diff -Nurp a/fs/nfs/dir.c b/fs/nfs/dir.c
--- a/fs/nfs/dir.c	2011-10-24 09:10:05.000000000 +0200
+++ b/fs/nfs/dir.c	2011-11-23 13:47:17.240241659 +0100
@@ -171,7 +171,12 @@ nfs_opendir(struct inode *inode, struct 
 
 	nfs_inc_stats(inode, NFSIOS_VFSOPEN);
 
-	cred = rpc_lookup_cred();
+	if (NFS_PROTO(inode)->version > 3)
+		cred = rpc_lookup_cred(NULL);
+	else {
+		struct rpc_groups fsg = { 1, { inode->i_gid } };
+		cred = rpc_lookup_cred(&fsg);
+	}
 	if (IS_ERR(cred))
 		return PTR_ERR(cred);
 	ctx = alloc_nfs_open_dir_context(inode, cred);
@@ -1101,6 +1106,7 @@ static int nfs_lookup_revalidate(struct 
 	struct dentry *parent;
 	struct nfs_fh *fhandle = NULL;
 	struct nfs_fattr *fattr = NULL;
+	struct rpc_groups fsg;
 	int error;
 
 	if (nd->flags & LOOKUP_RCU)
@@ -1143,7 +1149,9 @@ static int nfs_lookup_revalidate(struct 
 	if (fhandle == NULL || fattr == NULL)
 		goto out_error;
 
-	error = NFS_PROTO(dir)->lookup(NFS_SERVER(dir)->client, dir, &dentry->d_name, fhandle, fattr);
+	fsg.ngroups = 1;
+	fsg.groups[0] = dir->i_gid;
+	error = NFS_PROTO(dir)->lookup(NFS_SERVER(dir)->client, dir, &dentry->d_name, fhandle, fattr, &fsg);
 	if (error)
 		goto out_bad;
 	if (nfs_compare_fh(NFS_FH(inode), fhandle))
@@ -1270,6 +1278,7 @@ static struct dentry *nfs_lookup(struct 
 	struct inode *inode = NULL;
 	struct nfs_fh *fhandle = NULL;
 	struct nfs_fattr *fattr = NULL;
+	struct rpc_groups fsg;
 	int error;
 
 	dfprintk(VFS, "NFS: lookup(%s/%s)\n",
@@ -1299,7 +1308,9 @@ static struct dentry *nfs_lookup(struct 
 	parent = dentry->d_parent;
 	/* Protect against concurrent sillydeletes */
 	nfs_block_sillyrename(parent);
-	error = NFS_PROTO(dir)->lookup(NFS_SERVER(dir)->client, dir, &dentry->d_name, fhandle, fattr);
+	fsg.ngroups = 1;
+	fsg.groups[0] = dir->i_gid;
+	error = NFS_PROTO(dir)->lookup(NFS_SERVER(dir)->client, dir, &dentry->d_name, fhandle, fattr, &fsg);
 	if (error == -ENOENT)
 		goto no_entry;
 	if (error < 0) {
@@ -1372,7 +1383,7 @@ static struct nfs_open_context *create_n
 	struct rpc_cred *cred;
 	fmode_t fmode = flags_to_mode(open_flags);
 
-	cred = rpc_lookup_cred();
+	cred = rpc_lookup_cred(NULL);
 	if (IS_ERR(cred))
 		return ERR_CAST(cred);
 	ctx = alloc_nfs_open_context(dentry, cred, fmode);
@@ -1606,7 +1617,7 @@ static int nfs_open_create(struct inode 
 	if (IS_ERR(ctx))
 		goto out_err_drop;
 
-	error = NFS_PROTO(dir)->create(dir, dentry, &attr, open_flags, ctx);
+	error = NFS_PROTO(dir)->create(dir, dentry, &attr, open_flags, ctx, NULL);
 	if (error != 0)
 		goto out_put_ctx;
 	if (nd) {
@@ -1631,7 +1642,7 @@ out_err:
  * Code common to create, mkdir, and mknod.
  */
 int nfs_instantiate(struct dentry *dentry, struct nfs_fh *fhandle,
-				struct nfs_fattr *fattr)
+				struct nfs_fattr *fattr, struct rpc_groups *fsg)
 {
 	struct dentry *parent = dget_parent(dentry);
 	struct inode *dir = parent->d_inode;
@@ -1644,7 +1655,7 @@ int nfs_instantiate(struct dentry *dentr
 	if (dentry->d_inode)
 		goto out;
 	if (fhandle->size == 0) {
-		error = NFS_PROTO(dir)->lookup(NFS_SERVER(dir)->client, dir, &dentry->d_name, fhandle, fattr);
+		error = NFS_PROTO(dir)->lookup(NFS_SERVER(dir)->client, dir, &dentry->d_name, fhandle, fattr, fsg);
 		if (error)
 			goto out_error;
 	}
@@ -1681,6 +1692,7 @@ static int nfs_create(struct inode *dir,
 	struct iattr attr;
 	int error;
 	int open_flags = O_CREAT|O_EXCL;
+	struct rpc_groups fsg = { 1, { dir->i_gid } };
 
 	dfprintk(VFS, "NFS: create(%s/%ld), %s\n",
 			dir->i_sb->s_id, dir->i_ino, dentry->d_name.name);
@@ -1691,7 +1703,7 @@ static int nfs_create(struct inode *dir,
 	if (nd)
 		open_flags = nd->intent.open.flags;
 
-	error = NFS_PROTO(dir)->create(dir, dentry, &attr, open_flags, NULL);
+	error = NFS_PROTO(dir)->create(dir, dentry, &attr, open_flags, NULL, &fsg);
 	if (error != 0)
 		goto out_err;
 	return 0;
@@ -1708,6 +1720,7 @@ nfs_mknod(struct inode *dir, struct dent
 {
 	struct iattr attr;
 	int status;
+	struct rpc_groups fsg = { 1, { dir->i_gid } };
 
 	dfprintk(VFS, "NFS: mknod(%s/%ld), %s\n",
 			dir->i_sb->s_id, dir->i_ino, dentry->d_name.name);
@@ -1718,7 +1731,7 @@ nfs_mknod(struct inode *dir, struct dent
 	attr.ia_mode = mode;
 	attr.ia_valid = ATTR_MODE;
 
-	status = NFS_PROTO(dir)->mknod(dir, dentry, &attr, rdev);
+	status = NFS_PROTO(dir)->mknod(dir, dentry, &attr, rdev, &fsg);
 	if (status != 0)
 		goto out_err;
 	return 0;
@@ -1734,6 +1747,7 @@ static int nfs_mkdir(struct inode *dir, 
 {
 	struct iattr attr;
 	int error;
+	struct rpc_groups fsg = { 1, { dir->i_gid } };
 
 	dfprintk(VFS, "NFS: mkdir(%s/%ld), %s\n",
 			dir->i_sb->s_id, dir->i_ino, dentry->d_name.name);
@@ -1741,7 +1755,7 @@ static int nfs_mkdir(struct inode *dir, 
 	attr.ia_valid = ATTR_MODE;
 	attr.ia_mode = mode | S_IFDIR;
 
-	error = NFS_PROTO(dir)->mkdir(dir, dentry, &attr);
+	error = NFS_PROTO(dir)->mkdir(dir, dentry, &attr, &fsg);
 	if (error != 0)
 		goto out_err;
 	return 0;
@@ -1759,11 +1773,12 @@ static void nfs_dentry_handle_enoent(str
 static int nfs_rmdir(struct inode *dir, struct dentry *dentry)
 {
 	int error;
+	struct rpc_groups fsg = { 1, { dir->i_gid } };
 
 	dfprintk(VFS, "NFS: rmdir(%s/%ld), %s\n",
 			dir->i_sb->s_id, dir->i_ino, dentry->d_name.name);
 
-	error = NFS_PROTO(dir)->rmdir(dir, &dentry->d_name);
+	error = NFS_PROTO(dir)->rmdir(dir, &dentry->d_name, &fsg);
 	/* Ensure the VFS deletes this inode */
 	if (error == 0 && dentry->d_inode != NULL)
 		clear_nlink(dentry->d_inode);
@@ -1784,6 +1799,7 @@ static int nfs_safe_remove(struct dentry
 {
 	struct inode *dir = dentry->d_parent->d_inode;
 	struct inode *inode = dentry->d_inode;
+	struct rpc_groups fsg = { 1, { dir->i_gid } };
 	int error = -EBUSY;
 		
 	dfprintk(VFS, "NFS: safe_remove(%s/%s)\n",
@@ -1797,13 +1813,13 @@ static int nfs_safe_remove(struct dentry
 
 	if (inode != NULL) {
 		nfs_inode_return_delegation(inode);
-		error = NFS_PROTO(dir)->remove(dir, &dentry->d_name);
+		error = NFS_PROTO(dir)->remove(dir, &dentry->d_name, &fsg);
 		/* The VFS may want to delete this inode */
 		if (error == 0)
 			nfs_drop_nlink(inode);
 		nfs_mark_for_revalidate(inode);
 	} else
-		error = NFS_PROTO(dir)->remove(dir, &dentry->d_name);
+		error = NFS_PROTO(dir)->remove(dir, &dentry->d_name, &fsg);
 	if (error == -ENOENT)
 		nfs_dentry_handle_enoent(dentry);
 out:
@@ -1867,6 +1883,7 @@ static int nfs_symlink(struct inode *dir
 	struct iattr attr;
 	unsigned int pathlen = strlen(symname);
 	int error;
+	struct rpc_groups fsg = { 1, { dir->i_gid } };
 
 	dfprintk(VFS, "NFS: symlink(%s/%ld, %s, %s)\n", dir->i_sb->s_id,
 		dir->i_ino, dentry->d_name.name, symname);
@@ -1887,7 +1904,7 @@ static int nfs_symlink(struct inode *dir
 		memset(kaddr + pathlen, 0, PAGE_SIZE - pathlen);
 	kunmap_atomic(kaddr, KM_USER0);
 
-	error = NFS_PROTO(dir)->symlink(dir, dentry, page, pathlen, &attr);
+	error = NFS_PROTO(dir)->symlink(dir, dentry, page, pathlen, &attr, &fsg);
 	if (error != 0) {
 		dfprintk(VFS, "NFS: symlink(%s/%ld, %s, %s) error %d\n",
 			dir->i_sb->s_id, dir->i_ino,
@@ -1918,6 +1935,7 @@ static int 
 nfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *dentry)
 {
 	struct inode *inode = old_dentry->d_inode;
+	struct rpc_groups fsg = { 1, { dir->i_gid } };
 	int error;
 
 	dfprintk(VFS, "NFS: link(%s/%s -> %s/%s)\n",
@@ -1927,7 +1945,7 @@ nfs_link(struct dentry *old_dentry, stru
 	nfs_inode_return_delegation(inode);
 
 	d_drop(dentry);
-	error = NFS_PROTO(dir)->link(inode, dir, &dentry->d_name);
+	error = NFS_PROTO(dir)->link(inode, dir, &dentry->d_name, &fsg);
 	if (error == 0) {
 		ihold(inode);
 		d_add(dentry, inode);
@@ -1965,6 +1983,14 @@ static int nfs_rename(struct inode *old_
 	struct inode *old_inode = old_dentry->d_inode;
 	struct inode *new_inode = new_dentry->d_inode;
 	struct dentry *dentry = NULL, *rehash = NULL;
+	struct rpc_groups fsg = {
+		.ngroups = 3,
+		.groups = {
+			old_dir->i_gid,
+			new_dir->i_gid,		/* old_dir != new_dir */
+			old_inode->i_gid	/* reparent a dir */
+		}
+	};
 	int error = -EBUSY;
 
 	dfprintk(VFS, "NFS: rename(%s/%s -> %s/%s, ct=%d)\n",
@@ -2013,7 +2039,7 @@ static int nfs_rename(struct inode *old_
 		nfs_inode_return_delegation(new_inode);
 
 	error = NFS_PROTO(old_dir)->rename(old_dir, &old_dentry->d_name,
-					   new_dir, &new_dentry->d_name);
+					   new_dir, &new_dentry->d_name, &fsg);
 	nfs_mark_for_revalidate(old_inode);
 out:
 	if (rehash)
@@ -2260,6 +2286,8 @@ static int nfs_do_access(struct inode *i
 	cache.cred = cred;
 	cache.jiffies = jiffies;
 	status = NFS_PROTO(inode)->access(inode, &cache);
+	dfprintk(VFS, "NFS: access()=%d for ino %lu, cred %p, mask 0x%x->0x%x\n",
+		 status, inode->i_ino, cred, mask, cache.mask);
 	if (status != 0) {
 		if (status == -ESTALE) {
 			nfs_zap_caches(inode);
@@ -2332,7 +2360,12 @@ force_lookup:
 	if (!NFS_PROTO(inode)->access)
 		goto out_notsup;
 
-	cred = rpc_lookup_cred();
+	if (NFS_PROTO(inode)->version > 3)
+		cred = rpc_lookup_cred(NULL);
+	else {
+		struct rpc_groups fsg = { 1, { inode->i_gid } };
+		cred = rpc_lookup_cred(&fsg);
+	}
 	if (!IS_ERR(cred)) {
 		res = nfs_do_access(inode, cred, mask);
 		put_rpccred(cred);
diff -Nurp a/fs/nfs/inode.c b/fs/nfs/inode.c
--- a/fs/nfs/inode.c	2011-10-24 09:10:05.000000000 +0200
+++ b/fs/nfs/inode.c	2011-11-23 13:47:17.245241540 +0100
@@ -407,6 +407,7 @@ nfs_setattr(struct dentry *dentry, struc
 {
 	struct inode *inode = dentry->d_inode;
 	struct nfs_fattr *fattr;
+	struct rpc_groups fsg;
 	int error = -ENOMEM;
 
 	nfs_inc_stats(inode, NFSIOS_VFSSETATTR);
@@ -437,7 +438,11 @@ nfs_setattr(struct dentry *dentry, struc
 	 */
 	if ((attr->ia_valid & (ATTR_MODE|ATTR_UID|ATTR_GID)) != 0)
 		nfs_inode_return_delegation(inode);
-	error = NFS_PROTO(inode)->setattr(dentry, fattr, attr);
+	fsg.ngroups = 0;
+	fsg.groups[fsg.ngroups++] = inode->i_gid;	/* ATTR_SIZE */
+	if (attr->ia_valid & ATTR_GID)
+		fsg.groups[fsg.ngroups++] = attr->ia_gid;
+	error = NFS_PROTO(inode)->setattr(dentry, fattr, attr, &fsg);
 	if (error == 0)
 		nfs_refresh_inode(inode, fattr);
 	nfs_free_fattr(fattr);
@@ -740,7 +745,12 @@ int nfs_open(struct inode *inode, struct
 	struct nfs_open_context *ctx;
 	struct rpc_cred *cred;
 
-	cred = rpc_lookup_cred();
+	if (NFS_PROTO(inode)->version > 3)
+		cred = rpc_lookup_cred(NULL);
+	else {
+		struct rpc_groups fsg = { 1, { inode->i_gid } };
+		cred = rpc_lookup_cred(&fsg);
+	}
 	if (IS_ERR(cred))
 		return PTR_ERR(cred);
 	ctx = alloc_nfs_open_context(filp->f_path.dentry, cred, filp->f_mode);
diff -Nurp a/fs/nfs/namespace.c b/fs/nfs/namespace.c
--- a/fs/nfs/namespace.c	2011-10-24 09:10:05.000000000 +0200
+++ b/fs/nfs/namespace.c	2011-11-23 13:47:17.249241443 +0100
@@ -194,7 +194,7 @@ static int nfs_lookup_with_sec(struct nf
 	}
 	err = server->nfs_client->rpc_ops->lookup(clone, parent->d_inode,
 						  &path->dentry->d_name,
-						  fh, fattr);
+						  fh, fattr, NULL);
 out_shutdown:
 	rpc_shutdown_client(clone);
 out:
@@ -230,6 +230,7 @@ struct vfsmount *nfs_d_automount(struct 
 	struct dentry *parent;
 	struct nfs_fh *fh = NULL;
 	struct nfs_fattr *fattr = NULL;
+	struct rpc_groups fsg;
 	int err;
 	rpc_authflavor_t flavor = RPC_AUTH_UNIX;
 
@@ -249,9 +250,11 @@ struct vfsmount *nfs_d_automount(struct 
 
 	/* Look it up again to get its attributes */
 	parent = dget_parent(path->dentry);
+	fsg.ngroups = 1;
+	fsg.groups[0] = parent->d_inode->i_gid;
 	err = server->nfs_client->rpc_ops->lookup(server->client, parent->d_inode,
 						  &path->dentry->d_name,
-						  fh, fattr);
+						  fh, fattr, &fsg);
 	if (err == -EPERM && NFS_PROTO(parent->d_inode)->secinfo != NULL)
 		err = nfs_lookup_with_sec(server, parent, path->dentry, path, fh, fattr, &flavor);
 	dput(parent);
diff -Nurp a/fs/nfs/nfs3proc.c b/fs/nfs/nfs3proc.c
--- a/fs/nfs/nfs3proc.c	2011-10-24 09:10:05.000000000 +0200
+++ b/fs/nfs/nfs3proc.c	2011-11-23 13:47:17.254241323 +0100
@@ -25,11 +25,19 @@
 
 /* A wrapper to handle the EJUKEBOX and EKEYEXPIRED error messages */
 static int
-nfs3_rpc_wrapper(struct rpc_clnt *clnt, struct rpc_message *msg, int flags)
+nfs3_rpc_call(struct rpc_clnt *clnt, u32 proc, void *argp, void *resp,
+	      struct rpc_cred *cred, int flags)
 {
+	struct rpc_message msg = {
+		.rpc_proc	= &nfs3_procedures[proc],
+		.rpc_argp	= argp,
+		.rpc_resp	= resp,
+		.rpc_cred	= cred,
+	};
 	int res;
+
 	do {
-		res = rpc_call_sync(clnt, msg, flags);
+		res = rpc_call_sync(clnt, &msg, flags);
 		if (res != -EJUKEBOX && res != -EKEYEXPIRED)
 			break;
 		schedule_timeout_killable(NFS_JUKEBOX_RETRY_TIME);
@@ -38,7 +46,20 @@ nfs3_rpc_wrapper(struct rpc_clnt *clnt, 
 	return res;
 }
 
-#define rpc_call_sync(clnt, msg, flags)	nfs3_rpc_wrapper(clnt, msg, flags)
+static int
+nfs3_rpc(struct rpc_clnt *clnt, u32 proc, void *argp, void *resp,
+	 struct rpc_groups *fsg)
+{
+	struct rpc_cred	*cred;
+	int		res;
+
+	cred = rpcauth_lookupcred(clnt->cl_auth, fsg, 0);
+	if (IS_ERR(cred))
+		return PTR_ERR(cred);
+	res = nfs3_rpc_call(clnt, proc, argp, resp, cred, 0);
+	put_rpccred(cred);
+	return res;
+}
 
 static int
 nfs3_async_handle_jukebox(struct rpc_task *task, struct inode *inode)
@@ -57,21 +78,14 @@ static int
 do_proc_get_root(struct rpc_clnt *client, struct nfs_fh *fhandle,
 		 struct nfs_fsinfo *info)
 {
-	struct rpc_message msg = {
-		.rpc_proc	= &nfs3_procedures[NFS3PROC_FSINFO],
-		.rpc_argp	= fhandle,
-		.rpc_resp	= info,
-	};
 	int	status;
 
 	dprintk("%s: call  fsinfo\n", __func__);
 	nfs_fattr_init(info->fattr);
-	status = rpc_call_sync(client, &msg, 0);
+	status = nfs3_rpc(client, NFS3PROC_FSINFO, fhandle, info, NULL);
 	dprintk("%s: reply fsinfo: %d\n", __func__, status);
 	if (!(info->fattr->valid & NFS_ATTR_FATTR)) {
-		msg.rpc_proc = &nfs3_procedures[NFS3PROC_GETATTR];
-		msg.rpc_resp = info->fattr;
-		status = rpc_call_sync(client, &msg, 0);
+		status = nfs3_rpc(client, NFS3PROC_GETATTR, fhandle, info->fattr, NULL);
 		dprintk("%s: reply getattr: %d\n", __func__, status);
 	}
 	return status;
@@ -99,41 +113,41 @@ static int
 nfs3_proc_getattr(struct nfs_server *server, struct nfs_fh *fhandle,
 		struct nfs_fattr *fattr)
 {
-	struct rpc_message msg = {
-		.rpc_proc	= &nfs3_procedures[NFS3PROC_GETATTR],
-		.rpc_argp	= fhandle,
-		.rpc_resp	= fattr,
-	};
 	int	status;
 
 	dprintk("NFS call  getattr\n");
 	nfs_fattr_init(fattr);
-	status = rpc_call_sync(server->client, &msg, 0);
+	status = nfs3_rpc(server->client, NFS3PROC_GETATTR, fhandle, fattr, NULL);
 	dprintk("NFS reply getattr: %d\n", status);
 	return status;
 }
 
 static int
 nfs3_proc_setattr(struct dentry *dentry, struct nfs_fattr *fattr,
-			struct iattr *sattr)
+			struct iattr *sattr, struct rpc_groups *fsg)
 {
 	struct inode *inode = dentry->d_inode;
 	struct nfs3_sattrargs	arg = {
 		.fh		= NFS_FH(inode),
 		.sattr		= sattr,
 	};
-	struct rpc_message msg = {
-		.rpc_proc	= &nfs3_procedures[NFS3PROC_SETATTR],
-		.rpc_argp	= &arg,
-		.rpc_resp	= fattr,
-	};
 	int	status;
+	struct rpc_cred	*cred;
+	struct rpc_clnt *clnt = NFS_CLIENT(inode);
 
 	dprintk("NFS call  setattr\n");
-	if (sattr->ia_valid & ATTR_FILE)
-		msg.rpc_cred = nfs_file_cred(sattr->ia_file);
+	if (sattr->ia_valid & ATTR_FILE) {
+		cred = nfs_file_cred(sattr->ia_file);
+		get_rpccred(cred);
+	} else {
+		/* truncate() requires write access */
+		cred = rpcauth_lookupcred(clnt->cl_auth, fsg, 0);
+		if (IS_ERR(cred))
+			return PTR_ERR(cred);
+	}
 	nfs_fattr_init(fattr);
-	status = rpc_call_sync(NFS_CLIENT(inode), &msg, 0);
+	status = nfs3_rpc_call(clnt, NFS3PROC_SETATTR, &arg, fattr, cred, 0);
+	put_rpccred(cred);
 	if (status == 0)
 		nfs_setattr_update_inode(inode, sattr);
 	dprintk("NFS reply setattr: %d\n", status);
@@ -142,7 +156,7 @@ nfs3_proc_setattr(struct dentry *dentry,
 
 static int
 nfs3_proc_lookup(struct rpc_clnt *clnt, struct inode *dir, struct qstr *name,
-		 struct nfs_fh *fhandle, struct nfs_fattr *fattr)
+		 struct nfs_fh *fhandle, struct nfs_fattr *fattr, struct rpc_groups *fsg)
 {
 	struct nfs3_diropargs	arg = {
 		.fh		= NFS_FH(dir),
@@ -153,11 +167,6 @@ nfs3_proc_lookup(struct rpc_clnt *clnt, 
 		.fh		= fhandle,
 		.fattr		= fattr
 	};
-	struct rpc_message msg = {
-		.rpc_proc	= &nfs3_procedures[NFS3PROC_LOOKUP],
-		.rpc_argp	= &arg,
-		.rpc_resp	= &res,
-	};
 	int			status;
 
 	dprintk("NFS call  lookup %s\n", name->name);
@@ -166,13 +175,11 @@ nfs3_proc_lookup(struct rpc_clnt *clnt, 
 		return -ENOMEM;
 
 	nfs_fattr_init(fattr);
-	status = rpc_call_sync(NFS_CLIENT(dir), &msg, 0);
+	status = nfs3_rpc(NFS_CLIENT(dir), NFS3PROC_LOOKUP, &arg, &res, fsg);
 	nfs_refresh_inode(dir, res.dir_attr);
 	if (status >= 0 && !(fattr->valid & NFS_ATTR_FATTR)) {
-		msg.rpc_proc = &nfs3_procedures[NFS3PROC_GETATTR];
-		msg.rpc_argp = fhandle;
-		msg.rpc_resp = fattr;
-		status = rpc_call_sync(NFS_CLIENT(dir), &msg, 0);
+		status = nfs3_rpc(NFS_CLIENT(dir), NFS3PROC_GETATTR,
+				  fhandle, fattr, NULL);
 	}
 	nfs_free_fattr(res.dir_attr);
 	dprintk("NFS reply lookup: %d\n", status);
@@ -185,12 +192,6 @@ static int nfs3_proc_access(struct inode
 		.fh		= NFS_FH(inode),
 	};
 	struct nfs3_accessres	res;
-	struct rpc_message msg = {
-		.rpc_proc	= &nfs3_procedures[NFS3PROC_ACCESS],
-		.rpc_argp	= &arg,
-		.rpc_resp	= &res,
-		.rpc_cred	= entry->cred,
-	};
 	int mode = entry->mask;
 	int status = -ENOMEM;
 
@@ -214,7 +215,8 @@ static int nfs3_proc_access(struct inode
 	if (res.fattr == NULL)
 		goto out;
 
-	status = rpc_call_sync(NFS_CLIENT(inode), &msg, 0);
+	status = nfs3_rpc_call(NFS_CLIENT(inode), NFS3PROC_ACCESS,
+			  &arg, &res, entry->cred, 0);
 	nfs_refresh_inode(inode, res.fattr);
 	if (status == 0) {
 		entry->mask = 0;
@@ -241,19 +243,14 @@ static int nfs3_proc_readlink(struct ino
 		.pglen		= pglen,
 		.pages		= &page
 	};
-	struct rpc_message msg = {
-		.rpc_proc	= &nfs3_procedures[NFS3PROC_READLINK],
-		.rpc_argp	= &args,
-	};
 	int status = -ENOMEM;
 
 	dprintk("NFS call  readlink\n");
 	fattr = nfs_alloc_fattr();
 	if (fattr == NULL)
 		goto out;
-	msg.rpc_resp = fattr;
 
-	status = rpc_call_sync(NFS_CLIENT(inode), &msg, 0);
+	status = nfs3_rpc(NFS_CLIENT(inode), NFS3PROC_READLINK, &args, fattr, NULL);
 	nfs_refresh_inode(inode, fattr);
 	nfs_free_fattr(fattr);
 out:
@@ -262,7 +259,8 @@ out:
 }
 
 struct nfs3_createdata {
-	struct rpc_message msg;
+	u32 proc;
+	struct rpc_groups *fsg;
 	union {
 		struct nfs3_createargs create;
 		struct nfs3_mkdirargs mkdir;
@@ -281,8 +279,6 @@ static struct nfs3_createdata *nfs3_allo
 
 	data = kzalloc(sizeof(*data), GFP_KERNEL);
 	if (data != NULL) {
-		data->msg.rpc_argp = &data->arg;
-		data->msg.rpc_resp = &data->res;
 		data->res.fh = &data->fh;
 		data->res.fattr = &data->fattr;
 		data->res.dir_attr = &data->dir_attr;
@@ -296,10 +292,10 @@ static int nfs3_do_create(struct inode *
 {
 	int status;
 
-	status = rpc_call_sync(NFS_CLIENT(dir), &data->msg, 0);
+	status = nfs3_rpc(NFS_CLIENT(dir), data->proc, &data->arg, &data->res, data->fsg);
 	nfs_post_op_update_inode(dir, data->res.dir_attr);
 	if (status == 0)
-		status = nfs_instantiate(dentry, data->res.fh, data->res.fattr);
+		status = nfs_instantiate(dentry, data->res.fh, data->res.fattr, data->fsg);
 	return status;
 }
 
@@ -313,7 +309,7 @@ static void nfs3_free_createdata(struct 
  */
 static int
 nfs3_proc_create(struct inode *dir, struct dentry *dentry, struct iattr *sattr,
-		 int flags, struct nfs_open_context *ctx)
+		 int flags, struct nfs_open_context *ctx, struct rpc_groups *fsg)
 {
 	struct nfs3_createdata *data;
 	umode_t mode = sattr->ia_mode;
@@ -325,7 +321,8 @@ nfs3_proc_create(struct inode *dir, stru
 	if (data == NULL)
 		goto out;
 
-	data->msg.rpc_proc = &nfs3_procedures[NFS3PROC_CREATE];
+	data->proc = NFS3PROC_CREATE;
+	data->fsg = fsg;
 	data->arg.create.fh = NFS_FH(dir);
 	data->arg.create.name = dentry->d_name.name;
 	data->arg.create.len = dentry->d_name.len;
@@ -379,7 +376,7 @@ nfs3_proc_create(struct inode *dir, stru
 		/* Note: we could use a guarded setattr here, but I'm
 		 * not sure this buys us anything (and I'd have
 		 * to revamp the NFSv3 XDR code) */
-		status = nfs3_proc_setattr(dentry, data->res.fattr, sattr);
+		status = nfs3_proc_setattr(dentry, data->res.fattr, sattr, NULL);
 		nfs_post_op_update_inode(dentry->d_inode, data->res.fattr);
 		dprintk("NFS reply setattr (post-create): %d\n", status);
 		if (status != 0)
@@ -393,7 +390,7 @@ out:
 }
 
 static int
-nfs3_proc_remove(struct inode *dir, struct qstr *name)
+nfs3_proc_remove(struct inode *dir, struct qstr *name, struct rpc_groups *fsg)
 {
 	struct nfs_removeargs arg = {
 		.fh = NFS_FH(dir),
@@ -401,11 +398,6 @@ nfs3_proc_remove(struct inode *dir, stru
 		.name.name = name->name,
 	};
 	struct nfs_removeres res;
-	struct rpc_message msg = {
-		.rpc_proc = &nfs3_procedures[NFS3PROC_REMOVE],
-		.rpc_argp = &arg,
-		.rpc_resp = &res,
-	};
 	int status = -ENOMEM;
 
 	dprintk("NFS call  remove %s\n", name->name);
@@ -413,7 +405,7 @@ nfs3_proc_remove(struct inode *dir, stru
 	if (res.dir_attr == NULL)
 		goto out;
 
-	status = rpc_call_sync(NFS_CLIENT(dir), &msg, 0);
+	status = nfs3_rpc(NFS_CLIENT(dir), NFS3PROC_REMOVE, &arg, &res, fsg);
 	nfs_post_op_update_inode(dir, res.dir_attr);
 	nfs_free_fattr(res.dir_attr);
 out:
@@ -461,7 +453,8 @@ nfs3_proc_rename_done(struct rpc_task *t
 
 static int
 nfs3_proc_rename(struct inode *old_dir, struct qstr *old_name,
-		 struct inode *new_dir, struct qstr *new_name)
+		 struct inode *new_dir, struct qstr *new_name,
+		 struct rpc_groups *fsg)
 {
 	struct nfs_renameargs	arg = {
 		.old_dir	= NFS_FH(old_dir),
@@ -470,11 +463,6 @@ nfs3_proc_rename(struct inode *old_dir, 
 		.new_name	= new_name,
 	};
 	struct nfs_renameres res;
-	struct rpc_message msg = {
-		.rpc_proc	= &nfs3_procedures[NFS3PROC_RENAME],
-		.rpc_argp	= &arg,
-		.rpc_resp	= &res,
-	};
 	int status = -ENOMEM;
 
 	dprintk("NFS call  rename %s -> %s\n", old_name->name, new_name->name);
@@ -484,7 +472,7 @@ nfs3_proc_rename(struct inode *old_dir, 
 	if (res.old_fattr == NULL || res.new_fattr == NULL)
 		goto out;
 
-	status = rpc_call_sync(NFS_CLIENT(old_dir), &msg, 0);
+	status = nfs3_rpc(NFS_CLIENT(old_dir), NFS3PROC_RENAME, &arg, &res, fsg);
 	nfs_post_op_update_inode(old_dir, res.old_fattr);
 	nfs_post_op_update_inode(new_dir, res.new_fattr);
 out:
@@ -495,7 +483,8 @@ out:
 }
 
 static int
-nfs3_proc_link(struct inode *inode, struct inode *dir, struct qstr *name)
+nfs3_proc_link(struct inode *inode, struct inode *dir, struct qstr *name,
+	       struct rpc_groups *fsg)
 {
 	struct nfs3_linkargs	arg = {
 		.fromfh		= NFS_FH(inode),
@@ -504,11 +493,6 @@ nfs3_proc_link(struct inode *inode, stru
 		.tolen		= name->len
 	};
 	struct nfs3_linkres	res;
-	struct rpc_message msg = {
-		.rpc_proc	= &nfs3_procedures[NFS3PROC_LINK],
-		.rpc_argp	= &arg,
-		.rpc_resp	= &res,
-	};
 	int status = -ENOMEM;
 
 	dprintk("NFS call  link %s\n", name->name);
@@ -517,7 +501,7 @@ nfs3_proc_link(struct inode *inode, stru
 	if (res.fattr == NULL || res.dir_attr == NULL)
 		goto out;
 
-	status = rpc_call_sync(NFS_CLIENT(inode), &msg, 0);
+	status = nfs3_rpc(NFS_CLIENT(inode), NFS3PROC_LINK, &arg, &res, fsg);
 	nfs_post_op_update_inode(dir, res.dir_attr);
 	nfs_post_op_update_inode(inode, res.fattr);
 out:
@@ -529,7 +513,7 @@ out:
 
 static int
 nfs3_proc_symlink(struct inode *dir, struct dentry *dentry, struct page *page,
-		  unsigned int len, struct iattr *sattr)
+		  unsigned int len, struct iattr *sattr, struct rpc_groups *fsg)
 {
 	struct nfs3_createdata *data;
 	int status = -ENOMEM;
@@ -542,7 +526,8 @@ nfs3_proc_symlink(struct inode *dir, str
 	data = nfs3_alloc_createdata();
 	if (data == NULL)
 		goto out;
-	data->msg.rpc_proc = &nfs3_procedures[NFS3PROC_SYMLINK];
+	data->proc = NFS3PROC_SYMLINK;
+	data->fsg = fsg;
 	data->arg.symlink.fromfh = NFS_FH(dir);
 	data->arg.symlink.fromname = dentry->d_name.name;
 	data->arg.symlink.fromlen = dentry->d_name.len;
@@ -559,7 +544,8 @@ out:
 }
 
 static int
-nfs3_proc_mkdir(struct inode *dir, struct dentry *dentry, struct iattr *sattr)
+nfs3_proc_mkdir(struct inode *dir, struct dentry *dentry, struct iattr *sattr,
+		struct rpc_groups *fsg)
 {
 	struct nfs3_createdata *data;
 	umode_t mode = sattr->ia_mode;
@@ -573,7 +559,8 @@ nfs3_proc_mkdir(struct inode *dir, struc
 	if (data == NULL)
 		goto out;
 
-	data->msg.rpc_proc = &nfs3_procedures[NFS3PROC_MKDIR];
+	data->proc = NFS3PROC_MKDIR;
+	data->fsg = fsg;
 	data->arg.mkdir.fh = NFS_FH(dir);
 	data->arg.mkdir.name = dentry->d_name.name;
 	data->arg.mkdir.len = dentry->d_name.len;
@@ -591,7 +578,7 @@ out:
 }
 
 static int
-nfs3_proc_rmdir(struct inode *dir, struct qstr *name)
+nfs3_proc_rmdir(struct inode *dir, struct qstr *name, struct rpc_groups *fsg)
 {
 	struct nfs_fattr	*dir_attr;
 	struct nfs3_diropargs	arg = {
@@ -599,10 +586,6 @@ nfs3_proc_rmdir(struct inode *dir, struc
 		.name		= name->name,
 		.len		= name->len
 	};
-	struct rpc_message msg = {
-		.rpc_proc	= &nfs3_procedures[NFS3PROC_RMDIR],
-		.rpc_argp	= &arg,
-	};
 	int status = -ENOMEM;
 
 	dprintk("NFS call  rmdir %s\n", name->name);
@@ -610,8 +593,7 @@ nfs3_proc_rmdir(struct inode *dir, struc
 	if (dir_attr == NULL)
 		goto out;
 
-	msg.rpc_resp = dir_attr;
-	status = rpc_call_sync(NFS_CLIENT(dir), &msg, 0);
+	status = nfs3_rpc(NFS_CLIENT(dir), NFS3PROC_RMDIR, &arg, dir_attr, fsg);
 	nfs_post_op_update_inode(dir, dir_attr);
 	nfs_free_fattr(dir_attr);
 out:
@@ -646,16 +628,11 @@ nfs3_proc_readdir(struct dentry *dentry,
 		.verf		= verf,
 		.plus		= plus
 	};
-	struct rpc_message	msg = {
-		.rpc_proc	= &nfs3_procedures[NFS3PROC_READDIR],
-		.rpc_argp	= &arg,
-		.rpc_resp	= &res,
-		.rpc_cred	= cred
-	};
 	int status = -ENOMEM;
+	u32			proc = NFS3PROC_READDIR;
 
 	if (plus)
-		msg.rpc_proc = &nfs3_procedures[NFS3PROC_READDIRPLUS];
+		proc = NFS3PROC_READDIRPLUS;
 
 	dprintk("NFS call  readdir%s %d\n",
 			plus? "plus" : "", (unsigned int) cookie);
@@ -664,7 +641,7 @@ nfs3_proc_readdir(struct dentry *dentry,
 	if (res.dir_attr == NULL)
 		goto out;
 
-	status = rpc_call_sync(NFS_CLIENT(dir), &msg, 0);
+	status = nfs3_rpc_call(NFS_CLIENT(dir), proc, &arg, &res, cred, 0);
 
 	nfs_invalidate_atime(dir);
 	nfs_refresh_inode(dir, res.dir_attr);
@@ -678,7 +655,7 @@ out:
 
 static int
 nfs3_proc_mknod(struct inode *dir, struct dentry *dentry, struct iattr *sattr,
-		dev_t rdev)
+		dev_t rdev, struct rpc_groups *fsg)
 {
 	struct nfs3_createdata *data;
 	umode_t mode = sattr->ia_mode;
@@ -693,7 +670,8 @@ nfs3_proc_mknod(struct inode *dir, struc
 	if (data == NULL)
 		goto out;
 
-	data->msg.rpc_proc = &nfs3_procedures[NFS3PROC_MKNOD];
+	data->proc = NFS3PROC_MKNOD;
+	data->fsg = fsg;
 	data->arg.mknod.fh = NFS_FH(dir);
 	data->arg.mknod.name = dentry->d_name.name;
 	data->arg.mknod.len = dentry->d_name.len;
@@ -732,16 +710,11 @@ static int
 nfs3_proc_statfs(struct nfs_server *server, struct nfs_fh *fhandle,
 		 struct nfs_fsstat *stat)
 {
-	struct rpc_message msg = {
-		.rpc_proc	= &nfs3_procedures[NFS3PROC_FSSTAT],
-		.rpc_argp	= fhandle,
-		.rpc_resp	= stat,
-	};
 	int	status;
 
 	dprintk("NFS call  fsstat\n");
 	nfs_fattr_init(stat->fattr);
-	status = rpc_call_sync(server->client, &msg, 0);
+	status = nfs3_rpc(server->client, NFS3PROC_FSSTAT, fhandle, stat, NULL);
 	dprintk("NFS reply fsstat: %d\n", status);
 	return status;
 }
@@ -750,16 +723,11 @@ static int
 do_proc_fsinfo(struct rpc_clnt *client, struct nfs_fh *fhandle,
 		 struct nfs_fsinfo *info)
 {
-	struct rpc_message msg = {
-		.rpc_proc	= &nfs3_procedures[NFS3PROC_FSINFO],
-		.rpc_argp	= fhandle,
-		.rpc_resp	= info,
-	};
 	int	status;
 
 	dprintk("NFS call  fsinfo\n");
 	nfs_fattr_init(info->fattr);
-	status = rpc_call_sync(client, &msg, 0);
+	status = nfs3_rpc(client, NFS3PROC_FSINFO, fhandle, info, NULL);
 	dprintk("NFS reply fsinfo: %d\n", status);
 	return status;
 }
@@ -784,16 +752,11 @@ static int
 nfs3_proc_pathconf(struct nfs_server *server, struct nfs_fh *fhandle,
 		   struct nfs_pathconf *info)
 {
-	struct rpc_message msg = {
-		.rpc_proc	= &nfs3_procedures[NFS3PROC_PATHCONF],
-		.rpc_argp	= fhandle,
-		.rpc_resp	= info,
-	};
 	int	status;
 
 	dprintk("NFS call  pathconf\n");
 	nfs_fattr_init(info->fattr);
-	status = rpc_call_sync(server->client, &msg, 0);
+	status = nfs3_rpc(server->client, NFS3PROC_PATHCONF, fhandle, info, NULL);
 	dprintk("NFS reply pathconf: %d\n", status);
 	return status;
 }
diff -Nurp a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
--- a/fs/nfs/nfs4proc.c	2011-10-24 09:10:05.000000000 +0200
+++ b/fs/nfs/nfs4proc.c	2011-11-23 13:47:17.265241056 +0100
@@ -2379,7 +2379,7 @@ static int nfs4_proc_getattr(struct nfs_
  */
 static int
 nfs4_proc_setattr(struct dentry *dentry, struct nfs_fattr *fattr,
-		  struct iattr *sattr)
+		  struct iattr *sattr, struct rpc_groups *fsg)
 {
 	struct inode *inode = dentry->d_inode;
 	struct rpc_cred *cred = NULL;
@@ -2480,7 +2480,8 @@ void nfs_fixup_secinfo_attributes(struct
 }
 
 static int nfs4_proc_lookup(struct rpc_clnt *clnt, struct inode *dir, struct qstr *name,
-			    struct nfs_fh *fhandle, struct nfs_fattr *fattr)
+			    struct nfs_fh *fhandle, struct nfs_fattr *fattr,
+			    struct rpc_groups *fsg)
 {
 	struct nfs4_exception exception = { };
 	int err;
@@ -2634,7 +2635,7 @@ static int nfs4_proc_readlink(struct ino
 
 static int
 nfs4_proc_create(struct inode *dir, struct dentry *dentry, struct iattr *sattr,
-                 int flags, struct nfs_open_context *ctx)
+                 int flags, struct nfs_open_context *ctx, struct rpc_groups *fsg)
 {
 	struct dentry *de = dentry;
 	struct nfs4_state *state;
@@ -2697,7 +2698,8 @@ out:
 	return status;
 }
 
-static int nfs4_proc_remove(struct inode *dir, struct qstr *name)
+static int nfs4_proc_remove(struct inode *dir, struct qstr *name,
+		struct rpc_groups *fsg)
 {
 	struct nfs4_exception exception = { };
 	int err;
@@ -2802,7 +2804,8 @@ out:
 }
 
 static int nfs4_proc_rename(struct inode *old_dir, struct qstr *old_name,
-		struct inode *new_dir, struct qstr *new_name)
+		struct inode *new_dir, struct qstr *new_name,
+		struct rpc_groups *fsg)
 {
 	struct nfs4_exception exception = { };
 	int err;
@@ -2851,7 +2854,8 @@ out:
 	return status;
 }
 
-static int nfs4_proc_link(struct inode *inode, struct inode *dir, struct qstr *name)
+static int nfs4_proc_link(struct inode *inode, struct inode *dir,
+		struct qstr *name, struct rpc_groups *fsg)
 {
 	struct nfs4_exception exception = { };
 	int err;
@@ -2907,7 +2911,7 @@ static int nfs4_do_create(struct inode *
 	if (status == 0) {
 		update_changeattr(dir, &data->res.dir_cinfo);
 		nfs_post_op_update_inode(dir, data->res.dir_fattr);
-		status = nfs_instantiate(dentry, data->res.fh, data->res.fattr);
+		status = nfs_instantiate(dentry, data->res.fh, data->res.fattr, NULL);
 	}
 	return status;
 }
@@ -2943,7 +2947,8 @@ out:
 }
 
 static int nfs4_proc_symlink(struct inode *dir, struct dentry *dentry,
-		struct page *page, unsigned int len, struct iattr *sattr)
+		struct page *page, unsigned int len, struct iattr *sattr,
+		struct rpc_groups *fsg)
 {
 	struct nfs4_exception exception = { };
 	int err;
@@ -2974,7 +2979,7 @@ out:
 }
 
 static int nfs4_proc_mkdir(struct inode *dir, struct dentry *dentry,
-		struct iattr *sattr)
+		struct iattr *sattr, struct rpc_groups *fsg)
 {
 	struct nfs4_exception exception = { };
 	int err;
@@ -3076,7 +3081,7 @@ out:
 }
 
 static int nfs4_proc_mknod(struct inode *dir, struct dentry *dentry,
-		struct iattr *sattr, dev_t rdev)
+		struct iattr *sattr, dev_t rdev, struct rpc_groups *fsg)
 {
 	struct nfs4_exception exception = { };
 	int err;
diff -Nurp a/fs/nfs/proc.c b/fs/nfs/proc.c
--- a/fs/nfs/proc.c	2011-10-24 09:10:05.000000000 +0200
+++ b/fs/nfs/proc.c	2011-11-23 13:47:17.271240913 +0100
@@ -6,7 +6,7 @@
  *  OS-independent nfs remote procedure call functions
  *
  *  Tuned by Alan Cox <A.Cox@swansea.ac.uk> for >3K buffers
- *  so at last we can have decent(ish) throughput off a 
+ *  so at last we can have decent(ish) throughput off a
  *  Sun server.
  *
  *  Coding optimized and cleaned up by Florian La Roche.
@@ -51,12 +51,20 @@
  * support the NFSERR_JUKEBOX error code, but we handle this situation in the
  * same way that we handle that error with NFSv3.
  */
-static int
-nfs_rpc_wrapper(struct rpc_clnt *clnt, struct rpc_message *msg, int flags)
+static __inline__ int
+nfs2_rpc_call(struct rpc_clnt *clnt, u32 proc, void *argp, void *resp,
+	      struct rpc_cred *cred, int flags)
 {
+	struct rpc_message msg = {
+		.rpc_proc	= &nfs_procedures[proc],
+		.rpc_argp	= argp,
+		.rpc_resp	= resp,
+		.rpc_cred	= cred,
+	};
 	int res;
+
 	do {
-		res = rpc_call_sync(clnt, msg, flags);
+		res = rpc_call_sync(clnt, &msg, flags);
 		if (res != -EKEYEXPIRED)
 			break;
 		schedule_timeout_killable(NFS_JUKEBOX_RETRY_TIME);
@@ -65,7 +73,20 @@ nfs_rpc_wrapper(struct rpc_clnt *clnt, s
 	return res;
 }
 
-#define rpc_call_sync(clnt, msg, flags)	nfs_rpc_wrapper(clnt, msg, flags)
+static int
+nfs2_rpc(struct rpc_clnt *clnt, u32 proc, void *argp, void *resp,
+	 struct rpc_groups *fsg)
+{
+	struct rpc_cred	*cred;
+	int		res;
+
+	cred = rpcauth_lookupcred(clnt->cl_auth, fsg, 0);
+	if (IS_ERR(cred))
+		return PTR_ERR(cred);
+	res = nfs2_rpc_call(clnt, proc, argp, resp, cred, 0);
+	put_rpccred(cred);
+	return res;
+}
 
 static int
 nfs_async_handle_expired_key(struct rpc_task *task)
@@ -87,29 +108,22 @@ nfs_proc_get_root(struct nfs_server *ser
 {
 	struct nfs_fattr *fattr = info->fattr;
 	struct nfs2_fsstat fsinfo;
-	struct rpc_message msg = {
-		.rpc_proc	= &nfs_procedures[NFSPROC_GETATTR],
-		.rpc_argp	= fhandle,
-		.rpc_resp	= fattr,
-	};
 	int status;
 
 	dprintk("%s: call getattr\n", __func__);
 	nfs_fattr_init(fattr);
-	status = rpc_call_sync(server->client, &msg, 0);
+	status = nfs2_rpc(server->client, NFSPROC_GETATTR, fhandle, fattr, NULL);
 	/* Retry with default authentication if different */
 	if (status && server->nfs_client->cl_rpcclient != server->client)
-		status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0);
+		status = nfs2_rpc(server->nfs_client->cl_rpcclient, NFSPROC_GETATTR, fhandle, fattr, NULL);
 	dprintk("%s: reply getattr: %d\n", __func__, status);
 	if (status)
 		return status;
 	dprintk("%s: call statfs\n", __func__);
-	msg.rpc_proc = &nfs_procedures[NFSPROC_STATFS];
-	msg.rpc_resp = &fsinfo;
-	status = rpc_call_sync(server->client, &msg, 0);
+	status = nfs2_rpc(server->client, NFSPROC_STATFS, fhandle, &fsinfo, NULL);
 	/* Retry with default authentication if different */
 	if (status && server->nfs_client->cl_rpcclient != server->client)
-		status = rpc_call_sync(server->nfs_client->cl_rpcclient, &msg, 0);
+		status = nfs2_rpc(server->nfs_client->cl_rpcclient, NFSPROC_STATFS, fhandle, &fsinfo, NULL);
 	dprintk("%s: reply statfs: %d\n", __func__, status);
 	if (status)
 		return status;
@@ -132,44 +146,44 @@ static int
 nfs_proc_getattr(struct nfs_server *server, struct nfs_fh *fhandle,
 		struct nfs_fattr *fattr)
 {
-	struct rpc_message msg = {
-		.rpc_proc	= &nfs_procedures[NFSPROC_GETATTR],
-		.rpc_argp	= fhandle,
-		.rpc_resp	= fattr,
-	};
 	int	status;
 
 	dprintk("NFS call  getattr\n");
 	nfs_fattr_init(fattr);
-	status = rpc_call_sync(server->client, &msg, 0);
+	status = nfs2_rpc(server->client, NFSPROC_GETATTR, fhandle, fattr, NULL);
 	dprintk("NFS reply getattr: %d\n", status);
 	return status;
 }
 
 static int
 nfs_proc_setattr(struct dentry *dentry, struct nfs_fattr *fattr,
-		 struct iattr *sattr)
+		 struct iattr *sattr, struct rpc_groups *fsg)
 {
 	struct inode *inode = dentry->d_inode;
-	struct nfs_sattrargs	arg = { 
+	struct nfs_sattrargs	arg = {
 		.fh	= NFS_FH(inode),
 		.sattr	= sattr
 	};
-	struct rpc_message msg = {
-		.rpc_proc	= &nfs_procedures[NFSPROC_SETATTR],
-		.rpc_argp	= &arg,
-		.rpc_resp	= fattr,
-	};
 	int	status;
+	struct rpc_cred	*cred;
+	struct rpc_clnt *clnt = NFS_CLIENT(inode);
 
 	/* Mask out the non-modebit related stuff from attr->ia_mode */
 	sattr->ia_mode &= S_IALLUGO;
 
 	dprintk("NFS call  setattr\n");
-	if (sattr->ia_valid & ATTR_FILE)
-		msg.rpc_cred = nfs_file_cred(sattr->ia_file);
+	if (sattr->ia_valid & ATTR_FILE) {
+		cred = nfs_file_cred(sattr->ia_file);
+		get_rpccred(cred);
+	} else {
+		/* truncate() requires write access */
+		cred = rpcauth_lookupcred(clnt->cl_auth, fsg, 0);
+		if (IS_ERR(cred))
+			return PTR_ERR(cred);
+	}
 	nfs_fattr_init(fattr);
-	status = rpc_call_sync(NFS_CLIENT(inode), &msg, 0);
+	status = nfs2_rpc_call(clnt, NFSPROC_SETATTR, &arg, fattr, cred, 0);
+	put_rpccred(cred);
 	if (status == 0)
 		nfs_setattr_update_inode(inode, sattr);
 	dprintk("NFS reply setattr: %d\n", status);
@@ -178,7 +192,7 @@ nfs_proc_setattr(struct dentry *dentry, 
 
 static int
 nfs_proc_lookup(struct rpc_clnt *clnt, struct inode *dir, struct qstr *name,
-		struct nfs_fh *fhandle, struct nfs_fattr *fattr)
+		struct nfs_fh *fhandle, struct nfs_fattr *fattr, struct rpc_groups *fsg)
 {
 	struct nfs_diropargs	arg = {
 		.fh		= NFS_FH(dir),
@@ -189,16 +203,11 @@ nfs_proc_lookup(struct rpc_clnt *clnt, s
 		.fh		= fhandle,
 		.fattr		= fattr
 	};
-	struct rpc_message msg = {
-		.rpc_proc	= &nfs_procedures[NFSPROC_LOOKUP],
-		.rpc_argp	= &arg,
-		.rpc_resp	= &res,
-	};
 	int			status;
 
 	dprintk("NFS call  lookup %s\n", name->name);
 	nfs_fattr_init(fattr);
-	status = rpc_call_sync(NFS_CLIENT(dir), &msg, 0);
+	status = nfs2_rpc(NFS_CLIENT(dir), NFSPROC_LOOKUP, &arg, &res, fsg);
 	dprintk("NFS reply lookup: %d\n", status);
 	return status;
 }
@@ -212,14 +221,10 @@ static int nfs_proc_readlink(struct inod
 		.pglen		= pglen,
 		.pages		= &page
 	};
-	struct rpc_message msg = {
-		.rpc_proc	= &nfs_procedures[NFSPROC_READLINK],
-		.rpc_argp	= &args,
-	};
 	int			status;
 
 	dprintk("NFS call  readlink\n");
-	status = rpc_call_sync(NFS_CLIENT(inode), &msg, 0);
+	status = nfs2_rpc(NFS_CLIENT(inode), NFSPROC_READLINK, &args, NULL, NULL);
 	dprintk("NFS reply readlink: %d\n", status);
 	return status;
 }
@@ -258,24 +263,19 @@ static void nfs_free_createdata(const st
 
 static int
 nfs_proc_create(struct inode *dir, struct dentry *dentry, struct iattr *sattr,
-		int flags, struct nfs_open_context *ctx)
+		int flags, struct nfs_open_context *ctx, struct rpc_groups *fsg)
 {
 	struct nfs_createdata *data;
-	struct rpc_message msg = {
-		.rpc_proc	= &nfs_procedures[NFSPROC_CREATE],
-	};
 	int status = -ENOMEM;
 
 	dprintk("NFS call  create %s\n", dentry->d_name.name);
 	data = nfs_alloc_createdata(dir, dentry, sattr);
 	if (data == NULL)
 		goto out;
-	msg.rpc_argp = &data->arg;
-	msg.rpc_resp = &data->res;
-	status = rpc_call_sync(NFS_CLIENT(dir), &msg, 0);
+	status = nfs2_rpc(NFS_CLIENT(dir), NFSPROC_CREATE, &data->arg, &data->res, fsg);
 	nfs_mark_for_revalidate(dir);
 	if (status == 0)
-		status = nfs_instantiate(dentry, data->res.fh, data->res.fattr);
+		status = nfs_instantiate(dentry, data->res.fh, data->res.fattr, fsg);
 	nfs_free_createdata(data);
 out:
 	dprintk("NFS reply create: %d\n", status);
@@ -287,12 +287,9 @@ out:
  */
 static int
 nfs_proc_mknod(struct inode *dir, struct dentry *dentry, struct iattr *sattr,
-	       dev_t rdev)
+	       dev_t rdev, struct rpc_groups *fsg)
 {
 	struct nfs_createdata *data;
-	struct rpc_message msg = {
-		.rpc_proc	= &nfs_procedures[NFSPROC_CREATE],
-	};
 	umode_t mode;
 	int status = -ENOMEM;
 
@@ -310,19 +307,17 @@ nfs_proc_mknod(struct inode *dir, struct
 	data = nfs_alloc_createdata(dir, dentry, sattr);
 	if (data == NULL)
 		goto out;
-	msg.rpc_argp = &data->arg;
-	msg.rpc_resp = &data->res;
 
-	status = rpc_call_sync(NFS_CLIENT(dir), &msg, 0);
+	status = nfs2_rpc(NFS_CLIENT(dir), NFSPROC_CREATE, &data->arg, &data->res, fsg);
 	nfs_mark_for_revalidate(dir);
 
 	if (status == -EINVAL && S_ISFIFO(mode)) {
 		sattr->ia_mode = mode;
 		nfs_fattr_init(data->res.fattr);
-		status = rpc_call_sync(NFS_CLIENT(dir), &msg, 0);
+		status = nfs2_rpc(NFS_CLIENT(dir), NFSPROC_CREATE, &data->arg, &data->res, fsg);
 	}
 	if (status == 0)
-		status = nfs_instantiate(dentry, data->res.fh, data->res.fattr);
+		status = nfs_instantiate(dentry, data->res.fh, data->res.fattr, fsg);
 	nfs_free_createdata(data);
 out:
 	dprintk("NFS reply mknod: %d\n", status);
@@ -330,21 +325,17 @@ out:
 }
   
 static int
-nfs_proc_remove(struct inode *dir, struct qstr *name)
+nfs_proc_remove(struct inode *dir, struct qstr *name, struct rpc_groups *fsg)
 {
 	struct nfs_removeargs arg = {
 		.fh = NFS_FH(dir),
 		.name.len = name->len,
 		.name.name = name->name,
 	};
-	struct rpc_message msg = { 
-		.rpc_proc = &nfs_procedures[NFSPROC_REMOVE],
-		.rpc_argp = &arg,
-	};
 	int			status;
 
 	dprintk("NFS call  remove %s\n", name->name);
-	status = rpc_call_sync(NFS_CLIENT(dir), &msg, 0);
+	status = nfs2_rpc(NFS_CLIENT(dir), NFSPROC_REMOVE, &arg, NULL, fsg);
 	nfs_mark_for_revalidate(dir);
 
 	dprintk("NFS reply remove: %d\n", status);
@@ -384,7 +375,8 @@ nfs_proc_rename_done(struct rpc_task *ta
 
 static int
 nfs_proc_rename(struct inode *old_dir, struct qstr *old_name,
-		struct inode *new_dir, struct qstr *new_name)
+		struct inode *new_dir, struct qstr *new_name,
+		struct rpc_groups *fsg)
 {
 	struct nfs_renameargs	arg = {
 		.old_dir	= NFS_FH(old_dir),
@@ -392,14 +384,10 @@ nfs_proc_rename(struct inode *old_dir, s
 		.new_dir	= NFS_FH(new_dir),
 		.new_name	= new_name,
 	};
-	struct rpc_message msg = {
-		.rpc_proc	= &nfs_procedures[NFSPROC_RENAME],
-		.rpc_argp	= &arg,
-	};
 	int			status;
 
 	dprintk("NFS call  rename %s -> %s\n", old_name->name, new_name->name);
-	status = rpc_call_sync(NFS_CLIENT(old_dir), &msg, 0);
+	status = nfs2_rpc(NFS_CLIENT(old_dir), NFSPROC_RENAME, &arg, NULL, fsg);
 	nfs_mark_for_revalidate(old_dir);
 	nfs_mark_for_revalidate(new_dir);
 	dprintk("NFS reply rename: %d\n", status);
@@ -407,7 +395,8 @@ nfs_proc_rename(struct inode *old_dir, s
 }
 
 static int
-nfs_proc_link(struct inode *inode, struct inode *dir, struct qstr *name)
+nfs_proc_link(struct inode *inode, struct inode *dir, struct qstr *name,
+	      struct rpc_groups *fsg)
 {
 	struct nfs_linkargs	arg = {
 		.fromfh		= NFS_FH(inode),
@@ -415,14 +404,10 @@ nfs_proc_link(struct inode *inode, struc
 		.toname		= name->name,
 		.tolen		= name->len
 	};
-	struct rpc_message msg = {
-		.rpc_proc	= &nfs_procedures[NFSPROC_LINK],
-		.rpc_argp	= &arg,
-	};
 	int			status;
 
 	dprintk("NFS call  link %s\n", name->name);
-	status = rpc_call_sync(NFS_CLIENT(inode), &msg, 0);
+	status = nfs2_rpc(NFS_CLIENT(inode), NFSPROC_LINK, &arg, NULL, fsg);
 	nfs_mark_for_revalidate(inode);
 	nfs_mark_for_revalidate(dir);
 	dprintk("NFS reply link: %d\n", status);
@@ -431,7 +416,7 @@ nfs_proc_link(struct inode *inode, struc
 
 static int
 nfs_proc_symlink(struct inode *dir, struct dentry *dentry, struct page *page,
-		 unsigned int len, struct iattr *sattr)
+		 unsigned int len, struct iattr *sattr, struct rpc_groups *fsg)
 {
 	struct nfs_fh *fh;
 	struct nfs_fattr *fattr;
@@ -443,10 +428,6 @@ nfs_proc_symlink(struct inode *dir, stru
 		.pathlen	= len,
 		.sattr		= sattr
 	};
-	struct rpc_message msg = {
-		.rpc_proc	= &nfs_procedures[NFSPROC_SYMLINK],
-		.rpc_argp	= &arg,
-	};
 	int status = -ENAMETOOLONG;
 
 	dprintk("NFS call  symlink %s\n", dentry->d_name.name);
@@ -460,7 +441,7 @@ nfs_proc_symlink(struct inode *dir, stru
 	if (fh == NULL || fattr == NULL)
 		goto out_free;
 
-	status = rpc_call_sync(NFS_CLIENT(dir), &msg, 0);
+	status = nfs2_rpc(NFS_CLIENT(dir), NFSPROC_SYMLINK, &arg, NULL, fsg);
 	nfs_mark_for_revalidate(dir);
 
 	/*
@@ -469,7 +450,7 @@ nfs_proc_symlink(struct inode *dir, stru
 	 * should fill in the data with a LOOKUP call on the wire.
 	 */
 	if (status == 0)
-		status = nfs_instantiate(dentry, fh, fattr);
+		status = nfs_instantiate(dentry, fh, fattr, fsg);
 
 out_free:
 	nfs_free_fattr(fattr);
@@ -480,25 +461,21 @@ out:
 }
 
 static int
-nfs_proc_mkdir(struct inode *dir, struct dentry *dentry, struct iattr *sattr)
+nfs_proc_mkdir(struct inode *dir, struct dentry *dentry, struct iattr *sattr,
+	       struct rpc_groups *fsg)
 {
 	struct nfs_createdata *data;
-	struct rpc_message msg = {
-		.rpc_proc	= &nfs_procedures[NFSPROC_MKDIR],
-	};
 	int status = -ENOMEM;
 
 	dprintk("NFS call  mkdir %s\n", dentry->d_name.name);
 	data = nfs_alloc_createdata(dir, dentry, sattr);
 	if (data == NULL)
 		goto out;
-	msg.rpc_argp = &data->arg;
-	msg.rpc_resp = &data->res;
 
-	status = rpc_call_sync(NFS_CLIENT(dir), &msg, 0);
+	status = nfs2_rpc(NFS_CLIENT(dir), NFSPROC_MKDIR, &data->arg, &data->res, fsg);
 	nfs_mark_for_revalidate(dir);
 	if (status == 0)
-		status = nfs_instantiate(dentry, data->res.fh, data->res.fattr);
+		status = nfs_instantiate(dentry, data->res.fh, data->res.fattr, fsg);
 	nfs_free_createdata(data);
 out:
 	dprintk("NFS reply mkdir: %d\n", status);
@@ -506,21 +483,17 @@ out:
 }
 
 static int
-nfs_proc_rmdir(struct inode *dir, struct qstr *name)
+nfs_proc_rmdir(struct inode *dir, struct qstr *name, struct rpc_groups *fsg)
 {
 	struct nfs_diropargs	arg = {
 		.fh		= NFS_FH(dir),
 		.name		= name->name,
 		.len		= name->len
 	};
-	struct rpc_message msg = {
-		.rpc_proc	= &nfs_procedures[NFSPROC_RMDIR],
-		.rpc_argp	= &arg,
-	};
 	int			status;
 
 	dprintk("NFS call  rmdir %s\n", name->name);
-	status = rpc_call_sync(NFS_CLIENT(dir), &msg, 0);
+	status = nfs2_rpc(NFS_CLIENT(dir), NFSPROC_RMDIR, &arg, NULL, fsg);
 	nfs_mark_for_revalidate(dir);
 	dprintk("NFS reply rmdir: %d\n", status);
 	return status;
@@ -544,15 +517,10 @@ nfs_proc_readdir(struct dentry *dentry, 
 		.count		= count,
 		.pages		= pages,
 	};
-	struct rpc_message	msg = {
-		.rpc_proc	= &nfs_procedures[NFSPROC_READDIR],
-		.rpc_argp	= &arg,
-		.rpc_cred	= cred,
-	};
 	int			status;
 
 	dprintk("NFS call  readdir %d\n", (unsigned int)cookie);
-	status = rpc_call_sync(NFS_CLIENT(dir), &msg, 0);
+	status = nfs2_rpc_call(NFS_CLIENT(dir), NFSPROC_READDIR, &arg, NULL, cred, 0);
 
 	nfs_invalidate_atime(dir);
 
@@ -565,16 +533,11 @@ nfs_proc_statfs(struct nfs_server *serve
 			struct nfs_fsstat *stat)
 {
 	struct nfs2_fsstat fsinfo;
-	struct rpc_message msg = {
-		.rpc_proc	= &nfs_procedures[NFSPROC_STATFS],
-		.rpc_argp	= fhandle,
-		.rpc_resp	= &fsinfo,
-	};
 	int	status;
 
 	dprintk("NFS call  statfs\n");
 	nfs_fattr_init(stat->fattr);
-	status = rpc_call_sync(server->client, &msg, 0);
+	status = nfs2_rpc(server->client, NFSPROC_STATFS, fhandle, &fsinfo, NULL);
 	dprintk("NFS reply statfs: %d\n", status);
 	if (status)
 		goto out;
@@ -593,16 +556,11 @@ nfs_proc_fsinfo(struct nfs_server *serve
 			struct nfs_fsinfo *info)
 {
 	struct nfs2_fsstat fsinfo;
-	struct rpc_message msg = {
-		.rpc_proc	= &nfs_procedures[NFSPROC_STATFS],
-		.rpc_argp	= fhandle,
-		.rpc_resp	= &fsinfo,
-	};
 	int	status;
 
 	dprintk("NFS call  fsinfo\n");
 	nfs_fattr_init(info->fattr);
-	status = rpc_call_sync(server->client, &msg, 0);
+	status = nfs2_rpc(server->client, NFSPROC_STATFS, fhandle, &fsinfo, NULL);
 	dprintk("NFS reply fsinfo: %d\n", status);
 	if (status)
 		goto out;
diff -Nurp a/fs/nfs/unlink.c b/fs/nfs/unlink.c
--- a/fs/nfs/unlink.c	2011-10-24 09:10:05.000000000 +0200
+++ b/fs/nfs/unlink.c	2011-11-23 13:47:17.274240841 +0100
@@ -266,7 +266,12 @@ nfs_async_unlink(struct inode *dir, stru
 	if (data == NULL)
 		goto out;
 
-	data->cred = rpc_lookup_cred();
+	if (NFS_PROTO(dir)->version > 3)
+		data->cred = rpc_lookup_cred(NULL);
+	else {
+		struct rpc_groups fsg = { 1, { dir->i_gid } };
+		data->cred = rpc_lookup_cred(&fsg);
+	}
 	if (IS_ERR(data->cred)) {
 		status = PTR_ERR(data->cred);
 		goto out_free;
@@ -452,7 +457,12 @@ nfs_async_rename(struct inode *old_dir, 
 		return ERR_PTR(-ENOMEM);
 	task_setup_data.callback_data = data;
 
-	data->cred = rpc_lookup_cred();
+	if (NFS_PROTO(old_dir)->version > 3)
+		data->cred = rpc_lookup_cred(NULL);
+	else {
+		struct rpc_groups fsg = { 2, { old_dir->i_gid, new_dir->i_gid } };
+		data->cred = rpc_lookup_cred(&fsg);
+	}
 	if (IS_ERR(data->cred)) {
 		struct rpc_task *task = ERR_CAST(data->cred);
 		kfree(data);
diff -Nurp a/include/linux/nfs_fs.h b/include/linux/nfs_fs.h
--- a/include/linux/nfs_fs.h	2011-10-24 09:10:05.000000000 +0200
+++ b/include/linux/nfs_fs.h	2011-11-23 13:47:17.279240720 +0100
@@ -468,7 +468,8 @@ extern const struct file_operations nfs_
 extern const struct dentry_operations nfs_dentry_operations;
 
 extern void nfs_force_lookup_revalidate(struct inode *dir);
-extern int nfs_instantiate(struct dentry *dentry, struct nfs_fh *fh, struct nfs_fattr *fattr);
+extern int nfs_instantiate(struct dentry *dentry, struct nfs_fh *fh,
+			   struct nfs_fattr *fattr, struct rpc_groups *fsg);
 extern int nfs_may_open(struct inode *inode, struct rpc_cred *cred, int openflags);
 extern void nfs_access_zap_cache(struct inode *inode);
 
diff -Nurp a/include/linux/nfs_xdr.h b/include/linux/nfs_xdr.h
--- a/include/linux/nfs_xdr.h	2011-10-24 09:10:05.000000000 +0200
+++ b/include/linux/nfs_xdr.h	2011-11-23 13:47:17.284240599 +0100
@@ -1185,9 +1185,10 @@ struct nfs_write_data {
 struct nfs_access_entry;
 struct nfs_client;
 struct rpc_timeout;
+struct rpc_groups;
 
 /*
- * RPC procedure vector for NFSv2/NFSv3 demuxing
+ * RPC procedure vector for NFSv2/NFSv3/NFSv4 demuxing
  */
 struct nfs_rpc_ops {
 	u32	version;		/* Protocol version */
@@ -1203,30 +1204,34 @@ struct nfs_rpc_ops {
 	int	(*getattr) (struct nfs_server *, struct nfs_fh *,
 			    struct nfs_fattr *);
 	int	(*setattr) (struct dentry *, struct nfs_fattr *,
-			    struct iattr *);
+			    struct iattr *, struct rpc_groups *);
 	int	(*lookup)  (struct rpc_clnt *clnt, struct inode *, struct qstr *,
-			    struct nfs_fh *, struct nfs_fattr *);
+			    struct nfs_fh *, struct nfs_fattr *,
+			    struct rpc_groups *);
 	int	(*access)  (struct inode *, struct nfs_access_entry *);
 	int	(*readlink)(struct inode *, struct page *, unsigned int,
 			    unsigned int);
 	int	(*create)  (struct inode *, struct dentry *,
-			    struct iattr *, int, struct nfs_open_context *);
-	int	(*remove)  (struct inode *, struct qstr *);
+			    struct iattr *, int, struct nfs_open_context *,
+			    struct rpc_groups *);
+	int	(*remove)  (struct inode *, struct qstr *, struct rpc_groups *);
 	void	(*unlink_setup)  (struct rpc_message *, struct inode *dir);
 	int	(*unlink_done) (struct rpc_task *, struct inode *);
 	int	(*rename)  (struct inode *, struct qstr *,
-			    struct inode *, struct qstr *);
+			    struct inode *, struct qstr *, struct rpc_groups *);
 	void	(*rename_setup)  (struct rpc_message *msg, struct inode *dir);
 	int	(*rename_done) (struct rpc_task *task, struct inode *old_dir, struct inode *new_dir);
-	int	(*link)    (struct inode *, struct inode *, struct qstr *);
+	int	(*link)    (struct inode *, struct inode *, struct qstr *,
+			    struct rpc_groups *);
 	int	(*symlink) (struct inode *, struct dentry *, struct page *,
-			    unsigned int, struct iattr *);
-	int	(*mkdir)   (struct inode *, struct dentry *, struct iattr *);
-	int	(*rmdir)   (struct inode *, struct qstr *);
+			    unsigned int, struct iattr *, struct rpc_groups *);
+	int	(*mkdir)   (struct inode *, struct dentry *, struct iattr *,
+			    struct rpc_groups *);
+	int	(*rmdir)   (struct inode *, struct qstr *, struct rpc_groups *);
 	int	(*readdir) (struct dentry *, struct rpc_cred *,
 			    u64, struct page **, unsigned int, int);
 	int	(*mknod)   (struct inode *, struct dentry *, struct iattr *,
-			    dev_t);
+			    dev_t, struct rpc_groups *);
 	int	(*statfs)  (struct nfs_server *, struct nfs_fh *,
 			    struct nfs_fsstat *);
 	int	(*fsinfo)  (struct nfs_server *, struct nfs_fh *,
diff -Nurp a/include/linux/sunrpc/auth.h b/include/linux/sunrpc/auth.h
--- a/include/linux/sunrpc/auth.h	2011-10-24 09:10:05.000000000 +0200
+++ b/include/linux/sunrpc/auth.h	2011-11-23 13:47:17.288240503 +0100
@@ -21,11 +21,16 @@
 /* size of the nodename buffer */
 #define UNX_MAXNODENAME	32
 
+struct rpc_groups {
+	int	ngroups;
+	gid_t	groups[RPC_MAXGROUPS];
+};
+
 /* Work around the lack of a VFS credential */
 struct auth_cred {
 	uid_t	uid;
 	gid_t	gid;
-	struct group_info *group_info;
+	struct rpc_groups rg;
 	unsigned char machine_cred : 1;
 };
 
@@ -126,7 +131,7 @@ void			rpcauth_remove_module(void);
 void			rpc_destroy_generic_auth(void);
 void 			rpc_destroy_authunix(void);
 
-struct rpc_cred *	rpc_lookup_cred(void);
+struct rpc_cred *	rpc_lookup_cred(struct rpc_groups *);
 struct rpc_cred *	rpc_lookup_machine_cred(void);
 int			rpcauth_register(const struct rpc_authops *);
 int			rpcauth_unregister(const struct rpc_authops *);
@@ -134,7 +139,7 @@ struct rpc_auth *	rpcauth_create(rpc_aut
 void			rpcauth_release(struct rpc_auth *);
 struct rpc_cred *	rpcauth_lookup_credcache(struct rpc_auth *, struct auth_cred *, int);
 void			rpcauth_init_cred(struct rpc_cred *, const struct auth_cred *, struct rpc_auth *, const struct rpc_credops *);
-struct rpc_cred *	rpcauth_lookupcred(struct rpc_auth *, int);
+struct rpc_cred *	rpcauth_lookupcred(struct rpc_auth *, struct rpc_groups *, int);
 struct rpc_cred *	rpcauth_generic_bind_cred(struct rpc_task *, struct rpc_cred *, int);
 void			put_rpccred(struct rpc_cred *);
 __be32 *		rpcauth_marshcred(struct rpc_task *, __be32 *);
diff -Nurp a/include/linux/sunrpc/msg_prot.h b/include/linux/sunrpc/msg_prot.h
--- a/include/linux/sunrpc/msg_prot.h	2011-10-24 09:10:05.000000000 +0200
+++ b/include/linux/sunrpc/msg_prot.h	2011-11-23 13:47:17.291240429 +0100
@@ -79,6 +79,7 @@ enum rpc_auth_stat {
 };
 
 #define RPC_MAXNETNAMELEN	256
+#define RPC_MAXGROUPS		16
 
 /*
  * From RFC 1831:
diff -Nurp a/include/linux/sunrpc/svcauth.h b/include/linux/sunrpc/svcauth.h
--- a/include/linux/sunrpc/svcauth.h	2011-10-24 09:10:05.000000000 +0200
+++ b/include/linux/sunrpc/svcauth.h	2011-11-23 13:47:17.295240334 +0100
@@ -16,7 +16,6 @@
 #include <linux/sunrpc/cache.h>
 #include <linux/hash.h>
 
-#define SVC_CRED_NGROUPS	32
 struct svc_cred {
 	uid_t			cr_uid;
 	gid_t			cr_gid;
diff -Nurp a/net/sunrpc/auth.c b/net/sunrpc/auth.c
--- a/net/sunrpc/auth.c	2011-10-24 09:10:05.000000000 +0200
+++ b/net/sunrpc/auth.c	2011-11-23 13:47:17.299240236 +0100
@@ -17,8 +17,11 @@
 
 #ifdef RPC_DEBUG
 # define RPCDBG_FACILITY	RPCDBG_AUTH
+# define RG(rg,i)		((i) < (rg).ngroups ? (int)(rg).groups[i] : -1)
 #endif
 
+static void rpcauth_add_groups(struct auth_cred *acred, struct rpc_groups *rg);
+
 #define RPC_CREDCACHE_DEFAULT_HASHBITS	(4)
 struct rpc_cred_cache {
 	struct hlist_head	*hashtable;
@@ -415,24 +418,24 @@ out:
 EXPORT_SYMBOL_GPL(rpcauth_lookup_credcache);
 
 struct rpc_cred *
-rpcauth_lookupcred(struct rpc_auth *auth, int flags)
+rpcauth_lookupcred(struct rpc_auth *auth, struct rpc_groups *rg, int flags)
 {
 	struct auth_cred acred;
 	struct rpc_cred *ret;
 	const struct cred *cred = current_cred();
 
-	dprintk("RPC:       looking up %s cred\n",
-		auth->au_ops->au_name);
+	dprintk("RPC:      looking up %s cred\n", auth->au_ops->au_name);
 
 	memset(&acred, 0, sizeof(acred));
 	acred.uid = cred->fsuid;
-	acred.gid = cred->fsgid;
-	acred.group_info = get_group_info(((struct cred *)cred)->group_info);
+	rpcauth_add_groups(&acred, rg);
 
 	ret = auth->au_ops->lookup_cred(auth, &acred, flags);
-	put_group_info(acred.group_info);
+
+	dprintk("RPC:      cred %p\n", ret);
 	return ret;
 }
+EXPORT_SYMBOL_GPL(rpcauth_lookupcred);
 
 void
 rpcauth_init_cred(struct rpc_cred *cred, const struct auth_cred *acred,
@@ -481,7 +484,7 @@ rpcauth_bind_new_cred(struct rpc_task *t
 
 	dprintk("RPC: %5u looking up %s cred\n",
 		task->tk_pid, auth->au_ops->au_name);
-	return rpcauth_lookupcred(auth, lookupflags);
+	return rpcauth_lookupcred(auth, NULL, lookupflags);
 }
 
 static int
@@ -507,6 +510,44 @@ rpcauth_bindcred(struct rpc_task *task, 
 	return 0;
 }
 
+/*
+ * Generic function for adding groups to acred. When there are too many then
+ * try to be smart by picking only the relevant ones from our secondary group list.
+ */
+static void rpcauth_add_groups(struct auth_cred *acred, struct rpc_groups *rg)
+{
+	int i, n, ngroups;
+	gid_t gid;
+	const struct cred *cred = current_cred();
+
+	acred->gid = cred->fsgid;
+	get_group_info(cred->group_info);
+	ngroups = cred->group_info->ngroups;
+	n = ngroups;
+	if (n <= RPC_MAXGROUPS)
+		rg = NULL;
+	else
+		n = RPC_MAXGROUPS;	/* too many groups for AUTH_UNIX */
+	if (rg) {
+		n = 0;	/* pick the few relevant groups we're a member of */
+		for (i = 0; i < rg->ngroups; ++i) {
+			gid = rg->groups[i];
+			if (in_group_p(gid))
+				acred->rg.groups[n++] = gid;
+		}
+		acred->rg.ngroups = n;
+		dprintk("RPC:      %s(): rg=%d:%d,%d,%d -> %d:%d,%d,%d\n", __func__,
+			rg->ngroups, RG(*rg, 0), RG(*rg, 1), RG(*rg, 2),
+			n, RG(acred->rg, 0), RG(acred->rg, 1), RG(acred->rg, 2));
+	} else {
+		dprintk("RPC:      %s(): ngroups=%d\n", __func__, ngroups);
+		for (i = 0; i < n; ++i)
+			acred->rg.groups[i] = GROUP_AT(cred->group_info, i);
+		acred->rg.ngroups = n;
+	}
+	put_group_info(cred->group_info);
+}
+
 void
 put_rpccred(struct rpc_cred *cred)
 {
diff -Nurp a/net/sunrpc/auth_generic.c b/net/sunrpc/auth_generic.c
--- a/net/sunrpc/auth_generic.c	2011-10-24 09:10:05.000000000 +0200
+++ b/net/sunrpc/auth_generic.c	2011-11-23 13:47:17.302240165 +0100
@@ -32,9 +32,9 @@ static const struct rpc_credops generic_
 /*
  * Public call interface
  */
-struct rpc_cred *rpc_lookup_cred(void)
+struct rpc_cred *rpc_lookup_cred(struct rpc_groups *rg)
 {
-	return rpcauth_lookupcred(&generic_auth, 0);
+	return rpcauth_lookupcred(&generic_auth, rg, 0);
 }
 EXPORT_SYMBOL_GPL(rpc_lookup_cred);
 
@@ -84,12 +84,7 @@ generic_create_cred(struct rpc_auth *aut
 	rpcauth_init_cred(&gcred->gc_base, acred, &generic_auth, &generic_credops);
 	gcred->gc_base.cr_flags = 1UL << RPCAUTH_CRED_UPTODATE;
 
-	gcred->acred.uid = acred->uid;
-	gcred->acred.gid = acred->gid;
-	gcred->acred.group_info = acred->group_info;
-	if (gcred->acred.group_info != NULL)
-		get_group_info(gcred->acred.group_info);
-	gcred->acred.machine_cred = acred->machine_cred;
+	gcred->acred = *acred;
 
 	dprintk("RPC:       allocated %s cred %p for uid %d gid %d\n",
 			gcred->acred.machine_cred ? "machine" : "generic",
@@ -103,8 +98,6 @@ generic_free_cred(struct rpc_cred *cred)
 	struct generic_cred *gcred = container_of(cred, struct generic_cred, gc_base);
 
 	dprintk("RPC:       generic_free_cred %p\n", gcred);
-	if (gcred->acred.group_info != NULL)
-		put_group_info(gcred->acred.group_info);
 	kfree(gcred);
 }
 
@@ -128,29 +121,14 @@ static int
 generic_match(struct auth_cred *acred, struct rpc_cred *cred, int flags)
 {
 	struct generic_cred *gcred = container_of(cred, struct generic_cred, gc_base);
-	int i;
 
 	if (gcred->acred.uid != acred->uid ||
 	    gcred->acred.gid != acred->gid ||
+	    gcred->acred.rg.ngroups != acred->rg.ngroups ||
+	    memcmp(gcred->acred.rg.groups, acred->rg.groups, acred->rg.ngroups * sizeof (gid_t)) ||
 	    gcred->acred.machine_cred != acred->machine_cred)
-		goto out_nomatch;
-
-	/* Optimisation in the case where pointers are identical... */
-	if (gcred->acred.group_info == acred->group_info)
-		goto out_match;
-
-	/* Slow path... */
-	if (gcred->acred.group_info->ngroups != acred->group_info->ngroups)
-		goto out_nomatch;
-	for (i = 0; i < gcred->acred.group_info->ngroups; i++) {
-		if (GROUP_AT(gcred->acred.group_info, i) !=
-				GROUP_AT(acred->group_info, i))
-			goto out_nomatch;
-	}
-out_match:
+		return 0;
 	return 1;
-out_nomatch:
-	return 0;
 }
 
 int __init rpc_init_generic_auth(void)
diff -Nurp a/net/sunrpc/auth_unix.c b/net/sunrpc/auth_unix.c
--- a/net/sunrpc/auth_unix.c	2011-11-23 13:45:58.043151185 +0100
+++ b/net/sunrpc/auth_unix.c	2011-11-23 13:47:17.315239851 +0100
@@ -13,12 +13,10 @@
 #include <linux/sunrpc/clnt.h>
 #include <linux/sunrpc/auth.h>
 
-#define NFS_NGROUPS	16
-
 struct unx_cred {
 	struct rpc_cred		uc_base;
 	gid_t			uc_gid;
-	gid_t			uc_gids[NFS_NGROUPS];
+	gid_t			uc_gids[RPC_MAXGROUPS];
 };
 #define uc_uid			uc_base.cr_uid
 
@@ -60,8 +58,7 @@ static struct rpc_cred *
 unx_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags)
 {
 	struct unx_cred	*cred;
-	unsigned int groups = 0;
-	unsigned int i;
+	int n;
 
 	dprintk("RPC:       allocating UNIX cred for uid %d gid %d\n",
 			acred->uid, acred->gid);
@@ -72,16 +69,11 @@ unx_create_cred(struct rpc_auth *auth, s
 	rpcauth_init_cred(&cred->uc_base, acred, auth, &unix_credops);
 	cred->uc_base.cr_flags = 1UL << RPCAUTH_CRED_UPTODATE;
 
-	if (acred->group_info != NULL)
-		groups = acred->group_info->ngroups;
-	if (groups > NFS_NGROUPS)
-		groups = NFS_NGROUPS;
-
+	n = acred->rg.ngroups;
 	cred->uc_gid = acred->gid;
-	for (i = 0; i < groups; i++)
-		cred->uc_gids[i] = GROUP_AT(acred->group_info, i);
-	if (i < NFS_NGROUPS)
-		cred->uc_gids[i] = NOGROUP;
+	memcpy(cred->uc_gids, acred->rg.groups, n * sizeof (gid_t));
+	if (n < RPC_MAXGROUPS)
+		cred->uc_gids[n] = NOGROUP;
 
 	return &cred->uc_base;
 }
@@ -115,22 +107,14 @@ static int
 unx_match(struct auth_cred *acred, struct rpc_cred *rcred, int flags)
 {
 	struct unx_cred	*cred = container_of(rcred, struct unx_cred, uc_base);
-	unsigned int groups = 0;
-	unsigned int i;
-
+	int n = acred->rg.ngroups;
 
 	if (cred->uc_uid != acred->uid || cred->uc_gid != acred->gid)
 		return 0;
-
-	if (acred->group_info != NULL)
-		groups = acred->group_info->ngroups;
-	if (groups > NFS_NGROUPS)
-		groups = NFS_NGROUPS;
-	for (i = 0; i < groups ; i++)
-		if (cred->uc_gids[i] != GROUP_AT(acred->group_info, i))
-			return 0;
-	if (groups < NFS_NGROUPS &&
-	    cred->uc_gids[groups] != NOGROUP)
+	if (memcmp(cred->uc_gids, acred->rg.groups, n * sizeof (gid_t)))
+		return 0;
+	if (n < RPC_MAXGROUPS &&
+	    cred->uc_gids[n] != NOGROUP)
 		return 0;
 	return 1;
 }
@@ -159,7 +143,7 @@ unx_marshal(struct rpc_task *task, __be3
 	*p++ = htonl((u32) cred->uc_uid);
 	*p++ = htonl((u32) cred->uc_gid);
 	hold = p++;
-	for (i = 0; i < 16 && cred->uc_gids[i] != (gid_t) NOGROUP; i++)
+	for (i = 0; i < RPC_MAXGROUPS && cred->uc_gids[i] != (gid_t) NOGROUP; i++)
 		*p++ = htonl((u32) cred->uc_gids[i]);
 	*hold = htonl(p - hold - 1);		/* gid array length */
 	*base = htonl((p - base - 1) << 2);	/* cred length */
diff -Nurp a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c
--- a/net/sunrpc/svcauth_unix.c	2011-10-24 09:10:05.000000000 +0200
+++ b/net/sunrpc/svcauth_unix.c	2011-11-23 13:47:17.319239755 +0100
@@ -799,7 +799,7 @@ svcauth_unix_accept(struct svc_rqst *rqs
 	cred->cr_uid = svc_getnl(argv);		/* uid */
 	cred->cr_gid = svc_getnl(argv);		/* gid */
 	slen = svc_getnl(argv);			/* gids length */
-	if (slen > 16 || (len -= (slen + 2)*4) < 0)
+	if (slen > RPC_MAXGROUPS || (len -= (slen + 2)*4) < 0)
 		goto badcred;
 	cred->cr_group_info = groups_alloc(slen);
 	if (cred->cr_group_info == NULL)
