diff -purN -X /home/mbligh/.diff.exclude 500-aio-retry/fs/aio.c 505-4g4g-aio-hang-fix/fs/aio.c
--- 500-aio-retry/fs/aio.c	2004-02-28 11:21:09.000000000 -0800
+++ 505-4g4g-aio-hang-fix/fs/aio.c	2004-02-28 11:21:12.000000000 -0800
@@ -802,18 +802,23 @@ static inline void aio_run_iocbs(struct 
  * aio_kick_handler:
  * 	Work queue handler triggered to process pending
  * 	retries on an ioctx. Takes on the aio issuer's
- * 	mm context before running the iocbs.
+ * 	mm context before running the iocbs, so that
+ * 	copy_xxx_user operates on the issuer's address
+ * 	space.
  * Run on aiod's context.
  */
 static void aio_kick_handler(void *data)
 {
 	struct kioctx *ctx = data;
+	mm_segment_t oldfs = get_fs();
 
+	set_fs(USER_DS);
 	use_mm(ctx->mm);
 	spin_lock_irq(&ctx->ctx_lock);
 	__aio_run_iocbs(ctx);
 	unuse_mm(ctx->mm);
 	spin_unlock_irq(&ctx->ctx_lock);
+	set_fs(oldfs);
 }