Actually there are several but one is trivially fixed

1.	FSACTL_GET_NEXT_ADAPTER_FIB ioctl does not lock dev->fib_list
but needs to
2.	Ditto for FSACTL_CLOSE_GET_ADAPTER_FIB
3.	It is possible to construct an attack via the SRB ioctls where
the user obtains assorted elevated privileges. Various approaches are
possible, the trivial ones being things like writing to the raw media
via scsi commands and the swap image of other executing programs with
higher privileges.

So the ioctls should be CAP_SYS_RAWIO - at least all the FIB manipulating
ones. This is a bandaid fix for #3 but probably the ioctls should grow
their own capable checks. The other two bugs need someone competent in that
driver to fix them.
Signed-off-by: NAlan Cox <alan@redhat.com>
Acked-by: NMark Salyzyn <mark_salyzyn@adaptec.com>
Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>

Signed-off-by: NMark Salyzyn <aacraid@adaptec.com>
Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>

Got a panic in the threading code on an older kernel when the Adapter
failed to load properly and driver shut down apparently before any
threading had started, can not dupe. Expect that this may be relevant in
the latest kernel, but not sure. This patch does no harm, and should
alleviate the possibility of this panic.
Signed-off-by: NMark Salyzyn <aacraid@adaptec.com>
Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>

Noticed on PowerPC allmod config build:

drivers/scsi/aacraid/commsup.c:1342: warning: large integer implicitly truncated to unsigned type
drivers/scsi/aacraid/commsup.c:1343: warning: large integer implicitly truncated to unsigned type
drivers/scsi/aacraid/commsup.c:1344: warning: large integer implicitly truncated to unsigned type

Also fix some whitespace on the changed lines.
Signed-off-by: NStephen Rothwell <sfr@canb.auug.org.au>
Acked-by: NMark Salyzyn <mark_salyzyn@adaptec.com>
Signed-off-by: NJames <James.Bottomley@HansenPartnership.com>
Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>

Reported by Al Viro.

This fixes it:

     [AC]FLAGS -> KBUILD_[AC]FLAGS conversion in Makefile-i386.
Signed-off-by: NJeff Dike <jdike@linux.intel.com>
Cc: Al Viro <viro@ftp.linux.org.uk>
Cc: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs:
  9p: add missing end-of-options record for trans_fd
  9p: return NULL when trans not found
  9p: use copy of the options value instead of original
  9p: fix memory leak in v9fs_get_sb

The list of options that the fd transport accepts is missing end-of-options
marker. This patch adds it.
Signed-off-by: NLatchesar Ionkov <lucho@ionkov.net>
Acked-by: NEric Van Hensbergen <ericvh@gmail.com>

v9fs_match_trans function returns arbitrary transport module instead of NULL
when the requested transport is not registered. This patch modifies the
function to return NULL in that case.
Signed-off-by: NLatchesar Ionkov <lucho@ionkov.net>
Acked-by: NEric Van Hensbergen <ericvh@gmail.com>

v9fs_parse_options function uses strsep which modifies the value of the
v9ses->options field. That modified value is later passed to the function
that creates the transport potentially making the transport creation
function to fail.

This patch creates a copy of v9ses->option field that v9fs_parse_options
function uses instead of the original value.
Signed-off-by: NLatchesar Ionkov <lucho@ionkov.net>
Acked-by: NEric Van Hensbergen <ericvh@gmail.com>

This patch fixes a memory leak in v9fs_get_sb.
Signed-off-by: NLatchesar Ionkov <lucho@ionkov.net>
Acked-by: NEric Van Hensbergen <ericvh@gmail.com>

* 'drm-patches' of master.kernel.org:/pub/scm/linux/kernel/git/airlied/drm-2.6:
  drm: DRM: fix memset size error
  drm: remove remnants of DRM_COPY_FROM/TO_USER_IOCTL
  drm: remove second forward decleration of drm device struct.

* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev:
  libata: handle broken cable reporting
  pata_hpt37x: Fix outstanding bug reports on the HPT374 and 37x cable detect
  ata_piix: Add additional PCI identifier for 40 wire short cable
  pata_serverworks: Fix problem with some drive combinations
  libata: Don't disable dipm with SET FEATURES
  libata and bogus LBA48 drives

* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6:
  phylib: Silence driver registration
  phylib: Add ID for Marvell 88E1240
  82596: free nonexistent resource fix
  SUNHME: Fix missing NETIF_F_VLAN_CHALLENGED on PCI happy meals

The size passing to memset is wrong.
Signed-off-by: NLi Zefan <lizf@cn.fujitsu.com>
Signed-off-by: NDave Airlie <airlied@redhat.com>

This is a bug in the savage driver since I introduced these changes.
Signed-off-by: NDave Airlie <airlied@redhat.com>

Signed-off-by: NDave Airlie <airlied@linux.ie>

Keeping the list in sync with the old IDE driver
Signed-off-by: NAlan Cox <alan@redhat.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Signed-off-by: NLi Zefan <lizf@cn.fujitsu.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: john stultz <johnstul@us.ibm.com>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Fix system call defines for system call 180 and 181 to match the underlying
system call table function entries.  System call 180 calls sys_pread64, and
181 calls sys_pwrite64, so make the definitions match.
Signed-off-by: NGreg Ungerer <gerg@uclinux.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Release the crypt_stat hash mutex on allocation error. Check for error
conditions when doing crypto hash calls.
Signed-off-by: NMichael Halcrow <mhalcrow@us.ibm.com>
Reported-by: NKazuki Ohta <kazuki.ohta@gmail.com>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

The extent_offset is getting incremented twice per loop iteration through any
given page.  It should only be getting incremented once.  This bug should only
impact hosts with >4K page sizes.
Signed-off-by: NMichael Halcrow <mhalcrow@us.ibm.com>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Remove panic from phonedev.  See

	http://bugzilla.kernel.org/show_bug.cgi?id=9266

for details (phonedev panics if unregistering device not registered).
Signed-off-by: NMatti Linnanvuori <mattilinnanvuori@yahoo.com>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

commit 4ae3f847 ("md: raid5: fix
clearing of biofill operations") did not get applied correctly,
presumably due to substantial similarities between handle_stripe5 and
handle_stripe6.

This patch moves the chunk of new code from handle_stripe6 (where it isn't
needed (yet)) to handle_stripe5.
Signed-off-by: NNeil Brown <neilb@suse.de>
Cc: "Dan Williams" <dan.j.williams@intel.com>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Make virtcons_probe() __devinit.
Fixes this section warning:

WARNING: vmlinux.o(.text+0x14c10b): Section mismatch: reference to .init.text:hvc_alloc (between 'virtcons_probe' and 'ac_register_board')
Signed-off-by: NRandy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Change the name of this data to use a name (suffix) that is whitelisted
by MODPOST so that the section warning is fixed (not generated).

WARNING: vmlinux.o(.data+0x1b140): Section mismatch: reference to .init.text:m48t59_rtc_probe (between 'm48t59_rtc_platdrv' and 'm48t59_nvram_attr')
Signed-off-by: NRandy Dunlap <randy.dunlap@oracle.com>
Acked-by: NAlessandro Zummo <a.zummo@towertech.it>
Cc: David Brownell <david-b@pacbell.net>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

KERNEL_DEFINES needs whitespace trimmed, otherwise the whitespace crunching
done by make fools the patsubst which is used to remove KERNEL_DEFINES from
USER_CFLAGS.
Signed-off-by: NJeff Dike <jdike@linux.intel.com>
Cc: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Fix an incompatible-pointer warning.
Signed-off-by: NWANG Cong <xiyou.wangcong@gmail.com>
Signed-off-by: NJeff Dike <jdike@linux.intel.com>
Cc: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Fix 'and' typo (PT_WRITE_OK is defined 2)
Signed-off-by: NRoel Kluin <12o3l@tiscali.nl>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

This patch fixes an off-by-one error spotted by the Coverity checker.
Signed-off-by: NAdrian Bunk <bunk@kernel.org>
Acked-by: NDavid Howells <dhowells@redhat.com>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

A tiny vestige of arm26 has appeared: remove it again.

(akpm: someone (tm) needs to remove include/asm-arm26/ too)
Signed-off-by: NHugh Dickins <hugh@veritas.com>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

When a bitmap is empty bitmap_scnlistprintf() would leave the buffer
uninitialized.  Set it to an empty string in this case.

I didn't see any in normal kernel callers hitting this, but some custom
debug code of mine did.
Signed-off-by: NAndi Kleen <ak@suse.de>
Acked-by: NPaul Jackson <pj@sgi.com>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

The Build with randconfig fails with following error with the
2.6.24-rc4-git9

include/linux/kallsyms.h:56: error: `NULL' undeclared (first use in this
function)
include/linux/kallsyms.h:56: error: (Each undeclared identifier is
reported only once
include/linux/kallsyms.h:56: error: for each function it appears in.)
make[2]: *** [arch/powerpc/platforms/cell/spu_callbacks.o] Error 1
make[1]: *** [arch/powerpc/platforms/cell] Error 2
make: *** [arch/powerpc/platforms] Error 2
Signed-off-by: NKamalesh Babulal <kamalesh@linux.vnet.ibm.com>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Grant Grundler was asking for more detail about correct usage of local
atomic operations and suggested adding the resulting summary to
local_ops.txt.

"Please add a bit more detail. If DaveM is correct (he normally is), then
there must be limits on how the local_t can be used in the kernel process
and interrupt contexts. I'd like those rules spelled out very clearly
since it's easy to get wrong and tracking down such a bug is quite painful."
Signed-off-by: NMathieu Desnoyers <mathieu.desnoyers@polymtl.ca>
Signed-off-by: NGrant Grundler <grundler@parisc-linux.org>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

drivers/serial/8250_early.c:80: warning: conflicting types for built-in function `putc'
Signed-off-by: NYinghai Lu <yinghai.lu@sun.com>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

max_phys_segments and max_sectors were swapped
Signed-off-by: NVasily Averin <vvs@sw.ru>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Let's make immediately obvious from where sysctl comes from and messages
itself more noticeable.
Signed-off-by: NAlexey Dobriyan <adobriyan@gmail.com>
Acked-by: N"Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Signed-off-by: NRoel Kluin <12o3l@tiscali.nl>
Acked-by: NKarsten Keil <kkeil@suse.de>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

One or two ancient drives predated the cable spec and didn't sent the
valid bits for the field. I had hoped to leave this out of libata as a
piece of historical annoyance but a recent CD drive shows the same bug so
we have to import support for it.

Same concept as Bartlomiej's changes old IDE except that as we have
centralised blacklists we can avoid keeping another private table of stuff
Signed-off-by: NAlan Cox <alan@redhat.com>
Signed-off-by: NJeff Garzik <jeff@garzik.org>

- Read frequency correctly
- Correct cable detect handling
- Fix wrong filter test
Signed-off-by: NAlan Cox <alan@redhat.com>
Signed-off-by: NJeff Garzik <jeff@garzik.org>