--- linux-2.6.16-rc1/fs/super.c	2006-01-26 22:35:13 +0100
+++ linux-2.6.16-rc1-vs2.1.0.9.4/fs/super.c	2006-01-21 18:28:18 +0100
@@ -171,7 +173,7 @@ void deactivate_super(struct super_block
 	if (atomic_dec_and_lock(&s->s_active, &sb_lock)) {
 		s->s_count -= S_BIAS-1;
 		spin_unlock(&sb_lock);
-		DQUOT_OFF(s);
+		DQUOT_OFF(s->s_dqh);
 		down_write(&s->s_umount);
 		fs->kill_sb(s);
 		put_filesystem(fs);
--- linux-2.6.16-rc1/fs/super.c	2006-01-26 22:35:13 +0100
+++ linux-2.6.16-rc1-vs2.1.0.9.4/fs/super.c	2006-01-21 18:28:18 +0100
@@ -818,6 +826,13 @@ do_kern_mount(const char *fstype, int fl
 	sb = type->get_sb(type, flags, name, data);
 	if (IS_ERR(sb))
 		goto out_free_secdata;
+
+	error = -EPERM;
+	if (!capable(CAP_SYS_ADMIN) && !sb->s_bdev &&
+		(sb->s_magic != PROC_SUPER_MAGIC) &&
+		(sb->s_magic != DEVPTS_SUPER_MAGIC))
+		goto out_sb;
+
  	error = security_sb_kern_mount(sb, secdata);
  	if (error)
  		goto out_sb;
--- linux-2.6.16-rc1/fs/sysfs/mount.c	2005-08-29 22:25:33 +0200
+++ linux-2.6.16-rc1-vs2.1.0.9.4/fs/sysfs/mount.c	2006-01-21 18:28:10 +0100
@@ -11,8 +11,6 @@
 
 #include "sysfs.h"
 
-/* Random magic number */
-#define SYSFS_MAGIC 0x62656572
 
 struct vfsmount *sysfs_mount;
 struct super_block * sysfs_sb = NULL;
--- linux-2.6.16-rc1/fs/sysfs/mount.c	2005-08-29 22:25:33 +0200
+++ linux-2.6.16-rc1-vs2.1.0.9.4/fs/sysfs/mount.c	2006-01-21 18:28:10 +0100
@@ -38,7 +36,7 @@ static int sysfs_fill_super(struct super
 
 	sb->s_blocksize = PAGE_CACHE_SIZE;
 	sb->s_blocksize_bits = PAGE_CACHE_SHIFT;
-	sb->s_magic = SYSFS_MAGIC;
+	sb->s_magic = SYSFS_SUPER_MAGIC;
 	sb->s_op = &sysfs_ops;
 	sb->s_time_gran = 1;
 	sysfs_sb = sb;
--- linux-2.6.16-rc1/include/linux/devpts_fs.h	2004-08-14 12:55:59 +0200
+++ linux-2.6.16-rc1-vs2.1.0.9.4/include/linux/devpts_fs.h	2006-01-21 18:28:10 +0100
@@ -30,5 +30,7 @@ static inline void devpts_pty_kill(int n
 
 #endif
 
+#define DEVPTS_SUPER_MAGIC	0x00001cd1
+
 
 #endif /* _LINUX_DEVPTS_FS_H */
--- linux-2.6.16-rc1/include/linux/shmem_fs.h	2006-01-26 22:35:20 +0100
+++ linux-2.6.16-rc1-vs2.1.0.9.4/include/linux/shmem_fs.h	2006-01-21 18:28:10 +0100
@@ -8,6 +8,9 @@
 
 #define SHMEM_NR_DIRECT 16
 
+#define TMPFS_SUPER_MAGIC	0x01021994
+
+
 struct shmem_inode_info {
 	spinlock_t		lock;
 	unsigned long		flags;
--- linux-2.6.16-rc1/include/linux/sysfs.h	2005-08-29 22:25:42 +0200
+++ linux-2.6.16-rc1-vs2.1.0.9.4/include/linux/sysfs.h	2006-01-21 18:28:10 +0100
@@ -12,6 +12,8 @@
 
 #include <asm/atomic.h>
 
+#define SYSFS_SUPER_MAGIC	0x62656572
+
 struct kobject;
 struct module;
 
--- linux-2.6.16-rc1/mm/shmem.c	2006-01-26 22:35:33 +0100
+++ linux-2.6.16-rc1-vs2.1.0.9.4/mm/shmem.c	2006-01-21 18:28:10 +0100
@@ -50,7 +50,6 @@
 #include <asm/pgtable.h>
 
 /* This magic number is used in glibc for posix shared memory */
-#define TMPFS_MAGIC	0x01021994
 
 #define ENTRIES_PER_PAGE (PAGE_CACHE_SIZE/sizeof(unsigned long))
 #define ENTRIES_PER_PAGEPAGE (ENTRIES_PER_PAGE*ENTRIES_PER_PAGE)
--- linux-2.6.16-rc1/mm/shmem.c	2006-01-26 22:35:33 +0100
+++ linux-2.6.16-rc1-vs2.1.0.9.4/mm/shmem.c	2006-01-21 18:28:10 +0100
@@ -1597,7 +1596,7 @@ static int shmem_statfs(struct super_blo
 {
 	struct shmem_sb_info *sbinfo = SHMEM_SB(sb);
 
-	buf->f_type = TMPFS_MAGIC;
+	buf->f_type = TMPFS_SUPER_MAGIC;
 	buf->f_bsize = PAGE_CACHE_SIZE;
 	buf->f_namelen = NAME_MAX;
 	spin_lock(&sbinfo->stat_lock);
--- linux-2.6.16-rc1/mm/shmem.c	2006-01-26 22:35:33 +0100
+++ linux-2.6.16-rc1-vs2.1.0.9.4/mm/shmem.c	2006-01-21 18:28:10 +0100
@@ -2033,7 +2032,7 @@ static int shmem_fill_super(struct super
 	sb->s_maxbytes = SHMEM_MAX_BYTES;
 	sb->s_blocksize = PAGE_CACHE_SIZE;
 	sb->s_blocksize_bits = PAGE_CACHE_SHIFT;
-	sb->s_magic = TMPFS_MAGIC;
+	sb->s_magic = TMPFS_SUPER_MAGIC;
 	sb->s_op = &shmem_ops;
 
 	inode = shmem_get_inode(sb, S_IFDIR | mode, 0);