Avoid the use of sizeof() and pointer arithmetic to get to the end
of sctp_cookie structure. Instead use the last element peer_init which
is a zero-sized array as the offset.

The purpose of this is to allow sockets created by the kernel in this way
to be passed through the LSM socket creation hooks and be labeled and
mediated in the same manner as other sockets.

This patches addresses a class of potential issues with LSMs, where such
sockets will not be labeled correctly (if at all), or mediated during
creation.  Under SELinux, it fixes a specific bug where RPC sockets
created by the kernel during TCP NFS serving are unlabeled.

Under SELinux, and potentially other LSMs, we need to be able to
distinguish between user sockets and kernel sockets.  For SELinux
specifically, kernel sockets need to be specially labeled during creation,
then bypass access control checks (they are controlled by the kernel
itself and not subject to SELinux mediation).

This addresses a class of potential issues in SELinux where, for example, 
a TCP NFS session times out, then the kernel re-establishes an RPC 
connection upon further user activity.  We do not want such kernel 
created sockets to be labeled with user security contexts.

sock_create() and sock_create_kern() are wrapper functions, which seems 
semantically clearer to me than e.g. adding a flag to sock_create().  If 
you prefer the latter, then let me know.

The patch also adds an argument to the LSM socket creation functions
indicating whether the socket being created is a kernel socket or not.

into nuts.davemloft.net:/disk1/BK/net-2.6

From: Christoph Hellwig <hch@lst.de>

This one is a little funny.  The SGI trees don't show this issue because dmapi
and quota are separate modules so they must be unloaded before xfs_fs_exit can
be called at all.

So let's move the exitcalls for them in mainline first to simulate that
behaviour.

From: Paul Mackerras <paulus@samba.org>

This patch fixes a bug in the pmac-zilog driver where if you enable
CRTSCTS mode, it won't output data when CTS is asserted.  On
powermacs, the CTS input is inverted.  It also fixes a logic bug in
testing for CTS and DCD changes.

   Check for last adapter link is done by next member,
   because entries are not removed yet.

They all have 128 bytes of ACPI/TCO IO space pointed to
by config space register 0x40, and 64 bytes of GPIO space
pointed to by 0x58.

Thanks to Jun Nakajima for the full list.

into ppc970.osdl.org:/home/torvalds/v2.6/linux

We don't have DMA support for AMBA devices yet.

into ppc970.osdl.org:/home/torvalds/v2.6/linux

      read-write (re)mount is requested, empty $LogFile by overwriting it
      with 0xff bytes to ensure that Windows cannot cause data corruption
      by replaying a stale journal after Linux has written to the volume.

into cantab.net:/home/src/ntfs-2.6

      and force a read-only mount if not (fs/ntfs/super.c and fs/ntfs/logfile.c).  This
      is a little bit of a crude check in that we only look at the restart areas and
      not at the actual log records so that there will be a very small number of cases
      where we think that a volume is dirty when in fact it is clean.  This should only
      affect volumes that have not been shutdown cleanly and did not have any pending,
      non-check-pointed i/o.

This fixes a (very very small) preempt race window when we
invalidate the IO permission bitmap on process exit.

There is a bug where if any process that obtained an IO access
permissions via ioperm() does not explicitly "drop" that permissions,
the IO permissions don't get properly invalidated on process exit.

The cause is that exit_thread() only invalidates the per-thread
io_bitmap pointer, but doesn't invalidate the per-TSS io_bitmap pointer
as well. 

As the per-thread pointer is invalidated, __switch_to() doesn't take
care of that one either, so the per-TSS pointer stays valid as long as
some other process does ioperm().

This fixes the problem - it invalidates the per-TSS io_bitmap pointer
and the problem goes away. 

When Patrick removed ide_notify_reboot() in 2.5.42, he didn't notice
that it meant that IDE no longer had any shutdown() functionality.

So we did the right thing on suspend, but not on shutdown.

ide_notify_reboot() was only doing STANDBY on shutdown (because FLUSH
'doesn't work' in 2.4 too) but it worked okay and we still should do STANDBY
on shutdown because some broken disks flush their caches.

Thus just calls bus->suspend() (FLUSH+STANDBY) at shutdown time.  We can
add some safety delay later - 2.4 doesn't have any.

There is a typo in the PTE freeing code causing us to possibly
overflow the batch structure.

Obvious fix (look at the closing parentheses).

into cantab.net:/home/src/ntfs-2.6

I've updated the logips2pp driver to detect the MX310 and MX510 mice
and also made it more maintainable by putting everything into one
table instead of having 4 arrays for them (the MX700 support wasn't
added correctly in the last revision).

This makes the idedisk_release function only flush the cache on final
release; with the recent 2.6 blocklayer updates release gets called
somewhat frequently, and at times where IO is outstanding to the disk.

This bug didn't trigger before simply because ide_cacheflush_p() always
was a nop.

gconf doesn't correctly toggle through the values of a symbol, so use
sym_toggle_tristate_value() instead.

Problem reported by Martin Persenius <martin@persenius.net>

This enables proper mxcsr register masking: the magic mask "0xffbf"
is not necessarily correct for all CPU's, and there is an architected
way to discover the proper MXCSR feature bits by examining the fxsave
results.

Please refer to IA32 Software Developer's Manual, Volume 1, Section
11.6.6 for more details.

ncpfs was forgetting to update iovec's iov_base field whenever partial
transmission occured. This was causing data corruption during large
(60kB) writes.

The code now also passes copy of iovec to the sock_sendmsg, so it does
not rely on network stack updating (or not updating) passed iovec in
case of success (or failure).

I was going through the code looking for bits and pieces to pull across
into the new LSI Logic beta megaraid driver /sys fs code and came across
this one.

LSI Logic have already fixed this issue for the 2.4 driver, and the new
beta driver does not use the /proc filesystem at all, so no problem
there.

The problem is that resources are not freed upon certain error
conditions in the in-kernel megaraid driver, to quote from Lester
Hightower (who originally found the issue):

   "The problem occurs only in the circumstance where one reads one of
    the /proc/megaraid/hba<X>/diskdrives-ch<N> files where the card <X>
    does not have channel <N> on it.  Most people would likely not
    notice this leak in normal operation, but due to the way that we
    monitor our MegaRaid cards in our company (we read these /proc
    entries every 180s) so we found the leak rather quickly, and
    unpleasantly (when your kernel eats all your RAM)."

Anyway, here is the fix, compiled and tested OK for me.

From: Alan Cox <alan@redhat.com>, Arjan van de Ven <arjanv@redhat.com>

 - calculate drive->wcache for non-removable disks too
 - flush the cache before unlocking the door on removable media,
   otherwise you have a small race with the human

This replaces some usages of sempahores on the stack with completions.

We think we have had at least one bug report that could be caused by the
inherent race in the semaphore usage.

There is an bug in bigsmp sub-architecture, due to which it will not
enable all the CPUs when the BIOS-APICIDs are not 0 to n-1 (where n is
total number of CPUs). Particularly, only 2 CPU comes up on a system
that has 4 CPUs with BIOS APICID as (0, 1, 6, 7).=20

The bug is root caused to check_apicid_present(bit) call in smpboot.c,
when bigsmp is expecting apicid in place of bit.
check_apicid_present(bit) in bigsmp subarchitecture checks the bit with
phys_id_present_map (which is actually map representing all apicids and
not bit).

One solution is to change check_apicid_present(bit) to
check_apicid_present(apicid), in smp_boot_cpus().  But, it can affect
all the other subarchitectures in various subtle ways.  So, here is a
simple alternate fix (Thanks to Martin Bligh), which solves the above
problem. 

[ Confirmation from Martin:

     Looks fine, it's exactly the same fix we use for Summit.  Since
     we're using the other method instead of the bitmap, this check
     isn't needed, so we can just bypass it.  This way also has the
     great advantage of being isolated to the bigsmp subarch, so it only
     needs testing there ;-)
 ]

into nuts.davemloft.net:/disk1/BK/net-2.6

From: <mikem@beardog.cca.cpqcorp.net>

This patch adds support for 2 new controllers.  The first is a PCI-Express
version of the 6400.  The second is actually a SATA controller using the cciss
interface.

   Accept negative level3cnt value in register_application
   for special b-channel calculation. Necessary to work with
   capidrv.

into ppc970.osdl.org:/home/torvalds/v2.6/linux