Problem discovered and initial patch by Olaf Kirch:

	there's a problem with IPsec that has been bugging some of our users
	for the last couple of kernel revs. Every now and then, IPsec will
	freeze the machine completely. This is with openswan user land,
	and with kernels up to and including 2.6.16-rc2.

	I managed to debug this a little, and what happens is that we end
	up looping in xfrm_lookup, and never get out. With a bit of debug
	printks added, I can this happening:

		ip_route_output_flow calls xfrm_lookup

		xfrm_find_bundle returns NULL (apparently we're in the
			middle of negotiating a new SA or something)

		We therefore call xfrm_tmpl_resolve. This returns EAGAIN
			We go to sleep, waiting for a policy update.
			Then we loop back to the top

		Apparently, the dst_orig that was passed into xfrm_lookup
			has been dropped from the routing table (obsolete=2)
			This leads to the endless loop, because we now create
			a new bundle, check the new bundle and find it's stale
			(stale_bundle -> xfrm_bundle_ok -> dst_check() return 0)

	People have been testing with the patch below, which seems to fix the
	problem partially. They still see connection hangs however (things
	only clear up when they start a new ping or new ssh). So the patch
	is obvsiouly not sufficient, and something else seems to go wrong.

	I'm grateful for any hints you may have...

I suggest that we simply bail out always.  If the dst decides to die
on us later on, the packet will be dropped anyway.  So there is no
great urgency to retry here.  Once we have the proper resolution
queueing, we can then do the retry again.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Olaf Kirch <okir@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>

Signed-off-by: Nicolas DICHTEL <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

drivers/net/appletalk/cops.c: In function `cops_load':
drivers/net/appletalk/cops.c:539: warning: assignment discards qualifiers from pointer target type
drivers/net/appletalk/cops.c:547: warning: assignment discards qualifiers from pointer target type
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

- panic() doesn't return.

- Don't forget to unlock on genl_register_family() error path

- genl_rcv_msg() is called via pointer so there's no point in declaring it
  `inline'.

Notes:

genl_ctrl_event() ignores the genlmsg_multicast() return value.

lots of things ignore the genl_ctrl_event() return value.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

Horms patch was the best of the three fixes. Dave, already applied
Harald's version, so this patch converts that to the better one.
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

The new x_tables related Kconfig options appear at the wrong menu level
without this patch.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

Missing license tag.
I've assumed this is GPL.  (It could also use a MODULE_AUTHOR)
Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

isic can trigger these msgs to be spewed at a very high rate.
There's already a sysctl to turn them off. Given these messages
aren't useful for most people, this patch disables them by
default.
Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

This seems to be trivial to trigger.
Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

From: Joe Perches <joe@perches.com>

Based upon a patch by Dave Jones.
Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

I get a machine check exception, triple fault, or NMI watchdog lockup
when DRI gets enabled on this card.

(And Mauro Tassinari <mtassinari@cmanet.it> reports hung kernels too in
http://lkml.org/lkml/2006/1/26/97)

[ Adrian Bunk also states that this is the only RV350 entry for an RV370
  in our lists, which implies that it's just buggy ]

Cc: Adrian Bunk <bunk@stusta.de>
Cc: Dave Jones <davej@redhat.com>
Cc: Mauro Tassinari <mtassinari@cmanet.it>
Cc: Dave Airlie <airlied@linux.ie>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

This fixes a potential oops if there is an error reported by
posix_acl_from_disk().  This is mostly theoretical due to the use of
magics and checksums in xattrs, but is still possible.
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

As noted by Jan Dittmer <jdi@l4x.org>
Signed-off-by: Yoichi Yuasa <yoichi_yuasa@tripeaks.co.jp>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

Before the PCMCIA subsystem was fully integrated into the device and
driver model, the BT3C driver had to workaround this when loading the
firmware. This workaround is broken and makes the driver oops when
loading the firmware. This patch removes this workaround and uses now
the provided device structure from the PCMCIA subsystem.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

This patch fixes the two NULL pointer dereferences found by the sfuzz
tool from Ilja van Sprundel. The first one was a call of getsockname()
for an unbound socket and the second was calling accept() while this
operation isn't implemented for the HCI socket interface.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

This patch reduces the default L2CAP MTU for all RFCOMM connections
from 1024 to 1013 to improve the interoperability with some broken
RFCOMM implementations. To make this more flexible the L2CAP MTU
becomes also a module parameter and so it can changed at runtime.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

Signed-off-by: David S. Miller <davem@davemloft.net>

Don't touch the non DMA members in the sg list in dma_map_sg in the IOMMU

Some drivers (in particular ST) ran into problems because they reused the sg
lists after passing them to pci_map_sg().  The merging procedure in the K8
GART IOMMU corrupted the state.  This patch changes it to only touch the dma*
entries during merging, but not the other fields.  Approach suggested by Dave
Miller.
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

We found a problem with x86_64 kernels with preemption enabled, where
having multiple tasks doing ptrace singlesteps around the same time will
cause the system to 'oops'.  The problem seems that a task can get
preempted out of the do_debug() processing while it is running on the
DEBUG_STACK stack.  If another task on that same cpu then enters do_debug()
and uses the same per-cpu DEBUG_STACK stack, the previous preempted tasks's
stack contents can be corrupted, and the system will oops when the
preempted task is context switched back in again.

The typical oops looks like the following:

  Unable to handle kernel paging request at ffffffffffffffae RIP: <ffffffff805452a1>{thread_return+34}
  PGD 103027 PUD 102429067 PMD 0
  Oops: 0002 [1] PREEMPT SMP
  CPU 0
  Modules linked in:
  Pid: 3786, comm: ssdd Not tainted 2.6.15.2 #1
  RIP: 0010:[<ffffffff805452a1>] <ffffffff805452a1>{thread_return+34}
  RSP: 0018:ffffffff80824058  EFLAGS: 000136c2
  RAX: ffff81017e12cea0 RBX: 0000000000000000 RCX: 00000000c0000100
  RDX: 0000000000000000 RSI: ffff8100f7856e20 RDI: ffff81017e12cea0
  RBP: 0000000000000046 R08: ffff8100f68a6000 R09: 0000000000000000
  R10: 0000000000000000 R11: ffff81017e12cea0 R12: ffff81000c2d53e8
  R13: ffff81017f5b3be8 R14: ffff81000c0036e0 R15: 000001056cbfc899
  FS:  00002aaaaaad9b00(0000) GS:ffffffff80883800(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
  CR2: ffffffffffffffae CR3: 00000000f6fcf000 CR4: 00000000000006e0
  Process ssdd (pid: 3786, threadinfo ffff8100f68a6000, task ffff8100f7856e20)
  Stack: ffffffff808240d8 ffffffff8012a84a ffff8100055f6c00 0000000000000020
         0000000000000001 ffff81000c0036e0 ffffffff808240b8 0000000000000000
         0000000000000000 0000000000000000
  Call Trace: <#DB>
	<ffffffff8012a84a>{try_to_wake_up+985}
	<ffffffff8012c0d3>{kick_process+87}
        <ffffffff8013b262>{signal_wake_up+48}
	<ffffffff8013b5ce>{specific_send_sig_info+179}
        <ffffffff80546abc>{_spin_unlock_irqrestore+27}
	<ffffffff8013b67c>{force_sig_info+159}
        <ffffffff801103a0>{do_debug+289} <ffffffff80110278>{sync_regs+103}
        <ffffffff8010ed9a>{paranoid_userspace+35}
  Unable to handle kernel paging request at 00007fffffb7d000 RIP: <ffffffff8010f2e4>{show_trace+465}
  PGD f6f25067 PUD f6fcc067 PMD f6957067 PTE 0
  Oops: 0000 [2] PREEMPT SMP

This patch disables preemptions for the task upon entry to do_debug(), before
interrupts are reenabled, and then disables preemption before exiting
do_debug(), after disabling interrupts.  I've noticed that the task can be
preempted either at the end of an interrupt, or on the call to
force_sig_info() on the spin_unlock_irqrestore() processing.  It might be
better to attempt to code a fix in entry.S around the code that calls
do_debug().
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

The orinoco wireless driver can support the SMC 2532W-B PC Card, so add the
id for it.
Signed-off-by: Jesse Allen <the3dfxdude@gmail.com>
Cc: Pavel Roskin <proski@gnu.org>
Cc: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

Unfortunately, the reiserfs_attrs_cleared bit in the superblock flag can
lie.  File systems have been observed with the bit set, yet still contain
garbage in the stat data field, causing unpredictable results.

This patch backs out the enable-by-default behavior.

It eliminates the changes from: d50a5cd860ce721dbeac6a4f3c6e42abcde68cd8,
and ef5e5414e7a83eb9b4295bbaba5464410b11e030.
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

net/bridge/br_netfilter.c: In function `br_nf_post_routing':
net/bridge/br_netfilter.c:808: warning: implicit declaration of function `has_bridge_parent'
Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Cc: Harald Welte <laforge@netfilter.org>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

Add fstatat64 support to s390 in order to follow changes with
commit cff2b760 .
Also fixes compilation for 31 bit.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

Update the module version defines.
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>

Put all code for showing the card's boot info in
one sub-routine.
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>

Rename get_support function to pcwd_check_temperature_support
so that it is clearer what the function does.
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>

Add Control Status #2 bits (with defines)
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>

more private data of the card to one struct.
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>

When doing a __devexit from a card we should also
decrement the cards_found counter.
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>

add extra comments for the include files
changes spaces by tabs where it is appropriate.
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>

The following makes drivers/char/watchdog/sa1100_wdt.c sparse clean.
(similar to the other watchdog drivers)
Signed-off-by: Ian Campbell <icampbell@arcom.com>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>

drivers/video/fbmem.c:1567: warning: 'video_setup' defined but not used
Acked-by: "Antonino A. Daplas" <adaplas@pol.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

Add support for Geforce4 MX 4000 (0x185)
Signed-off-by: Antonino Daplas <adaplas@pol.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

The BUS_I2C option is neither available (since there is no VISWS option in
the kernel) nor does it have any effect - so why not remove it?

Based on a report by Jean-Luc Leger <reiga@dspnet.fr.eu.org>.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Cc: "Antonino A. Daplas" <adaplas@pol.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

- tipar_open(): fix unsigned comparison

- tipar_open(): don't permit NULL pardevice (probably unneeded given the
  above fix).

- tipar_init_module(): handle the situation where parport_register_driver()
  failed to register any devices (parport_register_driver() drops the ->attach
  return value on the floor).

  This probably makes fixes #1 and #2 unneeded.

- tipar_init_module(): fix various error-path resource leaks.
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

Right now in __constant_test_bit for the s390 there is an extra set of ()
surrounding the calculation.  This patch simply removes one set of () that is
surrounding the whole clause.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

Based on a patch from Maximilian Attems <maks@sternwelten.at> .  Nothing in
asm-s390/setup.h is of interest for user space.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>