21 files changed, 396 insertions, 95 deletions

diff --git a/include/linux/backing-dev.h b/include/linux/backing-dev.h
index 1d52425a6118..f169bcb90b58 100644
--- a/include/linux/backing-dev.h
+++ b/include/linux/backing-dev.h
@@ -13,6 +13,8 @@
 #include <linux/proportions.h>
 #include <linux/kernel.h>
 #include <linux/fs.h>
+#include <linux/sched.h>
+#include <linux/writeback.h>
 #include <asm/atomic.h>
 
 struct page;
@@ -23,9 +25,11 @@ struct dentry;
  * Bits in backing_dev_info.state
  */
 enum bdi_state {
-        BDI_pdflush,            /* A pdflush thread is working this device */
+        BDI_pending,            /* On its way to being activated */
+        BDI_wb_alloc,           /* Default embedded wb allocated */
         BDI_async_congested,    /* The async (write) queue is getting full */
         BDI_sync_congested,     /* The sync queue is getting full */
+        BDI_registered,         /* bdi_register() was done */
         BDI_unused,             /* Available bits start here */
 };
 
@@ -39,7 +43,22 @@ enum bdi_stat_item {
 
 #define BDI_STAT_BATCH (8*(1+ilog2(nr_cpu_ids)))
 
+struct bdi_writeback {
+        struct list_head list;                  /* hangs off the bdi */
+
+        struct backing_dev_info *bdi;           /* our parent bdi */
+        unsigned int nr;
+
+        unsigned long last_old_flush;           /* last old data flush */
+
+        struct task_struct      *task;          /* writeback task */
+        struct list_head        b_dirty;        /* dirty inodes */
+        struct list_head        b_io;           /* parked for writeback */
+        struct list_head        b_more_io;      /* parked for more writeback */
+};
+
 struct backing_dev_info {
+        struct list_head bdi_list;
         unsigned long ra_pages; /* max readahead in PAGE_CACHE_SIZE units */
         unsigned long state;    /* Always use atomic bitops on this */
         unsigned int capabilities; /* Device capabilities */
@@ -48,6 +67,8 @@ struct backing_dev_info {
         void (*unplug_io_fn)(struct backing_dev_info *, struct page *);
         void *unplug_io_data;
 
+        char *name;
+
         struct percpu_counter bdi_stat[NR_BDI_STAT_ITEMS];
 
         struct prop_local_percpu completions;
@@ -56,6 +77,14 @@ struct backing_dev_info {
         unsigned int min_ratio;
         unsigned int max_ratio, max_prop_frac;
 
+        struct bdi_writeback wb;  /* default writeback info for this bdi */
+        spinlock_t wb_lock;       /* protects update side of wb_list */
+        struct list_head wb_list; /* the flusher threads hanging off this bdi */
+        unsigned long wb_mask;    /* bitmask of registered tasks */
+        unsigned int wb_cnt;      /* number of registered tasks */
+
+        struct list_head work_list;
+
         struct device *dev;
 
 #ifdef CONFIG_DEBUG_FS
@@ -71,6 +100,19 @@ int bdi_register(struct backing_dev_info *bdi, struct device *parent,
                 const char *fmt, ...);
 int bdi_register_dev(struct backing_dev_info *bdi, dev_t dev);
 void bdi_unregister(struct backing_dev_info *bdi);
+void bdi_start_writeback(struct writeback_control *wbc);
+int bdi_writeback_task(struct bdi_writeback *wb);
+int bdi_has_dirty_io(struct backing_dev_info *bdi);
+
+extern spinlock_t bdi_lock;
+extern struct list_head bdi_list;
+
+static inline int wb_has_dirty_io(struct bdi_writeback *wb)
+{
+        return !list_empty(&wb->b_dirty) ||
+               !list_empty(&wb->b_io) ||
+               !list_empty(&wb->b_more_io);
+}
 
 static inline void __add_bdi_stat(struct backing_dev_info *bdi,
                 enum bdi_stat_item item, s64 amount)
@@ -261,6 +303,11 @@ static inline bool bdi_cap_swap_backed(struct backing_dev_info *bdi)
         return bdi->capabilities & BDI_CAP_SWAP_BACKED;
 }
 
+static inline bool bdi_cap_flush_forker(struct backing_dev_info *bdi)
+{
+        return bdi == &default_backing_dev_info;
+}
+
 static inline bool mapping_cap_writeback_dirty(struct address_space *mapping)
 {
         return bdi_cap_writeback_dirty(mapping->backing_dev_info);
@@ -276,4 +323,10 @@ static inline bool mapping_cap_swap_backed(struct address_space *mapping)
         return bdi_cap_swap_backed(mapping->backing_dev_info);
 }
 
+static inline int bdi_sched_wait(void *word)
+{
+        schedule();
+        return 0;
+}
+
 #endif          /* _LINUX_BACKING_DEV_H */
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
index 61ee18c1bdb4..2046b5b8af48 100644
--- a/include/linux/binfmts.h
+++ b/include/linux/binfmts.h
@@ -117,6 +117,7 @@ extern int setup_arg_pages(struct linux_binprm * bprm,
                            int executable_stack);
 extern int bprm_mm_init(struct linux_binprm *bprm);
 extern int copy_strings_kernel(int argc,char ** argv,struct linux_binprm *bprm);
+extern int prepare_bprm_creds(struct linux_binprm *bprm);
 extern void install_exec_creds(struct linux_binprm *bprm);
 extern void do_coredump(long signr, int exit_code, struct pt_regs *regs);
 extern int set_binfmt(struct linux_binfmt *new);
diff --git a/include/linux/cred.h b/include/linux/cred.h
index 4fa999696310..24520a539c6f 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -114,6 +114,13 @@ struct thread_group_cred {
  */
 struct cred {
         atomic_t        usage;
+#ifdef CONFIG_DEBUG_CREDENTIALS
+        atomic_t        subscribers;    /* number of processes subscribed */
+        void            *put_addr;
+        unsigned        magic;
+#define CRED_MAGIC      0x43736564
+#define CRED_MAGIC_DEAD 0x44656144
+#endif
         uid_t           uid;            /* real UID of the task */
         gid_t           gid;            /* real GID of the task */
         uid_t           suid;           /* saved UID of the task */
@@ -143,7 +150,9 @@ struct cred {
 };
 
 extern void __put_cred(struct cred *);
+extern void exit_creds(struct task_struct *);
 extern int copy_creds(struct task_struct *, unsigned long);
+extern struct cred *cred_alloc_blank(void);
 extern struct cred *prepare_creds(void);
 extern struct cred *prepare_exec_creds(void);
 extern struct cred *prepare_usermodehelper_creds(void);
@@ -158,6 +167,60 @@ extern int set_security_override_from_ctx(struct cred *, const char *);
 extern int set_create_files_as(struct cred *, struct inode *);
 extern void __init cred_init(void);
 
+/*
+ * check for validity of credentials
+ */
+#ifdef CONFIG_DEBUG_CREDENTIALS
+extern void __invalid_creds(const struct cred *, const char *, unsigned);
+extern void __validate_process_creds(struct task_struct *,
+                                     const char *, unsigned);
+
+static inline bool creds_are_invalid(const struct cred *cred)
+{
+        if (cred->magic != CRED_MAGIC)
+                return true;
+        if (atomic_read(&cred->usage) < atomic_read(&cred->subscribers))
+                return true;
+#ifdef CONFIG_SECURITY_SELINUX
+        if ((unsigned long) cred->security < PAGE_SIZE)
+                return true;
+        if ((*(u32*)cred->security & 0xffffff00) ==
+            (POISON_FREE << 24 | POISON_FREE << 16 | POISON_FREE << 8))
+                return true;
+#endif
+        return false;
+}
+
+static inline void __validate_creds(const struct cred *cred,
+                                    const char *file, unsigned line)
+{
+        if (unlikely(creds_are_invalid(cred)))
+                __invalid_creds(cred, file, line);
+}
+
+#define validate_creds(cred)                            \
+do {                                                    \
+        __validate_creds((cred), __FILE__, __LINE__);   \
+} while(0)
+
+#define validate_process_creds()                                \
+do {                                                            \
+        __validate_process_creds(current, __FILE__, __LINE__);  \
+} while(0)
+
+extern void validate_creds_for_do_exit(struct task_struct *);
+#else
+static inline void validate_creds(const struct cred *cred)
+{
+}
+static inline void validate_creds_for_do_exit(struct task_struct *tsk)
+{
+}
+static inline void validate_process_creds(void)
+{
+}
+#endif
+
 /**
  * get_new_cred - Get a reference on a new set of credentials
  * @cred: The new credentials to reference
@@ -186,7 +249,9 @@ static inline struct cred *get_new_cred(struct cred *cred)
  */
 static inline const struct cred *get_cred(const struct cred *cred)
 {
-        return get_new_cred((struct cred *) cred);
+        struct cred *nonconst_cred = (struct cred *) cred;
+        validate_creds(cred);
+        return get_new_cred(nonconst_cred);
 }
 
 /**
@@ -204,7 +269,7 @@ static inline void put_cred(const struct cred *_cred)
 {
         struct cred *cred = (struct cred *) _cred;
 
-        BUG_ON(atomic_read(&(cred)->usage) <= 0);
+        validate_creds(cred);
         if (atomic_dec_and_test(&(cred)->usage))
                 __put_cred(cred);
 }
diff --git a/include/linux/crypto.h b/include/linux/crypto.h
index ec29fa268b94..fd929889e8dc 100644
--- a/include/linux/crypto.h
+++ b/include/linux/crypto.h
@@ -115,7 +115,6 @@ struct crypto_async_request;
 struct crypto_aead;
 struct crypto_blkcipher;
 struct crypto_hash;
-struct crypto_ahash;
 struct crypto_rng;
 struct crypto_tfm;
 struct crypto_type;
@@ -146,16 +145,6 @@ struct ablkcipher_request {
         void *__ctx[] CRYPTO_MINALIGN_ATTR;
 };
 
-struct ahash_request {
-        struct crypto_async_request base;
-
-        unsigned int nbytes;
-        struct scatterlist *src;
-        u8                 *result;
-
-        void *__ctx[] CRYPTO_MINALIGN_ATTR;
-};
-
 /**
  *      struct aead_request - AEAD request
  *      @base: Common attributes for async crypto requests
@@ -220,18 +209,6 @@ struct ablkcipher_alg {
         unsigned int ivsize;
 };
 
-struct ahash_alg {
-        int (*init)(struct ahash_request *req);
-        int (*reinit)(struct ahash_request *req);
-        int (*update)(struct ahash_request *req);
-        int (*final)(struct ahash_request *req);
-        int (*digest)(struct ahash_request *req);
-        int (*setkey)(struct crypto_ahash *tfm, const u8 *key,
-                        unsigned int keylen);
-
-        unsigned int digestsize;
-};
-
 struct aead_alg {
         int (*setkey)(struct crypto_aead *tfm, const u8 *key,
                       unsigned int keylen);
@@ -318,7 +295,6 @@ struct rng_alg {
 #define cra_cipher      cra_u.cipher
 #define cra_digest      cra_u.digest
 #define cra_hash        cra_u.hash
-#define cra_ahash       cra_u.ahash
 #define cra_compress    cra_u.compress
 #define cra_rng         cra_u.rng
 
@@ -346,7 +322,6 @@ struct crypto_alg {
                 struct cipher_alg cipher;
                 struct digest_alg digest;
                 struct hash_alg hash;
-                struct ahash_alg ahash;
                 struct compress_alg compress;
                 struct rng_alg rng;
         } cra_u;
@@ -433,18 +408,6 @@ struct hash_tfm {
         unsigned int digestsize;
 };
 
-struct ahash_tfm {
-        int (*init)(struct ahash_request *req);
-        int (*update)(struct ahash_request *req);
-        int (*final)(struct ahash_request *req);
-        int (*digest)(struct ahash_request *req);
-        int (*setkey)(struct crypto_ahash *tfm, const u8 *key,
-                        unsigned int keylen);
-
-        unsigned int digestsize;
-        unsigned int reqsize;
-};
-
 struct compress_tfm {
         int (*cot_compress)(struct crypto_tfm *tfm,
                             const u8 *src, unsigned int slen,
@@ -465,7 +428,6 @@ struct rng_tfm {
 #define crt_blkcipher   crt_u.blkcipher
 #define crt_cipher      crt_u.cipher
 #define crt_hash        crt_u.hash
-#define crt_ahash       crt_u.ahash
 #define crt_compress    crt_u.compress
 #define crt_rng         crt_u.rng
 
@@ -479,7 +441,6 @@ struct crypto_tfm {
                 struct blkcipher_tfm blkcipher;
                 struct cipher_tfm cipher;
                 struct hash_tfm hash;
-                struct ahash_tfm ahash;
                 struct compress_tfm compress;
                 struct rng_tfm rng;
         } crt_u;
@@ -770,7 +731,7 @@ static inline struct ablkcipher_request *ablkcipher_request_alloc(
 
 static inline void ablkcipher_request_free(struct ablkcipher_request *req)
 {
-        kfree(req);
+        kzfree(req);
 }
 
 static inline void ablkcipher_request_set_callback(
@@ -901,7 +862,7 @@ static inline struct aead_request *aead_request_alloc(struct crypto_aead *tfm,
 
 static inline void aead_request_free(struct aead_request *req)
 {
-        kfree(req);
+        kzfree(req);
 }
 
 static inline void aead_request_set_callback(struct aead_request *req,
diff --git a/include/linux/device-mapper.h b/include/linux/device-mapper.h
index 655e7721580a..df7607e6dce8 100644
--- a/include/linux/device-mapper.h
+++ b/include/linux/device-mapper.h
@@ -91,6 +91,9 @@ typedef int (*dm_iterate_devices_fn) (struct dm_target *ti,
                                       iterate_devices_callout_fn fn,
                                       void *data);
 
+typedef void (*dm_io_hints_fn) (struct dm_target *ti,
+                                struct queue_limits *limits);
+
 /*
  * Returns:
  *    0: The target can handle the next I/O immediately.
@@ -151,6 +154,7 @@ struct target_type {
         dm_merge_fn merge;
         dm_busy_fn busy;
         dm_iterate_devices_fn iterate_devices;
+        dm_io_hints_fn io_hints;
 
         /* For internal device-mapper use. */
         struct list_head list;
diff --git a/include/linux/dm-log-userspace.h b/include/linux/dm-log-userspace.h
index 642e3017b51f..8a1f972c0fe9 100644
--- a/include/linux/dm-log-userspace.h
+++ b/include/linux/dm-log-userspace.h
@@ -371,7 +371,18 @@
         (DM_ULOG_REQUEST_MASK & (request_type))
 
 struct dm_ulog_request {
-        char uuid[DM_UUID_LEN]; /* Ties a request to a specific mirror log */
+        /*
+         * The local unique identifier (luid) and the universally unique
+         * identifier (uuid) are used to tie a request to a specific
+         * mirror log.  A single machine log could probably make due with
+         * just the 'luid', but a cluster-aware log must use the 'uuid' and
+         * the 'luid'.  The uuid is what is required for node to node
+         * communication concerning a particular log, but the 'luid' helps
+         * differentiate between logs that are being swapped and have the
+         * same 'uuid'.  (Think "live" and "inactive" device-mapper tables.)
+         */
+        uint64_t luid;
+        char uuid[DM_UUID_LEN];
         char padding[7];        /* Padding because DM_UUID_LEN = 129 */
 
         int32_t error;          /* Used to report back processing errors */
diff --git a/include/linux/fips.h b/include/linux/fips.h
new file mode 100644
index 000000000000..f8fb07b0b6b8
--- /dev/null
+++ b/include/linux/fips.h
@@ -0,0 +1,10 @@
+#ifndef _FIPS_H
+#define _FIPS_H
+
+#ifdef CONFIG_CRYPTO_FIPS
+extern int fips_enabled;
+#else
+#define fips_enabled 0
+#endif
+
+#endif
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 73e9b643e455..a79f48373e7e 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -715,7 +715,7 @@ struct posix_acl;
 
 struct inode {
         struct hlist_node       i_hash;
-        struct list_head        i_list;
+        struct list_head        i_list;         /* backing dev IO list */
         struct list_head        i_sb_list;
         struct list_head        i_dentry;
         unsigned long           i_ino;
@@ -1336,9 +1336,6 @@ struct super_block {
         struct xattr_handler    **s_xattr;
 
         struct list_head        s_inodes;       /* all inodes */
-        struct list_head        s_dirty;        /* dirty inodes */
-        struct list_head        s_io;           /* parked for writeback */
-        struct list_head        s_more_io;      /* parked for more writeback */
         struct hlist_head       s_anon;         /* anonymous dentries for (nfs) exporting */
         struct list_head        s_files;
         /* s_dentry_lru and s_nr_dentry_unused are protected by dcache_lock */
@@ -1528,6 +1525,7 @@ struct inode_operations {
         void (*put_link) (struct dentry *, struct nameidata *, void *);
         void (*truncate) (struct inode *);
         int (*permission) (struct inode *, int);
+        int (*check_acl)(struct inode *, int);
         int (*setattr) (struct dentry *, struct iattr *);
         int (*getattr) (struct vfsmount *mnt, struct dentry *, struct kstat *);
         int (*setxattr) (struct dentry *, const char *,const void *,size_t,int);
@@ -1788,6 +1786,7 @@ extern int get_sb_pseudo(struct file_system_type *, char *,
         struct vfsmount *mnt);
 extern void simple_set_mnt(struct vfsmount *mnt, struct super_block *sb);
 int __put_super_and_need_restart(struct super_block *sb);
+void put_super(struct super_block *sb);
 
 /* Alas, no aliases. Too much hassle with bringing module.h everywhere */
 #define fops_get(fops) \
@@ -1998,12 +1997,25 @@ extern void bd_release_from_disk(struct block_device *, struct gendisk *);
 #define CHRDEV_MAJOR_HASH_SIZE  255
 extern int alloc_chrdev_region(dev_t *, unsigned, unsigned, const char *);
 extern int register_chrdev_region(dev_t, unsigned, const char *);
-extern int register_chrdev(unsigned int, const char *,
-                           const struct file_operations *);
-extern void unregister_chrdev(unsigned int, const char *);
+extern int __register_chrdev(unsigned int major, unsigned int baseminor,
+                             unsigned int count, const char *name,
+                             const struct file_operations *fops);
+extern void __unregister_chrdev(unsigned int major, unsigned int baseminor,
+                                unsigned int count, const char *name);
 extern void unregister_chrdev_region(dev_t, unsigned);
 extern void chrdev_show(struct seq_file *,off_t);
 
+static inline int register_chrdev(unsigned int major, const char *name,
+                                  const struct file_operations *fops)
+{
+        return __register_chrdev(major, 0, 256, name, fops);
+}
+
+static inline void unregister_chrdev(unsigned int major, const char *name)
+{
+        __unregister_chrdev(major, 0, 256, name);
+}
+
 /* fs/block_dev.c */
 #define BDEVNAME_SIZE   32      /* Largest string for a blockdev identifier */
 #define BDEVT_SIZE      10      /* Largest string for MAJ:MIN for blkdev */
@@ -2070,8 +2082,6 @@ static inline void invalidate_remote_inode(struct inode *inode)
 extern int invalidate_inode_pages2(struct address_space *mapping);
 extern int invalidate_inode_pages2_range(struct address_space *mapping,
                                          pgoff_t start, pgoff_t end);
-extern void generic_sync_sb_inodes(struct super_block *sb,
-                                struct writeback_control *wbc);
 extern int write_inode_now(struct inode *, int);
 extern int filemap_fdatawrite(struct address_space *);
 extern int filemap_flush(struct address_space *);
@@ -2186,7 +2196,6 @@ extern int bdev_read_only(struct block_device *);
 extern int set_blocksize(struct block_device *, int);
 extern int sb_set_blocksize(struct super_block *, int);
 extern int sb_min_blocksize(struct super_block *, int);
-extern int sb_has_dirty_inodes(struct super_block *);
 
 extern int generic_file_mmap(struct file *, struct vm_area_struct *);
 extern int generic_file_readonly_mmap(struct file *, struct vm_area_struct *);
diff --git a/include/linux/key.h b/include/linux/key.h
index e544f466d69a..cd50dfa1d4c2 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -129,7 +129,10 @@ struct key {
         struct rw_semaphore     sem;            /* change vs change sem */
         struct key_user         *user;          /* owner of this key */
         void                    *security;      /* security data for this key */
-        time_t                  expiry;         /* time at which key expires (or 0) */
+        union {
+                time_t          expiry;         /* time at which key expires (or 0) */
+                time_t          revoked_at;     /* time at which key was revoked */
+        };
         uid_t                   uid;
         gid_t                   gid;
         key_perm_t              perm;           /* access permissions */
@@ -275,6 +278,8 @@ static inline key_serial_t key_serial(struct key *key)
 extern ctl_table key_sysctls[];
 #endif
 
+extern void key_replace_session_keyring(void);
+
 /*
  * the userspace interface
  */
@@ -297,6 +302,7 @@ extern void key_init(void);
 #define key_fsuid_changed(t)            do { } while(0)
 #define key_fsgid_changed(t)            do { } while(0)
 #define key_init()                      do { } while(0)
+#define key_replace_session_keyring()   do { } while(0)
 
 #endif /* CONFIG_KEYS */
 #endif /* __KERNEL__ */
diff --git a/include/linux/keyctl.h b/include/linux/keyctl.h
index c0688eb72093..bd383f1944fb 100644
--- a/include/linux/keyctl.h
+++ b/include/linux/keyctl.h
@@ -52,5 +52,6 @@
 #define KEYCTL_SET_TIMEOUT              15      /* set key timeout */
 #define KEYCTL_ASSUME_AUTHORITY         16      /* assume request_key() authorisation */
 #define KEYCTL_GET_SECURITY             17      /* get key security label */
+#define KEYCTL_SESSION_TO_PARENT        18      /* apply session keyring to parent process */
 
 #endif /*  _LINUX_KEYCTL_H */
diff --git a/include/linux/kmemcheck.h b/include/linux/kmemcheck.h
index 47b39b7c7e84..dc2fd545db00 100644
--- a/include/linux/kmemcheck.h
+++ b/include/linux/kmemcheck.h
@@ -34,6 +34,8 @@ void kmemcheck_mark_initialized_pages(struct page *p, unsigned int n);
 int kmemcheck_show_addr(unsigned long address);
 int kmemcheck_hide_addr(unsigned long address);
 
+bool kmemcheck_is_obj_initialized(unsigned long addr, size_t size);
+
 #else
 #define kmemcheck_enabled 0
 
@@ -99,6 +101,11 @@ static inline void kmemcheck_mark_initialized_pages(struct page *p,
 {
 }
 
+static inline bool kmemcheck_is_obj_initialized(unsigned long addr, size_t size)
+{
+        return true;
+}
+
 #endif /* CONFIG_KMEMCHECK */
 
 /*
diff --git a/include/linux/kmemleak.h b/include/linux/kmemleak.h
index 6a63807f714e..3c7497d46ee9 100644
--- a/include/linux/kmemleak.h
+++ b/include/linux/kmemleak.h
@@ -23,18 +23,18 @@
 
 #ifdef CONFIG_DEBUG_KMEMLEAK
 
-extern void kmemleak_init(void);
+extern void kmemleak_init(void) __ref;
 extern void kmemleak_alloc(const void *ptr, size_t size, int min_count,
-                           gfp_t gfp);
-extern void kmemleak_free(const void *ptr);
-extern void kmemleak_free_part(const void *ptr, size_t size);
+                           gfp_t gfp) __ref;
+extern void kmemleak_free(const void *ptr) __ref;
+extern void kmemleak_free_part(const void *ptr, size_t size) __ref;
 extern void kmemleak_padding(const void *ptr, unsigned long offset,
-                             size_t size);
-extern void kmemleak_not_leak(const void *ptr);
-extern void kmemleak_ignore(const void *ptr);
+                             size_t size) __ref;
+extern void kmemleak_not_leak(const void *ptr) __ref;
+extern void kmemleak_ignore(const void *ptr) __ref;
 extern void kmemleak_scan_area(const void *ptr, unsigned long offset,
-                               size_t length, gfp_t gfp);
-extern void kmemleak_no_scan(const void *ptr);
+                               size_t length, gfp_t gfp) __ref;
+extern void kmemleak_no_scan(const void *ptr) __ref;
 
 static inline void kmemleak_alloc_recursive(const void *ptr, size_t size,
                                             int min_count, unsigned long flags,
diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h
index e461b2c3d711..190c37854870 100644
--- a/include/linux/lsm_audit.h
+++ b/include/linux/lsm_audit.h
@@ -33,6 +33,7 @@ struct common_audit_data {
 #define LSM_AUDIT_DATA_IPC     4
 #define LSM_AUDIT_DATA_TASK    5
 #define LSM_AUDIT_DATA_KEY     6
+#define LSM_AUDIT_NO_AUDIT     7
         struct task_struct *tsk;
         union   {
                 struct {
@@ -66,16 +67,19 @@ struct common_audit_data {
                 } key_struct;
 #endif
         } u;
-        const char *function;
         /* this union contains LSM specific data */
         union {
+#ifdef CONFIG_SECURITY_SMACK
                 /* SMACK data */
                 struct smack_audit_data {
+                        const char *function;
                         char *subject;
                         char *object;
                         char *request;
                         int result;
                 } smack_audit_data;
+#endif
+#ifdef CONFIG_SECURITY_SELINUX
                 /* SELinux data */
                 struct {
                         u32 ssid;
@@ -83,10 +87,12 @@ struct common_audit_data {
                         u16 tclass;
                         u32 requested;
                         u32 audited;
+                        u32 denied;
                         struct av_decision *avd;
                         int result;
                 } selinux_audit_data;
-        } lsm_priv;
+#endif
+        };
         /* these callback will be implemented by a specific LSM */
         void (*lsm_pre_audit)(struct audit_buffer *, void *);
         void (*lsm_post_audit)(struct audit_buffer *, void *);
@@ -104,7 +110,7 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb,
 /* Initialize an LSM audit data structure. */
 #define COMMON_AUDIT_DATA_INIT(_d, _t) \
         { memset((_d), 0, sizeof(struct common_audit_data)); \
-         (_d)->type = LSM_AUDIT_DATA_##_t; (_d)->function = __func__; }
+         (_d)->type = LSM_AUDIT_DATA_##_t; }
 
 void common_lsm_audit(struct common_audit_data *a);
 
diff --git a/include/linux/nmi.h b/include/linux/nmi.h
index 29af2d5df097..b752e807adde 100644
--- a/include/linux/nmi.h
+++ b/include/linux/nmi.h
@@ -28,8 +28,23 @@ static inline void acpi_nmi_disable(void) { }
 static inline void acpi_nmi_enable(void) { }
 #endif
 
-#ifndef trigger_all_cpu_backtrace
-#define trigger_all_cpu_backtrace() do { } while (0)
+/*
+ * Create trigger_all_cpu_backtrace() out of the arch-provided
+ * base function. Return whether such support was available,
+ * to allow calling code to fall back to some other mechanism:
+ */
+#ifdef arch_trigger_all_cpu_backtrace
+static inline bool trigger_all_cpu_backtrace(void)
+{
+        arch_trigger_all_cpu_backtrace();
+
+        return true;
+}
+#else
+static inline bool trigger_all_cpu_backtrace(void)
+{
+        return false;
+}
 #endif
 
 #endif
diff --git a/include/linux/sched.h b/include/linux/sched.h
index 0f1ea4a66957..9304027673b0 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -1292,6 +1292,7 @@ struct task_struct {
         struct mutex cred_guard_mutex;  /* guard against foreign influences on
                                          * credential calculations
                                          * (notably. ptrace) */
+        struct cred *replacement_session_keyring; /* for KEYCTL_SESSION_TO_PARENT */
 
         char comm[TASK_COMM_LEN]; /* executable name excluding path
                                      - access with [gs]et_task_comm (which lock
@@ -2077,7 +2078,7 @@ static inline unsigned long wait_task_inactive(struct task_struct *p,
 #define for_each_process(p) \
         for (p = &init_task ; (p = next_task(p)) != &init_task ; )
 
-extern bool is_single_threaded(struct task_struct *);
+extern bool current_is_single_threaded(void);
 
 /*
  * Careful: do_each_thread/while_each_thread is a double loop so
diff --git a/include/linux/security.h b/include/linux/security.h
index 1f16eea2017b..d050b66ab9ef 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -53,7 +53,7 @@ struct audit_krule;
 extern int cap_capable(struct task_struct *tsk, const struct cred *cred,
                        int cap, int audit);
 extern int cap_settime(struct timespec *ts, struct timezone *tz);
-extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode);
+extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode);
 extern int cap_ptrace_traceme(struct task_struct *parent);
 extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
 extern int cap_capset(struct cred *new, const struct cred *old,
@@ -653,6 +653,11 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
  *      manual page for definitions of the @clone_flags.
  *      @clone_flags contains the flags indicating what should be shared.
  *      Return 0 if permission is granted.
+ * @cred_alloc_blank:
+ *      @cred points to the credentials.
+ *      @gfp indicates the atomicity of any memory allocations.
+ *      Only allocate sufficient memory and attach to @cred such that
+ *      cred_transfer() will not get ENOMEM.
  * @cred_free:
  *      @cred points to the credentials.
  *      Deallocate and clear the cred->security field in a set of credentials.
@@ -665,6 +670,10 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
  *      @new points to the new credentials.
  *      @old points to the original credentials.
  *      Install a new set of credentials.
+ * @cred_transfer:
+ *      @new points to the new credentials.
+ *      @old points to the original credentials.
+ *      Transfer data from original creds to new creds
  * @kernel_act_as:
  *      Set the credentials for a kernel service to act as (subjective context).
  *      @new points to the credentials to be modified.
@@ -678,6 +687,10 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
  *      @inode points to the inode to use as a reference.
  *      The current task must be the one that nominated @inode.
  *      Return 0 if successful.
+ * @kernel_module_request:
+ *      Ability to trigger the kernel to automatically upcall to userspace for
+ *      userspace to load a kernel module with the given name.
+ *      Return 0 if successful.
  * @task_setuid:
  *      Check permission before setting one or more of the user identity
  *      attributes of the current process.  The @flags parameter indicates
@@ -994,6 +1007,17 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
  *      Sets the connection's peersid to the secmark on skb.
  * @req_classify_flow:
  *      Sets the flow's sid to the openreq sid.
+ * @tun_dev_create:
+ *      Check permissions prior to creating a new TUN device.
+ * @tun_dev_post_create:
+ *      This hook allows a module to update or allocate a per-socket security
+ *      structure.
+ *      @sk contains the newly created sock structure.
+ * @tun_dev_attach:
+ *      Check permissions prior to attaching to a persistent TUN device.  This
+ *      hook can also be used by the module to update any security state
+ *      associated with the TUN device's sock structure.
+ *      @sk contains the existing sock structure.
  *
  * Security hooks for XFRM operations.
  *
@@ -1088,6 +1112,13 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
  *      Return the length of the string (including terminating NUL) or -ve if
  *      an error.
  *      May also return 0 (and a NULL buffer pointer) if there is no label.
+ * @key_session_to_parent:
+ *      Forcibly assign the session keyring from a process to its parent
+ *      process.
+ *      @cred: Pointer to process's credentials
+ *      @parent_cred: Pointer to parent process's credentials
+ *      @keyring: Proposed new session keyring
+ *      Return 0 if permission is granted, -ve error otherwise.
  *
  * Security hooks affecting all System V IPC operations.
  *
@@ -1229,7 +1260,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
  *      @alter contains the flag indicating whether changes are to be made.
  *      Return 0 if permission is granted.
  *
- * @ptrace_may_access:
+ * @ptrace_access_check:
  *      Check permission before allowing the current process to trace the
  *      @child process.
  *      Security modules may also want to perform a process tracing check
@@ -1244,7 +1275,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
  *      Check that the @parent process has sufficient permission to trace the
  *      current process before allowing the current process to present itself
  *      to the @parent process for tracing.
- *      The parent process will still have to undergo the ptrace_may_access
+ *      The parent process will still have to undergo the ptrace_access_check
  *      checks before it is allowed to trace this one.
  *      @parent contains the task_struct structure for debugger process.
  *      Return 0 if permission is granted.
@@ -1351,12 +1382,47 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
  *      audit_rule_init.
  *      @rule contains the allocated rule
  *
+ * @inode_notifysecctx:
+ *      Notify the security module of what the security context of an inode
+ *      should be.  Initializes the incore security context managed by the
+ *      security module for this inode.  Example usage:  NFS client invokes
+ *      this hook to initialize the security context in its incore inode to the
+ *      value provided by the server for the file when the server returned the
+ *      file's attributes to the client.
+ *
+ *      Must be called with inode->i_mutex locked.
+ *
+ *      @inode we wish to set the security context of.
+ *      @ctx contains the string which we wish to set in the inode.
+ *      @ctxlen contains the length of @ctx.
+ *
+ * @inode_setsecctx:
+ *      Change the security context of an inode.  Updates the
+ *      incore security context managed by the security module and invokes the
+ *      fs code as needed (via __vfs_setxattr_noperm) to update any backing
+ *      xattrs that represent the context.  Example usage:  NFS server invokes
+ *      this hook to change the security context in its incore inode and on the
+ *      backing filesystem to a value provided by the client on a SETATTR
+ *      operation.
+ *
+ *      Must be called with inode->i_mutex locked.
+ *
+ *      @dentry contains the inode we wish to set the security context of.
+ *      @ctx contains the string which we wish to set in the inode.
+ *      @ctxlen contains the length of @ctx.
+ *
+ * @inode_getsecctx:
+ *      Returns a string containing all relavent security context information
+ *
+ *      @inode we wish to set the security context of.
+ *      @ctx is a pointer in which to place the allocated security context.
+ *      @ctxlen points to the place to put the length of @ctx.
  * This is the main security structure.
  */
 struct security_operations {
         char name[SECURITY_NAME_MAX + 1];
 
-        int (*ptrace_may_access) (struct task_struct *child, unsigned int mode);
+        int (*ptrace_access_check) (struct task_struct *child, unsigned int mode);
         int (*ptrace_traceme) (struct task_struct *parent);
         int (*capget) (struct task_struct *target,
                        kernel_cap_t *effective,
@@ -1483,12 +1549,15 @@ struct security_operations {
         int (*dentry_open) (struct file *file, const struct cred *cred);
 
         int (*task_create) (unsigned long clone_flags);
+        int (*cred_alloc_blank) (struct cred *cred, gfp_t gfp);
         void (*cred_free) (struct cred *cred);
         int (*cred_prepare)(struct cred *new, const struct cred *old,
                             gfp_t gfp);
         void (*cred_commit)(struct cred *new, const struct cred *old);
+        void (*cred_transfer)(struct cred *new, const struct cred *old);
         int (*kernel_act_as)(struct cred *new, u32 secid);
         int (*kernel_create_files_as)(struct cred *new, struct inode *inode);
+        int (*kernel_module_request)(void);
         int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags);
         int (*task_fix_setuid) (struct cred *new, const struct cred *old,
                                 int flags);
@@ -1556,6 +1625,10 @@ struct security_operations {
         int (*secctx_to_secid) (const char *secdata, u32 seclen, u32 *secid);
         void (*release_secctx) (char *secdata, u32 seclen);
 
+        int (*inode_notifysecctx)(struct inode *inode, void *ctx, u32 ctxlen);
+        int (*inode_setsecctx)(struct dentry *dentry, void *ctx, u32 ctxlen);
+        int (*inode_getsecctx)(struct inode *inode, void **ctx, u32 *ctxlen);
+
 #ifdef CONFIG_SECURITY_NETWORK
         int (*unix_stream_connect) (struct socket *sock,
                                     struct socket *other, struct sock *newsk);
@@ -1592,6 +1665,9 @@ struct security_operations {
         void (*inet_csk_clone) (struct sock *newsk, const struct request_sock *req);
         void (*inet_conn_established) (struct sock *sk, struct sk_buff *skb);
         void (*req_classify_flow) (const struct request_sock *req, struct flowi *fl);
+        int (*tun_dev_create)(void);
+        void (*tun_dev_post_create)(struct sock *sk);
+        int (*tun_dev_attach)(struct sock *sk);
 #endif  /* CONFIG_SECURITY_NETWORK */
 
 #ifdef CONFIG_SECURITY_NETWORK_XFRM
@@ -1620,6 +1696,9 @@ struct security_operations {
                                const struct cred *cred,
                                key_perm_t perm);
         int (*key_getsecurity)(struct key *key, char **_buffer);
+        int (*key_session_to_parent)(const struct cred *cred,
+                                     const struct cred *parent_cred,
+                                     struct key *key);
 #endif  /* CONFIG_KEYS */
 
 #ifdef CONFIG_AUDIT
@@ -1637,7 +1716,7 @@ extern int security_module_enable(struct security_operations *ops);
 extern int register_security(struct security_operations *ops);
 
 /* Security operations */
-int security_ptrace_may_access(struct task_struct *child, unsigned int mode);
+int security_ptrace_access_check(struct task_struct *child, unsigned int mode);
 int security_ptrace_traceme(struct task_struct *parent);
 int security_capget(struct task_struct *target,
                     kernel_cap_t *effective,
@@ -1736,11 +1815,14 @@ int security_file_send_sigiotask(struct task_struct *tsk,
 int security_file_receive(struct file *file);
 int security_dentry_open(struct file *file, const struct cred *cred);
 int security_task_create(unsigned long clone_flags);
+int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
 void security_cred_free(struct cred *cred);
 int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
 void security_commit_creds(struct cred *new, const struct cred *old);
+void security_transfer_creds(struct cred *new, const struct cred *old);
 int security_kernel_act_as(struct cred *new, u32 secid);
 int security_kernel_create_files_as(struct cred *new, struct inode *inode);
+int security_kernel_module_request(void);
 int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags);
 int security_task_fix_setuid(struct cred *new, const struct cred *old,
                              int flags);
@@ -1796,6 +1878,9 @@ int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
 int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid);
 void security_release_secctx(char *secdata, u32 seclen);
 
+int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
+int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
+int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
 #else /* CONFIG_SECURITY */
 struct security_mnt_opts {
 };
@@ -1818,10 +1903,10 @@ static inline int security_init(void)
         return 0;
 }
 
-static inline int security_ptrace_may_access(struct task_struct *child,
+static inline int security_ptrace_access_check(struct task_struct *child,
                                              unsigned int mode)
 {
-        return cap_ptrace_may_access(child, mode);
+        return cap_ptrace_access_check(child, mode);
 }
 
 static inline int security_ptrace_traceme(struct task_struct *parent)
@@ -2266,6 +2351,11 @@ static inline int security_task_create(unsigned long clone_flags)
         return 0;
 }
 
+static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
+{
+        return 0;
+}
+
 static inline void security_cred_free(struct cred *cred)
 { }
 
@@ -2281,6 +2371,11 @@ static inline void security_commit_creds(struct cred *new,
 {
 }
 
+static inline void security_transfer_creds(struct cred *new,
+                                           const struct cred *old)
+{
+}
+
 static inline int security_kernel_act_as(struct cred *cred, u32 secid)
 {
         return 0;
@@ -2292,6 +2387,11 @@ static inline int security_kernel_create_files_as(struct cred *cred,
         return 0;
 }
 
+static inline int security_kernel_module_request(void)
+{
+        return 0;
+}
+
 static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2,
                                        int flags)
 {
@@ -2537,6 +2637,19 @@ static inline int security_secctx_to_secid(const char *secdata,
 static inline void security_release_secctx(char *secdata, u32 seclen)
 {
 }
+
+static inline int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
+{
+        return -EOPNOTSUPP;
+}
+static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
+{
+        return -EOPNOTSUPP;
+}
+static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
+{
+        return -EOPNOTSUPP;
+}
 #endif  /* CONFIG_SECURITY */
 
 #ifdef CONFIG_SECURITY_NETWORK
@@ -2575,6 +2688,9 @@ void security_inet_csk_clone(struct sock *newsk,
                         const struct request_sock *req);
 void security_inet_conn_established(struct sock *sk,
                         struct sk_buff *skb);
+int security_tun_dev_create(void);
+void security_tun_dev_post_create(struct sock *sk);
+int security_tun_dev_attach(struct sock *sk);
 
 #else   /* CONFIG_SECURITY_NETWORK */
 static inline int security_unix_stream_connect(struct socket *sock,
@@ -2725,6 +2841,20 @@ static inline void security_inet_conn_established(struct sock *sk,
                         struct sk_buff *skb)
 {
 }
+
+static inline int security_tun_dev_create(void)
+{
+        return 0;
+}
+
+static inline void security_tun_dev_post_create(struct sock *sk)
+{
+}
+
+static inline int security_tun_dev_attach(struct sock *sk)
+{
+        return 0;
+}
 #endif  /* CONFIG_SECURITY_NETWORK */
 
 #ifdef CONFIG_SECURITY_NETWORK_XFRM
@@ -2881,6 +3011,9 @@ void security_key_free(struct key *key);
 int security_key_permission(key_ref_t key_ref,
                             const struct cred *cred, key_perm_t perm);
 int security_key_getsecurity(struct key *key, char **_buffer);
+int security_key_session_to_parent(const struct cred *cred,
+                                   const struct cred *parent_cred,
+                                   struct key *key);
 
 #else
 
@@ -2908,6 +3041,13 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer)
         return 0;
 }
 
+static inline int security_key_session_to_parent(const struct cred *cred,
+                                                 const struct cred *parent_cred,
+                                                 struct key *key)
+{
+        return 0;
+}
+
 #endif
 #endif /* CONFIG_KEYS */
 
diff --git a/include/linux/shmem_fs.h b/include/linux/shmem_fs.h
index abff6c9b413c..6d3f2f449ead 100644
--- a/include/linux/shmem_fs.h
+++ b/include/linux/shmem_fs.h
@@ -39,7 +39,7 @@ static inline struct shmem_inode_info *SHMEM_I(struct inode *inode)
 }
 
 #ifdef CONFIG_TMPFS_POSIX_ACL
-int shmem_permission(struct inode *, int);
+int shmem_check_acl(struct inode *, int);
 int shmem_acl_init(struct inode *, struct inode *);
 
 extern struct xattr_handler shmem_xattr_acl_access_handler;
diff --git a/include/linux/tty.h b/include/linux/tty.h
index e8c6c9136c97..0d3974f59c53 100644
--- a/include/linux/tty.h
+++ b/include/linux/tty.h
@@ -23,7 +23,7 @@
  */
 #define NR_UNIX98_PTY_DEFAULT   4096      /* Default maximum for Unix98 ptys */
 #define NR_UNIX98_PTY_MAX       (1 << MINORBITS) /* Absolute limit */
-#define NR_LDISCS               19
+#define NR_LDISCS               20
 
 /* line disciplines */
 #define N_TTY           0
@@ -47,6 +47,8 @@
 #define N_SLCAN         17      /* Serial / USB serial CAN Adaptors */
 #define N_PPS           18      /* Pulse per Second */
 
+#define N_V253          19      /* Codec control over voice modem */
+
 /*
  * This character is the same as _POSIX_VDISABLE: it cannot be used as
  * a c_cc[] character, but indicates that a particular special character
diff --git a/include/linux/workqueue.h b/include/linux/workqueue.h
index 13e1adf55c4c..6273fa97b527 100644
--- a/include/linux/workqueue.h
+++ b/include/linux/workqueue.h
@@ -240,6 +240,21 @@ static inline int cancel_delayed_work(struct delayed_work *work)
         return ret;
 }
 
+/*
+ * Like above, but uses del_timer() instead of del_timer_sync(). This means,
+ * if it returns 0 the timer function may be running and the queueing is in
+ * progress.
+ */
+static inline int __cancel_delayed_work(struct delayed_work *work)
+{
+        int ret;
+
+        ret = del_timer(&work->timer);
+        if (ret)
+                work_clear_pending(&work->work);
+        return ret;
+}
+
 extern int cancel_delayed_work_sync(struct delayed_work *work);
 
 /* Obsolete. use cancel_delayed_work_sync() */
diff --git a/include/linux/writeback.h b/include/linux/writeback.h
index 3224820c8514..78b1e4684cc9 100644
--- a/include/linux/writeback.h
+++ b/include/linux/writeback.h
@@ -14,17 +14,6 @@ extern struct list_head inode_in_use;
 extern struct list_head inode_unused;
 
 /*
- * Yes, writeback.h requires sched.h
- * No, sched.h is not included from here.
- */
-static inline int task_is_pdflush(struct task_struct *task)
-{
-        return task->flags & PF_FLUSHER;
-}
-
-#define current_is_pdflush()    task_is_pdflush(current)
-
-/*
  * fs/fs-writeback.c
  */
 enum writeback_sync_modes {
@@ -40,6 +29,8 @@ enum writeback_sync_modes {
 struct writeback_control {
         struct backing_dev_info *bdi;   /* If !NULL, only write back this
                                            queue */
+        struct super_block *sb;         /* if !NULL, only write inodes from
+                                           this super_block */
         enum writeback_sync_modes sync_mode;
         unsigned long *older_than_this; /* If !NULL, only write back inodes
                                            older than this */
@@ -76,9 +67,13 @@ struct writeback_control {
 /*
  * fs/fs-writeback.c
  */     
-void writeback_inodes(struct writeback_control *wbc);
+struct bdi_writeback;
 int inode_wait(void *);
-void sync_inodes_sb(struct super_block *, int wait);
+long writeback_inodes_sb(struct super_block *);
+long sync_inodes_sb(struct super_block *);
+void writeback_inodes_wbc(struct writeback_control *wbc);
+long wb_do_writeback(struct bdi_writeback *wb, int force_wait);
+void wakeup_flusher_threads(long nr_pages);
 
 /* writeback.h requires fs.h; it, too, is not included from here. */
 static inline void wait_on_inode(struct inode *inode)
@@ -98,7 +93,6 @@ static inline void inode_sync_wait(struct inode *inode)
 /*
  * mm/page-writeback.c
  */
-int wakeup_pdflush(long nr_pages);
 void laptop_io_completion(void);
 void laptop_sync_completion(void);
 void throttle_vm_writeout(gfp_t gfp_mask);
@@ -150,7 +144,6 @@ balance_dirty_pages_ratelimited(struct address_space *mapping)
 typedef int (*writepage_t)(struct page *page, struct writeback_control *wbc,
                                 void *data);
 
-int pdflush_operation(void (*fn)(unsigned long), unsigned long arg0);
 int generic_writepages(struct address_space *mapping,
                        struct writeback_control *wbc);
 int write_cache_pages(struct address_space *mapping,
diff --git a/include/linux/xattr.h b/include/linux/xattr.h
index d131e352cfe1..5c84af8c5f6f 100644
--- a/include/linux/xattr.h
+++ b/include/linux/xattr.h
@@ -49,6 +49,7 @@ struct xattr_handler {
 ssize_t xattr_getsecurity(struct inode *, const char *, void *, size_t);
 ssize_t vfs_getxattr(struct dentry *, const char *, void *, size_t);
 ssize_t vfs_listxattr(struct dentry *d, char *list, size_t size);
+int __vfs_setxattr_noperm(struct dentry *, const char *, const void *, size_t, int);
 int vfs_setxattr(struct dentry *, const char *, const void *, size_t, int);
 int vfs_removexattr(struct dentry *, const char *);