17 files changed, 759 insertions, 237 deletions
diff --git a/net/Kconfig b/net/Kconfig
index e24fa0873f32..e330594d3709 100644
--- a/net/Kconfig
+++ b/net/Kconfig
@@ -213,6 +213,7 @@ source "net/phonet/Kconfig"
 source "net/ieee802154/Kconfig"
 source "net/sched/Kconfig"
 source "net/dcb/Kconfig"
+source "net/dns_resolver/Kconfig"
 config RPS
        boolean
diff --git a/net/Makefile b/net/Makefile
index 41d420070a38..ea60fbce9b1b 100644
--- a/net/Makefile
+++ b/net/Makefile
@@ -67,3 +67,4 @@ ifeq ($(CONFIG_NET),y)
 obj-$(CONFIG_SYSCTL)            += sysctl_net.o
 endif
 obj-$(CONFIG_WIMAX)             += wimax/
+obj-$(CONFIG_DNS_RESOLVER)      += dns_resolver/
diff --git a/net/dns_resolver/Kconfig b/net/dns_resolver/Kconfig
new file mode 100644
index 000000000000..50d49f7e0472
--- /dev/null
+++ b/net/dns_resolver/Kconfig
@@ -0,0 +1,27 @@
+#
+# Configuration for DNS Resolver
+#
+config DNS_RESOLVER
+        tristate "DNS Resolver support"
+        depends on NET && KEYS
+        help
+          Saying Y here will include support for the DNS Resolver key type
+          which can be used to make upcalls to perform DNS lookups in
+          userspace.
+          DNS Resolver is used to query DNS server for information.  Examples
+          being resolving a UNC hostname element to an IP address for CIFS or
+          performing a DNS query for AFSDB records so that AFS can locate a
+          cell's volume location database servers.
+          DNS Resolver is used by the CIFS and AFS modules, and would support
+          SMB2 later.  DNS Resolver is supported by the userspace upcall
+          helper "/sbin/dns.resolver" via /etc/request-key.conf.
+          See <file:Documentation/networking/dns_resolver.txt> for further
+          information.
+          To compile this as a module, choose M here: the module will be called
+          dnsresolver.
+          If unsure, say N.
diff --git a/net/dns_resolver/Makefile b/net/dns_resolver/Makefile
new file mode 100644
index 000000000000..c0ef4e71dc49
--- /dev/null
+++ b/net/dns_resolver/Makefile
@@ -0,0 +1,7 @@
+#
+# Makefile for the Linux DNS Resolver.
+#
+obj-$(CONFIG_DNS_RESOLVER) += dns_resolver.o
+dns_resolver-objs :=  dns_key.o dns_query.o
diff --git a/net/dns_resolver/dns_key.c b/net/dns_resolver/dns_key.c
new file mode 100644
index 000000000000..400a04d5c9a1
--- /dev/null
+++ b/net/dns_resolver/dns_key.c
@@ -0,0 +1,211 @@
+/* Key type used to cache DNS lookups made by the kernel
+ *
+ * See Documentation/networking/dns_resolver.txt
+ *
+ *   Copyright (c) 2007 Igor Mammedov
+ *   Author(s): Igor Mammedov (niallain@gmail.com)
+ *              Steve French (sfrench@us.ibm.com)
+ *              Wang Lei (wang840925@gmail.com)
+ *              David Howells (dhowells@redhat.com)
+ *
+ *   This library is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU Lesser General Public License as published
+ *   by the Free Software Foundation; either version 2.1 of the License, or
+ *   (at your option) any later version.
+ *
+ *   This library is distributed in the hope that it will be useful,
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
+ *   the GNU Lesser General Public License for more details.
+ *
+ *   You should have received a copy of the GNU Lesser General Public License
+ *   along with this library; if not, write to the Free Software
+ *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+#include <linux/module.h>
+#include <linux/moduleparam.h>
+#include <linux/slab.h>
+#include <linux/string.h>
+#include <linux/kernel.h>
+#include <linux/keyctl.h>
+#include <linux/err.h>
+#include <keys/dns_resolver-type.h>
+#include <keys/user-type.h>
+#include "internal.h"
+MODULE_DESCRIPTION("DNS Resolver");
+MODULE_AUTHOR("Wang Lei");
+MODULE_LICENSE("GPL");
+unsigned dns_resolver_debug;
+module_param_named(debug, dns_resolver_debug, uint, S_IWUSR | S_IRUGO);
+MODULE_PARM_DESC(debug, "DNS Resolver debugging mask");
+const struct cred *dns_resolver_cache;
+/*
+ * Instantiate a user defined key for dns_resolver.
+ *
+ * The data must be a NUL-terminated string, with the NUL char accounted in
+ * datalen.
+ *
+ * If the data contains a '#' characters, then we take the clause after each
+ * one to be an option of the form 'key=value'.  The actual data of interest is
+ * the string leading up to the first '#'.  For instance:
+ *
+ *        "ip1,ip2,...#foo=bar"
+ */
+static int
+dns_resolver_instantiate(struct key *key, const void *_data, size_t datalen)
+{
+        struct user_key_payload *upayload;
+        int ret;
+        size_t result_len = 0;
+        const char *data = _data, *opt;
+        kenter("%%%d,%s,'%s',%zu",
+               key->serial, key->description, data, datalen);
+        if (datalen <= 1 || !data || data[datalen - 1] != '\0')
+                return -EINVAL;
+        datalen--;
+        /* deal with any options embedded in the data */
+        opt = memchr(data, '#', datalen);
+        if (!opt) {
+                kdebug("no options currently supported");
+                return -EINVAL;
+        }
+        result_len = datalen;
+        ret = key_payload_reserve(key, result_len);
+        if (ret < 0)
+                return -EINVAL;
+        upayload = kmalloc(sizeof(*upayload) + result_len + 1, GFP_KERNEL);
+        if (!upayload) {
+                kleave(" = -ENOMEM");
+                return -ENOMEM;
+        }
+        upayload->datalen = result_len;
+        memcpy(upayload->data, data, result_len);
+        upayload->data[result_len] = '\0';
+        rcu_assign_pointer(key->payload.data, upayload);
+        kleave(" = 0");
+        return 0;
+}
+/*
+ * The description is of the form "[<type>:]<domain_name>"
+ *
+ * The domain name may be a simple name or an absolute domain name (which
+ * should end with a period).  The domain name is case-independent.
+ */
+static int
+dns_resolver_match(const struct key *key, const void *description)
+{
+        int slen, dlen, ret = 0;
+        const char *src = key->description, *dsp = description;
+        kenter("%s,%s", src, dsp);
+        if (!src || !dsp)
+                goto no_match;
+        if (strcasecmp(src, dsp) == 0)
+                goto matched;
+        slen = strlen(src);
+        dlen = strlen(dsp);
+        if (slen <= 0 || dlen <= 0)
+                goto no_match;
+        if (src[slen - 1] == '.')
+                slen--;
+        if (dsp[dlen - 1] == '.')
+                dlen--;
+        if (slen != dlen || strncasecmp(src, dsp, slen) != 0)
+                goto no_match;
+matched:
+        ret = 1;
+no_match:
+        kleave(" = %d", ret);
+        return ret;
+}
+struct key_type key_type_dns_resolver = {
+        .name           = "dns_resolver",
+        .instantiate    = dns_resolver_instantiate,
+        .match          = dns_resolver_match,
+        .revoke         = user_revoke,
+        .destroy        = user_destroy,
+        .describe       = user_describe,
+        .read           = user_read,
+};
+static int __init init_dns_resolver(void)
+{
+        struct cred *cred;
+        struct key *keyring;
+        int ret;
+        printk(KERN_NOTICE "Registering the %s key type\n",
+               key_type_dns_resolver.name);
+        /* create an override credential set with a special thread keyring in
+         * which DNS requests are cached
+         *
+         * this is used to prevent malicious redirections from being installed
+         * with add_key().
+         */
+        cred = prepare_kernel_cred(NULL);
+        if (!cred)
+                return -ENOMEM;
+        keyring = key_alloc(&key_type_keyring, ".dns_resolver", 0, 0, cred,
+                            (KEY_POS_ALL & ~KEY_POS_SETATTR) |
+                            KEY_USR_VIEW | KEY_USR_READ,
+                            KEY_ALLOC_NOT_IN_QUOTA);
+        if (IS_ERR(keyring)) {
+                ret = PTR_ERR(keyring);
+                goto failed_put_cred;
+        }
+        ret = key_instantiate_and_link(keyring, NULL, 0, NULL, NULL);
+        if (ret < 0)
+                goto failed_put_key;
+        ret = register_key_type(&key_type_dns_resolver);
+        if (ret < 0)
+                goto failed_put_key;
+        /* instruct request_key() to use this special keyring as a cache for
+         * the results it looks up */
+        cred->thread_keyring = keyring;
+        cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
+        dns_resolver_cache = cred;
+        kdebug("DNS resolver keyring: %d\n", key_serial(keyring));
+        return 0;
+failed_put_key:
+        key_put(keyring);
+failed_put_cred:
+        put_cred(cred);
+        return ret;
+}
+static void __exit exit_dns_resolver(void)
+{
+        key_revoke(dns_resolver_cache->thread_keyring);
+        unregister_key_type(&key_type_dns_resolver);
+        put_cred(dns_resolver_cache);
+        printk(KERN_NOTICE "Unregistered %s key type\n",
+               key_type_dns_resolver.name);
+}
+module_init(init_dns_resolver)
+module_exit(exit_dns_resolver)
+MODULE_LICENSE("GPL");
diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c
new file mode 100644
index 000000000000..03d5255f5cf2
--- /dev/null
+++ b/net/dns_resolver/dns_query.c
@@ -0,0 +1,160 @@
+/* Upcall routine, designed to work as a key type and working through
+ * /sbin/request-key to contact userspace when handling DNS queries.
+ *
+ * See Documentation/networking/dns_resolver.txt
+ *
+ *   Copyright (c) 2007 Igor Mammedov
+ *   Author(s): Igor Mammedov (niallain@gmail.com)
+ *              Steve French (sfrench@us.ibm.com)
+ *              Wang Lei (wang840925@gmail.com)
+ *              David Howells (dhowells@redhat.com)
+ *
+ *   The upcall wrapper used to make an arbitrary DNS query.
+ *
+ *   This function requires the appropriate userspace tool dns.upcall to be
+ *   installed and something like the following lines should be added to the
+ *   /etc/request-key.conf file:
+ *
+ *      create dns_resolver * * /sbin/dns.upcall %k
+ *
+ *   For example to use this module to query AFSDB RR:
+ *
+ *      create dns_resolver afsdb:* * /sbin/dns.afsdb %k
+ *
+ *   This library is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU Lesser General Public License as published
+ *   by the Free Software Foundation; either version 2.1 of the License, or
+ *   (at your option) any later version.
+ *
+ *   This library is distributed in the hope that it will be useful,
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
+ *   the GNU Lesser General Public License for more details.
+ *
+ *   You should have received a copy of the GNU Lesser General Public License
+ *   along with this library; if not, write to the Free Software
+ *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+#include <linux/module.h>
+#include <linux/slab.h>
+#include <linux/dns_resolver.h>
+#include <linux/err.h>
+#include <keys/dns_resolver-type.h>
+#include <keys/user-type.h>
+#include "internal.h"
+/**
+ * dns_query - Query the DNS
+ * @type: Query type (or NULL for straight host->IP lookup)
+ * @name: Name to look up
+ * @namelen: Length of name
+ * @options: Request options (or NULL if no options)
+ * @_result: Where to place the returned data.
+ * @_expiry: Where to store the result expiry time (or NULL)
+ *
+ * The data will be returned in the pointer at *result, and the caller is
+ * responsible for freeing it.
+ *
+ * The description should be of the form "[<query_type>:]<domain_name>", and
+ * the options need to be appropriate for the query type requested.  If no
+ * query_type is given, then the query is a straight hostname to IP address
+ * lookup.
+ *
+ * The DNS resolution lookup is performed by upcalling to userspace by way of
+ * requesting a key of type dns_resolver.
+ *
+ * Returns the size of the result on success, -ve error code otherwise.
+ */
+int dns_query(const char *type, const char *name, size_t namelen,
+              const char *options, char **_result, time_t *_expiry)
+{
+        struct key *rkey;
+        struct user_key_payload *upayload;
+        const struct cred *saved_cred;
+        size_t typelen, desclen;
+        char *desc, *cp;
+        int ret, len;
+        kenter("%s,%*.*s,%zu,%s",
+               type, (int)namelen, (int)namelen, name, namelen, options);
+        if (!name || namelen == 0 || !_result)
+                return -EINVAL;
+        /* construct the query key description as "[<type>:]<name>" */
+        typelen = 0;
+        desclen = 0;
+        if (type) {
+                typelen = strlen(type);
+                if (typelen < 1)
+                        return -EINVAL;
+                desclen += typelen + 1;
+        }
+        if (!namelen)
+                namelen = strlen(name);
+        if (namelen < 3)
+                return -EINVAL;
+        desclen += namelen + 1;
+        desc = kmalloc(desclen, GFP_KERNEL);
+        if (!desc)
+                return -ENOMEM;
+        cp = desc;
+        if (type) {
+                memcpy(cp, type, typelen);
+                cp += typelen;
+                *cp++ = ':';
+        }
+        memcpy(cp, name, namelen);
+        cp += namelen;
+        *cp = '\0';
+        if (!options)
+                options = "";
+        kdebug("call request_key(,%s,%s)", desc, options);
+        /* make the upcall, using special credentials to prevent the use of
+         * add_key() to preinstall malicious redirections
+         */
+        saved_cred = override_creds(dns_resolver_cache);
+        rkey = request_key(&key_type_dns_resolver, desc, options);
+        revert_creds(saved_cred);
+        kfree(desc);
+        if (IS_ERR(rkey)) {
+                ret = PTR_ERR(rkey);
+                goto out;
+        }
+        down_read(&rkey->sem);
+        rkey->perm |= KEY_USR_VIEW;
+        ret = key_validate(rkey);
+        if (ret < 0)
+                goto put;
+        upayload = rcu_dereference_protected(rkey->payload.data,
+                                             lockdep_is_held(&rkey->sem));
+        len = upayload->datalen;
+        ret = -ENOMEM;
+        *_result = kmalloc(len + 1, GFP_KERNEL);
+        if (!*_result)
+                goto put;
+        memcpy(*_result, upayload->data, len + 1);
+        if (_expiry)
+                *_expiry = rkey->expiry;
+        ret = len;
+put:
+        up_read(&rkey->sem);
+        key_put(rkey);
+out:
+        kleave(" = %d", ret);
+        return ret;
+}
+EXPORT_SYMBOL(dns_query);
diff --git a/net/dns_resolver/internal.h b/net/dns_resolver/internal.h
new file mode 100644
index 000000000000..189ca9e9b785
--- /dev/null
+++ b/net/dns_resolver/internal.h
@@ -0,0 +1,44 @@
+/*
+ *   Copyright (c) 2010 Wang Lei
+ *   Author(s): Wang Lei (wang840925@gmail.com). All Rights Reserved.
+ *
+ *   Internal DNS Rsolver stuff
+ *
+ *   This library is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU Lesser General Public License as published
+ *   by the Free Software Foundation; either version 2.1 of the License, or
+ *   (at your option) any later version.
+ *
+ *   This library is distributed in the hope that it will be useful,
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
+ *   the GNU Lesser General Public License for more details.
+ *
+ *   You should have received a copy of the GNU Lesser General Public License
+ *   along with this library; if not, write to the Free Software
+ *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+#include <linux/compiler.h>
+#include <linux/kernel.h>
+#include <linux/sched.h>
+/*
+ * dns_key.c
+ */
+extern const struct cred *dns_resolver_cache;
+/*
+ * debug tracing
+ */
+extern unsigned dns_resolver_debug;
+#define kdebug(FMT, ...)                                \
+do {                                                    \
+        if (unlikely(dns_resolver_debug))               \
+                printk(KERN_DEBUG "[%-6.6s] "FMT"\n",   \
+                       current->comm, ##__VA_ARGS__);   \
+} while (0)
+#define kenter(FMT, ...) kdebug("==> %s("FMT")", __func__, ##__VA_ARGS__)
+#define kleave(FMT, ...) kdebug("<== %s()"FMT"", __func__, ##__VA_ARGS__)
diff --git a/net/sunrpc/auth.c b/net/sunrpc/auth.c
index 8dc47f1d0001..880d0de3f50f 100644
--- a/net/sunrpc/auth.c
+++ b/net/sunrpc/auth.c
@@ -19,6 +19,15 @@
 # define RPCDBG_FACILITY        RPCDBG_AUTH
 #endif
+#define RPC_CREDCACHE_DEFAULT_HASHBITS  (4)
+struct rpc_cred_cache {
+        struct hlist_head       *hashtable;
+        unsigned int            hashbits;
+        spinlock_t              lock;
+};
+static unsigned int auth_hashbits = RPC_CREDCACHE_DEFAULT_HASHBITS;
 static DEFINE_SPINLOCK(rpc_authflavor_lock);
 static const struct rpc_authops *auth_flavors[RPC_AUTH_MAXFLAVOR] = {
        &authnull_ops,          /* AUTH_NULL */
@@ -29,6 +38,42 @@ static const struct rpc_authops *auth_flavors[RPC_AUTH_MAXFLAVOR] = {
 static LIST_HEAD(cred_unused);
 static unsigned long number_cred_unused;
+#define MAX_HASHTABLE_BITS (10) 
+static int param_set_hashtbl_sz(const char *val, struct kernel_param *kp)
+{
+        unsigned long num;
+        unsigned int nbits;
+        int ret;
+        if (!val)
+                goto out_inval;
+        ret = strict_strtoul(val, 0, &num);
+        if (ret == -EINVAL)
+                goto out_inval;
+        nbits = fls(num);
+        if (num > (1U << nbits))
+                nbits++;
+        if (nbits > MAX_HASHTABLE_BITS || nbits < 2)
+                goto out_inval;
+        *(unsigned int *)kp->arg = nbits;
+        return 0;
+out_inval:
+        return -EINVAL;
+}
+static int param_get_hashtbl_sz(char *buffer, struct kernel_param *kp)
+{
+        unsigned int nbits;
+        nbits = *(unsigned int *)kp->arg;
+        return sprintf(buffer, "%u", 1U << nbits);
+}
+#define param_check_hashtbl_sz(name, p) __param_check(name, p, unsigned int);
+module_param_named(auth_hashtable_size, auth_hashbits, hashtbl_sz, 0644);
+MODULE_PARM_DESC(auth_hashtable_size, "RPC credential cache hashtable size");
 static u32
 pseudoflavor_to_flavor(u32 flavor) {
        if (flavor >= RPC_AUTH_MAXFLAVOR)
@@ -145,16 +190,23 @@ int
 rpcauth_init_credcache(struct rpc_auth *auth)
 {
        struct rpc_cred_cache *new;
-        int i;
+        unsigned int hashsize;
        new = kmalloc(sizeof(*new), GFP_KERNEL);
        if (!new)
-                return -ENOMEM;
+                goto out_nocache;
-        for (i = 0; i < RPC_CREDCACHE_NR; i++)
+        new->hashbits = auth_hashbits;
-                INIT_HLIST_HEAD(&new->hashtable[i]);
+        hashsize = 1U << new->hashbits;
+        new->hashtable = kcalloc(hashsize, sizeof(new->hashtable[0]), GFP_KERNEL);
+        if (!new->hashtable)
+                goto out_nohashtbl;
        spin_lock_init(&new->lock);
        auth->au_credcache = new;
        return 0;
+out_nohashtbl:
+        kfree(new);
+out_nocache:
+        return -ENOMEM;
 }
 EXPORT_SYMBOL_GPL(rpcauth_init_credcache);
@@ -183,11 +235,12 @@ rpcauth_clear_credcache(struct rpc_cred_cache *cache)
        LIST_HEAD(free);
        struct hlist_head *head;
        struct rpc_cred *cred;
+        unsigned int hashsize = 1U << cache->hashbits;
        int             i;
        spin_lock(&rpc_credcache_lock);
        spin_lock(&cache->lock);
-        for (i = 0; i < RPC_CREDCACHE_NR; i++) {
+        for (i = 0; i < hashsize; i++) {
                head = &cache->hashtable[i];
                while (!hlist_empty(head)) {
                        cred = hlist_entry(head->first, struct rpc_cred, cr_hash);
@@ -216,6 +269,7 @@ rpcauth_destroy_credcache(struct rpc_auth *auth)
        if (cache) {
                auth->au_credcache = NULL;
                rpcauth_clear_credcache(cache);
+                kfree(cache->hashtable);
                kfree(cache);
        }
 }
@@ -297,7 +351,7 @@ rpcauth_lookup_credcache(struct rpc_auth *auth, struct auth_cred * acred,
                        *entry, *new;
        unsigned int nr;
-        nr = hash_long(acred->uid, RPC_CREDCACHE_HASHBITS);
+        nr = hash_long(acred->uid, cache->hashbits);
        rcu_read_lock();
        hlist_for_each_entry_rcu(entry, pos, &cache->hashtable[nr], cr_hash) {
@@ -390,16 +444,16 @@ rpcauth_init_cred(struct rpc_cred *cred, const struct auth_cred *acred,
 }
 EXPORT_SYMBOL_GPL(rpcauth_init_cred);
-void
+struct rpc_cred *
 rpcauth_generic_bind_cred(struct rpc_task *task, struct rpc_cred *cred, int lookupflags)
 {
-        task->tk_msg.rpc_cred = get_rpccred(cred);
        dprintk("RPC: %5u holding %s cred %p\n", task->tk_pid,
                        cred->cr_auth->au_ops->au_name, cred);
+        return get_rpccred(cred);
 }
 EXPORT_SYMBOL_GPL(rpcauth_generic_bind_cred);
-static void
+static struct rpc_cred *
 rpcauth_bind_root_cred(struct rpc_task *task, int lookupflags)
 {
        struct rpc_auth *auth = task->tk_client->cl_auth;
@@ -407,45 +461,43 @@ rpcauth_bind_root_cred(struct rpc_task *task, int lookupflags)
                .uid = 0,
                .gid = 0,
        };
-        struct rpc_cred *ret;
        dprintk("RPC: %5u looking up %s cred\n",
                task->tk_pid, task->tk_client->cl_auth->au_ops->au_name);
-        ret = auth->au_ops->lookup_cred(auth, &acred, lookupflags);
+        return auth->au_ops->lookup_cred(auth, &acred, lookupflags);
-        if (!IS_ERR(ret))
-                task->tk_msg.rpc_cred = ret;
-        else
-                task->tk_status = PTR_ERR(ret);
 }
-static void
+static struct rpc_cred *
 rpcauth_bind_new_cred(struct rpc_task *task, int lookupflags)
 {
        struct rpc_auth *auth = task->tk_client->cl_auth;
-        struct rpc_cred *ret;
        dprintk("RPC: %5u looking up %s cred\n",
                task->tk_pid, auth->au_ops->au_name);
-        ret = rpcauth_lookupcred(auth, lookupflags);
+        return rpcauth_lookupcred(auth, lookupflags);
-        if (!IS_ERR(ret))
-                task->tk_msg.rpc_cred = ret;
-        else
-                task->tk_status = PTR_ERR(ret);
 }
-void
+static int
 rpcauth_bindcred(struct rpc_task *task, struct rpc_cred *cred, int flags)
 {
+        struct rpc_rqst *req = task->tk_rqstp;
+        struct rpc_cred *new;
        int lookupflags = 0;
        if (flags & RPC_TASK_ASYNC)
                lookupflags |= RPCAUTH_LOOKUP_NEW;
        if (cred != NULL)
-                cred->cr_ops->crbind(task, cred, lookupflags);
+                new = cred->cr_ops->crbind(task, cred, lookupflags);
        else if (flags & RPC_TASK_ROOTCREDS)
-                rpcauth_bind_root_cred(task, lookupflags);
+                new = rpcauth_bind_root_cred(task, lookupflags);
        else
-                rpcauth_bind_new_cred(task, lookupflags);
+                new = rpcauth_bind_new_cred(task, lookupflags);
+        if (IS_ERR(new))
+                return PTR_ERR(new);
+        if (req->rq_cred != NULL)
+                put_rpccred(req->rq_cred);
+        req->rq_cred = new;
+        return 0;
 }
 void
@@ -484,22 +536,10 @@ out_nodestroy:
 }
 EXPORT_SYMBOL_GPL(put_rpccred);
-void
-rpcauth_unbindcred(struct rpc_task *task)
-{
-        struct rpc_cred *cred = task->tk_msg.rpc_cred;
-        dprintk("RPC: %5u releasing %s cred %p\n",
-                task->tk_pid, cred->cr_auth->au_ops->au_name, cred);
-        put_rpccred(cred);
-        task->tk_msg.rpc_cred = NULL;
-}
 __be32 *
 rpcauth_marshcred(struct rpc_task *task, __be32 *p)
 {
-        struct rpc_cred *cred = task->tk_msg.rpc_cred;
+        struct rpc_cred *cred = task->tk_rqstp->rq_cred;
        dprintk("RPC: %5u marshaling %s cred %p\n",
                task->tk_pid, cred->cr_auth->au_ops->au_name, cred);
@@ -510,7 +550,7 @@ rpcauth_marshcred(struct rpc_task *task, __be32 *p)
 __be32 *
 rpcauth_checkverf(struct rpc_task *task, __be32 *p)
 {
-        struct rpc_cred *cred = task->tk_msg.rpc_cred;
+        struct rpc_cred *cred = task->tk_rqstp->rq_cred;
        dprintk("RPC: %5u validating %s cred %p\n",
                task->tk_pid, cred->cr_auth->au_ops->au_name, cred);
@@ -522,7 +562,7 @@ int
 rpcauth_wrap_req(struct rpc_task *task, kxdrproc_t encode, void *rqstp,
                __be32 *data, void *obj)
 {
-        struct rpc_cred *cred = task->tk_msg.rpc_cred;
+        struct rpc_cred *cred = task->tk_rqstp->rq_cred;
        dprintk("RPC: %5u using %s cred %p to wrap rpc data\n",
                        task->tk_pid, cred->cr_ops->cr_name, cred);
@@ -536,7 +576,7 @@ int
 rpcauth_unwrap_resp(struct rpc_task *task, kxdrproc_t decode, void *rqstp,
                __be32 *data, void *obj)
 {
-        struct rpc_cred *cred = task->tk_msg.rpc_cred;
+        struct rpc_cred *cred = task->tk_rqstp->rq_cred;
        dprintk("RPC: %5u using %s cred %p to unwrap rpc data\n",
                        task->tk_pid, cred->cr_ops->cr_name, cred);
@@ -550,13 +590,21 @@ rpcauth_unwrap_resp(struct rpc_task *task, kxdrproc_t decode, void *rqstp,
 int
 rpcauth_refreshcred(struct rpc_task *task)
 {
-        struct rpc_cred *cred = task->tk_msg.rpc_cred;
+        struct rpc_cred *cred = task->tk_rqstp->rq_cred;
        int err;
+        cred = task->tk_rqstp->rq_cred;
+        if (cred == NULL) {
+                err = rpcauth_bindcred(task, task->tk_msg.rpc_cred, task->tk_flags);
+                if (err < 0)
+                        goto out;
+                cred = task->tk_rqstp->rq_cred;
+        };
        dprintk("RPC: %5u refreshing %s cred %p\n",
                task->tk_pid, cred->cr_auth->au_ops->au_name, cred);
        err = cred->cr_ops->crrefresh(task);
+out:
        if (err < 0)
                task->tk_status = err;
        return err;
@@ -565,7 +613,7 @@ rpcauth_refreshcred(struct rpc_task *task)
 void
 rpcauth_invalcred(struct rpc_task *task)
 {
-        struct rpc_cred *cred = task->tk_msg.rpc_cred;
+        struct rpc_cred *cred = task->tk_rqstp->rq_cred;
        dprintk("RPC: %5u invalidating %s cred %p\n",
                task->tk_pid, cred->cr_auth->au_ops->au_name, cred);
@@ -576,7 +624,7 @@ rpcauth_invalcred(struct rpc_task *task)
 int
 rpcauth_uptodatecred(struct rpc_task *task)
 {
-        struct rpc_cred *cred = task->tk_msg.rpc_cred;
+        struct rpc_cred *cred = task->tk_rqstp->rq_cred;
        return cred == NULL ||
                test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) != 0;
@@ -587,14 +635,27 @@ static struct shrinker rpc_cred_shrinker = {
        .seeks = DEFAULT_SEEKS,
 };
-void __init rpcauth_init_module(void)
+int __init rpcauth_init_module(void)
 {
-        rpc_init_authunix();
+        int err;
-        rpc_init_generic_auth();
+        err = rpc_init_authunix();
+        if (err < 0)
+                goto out1;
+        err = rpc_init_generic_auth();
+        if (err < 0)
+                goto out2;
        register_shrinker(&rpc_cred_shrinker);
+        return 0;
+out2:
+        rpc_destroy_authunix();
+out1:
+        return err;
 }
 void __exit rpcauth_remove_module(void)
 {
+        rpc_destroy_authunix();
+        rpc_destroy_generic_auth();
        unregister_shrinker(&rpc_cred_shrinker);
 }
diff --git a/net/sunrpc/auth_generic.c b/net/sunrpc/auth_generic.c
index 8f623b0f03dd..43162bb3b78f 100644
--- a/net/sunrpc/auth_generic.c
+++ b/net/sunrpc/auth_generic.c
@@ -27,7 +27,6 @@ struct generic_cred {
 };
 static struct rpc_auth generic_auth;
-static struct rpc_cred_cache generic_cred_cache;
 static const struct rpc_credops generic_credops;
 /*
@@ -55,18 +54,13 @@ struct rpc_cred *rpc_lookup_machine_cred(void)
 }
 EXPORT_SYMBOL_GPL(rpc_lookup_machine_cred);
-static void
+static struct rpc_cred *generic_bind_cred(struct rpc_task *task,
-generic_bind_cred(struct rpc_task *task, struct rpc_cred *cred, int lookupflags)
+                struct rpc_cred *cred, int lookupflags)
 {
        struct rpc_auth *auth = task->tk_client->cl_auth;
        struct auth_cred *acred = &container_of(cred, struct generic_cred, gc_base)->acred;
-        struct rpc_cred *ret;
-        ret = auth->au_ops->lookup_cred(auth, acred, lookupflags);
+        return auth->au_ops->lookup_cred(auth, acred, lookupflags);
-        if (!IS_ERR(ret))
-                task->tk_msg.rpc_cred = ret;
-        else
-                task->tk_status = PTR_ERR(ret);
 }
 /*
@@ -159,20 +153,16 @@ out_nomatch:
        return 0;
 }
-void __init rpc_init_generic_auth(void)
+int __init rpc_init_generic_auth(void)
 {
-        spin_lock_init(&generic_cred_cache.lock);
+        return rpcauth_init_credcache(&generic_auth);
 }
 void __exit rpc_destroy_generic_auth(void)
 {
-        rpcauth_clear_credcache(&generic_cred_cache);
+        rpcauth_destroy_credcache(&generic_auth);
 }
-static struct rpc_cred_cache generic_cred_cache = {
-        {{ NULL, },},
-};
 static const struct rpc_authops generic_auth_ops = {
        .owner = THIS_MODULE,
        .au_name = "Generic",
@@ -183,7 +173,6 @@ static const struct rpc_authops generic_auth_ops = {
 static struct rpc_auth generic_auth = {
        .au_ops = &generic_auth_ops,
        .au_count = ATOMIC_INIT(0),
-        .au_credcache = &generic_cred_cache,
 };
 static const struct rpc_credops generic_credops = {
diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c
index 8da2a0e68574..dcfc66bab2bb 100644
--- a/net/sunrpc/auth_gss/auth_gss.c
+++ b/net/sunrpc/auth_gss/auth_gss.c
@@ -373,7 +373,7 @@ gss_handle_downcall_result(struct gss_cred *gss_cred, struct gss_upcall_msg *gss
 static void
 gss_upcall_callback(struct rpc_task *task)
 {
-        struct gss_cred *gss_cred = container_of(task->tk_msg.rpc_cred,
+        struct gss_cred *gss_cred = container_of(task->tk_rqstp->rq_cred,
                        struct gss_cred, gc_base);
        struct gss_upcall_msg *gss_msg = gss_cred->gc_upcall;
        struct inode *inode = &gss_msg->inode->vfs_inode;
@@ -502,7 +502,7 @@ static void warn_gssd(void)
 static inline int
 gss_refresh_upcall(struct rpc_task *task)
 {
-        struct rpc_cred *cred = task->tk_msg.rpc_cred;
+        struct rpc_cred *cred = task->tk_rqstp->rq_cred;
        struct gss_auth *gss_auth = container_of(cred->cr_auth,
                        struct gss_auth, rpc_auth);
        struct gss_cred *gss_cred = container_of(cred,
@@ -928,6 +928,7 @@ gss_do_free_ctx(struct gss_cl_ctx *ctx)
 {
        dprintk("RPC:       gss_free_ctx\n");
+        gss_delete_sec_context(&ctx->gc_gss_ctx);
        kfree(ctx->gc_wire_ctx.data);
        kfree(ctx);
 }
@@ -942,13 +943,7 @@ gss_free_ctx_callback(struct rcu_head *head)
 static void
 gss_free_ctx(struct gss_cl_ctx *ctx)
 {
-        struct gss_ctx *gc_gss_ctx;
-        gc_gss_ctx = rcu_dereference(ctx->gc_gss_ctx);
-        rcu_assign_pointer(ctx->gc_gss_ctx, NULL);
        call_rcu(&ctx->gc_rcu, gss_free_ctx_callback);
-        if (gc_gss_ctx)
-                gss_delete_sec_context(&gc_gss_ctx);
 }
 static void
@@ -1064,12 +1059,12 @@ out:
 static __be32 *
 gss_marshal(struct rpc_task *task, __be32 *p)
 {
-        struct rpc_cred *cred = task->tk_msg.rpc_cred;
+        struct rpc_rqst *req = task->tk_rqstp;
+        struct rpc_cred *cred = req->rq_cred;
        struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
                                                 gc_base);
        struct gss_cl_ctx       *ctx = gss_cred_get_ctx(cred);
        __be32          *cred_len;
-        struct rpc_rqst *req = task->tk_rqstp;
        u32             maj_stat = 0;
        struct xdr_netobj mic;
        struct kvec     iov;
@@ -1119,7 +1114,7 @@ out_put_ctx:
 static int gss_renew_cred(struct rpc_task *task)
 {
-        struct rpc_cred *oldcred = task->tk_msg.rpc_cred;
+        struct rpc_cred *oldcred = task->tk_rqstp->rq_cred;
        struct gss_cred *gss_cred = container_of(oldcred,
                                                 struct gss_cred,
                                                 gc_base);
@@ -1133,7 +1128,7 @@ static int gss_renew_cred(struct rpc_task *task)
        new = gss_lookup_cred(auth, &acred, RPCAUTH_LOOKUP_NEW);
        if (IS_ERR(new))
                return PTR_ERR(new);
-        task->tk_msg.rpc_cred = new;
+        task->tk_rqstp->rq_cred = new;
        put_rpccred(oldcred);
        return 0;
 }
@@ -1161,7 +1156,7 @@ static int gss_cred_is_negative_entry(struct rpc_cred *cred)
 static int
 gss_refresh(struct rpc_task *task)
 {
-        struct rpc_cred *cred = task->tk_msg.rpc_cred;
+        struct rpc_cred *cred = task->tk_rqstp->rq_cred;
        int ret = 0;
        if (gss_cred_is_negative_entry(cred))
@@ -1172,7 +1167,7 @@ gss_refresh(struct rpc_task *task)
                ret = gss_renew_cred(task);
                if (ret < 0)
                        goto out;
-                cred = task->tk_msg.rpc_cred;
+                cred = task->tk_rqstp->rq_cred;
        }
        if (test_bit(RPCAUTH_CRED_NEW, &cred->cr_flags))
@@ -1191,7 +1186,7 @@ gss_refresh_null(struct rpc_task *task)
 static __be32 *
 gss_validate(struct rpc_task *task, __be32 *p)
 {
-        struct rpc_cred *cred = task->tk_msg.rpc_cred;
+        struct rpc_cred *cred = task->tk_rqstp->rq_cred;
        struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
        __be32          seq;
        struct kvec     iov;
@@ -1400,7 +1395,7 @@ static int
 gss_wrap_req(struct rpc_task *task,
             kxdrproc_t encode, void *rqstp, __be32 *p, void *obj)
 {
-        struct rpc_cred *cred = task->tk_msg.rpc_cred;
+        struct rpc_cred *cred = task->tk_rqstp->rq_cred;
        struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
                        gc_base);
        struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
@@ -1503,7 +1498,7 @@ static int
 gss_unwrap_resp(struct rpc_task *task,
                kxdrproc_t decode, void *rqstp, __be32 *p, void *obj)
 {
-        struct rpc_cred *cred = task->tk_msg.rpc_cred;
+        struct rpc_cred *cred = task->tk_rqstp->rq_cred;
        struct gss_cred *gss_cred = container_of(cred, struct gss_cred,
                        gc_base);
        struct gss_cl_ctx *ctx = gss_cred_get_ctx(cred);
diff --git a/net/sunrpc/auth_null.c b/net/sunrpc/auth_null.c
index 1db618f56ecb..a5c36c01707b 100644
--- a/net/sunrpc/auth_null.c
+++ b/net/sunrpc/auth_null.c
@@ -75,7 +75,7 @@ nul_marshal(struct rpc_task *task, __be32 *p)
 static int
 nul_refresh(struct rpc_task *task)
 {
-        set_bit(RPCAUTH_CRED_UPTODATE, &task->tk_msg.rpc_cred->cr_flags);
+        set_bit(RPCAUTH_CRED_UPTODATE, &task->tk_rqstp->rq_cred->cr_flags);
        return 0;
 }
diff --git a/net/sunrpc/auth_unix.c b/net/sunrpc/auth_unix.c
index aac2f8b4ee21..4cb70dc6e7ad 100644
--- a/net/sunrpc/auth_unix.c
+++ b/net/sunrpc/auth_unix.c
@@ -29,7 +29,6 @@ struct unx_cred {
 #endif
 static struct rpc_auth          unix_auth;
-static struct rpc_cred_cache    unix_cred_cache;
 static const struct rpc_credops unix_credops;
 static struct rpc_auth *
@@ -141,7 +140,7 @@ static __be32 *
 unx_marshal(struct rpc_task *task, __be32 *p)
 {
        struct rpc_clnt *clnt = task->tk_client;
-        struct unx_cred *cred = container_of(task->tk_msg.rpc_cred, struct unx_cred, uc_base);
+        struct unx_cred *cred = container_of(task->tk_rqstp->rq_cred, struct unx_cred, uc_base);
        __be32          *base, *hold;
        int             i;
@@ -174,7 +173,7 @@ unx_marshal(struct rpc_task *task, __be32 *p)
 static int
 unx_refresh(struct rpc_task *task)
 {
-        set_bit(RPCAUTH_CRED_UPTODATE, &task->tk_msg.rpc_cred->cr_flags);
+        set_bit(RPCAUTH_CRED_UPTODATE, &task->tk_rqstp->rq_cred->cr_flags);
        return 0;
 }
@@ -197,15 +196,20 @@ unx_validate(struct rpc_task *task, __be32 *p)
                printk("RPC: giant verf size: %u\n", size);
                return NULL;
        }
-        task->tk_msg.rpc_cred->cr_auth->au_rslack = (size >> 2) + 2;
+        task->tk_rqstp->rq_cred->cr_auth->au_rslack = (size >> 2) + 2;
        p += (size >> 2);
        return p;
 }
-void __init rpc_init_authunix(void)
+int __init rpc_init_authunix(void)
 {
-        spin_lock_init(&unix_cred_cache.lock);
+        return rpcauth_init_credcache(&unix_auth);
+}
+void rpc_destroy_authunix(void)
+{
+        rpcauth_destroy_credcache(&unix_auth);
 }
 const struct rpc_authops authunix_ops = {
@@ -219,17 +223,12 @@ const struct rpc_authops authunix_ops = {
 };
 static
-struct rpc_cred_cache   unix_cred_cache = {
-};
-static
 struct rpc_auth         unix_auth = {
        .au_cslack      = UNX_WRITESLACK,
        .au_rslack      = 2,                    /* assume AUTH_NULL verf */
        .au_ops         = &authunix_ops,
        .au_flavor      = RPC_AUTH_UNIX,
        .au_count       = ATOMIC_INIT(0),
-        .au_credcache   = &unix_cred_cache,
 };
 static
diff --git a/net/sunrpc/cache.c b/net/sunrpc/cache.c
index 58de76c8540c..2b06410e584e 100644
--- a/net/sunrpc/cache.c
+++ b/net/sunrpc/cache.c
@@ -34,7 +34,6 @@
 #include <linux/sunrpc/cache.h>
 #include <linux/sunrpc/stats.h>
 #include <linux/sunrpc/rpc_pipe_fs.h>
-#include <linux/smp_lock.h>
 #define  RPCDBG_FACILITY RPCDBG_CACHE
@@ -320,7 +319,7 @@ static struct cache_detail *current_detail;
 static int current_index;
 static void do_cache_clean(struct work_struct *work);
-static DECLARE_DELAYED_WORK(cache_cleaner, do_cache_clean);
+static struct delayed_work cache_cleaner;
 static void sunrpc_init_cache_detail(struct cache_detail *cd)
 {
@@ -1504,6 +1503,11 @@ static int create_cache_proc_entries(struct cache_detail *cd)
 }
 #endif
+void __init cache_initialize(void)
+{
+        INIT_DELAYED_WORK_DEFERRABLE(&cache_cleaner, do_cache_clean);
+}
 int cache_register(struct cache_detail *cd)
 {
        int ret;
diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
index 756fc324db9e..2388d83b68ff 100644
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
@@ -414,6 +414,35 @@ out_no_clnt:
 EXPORT_SYMBOL_GPL(rpc_clone_client);
 /*
+ * Kill all tasks for the given client.
+ * XXX: kill their descendants as well?
+ */
+void rpc_killall_tasks(struct rpc_clnt *clnt)
+{
+        struct rpc_task *rovr;
+        if (list_empty(&clnt->cl_tasks))
+                return;
+        dprintk("RPC:       killing all tasks for client %p\n", clnt);
+        /*
+         * Spin lock all_tasks to prevent changes...
+         */
+        spin_lock(&clnt->cl_lock);
+        list_for_each_entry(rovr, &clnt->cl_tasks, tk_task) {
+                if (!RPC_IS_ACTIVATED(rovr))
+                        continue;
+                if (!(rovr->tk_flags & RPC_TASK_KILLED)) {
+                        rovr->tk_flags |= RPC_TASK_KILLED;
+                        rpc_exit(rovr, -EIO);
+                        rpc_wake_up_queued_task(rovr->tk_waitqueue, rovr);
+                }
+        }
+        spin_unlock(&clnt->cl_lock);
+}
+EXPORT_SYMBOL_GPL(rpc_killall_tasks);
+/*
 * Properly shut down an RPC client, terminating all outstanding
 * requests.
 */
@@ -538,6 +567,49 @@ out:
 }
 EXPORT_SYMBOL_GPL(rpc_bind_new_program);
+void rpc_task_release_client(struct rpc_task *task)
+{
+        struct rpc_clnt *clnt = task->tk_client;
+        if (clnt != NULL) {
+                /* Remove from client task list */
+                spin_lock(&clnt->cl_lock);
+                list_del(&task->tk_task);
+                spin_unlock(&clnt->cl_lock);
+                task->tk_client = NULL;
+                rpc_release_client(clnt);
+        }
+}
+static
+void rpc_task_set_client(struct rpc_task *task, struct rpc_clnt *clnt)
+{
+        if (clnt != NULL) {
+                rpc_task_release_client(task);
+                task->tk_client = clnt;
+                kref_get(&clnt->cl_kref);
+                if (clnt->cl_softrtry)
+                        task->tk_flags |= RPC_TASK_SOFT;
+                /* Add to the client's list of all tasks */
+                spin_lock(&clnt->cl_lock);
+                list_add_tail(&task->tk_task, &clnt->cl_tasks);
+                spin_unlock(&clnt->cl_lock);
+        }
+}
+static void
+rpc_task_set_rpc_message(struct rpc_task *task, const struct rpc_message *msg)
+{
+        if (msg != NULL) {
+                task->tk_msg.rpc_proc = msg->rpc_proc;
+                task->tk_msg.rpc_argp = msg->rpc_argp;
+                task->tk_msg.rpc_resp = msg->rpc_resp;
+                if (msg->rpc_cred != NULL)
+                        task->tk_msg.rpc_cred = get_rpccred(msg->rpc_cred);
+        }
+}
 /*
 * Default callback for async RPC calls
 */
@@ -562,6 +634,18 @@ struct rpc_task *rpc_run_task(const struct rpc_task_setup *task_setup_data)
        if (IS_ERR(task))
                goto out;
+        rpc_task_set_client(task, task_setup_data->rpc_client);
+        rpc_task_set_rpc_message(task, task_setup_data->rpc_message);
+        if (task->tk_status != 0) {
+                int ret = task->tk_status;
+                rpc_put_task(task);
+                return ERR_PTR(ret);
+        }
+        if (task->tk_action == NULL)
+                rpc_call_start(task);
        atomic_inc(&task->tk_count);
        rpc_execute(task);
 out:
@@ -756,12 +840,13 @@ EXPORT_SYMBOL_GPL(rpc_force_rebind);
 * Restart an (async) RPC call from the call_prepare state.
 * Usually called from within the exit handler.
 */
-void
+int
 rpc_restart_call_prepare(struct rpc_task *task)
 {
        if (RPC_ASSASSINATED(task))
-                return;
+                return 0;
        task->tk_action = rpc_prepare_task;
+        return 1;
 }
 EXPORT_SYMBOL_GPL(rpc_restart_call_prepare);
@@ -769,13 +854,13 @@ EXPORT_SYMBOL_GPL(rpc_restart_call_prepare);
 * Restart an (async) RPC call. Usually called from within the
 * exit handler.
 */
-void
+int
 rpc_restart_call(struct rpc_task *task)
 {
        if (RPC_ASSASSINATED(task))
-                return;
+                return 0;
        task->tk_action = call_start;
+        return 1;
 }
 EXPORT_SYMBOL_GPL(rpc_restart_call);
@@ -824,11 +909,6 @@ call_reserve(struct rpc_task *task)
 {
        dprint_status(task);
-        if (!rpcauth_uptodatecred(task)) {
-                task->tk_action = call_refresh;
-                return;
-        }
        task->tk_status  = 0;
        task->tk_action  = call_reserveresult;
        xprt_reserve(task);
@@ -892,7 +972,7 @@ call_reserveresult(struct rpc_task *task)
 static void
 call_allocate(struct rpc_task *task)
 {
-        unsigned int slack = task->tk_msg.rpc_cred->cr_auth->au_cslack;
+        unsigned int slack = task->tk_client->cl_auth->au_cslack;
        struct rpc_rqst *req = task->tk_rqstp;
        struct rpc_xprt *xprt = task->tk_xprt;
        struct rpc_procinfo *proc = task->tk_msg.rpc_proc;
@@ -900,7 +980,7 @@ call_allocate(struct rpc_task *task)
        dprint_status(task);
        task->tk_status = 0;
-        task->tk_action = call_bind;
+        task->tk_action = call_refresh;
        if (req->rq_buffer)
                return;
@@ -937,6 +1017,47 @@ call_allocate(struct rpc_task *task)
        rpc_exit(task, -ERESTARTSYS);
 }
+/*
+ * 2a.  Bind and/or refresh the credentials
+ */
+static void
+call_refresh(struct rpc_task *task)
+{
+        dprint_status(task);
+        task->tk_action = call_refreshresult;
+        task->tk_status = 0;
+        task->tk_client->cl_stats->rpcauthrefresh++;
+        rpcauth_refreshcred(task);
+}
+/*
+ * 2b.  Process the results of a credential refresh
+ */
+static void
+call_refreshresult(struct rpc_task *task)
+{
+        int status = task->tk_status;
+        dprint_status(task);
+        task->tk_status = 0;
+        task->tk_action = call_bind;
+        if (status >= 0 && rpcauth_uptodatecred(task))
+                return;
+        switch (status) {
+        case -EACCES:
+                rpc_exit(task, -EACCES);
+                return;
+        case -ENOMEM:
+                rpc_exit(task, -ENOMEM);
+                return;
+        case -ETIMEDOUT:
+                rpc_delay(task, 3*HZ);
+        }
+        task->tk_action = call_refresh;
+}
 static inline int
 rpc_task_need_encode(struct rpc_task *task)
 {
@@ -1472,43 +1593,6 @@ out_retry:
        }
 }
-/*
- * 8.   Refresh the credentials if rejected by the server
- */
-static void
-call_refresh(struct rpc_task *task)
-{
-        dprint_status(task);
-        task->tk_action = call_refreshresult;
-        task->tk_status = 0;
-        task->tk_client->cl_stats->rpcauthrefresh++;
-        rpcauth_refreshcred(task);
-}
-/*
- * 8a.  Process the results of a credential refresh
- */
-static void
-call_refreshresult(struct rpc_task *task)
-{
-        int status = task->tk_status;
-        dprint_status(task);
-        task->tk_status = 0;
-        task->tk_action = call_reserve;
-        if (status >= 0 && rpcauth_uptodatecred(task))
-                return;
-        if (status == -EACCES) {
-                rpc_exit(task, -EACCES);
-                return;
-        }
-        task->tk_action = call_refresh;
-        if (status != -ETIMEDOUT)
-                rpc_delay(task, 3*HZ);
-}
 static __be32 *
 rpc_encode_header(struct rpc_task *task)
 {
diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c
index 4a843b883b89..cace6049e4a5 100644
--- a/net/sunrpc/sched.c
+++ b/net/sunrpc/sched.c
@@ -246,17 +246,8 @@ static inline void rpc_task_set_debuginfo(struct rpc_task *task)
 static void rpc_set_active(struct rpc_task *task)
 {
-        struct rpc_clnt *clnt;
-        if (test_and_set_bit(RPC_TASK_ACTIVE, &task->tk_runstate) != 0)
-                return;
        rpc_task_set_debuginfo(task);
-        /* Add to global list of all tasks */
+        set_bit(RPC_TASK_ACTIVE, &task->tk_runstate);
-        clnt = task->tk_client;
-        if (clnt != NULL) {
-                spin_lock(&clnt->cl_lock);
-                list_add_tail(&task->tk_task, &clnt->cl_tasks);
-                spin_unlock(&clnt->cl_lock);
-        }
 }
 /*
@@ -319,11 +310,6 @@ static void __rpc_sleep_on(struct rpc_wait_queue *q, struct rpc_task *task,
        dprintk("RPC: %5u sleep_on(queue \"%s\" time %lu)\n",
                        task->tk_pid, rpc_qname(q), jiffies);
-        if (!RPC_IS_ASYNC(task) && !RPC_IS_ACTIVATED(task)) {
-                printk(KERN_ERR "RPC: Inactive synchronous task put to sleep!\n");
-                return;
-        }
        __rpc_add_wait_queue(q, task);
        BUG_ON(task->tk_callback != NULL);
@@ -334,8 +320,8 @@ static void __rpc_sleep_on(struct rpc_wait_queue *q, struct rpc_task *task,
 void rpc_sleep_on(struct rpc_wait_queue *q, struct rpc_task *task,
                                rpc_action action)
 {
-        /* Mark the task as being activated if so needed */
+        /* We shouldn't ever put an inactive task to sleep */
-        rpc_set_active(task);
+        BUG_ON(!RPC_IS_ACTIVATED(task));
        /*
         * Protect the queue operations.
@@ -406,14 +392,6 @@ void rpc_wake_up_queued_task(struct rpc_wait_queue *queue, struct rpc_task *task
 EXPORT_SYMBOL_GPL(rpc_wake_up_queued_task);
 /*
- * Wake up the specified task
- */
-static void rpc_wake_up_task(struct rpc_task *task)
-{
-        rpc_wake_up_queued_task(task->tk_waitqueue, task);
-}
-/*
 * Wake up the next task on a priority queue.
 */
 static struct rpc_task * __rpc_wake_up_next_priority(struct rpc_wait_queue *queue)
@@ -600,7 +578,15 @@ void rpc_exit_task(struct rpc_task *task)
                }
        }
 }
-EXPORT_SYMBOL_GPL(rpc_exit_task);
+void rpc_exit(struct rpc_task *task, int status)
+{
+        task->tk_status = status;
+        task->tk_action = rpc_exit_task;
+        if (RPC_IS_QUEUED(task))
+                rpc_wake_up_queued_task(task->tk_waitqueue, task);
+}
+EXPORT_SYMBOL_GPL(rpc_exit);
 void rpc_release_calldata(const struct rpc_call_ops *ops, void *calldata)
 {
@@ -690,7 +676,6 @@ static void __rpc_execute(struct rpc_task *task)
                        dprintk("RPC: %5u got signal\n", task->tk_pid);
                        task->tk_flags |= RPC_TASK_KILLED;
                        rpc_exit(task, -ERESTARTSYS);
-                        rpc_wake_up_task(task);
                }
                rpc_set_running(task);
                dprintk("RPC: %5u sync task resuming\n", task->tk_pid);
@@ -714,8 +699,9 @@ static void __rpc_execute(struct rpc_task *task)
 void rpc_execute(struct rpc_task *task)
 {
        rpc_set_active(task);
-        rpc_set_running(task);
+        rpc_make_runnable(task);
-        __rpc_execute(task);
+        if (!RPC_IS_ASYNC(task))
+                __rpc_execute(task);
 }
 static void rpc_async_schedule(struct work_struct *work)
@@ -808,26 +794,9 @@ static void rpc_init_task(struct rpc_task *task, const struct rpc_task_setup *ta
        /* Initialize workqueue for async tasks */
        task->tk_workqueue = task_setup_data->workqueue;
-        task->tk_client = task_setup_data->rpc_client;
-        if (task->tk_client != NULL) {
-                kref_get(&task->tk_client->cl_kref);
-                if (task->tk_client->cl_softrtry)
-                        task->tk_flags |= RPC_TASK_SOFT;
-        }
        if (task->tk_ops->rpc_call_prepare != NULL)
                task->tk_action = rpc_prepare_task;
-        if (task_setup_data->rpc_message != NULL) {
-                task->tk_msg.rpc_proc = task_setup_data->rpc_message->rpc_proc;
-                task->tk_msg.rpc_argp = task_setup_data->rpc_message->rpc_argp;
-                task->tk_msg.rpc_resp = task_setup_data->rpc_message->rpc_resp;
-                /* Bind the user cred */
-                rpcauth_bindcred(task, task_setup_data->rpc_message->rpc_cred, task_setup_data->flags);
-                if (task->tk_action == NULL)
-                        rpc_call_start(task);
-        }
        /* starting timestamp */
        task->tk_start = ktime_get();
@@ -896,11 +865,8 @@ void rpc_put_task(struct rpc_task *task)
        if (task->tk_rqstp)
                xprt_release(task);
        if (task->tk_msg.rpc_cred)
-                rpcauth_unbindcred(task);
+                put_rpccred(task->tk_msg.rpc_cred);
-        if (task->tk_client) {
+        rpc_task_release_client(task);
-                rpc_release_client(task->tk_client);
-                task->tk_client = NULL;
-        }
        if (task->tk_workqueue != NULL) {
                INIT_WORK(&task->u.tk_work, rpc_async_release);
                queue_work(task->tk_workqueue, &task->u.tk_work);
@@ -913,13 +879,6 @@ static void rpc_release_task(struct rpc_task *task)
 {
        dprintk("RPC: %5u release task\n", task->tk_pid);
-        if (!list_empty(&task->tk_task)) {
-                struct rpc_clnt *clnt = task->tk_client;
-                /* Remove from client task list */
-                spin_lock(&clnt->cl_lock);
-                list_del(&task->tk_task);
-                spin_unlock(&clnt->cl_lock);
-        }
        BUG_ON (RPC_IS_QUEUED(task));
        /* Wake up anyone who is waiting for task completion */
@@ -928,35 +887,6 @@ static void rpc_release_task(struct rpc_task *task)
        rpc_put_task(task);
 }
-/*
- * Kill all tasks for the given client.
- * XXX: kill their descendants as well?
- */
-void rpc_killall_tasks(struct rpc_clnt *clnt)
-{
-        struct rpc_task *rovr;
-        if (list_empty(&clnt->cl_tasks))
-                return;
-        dprintk("RPC:       killing all tasks for client %p\n", clnt);
-        /*
-         * Spin lock all_tasks to prevent changes...
-         */
-        spin_lock(&clnt->cl_lock);
-        list_for_each_entry(rovr, &clnt->cl_tasks, tk_task) {
-                if (! RPC_IS_ACTIVATED(rovr))
-                        continue;
-                if (!(rovr->tk_flags & RPC_TASK_KILLED)) {
-                        rovr->tk_flags |= RPC_TASK_KILLED;
-                        rpc_exit(rovr, -EIO);
-                        rpc_wake_up_task(rovr);
-                }
-        }
-        spin_unlock(&clnt->cl_lock);
-}
-EXPORT_SYMBOL_GPL(rpc_killall_tasks);
 int rpciod_up(void)
 {
        return try_module_get(THIS_MODULE) ? 0 : -EINVAL;
diff --git a/net/sunrpc/sunrpc_syms.c b/net/sunrpc/sunrpc_syms.c
index f438347d817b..c0d085013a2b 100644
--- a/net/sunrpc/sunrpc_syms.c
+++ b/net/sunrpc/sunrpc_syms.c
@@ -33,21 +33,27 @@ init_sunrpc(void)
        if (err)
                goto out;
        err = rpc_init_mempool();
-        if (err) {
+        if (err)
-                unregister_rpc_pipefs();
+                goto out2;
-                goto out;
+        err = rpcauth_init_module();
-        }
+        if (err)
+                goto out3;
 #ifdef RPC_DEBUG
        rpc_register_sysctl();
 #endif
 #ifdef CONFIG_PROC_FS
        rpc_proc_init();
 #endif
+        cache_initialize();
        cache_register(&ip_map_cache);
        cache_register(&unix_gid_cache);
        svc_init_xprt_sock();   /* svc sock transport */
        init_socket_xprt();     /* clnt sock transport */
-        rpcauth_init_module();
+        return 0;
+out3:
+        rpc_destroy_mempool();
+out2:
+        unregister_rpc_pipefs();
 out:
        return err;
 }
diff --git a/net/sunrpc/xprt.c b/net/sunrpc/xprt.c
index dcd0132396ba..970fb00f388c 100644
--- a/net/sunrpc/xprt.c
+++ b/net/sunrpc/xprt.c
@@ -1032,6 +1032,8 @@ void xprt_release(struct rpc_task *task)
        spin_unlock_bh(&xprt->transport_lock);
        if (req->rq_buffer)
                xprt->ops->buf_free(req->rq_buffer);
+        if (req->rq_cred != NULL)
+                put_rpccred(req->rq_cred);
        task->tk_rqstp = NULL;
        if (req->rq_release_snd_buf)
                req->rq_release_snd_buf(req);
@@ -1129,6 +1131,7 @@ static void xprt_destroy(struct kref *kref)
        rpc_destroy_wait_queue(&xprt->sending);
        rpc_destroy_wait_queue(&xprt->resend);
        rpc_destroy_wait_queue(&xprt->backlog);
+        cancel_work_sync(&xprt->task_cleanup);
        /*
         * Tear down transport state and free the rpc_xprt
         */