There is a bug in cpufreq call back funtion in timer_tsc routines,
that can result in system deadlock. The issue is: grabbing the
write_lock on xtime_lock without disabling the interrupts. So,=20
if we happen to get a timer interrupt while we are in this code,
system will go into a deadlock.

This bug only effects the kernels that have CONFIG_CPU_FREQ enabled.

This fixes two del_timer_sync() races that are still in the timer code. 

The first race was actually triggered in a 2.4 backport of the 2.6 timer
code.  The second race was never triggered - it is mostly theoretical on
a standalone kernel.  (It's more likely in any virtualized or otherwise
preemptable environment.)

Both races happen when self-rearming timers are used.  One mainstream
example is kernel/itimer.c.  The effect of the races is that
del_timer_sync() lets a timer running instead of synchronizing with it,
causing logic bugs (and crashes) in the affected kernel code.  One
typical incarnation of the race is a double add_timer(). 

race #1:

this code in __run_timers() is running on CPU0:

                        list_del(&timer->entry);
                        timer->base = NULL;
			[*]
                        set_running_timer(base, timer);
                        spin_unlock_irq(&base->lock);
			[**]
                        fn(data);
                        spin_lock_irq(&base->lock);

CPU0 gets stuck at the [*] code-point briefly - after the timer->base has
been set to NULL, but before the base->running_timer pointer has been set
up. This is a fundamentally volatile scenario, as there's _zero_ knowledge
in the data structures that this timer is about to be executed!

Now CPU1 comes along and calls del_timer_sync(). It will find nothing -
neither timer->base nor base->running_timer will cause it to synchronize.  
It will return and report that the timer has been deleted - shortly
afterwards CPU1 continues to execute the timer fn, which will cause
crashes.

This particular race is easy to fix by reordering the timer->base
clearing with set_running_timer(), and putting a wmb() between them, but
there's more races:

race #2

The checking of del_timer_sync() for 'pending or running timer' is
fundamentally unrobust. Eg. if CPU0 gets stuck at the [***] point below:

                base = &per_cpu(tvec_bases, i);
                if (base->running_timer == timer) {
                        while (base->running_timer == timer) {
                                cpu_relax();
                                preempt_check_resched();
                        }
			[***]
                        break;
                }
        }
        smp_rmb();
        if (timer_pending(timer))
                goto del_again;


then del_timer_sync() has already decided that this timer is not running
(we just finished loop-waiting for it), but we have not done the
timer_pending() check yet.

If the timer has re-armed itself, and if the timer expires on CPU1 (this
needs a long delay on CPU0 but that's not hard to achieve eg.  in UML or
with kernel preemption enabled), then CPU1 could start to expire the
timer and gets to the [**] point in __run_timers (see above), then CPU1
gets stalled and CPU0 is unstalled, then the timer_pending() check in
del_timer_sync() will not notice the running timer, and del_timer_sync()
returns - while CPU1 is just about to run the timer!

Fixing this second race is hard - it involves a heavy race-check
operation that has to lock all bases, and has to re-check the
base->running_timer value, and timer_pending condition atomically.

This fix also fixes the first race, due to forcing del_timer_sync() to
always observe the timer state atomically, so the [*] code point will
always synchronize with del_timer_sync(). 

The patch is ugly but safe, and it has fixed the crashes in the 2.4
backport.  I tested the patch on 2.6.0-test7 with some heavy itimer use
and it works fine.  Removing self-arming timers safely is the sole
purpose of del_timer_sync(), so there's no way around this overhead i
think.  I believe we should ultimately fix all major del_timer_sync()
users to not use self-arming timers - having del_timer_sync() in the
thread-exit path is now a considerable source of SMP overhead.  But this
is out of the scope of current 2.6 fixes of course, and we have to
support self-arming timers as well.

into home.osdl.org:/home/torvalds/v2.5/linux

into home.osdl.org:/home/torvalds/v2.5/linux

into kroah.com:/home/greg/linux/BK/usb-2.6

into home.osdl.org:/home/torvalds/v2.5/linux

This adds a couple of missing symbol exports for
lm_driver_register and lm_driver_unregister.

no_action is implemented by generic code; no need for machine class
code to implement it as well.

into kroah.com:/home/greg/linux/BK/i2c-2.6

into home.osdl.org:/home/torvalds/v2.5/linux

into wopr.codemonkey.org.uk:/mnt/nfs/sepia/bar/src/kernel/2.6/trees/cpufreq

(Blah about unused variables).
This code still won't be used, as its still not tested/debugged properly
on a Nehemiah.

We got half multipliers horribly wrong, which made us think we could
clock the CPU much higher than we actually could.

Now that longhaul=1 matches more than 1 CPU, this broke.

These CPUs are actually only longhaul v1 compliant.
This was catastrophic, as the MSRs moved between v1 and v2.
There was also massive confusion in the documentation regarding Ezra.
It's not another variant, so 'v2' never existed.
Renamed v3 (Powersaver) to v2 as a result of this.

There was no release function, that was the bug :)
It caused bad messages to show up in the syslog whenever a i2c driver was removed, and could
easily oops.

attached you can find a patch that should fix i2c-sis630 driver for
2.6.0-X kernel. With i2c-sis630 from stock 2.6.0-X we have oops and
driver was not correct registered against i2c-core.

Changes:
	1) fixed a oops while modprobing
	2) added check for buffer overflow for i2c block data read transaction
	3) added 'force' modprobe parameter. It's allow more easily
	   testing for not yet supported SiS chips.

into home.osdl.org:/home/torvalds/v2.5/linux

This code is from ancient history when TCP did not used SKB cloning.

cause NULL pointer references in /proc.

Moreover, it's questionable whether the whole thing makes sense at all. 
Per-thread state is good.

Cset exclude: davem@nuts.ninka.net|ChangeSet|20031005193942|01097
Cset exclude: akpm@osdl.org[torvalds]|ChangeSet|20031005180420|42200
Cset exclude: akpm@osdl.org[torvalds]|ChangeSet|20031005180411|42211

fixes all chip drivers by moving the initialization before any sysfs
entry is created.

Previously, one could configure a kernel that wouldn't link by doing a 'make
allnoconfig' and then a 'make menuconfig' and enabling CONFIG_EXPERIMENTAL,
CONFIG_PCI, CONFIG_USB_GADGET, and CONFIG_USB_ETH.

This usb driver needs ide_fix_driveid from drivers/ide/ide-ops.c, which
needs BLK_DEV_IDE ("Enhanced IDE/MFM/RLL disk/cdrom/tape/floppy
support") to get built.

Without this patch, you can configure an un-linkable kernel by doing make
allnoconfig, make menuconfig, and setting CONFIG_PCI, CONFIG_USB,
CONFIG_USB_STORAGE, and CONFIG_USB_STORAGE_ISD200 only.

I've got a new toy. This obviously correct 4 liner patches
the two files:

net/sunrpc/clnt.c does not compile if RPC_DEBUG is not enabled, due to
the fact that tk_pid is protected by RPC_DEBUG (which in turn depends on
CONFIG_SYSCTL).

The printk's that use it don't actually need to print it out at all,
the rpc_task tag isn't really interesting here.

Acked by Trond Myklebust.

The Zoran driver doesn't include <asm/io.h> and thus won't compile
on architectures where that doesn't get implicitly included through
some other path.

Add the proper includes.

This is the latest iteration of the workaround for the Athlon/Opteron
prefetch erratum.  Sometimes the CPU would incorrectly report an
exception on prefetch.

This supercedes the previous dumb workaround of checking for AMD CPUs in
prefetch().  That one bloated the kernel by several KB and lead to lots
of unnecessary checks in hot paths. 

Also this one handles user space faults too, so the kernel can
effectively isolte the user space from caring about this errata.

Instead it handles it in the slow path of the exception handler (the
check is only done when the kernel would normally trigger seg fault or
crash anyways)

All the serious criticisms to the previous patches have been addressed. 
It checks segment bases now, handles vm86 mode and avoids deadlocks when
the prefetch exception happened inside mmap_sem.

This includes review and fixes from Jamie Lokier and Andrew Morton.
Opcode decoder based on code from Richard Brunner.

This resolves a bug in osdl bugtraq (#1261) by making
some more driver names match their module names.  Such
mismatches are bad because scripts often need to add
special cases, handling multiple names for drivers.

usually this would be too trivial, but is so obviously stupid that
people might think that there's some hidden trick in there.

We should not check for NULL _after_ following a pointer.
Consider it a small tiny step towards cleaning up this code.

In drivers/usb/core/hcd-pci.c, the code forgets to set hcd->state to
USB_STATE_SUSPENDED on suspend.  The effect is that on resume, the
code refuses to wake the HCD up, and instead prints a message saying
the interface hasn't been suspended.

The patch below fixes this.  It is against 2.6.0-test6.  With this
patch I can suspend and resume my Apple PowerBook G4, and the USB
works after resuming.