Merged in 2.4, and various vendor kernels..

  iDefense reported a buffer overflow flaw in the ISO9660 filesystem code.
  An attacker could create a malicious filesystem in such a way that they
  could gain root privileges if that filesystem is mounted. The Common
  Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
  CAN-2004-0109 to this issue.

Ernie Petrides came up with the following patch which I fixed up a slight
reject in to apply to 2.6. Otherwise, unchanged from the 2.4 patch.

Various fixes and cleanups for x86-64. 

 - Update defconfig
 - Fix some problems in ROM resource scanning (Rene Herman) 
 - Initialize APIC id of CPU 0 (Venkatesh Pallipadi)
 - Always enable swiotlb for GART_IOMMU
 - Fix compilation without IOMMU_GART
 - Remove nodes_present; use standard node_online_map instead.
   This also fixes a bug with no memory on node 0.
 - Switch node<->cpu mapping to arrays. This fixes some awkward
   special cases with no nodes and empty nodes. 
 - Move K8 fallback node setup to common code
 - Eliminate old fake_node.
 - Fix wrong fields in MCE handling (Marc Bevand)
 - Make pci_dma_consistent behave more similar to i386 to fix Alsa

From: Dave Jones <davej@redhat.com>

2.4 already had this fixed, but uses a somewhat larger value to clip at.
For uniformity sake, perhaps they should be the same?  Patch below makes
it match 2.4-bk

From: "Nguyen, Tom L" <tom.l.nguyen@intel.com>

The patch showed up in Linus' tree last night breaks the
"generic_defconfig" build for ia64.

Fix it by adding the NR_VECTORS device to ia64.

It should be unconditional.

When I converted journal_write_metadata_buffer() to kmap_atomic() I screwed
up the handling of the copyout buffers - we're currently writing four zeroes
into the user's page rather than into the data which is to be written to the
journal (oops).

Net effect: any block which starts with 0xC03B3998 gets scribbled on in
data=journal mode.

ide_ioreg_t is deprecated and hasn't been used by IDE driver for some time.
Use unsigned long directly on alpha, arm26, arm, mips, parisc, ppc64 and sh.

asm-ia64/ide.h (ide_ioreg_t is unsigned short) and asm-m68knommu/ide.h
(broken - ide_ioreg_t is not defined) are the only users of ide_ioreg_t left.

Use it on all archs which define ide_ioreg_t to unsigned long.

Disable code doing outb() without any locking in /proc handler.
Otherwise 'cat /proc/ide/hpt366' crashes if done during I/O.

Noticed by John Stoffel <stoffel@lucent.com>.

From: Geert Uytterhoeven <geert@linux-m68k.org>

Apparently some IDE drives (e.g. a pile of 80 GB ST380020ACE drives I have
access to) advertise to support LBA48, but don't, causing kernels that support
LBA48 (i.e. anything newer than 2.4.18, including 2.4.25 and 2.6.4) to fail on
them.  Older kernels (including 2.2.20 on the Debian woody CDs) work fine.

Check for id->lba_capacity_2 being non-zero in idedisk_supports_lba48().

The driver was copied from the very-buggy r8169 (pre-Francois),
and is for hardware that isn't even out of the lab yet.

into redhat.com:/spare/repo/net-drivers-2.6

into redhat.com:/spare/repo/net-drivers-2.6

into redhat.com:/spare/repo/net-drivers-2.6

into redhat.com:/spare/repo/net-drivers-2.6

into redhat.com:/spare/repo/net-drivers-2.6

into redhat.com:/spare/repo/net-drivers-2.6

into redhat.com:/spare/repo/net-drivers-2.6

The irq handler must not return 1 when the status register is null
during the firt iteration.

If the pcnet32 interface is not up, running the loopback test may hang or
crash the system.  This patch provided by Jim Lewis fixes that problem.
Tested on ia32 and ppc systems.

Some LOM implementation of our controllers pass IEEE tests (Tx 
distortion/Symmetry) while operating in Class A mode rather than in
class AB mode.

Adding this caused the adapter to fail while operating at 10 mbps, half
duplex. Hence the fix is not complete. We are still investigating a more
complete fix for the polarity reversal issue.

A Bug in e1000_spi_eeprom_ready where the Chip Select bit wasn't being 
toggled after every status register read (if the eeprom wasn't ready after 
the first status register read). The call to e1000_standby_eeprom manages 
the CS bit correctly

From: Anton Blanchard <anton@samba.org>

We have to restore r13 when entering unrecoverable_exception.

From: Paul Mackerras <paulus@samba.org>

This patch changes PCI_DMA_TODEVICE to DMA_TO_DEVICE in a couple of
places in drivers/net/ibmveth.c, since it doesn't compile without this
change and it does compile with it.  It also reformats a couple of
over-long lines in the vicinity of the other changes.

From: Niraj Kumar <niraj17@iitbombay.org>

This is in continuation of the ufs2 read-only code that went into 2.6.5.

This patch fixes a bug where wrong content was being read off the disk
after around 4 MB mark.

From: Anton Blanchard <anton@samba.org>

It's been there since the kernel was first imported into bk.  We see no
reason for this.