* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
  [INET_DIAG]: Fix oops in netlink_rcv_skb
  [IPv6]: Fix NULL pointer dereference in ip6_flush_pending_frames
  [NETFILTER]: Fix/improve deadlock condition on module removal netfilter
  [NETFILTER]: nf_conntrack_ipv4: fix "Frag of proto ..." messages
  [NET] DOC: Update networking/multiqueue.txt with correct information.
  [IPV6]: Freeing alive inet6 address
  [DECNET]: Fix interface address listing regression.
  [IPV4] devinet: show all addresses assigned to interface
  [NET]: Do not dereference iov if length is zero
  [TG3]: Workaround MSI bug on 5714/5780.
  [Bluetooth] Fix parameter list for event filter command
  [Bluetooth] Update security filter for Bluetooth 2.1
  [Bluetooth] Add compat handling for timestamp structure
  [Bluetooth] Add missing stat.byte_rx counter modification

* master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6:
  [SCSI] libiscsi: sync up iscsi and scsi eh's access to the connection
  [SCSI] libiscsi: fix null ptr regression when aborting a command with data to transfer
  [SCSI] qla2xxx: Update version number to 8.02.00-k3.
  [SCSI] qla2xxx: Correct mailbox register dump for FWI2 capable ISPs.
  [SCSI] qla2xxx: Correct 8GB iIDMA support.
  [SCSI] qla2xxx: Correct management-server login-state synchronization issue.
  [SCSI] qla2xxx: Don't modify parity bits during ISP25XX restart.
  [SCSI] qla2xxx: Allocate enough space for the full PCI descriptor.
  [SCSI] zfcp: fix the data buffer accessor patch
  [SCSI] zfcp: allocate gid_pn_data objects from gid_pn_cache
  [SCSI] zfcp: fix memory leak

netlink_run_queue() doesn't handle multiple processes processing the
queue concurrently. Serialize queue processing in inet_diag to fix
a oops in netlink_rcv_skb caused by netlink_run_queue passing a
NULL for the skb.

BUG: unable to handle kernel NULL pointer dereference at virtual address 00000054
[349587.500454]  printing eip:
[349587.500457] c03318ae
[349587.500459] *pde = 00000000
[349587.500464] Oops: 0000 [#1]
[349587.500466] PREEMPT SMP
[349587.500474] Modules linked in: w83627hf hwmon_vid i2c_isa
[349587.500483] CPU:    0
[349587.500485] EIP:    0060:[<c03318ae>]    Not tainted VLI
[349587.500487] EFLAGS: 00010246   (2.6.22.3 #1)
[349587.500499] EIP is at netlink_rcv_skb+0xa/0x7e
[349587.500506] eax: 00000000   ebx: 00000000   ecx: c148d2a0   edx: c0398819
[349587.500510] esi: 00000000   edi: c0398819   ebp: c7a21c8c   esp: c7a21c80
[349587.500517] ds: 007b   es: 007b   fs: 00d8  gs: 0033  ss: 0068
[349587.500521] Process oidentd (pid: 17943, ti=c7a20000 task=cee231c0 task.ti=c7a20000)
[349587.500527] Stack: 00000000 c7a21cac f7c8ba78 c7a21ca4 c0331962 c0398819 f7c8ba00 0000004c
[349587.500542]        f736f000 c7a21cb4 c03988e3 00000001 f7c8ba00 c7a21cc4 c03312a5 0000004c
[349587.500558]        f7c8ba00 c7a21cd4 c0330681 f7c8ba00 e4695280 c7a21d00 c03307c6 7fffffff
[349587.500578] Call Trace:
[349587.500581]  [<c010361a>] show_trace_log_lvl+0x1c/0x33
[349587.500591]  [<c01036d4>] show_stack_log_lvl+0x8d/0xaa
[349587.500595]  [<c010390e>] show_registers+0x1cb/0x321
[349587.500604]  [<c0103bff>] die+0x112/0x1e1
[349587.500607]  [<c01132d2>] do_page_fault+0x229/0x565
[349587.500618]  [<c03c8d3a>] error_code+0x72/0x78
[349587.500625]  [<c0331962>] netlink_run_queue+0x40/0x76
[349587.500632]  [<c03988e3>] inet_diag_rcv+0x1f/0x2c
[349587.500639]  [<c03312a5>] netlink_data_ready+0x57/0x59
[349587.500643]  [<c0330681>] netlink_sendskb+0x24/0x45
[349587.500651]  [<c03307c6>] netlink_unicast+0x100/0x116
[349587.500656]  [<c0330f83>] netlink_sendmsg+0x1c2/0x280
[349587.500664]  [<c02fcce9>] sock_sendmsg+0xba/0xd5
[349587.500671]  [<c02fe4d1>] sys_sendmsg+0x17b/0x1e8
[349587.500676]  [<c02fe92d>] sys_socketcall+0x230/0x24d
[349587.500684]  [<c01028d2>] syscall_call+0x7/0xb
[349587.500691]  =======================
[349587.500693] Code: f0 ff 4e 18 0f 94 c0 84 c0 0f 84 66 ff ff ff 89 f0 e8 86 e2 fc ff e9 5a ff ff ff f0 ff 40 10 eb be 55 89 e5 57 89 d7 56 89 c6 53 <8b> 50 54 83 fa 10 72 55 8b 9e 9c 00 00 00 31 c9 8b 03 83 f8 0f

Reported by Athanasius <link@miggy.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

Some of skbs in sk->write_queue do not have skb->dst because
we do not fill skb->dst when we allocate new skb in append_data().

BTW, I think we may not need to (or we should not) increment some stats
when using corking; if 100 sendmsg() (with MSG_MORE) result in 2 packets,
how many should we increment?

If 100, we should set skb->dst for every queued skbs.

If 1 (or 2 (*)), we increment the stats for the first queued skb and
we should just skip incrementing OutDiscards for the rest of queued skbs,
adn we should also impelement this semantics in other places;
e.g., we should increment other stats just once, not 100 times.

*: depends on the place we are discarding the datagram.

I guess should just increment by 1 (or 2).
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

So I've had a deadlock reported to me.  I've found that the sequence of
events goes like this:

1) process A (modprobe) runs to remove ip_tables.ko

2) process B (iptables-restore) runs and calls setsockopt on a netfilter socket,
increasing the ip_tables socket_ops use count

3) process A acquires a file lock on the file ip_tables.ko, calls remove_module
in the kernel, which in turn executes the ip_tables module cleanup routine,
which calls nf_unregister_sockopt

4) nf_unregister_sockopt, seeing that the use count is non-zero, puts the
calling process into uninterruptible sleep, expecting the process using the
socket option code to wake it up when it exits the kernel

4) the user of the socket option code (process B) in do_ipt_get_ctl, calls
ipt_find_table_lock, which in this case calls request_module to load
ip_tables_nat.ko

5) request_module forks a copy of modprobe (process C) to load the module and
blocks until modprobe exits.

6) Process C. forked by request_module process the dependencies of
ip_tables_nat.ko, of which ip_tables.ko is one.

7) Process C attempts to lock the request module and all its dependencies, it
blocks when it attempts to lock ip_tables.ko (which was previously locked in
step 3)

Theres not really any great permanent solution to this that I can see, but I've
developed a two part solution that corrects the problem

Part 1) Modifies the nf_sockopt registration code so that, instead of using a
use counter internal to the nf_sockopt_ops structure, we instead use a pointer
to the registering modules owner to do module reference counting when nf_sockopt
calls a modules set/get routine.  This prevents the deadlock by preventing set 4
from happening.

Part 2) Enhances the modprobe utilty so that by default it preforms non-blocking
remove operations (the same way rmmod does), and add an option to explicity
request blocking operation.  So if you select blocking operation in modprobe you
can still cause the above deadlock, but only if you explicity try (and since
root can do any old stupid thing it would like....  :)  ).
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

Since we're now using a generic tuple decoding function in ICMP
connection tracking, ipv4_get_l4proto() might get called with a
fragmented packet from within an ICMP error. Remove the error
message we used to print when this happens.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

Updated the multiqueue.txt document to call out the correct kernel
options to select to enable multiqueue.
Signed-off-by: Peter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

From: Denis V. Lunev <den@openvz.org>

addrconf_dad_failure calls addrconf_dad_stop which takes referenced address
and drops the count. So, in6_ifa_put perrformed at out: is extra. This
results in message: "Freeing alive inet6 address" and not released dst entries.
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: Alexey Dobriyan <adobriyan@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

Not all are listed, same as the IPV4 devinet bug.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

Bug: http://bugzilla.kernel.org/show_bug.cgi?id=8876

Not all ips are shown by "ip addr show" command when IPs number assigned to an
interface is more than 60-80 (in fact it depends on broadcast/label etc
presence on each address).

Steps to reproduce:
It's terribly simple to reproduce:

# for i in $(seq 1 100); do ip ad add 10.0.$i.1/24 dev eth10 ; done
# ip addr show

this will _not_ show all IPs.
Looks like the problem is in netlink/ipv4 message processing.

This is fix from bug submitter, it looks correct.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

When msg_iovlen is zero we shouldn't try to dereference
msg_iov.  Right now the only thing that tries to do so
is skb_copy_and_csum_datagram_iovec.  Since the total
length should also be zero if msg_iovlen is zero, it's
sufficient to check the total length there and simply
return if it's zero.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>

A hardware bug was revealed after a recent PCI MSI patch was made to
always disable legacy INTX when enabling MSI.  The 5714/5780 chips
will not generate MSI when INTX is disabled, causing MSI failure
messages to be reported, and another patch was made to workaround the
problem by disabling MSI on ServerWorks HT1000 bridge chips commonly
found with the 5714.

We workaround this chip bug by enabling INTX after we enable MSI and
after we resume from suspend.

Update version to 3.81.

This problem was discovered by David Miller.
Signed-off-by: Michael Chan <mchan@broadcom.com>
Acked-by: Andy Gospodarek <andy@greyhouse.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev:
  libata clear horkage on ata_dev_init()
  [libata, IDE] add new VIA bridge to VIA PATA drivers
  pata_it821x: fix lost interrupt with atapi devices
  Fix broken pata_via cable detection

dev->horkage should be cleared over device hotunplug/plug.  Clear it
in ata_dev_init().
Signed-off-by: Tejun Heo <htejun@gmail.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>

Signed-off-by: Joseph Chan <josephchan@via.com.tw>
Signed-off-by: Jeff Garzik <jeff@garzik.org>

The earlier crash dump fix on x86_64 depended on patches in -mm which
are intended for post-2.6.23.  Without those, it broke the build when
it went into 2.6.23-rc5.

This changes the field references in ELF_CORE_COPY_REGS back to those
still used in mainline.
Signed-off-by: Jeff Dike <jdike@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

In the case when an nmi gets stucks the endflag stays equal to zero.
This causes the busy looping on other cpus to continue, even though the
nmi test is done.

On my machine with out the change below the system would hang right
after check_nmi_watchdog().  The change below just sets endflag prior to
checking if the test was successful or not.
Signed-off-by: Daniel Walker <dwalker@mvista.com>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

The CLFLUSH for the modified code line in text_poke was supposed
to speed up CPU recovery. Unfortunately it seems to cause hangs
on some VIA C3s (at least on VIA Esther Model 10 Stepping 9)
Remove it.

Thanks to Stefan Becker for reporting/testing.
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Fix the NMI watchdog on Intel CoreDuo processor where the kernel would
get stuck during boot.  The issue is related to errata AE49, where the
PERFEVTSEL1 counter does not have a working enable bit.  Thus it is not
possible to use it for NMI.

The patch creates a dedicated wd_ops for CoreDuo which falls back to
using PERFEVTSEL0.  The other Intel processors supporting the
architectural PMU will keep on using PERFEVTSEL1 as this allows other
subsystems, such as perfmon, to use PERFEVTSEL0 for PEBS monitoring in
particular.  Bug initially reported by Daniel Walker.

AK: Added comments
Signed-off-by: Stephane Eranian <eranian@hpl.hp.com>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

fsid_source decided where to get the 'fsid' number to
return for a GETATTR based on the type of filehandle.
It can be from the device, from the fsid, or from the
UUID.

It is possible for the filehandle to be inconsistent
with the export information, so make sure the export information
actually has the info implied by the value returned by
fsid_source.
Signed-off-by: Neil Brown <neilb@suse.de>
Cc: "Luiz Fernando N. Capitulino" <lcapitulino@gmail.com>
Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Recent changes in NFSd cause a directory which is mounted-on
to not appear properly when the filesystem containing it is exported.

*exp_get* now returns -ENOENT rather than NULL and when
  commit 5d3dbbea
removed the NULL checks, it didn't add a check for -ENOENT.
Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

When PTRACE_SYSCALL was used and then PTRACE_DETACH is used, the
TIF_SYSCALL_TRACE flag is left set on the formerly-traced task.  This
means that when a new tracer comes along and does PTRACE_ATTACH, it's
possible he gets a syscall tracing stop even though he's never used
PTRACE_SYSCALL.  This happens if the task was in the middle of a system
call when the second PTRACE_ATTACH was done.  The symptom is an
unexpected SIGTRAP when the tracer thinks that only SIGSTOP should have
been provoked by his ptrace calls so far.

A few machines already fixed this in ptrace_disable (i386, ia64, m68k).
But all other machines do not, and still have this bug.  On x86_64, this
constitutes a regression in IA32 compatibility support.

Since all machines now use TIF_SYSCALL_TRACE for this, I put the
clearing of TIF_SYSCALL_TRACE in the generic ptrace_detach code rather
than adding it to every other machine's ptrace_disable.
Signed-off-by: Roland McGrath <roland@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Fix "lost" interrupt problem when using dma with CD/DVD drives in some
configurations.  This problem can make installing linux from media
impossible for distro's that have switched to libata-only configurations.

The simple fix is to eliminate the use of dma for reading drive status, etc,
by checking the number of bytes to transferred.

This change will only affect the behavior of atapi devices, not disks.
There is more info at http://bugzilla.redhat.com/show_bug.cgi?id=242229
This patch is for 2.6.22.1
Signed-off-by: Jeff Norden <jnorden@math.tntech.edu>
Reviewed-by: Alan Cox <alan@redhat.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>

via_do_set_mode overwrites 80-wire cable detection bits. Let's
preserve them.
Signed-off-by: Laurent Riffard <laurent.riffard@free.fr>
Acked-by: Alan Cox <alan@redhat.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>

* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
  [MIPS] Ocelot: remove remaining bits
  [MIPS] TLB: Fix instruction bitmasks
  [MIPS] R10000: Fix wrong test in dma-default.c
  [MIPS] Provide empty irq_enable_hazard definition for legacy and R1 cores.
  [MIPS] Sibyte: Remove broken dependency on EXPERIMENTAL from SIBYTE_SB1xxx_SOC.
  [MIPS] Kconfig: whitespace cleanup.
  [MIPS] PCI: Set need_domain_info if controller domain index is non-zero.
  [MIPS] BCM1480: Fix computation of interrupt mask address register.
  [MIPS] i8259: Add disable method.
  [MIPS] tty: add the new ioctls and definitions.

* 'i2c-for-linus' of git://jdelvare.pck.nerim.net/jdelvare-2.6:
  i2c-algo-bit: Read block data bugfix
  i2c-pxa: Fix adapter number
  i2c-gpio: Fix adapter number

* 'release' of git://lm-sensors.org/kernel/mhoffman/hwmon-2.6:
  hwmon: End of I/O region off-by-one

* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  [CRYPTO] blkcipher: Fix inverted test in blkcipher_get_spot
  [CRYPTO] blkcipher: Fix handling of kmalloc page straddling

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6:
  firewire: fw-ohci: ignore failure of pci_set_power_state (fix suspend regression)

* 'for-linus' of git://www.linux-m32r.org/git/takata/linux-2.6_dev:
  m32r: Rename STI/CLI macros
  m32r: build fix of entry.S
  m32r: Separate syscall table from entry.S
  m32r: Cosmetic updates of arch/m32r/kernel/entry.S
  m32r: Exit ei_handler directly for no IRQ case or IPI operations
  m32r: Simplify ei_handler code
  m32r: Define symbols to unify platform-dependent ICU checks
  m32r: Move dot.gdbinit files
  m32r: Rearrange platform-dependent codes
  m32r: Add defconfig file for the usrv platform.
  m32r: Update defconfig files for 2.6.23-rc1
  m32r: Move defconfig files to arch/m32r/configs/

* git://git.kernel.org/pub/scm/linux/kernel/git/mingo/linux-2.6-sched:
  sched: fix ideal_runtime calculations for reniced tasks
  sched: improve prev_sum_exec_runtime setting
  sched: simplify __check_preempt_curr_fair()
  sched: fix xtensa build warning
  sched: debug: fix sum_exec_runtime clearing
  sched: debug: fix cfs_rq->wait_runtime accounting
  sched: fix niced_granularity() shift
  sched: fix MC/HT scheduler optimization, without breaking the FUZZ logic.

* 'for-linus' of git://oss.sgi.com:8090/xfs/xfs-2.6:
  [XFS] fix nasty quota hashtable allocation bug
  [XFS] fix sparse shadowed variable warnings
  [XFS] fix ASSERT and ASSERT_ALWAYS
  [XFS] Fix sparse warning in kmem_shake_allow
  [XFS] Fix sparse NULL vs 0 warnings
  [XFS] Set filestreams object timeout to something sane.

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hpa/linux-2.6-x86setup:
  [x86 setup] Work around bug in Xen HVM

Signed-off-by: Yoichi Yuasa <yoichi_yuasa@tripeaks.co.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>

Signed-Off-By: Thiemo Seufer <ths@networkno.de>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>

Signed-off-by: Maxime Bizon <mbizon@freebox.fr>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>

Following a strict interpretation the empty definition of irq_enable_hazard
has always been a bug - but an intentional one because it didn't bite.
This has now changed, for uniprocessor kernels mm/slab.c:do_drain()

[...]
        on_each_cpu(do_drain, cachep, 1, 1);
        check_irq_on();
[...]

may be compiled into a mtc0 c0_status; mfc0 c0_status sequence resulting
in a back-to-back hazard.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>

Otherwise Kconfig will produce a nonsenical .config for a kernel that is
neither 32-bit nor 64-bit.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>