Changed the subsystem initialization sequence to hold off installation of
address space handlers until the hardware has been initialized and the
system has entered ACPI mode.  This is because the installation of space
handlers can cause _REG methods to be run.  Previously, the _REG methods
could potentially be run before ACPI mode was enabled.

Fixed some memory leak issues related to address space handler and notify
handler installation.  There were some problems with the reference count
mechanism caused by the fact that the handler objects are shared across
several namespace objects.

Fixed a reported problem where reference counts within the namespace were
not properly updated when named objects created by method execution were
deleted.

Fixed a reported problem where multiple SSDTs caused a deletion issue
during subsystem termination.  Restructured the table data structures
to simplify the linked lists and the related code.

Fixed a problem where the table ID associated with secondary tables (SSDTs)
was not being propagated into the namespace objects created by those
tables.  This would only present a problem for tables that are unloaded
at run-time, however.

Updated AcpiOsReadable and AcpiOsWritable to use the ACPI_SIZE type as
the length parameter (instead of UINT32).

Solved a long-standing problem where an ALREADY_EXISTS error appears on
various systems.  This problem could happen when there are multiple
PCI_Config operation regions under a single PCI root bus.  This doesnt
happen very frequently, but there are some systems that do this in the
ASL.

Fixed a reported problem where the internal DeleteNode function was
incorrectly handling the case where a namespace node was the first in
the parents child list, and had additional peers (not the only child,
but first in the list of children.)

Here's a small patch that fixes the logic of the kobject creation and
registration in the acpi code (since we use kobject_init(), we need to
use kobject_add(), not kobject_register() to add the kobject to the
kernel systems).

into groveronline.com:/root/bk/linux-acpi

into groveronline.com:/root/bk/linux-acpi

into kernel.bkbits.net:/home/davem/net-2.5

into nuts.ninka.net:/home/davem/src/BK/net-2.5

into nuts.ninka.net:/home/davem/src/BK/sctp-2.5

into nuts.ninka.net:/home/davem/src/BK/net-2.5

Thanks to Al Viro for pointing out these problems.

into kroah.com:/home/linux/linux/BK/gregkh-2.5

From: Grzegorz Jaskiewicz <gj@pointblue.com.pl>

gcc-2.94 fails to compile this code, alleging an invalid lvalue.
An equivalent transformation fixes it up.

From: Stephen Smalley <sds@epoch.ncsc.mil>

This patch against 2.5.69 adds a security_inode_post_setxattr hook so that
security modules can update the inode security structure after a successful
setxattr, and it moves the existing security_inode_setxattr hook call after
the taking the inode semaphore so that atomicity is provided for the
security check and the update to the inode security structure.

From: Stephen Smalley <sds@epoch.ncsc.mil>

This patch against 2.5.68 implements an xattr handler for ext2 to support the
use of extended attributes by security modules for storing file security
labels.  As per the earlier discussion of extended attributes for security
modules, this handler uses a "security." prefix and allows for per-module
attribute names.  Security checking on userspace access to these attributes
can be performed by the security module using the LSM hooks in fs/xattr.c,
and the security module is free to internally use the inode operations
without restriction for managing its security labels.  Unlike the trusted
namespace, these labels are used internally for access control purposes by
the security module, and controls over userspace access to them require finer
granularity than capable() supports.

From: Stephen Smalley <sds@epoch.ncsc.mil>

This patch against 2.5.68 implements an xattr handler for ext3 to support the
use of extended attributes by security modules for storing file security
labels.  As per the earlier discussion of extended attributes for security
modules, this handler uses a "security." prefix and allows for per-module
attribute names.  Security checking for userspace access to these attributes
can be performed by the security module using the LSM hooks in fs/xattr.c,
and the security module is free to internally use the inode operations
without restriction for managing its security labels.  Unlike the trusted
namespace, these labels are used internally for access control purposes by
the security modules, and controls over userspace access to them require
finer granularity than capable() supports.

From: Stephen Smalley <sds@epoch.ncsc.mil>

This patch moves the security_d_instantiate hook calls in d_instantiate and
d_splice_alias after the inode has been attached to the dentry.  This
change is necessary so that security modules can internally call the
getxattr inode operation (which takes a dentry parameter) from this hook to
obtain the inode security label.

From: Christoph Hellwig <hch@infradead.org>

Originally by David Mosberger, testing by Roger Luethi.  From the ia64 tree.

Basically, it avoids going to memory all the time.  What this does is make
life a lot easier for gcc, so it can actually do a decent amount of
optimization.  The restructuring clearly is less important for out-of-order
CPUs, but even there it gives some benefits.

More specifically, the loop is now structured to operate one "unsigned long"
at a time, rather than one bit at a time.  Of course, you still need to
process all the bits, but most of the relevant state in the inner loop can be
kept in registers.

Roger Luethi measured the routine on a bunch of different machines (mostly
x86, IIRC: P5, P6, Crusoe, Athlons) and performance improved there, too (and
it should definitely improve performance on any RISC-like architecture).


Roger's benchmarking results (vs number of fd's):

                                       File                   TCP
Numbfer of fd's:                  10   250  500          10   250   500

UP, Pentium MMX 233MHz original	 8.2 108.5 212.8	11.0 180.0 356.5
UP, Pentium MMX 233MHz w/patch	 7.4  87.6 171.1	10.4 163.6 323.4

MP, Pentium MMX 233MHz original	15.7 283.8 562.8	18.9 354.4 705.5
MP, Pentium MMX 233MHz w/patch	14.6 255.6 506.5	17.8 332.8 664.1

UP, Athlon 1394 MHz original	 1.3  13.4  26.1	 1.9  24.7  48.6
UP, Athlon 1394 MHz w/patch	 1.2  11.0  21.5	 1.6  22.3  43.8

MP, Athlon 1394 MHz original	 1.6  22.4  44.6	 1.9  30.9  60.5
MP, Athlon 1394 MHz w/patch	 1.5  21.2  41.7	 1.9  30.2  59.6

Ed Tomlinson has a machine on which some other device grabs IRQ12 first, and
the 8042 doesn't work.  Enabling shared iRQs in the 8042 driver fixes it up.
Alan has confirmed that this is OK.

From: Dipankar Sarma <dipankar@in.ibm.com>


fget() shows up on profiles, especially on SMP.  Dipankar's patch
special-cases the situation wherein there are no sharers of current->files.

In this situation we know that no other process can close this file, so it
is not necessary to increment the file's refcount.

It's ugly as sin, but makes a substantial difference.

The test is

	dd if=/dev/zero of=foo bs=1 count=1M

On 4CPU P3 xeon with 1MB L2 cache and 512MB ram:

	kernel           sys time     std-dev
	------------     --------     -------

	UP - vanilla     2.104        0.028
	UP - file        1.867        0.019

	SMP - vanilla    2.976        0.023
	SMP - file       2.719        0.026

From: Manfred Spraul <manfred@colorfullife.com>

below is the promised patch for better slab debugging, against 2.5.68-mm4:

Changes:

- enable redzoning and last user accounting even for large objects, if
  that doesn't waste too much memory

- document why FORCED_DEBUG doesn't enable redzoning&last user accounting
  for some caches.

- check the validity of the bufctl chains in a slab in __free_blocks.
  This detects double-free error for the caches without redzoning.

try_to_free_pages() currently fails to notice that it successfully freed slab
pages via shrink_slab().  So it can keep looping and eventually call
out_of_memory(), even though there's a lot of memory now free.

And even if it doesn't do that, it can free too much memory.

The patch changes try_to_free_pages() so that it will notice freed slab pages
and will return when enough memory has been freed via shrink_slab().

Many options were considered, but must of them were unacceptably inaccurate,
intrusive or sleazy.  I ended up putting the accounting into a stack-local
structure which is pointed to by current->reclaim_state.

One reason for this is that we can cleanly resurrect the current->local_pages
pool by putting it into struct reclaim_state.

(current->local_pages was removed because the per-cpu page pools in the page
allocator largely duplicate its function.  But it is still possible for
interrupt-time allocations to steal just-freed pages, so we might want to put
it back some time.)

From: Dave Hansen <haveblue@us.ibm.com>, Bill Irwin

With PAE on, there are only 4 PGD entries.  The kernel ones never change,
so there is no need to copy them when a vmalloc fault occurs.  This was
this was causing problems with the split pmd patches, but it is still
correct for mainline.

Tested with and without PAE.  I ran it in a loop turning on and off 10 swap
partitions, which is what excited the original bug.
http://bugme.osdl.org/show_bug.cgi?id=640

If a swapfile is ftruncated while in use, subsequent swapout will scribble on
the filesystem.

This is a case of root-shoot-foot, but wrecking the fs is a fairly rude
response.  And it's easy to fix: hold i_sem across the life of the swapon.

From: Manfred Spraul <manfred@colorfullife.com>

Real 80386 cpus ignore the write protected bit in the page tables when
running in supervisory mode.  Thus the write protected bit must be checked by
software.  The current implementation does that check during access_ok().
This can result in data corruptions, if kswapd starts a swap-out between the
access_ok and the actual write operation.

To fix this, the patch moves the check from access_ok() into
__copy_to_user_ll(), and redirects all user space writes into
__copy_to_user_ll().  The patch only affects kernels build for 80386 cpus.
Additionally, the patch removes the dead prototypes for __put_user_{1,2,4,8}.

Due to the uninlining of access_ok, the .text segment is now ~ 8 kB shorter.

From: Monchi Abbad <kernel@axion.demon.nl>

I found a mistake in the dvbdev.c file when creating the dvb /devfs files,
it created /dev/dvb/adapter0device0 instead of /dev/dvb/adapter0/device0.
But here is a simple fix.

From: Christoph Hellwig <hch@lst.de>

This is a pretty huge patch, but splitting it doesn't make a lot
of sense..

(USB may still need work)