into kernel.bkbits.net:/home/davem/net-2.6

Use it to release protocol specific objects that may be
tied to a dst cache object, at ifdown time.  Currently
this is used to release ipv4/ipv6 specific device state.

into nuts.davemloft.net:/disk1/BK/net-2.6

Will be used by the poor cousins, starting with LLC.
Signed-off-by: Arnaldo Carvalho de Melo <acme@conectiva.com.br>

Later patches will make other protocols use sk_wait_data and further generalisations
of tcp code will use sk_wait_event.

This is again to abstract away more stuff from poor network family writers, like
the SOCK_ASYNC_WAITDATA, etc.
Signed-off-by: Arnaldo Carvalho de Melo <acme@conectiva.com.br>

into nuts.davemloft.net:/disk1/BK/net-2.6

It was already generic, so reflect this in the naming.

Later patches will make it be used in other network families.

into nuts.davemloft.net:/disk1/BK/net-2.6

Signed-off-by: Shirley Ma <mashirle@us.ibm.com>
Signed-off-by: David S. Miller <davem@redhat.com>

When creating dst entry from ndisc, the dst entry of pmtu is not set, and the 
outout for this kind of dst entry is set to ip_output2 instead of ip_output. 
This could lead to send bigger packets through these des entries without 
fragmentation, and uninitialized pmtu could lead the network unreachable. 

These problems are easy reproduced when configuring IPSEC for ipv6. IPSEC 
could pick up dst entry created by ndisc as child des entry if ndisc dst 
entry generated earlier. If sending bigger packets through IPSEC, the ip 
output2 will send bigger packets out, the driver will drop these packets on 
receiver side. Also the dst_entry pmtu will be 0, the network is unreachable.

The patch has been tested against 2.6.6. I am not sure why ndisc genereats dst 
entry with output equal to ip6_output2 not ip6_output. If ndisc sends bigger 
packets, it will break also.
Signed-off-by: Shirley Ma <mashirle@us.ibm.com>
Signed-off-by: David S. Miller <davem@redhat.com>

Below is the patch, against 2.6.7-rc2, to fix crypto/digest.c to do
multiple kmap()/kunmap() for scatterlist entries which have a size
greater than a single page, originally found and fixed by
N.C.Krishna Murthy <krmurthy@cisco.com>.
Signed-off-by: Clay Haapala <chaapala@cisco.com>
Signed-off-by: David S. Miller <davem@redhat.com>

1) Make window clamp follow receive buffer growth so it
   does not limit window advertisements.  Noticed by John
   Heffner and Stephen Hemminger.
2) Fix rcvmem calculation such that tcp_adv_win_scale is
   taken into account.

into ppc970.osdl.org:/home/torvalds/v2.6/linux

- Modify fs/ntfs/ntfs_readdir() to copy the index root attribute value
  to a buffer so that we can put the search context and unmap the mft
  record before calling the filldir() callback.  We need to do this
  because of NFSd which calls ->lookup() from its filldir callback()
  and this causes NTFS to deadlock as ntfs_lookup() maps the mft record
  of the directory and since ntfs_readdir() has got it mapped already
  ntfs_lookup() deadlocks.
Signed-off-by: Anton Altaparmakov <aia21@cantab.net>

into cantab.net:/home/src/ntfs-2.6

into ppc970.osdl.org:/home/torvalds/v2.6/linux

into starflyer.(none):/home/airlied/drm/drm-2.6

and/or d->send_sizes.  When these functions are called from gamma_dma,
these pointers are user pointers and are thus not safe to deref.  This patch
copies over the pointers inside gamma_dma_priority and
gamma_dma_send_buffers.
Submitted-by: Robert T. Johnson <rtjohnso@eecs.berkeley.edu>
Signed-off-by: Dave Airlie <airlied@linux.ie>

This bug took forever to debug (just ask Ben :-).

When we move the completion event from the failed request to the sense
request, we risk either the initial complete and then later complete on
a long gone ->waiting.  I think this business of moving the completion
structure to the request sense is a bit bogus and always has been, and
the bug is fixed nicely by just rewriting this logic a bit.  So instead
we simply unconditionally dequeue the failed request (regardless of
whether it was REQ_PC or REQ_BLOCK_PC), and pass a reference to it in
the sense request.  When the sense completes, we call end io on the
originally failed request (which does the complete() etc).
Signed-off-by: Jens Axboe <axboe@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

This makes the best practices already in place in bluetooth
and tcp/ip available for all protocols, i.e. references must
be managed when associating timers with struct sock instances,
also makes the code a bit more clean.
Signed-off-by: Arnaldo Carvalho de Melo <acme@conectiva.com.br>

into cantab.net:/home/src/ntfs-2.6

With the old DRM interface, the devname was set in DRM(setunique),
but with the current DRM interface >=1.1 the devname is not being
set in DRM(set_busid).

From: Alan Swanson
Approved-by: Dave Airlie <airlied@linux.ie>

into nuts.davemloft.net:/disk1/BK/net-2.6

into ppc970.osdl.org:/home/torvalds/v2.6/linux

into nuts.davemloft.net:/disk1/BK/net-2.6

Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@redhat.com>

into nuts.davemloft.net:/disk1/BK/sparc-2.6

dup_mmap() unnecessarily tries to account for memory of the vma's it has
created if it fails in the middle.

However, that's pointless (and wrong), since the exit_mmap() path called
through mmput() will do so anyway in the failure path.

Just remove the bogus un-accounting code.

into ppc970.osdl.org:/home/torvalds/v2.6/linux

Add __user annotations to kernel/sysctl.c to satisfy sparse
for !CONFIG_SYSCTL, !CONFIG_PROC_FS.
Signed-off-by: Randy Dunlap <rddunlap@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

It puts two 2kB temp areas on the stack, which is
guaranteed to overflow a 4kB stack if that path
is ever taken.

Both marked in the source, and both should be easy
to fix but need testing.

Found by Jörn Engel.

From: Herbert Xu <herbert@gondor.apana.org.au>

The recent change to vga16fb's memory mapping that you partially reverted
is still broken.  In particular, it's setting fix.mem_start to a virtual
address on i386.  The value of fix.mem_start is meant to be physical.

We could simply apply virt_to_phys to it, but somehow I doubt that is what
it's meant to do on arm.  So until we hear from someone who knows how it
works on arm, let's just revert this change.
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

Randy Dunlap <rddunlap@osdl.org> points out that sparse warns about the test
of an undefined preprocessor identifier.
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

From: Andy Whitcroft <apw@shadowen.org>

The sysctl interfaces for updating the uts entries such as hostname and
domainname are using the wrong length for these buffers; they are hard
coded to 64.  Although safe, this artifically limits the size of these
fields to one less than the true maximum.  This generates an inconsistency
between the various methods of update for these fields.

# hostname 12345678901234567890123456789012345678901234567890123456789012345
hostname: name too long
# hostname 1234567890123456789012345678901234567890123456789012345678901234
# hostname
1234567890123456789012345678901234567890123456789012345678901234

# sysctl -w kernel.hostname=1234567890123456789012345678901234567890123456789012345678901234567890
kernel.hostname = 1234567890123456789012345678901234567890123456789012345678901234567890
# hostname
123456789012345678901234567890123456789012345678901234567890123
#

The error originates from the fact the handler for strings (proc_dostring)
already allows for the string terminator.  This patch corrects the limit,
taking the oppotunity to convert to use of sizeof().
Signed-off-by: Andy Whitcroft <apw@shadowen.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>