Fedora kernel-2.6.17-1.2142_FC4 patched with stable patch-2.6.17.4-vs2.0.2-rc26.diff

[linux-2.6.git] / mm / shmem.c

diff --git a/mm/shmem.c b/mm/shmem.c
index 57f8617..c066617 100644 (file)
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -6,10 +6,14 @@
  *              2000-2001 Christoph Rohland
  *              2000-2001 SAP AG
  *              2002 Red Hat Inc.
- * Copyright (C) 2002-2003 Hugh Dickins.
- * Copyright (C) 2002-2003 VERITAS Software Corporation.
+ * Copyright (C) 2002-2005 Hugh Dickins.
+ * Copyright (C) 2002-2005 VERITAS Software Corporation.
  * Copyright (C) 2004 Andi Kleen, SuSE Labs
  *
+ * Extended attribute support for tmpfs:
+ * Copyright (c) 2004, Luke Kenneth Casson Leighton <lkcl@lkcl.net>
+ * Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
+ *
  * This file is released under the GPL.
  */
 
@@ -41,6 +45,9 @@
 #include <linux/swapops.h>
 #include <linux/mempolicy.h>
 #include <linux/namei.h>
+#include <linux/ctype.h>
+#include <linux/migrate.h>
+
 #include <asm/uaccess.h>
 #include <asm/div64.h>
 #include <asm/pgtable.h>
@@ -60,12 +67,12 @@
 #define SHMEM_PAGEIN    VM_READ
 #define SHMEM_TRUNCATE  VM_WRITE
 
+/* Definition to limit shmem_truncate's steps between cond_rescheds */
+#define LATENCY_LIMIT   64
+
 /* Pretend that each entry is of this size in directory's i_size */
 #define BOGO_DIRENT_SIZE 20
 
-/* Keep swapped page count in private field of indirect struct page */
-#define nr_swapped             private
-
 /* Flag allocation requirements to shmem_getpage and shmem_swp_alloc */
 enum sgp_type {
        SGP_QUICK,      /* don't try more than file page cache lookup */
@@ -77,7 +84,7 @@ enum sgp_type {
 static int shmem_getpage(struct inode *inode, unsigned long idx,
                         struct page **pagep, enum sgp_type sgp, int *type);
 
-static inline struct page *shmem_dir_alloc(unsigned int gfp_mask)
+static inline struct page *shmem_dir_alloc(gfp_t gfp_mask)
 {
        /*
         * The above definition of ENTRIES_PER_PAGE, and the use of
@@ -172,22 +179,24 @@ static struct inode_operations shmem_inode_operations;
 static struct inode_operations shmem_dir_inode_operations;
 static struct vm_operations_struct shmem_vm_ops;
 
-static struct backing_dev_info shmem_backing_dev_info = {
+static struct backing_dev_info shmem_backing_dev_info  __read_mostly = {
        .ra_pages       = 0,    /* No readahead */
-       .memory_backed  = 1,    /* Does not contribute to dirty memory */
-       .unplug_io_fn = default_unplug_io_fn,
+       .capabilities   = BDI_CAP_NO_ACCT_DIRTY | BDI_CAP_NO_WRITEBACK,
+       .unplug_io_fn   = default_unplug_io_fn,
 };
 
-LIST_HEAD(shmem_inodes);
-static spinlock_t shmem_ilock = SPIN_LOCK_UNLOCKED;
+static LIST_HEAD(shmem_swaplist);
+static DEFINE_SPINLOCK(shmem_swaplist_lock);
 
-static void shmem_free_block(struct inode *inode)
+static void shmem_free_blocks(struct inode *inode, long pages)
 {
        struct shmem_sb_info *sbinfo = SHMEM_SB(inode->i_sb);
-       spin_lock(&sbinfo->stat_lock);
-       sbinfo->free_blocks++;
-       inode->i_blocks -= BLOCKS_PER_PAGE;
-       spin_unlock(&sbinfo->stat_lock);
+       if (sbinfo->max_blocks) {
+               spin_lock(&sbinfo->stat_lock);
+               sbinfo->free_blocks += pages;
+               inode->i_blocks -= pages*BLOCKS_PER_PAGE;
+               spin_unlock(&sbinfo->stat_lock);
+       }
 }
 
 /*
@@ -210,13 +219,9 @@ static void shmem_recalc_inode(struct inode *inode)
 
        freed = info->alloced - info->swapped - inode->i_mapping->nrpages;
        if (freed > 0) {
-               struct shmem_sb_info *sbinfo = SHMEM_SB(inode->i_sb);
                info->alloced -= freed;
-               spin_lock(&sbinfo->stat_lock);
-               sbinfo->free_blocks += freed;
-               inode->i_blocks -= freed*BLOCKS_PER_PAGE;
-               spin_unlock(&sbinfo->stat_lock);
                shmem_unacct_blocks(info->flags, freed);
+               shmem_free_blocks(inode, freed);
        }
 }
 
@@ -318,8 +323,10 @@ static void shmem_swp_set(struct shmem_inode_info *info, swp_entry_t *entry, uns
 
        entry->val = value;
        info->swapped += incdec;
-       if ((unsigned long)(entry - info->i_direct) >= SHMEM_NR_DIRECT)
-               kmap_atomic_to_page(entry)->nr_swapped += incdec;
+       if ((unsigned long)(entry - info->i_direct) >= SHMEM_NR_DIRECT) {
+               struct page *page = kmap_atomic_to_page(entry);
+               set_page_private(page, page_private(page) + incdec);
+       }
 }
 
 /*
@@ -349,25 +356,25 @@ static swp_entry_t *shmem_swp_alloc(struct shmem_inode_info *info, unsigned long
                 * page (and perhaps indirect index pages) yet to allocate:
                 * a waste to allocate index if we cannot allocate data.
                 */
-               spin_lock(&sbinfo->stat_lock);
-               if (sbinfo->free_blocks <= 1) {
+               if (sbinfo->max_blocks) {
+                       spin_lock(&sbinfo->stat_lock);
+                       if (sbinfo->free_blocks <= 1) {
+                               spin_unlock(&sbinfo->stat_lock);
+                               return ERR_PTR(-ENOSPC);
+                       }
+                       sbinfo->free_blocks--;
+                       inode->i_blocks += BLOCKS_PER_PAGE;
                        spin_unlock(&sbinfo->stat_lock);
-                       return ERR_PTR(-ENOSPC);
                }
-               sbinfo->free_blocks--;
-               inode->i_blocks += BLOCKS_PER_PAGE;
-               spin_unlock(&sbinfo->stat_lock);
 
                spin_unlock(&info->lock);
-               page = shmem_dir_alloc(mapping_gfp_mask(inode->i_mapping));
-               if (page) {
-                       clear_highpage(page);
-                       page->nr_swapped = 0;
-               }
+               page = shmem_dir_alloc(mapping_gfp_mask(inode->i_mapping) | __GFP_ZERO);
+               if (page)
+                       set_page_private(page, 0);
                spin_lock(&info->lock);
 
                if (!page) {
-                       shmem_free_block(inode);
+                       shmem_free_blocks(inode, 1);
                        return ERR_PTR(-ENOMEM);
                }
                if (sgp != SGP_WRITE &&
@@ -380,7 +387,7 @@ static swp_entry_t *shmem_swp_alloc(struct shmem_inode_info *info, unsigned long
        }
        if (page) {
                /* another task gave its page, or truncated the file */
-               shmem_free_block(inode);
+               shmem_free_blocks(inode, 1);
                shmem_dir_free(page);
        }
        if (info->next_index <= index && !IS_ERR(entry))
@@ -409,37 +416,102 @@ static int shmem_free_swp(swp_entry_t *dir, swp_entry_t *edir)
        return freed;
 }
 
-static void shmem_truncate(struct inode *inode)
+static int shmem_map_and_free_swp(struct page *subdir,
+               int offset, int limit, struct page ***dir)
+{
+       swp_entry_t *ptr;
+       int freed = 0;
+
+       ptr = shmem_swp_map(subdir);
+       for (; offset < limit; offset += LATENCY_LIMIT) {
+               int size = limit - offset;
+               if (size > LATENCY_LIMIT)
+                       size = LATENCY_LIMIT;
+               freed += shmem_free_swp(ptr+offset, ptr+offset+size);
+               if (need_resched()) {
+                       shmem_swp_unmap(ptr);
+                       if (*dir) {
+                               shmem_dir_unmap(*dir);
+                               *dir = NULL;
+                       }
+                       cond_resched();
+                       ptr = shmem_swp_map(subdir);
+               }
+       }
+       shmem_swp_unmap(ptr);
+       return freed;
+}
+
+static void shmem_free_pages(struct list_head *next)
+{
+       struct page *page;
+       int freed = 0;
+
+       do {
+               page = container_of(next, struct page, lru);
+               next = next->next;
+               shmem_dir_free(page);
+               freed++;
+               if (freed >= LATENCY_LIMIT) {
+                       cond_resched();
+                       freed = 0;
+               }
+       } while (next);
+}
+
+static void shmem_truncate_range(struct inode *inode, loff_t start, loff_t end)
 {
        struct shmem_inode_info *info = SHMEM_I(inode);
        unsigned long idx;
        unsigned long size;
        unsigned long limit;
        unsigned long stage;
+       unsigned long diroff;
        struct page **dir;
+       struct page *topdir;
+       struct page *middir;
        struct page *subdir;
-       struct page *empty;
        swp_entry_t *ptr;
+       LIST_HEAD(pages_to_free);
+       long nr_pages_to_free = 0;
+       long nr_swaps_freed = 0;
        int offset;
        int freed;
+       int punch_hole = 0;
 
        inode->i_ctime = inode->i_mtime = CURRENT_TIME;
-       idx = (inode->i_size + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
+       idx = (start + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
        if (idx >= info->next_index)
                return;
 
        spin_lock(&info->lock);
        info->flags |= SHMEM_TRUNCATE;
-       limit = info->next_index;
-       info->next_index = idx;
+       if (likely(end == (loff_t) -1)) {
+               limit = info->next_index;
+               info->next_index = idx;
+       } else {
+               limit = (end + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
+               if (limit > info->next_index)
+                       limit = info->next_index;
+               punch_hole = 1;
+       }
+
+       topdir = info->i_indirect;
+       if (topdir && idx <= SHMEM_NR_DIRECT && !punch_hole) {
+               info->i_indirect = NULL;
+               nr_pages_to_free++;
+               list_add(&topdir->lru, &pages_to_free);
+       }
+       spin_unlock(&info->lock);
+
        if (info->swapped && idx < SHMEM_NR_DIRECT) {
                ptr = info->i_direct;
                size = limit;
                if (size > SHMEM_NR_DIRECT)
                        size = SHMEM_NR_DIRECT;
-               info->swapped -= shmem_free_swp(ptr+idx, ptr+size);
+               nr_swaps_freed = shmem_free_swp(ptr+idx, ptr+size);
        }
-       if (!info->i_indirect)
+       if (!topdir)
                goto done2;
 
        BUG_ON(limit <= SHMEM_NR_DIRECT);
@@ -448,36 +520,38 @@ static void shmem_truncate(struct inode *inode)
        offset = idx % ENTRIES_PER_PAGE;
        idx -= offset;
 
-       empty = NULL;
-       dir = shmem_dir_map(info->i_indirect);
+       dir = shmem_dir_map(topdir);
        stage = ENTRIES_PER_PAGEPAGE/2;
-       if (idx < ENTRIES_PER_PAGEPAGE/2)
-               dir += idx/ENTRIES_PER_PAGE;
-       else {
+       if (idx < ENTRIES_PER_PAGEPAGE/2) {
+               middir = topdir;
+               diroff = idx/ENTRIES_PER_PAGE;
+       } else {
                dir += ENTRIES_PER_PAGE/2;
                dir += (idx - ENTRIES_PER_PAGEPAGE/2)/ENTRIES_PER_PAGEPAGE;
                while (stage <= idx)
                        stage += ENTRIES_PER_PAGEPAGE;
+               middir = *dir;
                if (*dir) {
-                       subdir = *dir;
-                       size = ((idx - ENTRIES_PER_PAGEPAGE/2) %
+                       diroff = ((idx - ENTRIES_PER_PAGEPAGE/2) %
                                ENTRIES_PER_PAGEPAGE) / ENTRIES_PER_PAGE;
-                       if (!size && !offset) {
-                               empty = subdir;
+                       if (!diroff && !offset) {
                                *dir = NULL;
+                               nr_pages_to_free++;
+                               list_add(&middir->lru, &pages_to_free);
                        }
                        shmem_dir_unmap(dir);
-                       dir = shmem_dir_map(subdir) + size;
+                       dir = shmem_dir_map(middir);
                } else {
+                       diroff = 0;
                        offset = 0;
                        idx = stage;
                }
        }
 
-       for (; idx < limit; idx += ENTRIES_PER_PAGE, dir++) {
+       for (; idx < limit; idx += ENTRIES_PER_PAGE, diroff++) {
                if (unlikely(idx == stage)) {
-                       shmem_dir_unmap(dir-1);
-                       dir = shmem_dir_map(info->i_indirect) +
+                       shmem_dir_unmap(dir);
+                       dir = shmem_dir_map(topdir) +
                            ENTRIES_PER_PAGE/2 + idx/ENTRIES_PER_PAGEPAGE;
                        while (!*dir) {
                                dir++;
@@ -486,50 +560,44 @@ static void shmem_truncate(struct inode *inode)
                                        goto done1;
                        }
                        stage = idx + ENTRIES_PER_PAGEPAGE;
-                       subdir = *dir;
+                       middir = *dir;
                        *dir = NULL;
+                       nr_pages_to_free++;
+                       list_add(&middir->lru, &pages_to_free);
                        shmem_dir_unmap(dir);
-                       if (empty) {
-                               shmem_dir_free(empty);
-                               shmem_free_block(inode);
-                       }
-                       empty = subdir;
-                       cond_resched_lock(&info->lock);
-                       dir = shmem_dir_map(subdir);
+                       cond_resched();
+                       dir = shmem_dir_map(middir);
+                       diroff = 0;
                }
-               subdir = *dir;
-               if (subdir && subdir->nr_swapped) {
-                       ptr = shmem_swp_map(subdir);
+               subdir = dir[diroff];
+               if (subdir && page_private(subdir)) {
                        size = limit - idx;
                        if (size > ENTRIES_PER_PAGE)
                                size = ENTRIES_PER_PAGE;
-                       freed = shmem_free_swp(ptr+offset, ptr+size);
-                       shmem_swp_unmap(ptr);
-                       info->swapped -= freed;
-                       subdir->nr_swapped -= freed;
-                       BUG_ON(subdir->nr_swapped > offset);
+                       freed = shmem_map_and_free_swp(subdir,
+                                               offset, size, &dir);
+                       if (!dir)
+                               dir = shmem_dir_map(middir);
+                       nr_swaps_freed += freed;
+                       if (offset)
+                               spin_lock(&info->lock);
+                       set_page_private(subdir, page_private(subdir) - freed);
+                       if (offset)
+                               spin_unlock(&info->lock);
+                       if (!punch_hole)
+                               BUG_ON(page_private(subdir) > offset);
                }
                if (offset)
                        offset = 0;
-               else if (subdir) {
-                       *dir = NULL;
-                       shmem_dir_free(subdir);
-                       shmem_free_block(inode);
+               else if (subdir && !page_private(subdir)) {
+                       dir[diroff] = NULL;
+                       nr_pages_to_free++;
+                       list_add(&subdir->lru, &pages_to_free);
                }
        }
 done1:
-       shmem_dir_unmap(dir-1);
-       if (empty) {
-               shmem_dir_free(empty);
-               shmem_free_block(inode);
-       }
-       if (info->next_index <= SHMEM_NR_DIRECT) {
-               shmem_dir_free(info->i_indirect);
-               info->i_indirect = NULL;
-               shmem_free_block(inode);
-       }
+       shmem_dir_unmap(dir);
 done2:
-       BUG_ON(info->swapped > info->next_index);
        if (inode->i_mapping->nrpages && (info->flags & SHMEM_PAGEIN)) {
                /*
                 * Call truncate_inode_pages again: racing shmem_unuse_inode
@@ -538,13 +606,29 @@ done2:
                 * Also, though shmem_getpage checks i_size before adding to
                 * cache, no recheck after: so fix the narrow window there too.
                 */
-               spin_unlock(&info->lock);
-               truncate_inode_pages(inode->i_mapping, inode->i_size);
-               spin_lock(&info->lock);
+               truncate_inode_pages_range(inode->i_mapping, start, end);
        }
+
+       spin_lock(&info->lock);
        info->flags &= ~SHMEM_TRUNCATE;
+       info->swapped -= nr_swaps_freed;
+       if (nr_pages_to_free)
+               shmem_free_blocks(inode, nr_pages_to_free);
        shmem_recalc_inode(inode);
        spin_unlock(&info->lock);
+
+       /*
+        * Empty swap vector directory pages to be freed?
+        */
+       if (!list_empty(&pages_to_free)) {
+               pages_to_free.prev->next = NULL;
+               shmem_free_pages(pages_to_free.next);
+       }
+}
+
+static void shmem_truncate(struct inode *inode)
+{
+       shmem_truncate_range(inode, inode->i_size, (loff_t)-1);
 }
 
 static int shmem_notify_change(struct dentry *dentry, struct iattr *attr)
@@ -597,17 +681,22 @@ static void shmem_delete_inode(struct inode *inode)
        struct shmem_inode_info *info = SHMEM_I(inode);
 
        if (inode->i_op->truncate == shmem_truncate) {
-               spin_lock(&shmem_ilock);
-               list_del(&info->list);
-               spin_unlock(&shmem_ilock);
+               truncate_inode_pages(inode->i_mapping, 0);
                shmem_unacct_size(info->flags, inode->i_size);
                inode->i_size = 0;
                shmem_truncate(inode);
+               if (!list_empty(&info->swaplist)) {
+                       spin_lock(&shmem_swaplist_lock);
+                       list_del_init(&info->swaplist);
+                       spin_unlock(&shmem_swaplist_lock);
+               }
        }
        BUG_ON(inode->i_blocks);
-       spin_lock(&sbinfo->stat_lock);
-       sbinfo->free_inodes++;
-       spin_unlock(&sbinfo->stat_lock);
+       if (sbinfo->max_inodes) {
+               spin_lock(&sbinfo->stat_lock);
+               sbinfo->free_inodes++;
+               spin_unlock(&sbinfo->stat_lock);
+       }
        clear_inode(inode);
 }
 
@@ -648,9 +737,6 @@ static int shmem_unuse_inode(struct shmem_inode_info *info, swp_entry_t entry, s
        }
        if (!info->i_indirect)
                goto lost2;
-       /* we might be racing with shmem_truncate */
-       if (limit <= SHMEM_NR_DIRECT)
-               goto lost2;
 
        dir = shmem_dir_map(info->i_indirect);
        stage = SHMEM_NR_DIRECT + ENTRIES_PER_PAGEPAGE/2;
@@ -672,7 +758,7 @@ static int shmem_unuse_inode(struct shmem_inode_info *info, swp_entry_t entry, s
                        dir = shmem_dir_map(subdir);
                }
                subdir = *dir;
-               if (subdir && subdir->nr_swapped) {
+               if (subdir && page_private(subdir)) {
                        ptr = shmem_swp_map(subdir);
                        size = limit - idx;
                        if (size > ENTRIES_PER_PAGE)
@@ -712,22 +798,23 @@ found:
  */
 int shmem_unuse(swp_entry_t entry, struct page *page)
 {
-       struct list_head *p;
+       struct list_head *p, *next;
        struct shmem_inode_info *info;
        int found = 0;
 
-       spin_lock(&shmem_ilock);
-       list_for_each(p, &shmem_inodes) {
-               info = list_entry(p, struct shmem_inode_info, list);
-
-               if (info->swapped && shmem_unuse_inode(info, entry, page)) {
+       spin_lock(&shmem_swaplist_lock);
+       list_for_each_safe(p, next, &shmem_swaplist) {
+               info = list_entry(p, struct shmem_inode_info, swaplist);
+               if (!info->swapped)
+                       list_del_init(&info->swaplist);
+               else if (shmem_unuse_inode(info, entry, page)) {
                        /* move head to start search for next from here */
-                       list_move_tail(&shmem_inodes, &info->list);
+                       list_move_tail(&shmem_swaplist, &info->swaplist);
                        found = 1;
                        break;
                }
        }
-       spin_unlock(&shmem_ilock);
+       spin_unlock(&shmem_swaplist_lock);
        return found;
 }
 
@@ -769,6 +856,12 @@ static int shmem_writepage(struct page *page, struct writeback_control *wbc)
                shmem_swp_set(info, entry, swap.val);
                shmem_swp_unmap(entry);
                spin_unlock(&info->lock);
+               if (list_empty(&info->swaplist)) {
+                       spin_lock(&shmem_swaplist_lock);
+                       /* move instead of add in case we're racing */
+                       list_move_tail(&info->swaplist, &shmem_swaplist);
+                       spin_unlock(&shmem_swaplist_lock);
+               }
                unlock_page(page);
                return 0;
        }
@@ -779,10 +872,55 @@ unlock:
        swap_free(swap);
 redirty:
        set_page_dirty(page);
-       return WRITEPAGE_ACTIVATE;      /* Return with the page locked */
+       return AOP_WRITEPAGE_ACTIVATE;  /* Return with the page locked */
 }
 
 #ifdef CONFIG_NUMA
+static inline int shmem_parse_mpol(char *value, int *policy, nodemask_t *policy_nodes)
+{
+       char *nodelist = strchr(value, ':');
+       int err = 1;
+
+       if (nodelist) {
+               /* NUL-terminate policy string */
+               *nodelist++ = '\0';
+               if (nodelist_parse(nodelist, *policy_nodes))
+                       goto out;
+       }
+       if (!strcmp(value, "default")) {
+               *policy = MPOL_DEFAULT;
+               /* Don't allow a nodelist */
+               if (!nodelist)
+                       err = 0;
+       } else if (!strcmp(value, "prefer")) {
+               *policy = MPOL_PREFERRED;
+               /* Insist on a nodelist of one node only */
+               if (nodelist) {
+                       char *rest = nodelist;
+                       while (isdigit(*rest))
+                               rest++;
+                       if (!*rest)
+                               err = 0;
+               }
+       } else if (!strcmp(value, "bind")) {
+               *policy = MPOL_BIND;
+               /* Insist on a nodelist */
+               if (nodelist)
+                       err = 0;
+       } else if (!strcmp(value, "interleave")) {
+               *policy = MPOL_INTERLEAVE;
+               /* Default to nodes online if no nodelist */
+               if (!nodelist)
+                       *policy_nodes = node_online_map;
+               err = 0;
+       }
+out:
+       /* Restore string for error message */
+       if (nodelist)
+               *--nodelist = ':';
+       return err;
+}
+
 static struct page *shmem_swapin_async(struct shared_policy *p,
                                       swp_entry_t entry, unsigned long idx)
 {
@@ -820,7 +958,7 @@ struct page *shmem_swapin(struct shmem_inode_info *info, swp_entry_t entry,
 }
 
 static struct page *
-shmem_alloc_page(unsigned long gfp, struct shmem_inode_info *info,
+shmem_alloc_page(gfp_t gfp, struct shmem_inode_info *info,
                 unsigned long idx)
 {
        struct vm_area_struct pvma;
@@ -830,11 +968,16 @@ shmem_alloc_page(unsigned long gfp, struct shmem_inode_info *info,
        pvma.vm_policy = mpol_shared_policy_lookup(&info->policy, idx);
        pvma.vm_pgoff = idx;
        pvma.vm_end = PAGE_SIZE;
-       page = alloc_page_vma(gfp, &pvma, 0);
+       page = alloc_page_vma(gfp | __GFP_ZERO, &pvma, 0);
        mpol_free(pvma.vm_policy);
        return page;
 }
 #else
+static inline int shmem_parse_mpol(char *value, int *policy, nodemask_t *policy_nodes)
+{
+       return 1;
+}
+
 static inline struct page *
 shmem_swapin(struct shmem_inode_info *info,swp_entry_t entry,unsigned long idx)
 {
@@ -843,10 +986,9 @@ shmem_swapin(struct shmem_inode_info *info,swp_entry_t entry,unsigned long idx)
 }
 
 static inline struct page *
-shmem_alloc_page(unsigned long gfp,struct shmem_inode_info *info,
-                                unsigned long idx)
+shmem_alloc_page(gfp_t gfp,struct shmem_inode_info *info, unsigned long idx)
 {
-       return alloc_page(gfp);
+       return alloc_page(gfp | __GFP_ZERO);
 }
 #endif
 
@@ -867,7 +1009,7 @@ static int shmem_getpage(struct inode *inode, unsigned long idx,
        struct page *swappage;
        swp_entry_t *entry;
        swp_entry_t swap;
-       int error, majmin = VM_FAULT_MINOR;
+       int error;
 
        if (idx >= SHMEM_MAX_INDEX)
                return -EFBIG;
@@ -905,9 +1047,10 @@ repeat:
                        shmem_swp_unmap(entry);
                        spin_unlock(&info->lock);
                        /* here we actually do the io */
-                       if (majmin == VM_FAULT_MINOR && type)
+                       if (type && *type == VM_FAULT_MINOR) {
                                inc_page_state(pgmajfault);
-                       majmin = VM_FAULT_MAJOR;
+                               *type = VM_FAULT_MAJOR;
+                       }
                        swappage = shmem_swapin(info, swap, idx);
                        if (!swappage) {
                                spin_lock(&info->lock);
@@ -937,6 +1080,14 @@ repeat:
                        page_cache_release(swappage);
                        goto repeat;
                }
+               if (!PageSwapCache(swappage)) {
+                       /* Page migration has occured */
+                       shmem_swp_unmap(entry);
+                       spin_unlock(&info->lock);
+                       unlock_page(swappage);
+                       page_cache_release(swappage);
+                       goto repeat;
+               }
                if (PageWriteback(swappage)) {
                        shmem_swp_unmap(entry);
                        spin_unlock(&info->lock);
@@ -1000,16 +1151,23 @@ repeat:
        } else {
                shmem_swp_unmap(entry);
                sbinfo = SHMEM_SB(inode->i_sb);
-               spin_lock(&sbinfo->stat_lock);
-               if (sbinfo->free_blocks == 0 || shmem_acct_block(info->flags)) {
+               if (sbinfo->max_blocks) {
+                       spin_lock(&sbinfo->stat_lock);
+                       if (sbinfo->free_blocks == 0 ||
+                           shmem_acct_block(info->flags)) {
+                               spin_unlock(&sbinfo->stat_lock);
+                               spin_unlock(&info->lock);
+                               error = -ENOSPC;
+                               goto failed;
+                       }
+                       sbinfo->free_blocks--;
+                       inode->i_blocks += BLOCKS_PER_PAGE;
                        spin_unlock(&sbinfo->stat_lock);
+               } else if (shmem_acct_block(info->flags)) {
                        spin_unlock(&info->lock);
                        error = -ENOSPC;
                        goto failed;
                }
-               sbinfo->free_blocks--;
-               inode->i_blocks += BLOCKS_PER_PAGE;
-               spin_unlock(&sbinfo->stat_lock);
 
                if (!filepage) {
                        spin_unlock(&info->lock);
@@ -1018,7 +1176,7 @@ repeat:
                                                    idx);
                        if (!filepage) {
                                shmem_unacct_blocks(info->flags, 1);
-                               shmem_free_block(inode);
+                               shmem_free_blocks(inode, 1);
                                error = -ENOMEM;
                                goto failed;
                        }
@@ -1036,7 +1194,7 @@ repeat:
                                spin_unlock(&info->lock);
                                page_cache_release(filepage);
                                shmem_unacct_blocks(info->flags, 1);
-                               shmem_free_block(inode);
+                               shmem_free_blocks(inode, 1);
                                filepage = NULL;
                                if (error)
                                        goto failed;
@@ -1047,20 +1205,14 @@ repeat:
 
                info->alloced++;
                spin_unlock(&info->lock);
-               clear_highpage(filepage);
                flush_dcache_page(filepage);
                SetPageUptodate(filepage);
        }
 done:
-       if (!*pagep) {
-               if (filepage) {
-                       unlock_page(filepage);
-                       *pagep = filepage;
-               } else
-                       *pagep = ZERO_PAGE(0);
+       if (*pagep != filepage) {
+               unlock_page(filepage);
+               *pagep = filepage;
        }
-       if (type)
-               *type = majmin;
        return 0;
 
 failed:
@@ -1081,6 +1233,8 @@ struct page *shmem_nopage(struct vm_area_struct *vma, unsigned long address, int
        idx = (address - vma->vm_start) >> PAGE_SHIFT;
        idx += vma->vm_pgoff;
        idx >>= PAGE_CACHE_SHIFT - PAGE_SHIFT;
+       if (((loff_t) idx << PAGE_CACHE_SHIFT) >= i_size_read(inode))
+               return NOPAGE_SIGBUS;
 
        error = shmem_getpage(inode, idx, &page, SGP_CACHE, type);
        if (error)
@@ -1112,6 +1266,7 @@ static int shmem_populate(struct vm_area_struct *vma,
                err = shmem_getpage(inode, pgoff, &page, sgp, NULL);
                if (err)
                        return err;
+               /* Page may still be null, but only if nonblock was set. */
                if (page) {
                        mark_page_accessed(page);
                        err = install_page(mm, vma, addr, page, prot);
@@ -1119,7 +1274,10 @@ static int shmem_populate(struct vm_area_struct *vma,
                                page_cache_release(page);
                                return err;
                        }
-               } else if (nonblock) {
+               } else if (vma->vm_flags & VM_NONLINEAR) {
+                       /* No page was found just because we can't read it in
+                        * now (being here implies nonblock != 0), but the page
+                        * may exist, so set the PTE to fault it in later. */
                        err = install_file_pte(mm, vma, addr, pgoff, prot);
                        if (err)
                                return err;
@@ -1150,20 +1308,29 @@ shmem_get_policy(struct vm_area_struct *vma, unsigned long addr)
 }
 #endif
 
-void shmem_lock(struct file *file, int lock)
+int shmem_lock(struct file *file, int lock, struct user_struct *user)
 {
        struct inode *inode = file->f_dentry->d_inode;
        struct shmem_inode_info *info = SHMEM_I(inode);
+       int retval = -ENOMEM;
 
        spin_lock(&info->lock);
-       if (lock)
+       if (lock && !(info->flags & VM_LOCKED)) {
+               if (!user_shm_lock(inode->i_size, user))
+                       goto out_nomem;
                info->flags |= VM_LOCKED;
-       else
+       }
+       if (!lock && (info->flags & VM_LOCKED) && user) {
+               user_shm_unlock(inode->i_size, user);
                info->flags &= ~VM_LOCKED;
+       }
+       retval = 0;
+out_nomem:
        spin_unlock(&info->lock);
+       return retval;
 }
 
-static int shmem_mmap(struct file *file, struct vm_area_struct *vma)
+int shmem_mmap(struct file *file, struct vm_area_struct *vma)
 {
        file_accessed(file);
        vma->vm_ops = &shmem_vm_ops;
@@ -1177,13 +1344,15 @@ shmem_get_inode(struct super_block *sb, int mode, dev_t dev)
        struct shmem_inode_info *info;
        struct shmem_sb_info *sbinfo = SHMEM_SB(sb);
 
-       spin_lock(&sbinfo->stat_lock);
-       if (!sbinfo->free_inodes) {
+       if (sbinfo->max_inodes) {
+               spin_lock(&sbinfo->stat_lock);
+               if (!sbinfo->free_inodes) {
+                       spin_unlock(&sbinfo->stat_lock);
+                       return NULL;
+               }
+               sbinfo->free_inodes--;
                spin_unlock(&sbinfo->stat_lock);
-               return NULL;
        }
-       sbinfo->free_inodes--;
-       spin_unlock(&sbinfo->stat_lock);
 
        inode = new_inode(sb);
        if (inode) {
@@ -1198,7 +1367,8 @@ shmem_get_inode(struct super_block *sb, int mode, dev_t dev)
                info = SHMEM_I(inode);
                memset(info, 0, (char *)inode - (char *)info);
                spin_lock_init(&info->lock);
-               mpol_shared_policy_init(&info->policy);
+               INIT_LIST_HEAD(&info->swaplist);
+
                switch (mode & S_IFMT) {
                default:
                        init_special_inode(inode, mode, dev);
@@ -1206,9 +1376,8 @@ shmem_get_inode(struct super_block *sb, int mode, dev_t dev)
                case S_IFREG:
                        inode->i_op = &shmem_inode_operations;
                        inode->i_fop = &shmem_file_operations;
-                       spin_lock(&shmem_ilock);
-                       list_add_tail(&info->list, &shmem_inodes);
-                       spin_unlock(&shmem_ilock);
+                       mpol_shared_policy_init(&info->policy, sbinfo->policy,
+                                                       &sbinfo->policy_nodes);
                        break;
                case S_IFDIR:
                        inode->i_nlink++;
@@ -1218,38 +1387,23 @@ shmem_get_inode(struct super_block *sb, int mode, dev_t dev)
                        inode->i_fop = &simple_dir_operations;
                        break;
                case S_IFLNK:
+                       /*
+                        * Must not load anything in the rbtree,
+                        * mpol_free_shared_policy will not be called.
+                        */
+                       mpol_shared_policy_init(&info->policy, MPOL_DEFAULT,
+                                               NULL);
                        break;
                }
+       } else if (sbinfo->max_inodes) {
+               spin_lock(&sbinfo->stat_lock);
+               sbinfo->free_inodes++;
+               spin_unlock(&sbinfo->stat_lock);
        }
        return inode;
 }
 
-static int shmem_set_size(struct shmem_sb_info *info,
-                         unsigned long max_blocks, unsigned long max_inodes)
-{
-       int error;
-       unsigned long blocks, inodes;
-
-       spin_lock(&info->stat_lock);
-       blocks = info->max_blocks - info->free_blocks;
-       inodes = info->max_inodes - info->free_inodes;
-       error = -EINVAL;
-       if (max_blocks < blocks)
-               goto out;
-       if (max_inodes < inodes)
-               goto out;
-       error = 0;
-       info->max_blocks  = max_blocks;
-       info->free_blocks = max_blocks - blocks;
-       info->max_inodes  = max_inodes;
-       info->free_inodes = max_inodes - inodes;
-out:
-       spin_unlock(&info->stat_lock);
-       return error;
-}
-
 #ifdef CONFIG_TMPFS
-
 static struct inode_operations shmem_symlink_inode_operations;
 static struct inode_operations shmem_symlink_inline_operations;
 
@@ -1270,7 +1424,7 @@ shmem_file_write(struct file *file, const char __user *buf, size_t count, loff_t
        struct inode    *inode = file->f_dentry->d_inode;
        loff_t          pos;
        unsigned long   written;
-       int             err;
+       ssize_t         err;
 
        if ((ssize_t) count < 0)
                return -EINVAL;
@@ -1278,7 +1432,7 @@ shmem_file_write(struct file *file, const char __user *buf, size_t count, loff_t
        if (!access_ok(VERIFY_READ, buf, count))
                return -EFAULT;
 
-       down(&inode->i_sem);
+       mutex_lock(&inode->i_mutex);
 
        pos = *ppos;
        written = 0;
@@ -1322,7 +1476,8 @@ shmem_file_write(struct file *file, const char __user *buf, size_t count, loff_t
                        __get_user(dummy, buf + bytes - 1);
 
                        kaddr = kmap_atomic(page, KM_USER0);
-                       left = __copy_from_user(kaddr + offset, buf, bytes);
+                       left = __copy_from_user_inatomic(kaddr + offset,
+                                                       buf, bytes);
                        kunmap_atomic(kaddr, KM_USER0);
                }
                if (left) {
@@ -1362,7 +1517,7 @@ shmem_file_write(struct file *file, const char __user *buf, size_t count, loff_t
        if (written)
                err = written;
 out:
-       up(&inode->i_sem);
+       mutex_unlock(&inode->i_mutex);
        return err;
 }
 
@@ -1398,7 +1553,7 @@ static void do_shmem_file_read(struct file *filp, loff_t *ppos, read_descriptor_
 
                /*
                 * We must evaluate after, since reads (unlike writes)
-                * are called without i_sem protection against truncate
+                * are called without i_mutex protection against truncate
                 */
                nr = PAGE_CACHE_SIZE;
                i_size = i_size_read(inode);
@@ -1406,13 +1561,14 @@ static void do_shmem_file_read(struct file *filp, loff_t *ppos, read_descriptor_
                if (index == end_index) {
                        nr = i_size & ~PAGE_CACHE_MASK;
                        if (nr <= offset) {
-                               page_cache_release(page);
+                               if (page)
+                                       page_cache_release(page);
                                break;
                        }
                }
                nr -= offset;
 
-               if (page != ZERO_PAGE(0)) {
+               if (page) {
                        /*
                         * If users can be writing to this page using arbitrary
                         * virtual addresses, take care about potential aliasing
@@ -1425,6 +1581,9 @@ static void do_shmem_file_read(struct file *filp, loff_t *ppos, read_descriptor_
                         */
                        if (!offset)
                                mark_page_accessed(page);
+               } else {
+                       page = ZERO_PAGE(0);
+                       page_cache_get(page);
                }
 
                /*
@@ -1500,13 +1659,18 @@ static int shmem_statfs(struct super_block *sb, struct kstatfs *buf)
 
        buf->f_type = TMPFS_SUPER_MAGIC;
        buf->f_bsize = PAGE_CACHE_SIZE;
+       buf->f_namelen = NAME_MAX;
        spin_lock(&sbinfo->stat_lock);
-       buf->f_blocks = sbinfo->max_blocks;
-       buf->f_bavail = buf->f_bfree = sbinfo->free_blocks;
-       buf->f_files = sbinfo->max_inodes;
-       buf->f_ffree = sbinfo->free_inodes;
+       if (sbinfo->max_blocks) {
+               buf->f_blocks = sbinfo->max_blocks;
+               buf->f_bavail = buf->f_bfree = sbinfo->free_blocks;
+       }
+       if (sbinfo->max_inodes) {
+               buf->f_files = sbinfo->max_inodes;
+               buf->f_ffree = sbinfo->free_inodes;
+       }
+       /* else leave those fields 0 like simple_statfs */
        spin_unlock(&sbinfo->stat_lock);
-       buf->f_namelen = NAME_MAX;
        return 0;
 }
 
@@ -1520,6 +1684,15 @@ shmem_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
        int error = -ENOSPC;
 
        if (inode) {
+               error = security_inode_init_security(inode, dir, NULL, NULL,
+                                                    NULL);
+               if (error) {
+                       if (error != -EOPNOTSUPP) {
+                               iput(inode);
+                               return error;
+                       }
+                       error = 0;
+               }
                if (dir->i_mode & S_ISGID) {
                        inode->i_gid = dir->i_gid;
                        if (S_ISDIR(mode))
@@ -1529,7 +1702,6 @@ shmem_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
                dir->i_ctime = dir->i_mtime = CURRENT_TIME;
                d_instantiate(dentry, inode);
                dget(dentry); /* Extra count - pin the dentry in core */
-               error = 0;
        }
        return error;
 }
@@ -1556,6 +1728,22 @@ static int shmem_create(struct inode *dir, struct dentry *dentry, int mode,
 static int shmem_link(struct dentry *old_dentry, struct inode *dir, struct dentry *dentry)
 {
        struct inode *inode = old_dentry->d_inode;
+       struct shmem_sb_info *sbinfo = SHMEM_SB(inode->i_sb);
+
+       /*
+        * No ordinary (disk based) filesystem counts links as inodes;
+        * but each new link needs a new dentry, pinning lowmem, and
+        * tmpfs dentries cannot be pruned until they are unlinked.
+        */
+       if (sbinfo->max_inodes) {
+               spin_lock(&sbinfo->stat_lock);
+               if (!sbinfo->free_inodes) {
+                       spin_unlock(&sbinfo->stat_lock);
+                       return -ENOSPC;
+               }
+               sbinfo->free_inodes--;
+               spin_unlock(&sbinfo->stat_lock);
+       }
 
        dir->i_size += BOGO_DIRENT_SIZE;
        inode->i_ctime = dir->i_ctime = dir->i_mtime = CURRENT_TIME;
@@ -1570,6 +1758,15 @@ static int shmem_unlink(struct inode *dir, struct dentry *dentry)
 {
        struct inode *inode = dentry->d_inode;
 
+       if (inode->i_nlink > 1 && !S_ISDIR(inode->i_mode)) {
+               struct shmem_sb_info *sbinfo = SHMEM_SB(inode->i_sb);
+               if (sbinfo->max_inodes) {
+                       spin_lock(&sbinfo->stat_lock);
+                       sbinfo->free_inodes++;
+                       spin_unlock(&sbinfo->stat_lock);
+               }
+       }
+
        dir->i_size -= BOGO_DIRENT_SIZE;
        inode->i_ctime = dir->i_ctime = dir->i_mtime = CURRENT_TIME;
        inode->i_nlink--;
@@ -1582,6 +1779,7 @@ static int shmem_rmdir(struct inode *dir, struct dentry *dentry)
        if (!simple_empty(dentry))
                return -ENOTEMPTY;
 
+       dentry->d_inode->i_nlink--;
        dir->i_nlink--;
        return shmem_unlink(dir, dentry);
 }
@@ -1634,6 +1832,16 @@ static int shmem_symlink(struct inode *dir, struct dentry *dentry, const char *s
        if (!inode)
                return -ENOSPC;
 
+       error = security_inode_init_security(inode, dir, NULL, NULL,
+                                            NULL);
+       if (error) {
+               if (error != -EOPNOTSUPP) {
+                       iput(inode);
+                       return error;
+               }
+               error = 0;
+       }
+
        info = SHMEM_I(inode);
        inode->i_size = len-1;
        if (len <= (char *)inode - (char *)info) {
@@ -1647,9 +1855,6 @@ static int shmem_symlink(struct inode *dir, struct dentry *dentry, const char *s
                        return error;
                }
                inode->i_op = &shmem_symlink_inode_operations;
-               spin_lock(&shmem_ilock);
-               list_add_tail(&info->list, &shmem_inodes);
-               spin_unlock(&shmem_ilock);
                kaddr = kmap_atomic(page, KM_USER0);
                memcpy(kaddr, symname, len);
                kunmap_atomic(kaddr, KM_USER0);
@@ -1665,32 +1870,27 @@ static int shmem_symlink(struct inode *dir, struct dentry *dentry, const char *s
        return 0;
 }
 
-static int shmem_follow_link_inline(struct dentry *dentry, struct nameidata *nd)
+static void *shmem_follow_link_inline(struct dentry *dentry, struct nameidata *nd)
 {
        nd_set_link(nd, (char *)SHMEM_I(dentry->d_inode));
-       return 0;
+       return NULL;
 }
 
-static int shmem_follow_link(struct dentry *dentry, struct nameidata *nd)
+static void *shmem_follow_link(struct dentry *dentry, struct nameidata *nd)
 {
        struct page *page = NULL;
        int res = shmem_getpage(dentry->d_inode, 0, &page, SGP_READ, NULL);
        nd_set_link(nd, res ? ERR_PTR(res) : kmap(page));
-       return 0;
+       return page;
 }
 
-static void shmem_put_link(struct dentry *dentry, struct nameidata *nd)
+static void shmem_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie)
 {
        if (!IS_ERR(nd_get_link(nd))) {
-               struct page *page;
-
-               page = find_get_page(dentry->d_inode->i_mapping, 0);
-               if (!page)
-                       BUG();
+               struct page *page = cookie;
                kunmap(page);
                mark_page_accessed(page);
                page_cache_release(page);
-               page_cache_release(page);
        }
 }
 
@@ -1706,11 +1906,29 @@ static struct inode_operations shmem_symlink_inode_operations = {
        .put_link       = shmem_put_link,
 };
 
-static int shmem_parse_options(char *options, int *mode, uid_t *uid, gid_t *gid, unsigned long *blocks, unsigned long *inodes)
+static int shmem_parse_options(char *options, int *mode, uid_t *uid,
+       gid_t *gid, unsigned long *blocks, unsigned long *inodes,
+       int *policy, nodemask_t *policy_nodes)
 {
        char *this_char, *value, *rest;
 
-       while ((this_char = strsep(&options, ",")) != NULL) {
+       while (options != NULL) {
+               this_char = options;
+               for (;;) {
+                       /*
+                        * NUL-terminate this option: unfortunately,
+                        * mount options form a comma-separated list,
+                        * but mpol's nodelist may also contain commas.
+                        */
+                       options = strchr(options, ',');
+                       if (options == NULL)
+                               break;
+                       options++;
+                       if (!isdigit(*options)) {
+                               options[-1] = '\0';
+                               break;
+                       }
+               }
                if (!*this_char)
                        continue;
                if ((value = strchr(this_char,'=')) != NULL) {
@@ -1760,6 +1978,9 @@ static int shmem_parse_options(char *options, int *mode, uid_t *uid, gid_t *gid,
                        *gid = simple_strtoul(value,&rest,0);
                        if (*rest)
                                goto bad_val;
+               } else if (!strcmp(this_char,"mpol")) {
+                       if (shmem_parse_mpol(value,policy,policy_nodes))
+                               goto bad_val;
                } else {
                        printk(KERN_ERR "tmpfs: Bad mount option %s\n",
                               this_char);
@@ -1780,56 +2001,109 @@ static int shmem_remount_fs(struct super_block *sb, int *flags, char *data)
        struct shmem_sb_info *sbinfo = SHMEM_SB(sb);
        unsigned long max_blocks = sbinfo->max_blocks;
        unsigned long max_inodes = sbinfo->max_inodes;
+       int policy = sbinfo->policy;
+       nodemask_t policy_nodes = sbinfo->policy_nodes;
+       unsigned long blocks;
+       unsigned long inodes;
+       int error = -EINVAL;
+
+       if (shmem_parse_options(data, NULL, NULL, NULL, &max_blocks,
+                               &max_inodes, &policy, &policy_nodes))
+               return error;
 
-       if (shmem_parse_options(data, NULL, NULL, NULL, &max_blocks, &max_inodes))
-               return -EINVAL;
-       return shmem_set_size(sbinfo, max_blocks, max_inodes);
+       spin_lock(&sbinfo->stat_lock);
+       blocks = sbinfo->max_blocks - sbinfo->free_blocks;
+       inodes = sbinfo->max_inodes - sbinfo->free_inodes;
+       if (max_blocks < blocks)
+               goto out;
+       if (max_inodes < inodes)
+               goto out;
+       /*
+        * Those tests also disallow limited->unlimited while any are in
+        * use, so i_blocks will always be zero when max_blocks is zero;
+        * but we must separately disallow unlimited->limited, because
+        * in that case we have no record of how much is already in use.
+        */
+       if (max_blocks && !sbinfo->max_blocks)
+               goto out;
+       if (max_inodes && !sbinfo->max_inodes)
+               goto out;
+
+       error = 0;
+       sbinfo->max_blocks  = max_blocks;
+       sbinfo->free_blocks = max_blocks - blocks;
+       sbinfo->max_inodes  = max_inodes;
+       sbinfo->free_inodes = max_inodes - inodes;
+       sbinfo->policy = policy;
+       sbinfo->policy_nodes = policy_nodes;
+out:
+       spin_unlock(&sbinfo->stat_lock);
+       return error;
 }
 #endif
 
+static void shmem_put_super(struct super_block *sb)
+{
+       kfree(sb->s_fs_info);
+       sb->s_fs_info = NULL;
+}
+
 static int shmem_fill_super(struct super_block *sb,
                            void *data, int silent)
 {
        struct inode *inode;
        struct dentry *root;
-       unsigned long blocks, inodes;
        int mode   = S_IRWXUGO | S_ISVTX;
        uid_t uid = current->fsuid;
        gid_t gid = current->fsgid;
-       struct shmem_sb_info *sbinfo;
        int err = -ENOMEM;
+       struct shmem_sb_info *sbinfo;
+       unsigned long blocks = 0;
+       unsigned long inodes = 0;
+       int policy = MPOL_DEFAULT;
+       nodemask_t policy_nodes = node_online_map;
 
-       sbinfo = kmalloc(sizeof(struct shmem_sb_info), GFP_KERNEL);
-       if (!sbinfo)
-               return -ENOMEM;
-       sb->s_fs_info = sbinfo;
-       memset(sbinfo, 0, sizeof(struct shmem_sb_info));
-
+#ifdef CONFIG_TMPFS
        /*
         * Per default we only allow half of the physical ram per
-        * tmpfs instance
+        * tmpfs instance, limiting inodes to one per page of lowmem;
+        * but the internal instance is left unlimited.
         */
-       blocks = inodes = totalram_pages / 2;
-
-#ifdef CONFIG_TMPFS
-       if (shmem_parse_options(data, &mode, &uid, &gid, &blocks, &inodes)) {
-               err = -EINVAL;
-               goto failed;
+       if (!(sb->s_flags & MS_NOUSER)) {
+               blocks = totalram_pages / 2;
+               inodes = totalram_pages - totalhigh_pages;
+               if (inodes > blocks)
+                       inodes = blocks;
+               if (shmem_parse_options(data, &mode, &uid, &gid, &blocks,
+                                       &inodes, &policy, &policy_nodes))
+                       return -EINVAL;
        }
 #else
        sb->s_flags |= MS_NOUSER;
 #endif
 
+       /* Round up to L1_CACHE_BYTES to resist false sharing */
+       sbinfo = kmalloc(max((int)sizeof(struct shmem_sb_info),
+                               L1_CACHE_BYTES), GFP_KERNEL);
+       if (!sbinfo)
+               return -ENOMEM;
+
        spin_lock_init(&sbinfo->stat_lock);
        sbinfo->max_blocks = blocks;
        sbinfo->free_blocks = blocks;
        sbinfo->max_inodes = inodes;
        sbinfo->free_inodes = inodes;
+       sbinfo->policy = policy;
+       sbinfo->policy_nodes = policy_nodes;
+
+       sb->s_fs_info = sbinfo;
        sb->s_maxbytes = SHMEM_MAX_BYTES;
        sb->s_blocksize = PAGE_CACHE_SIZE;
        sb->s_blocksize_bits = PAGE_CACHE_SHIFT;
        sb->s_magic = TMPFS_SUPER_MAGIC;
        sb->s_op = &shmem_ops;
+       sb->s_time_gran = 1;
+
        inode = shmem_get_inode(sb, S_IFDIR | mode, 0);
        if (!inode)
                goto failed;
@@ -1844,18 +2118,11 @@ static int shmem_fill_super(struct super_block *sb,
 failed_iput:
        iput(inode);
 failed:
-       kfree(sbinfo);
-       sb->s_fs_info = NULL;
+       shmem_put_super(sb);
        return err;
 }
 
-static void shmem_put_super(struct super_block *sb)
-{
-       kfree(sb->s_fs_info);
-       sb->s_fs_info = NULL;
-}
-
-static kmem_cache_t *shmem_inode_cachep;
+static struct kmem_cache *shmem_inode_cachep;
 
 static struct inode *shmem_alloc_inode(struct super_block *sb)
 {
@@ -1868,11 +2135,15 @@ static struct inode *shmem_alloc_inode(struct super_block *sb)
 
 static void shmem_destroy_inode(struct inode *inode)
 {
-       mpol_free_shared_policy(&SHMEM_I(inode)->policy);
+       if ((inode->i_mode & S_IFMT) == S_IFREG) {
+               /* only struct inode is valid if it's an inline symlink */
+               mpol_free_shared_policy(&SHMEM_I(inode)->policy);
+       }
        kmem_cache_free(shmem_inode_cachep, SHMEM_I(inode));
 }
 
-static void init_once(void *foo, kmem_cache_t *cachep, unsigned long flags)
+static void init_once(void *foo, struct kmem_cache *cachep,
+                     unsigned long flags)
 {
        struct shmem_inode_info *p = (struct shmem_inode_info *) foo;
 
@@ -1886,8 +2157,7 @@ static int init_inodecache(void)
 {
        shmem_inode_cachep = kmem_cache_create("shmem_inode_cache",
                                sizeof(struct shmem_inode_info),
-                               0, SLAB_HWCACHE_ALIGN|SLAB_RECLAIM_ACCOUNT,
-                               init_once, NULL);
+                               0, 0, init_once, NULL);
        if (shmem_inode_cachep == NULL)
                return -ENOMEM;
        return 0;
@@ -1906,6 +2176,7 @@ static struct address_space_operations shmem_aops = {
        .prepare_write  = shmem_prepare_write,
        .commit_write   = simple_commit_write,
 #endif
+       .migratepage    = migrate_page,
 };
 
 static struct file_operations shmem_file_operations = {
@@ -1922,6 +2193,7 @@ static struct file_operations shmem_file_operations = {
 static struct inode_operations shmem_inode_operations = {
        .truncate       = shmem_truncate,
        .setattr        = shmem_notify_change,
+       .truncate_range = shmem_truncate_range,
 };
 
 static struct inode_operations shmem_dir_inode_operations = {
@@ -1959,6 +2231,7 @@ static struct vm_operations_struct shmem_vm_ops = {
 #endif
 };
 
+
 static struct super_block *shmem_get_sb(struct file_system_type *fs_type,
        int flags, const char *dev_name, void *data)
 {
@@ -1989,15 +2262,13 @@ static int __init init_tmpfs(void)
 #ifdef CONFIG_TMPFS
        devfs_mk_dir("shm");
 #endif
-       shm_mnt = kern_mount(&tmpfs_fs_type);
+       shm_mnt = do_kern_mount(tmpfs_fs_type.name, MS_NOUSER,
+                               tmpfs_fs_type.name, NULL);
        if (IS_ERR(shm_mnt)) {
                error = PTR_ERR(shm_mnt);
                printk(KERN_ERR "Could not kern_mount tmpfs\n");
                goto out1;
        }
-
-       /* The internal instance should not do size checking */
-       shmem_set_size(SHMEM_SB(shm_mnt->mnt_sb), ULONG_MAX, ULONG_MAX);
        return 0;
 
 out1:
@@ -2028,7 +2299,7 @@ struct file *shmem_file_setup(char *name, loff_t size, unsigned long flags)
        if (IS_ERR(shm_mnt))
                return (void *)shm_mnt;
 
-       if (size > SHMEM_MAX_BYTES)
+       if (size < 0 || size > SHMEM_MAX_BYTES)
                return ERR_PTR(-EINVAL);
 
        if (shmem_acct_size(flags, size))
@@ -2062,7 +2333,7 @@ struct file *shmem_file_setup(char *name, loff_t size, unsigned long flags)
        file->f_mapping = inode->i_mapping;
        file->f_op = &shmem_file_operations;
        file->f_mode = FMODE_WRITE | FMODE_READ;
-       return(file);
+       return file;
 
 close_file:
        put_filp(file);
@@ -2093,5 +2364,3 @@ int shmem_zero_setup(struct vm_area_struct *vma)
        vma->vm_ops = &shmem_vm_ops;
        return 0;
 }
-
-EXPORT_SYMBOL(shmem_file_setup);