From: "V. Rajesh" <vrajesh@eecs.umich.edu>

If a vma is already present in an i_mmap list of a mapping,
then it is racy to update the vm_start, vm_end, and vm_pgoff
members of the vma without holding the mapping's i_shared_sem. 
This is because the updates can race with invalidate_mmap_range_list.

I audited all the places that assign vm_start, vm_end, and vm_pgoff.
AFAIK, the following is the list of questionable places:

1) This patch fixes the racy split_vma. Kernel 2.4 does the
   right thing, but the following changesets introduced a race.

   http://linux.bkbits.net:8080/linux-2.5/patch@1.536.34.4
   http://linux.bkbits.net:8080/linux-2.5/patch@1.536.34.5

   You can use the patch and programs in the following URL to
   trigger the race.

  http://www-personal.engin.umich.edu/~vrajesh/linux/truncate-race/

2) This patch also locks a small racy window in vma_merge.

3) In few cases vma_merge and do_mremap expand a vma by adding 
   extra length to vm_end without holding i_shared_sem. I think
   that's fine.

4) In arch/sparc64, vm_end is updated without holding i_shared_sem.
   Check make_hugetlb_page_present.  I hope that is fine, but
   I am not sure.

into home.osdl.org:/home/torvalds/v2.5/linux

The "irq_vector[]" array is indexed by the sum of all RTEs in all I/O
APICs, and is not necessarily limited by the x86 CPU irq vector inputs.

In fact, the irq vector index would overflow on big machines with lots
of IO APIC's, causing the boot to fail.

So grow the array for the big SMP boxes, keeping the default the same as
before (and shrink the vector entry size down to a 8-bit value, since
that's the size of the actual CPU vector entry).

into redhat.com:/spare/repo/libata-2.5-merge

Intel ICH5 (production)
ServerWorks / Apple K2 (beta)
VIA (beta)
Silicon Image 3112 (broken!)
Various Promise (alpha/beta)

into home.osdl.org:/home/torvalds/v2.5/linux

Patch from Alexander Schulz

This patch adds the define for PCIMEM_BASE so that the shark kernel
compiles again.

Patch from Dave Jiang

The fix allows IOP321 based platforms to boot all the way instead of
blank screen after "starting kernel...".  Inherited from Deepak's
earlier patch. 

CMD640 driver also supports VLB version of the chipset, therefore fix
drivers/ide/Makefile to include pci/ subdir even if CONFIG_BLK_DEV_IDEPCI=n.

 - remove cruft, memset() i2c-client structures in tda9840, tea6420,
    tea6415c driver, otherwise i2c_register()/kobject() segfaults later on

 - remove cruft, add I2C_ADAP_CLASS_TV_ANALOG identifier for analog tv
   i2c handler

 - DVB networking uses big endian crc32, so change all occurences of
   crc32_le to crc32_be
 - fix usage of firmware location Kconfig option in tda1004x frontend
   driver
 - add missing VBI line decoding initialization to saa7113 code for
   av7110 driver
 - make av7110 firmware static and *not* __initdata, so recover_arm()
   can work in case the driver is compiled in statically

  http://bugme.osdl.org/show_bug.cgi?id=1185

  use X86 ACPI specific version of eisa_set_level_irq()
  http://bugzilla.kernel.org/show_bug.cgi?id=1390

This fixes initrd with devfs.  With that combination the late-boot code
does temporary mount of devfs over rootfs /dev, which made /dev/initrd
inaccessible.  For setups without devfs that didn't happen. 

The fix is trivial - put the file in question outside of /dev; IOW,
we simply replace "/dev/initrd" with "/initrd.image" in init/*.

Confirmed to fix the problem by Valdis Kletnieks

into home.osdl.org:/home/torvalds/v2.5/linux

into home.osdl.org:/home/torvalds/v2.5/linux

... as if "nohide" is in used, it will be the wrong filehandle, and
returning a filehandle is optional anyway.

When raid0 needs to split a request, it uses 'block' (1K) addresses
rather than sector (512b) addresses, which causes problems if the sector
address is odd.  This patch fixes the problem.

Thanks to Andy Polyakov <appro@fy.chalmers.se>

As found by Herbert Xu: the last v4l update broke bttv.  videobuf_iolock
was passed a vb that has just been filled with zeros. 

Fixed like this.

From: "Noah J. Misch" <noah@caltech.edu>

The Silicon Image driver is not building properly when CONFIG_PROC_FS is unset.
This patch corrects that problem.  It appears as though several utility
functions at the top of drivers/ide/pci/siimage.c that the driver always needs
accidentally fell within an #ifdef CONFIG_PROC_FS.  I also removed an excess
include while I noticed it.

- converts hdr_cur_pos into hdr_cur_offs to avoid leaking kernel
  addresses to userland. As a consequence hdr_last_pos is gone.

- correct buffer saturation mode bug by which the hdr_count would
  be reset, leading to no visible samples collected.

Newer versions of strace manipulate the syscall arguments and to make this
work for ia32 processes, we need to reload the syscall args after
doing the syscall-trace callback.

	enable_irq() sequences).

Tony pointed out (thanks Tony) that in -test8 kobject_set_name() will
try to free a kobject's k_name field if it's non-NULL, so we need to
zero it out in case kmalloc() gave us recycled memory or we'll try to
kfree a bogus area.

into tiger.hpl.hp.com:/data1/bk/lia64/to-linus-2.5

This fixes a problem in EFI memory map trimming. For example,
here's part of the memory map on my i2000:

    mem00: type=4, attr=0x9, range=[0x0000000000000000-0x0000000000001000) (0MB)
    mem01: type=7, attr=0x9, range=[0x0000000000001000-0x0000000000088000) (0MB)
    mem02: type=4, attr=0x9, range=[0x0000000000088000-0x00000000000a0000) (0MB)
    mem03: type=5, attr=0x8000000000000009, range=[0x00000000000c0000-0x0000000000100000) (0MB)
    mem04: type=7, attr=0x9, range=[0x0000000000100000-0x0000000004000000) (63MB)
    mem05: type=2, attr=0x9, range=[0x0000000004000000-0x00000000049ba000) (9MB)
    mem06: type=7, attr=0x9, range=[0x00000000049ba000-0x000000007ec0b000) (1954MB)
    ...

There's a hole at 0xa0000-0xc0000, so we should ignore all the WB memory
in that granule.  With 16MB granules, the existing code trims like this
(note the 4K page at 0x0 should have been ignored, but wasn't).

into intel.com:/home/lenb/bk/linux-acpi-test-2.6.0

into hostme.bitkeeper.com:/repos/c/cifs/linux-2.5cifs

http://bugme.osdl.org/show_bug.cgi?id=1171

http://bugme.osdl.org/show_bug.cgi?id=1038

http://bugme.osdl.org/show_bug.cgi?id=726

Populate topology directories correctly now that NUMA kernels work.

They were added by Torben to workaround ServerWorks driver problems
(fixed by previous patch), but depending on BIOS can be dangerous on
other chipsets and it is always better to fix specific driver.

Removal of these options was acked by Torben.