process.  The root-cause of the problem was that ptrace() tried
      to copy the portion of the register backing store that landed on
      the kernel stack back to users-space, but the resulting state
      was inconsistent if the inferior process was in the middle of a
      system-call (as would always be the case for strace).

      The solution is to avoid all needless copying and to instead
      ensure that when accessing a memory location that may belong to
      a thread's register-backing store, we attach to that particular
      thread, rather than the thread identified by the PID argument.
      If the thread happens to be unattachable, we fall back to using
      the thread identified by the PID argument.  This should have the
      desired effect if the thread has terminated already and if the
      thread is running while ptrace() is trying to access its state,
      all bets are off anyhow and there are no coherency guarantees.
      In other words, this should be doing the right thing under all
      circumstances.

      The patch also fixes the case where PT_AR_BSP and/or PT_CFM are
      written while the inferior process is in the middle of a system
      call.  This makes arguments passed to GDB inferior calls come
      out right.

      The patch was tested with strace -f and the GDB testsuite, which
      showed no regressions compared to the previous version of the
      kernel.

While backporting to 2.4 I noticed a few bits
of fluff that I'd introduced into 2.6.  Clean
up the mess.

Credit to Ben Woodard <ben@zork.net>.

The attached patch fixes a bug introduced by the earlier patch to
handle the differences between ia32 and ia64 in the definition of
MINSIGSTKSZ.

I hit a deadlock involving the ia64_ctx.lock. The lock
may be taken in interrupt context to process an IPI from smp_flush_tlb_mm.

	When there are two huge page mappings, like the two in the example
	below, first one at the end of PGDIR_SIZE, and second one starts at
	next PGDIR_SIZE (64GB with 16K page size):

	8000000ff0000000-8000001000000000 rw-s
	8000001000000000-8000001010000000 rw-s

	Unmapping the first vma would trick free_pgtable to think it
	can remove one set of pgd indexed at 0x400, and it went ahead
	purge the entire pmd/pte that are still in use by the second
	mapping. Now any subsequent access to pmd/pte for the second
	active mapping will trigger the bug.  We've seen hard kernel
	hang on some platform, some other platform will generate MCA,
	plus all kinds of unpleasant result.

Here's the updated version of the MCA TLB recovery patch.

smp_call_function() must not be called from interrupt context (can
deadlock on tasklist_lock).  Use keventd to call smp_call_function().

Forward port the recent changes to pal.h, sal.h, mca.h, salinfo.c and
mca.c from 2.4.23-rc2 to 2.6.0-test9.

This converts 2.6 to use salinfo instead of printing CMC/CPE/MCA/INIT
records in the kernel.  It makes the two kernel versions as close
together as possible.

As promised, here's a patch to add an sn2 defconfig file to get people
started with 2.6 kernels.  I even turned on CONFIG_IA64_SGI_SIM support
to make Jack happy :)

The arch-independent bootmem code now requires that arches initialize
their bootmem maps in reverse order (in particular, from high to low
addesses), otherwise alloc_bootmem_pages_low() won't work.  This change
makes the ia64 code do just that, so that machines without an IOMMU can
allocate their bounce buffers in low memory at early boot.  It also adds
a sanity check to the early init code to make sure that each node has a
local data area, because if they don't, many things will break later on
and may be hard to track down.

(SAL_CALL_REENTRANT): Disable preemption around the SAL call to
make sure we don't get rescheduled on a different CPU.

This forces the granule size to 16MB for HP zx1 and generic
kernels.  HP sx1000 machines require this.

Remove unused functions:
    acpi_get_prt()
    acpi_get_interrupt_model()
    acpi_get_addr_space()

(iosapic_init): Remove extraneous printk.
(pci_acpi_scan_root): Remove extraneous printk.

(alloc_resources):  Use insert_resource(), not request_resource(), to
allocate PCI root bridge windows.  This fixes the problem
where root bridge window allocation fails because an early
driver (like VGA) has already allocated things.

Make NODES_SHIFT larger to accomodate 256 node machines.

This small fix is needed for machines with more than 128 nodes.

The code in acpi_numa_memory_affinity_init that sorts the node_memblk
can overrun the array & clobber the memory that follows the end of the
array. The error will be seen only on systems that fill the
node_memblk array and only if SAL doesnt sort the entries in the SRAT.

into tiger.hpl.hp.com:/data1/bk/lia64/to-linus-2.5

This fixes a bug in the qla1280 driver where it would leave a pointer to
an on the stack completion event in a command structure if
qla1280_mailbox_command fails.  The result is that the interrupt handler
later tries to complete() garbage on the stack.  The mailbox command can
fail if a device on the bus decides to lock up etc.

I just found Yet Another Bug in scsi_ioctl - CDROM_SEND_PACKET puts a
kernel pointer in hdr->cmdp, where sg_io() expects to find user address.
This worked up until recently because of the memcpy bug, but now it
doesn't because we do the proper copy_from_user(). 

This fix undoes the user copy code from sg_io, and instead makes the
SG_IO ioctl copy it locally.  This makes SG_IO and CDROM_SEND_PACKET
agree on the calling convention, and everybody is happy. 

I've tested that both

   cdrecord -dev=/dev/hdc -inq

and

   cdrecord -dev=ATAPI:/dev/hdc -inq

works now.  The former will use SG_IO, the latter CDROM_SEND_PACKET (and
incidentally would work in both 2.4 and 2.6, if it wasn't for
CDROM_SEND_PACKET sucking badly in 2.4).

	this change:  Jim Wilson says that gcc v3.3 also supports
	marking ar.pfs as clobbered, so use ia64_spinlock_contention()
	for any GCC with v3.3 or newer.

From Jon Burgess:

  There is a problems with blank DVD media using the ide-cd driver.

  When we attempt to read the blank disk, the drive responds to the read
  request by returning a "blank media" error.  The kernel doesn't have
  any special case handling for this sense value and retries the request
  a couple of times, then gives up and does a bus reset and disables DMA
  to the device.

  Which obviously doesn't help the situation.

  The sense key value of 8 isn't listed in ide-cd.h, but it is listed in
  scsi.h as a "BLANK_CHECK" error.

  This trivial patch treats this error condition as a reason to abort
  the request.  This behaviour is the same as what we do with a blank CD-R.

  It looks like the same fix might be desired for 2.4 as well, although
  is perhaps not so important since scsi-ide is normally used instead.

into home.osdl.org:/home/torvalds/v2.5/linux

 1/ make sure raid5 doesn't try to handle multiple overlaping
    requests at the same time as this would confuse things badly.
    Currently it justs BUGs if this is attempted.
 2/ Fix a possible data-loss-on-write problem.  If two or
    more bio's that write to the same page are processed at the
    same time, only the first was actually commited to storage.
 3/ Fix a use-after-free bug.  raid5 keeps the bio's it is given
    in linked lists when more than one bio touch a single page.
    In some cases the tail of this list can be freed, and
    the current test for 'are we at the end' isn't reliable.
    This patch strengths the test to make it reliable.

Petr Vandrovec noticed a problem where the thread group leader
would not be properly reaped if the parent of the thread group
was ignoring SIGCHLD, and the thread group leader had exited
before the last sub-thread.

Fixed by Ingo Molnar.

This time we have a SMP memory ordering issue in prepare_to_wait(),
where we really need to make sure that subsequent tests for the
event we are waiting for can not migrate up to before the wait
queue has been set up.

In 2.5.x, the BKL was pushed from vfs_readdir() into the filesystem
specific functions.  But only the unlock_kernel() made it into the HPFS
code, lock_kernel() got lost on the way.  This rendered the filesystem
unusable.

This adds the missing lock_kernel().  It's been tested by Timo Maier who
also reported the problem earlier today.

The previous scsi_ioctl.c patch didn't cleanup the buffer/bio in the
error case. 

Fix it by copying the command data earlier.

	CONFIG_DISABLE_VHPT.

	put_user() arguments with function-calls would cause the
	macro to return unexpected values.  Fixed by avoiding macro
	argument evaluation while r8/r9 are in use for exception-handling
	purposes.  Also, consolidated access-macros so that GCC and
	Intel compiler use 90% the same code.

corruption on SMP because of another CPU still accessing a waitqueue
even after it was de-allocated.

Use a careful version of the list emptiness check to make sure we
don't de-allocate the stack frame before the waitqueue is all done.

	atomic_dec_and_lock().  Actually, this could be the generic
	version for any platform that has cmpxchg().