Balazs Scheidler pointed out that we can fail to call ip_nat_setup_info
for local NAT, which causes the connection to be added twice. Boom.
Also move the hash table insertion into ip_nat_setup_info.

This patch introduces the /proc/sys/net/ipv4/netfilter/ directory for=20
the tuneable parameters of the conntrack engine of netfilter.

The parameters which can currently be fine-tuned (if required at all)=20
are the ip_conntrack_max, and the conntrack timeout parameters in seconds.

The default timeout value for the TCP CLOSE_WAIT state is raised to 3
days, which should cause less problems with long-lived half-closed TCP
sessions.

For the sake of compatibility with 2.4,=20
/proc/sys/net/ipv4/netfilter/ip_conntrack_max is duplicated as=20
/proc/sys/net/ipv4/ip_conntrack_max as well.

the 25_natcore-nohelper.patch (incorporated in 2.4.22) did actually make
things not better.  If a NAT rule was matched, num_manips can still be 0.
However, some helpers (like PPTP) need to _always mangle the packets,
even if there is no NAT mapping for a particular connection.
On the other hand, as soon as CONFIG_IP_NF_LOCAL_NAT was disabled,
we did end up half-mangling local (non-NAT'ed) connections.  This patch
removes the LOCAL_OUT hook from the NAT core unless CONFIG_IP_NF_NAT_LOCAL
is enabled.

This removes the remains of some debugging stuff which was never really
enabled properly - it never reported memory leaks.  Its not useful for
anyone but me. 

A proper solution involves counting all requests in flight and all
threads but we'll probably put that just into mm.

sget() is pessimistic and assumes it won't find a superblock - and as a
result it always pre-allocates a new one before even searching for an
existing entry.  If it finds an existing one, it free's the extra one it
just allocated.

Especially with /proc usage it usually _does_ find an existing
superblock, so this is all extra work.  It should allocate a new one
only if it couldn't find an old one (and re-search).

The same way as iget() does it.

This one won't cause hangs, but can trip some WARNs.

into kernel.bkbits.net:/home/davem/net-2.5

Rather than not kfree'ing the UDF data in the case of a bad inode (which
still _may_ have had the UDF data already allocated to it), make sure to
initialize the pointer to NULL properly when we're done with it.

From: Arun Sharma <arun.sharma@intel.com>

Based on some earlier discussion:

http://marc.theaimsgroup.com/?t=106015010700002&r=1&w=2

here's a new patch that attempts to disable BLK_DEV_FD on platforms which
don't support it.  The patch also attempts to remove the duplication of the
logic in compat_ioctl.h.

From: James Morris <jmorris@redhat.com>

From: Arun Sharma <arun.sharma@intel.com>

A minor bug fix to the ioctl32 code handling SG_IO.  sgio->dxferp is not
initialzed properly.

From: Geert Uytterhoeven <geert@linux-m68k.org>

Make that allyesconfig works on architectures that don't support HugeTLBs.

From: Andries.Brouwer@cwi.nl

 `generic_NCR5380_biosparam' declared `static' but never defined

From: Rick Lindsley <ricklind@us.ibm.com>

One typo corrected, and the references to 2.5 are minimized and mostly
changed to 2.6.

From: Roland McGrath <roland@redhat.com>

gdb really needs some way to know the AT_SYSINFO_EHDR value for a process
being debugged or for the dead process described by a core file.  Without
this value, it can't find the information necessary to show backtraces of
threads waiting in system calls.  There are any number of ways this
information could be made available.  Here is one solution that provides
more debugging information in a clean and general fashion.

I've added access to the AT_* values passed to a process for third parties
to examine for debugging purposes.  The same data passed on the stack at
startup is made available in /proc/PID/auxv and is written in an NT_AUXV
note in core dumps.  (Both of these are consistent with what Solaris does
using the same names.)

Here are two different patches that implement the same thing differently.
The first patch uses a ref-counted data structure to copy the aux vector
and shares among forked mm's until they exec and get a new one.  The second
patch avoids the complexity of that data structure by simply expanding the
mm_struct with space to hold a copy of the data.  Both patches work
correctly; I have examined the new /proc/PID/auxv file and core dumps.

I hope you will consider including one of these patches, or at least some
way of getting at this information from the debugger.  I am certainly open
to other suggestions on implementing this feature, and to suggestions on
alternative interfaces for getting the AT_SYSINFO_EHDR value cleanly.

- mpparse printk should be in hex (john stultz <johnstul@us.ibm.com>)

- fiddle with RCU copyright messages (Dipankar Sarma <dipankar@in.ibm.com>)

- use print_dev_t() for sysfs dev file in videodev.c (Gerd Knorr
  <kraxel@bytesex.org>)

- comx-hw-munich.c 64-bit warning fix (Vinay K Nallamothu
  <vinay.nallamothu@gsecone.com>)

- random.c return val fix

From: Will Dyson <will_dyson@pobox.com>

Remember to free the inode cache if register_filesystem() fails.

From: Rolf Eike Beer <eike-kernel@sf-tec.de>

this patch makes some ints to unsigned ints.  They are only used as loop
counters and compared to unsigned ints.  GCC 3.3 doesn't like this.  They
will never be negative anyway, so we could easily shut him up.

From: Stephen Smalley <sds@epoch.ncsc.mil>

This patch changes the security_inode_permission hook to also take a
nameidata parameter in addition to the existing inode and mask parameters. 

A nameidata is already passed (although sometimes NULL) to
fs/namei.c:permission(), and the patch changes exec_permission_lite() to
also take a nameidata parameter so that it can pass it along to the
security hook.

The patch includes corresponding changes to the SELinux module to use the
nameidata information when it is available; this allows SELinux to include
pathname information in audit messages when a nameidata structure was
supplied.

From: Stephen Smalley <sds@epoch.ncsc.mil>

This patch fixes a bug introduced by earlier code cleanups in the SELinux
convert_context code that manifests upon a policy reload that removes
previously valid security attributes.  Thanks to Magosanyi Arpad for
reporting the bug.

From: Felipe W Damasio <felipewd@terra.com.br>

If other kmallocs failed after successfully allocating a "struct mtd_info",
it should be freed before returning NULL.

From: Christoph Hellwig <hch@lst.de>

It's the only abuse of proc_iops left (except the totally b0rked comx
driver).  The patch is from Al, I just forward-ported it from 2.4.

Background: struct proc_dir_entry has a struct inode_operations *proc_iops
member, it's from Linux's stoneage and used internally by procfs to assign
either the link or directory inode ops.

Unfortunately some drivers started to abuse it do do bad things like create
on lookup (that's the comx thingy which relies on unexported symbols and thus
is broken for modular builds since mid-2.3) or various ->permission tricks
(all gone by now).

After this patch is gone I have another one that kills proc_iops and just
uses a normal conditional inside procfs to assign the right one directly.

From: Rusty Russell <rusty@rustcorp.com.au>

Found this while converting netfilter modules to use the new
parameters.  Also fixes an out-by-one error in maximum elements you
can put in array.

The current "intarray" module params were never tested, and um, suck.
Only one person uses them, and it looks painful.

Since noone uses them, replace them with tested versions.

From: "Randy.Dunlap" <rddunlap@osdl.org>, Will Dyson <will_dyson@pobox.com>, me

Add generic filesystem options parser (infrastructure) and use it to parse
mount options in several filesystems (adfs, affs, autofs, autofs4, ext2,
ext3, fat, hfs, hpfs, isofs, jfs, procfs, udf, and ufs).

It saves between 128 and 512 bytes per filesystem.

From: "David S. Miller" <davem@redhat.com>

This attempts to take care of 2 of the MM todos I had on
my backlog:

1) Zap the stupid flush_cache_all() thing with more meaningful
   interfaces.

2) Resolve the ptrace user page access issues, first stage.

The "first stage" mentioned for #2 is simply creating the
user page accesor interfaces.  The next stage needs to be
mucking with get_user_pages() so that we can control when
the flush_dcache_page() occurs.  Then we:

1) For every platform where flush_dcache_page() is a non-nop
   add a call to the beginning of copy_{from,to}_user_page().
2) Make access_process_vm() set the "no dcache flush" bit in
   it's call to get_user_pages().

The idea also was that we'd consolidate the write etc. boolean
args passed to get_user_pages() into flag bits too.

But at least with the below, we can delete that reminder FIXME
comment from kernel/ptrace.c, the platforms have the necessary
tools and just need to make use of it :)

As a bonus I noticed that VMALLOC_VMADDR() did absolutely nothing.

After all of this I only have 1 real TODO left, and that's dealing
with the SMP TLB/pte invalidation stuff, very low priority until
someone starts doing more work with sparc32/SMP in 2.6.x :)

Remove duplicated #defines

From: Andries.Brouwer@cwi.nl

ext2 used a 32-bit field for dev_t, with possibly undefined storage
following; thus, no action was required to go to 32-bit dev_t, but going to
64-bit dev_t required some subtlety: 0 was written in the first word and
the 64 bits in the following two.  Al truncated my 64-bit stuff to 32 bits
but did not understand why there was this split, and wrote 0 followed by a
single word.  We should at least zero the word following to have
well-defined storage later.

From: Herbert Xu <herbert@gondor.apana.org.au>

The last change to isdn_common.c removed a label that is used when
ISDN_PPP is defined.  This patch puts it back.

From: Oliver Xymoron <oxymoron@waste.org>

I just noticed the ikconfig stuff made it into mainline via -mm. I
also just noticed that it's based in part on a patch I posted almost 5
years ago:

http://groups.google.com/groups?q=oliver+xymoron+config.gz&hl=en&lr=&ie=UTF-8&selm=fa.j8fsl5v.g08fjo%40ifi.uio.no&rnum=2

Sadly, after wandering aimlessly in the desert of unloved patches all
those years, all attribution got lost. This adds a copyright + license
to scripts/bin2c.c, which hasn't aged a day.