
 */
-static int fasync_remove_entry(struct file *filp, struct fasync_struct **fapp)
+int fasync_remove_entry(struct file *filp, struct fasync_struct **fapp)
 {
        struct fasync_struct *fa, **fp;
        int result = 0;
@@ -666,21 +666,31 @@ static int fasync_remove_entry(struct file *filp, struct fasync_struct **fapp)
        return result;
 }
+struct fasync_struct *fasync_alloc(void)
+{
+        return kmem_cache_alloc(fasync_cache, GFP_KERNEL);
+}
 /*
- * Add a fasync entry. Return negative on error, positive if
+ * NOTE! This can be used only for unused fasync entries:
- * added, and zero if did nothing but change an existing one.
+ * entries that actually got inserted on the fasync list
+ * need to be released by rcu - see fasync_remove_entry.
+ */
+void fasync_free(struct fasync_struct *new)
+{
+        kmem_cache_free(fasync_cache, new);
+}
+/*
+ * Insert a new entry into the fasync list.  Return the pointer to the
+ * old one if we didn't use the new one.
 *
 * NOTE! It is very important that the FASYNC flag always
 * match the state "is the filp on a fasync list".
 */
-static int fasync_add_entry(int fd, struct file *filp, struct fasync_struct **fapp)
+struct fasync_struct *fasync_insert_entry(int fd, struct file *filp, struct fasync_struct **fapp, struct fasync_struct *new)
 {
-        struct fasync_struct *new, *fa, **fp;
+        struct fasync_struct *fa, **fp;
-        int result = 0;
-        new = kmem_cache_alloc(fasync_cache, GFP_KERNEL);
-        if (!new)
-                return -ENOMEM;
        spin_lock(&filp->f_lock);
        spin_lock(&fasync_lock);
@@ -691,8 +701,6 @@ static int fasync_add_entry(int fd, struct file *filp, struct fasync_struct **fa
                spin_lock_irq(&fa->fa_lock);
                fa->fa_fd = fd;
                spin_unlock_irq(&fa->fa_lock);
-                kmem_cache_free(fasync_cache, new);
                goto out;
        }
@@ -702,13 +710,39 @@ static int fasync_add_entry(int fd, struct file *filp, struct fasync_struct **fa
        new->fa_fd = fd;
        new->fa_next = *fapp;
        rcu_assign_pointer(*fapp, new);
-        result = 1;
        filp->f_flags |= FASYNC;
 out:
        spin_unlock(&fasync_lock);
        spin_unlock(&filp->f_lock);
-        return result;
+        return fa;
+}
+/*
+ * Add a fasync entry. Return negative on error, positive if
+ * added, and zero if did nothing but change an existing one.
+ */
+static int fasync_add_entry(int fd, struct file *filp, struct fasync_struct **fapp)
+{
+        struct fasync_struct *new;
+        new = fasync_alloc();
+        if (!new)
+                return -ENOMEM;
+        /*
+         * fasync_insert_entry() returns the old (update) entry if
+         * it existed.
+         *
+         * So free the (unused) new entry and return 0 to let the
+         * caller know that we didn't add any new fasync entries.
+         */
+        if (fasync_insert_entry(fd, filp, fapp, new)) {
+                fasync_free(new);
+                return 0;
+        }
+        return 1;
 }
 /*
diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
index b98664275f02..6e07696308dc 100644
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -1334,12 +1334,7 @@ out_finish:
 static void fuse_retrieve_end(struct fuse_conn *fc, struct fuse_req *req)
 {
-        int i;
+        release_pages(req->pages, req->num_pages, 0);
-        for (i = 0; i < req->num_pages; i++) {
-                struct page *page = req->pages[i];
-                page_cache_release(page);
-        }
 }
 static int fuse_retrieve(struct fuse_conn *fc, struct inode *inode,
diff --git a/fs/isofs/inode.c b/fs/isofs/inode.c
index 60c2b944d762..79cf7f616bbe 100644
--- a/fs/isofs/inode.c
+++ b/fs/isofs/inode.c
@@ -544,6 +544,34 @@ static unsigned int isofs_get_last_session(struct super_block *sb, s32 session)
 }
 /*
+ * Check if root directory is empty (has less than 3 files).
+ *
+ * Used to detect broken CDs where ISO root directory is empty but Joliet root
+ * directory is OK. If such CD has Rock Ridge extensions, they will be disabled
+ * (and Joliet used instead) or else no files would be visible.
+ */
+static bool rootdir_empty(struct super_block *sb, unsigned long block)
+{
+        int offset = 0, files = 0, de_len;
+        struct iso_directory_record *de;
+        struct buffer_head *bh;
+        bh = sb_bread(sb, block);
+        if (!bh)
+                return true;
+        while (files < 3) {
+                de = (struct iso_directory_record *) (bh->b_data + offset);
+                de_len = *(unsigned char *) de;
+                if (de_len == 0)
+                        break;
+                files++;
+                offset += de_len;
+        }
+        brelse(bh);
+        return files < 3;
+}
+/*
 * Initialize the superblock and read the root inode.
 *
 * Note: a check_disk_change() has been done immediately prior
@@ -843,6 +871,18 @@ root_found:
                goto out_no_root;
        /*
+         * Fix for broken CDs with Rock Ridge and empty ISO root directory but
+         * correct Joliet root directory.
+         */
+        if (sbi->s_rock == 1 && joliet_level &&
+                                rootdir_empty(s, sbi->s_firstdatazone)) {
+                printk(KERN_NOTICE
+                        "ISOFS: primary root directory is empty. "
+                        "Disabling Rock Ridge and switching to Joliet.");
+                sbi->s_rock = 0;
+        }
+        /*
         * If this disk has both Rock Ridge and Joliet on it, then we
         * want to use Rock Ridge by default.  This can be overridden
         * by using the norock mount option.  There is still one other
diff --git a/fs/lockd/svc.c b/fs/lockd/svc.c
index b13aabc12298..abfff9d7979d 100644
--- a/fs/lockd/svc.c
+++ b/fs/lockd/svc.c
@@ -22,7 +22,6 @@
 #include <linux/in.h>
 #include <linux/uio.h>
 #include <linux/smp.h>
-#include <linux/smp_lock.h>
 #include <linux/mutex.h>
 #include <linux/kthread.h>
 #include <linux/freezer.h>
@@ -130,15 +129,6 @@ lockd(void *vrqstp)
        dprintk("NFS locking service started (ver " LOCKD_VERSION ").\n");
-        /*
-         * FIXME: it would be nice if lockd didn't spend its entire life
-         * running under the BKL. At the very least, it would be good to
-         * have someone clarify what it's intended to protect here. I've
-         * seen some handwavy posts about posix locking needing to be
-         * done under the BKL, but it's far from clear.
-         */
-        lock_kernel();
        if (!nlm_timeout)
                nlm_timeout = LOCKD_DFLT_TIMEO;
        nlmsvc_timeout = nlm_timeout * HZ;
@@ -195,7 +185,6 @@ lockd(void *vrqstp)
        if (nlmsvc_ops)
                nlmsvc_invalidate_all();
        nlm_shutdown_hosts();
-        unlock_kernel();
        return 0;
 }
diff --git a/fs/lockd/svclock.c b/fs/lockd/svclock.c
index 6f1ef000975a..c462d346acbd 100644
--- a/fs/lockd/svclock.c
+++ b/fs/lockd/svclock.c
@@ -700,14 +700,16 @@ nlmsvc_notify_blocked(struct file_lock *fl)
        struct nlm_block        *block;
        dprintk("lockd: VFS unblock notification for block %p\n", fl);
+        spin_lock(&nlm_blocked_lock);
        list_for_each_entry(block, &nlm_blocked, b_list) {
                if (nlm_compare_locks(&block->b_call->a_args.lock.fl, fl)) {
-                        nlmsvc_insert_block(block, 0);
+                        nlmsvc_insert_block_locked(block, 0);
+                        spin_unlock(&nlm_blocked_lock);
                        svc_wake_up(block->b_daemon);
                        return;
                }
        }
+        spin_unlock(&nlm_blocked_lock);
        printk(KERN_WARNING "lockd: notification for unknown block!\n");
 }
diff --git a/fs/lockd/svcsubs.c b/fs/lockd/svcsubs.c
index d0ef94cfb3da..1ca0679c80bf 100644
--- a/fs/lockd/svcsubs.c
+++ b/fs/lockd/svcsubs.c
@@ -170,6 +170,7 @@ nlm_traverse_locks(struct nlm_host *host, struct nlm_file *file,
 again:
        file->f_locks = 0;
+        lock_flocks(); /* protects i_flock list */
        for (fl = inode->i_flock; fl; fl = fl->fl_next) {
                if (fl->fl_lmops != &nlmsvc_lock_operations)
                        continue;
@@ -181,6 +182,7 @@ again:
                if (match(lockhost, host)) {
                        struct file_lock lock = *fl;
+                        unlock_flocks();
                        lock.fl_type  = F_UNLCK;
                        lock.fl_start = 0;
                        lock.fl_end   = OFFSET_MAX;
@@ -192,6 +194,7 @@ again:
                        goto again;
                }
        }
+        unlock_flocks();
        return 0;
 }
@@ -226,10 +229,14 @@ nlm_file_inuse(struct nlm_file *file)
        if (file->f_count || !list_empty(&file->f_blocks) || file->f_shares)
                return 1;
+        lock_flocks();
        for (fl = inode->i_flock; fl; fl = fl->fl_next) {
-                if (fl->fl_lmops == &nlmsvc_lock_operations)
+                if (fl->fl_lmops == &nlmsvc_lock_operations) {
+                        unlock_flocks();
                        return 1;
+                }
        }
+        unlock_flocks();
        file->f_locks = 0;
        return 0;
 }
diff --git a/fs/locks.c b/fs/locks.c
index 4de3a2666810..50ec15927aab 100644
--- a/fs/locks.c
+++ b/fs/locks.c
@@ -142,6 +142,7 @@ int lease_break_time = 45;
 static LIST_HEAD(file_lock_list);
 static LIST_HEAD(blocked_list);
+static DEFINE_SPINLOCK(file_lock_lock);
 /*
 * Protects the two list heads above, plus the inode->i_flock list
@@ -149,23 +150,24 @@ static LIST_HEAD(blocked_list);
 */
 void lock_flocks(void)
 {
-        lock_kernel();
+        spin_lock(&file_lock_lock);
 }
 EXPORT_SYMBOL_GPL(lock_flocks);
 void unlock_flocks(void)
 {
-        unlock_kernel();
+        spin_unlock(&file_lock_lock);
 }
 EXPORT_SYMBOL_GPL(unlock_flocks);
 static struct kmem_cache *filelock_cache __read_mostly;
 /* Allocate an empty lock structure. */
-static struct file_lock *locks_alloc_lock(void)
+struct file_lock *locks_alloc_lock(void)
 {
        return kmem_cache_alloc(filelock_cache, GFP_KERNEL);
 }
+EXPORT_SYMBOL_GPL(locks_alloc_lock);
 void locks_release_private(struct file_lock *fl)
 {
@@ -1365,7 +1367,6 @@ int fcntl_getlease(struct file *filp)
 int generic_setlease(struct file *filp, long arg, struct file_lock **flp)
 {
        struct file_lock *fl, **before, **my_before = NULL, *lease;
-        struct file_lock *new_fl = NULL;
        struct dentry *dentry = filp->f_path.dentry;
        struct inode *inode = dentry->d_inode;
        int error, rdlease_count = 0, wrlease_count = 0;
@@ -1385,11 +1386,6 @@ int generic_setlease(struct file *filp, long arg, struct file_lock **flp)
        lease = *flp;
        if (arg != F_UNLCK) {
-                error = -ENOMEM;
-                new_fl = locks_alloc_lock();
-                if (new_fl == NULL)
-                        goto out;
                error = -EAGAIN;
                if ((arg == F_RDLCK) && (atomic_read(&inode->i_writecount) > 0))
                        goto out;
@@ -1434,7 +1430,6 @@ int generic_setlease(struct file *filp, long arg, struct file_lock **flp)
                goto out;
        }
-        error = 0;
        if (arg == F_UNLCK)
                goto out;
@@ -1442,15 +1437,11 @@ int generic_setlease(struct file *filp, long arg, struct file_lock **flp)
        if (!leases_enable)
                goto out;
-        locks_copy_lock(new_fl, lease);
+        locks_insert_lock(before, lease);
-        locks_insert_lock(before, new_fl);
-        *flp = new_fl;
        return 0;
 out:
-        if (new_fl != NULL)
+        locks_free_lock(lease);
-                locks_free_lock(new_fl);
        return error;
 }
 EXPORT_SYMBOL(generic_setlease);
@@ -1514,26 +1505,38 @@ EXPORT_SYMBOL_GPL(vfs_setlease);
 */
 int fcntl_setlease(unsigned int fd, struct file *filp, long arg)
 {
-        struct file_lock fl, *flp = &fl;
+        struct file_lock *fl;
+        struct fasync_struct *new;
        struct inode *inode = filp->f_path.dentry->d_inode;
        int error;
-        locks_init_lock(&fl);
+        fl = lease_alloc(filp, arg);
-        error = lease_init(filp, arg, &fl);
+        if (IS_ERR(fl))
-        if (error)
+                return PTR_ERR(fl);
-                return error;
+        new = fasync_alloc();
+        if (!new) {
+                locks_free_lock(fl);
+                return -ENOMEM;
+        }
        lock_flocks();
+        error = __vfs_setlease(filp, arg, &fl);
-        error = __vfs_setlease(filp, arg, &flp);
        if (error || arg == F_UNLCK)
                goto out_unlock;
-        error = fasync_helper(fd, filp, 1, &flp->fl_fasync);
+        /*
+         * fasync_insert_entry() returns the old entry if any.
+         * If there was no old entry, then it used 'new' and
+         * inserted it into the fasync list. Clear new so that
+         * we don't release it here.
+         */
+        if (!fasync_insert_entry(fd, filp, &fl->fl_fasync, new))
+                new = NULL;
        if (error < 0) {
                /* remove lease just inserted by setlease */
-                flp->fl_type = F_UNLCK | F_INPROGRESS;
+                fl->fl_type = F_UNLCK | F_INPROGRESS;
-                flp->fl_break_time = jiffies - 10;
+                fl->fl_break_time = jiffies - 10;
                time_out_leases(inode);
                goto out_unlock;
        }
@@ -1541,6 +1544,8 @@ int fcntl_setlease(unsigned int fd, struct file *filp, long arg)
        error = __f_setown(filp, task_pid(current), PIDTYPE_PID, 0);
 out_unlock:
        unlock_flocks();
+        if (new)
+                fasync_free(new);
        return error;
 }
diff --git a/fs/nfs/Kconfig b/fs/nfs/Kconfig
index fd667652c502..ba306658a6db 100644
--- a/fs/nfs/Kconfig
+++ b/fs/nfs/Kconfig
@@ -1,7 +1,6 @@
 config NFS_FS
        tristate "NFS client support"
        depends on INET && FILE_LOCKING
-        depends on BKL # fix as soon as lockd is done
        select LOCKD
        select SUNRPC
        select NFS_ACL_SUPPORT if NFS_V3_ACL
diff --git a/fs/nfsd/Kconfig b/fs/nfsd/Kconfig
index 31a78fce4732..18b3e8975fe0 100644
--- a/fs/nfsd/Kconfig
+++ b/fs/nfsd/Kconfig
@@ -2,7 +2,6 @@ config NFSD
        tristate "NFS server support"
        depends on INET
        depends on FILE_LOCKING
-        depends on BKL # fix as soon as lockd is done
        select LOCKD
        select SUNRPC
        select EXPORTFS
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index 9019e8ec9dc8..56347e0ac88d 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -2614,7 +2614,7 @@ nfs4_open_delegation(struct svc_fh *fh, struct nfsd4_open *open, struct nfs4_sta
        struct nfs4_delegation *dp;
        struct nfs4_stateowner *sop = stp->st_stateowner;
        int cb_up = atomic_read(&sop->so_client->cl_cb_set);
-        struct file_lock fl, *flp = &fl;
+        struct file_lock *fl;
        int status, flag = 0;
        flag = NFS4_OPEN_DELEGATE_NONE;
@@ -2648,20 +2648,24 @@ nfs4_open_delegation(struct svc_fh *fh, struct nfsd4_open *open, struct nfs4_sta
                flag = NFS4_OPEN_DELEGATE_NONE;
                goto out;
        }
-        locks_init_lock(&fl);
+        status = -ENOMEM;
-        fl.fl_lmops = &nfsd_lease_mng_ops;
+        fl = locks_alloc_lock();
-        fl.fl_flags = FL_LEASE;
+        if (!fl)
-        fl.fl_type = flag == NFS4_OPEN_DELEGATE_READ? F_RDLCK: F_WRLCK;
+                goto out;
-        fl.fl_end = OFFSET_MAX;
+        locks_init_lock(fl);
-        fl.fl_owner =  (fl_owner_t)dp;
+        fl->fl_lmops = &nfsd_lease_mng_ops;
-        fl.fl_file = find_readable_file(stp->st_file);
+        fl->fl_flags = FL_LEASE;
-        BUG_ON(!fl.fl_file);
+        fl->fl_type = flag == NFS4_OPEN_DELEGATE_READ? F_RDLCK: F_WRLCK;
-        fl.fl_pid = current->tgid;
+        fl->fl_end = OFFSET_MAX;
+        fl->fl_owner =  (fl_owner_t)dp;
+        fl->fl_file = find_readable_file(stp->st_file);
+        BUG_ON(!fl->fl_file);
+        fl->fl_pid = current->tgid;
        /* vfs_setlease checks to see if delegation should be handed out.
         * the lock_manager callbacks fl_mylease and fl_change are used
         */
-        if ((status = vfs_setlease(fl.fl_file, fl.fl_type, &flp))) {
+        if ((status = vfs_setlease(fl->fl_file, fl->fl_type, &fl))) {
                dprintk("NFSD: setlease failed [%d], no delegation\n", status);
                unhash_delegation(dp);
                flag = NFS4_OPEN_DELEGATE_NONE;
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 9b094c1c8465..f3d02ca461ec 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -226,7 +226,7 @@ struct mm_struct *mm_for_maps(struct task_struct *task)
 {
        struct mm_struct *mm;
-        if (mutex_lock_killable(&task->cred_guard_mutex))
+        if (mutex_lock_killable(&task->signal->cred_guard_mutex))
                return NULL;
        mm = get_task_mm(task);
@@ -235,7 +235,7 @@ struct mm_struct *mm_for_maps(struct task_struct *task)
                mmput(mm);
                mm = NULL;
        }
-        mutex_unlock(&task->cred_guard_mutex);
+        mutex_unlock(&task->signal->cred_guard_mutex);
        return mm;
 }
@@ -2354,14 +2354,14 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf,
                goto out_free;
        /* Guard against adverse ptrace interaction */
-        length = mutex_lock_interruptible(&task->cred_guard_mutex);
+        length = mutex_lock_interruptible(&task->signal->cred_guard_mutex);
        if (length < 0)
                goto out_free;
        length = security_setprocattr(task,
                                      (char*)file->f_path.dentry->d_name.name,
                                      (void*)page, count);
-        mutex_unlock(&task->cred_guard_mutex);
+        mutex_unlock(&task->signal->cred_guard_mutex);
 out_free:
        free_page((unsigned long) page);
 out:
diff --git a/fs/proc/softirqs.c b/fs/proc/softirqs.c
index 1807c2419f17..37994737c983 100644
--- a/fs/proc/softirqs.c
+++ b/fs/proc/softirqs.c
@@ -10,13 +10,13 @@ static int show_softirqs(struct seq_file *p, void *v)
 {
        int i, j;
-        seq_printf(p, "                ");
+        seq_printf(p, "                    ");
        for_each_possible_cpu(i)
                seq_printf(p, "CPU%-8d", i);
        seq_printf(p, "\n");
        for (i = 0; i < NR_SOFTIRQS; i++) {
-                seq_printf(p, "%8s:", softirq_to_name[i]);
+                seq_printf(p, "%12s:", softirq_to_name[i]);
                for_each_possible_cpu(j)
                        seq_printf(p, " %10u", kstat_softirqs_cpu(i, j));
                seq_printf(p, "\n");
diff --git a/fs/proc/stat.c b/fs/proc/stat.c
index bf31b03fc275..e15a19c93bae 100644
--- a/fs/proc/stat.c
+++ b/fs/proc/stat.c
@@ -31,7 +31,6 @@ static int show_stat(struct seq_file *p, void *v)
        u64 sum_softirq = 0;
        unsigned int per_softirq_sums[NR_SOFTIRQS] = {0};
        struct timespec boottime;
-        unsigned int per_irq_sum;
        user = nice = system = idle = iowait =
                irq = softirq = steal = cputime64_zero;
@@ -52,9 +51,7 @@ static int show_stat(struct seq_file *p, void *v)
                guest = cputime64_add(guest, kstat_cpu(i).cpustat.guest);
                guest_nice = cputime64_add(guest_nice,
                        kstat_cpu(i).cpustat.guest_nice);
-                for_each_irq_nr(j) {
+                sum += kstat_cpu_irqs_sum(i);
-                        sum += kstat_irqs_cpu(j, i);
-                }
                sum += arch_irq_stat_cpu(i);
                for (j = 0; j < NR_SOFTIRQS; j++) {
@@ -110,13 +107,8 @@ static int show_stat(struct seq_file *p, void *v)
        seq_printf(p, "intr %llu", (unsigned long long)sum);
        /* sum again ? it could be updated? */
-        for_each_irq_nr(j) {
+        for_each_irq_nr(j)
-                per_irq_sum = 0;
+                seq_printf(p, " %u", kstat_irqs(j));
-                for_each_possible_cpu(i)
-                        per_irq_sum += kstat_irqs_cpu(j, i);
-                seq_printf(p, " %u", per_irq_sum);
-        }
        seq_printf(p,
                "\nctxt %llu\n"
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
index 871e25ed0069..da6b01d70f01 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -327,6 +327,7 @@ struct mem_size_stats {
        unsigned long private_clean;
        unsigned long private_dirty;
        unsigned long referenced;
+        unsigned long anonymous;
        unsigned long swap;
        u64 pss;
 };
@@ -357,6 +358,9 @@ static int smaps_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end,
                if (!page)
                        continue;
+                if (PageAnon(page))
+                        mss->anonymous += PAGE_SIZE;
                mss->resident += PAGE_SIZE;
                /* Accumulate the size in pages that have been accessed. */
                if (pte_young(ptent) || PageReferenced(page))
@@ -410,6 +414,7 @@ static int show_smap(struct seq_file *m, void *v)
                   "Private_Clean:  %8lu kB\n"
                   "Private_Dirty:  %8lu kB\n"
                   "Referenced:     %8lu kB\n"
+                   "Anonymous:      %8lu kB\n"
                   "Swap:           %8lu kB\n"
                   "KernelPageSize: %8lu kB\n"
                   "MMUPageSize:    %8lu kB\n",
@@ -421,6 +426,7 @@ static int show_smap(struct seq_file *m, void *v)
                   mss.private_clean >> 10,
                   mss.private_dirty >> 10,
                   mss.referenced >> 10,
+                   mss.anonymous >> 10,
                   mss.swap >> 10,
                   vma_kernel_pagesize(vma) >> 10,
                   vma_mmu_pagesize(vma) >> 10);
diff --git a/fs/select.c b/fs/select.c
index 500a669f7790..b7b10aa30861 100644
--- a/fs/select.c
+++ b/fs/select.c
@@ -67,7 +67,7 @@ static long __estimate_accuracy(struct timespec *tv)
        return slack;
 }
-static long estimate_accuracy(struct timespec *tv)
+long select_estimate_accuracy(struct timespec *tv)
 {
        unsigned long ret;
        struct timespec now;
@@ -417,7 +417,7 @@ int do_select(int n, fd_set_bits *fds, struct timespec *end_time)
        }
        if (end_time && !timed_out)
-                slack = estimate_accuracy(end_time);
+                slack = select_estimate_accuracy(end_time);
        retval = 0;
        for (;;) {
@@ -769,7 +769,7 @@ static int do_poll(unsigned int nfds,  struct poll_list *list,
        }
        if (end_time && !timed_out)
-                slack = estimate_accuracy(end_time);
+                slack = select_estimate_accuracy(end_time);
        for (;;) {
                struct poll_list *walk;