When there are two huge page mappings, like the two in the example
	below, first one at the end of PGDIR_SIZE, and second one starts at
	next PGDIR_SIZE (64GB with 16K page size):

	8000000ff0000000-8000001000000000 rw-s
	8000001000000000-8000001010000000 rw-s

	Unmapping the first vma would trick free_pgtable to think it
	can remove one set of pgd indexed at 0x400, and it went ahead
	purge the entire pmd/pte that are still in use by the second
	mapping. Now any subsequent access to pmd/pte for the second
	active mapping will trigger the bug.  We've seen hard kernel
	hang on some platform, some other platform will generate MCA,
	plus all kinds of unpleasant result.

Here's the updated version of the MCA TLB recovery patch.

smp_call_function() must not be called from interrupt context (can
deadlock on tasklist_lock).  Use keventd to call smp_call_function().

Forward port the recent changes to pal.h, sal.h, mca.h, salinfo.c and
mca.c from 2.4.23-rc2 to 2.6.0-test9.

This converts 2.6 to use salinfo instead of printing CMC/CPE/MCA/INIT
records in the kernel.  It makes the two kernel versions as close
together as possible.

As promised, here's a patch to add an sn2 defconfig file to get people
started with 2.6 kernels.  I even turned on CONFIG_IA64_SGI_SIM support
to make Jack happy :)

The arch-independent bootmem code now requires that arches initialize
their bootmem maps in reverse order (in particular, from high to low
addesses), otherwise alloc_bootmem_pages_low() won't work.  This change
makes the ia64 code do just that, so that machines without an IOMMU can
allocate their bounce buffers in low memory at early boot.  It also adds
a sanity check to the early init code to make sure that each node has a
local data area, because if they don't, many things will break later on
and may be hard to track down.

(SAL_CALL_REENTRANT): Disable preemption around the SAL call to
make sure we don't get rescheduled on a different CPU.

This forces the granule size to 16MB for HP zx1 and generic
kernels.  HP sx1000 machines require this.

Remove unused functions:
    acpi_get_prt()
    acpi_get_interrupt_model()
    acpi_get_addr_space()

(iosapic_init): Remove extraneous printk.
(pci_acpi_scan_root): Remove extraneous printk.

(alloc_resources):  Use insert_resource(), not request_resource(), to
allocate PCI root bridge windows.  This fixes the problem
where root bridge window allocation fails because an early
driver (like VGA) has already allocated things.

Make NODES_SHIFT larger to accomodate 256 node machines.

This small fix is needed for machines with more than 128 nodes.

The code in acpi_numa_memory_affinity_init that sorts the node_memblk
can overrun the array & clobber the memory that follows the end of the
array. The error will be seen only on systems that fill the
node_memblk array and only if SAL doesnt sort the entries in the SRAT.

into tiger.hpl.hp.com:/data1/bk/lia64/to-linus-2.5

This fixes a bug in the qla1280 driver where it would leave a pointer to
an on the stack completion event in a command structure if
qla1280_mailbox_command fails.  The result is that the interrupt handler
later tries to complete() garbage on the stack.  The mailbox command can
fail if a device on the bus decides to lock up etc.

I just found Yet Another Bug in scsi_ioctl - CDROM_SEND_PACKET puts a
kernel pointer in hdr->cmdp, where sg_io() expects to find user address.
This worked up until recently because of the memcpy bug, but now it
doesn't because we do the proper copy_from_user(). 

This fix undoes the user copy code from sg_io, and instead makes the
SG_IO ioctl copy it locally.  This makes SG_IO and CDROM_SEND_PACKET
agree on the calling convention, and everybody is happy. 

I've tested that both

   cdrecord -dev=/dev/hdc -inq

and

   cdrecord -dev=ATAPI:/dev/hdc -inq

works now.  The former will use SG_IO, the latter CDROM_SEND_PACKET (and
incidentally would work in both 2.4 and 2.6, if it wasn't for
CDROM_SEND_PACKET sucking badly in 2.4).

	this change:  Jim Wilson says that gcc v3.3 also supports
	marking ar.pfs as clobbered, so use ia64_spinlock_contention()
	for any GCC with v3.3 or newer.

From Jon Burgess:

  There is a problems with blank DVD media using the ide-cd driver.

  When we attempt to read the blank disk, the drive responds to the read
  request by returning a "blank media" error.  The kernel doesn't have
  any special case handling for this sense value and retries the request
  a couple of times, then gives up and does a bus reset and disables DMA
  to the device.

  Which obviously doesn't help the situation.

  The sense key value of 8 isn't listed in ide-cd.h, but it is listed in
  scsi.h as a "BLANK_CHECK" error.

  This trivial patch treats this error condition as a reason to abort
  the request.  This behaviour is the same as what we do with a blank CD-R.

  It looks like the same fix might be desired for 2.4 as well, although
  is perhaps not so important since scsi-ide is normally used instead.

into home.osdl.org:/home/torvalds/v2.5/linux

 1/ make sure raid5 doesn't try to handle multiple overlaping
    requests at the same time as this would confuse things badly.
    Currently it justs BUGs if this is attempted.
 2/ Fix a possible data-loss-on-write problem.  If two or
    more bio's that write to the same page are processed at the
    same time, only the first was actually commited to storage.
 3/ Fix a use-after-free bug.  raid5 keeps the bio's it is given
    in linked lists when more than one bio touch a single page.
    In some cases the tail of this list can be freed, and
    the current test for 'are we at the end' isn't reliable.
    This patch strengths the test to make it reliable.

Petr Vandrovec noticed a problem where the thread group leader
would not be properly reaped if the parent of the thread group
was ignoring SIGCHLD, and the thread group leader had exited
before the last sub-thread.

Fixed by Ingo Molnar.

This time we have a SMP memory ordering issue in prepare_to_wait(),
where we really need to make sure that subsequent tests for the
event we are waiting for can not migrate up to before the wait
queue has been set up.

In 2.5.x, the BKL was pushed from vfs_readdir() into the filesystem
specific functions.  But only the unlock_kernel() made it into the HPFS
code, lock_kernel() got lost on the way.  This rendered the filesystem
unusable.

This adds the missing lock_kernel().  It's been tested by Timo Maier who
also reported the problem earlier today.

The previous scsi_ioctl.c patch didn't cleanup the buffer/bio in the
error case. 

Fix it by copying the command data earlier.

	CONFIG_DISABLE_VHPT.

	put_user() arguments with function-calls would cause the
	macro to return unexpected values.  Fixed by avoiding macro
	argument evaluation while r8/r9 are in use for exception-handling
	purposes.  Also, consolidated access-macros so that GCC and
	Intel compiler use 90% the same code.

corruption on SMP because of another CPU still accessing a waitqueue
even after it was de-allocated.

Use a careful version of the list emptiness check to make sure we
don't de-allocate the stack frame before the waitqueue is all done.

	atomic_dec_and_lock().  Actually, this could be the generic
	version for any platform that has cmpxchg().

	backwards-compatibility with older (broken) versions of GCC which
	recognize a signal-handler only if it is in the address range
	from 0xa000000000000100. to 0xa000000000020000.

	clobbered, so use ia64_spinlock_contention() for any GCC with
	v3.3 or newer.

into kroah.com:/home/greg/linux/BK/usb-2.6

visor.c defines one empty slot in USB ids table that can be filled in at
runtime using module parameters. file2alias generates catch-all alias for it:

alias usb:v*p*dl*dh*dc*dsc*dp*ic*isc*ip* visor

patch adds the same sanity check as in depmod to scripts/file2alias.

This patch fixes the bug where running ppp over a ttyUSB device would fail.