Merge branch 'master' into upstream

16 files changed, 2203 insertions, 47 deletions

diff --git a/Documentation/00-INDEX b/Documentation/00-INDEX
index 5f7f7d7f77d2..02457ec9c94f 100644
--- a/Documentation/00-INDEX
+++ b/Documentation/00-INDEX
@@ -184,6 +184,8 @@ mtrr.txt
         - how to use PPro Memory Type Range Registers to increase performance.
 nbd.txt
         - info on a TCP implementation of a network block device.
+netlabel/
+        - directory with information on the NetLabel subsystem.
 networking/
         - directory with info on various aspects of networking with Linux.
 nfsroot.txt
diff --git a/Documentation/crypto/api-intro.txt b/Documentation/crypto/api-intro.txt
index 74dffc68ff9f..5a03a2801d67 100644
--- a/Documentation/crypto/api-intro.txt
+++ b/Documentation/crypto/api-intro.txt
@@ -19,15 +19,14 @@ At the lowest level are algorithms, which register dynamically with the
 API.
 
 'Transforms' are user-instantiated objects, which maintain state, handle all
-of the implementation logic (e.g. manipulating page vectors), provide an 
-abstraction to the underlying algorithms, and handle common logical 
-operations (e.g. cipher modes, HMAC for digests).  However, at the user 
+of the implementation logic (e.g. manipulating page vectors) and provide an 
+abstraction to the underlying algorithms.  However, at the user 
 level they are very simple.
 
 Conceptually, the API layering looks like this:
 
   [transform api]  (user interface)
-  [transform ops]  (per-type logic glue e.g. cipher.c, digest.c)
+  [transform ops]  (per-type logic glue e.g. cipher.c, compress.c)
   [algorithm api]  (for registering algorithms)
   
 The idea is to make the user interface and algorithm registration API
@@ -44,22 +43,27 @@ under development.
 Here's an example of how to use the API:
 
         #include <linux/crypto.h>
+        #include <linux/err.h>
+        #include <linux/scatterlist.h>
         
         struct scatterlist sg[2];
         char result[128];
-        struct crypto_tfm *tfm;
+        struct crypto_hash *tfm;
+        struct hash_desc desc;
         
-        tfm = crypto_alloc_tfm("md5", 0);
-        if (tfm == NULL)
+        tfm = crypto_alloc_hash("md5", 0, CRYPTO_ALG_ASYNC);
+        if (IS_ERR(tfm))
                 fail();
                 
         /* ... set up the scatterlists ... */
+
+        desc.tfm = tfm;
+        desc.flags = 0;
         
-        crypto_digest_init(tfm);
-        crypto_digest_update(tfm, &sg, 2);
-        crypto_digest_final(tfm, result);
+        if (crypto_hash_digest(&desc, &sg, 2, result))
+                fail();
         
-        crypto_free_tfm(tfm);
+        crypto_free_hash(tfm);
 
     
 Many real examples are available in the regression test module (tcrypt.c).
@@ -126,7 +130,7 @@ might already be working on.
 BUGS
 
 Send bug reports to:
-James Morris <jmorris@redhat.com>
+Herbert Xu <herbert@gondor.apana.org.au>
 Cc: David S. Miller <davem@redhat.com>
 
 
@@ -134,13 +138,14 @@ FURTHER INFORMATION
 
 For further patches and various updates, including the current TODO
 list, see:
-http://samba.org/~jamesm/crypto/
+http://gondor.apana.org.au/~herbert/crypto/
 
 
 AUTHORS
 
 James Morris
 David S. Miller
+Herbert Xu
 
 
 CREDITS
@@ -238,8 +243,11 @@ Anubis algorithm contributors:
 Tiger algorithm contributors:
   Aaron Grothe
 
+VIA PadLock contributors:
+  Michal Ludvig
+
 Generic scatterwalk code by Adam J. Richter <adam@yggdrasil.com>
 
 Please send any credits updates or corrections to:
-James Morris <jmorris@redhat.com>
+Herbert Xu <herbert@gondor.apana.org.au>
 
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index 87a17337c7f6..71d05f481727 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -1189,8 +1189,6 @@ running once the system is up.
                                 Mechanism 2.
                 nommconf        [IA-32,X86_64] Disable use of MMCONFIG for PCI
                                 Configuration
-                mmconf          [IA-32,X86_64] Force MMCONFIG. This is useful
-                                to override the builtin blacklist.
                 nomsi           [MSI] If the PCI_MSI kernel config parameter is
                                 enabled, this kernel boot option can be used to
                                 disable the use of MSI interrupts system-wide.
diff --git a/Documentation/netlabel/00-INDEX b/Documentation/netlabel/00-INDEX
new file mode 100644
index 000000000000..837bf35990e2
--- /dev/null
+++ b/Documentation/netlabel/00-INDEX
@@ -0,0 +1,10 @@
+00-INDEX
+        - this file.
+cipso_ipv4.txt
+        - documentation on the IPv4 CIPSO protocol engine.
+draft-ietf-cipso-ipsecurity-01.txt
+        - IETF draft of the CIPSO protocol, dated 16 July 1992.
+introduction.txt
+        - NetLabel introduction, READ THIS FIRST.
+lsm_interface.txt
+        - documentation on the NetLabel kernel security module API.
diff --git a/Documentation/netlabel/cipso_ipv4.txt b/Documentation/netlabel/cipso_ipv4.txt
new file mode 100644
index 000000000000..93dacb132c3c
--- /dev/null
+++ b/Documentation/netlabel/cipso_ipv4.txt
@@ -0,0 +1,48 @@
+NetLabel CIPSO/IPv4 Protocol Engine
+==============================================================================
+Paul Moore, paul.moore@hp.com
+
+May 17, 2006
+
+ * Overview
+
+The NetLabel CIPSO/IPv4 protocol engine is based on the IETF Commercial IP
+Security Option (CIPSO) draft from July 16, 1992.  A copy of this draft can be
+found in this directory, consult '00-INDEX' for the filename.  While the IETF
+draft never made it to an RFC standard it has become a de-facto standard for
+labeled networking and is used in many trusted operating systems.
+
+ * Outbound Packet Processing
+
+The CIPSO/IPv4 protocol engine applies the CIPSO IP option to packets by
+adding the CIPSO label to the socket.  This causes all packets leaving the
+system through the socket to have the CIPSO IP option applied.  The socket's
+CIPSO label can be changed at any point in time, however, it is recommended
+that it is set upon the socket's creation.  The LSM can set the socket's CIPSO
+label by using the NetLabel security module API; if the NetLabel "domain" is
+configured to use CIPSO for packet labeling then a CIPSO IP option will be
+generated and attached to the socket.
+
+ * Inbound Packet Processing
+
+The CIPSO/IPv4 protocol engine validates every CIPSO IP option it finds at the
+IP layer without any special handling required by the LSM.  However, in order
+to decode and translate the CIPSO label on the packet the LSM must use the
+NetLabel security module API to extract the security attributes of the packet.
+This is typically done at the socket layer using the 'socket_sock_rcv_skb()'
+LSM hook.
+
+ * Label Translation
+
+The CIPSO/IPv4 protocol engine contains a mechanism to translate CIPSO security
+attributes such as sensitivity level and category to values which are
+appropriate for the host.  These mappings are defined as part of a CIPSO
+Domain Of Interpretation (DOI) definition and are configured through the
+NetLabel user space communication layer.  Each DOI definition can have a
+different security attribute mapping table.
+
+ * Label Translation Cache
+
+The NetLabel system provides a framework for caching security attribute
+mappings from the network labels to the corresponding LSM identifiers.  The
+CIPSO/IPv4 protocol engine supports this caching mechanism.
diff --git a/Documentation/netlabel/draft-ietf-cipso-ipsecurity-01.txt b/Documentation/netlabel/draft-ietf-cipso-ipsecurity-01.txt
new file mode 100644
index 000000000000..256c2c9d4f50
--- /dev/null
+++ b/Documentation/netlabel/draft-ietf-cipso-ipsecurity-01.txt
@@ -0,0 +1,791 @@
+IETF CIPSO Working Group
+16 July, 1992
+
+
+
+                 COMMERCIAL IP SECURITY OPTION (CIPSO 2.2)
+
+
+
+1.    Status
+
+This Internet Draft provides the high level specification for a Commercial
+IP Security Option (CIPSO).  This draft reflects the version as approved by
+the CIPSO IETF Working Group.  Distribution of this memo is unlimited.
+
+This document is an Internet Draft.  Internet Drafts are working documents
+of the Internet Engineering Task Force (IETF), its Areas, and its Working
+Groups. Note that other groups may also distribute working documents as
+Internet Drafts.
+
+Internet Drafts are draft documents valid for a maximum of six months.
+Internet Drafts may be updated, replaced, or obsoleted by other documents
+at any time.  It is not appropriate to use Internet Drafts as reference
+material or to cite them other than as a "working draft" or "work in
+progress."
+
+Please check the I-D abstract listing contained in each Internet Draft
+directory to learn the current status of this or any other Internet Draft.
+
+
+
+
+2.    Background
+
+Currently the Internet Protocol includes two security options.  One of
+these options is the DoD Basic Security Option (BSO) (Type 130) which allows
+IP datagrams to be labeled with security classifications.  This option
+provides sixteen security classifications and a variable number of handling
+restrictions.  To handle additional security information, such as security
+categories or compartments, another security option (Type 133) exists and
+is referred to as the DoD Extended Security Option (ESO).  The values for
+the fixed fields within these two options are administered by the Defense
+Information Systems Agency (DISA).
+
+Computer vendors are now building commercial operating systems with
+mandatory access controls and multi-level security.  These systems are
+no longer built specifically for a particular group in the defense or
+intelligence communities.  They are generally available commercial systems
+for use in a variety of government and civil sector environments.
+
+The small number of ESO format codes can not support all the possible
+applications of a commercial security option.  The BSO and ESO were
+designed to only support the United States DoD.  CIPSO has been designed
+to support multiple security policies.  This Internet Draft provides the
+format and procedures required to support a Mandatory Access Control
+security policy.  Support for additional security policies shall be
+defined in future RFCs.
+
+
+
+
+Internet Draft, Expires 15 Jan 93                                 [PAGE 1]
+
+
+
+CIPSO INTERNET DRAFT                                         16 July, 1992
+
+
+
+
+3.    CIPSO Format
+
+Option type: 134 (Class 0, Number 6, Copy on Fragmentation)
+Option length: Variable
+
+This option permits security related information to be passed between
+systems within a single Domain of Interpretation (DOI).  A DOI is a
+collection of systems which agree on the meaning of particular values
+in the security option.  An authority that has been assigned a DOI
+identifier will define a mapping between appropriate CIPSO field values
+and their human readable equivalent.  This authority will distribute that
+mapping to hosts within the authority's domain.  These mappings may be
+sensitive, therefore a DOI authority is not required to make these
+mappings available to anyone other than the systems that are included in
+the DOI.
+
+This option MUST be copied on fragmentation.  This option appears at most
+once in a datagram.  All multi-octet fields in the option are defined to be
+transmitted in network byte order.  The format of this option is as follows:
+
++----------+----------+------//------+-----------//---------+
+| 10000110 | LLLLLLLL | DDDDDDDDDDDD | TTTTTTTTTTTTTTTTTTTT |
++----------+----------+------//------+-----------//---------+
+
+  TYPE=134    OPTION    DOMAIN OF               TAGS
+              LENGTH    INTERPRETATION
+
+
+                Figure 1. CIPSO Format
+
+
+3.1    Type
+
+This field is 1 octet in length.  Its value is 134.
+
+
+3.2    Length
+
+This field is 1 octet in length.  It is the total length of the option
+including the type and length fields.  With the current IP header length
+restriction of 40 octets the value of this field MUST not exceed 40.
+
+
+3.3    Domain of Interpretation Identifier
+
+This field is an unsigned 32 bit integer.  The value 0 is reserved and MUST
+not appear as the DOI identifier in any CIPSO option.  Implementations
+should assume that the DOI identifier field is not aligned on any particular
+byte boundary.
+
+To conserve space in the protocol, security levels and categories are
+represented by numbers rather than their ASCII equivalent.  This requires
+a mapping table within CIPSO hosts to map these numbers to their
+corresponding ASCII representations.  Non-related groups of systems may
+
+
+
+Internet Draft, Expires 15 Jan 93                                 [PAGE 2]
+
+
+
+CIPSO INTERNET DRAFT                                         16 July, 1992
+
+
+
+have their own unique mappings.  For example, one group of systems may
+use the number 5 to represent Unclassified while another group may use the
+number 1 to represent that same security level.  The DOI identifier is used
+to identify which mapping was used for the values within the option.
+
+
+3.4    Tag Types
+
+A common format for passing security related information is necessary
+for interoperability.  CIPSO uses sets of "tags" to contain the security
+information relevant to the data in the IP packet.  Each tag begins with
+a tag type identifier followed by the length of the tag and ends with the
+actual security information to be passed.  All multi-octet fields in a tag
+are defined to be transmitted in network byte order.  Like the DOI
+identifier field in the CIPSO header, implementations should assume that
+all tags, as well as fields within a tag, are not aligned on any particular
+octet boundary.   The tag types defined in this document contain alignment
+bytes to assist alignment of some information, however alignment can not
+be guaranteed if CIPSO is not the first IP option.
+
+CIPSO tag types 0 through 127 are reserved for defining standard tag
+formats.  Their definitions will be published in RFCs.  Tag types whose
+identifiers are greater than 127 are defined by the DOI authority and may
+only be meaningful in certain Domains of Interpretation.  For these tag
+types, implementations will require the DOI identifier as well as the tag
+number to determine the security policy and the format associated with the
+tag.  Use of tag types above 127 are restricted to closed networks where
+interoperability with other networks will not be an issue.  Implementations
+that support a tag type greater than 127 MUST support at least one DOI that
+requires only tag types 1 to 127.
+
+Tag type 0 is reserved. Tag types 1, 2, and 5 are defined in this
+Internet Draft.  Types 3 and 4 are reserved for work in progress.
+The standard format for all current and future CIPSO tags is shown below:
+
++----------+----------+--------//--------+
+| TTTTTTTT | LLLLLLLL | IIIIIIIIIIIIIIII |
++----------+----------+--------//--------+
+    TAG       TAG         TAG
+    TYPE      LENGTH      INFORMATION
+
+    Figure 2:  Standard Tag Format
+
+In the three tag types described in this document, the length and count
+restrictions are based on the current IP limitation of 40 octets for all
+IP options.  If the IP header is later expanded, then the length and count
+restrictions specified in this document may increase to use the full area
+provided for IP options.
+
+
+3.4.1    Tag Type Classes
+
+Tag classes consist of tag types that have common processing requirements
+and support the same security policy.  The three tags defined in this
+Internet Draft belong to the Mandatory Access Control (MAC) Sensitivity
+
+
+
+Internet Draft, Expires 15 Jan 93                                 [PAGE 3]
+
+
+
+CIPSO INTERNET DRAFT                                         16 July, 1992
+
+
+
+class and support the MAC Sensitivity security policy.
+
+
+3.4.2    Tag Type 1
+
+This is referred to as the "bit-mapped" tag type.  Tag type 1 is included
+in the MAC Sensitivity tag type class.  The format of this tag type is as
+follows:
+
++----------+----------+----------+----------+--------//---------+
+| 00000001 | LLLLLLLL | 00000000 | LLLLLLLL | CCCCCCCCCCCCCCCCC |
++----------+----------+----------+----------+--------//---------+
+
+    TAG       TAG      ALIGNMENT  SENSITIVITY    BIT MAP OF
+    TYPE      LENGTH   OCTET      LEVEL          CATEGORIES
+
+            Figure 3. Tag Type 1 Format
+
+
+3.4.2.1    Tag Type
+
+This field is 1 octet in length and has a value of 1.
+
+
+3.4.2.2    Tag Length
+
+This field is 1 octet in length.  It is the total length of the tag type
+including the type and length fields.  With the current IP header length
+restriction of 40 bytes the value within this field is between 4 and 34.
+
+
+3.4.2.3    Alignment Octet
+
+This field is 1 octet in length and always has the value of 0.  Its purpose
+is to align the category bitmap field on an even octet boundary.  This will
+speed many implementations including router implementations.
+
+
+3.4.2.4    Sensitivity Level
+
+This field is 1 octet in length.  Its value is from 0 to 255.  The values
+are ordered with 0 being the minimum value and 255 representing the maximum
+value.
+
+
+3.4.2.5    Bit Map of Categories
+
+The length of this field is variable and ranges from 0 to 30 octets.  This
+provides representation of categories 0 to 239.  The ordering of the bits
+is left to right or MSB to LSB.  For example category 0 is represented by
+the most significant bit of the first byte and category 15 is represented
+by the least significant bit of the second byte.  Figure 4 graphically
+shows this ordering.  Bit N is binary 1 if category N is part of the label
+for the datagram, and bit N is binary 0 if category N is not part of the
+label.  Except for the optimized tag 1 format described in the next section,
+
+
+
+Internet Draft, Expires 15 Jan 93                                 [PAGE 4]
+
+
+
+CIPSO INTERNET DRAFT                                         16 July, 1992
+
+
+
+minimal encoding SHOULD be used resulting in no trailing zero octets in the
+category bitmap.
+
+        octet 0  octet 1  octet 2  octet 3  octet 4  octet 5
+        XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX . . .
+bit     01234567 89111111 11112222 22222233 33333333 44444444
+number             012345 67890123 45678901 23456789 01234567
+
+            Figure 4. Ordering of Bits in Tag 1 Bit Map
+
+
+3.4.2.6    Optimized Tag 1 Format
+
+Routers work most efficiently when processing fixed length fields.  To
+support these routers there is an optimized form of tag type 1.  The format
+does not change.  The only change is to the category bitmap which is set to
+a constant length of 10 octets.  Trailing octets required to fill out the 10
+octets are zero filled.  Ten octets, allowing for 80 categories, was chosen
+because it makes the total length of the CIPSO option 20 octets.  If CIPSO
+is the only option then the option will be full word aligned and additional
+filler octets will not be required.
+
+
+3.4.3    Tag Type 2
+
+This is referred to as the "enumerated" tag type.  It is used to describe
+large but sparsely populated sets of categories.  Tag type 2 is in the MAC
+Sensitivity tag type class.  The format of this tag type is as follows:
+
++----------+----------+----------+----------+-------------//-------------+
+| 00000010 | LLLLLLLL | 00000000 | LLLLLLLL | CCCCCCCCCCCCCCCCCCCCCCCCCC |
++----------+----------+----------+----------+-------------//-------------+
+
+    TAG       TAG      ALIGNMENT  SENSITIVITY         ENUMERATED
+    TYPE      LENGTH   OCTET      LEVEL               CATEGORIES
+
+                Figure 5. Tag Type 2 Format
+
+
+3.4.3.1     Tag Type
+
+This field is one octet in length and has a value of 2.
+
+
+3.4.3.2    Tag Length
+
+This field is 1 octet in length. It is the total length of the tag type
+including the type and length fields.  With the current IP header length
+restriction of 40 bytes the value within this field is between 4 and 34.
+
+
+3.4.3.3    Alignment Octet
+
+This field is 1 octet in length and always has the value of 0.  Its purpose
+is to align the category field on an even octet boundary.  This will
+
+
+
+Internet Draft, Expires 15 Jan 93                                 [PAGE 5]
+
+
+
+CIPSO INTERNET DRAFT                                         16 July, 1992
+
+
+
+speed many implementations including router implementations.
+
+
+3.4.3.4    Sensitivity Level
+
+This field is 1 octet in length. Its value is from 0 to 255.  The values
+are ordered with 0 being the minimum value and 255 representing the
+maximum value.
+
+
+3.4.3.5    Enumerated Categories
+
+In this tag, categories are represented by their actual value rather than
+by their position within a bit field.  The length of each category is 2
+octets.  Up to 15 categories may be represented by this tag.  Valid values
+for categories are 0 to 65534.  Category 65535 is not a valid category
+value.  The categories MUST be listed in ascending order within the tag.
+
+
+3.4.4    Tag Type 5
+
+This is referred to as the "range" tag type.  It is used to represent
+labels where all categories in a range, or set of ranges, are included
+in the sensitivity label.  Tag type 5 is in the MAC Sensitivity tag type
+class.  The format of this tag type is as follows:
+
++----------+----------+----------+----------+------------//-------------+
+| 00000101 | LLLLLLLL | 00000000 | LLLLLLLL |  Top/Bottom | Top/Bottom  |
++----------+----------+----------+----------+------------//-------------+
+
+    TAG       TAG      ALIGNMENT  SENSITIVITY        CATEGORY RANGES
+    TYPE      LENGTH   OCTET      LEVEL
+
+                     Figure 6. Tag Type 5 Format
+
+
+3.4.4.1     Tag Type
+
+This field is one octet in length and has a value of 5.
+
+
+3.4.4.2    Tag Length
+
+This field is 1 octet in length. It is the total length of the tag type
+including the type and length fields.  With the current IP header length
+restriction of 40 bytes the value within this field is between 4 and 34.
+
+
+3.4.4.3    Alignment Octet
+
+This field is 1 octet in length and always has the value of 0.  Its purpose
+is to align the category range field on an even octet boundary.  This will
+speed many implementations including router implementations.
+
+
+
+
+
+Internet Draft, Expires 15 Jan 93                                 [PAGE 6]
+
+
+
+CIPSO INTERNET DRAFT                                         16 July, 1992
+
+
+
+3.4.4.4    Sensitivity Level
+
+This field is 1 octet in length. Its value is from 0 to 255.  The values
+are ordered with 0 being the minimum value and 255 representing the maximum
+value.
+
+
+3.4.4.5    Category Ranges
+
+A category range is a 4 octet field comprised of the 2 octet index of the
+highest numbered category followed by the 2 octet index of the lowest
+numbered category.  These range endpoints are inclusive within the range of
+categories.  All categories within a range are included in the sensitivity
+label.  This tag may contain a maximum of 7 category pairs.  The bottom
+category endpoint for the last pair in the tag MAY be omitted and SHOULD be
+assumed to be 0.  The ranges MUST be non-overlapping and be listed in
+descending order.  Valid values for categories are 0 to 65534.  Category
+65535 is not a valid category value.
+
+
+3.4.5     Minimum Requirements
+
+A CIPSO implementation MUST be capable of generating at least tag type 1 in
+the non-optimized form.  In addition, a CIPSO implementation MUST be able
+to receive any valid tag type 1 even those using the optimized tag type 1
+format.
+
+
+4.    Configuration Parameters
+
+The configuration parameters defined below are required for all CIPSO hosts,
+gateways, and routers that support multiple sensitivity labels.  A CIPSO
+host is defined to be the origination or destination system for an IP
+datagram.  A CIPSO gateway provides IP routing services between two or more
+IP networks and may be required to perform label translations between
+networks.  A CIPSO gateway may be an enhanced CIPSO host or it may just
+provide gateway services with no end system CIPSO capabilities.  A CIPSO
+router is a dedicated IP router that routes IP datagrams between two or more
+IP networks.
+
+An implementation of CIPSO on a host MUST have the capability to reject a
+datagram for reasons that the information contained can not be adequately
+protected by the receiving host or if acceptance may result in violation of
+the host or network security policy.  In addition, a CIPSO gateway or router
+MUST be able to reject datagrams going to networks that can not provide
+adequate protection or may violate the network's security policy.  To
+provide this capability the following minimal set of configuration
+parameters are required for CIPSO implementations:
+
+HOST_LABEL_MAX - This parameter contains the maximum sensitivity label that
+a CIPSO host is authorized to handle.  All datagrams that have a label
+greater than this maximum MUST be rejected by the CIPSO host.  This
+parameter does not apply to CIPSO gateways or routers.  This parameter need
+not be defined explicitly as it can be implicitly derived from the
+PORT_LABEL_MAX parameters for the associated interfaces.
+
+
+
+Internet Draft, Expires 15 Jan 93                                 [PAGE 7]
+
+
+
+CIPSO INTERNET DRAFT                                         16 July, 1992
+
+
+
+
+HOST_LABEL_MIN - This parameter contains the minimum sensitivity label that
+a CIPSO host is authorized to handle.  All datagrams that have a label less
+than this minimum MUST be rejected by the CIPSO host.  This parameter does
+not apply to CIPSO gateways or routers.  This parameter need not be defined
+explicitly as it can be implicitly derived from the PORT_LABEL_MIN
+parameters for the associated interfaces.
+
+PORT_LABEL_MAX - This parameter contains the maximum sensitivity label for
+all datagrams that may exit a particular network interface port.  All
+outgoing datagrams that have a label greater than this maximum MUST be
+rejected by the CIPSO system.  The label within this parameter MUST be
+less than or equal to the label within the HOST_LABEL_MAX parameter.  This
+parameter does not apply to CIPSO hosts that support only one network port.
+
+PORT_LABEL_MIN - This parameter contains the minimum sensitivity label for
+all datagrams that may exit a particular network interface port.  All
+outgoing datagrams that have a label less than this minimum MUST be
+rejected by the CIPSO system.  The label within this parameter MUST be
+greater than or equal to the label within the HOST_LABEL_MIN parameter.
+This parameter does not apply to CIPSO hosts that support only one network
+port.
+
+PORT_DOI - This parameter is used to assign a DOI identifier value to a
+particular network interface port.  All CIPSO labels within datagrams
+going out this port MUST use the specified DOI identifier.  All CIPSO
+hosts and gateways MUST support either this parameter, the NET_DOI
+parameter, or the HOST_DOI parameter.
+
+NET_DOI - This parameter is used to assign a DOI identifier value to a
+particular IP network address.  All CIPSO labels within datagrams destined
+for the particular IP network MUST use the specified DOI identifier.  All
+CIPSO hosts and gateways MUST support either this parameter, the PORT_DOI
+parameter, or the HOST_DOI parameter.
+
+HOST_DOI - This parameter is used to assign a DOI identifier value to a
+particular IP host address.  All CIPSO labels within datagrams destined for
+the particular IP host will use the specified DOI identifier.  All CIPSO
+hosts and gateways MUST support either this parameter, the PORT_DOI
+parameter, or the NET_DOI parameter.
+
+This list represents the minimal set of configuration parameters required
+to be compliant.  Implementors are encouraged to add to this list to
+provide enhanced functionality and control.  For example, many security
+policies may require both incoming and outgoing datagrams be checked against
+the port and host label ranges.
+
+
+4.1    Port Range Parameters
+
+The labels represented by the PORT_LABEL_MAX and PORT_LABEL_MIN parameters
+MAY be in CIPSO or local format.  Some CIPSO systems, such as routers, may
+want to have the range parameters expressed in CIPSO format so that incoming
+labels do not have to be converted to a local format before being compared
+against the range.  If multiple DOIs are supported by one of these CIPSO
+
+
+
+Internet Draft, Expires 15 Jan 93                                 [PAGE 8]
+
+
+
+CIPSO INTERNET DRAFT                                         16 July, 1992
+
+
+
+systems then multiple port range parameters would be needed, one set for
+each DOI supported on a particular port.
+
+The port range will usually represent the total set of labels that may
+exist on the logical network accessed through the corresponding network
+interface.  It may, however, represent a subset of these labels that are
+allowed to enter the CIPSO system.
+
+
+4.2    Single Label CIPSO Hosts
+
+CIPSO implementations that support only one label are not required to
+support the parameters described above.  These limited implementations are
+only required to support a NET_LABEL parameter.  This parameter contains
+the CIPSO label that may be inserted in datagrams that exit the host.  In
+addition, the host MUST reject any incoming datagram that has a label which
+is not equivalent to the NET_LABEL parameter.
+
+
+5.    Handling Procedures
+
+This section describes the processing requirements for incoming and
+outgoing IP datagrams.  Just providing the correct CIPSO label format
+is not enough.  Assumptions will be made by one system on how a
+receiving system will handle the CIPSO label.  Wrong assumptions may
+lead to non-interoperability or even a security incident.  The
+requirements described below represent the minimal set needed for
+interoperability and that provide users some level of confidence.
+Many other requirements could be added to increase user confidence,
+however at the risk of restricting creativity and limiting vendor
+participation.
+
+
+5.1    Input Procedures
+
+All datagrams received through a network port MUST have a security label
+associated with them, either contained in the datagram or assigned to the
+receiving port.  Without this label the host, gateway, or router will not
+have the information it needs to make security decisions.  This security
+label will be obtained from the CIPSO if the option is present in the
+datagram.  See section 4.1.2 for handling procedures for unlabeled
+datagrams.  This label will be compared against the PORT (if appropriate)
+and HOST configuration parameters defined in section 3.
+
+If any field within the CIPSO option, such as the DOI identifier, is not
+recognized the IP datagram is discarded and an ICMP "parameter problem"
+(type 12) is generated and returned.  The ICMP code field is set to "bad
+parameter" (code 0) and the pointer is set to the start of the CIPSO field
+that is unrecognized.
+
+If the contents of the CIPSO are valid but the security label is
+outside of the configured host or port label range, the datagram is
+discarded and an ICMP "destination unreachable" (type 3) is generated
+and returned.  The code field of the ICMP is set to "communication with
+destination network administratively prohibited" (code 9) or to
+
+
+
+Internet Draft, Expires 15 Jan 93                                 [PAGE 9]
+
+
+
+CIPSO INTERNET DRAFT                                         16 July, 1992
+
+
+
+"communication with destination host administratively prohibited"
+(code 10).  The value of the code field used is dependent upon whether
+the originator of the ICMP message is acting as a CIPSO host or a CIPSO
+gateway.  The recipient of the ICMP message MUST be able to handle either
+value.  The same procedure is performed if a CIPSO can not be added to an
+IP packet because it is too large to fit in the IP options area.
+
+If the error is triggered by receipt of an ICMP message, the message
+is discarded and no response is permitted (consistent with general ICMP
+processing rules).
+
+
+5.1.1    Unrecognized tag types
+
+The default condition for any CIPSO implementation is that an
+unrecognized tag type MUST be treated as a "parameter problem" and
+handled as described in section 4.1.  A CIPSO implementation MAY allow
+the system administrator to identify tag types that may safely be
+ignored.  This capability is an allowable enhancement, not a
+requirement.
+
+
+5.1.2    Unlabeled Packets
+
+A network port may be configured to not require a CIPSO label for all
+incoming  datagrams.  For this configuration a CIPSO label must be
+assigned to that network port and associated with all unlabeled IP
+datagrams.  This capability might be used for single level networks or
+networks that have CIPSO and non-CIPSO hosts and the non-CIPSO hosts
+all operate at the same label.
+
+If a CIPSO option is required and none is found, the datagram is
+discarded and an ICMP "parameter problem" (type 12) is generated and
+returned to the originator of the datagram.  The code field of the ICMP
+is set to "option missing" (code 1) and the ICMP pointer is set to 134
+(the value of the option type for the missing CIPSO option).
+
+
+5.2    Output Procedures
+
+A CIPSO option MUST appear only once in a datagram.  Only one tag type
+from the MAC Sensitivity class MAY be included in a CIPSO option.  Given
+the current set of defined tag types, this means that CIPSO labels at
+first will contain only one tag.
+
+All datagrams leaving a CIPSO system MUST meet the following condition:
+
+        PORT_LABEL_MIN <= CIPSO label <= PORT_LABEL_MAX
+
+If this condition is not satisfied the datagram MUST be discarded.
+If the CIPSO system only supports one port, the HOST_LABEL_MIN and the
+HOST_LABEL_MAX parameters MAY be substituted for the PORT parameters in
+the above condition.
+
+The DOI identifier to be used for all outgoing datagrams is configured by
+
+
+
+Internet Draft, Expires 15 Jan 93                                 [PAGE 10]
+
+
+
+CIPSO INTERNET DRAFT                                         16 July, 1992
+
+
+
+the administrator.  If port level DOI identifier assignment is used, then
+the PORT_DOI configuration parameter MUST contain the DOI identifier to
+use.  If network level DOI assignment is used, then the NET_DOI parameter
+MUST contain the DOI identifier to use.  And if host level DOI assignment
+is employed, then the HOST_DOI parameter MUST contain the DOI identifier
+to use.  A CIPSO implementation need only support one level of DOI
+assignment.
+
+
+5.3    DOI Processing Requirements
+
+A CIPSO implementation MUST support at least one DOI and SHOULD support
+multiple DOIs.  System and network administrators are cautioned to
+ensure that at least one DOI is common within an IP network to allow for
+broadcasting of IP datagrams.
+
+CIPSO gateways MUST be capable of translating a CIPSO option from one
+DOI to another when forwarding datagrams between networks.  For
+efficiency purposes this capability is only a desired feature for CIPSO
+routers.
+
+
+5.4    Label of ICMP Messages
+
+The CIPSO label to be used on all outgoing ICMP messages MUST be equivalent
+to the label of the datagram that caused the ICMP message.  If the ICMP was
+generated due to a problem associated with the original CIPSO label then the
+following responses are allowed:
+
+  a.  Use the CIPSO label of the original IP datagram
+  b.  Drop the original datagram with no return message generated
+
+In most cases these options will have the same effect.  If you can not
+interpret the label or if it is outside the label range of your host or
+interface then an ICMP message with the same label will probably not be
+able to exit the system.
+
+
+6.    Assignment of DOI Identifier Numbers                                   =
+
+Requests for assignment of a DOI identifier number should be addressed to
+the Internet Assigned Numbers Authority (IANA).
+
+
+7.    Acknowledgements
+
+Much of the material in this RFC is based on (and copied from) work
+done by Gary Winiger of Sun Microsystems and published as Commercial
+IP Security Option at the INTEROP 89, Commercial IPSO Workshop.
+
+
+8.    Author's Address
+
+To submit mail for distribution to members of the IETF CIPSO Working
+Group, send mail to: cipso@wdl1.wdl.loral.com.
+
+
+
+Internet Draft, Expires 15 Jan 93                                 [PAGE 11]
+
+
+
+CIPSO INTERNET DRAFT                                         16 July, 1992
+
+
+
+
+To be added to or deleted from this distribution, send mail to:
+cipso-request@wdl1.wdl.loral.com.
+
+
+9.    References
+
+RFC 1038, "Draft Revised IP Security Option", M. St. Johns, IETF, January
+1988.
+
+RFC 1108, "U.S. Department of Defense Security Options
+for the Internet Protocol", Stephen Kent, IAB, 1 March, 1991.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Internet Draft, Expires 15 Jan 93                                 [PAGE 12]
+
+
+
diff --git a/Documentation/netlabel/introduction.txt b/Documentation/netlabel/introduction.txt
new file mode 100644
index 000000000000..a4ffba1694c8
--- /dev/null
+++ b/Documentation/netlabel/introduction.txt
@@ -0,0 +1,46 @@
+NetLabel Introduction
+==============================================================================
+Paul Moore, paul.moore@hp.com
+
+August 2, 2006
+
+ * Overview
+
+NetLabel is a mechanism which can be used by kernel security modules to attach
+security attributes to outgoing network packets generated from user space
+applications and read security attributes from incoming network packets.  It
+is composed of three main components, the protocol engines, the communication
+layer, and the kernel security module API.
+
+ * Protocol Engines
+
+The protocol engines are responsible for both applying and retrieving the
+network packet's security attributes.  If any translation between the network
+security attributes and those on the host are required then the protocol
+engine will handle those tasks as well.  Other kernel subsystems should
+refrain from calling the protocol engines directly, instead they should use
+the NetLabel kernel security module API described below.
+
+Detailed information about each NetLabel protocol engine can be found in this
+directory, consult '00-INDEX' for filenames.
+
+ * Communication Layer
+
+The communication layer exists to allow NetLabel configuration and monitoring
+from user space.  The NetLabel communication layer uses a message based
+protocol built on top of the Generic NETLINK transport mechanism.  The exact
+formatting of these NetLabel messages as well as the Generic NETLINK family
+names can be found in the the 'net/netlabel/' directory as comments in the
+header files as well as in 'include/net/netlabel.h'.
+
+ * Security Module API
+
+The purpose of the NetLabel security module API is to provide a protocol
+independent interface to the underlying NetLabel protocol engines.  In addition
+to protocol independence, the security module API is designed to be completely
+LSM independent which should allow multiple LSMs to leverage the same code
+base.
+
+Detailed information about the NetLabel security module API can be found in the
+'include/net/netlabel.h' header file as well as the 'lsm_interface.txt' file
+found in this directory.
diff --git a/Documentation/netlabel/lsm_interface.txt b/Documentation/netlabel/lsm_interface.txt
new file mode 100644
index 000000000000..98dd9f7430f2
--- /dev/null
+++ b/Documentation/netlabel/lsm_interface.txt
@@ -0,0 +1,47 @@
+NetLabel Linux Security Module Interface
+==============================================================================
+Paul Moore, paul.moore@hp.com
+
+May 17, 2006
+
+ * Overview
+
+NetLabel is a mechanism which can set and retrieve security attributes from
+network packets.  It is intended to be used by LSM developers who want to make
+use of a common code base for several different packet labeling protocols.
+The NetLabel security module API is defined in 'include/net/netlabel.h' but a
+brief overview is given below.
+
+ * NetLabel Security Attributes
+
+Since NetLabel supports multiple different packet labeling protocols and LSMs
+it uses the concept of security attributes to refer to the packet's security
+labels.  The NetLabel security attributes are defined by the
+'netlbl_lsm_secattr' structure in the NetLabel header file.  Internally the
+NetLabel subsystem converts the security attributes to and from the correct
+low-level packet label depending on the NetLabel build time and run time
+configuration.  It is up to the LSM developer to translate the NetLabel
+security attributes into whatever security identifiers are in use for their
+particular LSM.
+
+ * NetLabel LSM Protocol Operations
+
+These are the functions which allow the LSM developer to manipulate the labels
+on outgoing packets as well as read the labels on incoming packets.  Functions
+exist to operate both on sockets as well as the sk_buffs directly.  These high
+level functions are translated into low level protocol operations based on how
+the administrator has configured the NetLabel subsystem.
+
+ * NetLabel Label Mapping Cache Operations
+
+Depending on the exact configuration, translation between the network packet
+label and the internal LSM security identifier can be time consuming.  The
+NetLabel label mapping cache is a caching mechanism which can be used to
+sidestep much of this overhead once a mapping has been established.  Once the
+LSM has received a packet, used NetLabel to decode it's security attributes,
+and translated the security attributes into a LSM internal identifier the LSM
+can use the NetLabel caching functions to associate the LSM internal
+identifier with the network packet's label.  This means that in the future
+when a incoming packet matches a cached value not only are the internal
+NetLabel translation mechanisms bypassed but the LSM translation mechanisms are
+bypassed as well which should result in a significant reduction in overhead.
diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt
index 90ed78110fd4..935e298f674a 100644
--- a/Documentation/networking/ip-sysctl.txt
+++ b/Documentation/networking/ip-sysctl.txt
@@ -375,6 +375,41 @@ tcp_slow_start_after_idle - BOOLEAN
         be timed out after an idle period.
         Default: 1
 
+CIPSOv4 Variables:
+
+cipso_cache_enable - BOOLEAN
+        If set, enable additions to and lookups from the CIPSO label mapping
+        cache.  If unset, additions are ignored and lookups always result in a
+        miss.  However, regardless of the setting the cache is still
+        invalidated when required when means you can safely toggle this on and
+        off and the cache will always be "safe".
+        Default: 1
+
+cipso_cache_bucket_size - INTEGER
+        The CIPSO label cache consists of a fixed size hash table with each
+        hash bucket containing a number of cache entries.  This variable limits
+        the number of entries in each hash bucket; the larger the value the
+        more CIPSO label mappings that can be cached.  When the number of
+        entries in a given hash bucket reaches this limit adding new entries
+        causes the oldest entry in the bucket to be removed to make room.
+        Default: 10
+
+cipso_rbm_optfmt - BOOLEAN
+        Enable the "Optimized Tag 1 Format" as defined in section 3.4.2.6 of
+        the CIPSO draft specification (see Documentation/netlabel for details).
+        This means that when set the CIPSO tag will be padded with empty
+        categories in order to make the packet data 32-bit aligned.
+        Default: 0
+
+cipso_rbm_structvalid - BOOLEAN
+        If set, do a very strict check of the CIPSO option when
+        ip_options_compile() is called.  If unset, relax the checks done during
+        ip_options_compile().  Either way is "safe" as errors are caught else
+        where in the CIPSO processing code but setting this to 0 (False) should
+        result in less work (i.e. it should be faster) but could cause problems
+        with other implementations that require strict checking.
+        Default: 0
+
 IP Variables:
 
 ip_local_port_range - 2 INTEGERS
@@ -730,6 +765,9 @@ conf/all/forwarding - BOOLEAN
 
         This referred to as global forwarding.
 
+proxy_ndp - BOOLEAN
+        Do proxy ndp.
+
 conf/interface/*:
         Change special settings per interface.
 
diff --git a/Documentation/networking/secid.txt b/Documentation/networking/secid.txt
new file mode 100644
index 000000000000..95ea06784333
--- /dev/null
+++ b/Documentation/networking/secid.txt
@@ -0,0 +1,14 @@
+flowi structure:
+
+The secid member in the flow structure is used in LSMs (e.g. SELinux) to indicate
+the label of the flow. This label of the flow is currently used in selecting
+matching labeled xfrm(s).
+
+If this is an outbound flow, the label is derived from the socket, if any, or
+the incoming packet this flow is being generated as a response to (e.g. tcp
+resets, timewait ack, etc.). It is also conceivable that the label could be
+derived from other sources such as process context, device, etc., in special
+cases, as may be appropriate.
+
+If this is an inbound flow, the label is derived from the IPSec security
+associations, if any, used by the packet.
diff --git a/Documentation/scsi/ChangeLog.arcmsr b/Documentation/scsi/ChangeLog.arcmsr
new file mode 100644
index 000000000000..162c47fdf45f
--- /dev/null
+++ b/Documentation/scsi/ChangeLog.arcmsr
@@ -0,0 +1,56 @@
+**************************************************************************
+** History
+**
+**   REV#         DATE             NAME         DESCRIPTION
+** 1.00.00.00    3/31/2004       Erich Chen     First release
+** 1.10.00.04    7/28/2004       Erich Chen     modify for ioctl
+** 1.10.00.06    8/28/2004       Erich Chen     modify for 2.6.x
+** 1.10.00.08    9/28/2004       Erich Chen     modify for x86_64
+** 1.10.00.10   10/10/2004       Erich Chen     bug fix for SMP & ioctl
+** 1.20.00.00   11/29/2004       Erich Chen     bug fix with arcmsr_bus_reset when PHY error
+** 1.20.00.02   12/09/2004       Erich Chen     bug fix with over 2T bytes RAID Volume
+** 1.20.00.04    1/09/2005       Erich Chen     fits for Debian linux kernel version 2.2.xx
+** 1.20.00.05    2/20/2005       Erich Chen     cleanly as look like a Linux driver at 2.6.x
+**                                              thanks for peoples kindness comment
+**                                              Kornel Wieliczek
+**                                              Christoph Hellwig
+**                                              Adrian Bunk
+**                                              Andrew Morton
+**                                              Christoph Hellwig
+**                                              James Bottomley
+**                                              Arjan van de Ven
+** 1.20.00.06    3/12/2005       Erich Chen     fix with arcmsr_pci_unmap_dma "unsigned long" cast,
+**                                              modify PCCB POOL allocated by "dma_alloc_coherent"
+**                                              (Kornel Wieliczek's comment)
+** 1.20.00.07    3/23/2005       Erich Chen     bug fix with arcmsr_scsi_host_template_init
+**                                              occur segmentation fault,
+**                                              if RAID adapter does not on PCI slot
+**                                              and modprobe/rmmod this driver twice.
+**                                              bug fix enormous stack usage (Adrian Bunk's comment)
+** 1.20.00.08    6/23/2005       Erich Chen     bug fix with abort command,
+**                                              in case of heavy loading when sata cable
+**                                              working on low quality connection
+** 1.20.00.09    9/12/2005       Erich Chen     bug fix with abort command handling, firmware version check
+**                                              and firmware update notify for hardware bug fix
+** 1.20.00.10    9/23/2005       Erich Chen     enhance sysfs function for change driver's max tag Q number.
+**                                              add DMA_64BIT_MASK for backward compatible with all 2.6.x
+**                                              add some useful message for abort command
+**                                              add ioctl code 'ARCMSR_IOCTL_FLUSH_ADAPTER_CACHE'
+**                                              customer can send this command for sync raid volume data
+** 1.20.00.11    9/29/2005       Erich Chen     by comment of Arjan van de Ven fix incorrect msleep redefine
+**                                              cast off sizeof(dma_addr_t) condition for 64bit pci_set_dma_mask
+** 1.20.00.12    9/30/2005       Erich Chen     bug fix with 64bit platform's ccbs using if over 4G system memory
+**                                              change 64bit pci_set_consistent_dma_mask into 32bit
+**                                              increcct adapter count if adapter initialize fail.
+**                                              miss edit at arcmsr_build_ccb....
+**                                              psge += sizeof(struct _SG64ENTRY *) =>
+**                                              psge += sizeof(struct _SG64ENTRY)
+**                                              64 bits sg entry would be incorrectly calculated
+**                                              thanks Kornel Wieliczek give me kindly notify
+**                                              and detail description
+** 1.20.00.13   11/15/2005       Erich Chen     scheduling pending ccb with FIFO
+**                                              change the architecture of arcmsr command queue list
+**                                              for linux standard list
+**                                              enable usage of pci message signal interrupt
+**                                              follow Randy.Danlup kindness suggestion cleanup this code
+**************************************************************************
\ No newline at end of file
diff --git a/Documentation/scsi/aacraid.txt b/Documentation/scsi/aacraid.txt
index be55670851a4..ee03678c8029 100644
--- a/Documentation/scsi/aacraid.txt
+++ b/Documentation/scsi/aacraid.txt
@@ -11,38 +11,43 @@ the original).
 Supported Cards/Chipsets
 -------------------------
         PCI ID (pci.ids)        OEM     Product
-        9005:0285:9005:028a     Adaptec 2020ZCR (Skyhawk)
-        9005:0285:9005:028e     Adaptec 2020SA (Skyhawk)
-        9005:0285:9005:028b     Adaptec 2025ZCR (Terminator)
-        9005:0285:9005:028f     Adaptec 2025SA (Terminator)
-        9005:0285:9005:0286     Adaptec 2120S (Crusader)
-        9005:0286:9005:028d     Adaptec 2130S (Lancer)
+        9005:0283:9005:0283     Adaptec Catapult (3210S with arc firmware)
+        9005:0284:9005:0284     Adaptec Tomcat (3410S with arc firmware)
         9005:0285:9005:0285     Adaptec 2200S (Vulcan)
+        9005:0285:9005:0286     Adaptec 2120S (Crusader)
         9005:0285:9005:0287     Adaptec 2200S (Vulcan-2m)
+        9005:0285:9005:0288     Adaptec 3230S (Harrier)
+        9005:0285:9005:0289     Adaptec 3240S (Tornado)
+        9005:0285:9005:028a     Adaptec 2020ZCR (Skyhawk)
+        9005:0285:9005:028b     Adaptec 2025ZCR (Terminator)
         9005:0286:9005:028c     Adaptec 2230S (Lancer)
         9005:0286:9005:028c     Adaptec 2230SLP (Lancer)
-        9005:0285:9005:0296     Adaptec 2240S (SabreExpress)
+        9005:0286:9005:028d     Adaptec 2130S (Lancer)
+        9005:0285:9005:028e     Adaptec 2020SA (Skyhawk)
+        9005:0285:9005:028f     Adaptec 2025SA (Terminator)
         9005:0285:9005:0290     Adaptec 2410SA (Jaguar)
-        9005:0285:9005:0293     Adaptec 21610SA (Corsair-16)
         9005:0285:103c:3227     Adaptec 2610SA (Bearcat HP release)
+        9005:0285:9005:0293     Adaptec 21610SA (Corsair-16)
+        9005:0285:9005:0296     Adaptec 2240S (SabreExpress)
         9005:0285:9005:0292     Adaptec 2810SA (Corsair-8)
         9005:0285:9005:0294     Adaptec Prowler
-        9005:0286:9005:029d     Adaptec 2420SA (Intruder HP release)
-        9005:0286:9005:029c     Adaptec 2620SA (Intruder)
-        9005:0286:9005:029b     Adaptec 2820SA (Intruder)
-        9005:0286:9005:02a7     Adaptec 2830SA (Skyray)
-        9005:0286:9005:02a8     Adaptec 2430SA (Skyray)
-        9005:0285:9005:0288     Adaptec 3230S (Harrier)
-        9005:0285:9005:0289     Adaptec 3240S (Tornado)
-        9005:0285:9005:0298     Adaptec 4000SAS (BlackBird)
         9005:0285:9005:0297     Adaptec 4005SAS (AvonPark)
+        9005:0285:9005:0298     Adaptec 4000SAS (BlackBird)
         9005:0285:9005:0299     Adaptec 4800SAS (Marauder-X)
         9005:0285:9005:029a     Adaptec 4805SAS (Marauder-E)
+        9005:0286:9005:029b     Adaptec 2820SA (Intruder)
+        9005:0286:9005:029c     Adaptec 2620SA (Intruder)
+        9005:0286:9005:029d     Adaptec 2420SA (Intruder HP release)
         9005:0286:9005:02a2     Adaptec 3800SAS (Hurricane44)
+        9005:0286:9005:02a7     Adaptec 3805SAS (Hurricane80)
+        9005:0286:9005:02a8     Adaptec 3400SAS (Hurricane40)
+        9005:0286:9005:02ac     Adaptec 1800SAS (Typhoon44)
+        9005:0286:9005:02b3     Adaptec 2400SAS (Hurricane40lm)
+        9005:0285:9005:02b5     Adaptec ASR5800 (Voodoo44)
+        9005:0285:9005:02b6     Adaptec ASR5805 (Voodoo80)
+        9005:0285:9005:02b7     Adaptec ASR5808 (Voodoo08)
         1011:0046:9005:0364     Adaptec 5400S (Mustang)
         1011:0046:9005:0365     Adaptec 5400S (Mustang)
-        9005:0283:9005:0283     Adaptec Catapult (3210S with arc firmware)
-        9005:0284:9005:0284     Adaptec Tomcat (3410S with arc firmware)
         9005:0287:9005:0800     Adaptec Themisto (Jupiter)
         9005:0200:9005:0200     Adaptec Themisto (Jupiter)
         9005:0286:9005:0800     Adaptec Callisto (Jupiter)
@@ -64,18 +69,20 @@ Supported Cards/Chipsets
         9005:0285:9005:0290     IBM     ServeRAID 7t (Jaguar)
         9005:0285:1014:02F2     IBM     ServeRAID 8i (AvonPark)
         9005:0285:1014:0312     IBM     ServeRAID 8i (AvonParkLite)
-        9005:0286:1014:9580     IBM     ServeRAID 8k/8k-l8 (Aurora)
         9005:0286:1014:9540     IBM     ServeRAID 8k/8k-l4 (AuroraLite)
-        9005:0286:9005:029f     ICP     ICP9014R0 (Lancer)
+        9005:0286:1014:9580     IBM     ServeRAID 8k/8k-l8 (Aurora)
+        9005:0286:1014:034d     IBM     ServeRAID 8s (Hurricane)
         9005:0286:9005:029e     ICP     ICP9024R0 (Lancer)
+        9005:0286:9005:029f     ICP     ICP9014R0 (Lancer)
         9005:0286:9005:02a0     ICP     ICP9047MA (Lancer)
         9005:0286:9005:02a1     ICP     ICP9087MA (Lancer)
+        9005:0286:9005:02a3     ICP     ICP5445AU (Hurricane44)
         9005:0286:9005:02a4     ICP     ICP9085LI (Marauder-X)
         9005:0286:9005:02a5     ICP     ICP5085BR (Marauder-E)
-        9005:0286:9005:02a3     ICP     ICP5445AU (Hurricane44)
         9005:0286:9005:02a6     ICP     ICP9067MA (Intruder-6)
-        9005:0286:9005:02a9     ICP     ICP5087AU (Skyray)
-        9005:0286:9005:02aa     ICP     ICP5047AU (Skyray)
+        9005:0286:9005:02a9     ICP     ICP5085AU (Hurricane80)
+        9005:0286:9005:02aa     ICP     ICP5045AU (Hurricane40)
+        9005:0286:9005:02b4     ICP     ICP5045AL (Hurricane40lm)
 
 People
 -------------------------
diff --git a/Documentation/scsi/arcmsr_spec.txt b/Documentation/scsi/arcmsr_spec.txt
new file mode 100644
index 000000000000..5e0042340fd3
--- /dev/null
+++ b/Documentation/scsi/arcmsr_spec.txt
@@ -0,0 +1,574 @@
+*******************************************************************************
+**                            ARECA FIRMWARE SPEC
+*******************************************************************************
+**      Usage of IOP331 adapter
+**      (All In/Out is in IOP331's view)
+**      1. Message 0 --> InitThread message and retrun code
+**      2. Doorbell is used for RS-232 emulation
+**              inDoorBell :    bit0 -- data in ready
+**                      (DRIVER DATA WRITE OK)
+**                              bit1 -- data out has been read
+**                      (DRIVER DATA READ OK)
+**              outDooeBell:    bit0 -- data out ready
+**                      (IOP331 DATA WRITE OK)
+**                              bit1 -- data in has been read
+**                      (IOP331 DATA READ OK)
+**      3. Index Memory Usage
+**      offset 0xf00 : for RS232 out (request buffer)
+**      offset 0xe00 : for RS232 in  (scratch buffer)
+**      offset 0xa00 : for inbound message code message_rwbuffer
+**                      (driver send to IOP331)
+**      offset 0xa00 : for outbound message code message_rwbuffer
+**                      (IOP331 send to driver)
+**      4. RS-232 emulation
+**              Currently 128 byte buffer is used
+**                      1st uint32_t : Data length (1--124)
+**                      Byte 4--127  : Max 124 bytes of data
+**      5. PostQ
+**      All SCSI Command must be sent through postQ:
+**      (inbound queue port)    Request frame must be 32 bytes aligned
+**      #bit27--bit31 => flag for post ccb
+**      #bit0--bit26  => real address (bit27--bit31) of post arcmsr_cdb
+**              bit31 :
+**                      0 : 256 bytes frame
+**                      1 : 512 bytes frame
+**              bit30 :
+**                      0 : normal request
+**                      1 : BIOS request
+**              bit29 : reserved
+**              bit28 : reserved
+**              bit27 : reserved
+**  ---------------------------------------------------------------------------
+**      (outbount queue port)   Request reply
+**      #bit27--bit31
+**              => flag for reply
+**      #bit0--bit26
+**              => real address (bit27--bit31) of reply arcmsr_cdb
+**                      bit31 : must be 0 (for this type of reply)
+**                      bit30 : reserved for BIOS handshake
+**                      bit29 : reserved
+**                      bit28 :
+**                      0 : no error, ignore AdapStatus/DevStatus/SenseData
+**                      1 : Error, error code in AdapStatus/DevStatus/SenseData
+**                      bit27 : reserved
+**      6. BIOS request
+**              All BIOS request is the same with request from PostQ
+**              Except :
+**                      Request frame is sent from configuration space
+**              offset: 0x78 : Request Frame (bit30 == 1)
+**              offset: 0x18 : writeonly to generate
+**                                      IRQ to IOP331
+**              Completion of request:
+**                      (bit30 == 0, bit28==err flag)
+**      7. Definition of SGL entry (structure)
+**      8. Message1 Out - Diag Status Code (????)
+**      9. Message0 message code :
+**              0x00 : NOP
+**              0x01 : Get Config
+**              ->offset 0xa00 :for outbound message code message_rwbuffer
+**              (IOP331 send to driver)
+**              Signature             0x87974060(4)
+**              Request len           0x00000200(4)
+**              numbers of queue      0x00000100(4)
+**              SDRAM Size            0x00000100(4)-->256 MB
+**              IDE Channels          0x00000008(4)
+**              vendor                40 bytes char
+**              model                  8 bytes char
+**              FirmVer               16 bytes char
+**              Device Map            16 bytes char
+**              FirmwareVersion DWORD <== Added for checking of
+**                                              new firmware capability
+**              0x02 : Set Config
+**              ->offset 0xa00 :for inbound message code message_rwbuffer
+**              (driver send to IOP331)
+**              Signature             0x87974063(4)
+**              UPPER32 of Request Frame  (4)-->Driver Only
+**              0x03 : Reset (Abort all queued Command)
+**              0x04 : Stop Background Activity
+**              0x05 : Flush Cache
+**              0x06 : Start Background Activity
+**                      (re-start if background is halted)
+**              0x07 : Check If Host Command Pending
+**                      (Novell May Need This Function)
+**              0x08 : Set controller time
+**              ->offset 0xa00 : for inbound message code message_rwbuffer
+**              (driver to IOP331)
+**              byte 0 : 0xaa <-- signature
+**              byte 1 : 0x55 <-- signature
+**              byte 2 : year (04)
+**              byte 3 : month (1..12)
+**              byte 4 : date (1..31)
+**              byte 5 : hour (0..23)
+**              byte 6 : minute (0..59)
+**              byte 7 : second (0..59)
+*******************************************************************************
+*******************************************************************************
+**              RS-232 Interface for Areca Raid Controller
+**      The low level command interface is exclusive with VT100 terminal
+**  --------------------------------------------------------------------
+**      1. Sequence of command execution
+**  --------------------------------------------------------------------
+**      (A) Header : 3 bytes sequence (0x5E, 0x01, 0x61)
+**      (B) Command block : variable length of data including length,
+**              command code, data and checksum byte
+**      (C) Return data : variable length of data
+**  --------------------------------------------------------------------
+**    2. Command block
+**  --------------------------------------------------------------------
+**      (A) 1st byte : command block length (low byte)
+**      (B) 2nd byte : command block length (high byte)
+**                note ..command block length shouldn't > 2040 bytes,
+**              length excludes these two bytes
+**      (C) 3rd byte : command code
+**      (D) 4th and following bytes : variable length data bytes
+**              depends on command code
+**      (E) last byte : checksum byte (sum of 1st byte until last data byte)
+**  --------------------------------------------------------------------
+**    3. Command code and associated data
+**  --------------------------------------------------------------------
+**      The following are command code defined in raid controller Command
+**      code 0x10--0x1? are used for system level management,
+**      no password checking is needed and should be implemented in separate
+**      well controlled utility and not for end user access.
+**      Command code 0x20--0x?? always check the password,
+**      password must be entered to enable these command.
+**      enum
+**      {
+**              GUI_SET_SERIAL=0x10,
+**              GUI_SET_VENDOR,
+**              GUI_SET_MODEL,
+**              GUI_IDENTIFY,
+**              GUI_CHECK_PASSWORD,
+**              GUI_LOGOUT,
+**              GUI_HTTP,
+**              GUI_SET_ETHERNET_ADDR,
+**              GUI_SET_LOGO,
+**              GUI_POLL_EVENT,
+**              GUI_GET_EVENT,
+**              GUI_GET_HW_MONITOR,
+**              //    GUI_QUICK_CREATE=0x20, (function removed)
+**              GUI_GET_INFO_R=0x20,
+**              GUI_GET_INFO_V,
+**              GUI_GET_INFO_P,
+**              GUI_GET_INFO_S,
+**              GUI_CLEAR_EVENT,
+**              GUI_MUTE_BEEPER=0x30,
+**              GUI_BEEPER_SETTING,
+**              GUI_SET_PASSWORD,
+**              GUI_HOST_INTERFACE_MODE,
+**              GUI_REBUILD_PRIORITY,
+**              GUI_MAX_ATA_MODE,
+**              GUI_RESET_CONTROLLER,
+**              GUI_COM_PORT_SETTING,
+**              GUI_NO_OPERATION,
+**              GUI_DHCP_IP,
+**              GUI_CREATE_PASS_THROUGH=0x40,
+**              GUI_MODIFY_PASS_THROUGH,
+**              GUI_DELETE_PASS_THROUGH,
+**              GUI_IDENTIFY_DEVICE,
+**              GUI_CREATE_RAIDSET=0x50,
+**              GUI_DELETE_RAIDSET,
+**              GUI_EXPAND_RAIDSET,
+**              GUI_ACTIVATE_RAIDSET,
+**              GUI_CREATE_HOT_SPARE,
+**              GUI_DELETE_HOT_SPARE,
+**              GUI_CREATE_VOLUME=0x60,
+**              GUI_MODIFY_VOLUME,
+**              GUI_DELETE_VOLUME,
+**              GUI_START_CHECK_VOLUME,
+**              GUI_STOP_CHECK_VOLUME
+**      };
+**    Command description :
+**      GUI_SET_SERIAL : Set the controller serial#
+**              byte 0,1        : length
+**              byte 2          : command code 0x10
+**              byte 3          : password length (should be 0x0f)
+**              byte 4-0x13     : should be "ArEcATecHnoLogY"
+**              byte 0x14--0x23 : Serial number string (must be 16 bytes)
+**      GUI_SET_VENDOR : Set vendor string for the controller
+**              byte 0,1        : length
+**              byte 2          : command code 0x11
+**              byte 3          : password length (should be 0x08)
+**              byte 4-0x13     : should be "ArEcAvAr"
+**              byte 0x14--0x3B : vendor string (must be 40 bytes)
+**      GUI_SET_MODEL : Set the model name of the controller
+**              byte 0,1        : length
+**              byte 2          : command code 0x12
+**              byte 3          : password length (should be 0x08)
+**              byte 4-0x13     : should be "ArEcAvAr"
+**              byte 0x14--0x1B : model string (must be 8 bytes)
+**      GUI_IDENTIFY : Identify device
+**              byte 0,1        : length
+**              byte 2          : command code 0x13
+**                                return "Areca RAID Subsystem "
+**      GUI_CHECK_PASSWORD : Verify password
+**              byte 0,1        : length
+**              byte 2          : command code 0x14
+**              byte 3          : password length
+**              byte 4-0x??     : user password to be checked
+**      GUI_LOGOUT : Logout GUI (force password checking on next command)
+**              byte 0,1        : length
+**              byte 2          : command code 0x15
+**      GUI_HTTP : HTTP interface (reserved for Http proxy service)(0x16)
+**
+**      GUI_SET_ETHERNET_ADDR : Set the ethernet MAC address
+**              byte 0,1        : length
+**              byte 2          : command code 0x17
+**              byte 3          : password length (should be 0x08)
+**              byte 4-0x13     : should be "ArEcAvAr"
+**              byte 0x14--0x19 : Ethernet MAC address (must be 6 bytes)
+**      GUI_SET_LOGO : Set logo in HTTP
+**              byte 0,1        : length
+**              byte 2          : command code 0x18
+**              byte 3          : Page# (0/1/2/3) (0xff --> clear OEM logo)
+**              byte 4/5/6/7    : 0x55/0xaa/0xa5/0x5a
+**              byte 8          : TITLE.JPG data (each page must be 2000 bytes)
+**                                note page0 1st 2 byte must be
+**                                      actual length of the JPG file
+**      GUI_POLL_EVENT : Poll If Event Log Changed
+**              byte 0,1        : length
+**              byte 2          : command code 0x19
+**      GUI_GET_EVENT : Read Event
+**              byte 0,1        : length
+**              byte 2          : command code 0x1a
+**              byte 3          : Event Page (0:1st page/1/2/3:last page)
+**      GUI_GET_HW_MONITOR : Get HW monitor data
+**              byte 0,1        : length
+**              byte 2                  : command code 0x1b
+**              byte 3                  : # of FANs(example 2)
+**              byte 4                  : # of Voltage sensor(example 3)
+**              byte 5                  : # of temperature sensor(example 2)
+**              byte 6                  : # of power
+**              byte 7/8        : Fan#0 (RPM)
+**              byte 9/10       : Fan#1
+**              byte 11/12              : Voltage#0 original value in *1000
+**              byte 13/14              : Voltage#0 value
+**              byte 15/16              : Voltage#1 org
+**              byte 17/18              : Voltage#1
+**              byte 19/20              : Voltage#2 org
+**              byte 21/22              : Voltage#2
+**              byte 23                 : Temp#0
+**              byte 24                 : Temp#1
+**              byte 25                 : Power indicator (bit0 : power#0,
+**                                               bit1 : power#1)
+**              byte 26                 : UPS indicator
+**      GUI_QUICK_CREATE : Quick create raid/volume set
+**          byte 0,1        : length
+**          byte 2          : command code 0x20
+**          byte 3/4/5/6    : raw capacity
+**          byte 7                      : raid level
+**          byte 8                      : stripe size
+**          byte 9                      : spare
+**          byte 10/11/12/13: device mask (the devices to create raid/volume)
+**              This function is removed, application like
+**              to implement quick create function
+**      need to use GUI_CREATE_RAIDSET and GUI_CREATE_VOLUMESET function.
+**      GUI_GET_INFO_R : Get Raid Set Information
+**              byte 0,1        : length
+**              byte 2          : command code 0x20
+**              byte 3          : raidset#
+**      typedef struct sGUI_RAIDSET
+**      {
+**              BYTE grsRaidSetName[16];
+**              DWORD grsCapacity;
+**              DWORD grsCapacityX;
+**              DWORD grsFailMask;
+**              BYTE grsDevArray[32];
+**              BYTE grsMemberDevices;
+**              BYTE grsNewMemberDevices;
+**              BYTE grsRaidState;
+**              BYTE grsVolumes;
+**              BYTE grsVolumeList[16];
+**              BYTE grsRes1;
+**              BYTE grsRes2;
+**              BYTE grsRes3;
+**              BYTE grsFreeSegments;
+**              DWORD grsRawStripes[8];
+**              DWORD grsRes4;
+**              DWORD grsRes5; //     Total to 128 bytes
+**              DWORD grsRes6; //     Total to 128 bytes
+**      } sGUI_RAIDSET, *pGUI_RAIDSET;
+**      GUI_GET_INFO_V : Get Volume Set Information
+**              byte 0,1        : length
+**              byte 2          : command code 0x21
+**              byte 3          : volumeset#
+**      typedef struct sGUI_VOLUMESET
+**      {
+**              BYTE gvsVolumeName[16]; //     16
+**              DWORD gvsCapacity;
+**              DWORD gvsCapacityX;
+**              DWORD gvsFailMask;
+**              DWORD gvsStripeSize;
+**              DWORD gvsNewFailMask;
+**              DWORD gvsNewStripeSize;
+**              DWORD gvsVolumeStatus;
+**              DWORD gvsProgress; //     32
+**              sSCSI_ATTR gvsScsi;
+**              BYTE gvsMemberDisks;
+**              BYTE gvsRaidLevel; //     8
+**              BYTE gvsNewMemberDisks;
+**              BYTE gvsNewRaidLevel;
+**              BYTE gvsRaidSetNumber;
+**              BYTE gvsRes0; //     4
+**              BYTE gvsRes1[4]; //     64 bytes
+**      } sGUI_VOLUMESET, *pGUI_VOLUMESET;
+**      GUI_GET_INFO_P : Get Physical Drive Information
+**              byte 0,1        : length
+**              byte 2          : command code 0x22
+**              byte 3          : drive # (from 0 to max-channels - 1)
+**      typedef struct sGUI_PHY_DRV
+**      {
+**              BYTE gpdModelName[40];
+**              BYTE gpdSerialNumber[20];
+**              BYTE gpdFirmRev[8];
+**              DWORD gpdCapacity;
+**              DWORD gpdCapacityX; //     Reserved for expansion
+**              BYTE gpdDeviceState;
+**              BYTE gpdPioMode;
+**              BYTE gpdCurrentUdmaMode;
+**              BYTE gpdUdmaMode;
+**              BYTE gpdDriveSelect;
+**              BYTE gpdRaidNumber; //     0xff if not belongs to a raid set
+**              sSCSI_ATTR gpdScsi;
+**              BYTE gpdReserved[40]; //     Total to 128 bytes
+**      } sGUI_PHY_DRV, *pGUI_PHY_DRV;
+**      GUI_GET_INFO_S : Get System Information
+**              byte 0,1        : length
+**              byte 2          : command code 0x23
+**      typedef struct sCOM_ATTR
+**      {
+**              BYTE comBaudRate;
+**              BYTE comDataBits;
+**              BYTE comStopBits;
+**              BYTE comParity;
+**              BYTE comFlowControl;
+**      } sCOM_ATTR, *pCOM_ATTR;
+**      typedef struct sSYSTEM_INFO
+**      {
+**              BYTE gsiVendorName[40];
+**              BYTE gsiSerialNumber[16];
+**              BYTE gsiFirmVersion[16];
+**              BYTE gsiBootVersion[16];
+**              BYTE gsiMbVersion[16];
+**              BYTE gsiModelName[8];
+**              BYTE gsiLocalIp[4];
+**              BYTE gsiCurrentIp[4];
+**              DWORD gsiTimeTick;
+**              DWORD gsiCpuSpeed;
+**              DWORD gsiICache;
+**              DWORD gsiDCache;
+**              DWORD gsiScache;
+**              DWORD gsiMemorySize;
+**              DWORD gsiMemorySpeed;
+**              DWORD gsiEvents;
+**              BYTE gsiMacAddress[6];
+**              BYTE gsiDhcp;
+**              BYTE gsiBeeper;
+**              BYTE gsiChannelUsage;
+**              BYTE gsiMaxAtaMode;
+**              BYTE gsiSdramEcc; //     1:if ECC enabled
+**              BYTE gsiRebuildPriority;
+**              sCOM_ATTR gsiComA; //     5 bytes
+**              sCOM_ATTR gsiComB; //     5 bytes
+**              BYTE gsiIdeChannels;
+**              BYTE gsiScsiHostChannels;
+**              BYTE gsiIdeHostChannels;
+**              BYTE gsiMaxVolumeSet;
+**              BYTE gsiMaxRaidSet;
+**              BYTE gsiEtherPort; //     1:if ether net port supported
+**              BYTE gsiRaid6Engine; //     1:Raid6 engine supported
+**              BYTE gsiRes[75];
+**      } sSYSTEM_INFO, *pSYSTEM_INFO;
+**      GUI_CLEAR_EVENT : Clear System Event
+**              byte 0,1        : length
+**              byte 2          : command code 0x24
+**      GUI_MUTE_BEEPER : Mute current beeper
+**              byte 0,1        : length
+**              byte 2          : command code 0x30
+**      GUI_BEEPER_SETTING : Disable beeper
+**              byte 0,1        : length
+**              byte 2          : command code 0x31
+**              byte 3          : 0->disable, 1->enable
+**      GUI_SET_PASSWORD : Change password
+**              byte 0,1        : length
+**              byte 2                  : command code 0x32
+**              byte 3                  : pass word length ( must <= 15 )
+**              byte 4                  : password (must be alpha-numerical)
+**      GUI_HOST_INTERFACE_MODE : Set host interface mode
+**              byte 0,1        : length
+**              byte 2                  : command code 0x33
+**              byte 3                  : 0->Independent, 1->cluster
+**      GUI_REBUILD_PRIORITY : Set rebuild priority
+**              byte 0,1        : length
+**              byte 2                  : command code 0x34
+**              byte 3                  : 0/1/2/3 (low->high)
+**      GUI_MAX_ATA_MODE : Set maximum ATA mode to be used
+**              byte 0,1        : length
+**              byte 2                  : command code 0x35
+**              byte 3                  : 0/1/2/3 (133/100/66/33)
+**      GUI_RESET_CONTROLLER : Reset Controller
+**              byte 0,1        : length
+**              byte 2          : command code 0x36
+**                            *Response with VT100 screen (discard it)
+**      GUI_COM_PORT_SETTING : COM port setting
+**              byte 0,1        : length
+**              byte 2                  : command code 0x37
+**              byte 3                  : 0->COMA (term port),
+**                                        1->COMB (debug port)
+**              byte 4                  : 0/1/2/3/4/5/6/7
+**                      (1200/2400/4800/9600/19200/38400/57600/115200)
+**              byte 5                  : data bit
+**                                      (0:7 bit, 1:8 bit : must be 8 bit)
+**              byte 6                  : stop bit (0:1, 1:2 stop bits)
+**              byte 7                  : parity (0:none, 1:off, 2:even)
+**              byte 8                  : flow control
+**                      (0:none, 1:xon/xoff, 2:hardware => must use none)
+**      GUI_NO_OPERATION : No operation
+**              byte 0,1        : length
+**              byte 2          : command code 0x38
+**      GUI_DHCP_IP : Set DHCP option and local IP address
+**              byte 0,1        : length
+**              byte 2          : command code 0x39
+**              byte 3          : 0:dhcp disabled, 1:dhcp enabled
+**              byte 4/5/6/7    : IP address
+**      GUI_CREATE_PASS_THROUGH : Create pass through disk
+**              byte 0,1        : length
+**              byte 2                  : command code 0x40
+**              byte 3                  : device #
+**              byte 4                  : scsi channel (0/1)
+**              byte 5                  : scsi id (0-->15)
+**              byte 6                  : scsi lun (0-->7)
+**              byte 7                  : tagged queue (1 : enabled)
+**              byte 8                  : cache mode (1 : enabled)
+**              byte 9                  : max speed (0/1/2/3/4,
+**                      async/20/40/80/160 for scsi)
+**                      (0/1/2/3/4, 33/66/100/133/150 for ide  )
+**      GUI_MODIFY_PASS_THROUGH : Modify pass through disk
+**              byte 0,1        : length
+**              byte 2                  : command code 0x41
+**              byte 3                  : device #
+**              byte 4                  : scsi channel (0/1)
+**              byte 5                  : scsi id (0-->15)
+**              byte 6                  : scsi lun (0-->7)
+**              byte 7                  : tagged queue (1 : enabled)
+**              byte 8                  : cache mode (1 : enabled)
+**              byte 9                  : max speed (0/1/2/3/4,
+**                                      async/20/40/80/160 for scsi)
+**                      (0/1/2/3/4, 33/66/100/133/150 for ide  )
+**      GUI_DELETE_PASS_THROUGH : Delete pass through disk
+**              byte 0,1        : length
+**              byte 2          : command code 0x42
+**              byte 3          : device# to be deleted
+**      GUI_IDENTIFY_DEVICE : Identify Device
+**              byte 0,1        : length
+**              byte 2          : command code 0x43
+**              byte 3          : Flash Method
+**                              (0:flash selected, 1:flash not selected)
+**              byte 4/5/6/7    : IDE device mask to be flashed
+**                           note .... no response data available
+**      GUI_CREATE_RAIDSET : Create Raid Set
+**              byte 0,1        : length
+**              byte 2          : command code 0x50
+**              byte 3/4/5/6    : device mask
+**              byte 7-22       : raidset name (if byte 7 == 0:use default)
+**      GUI_DELETE_RAIDSET : Delete Raid Set
+**              byte 0,1        : length
+**              byte 2          : command code 0x51
+**              byte 3          : raidset#
+**      GUI_EXPAND_RAIDSET : Expand Raid Set
+**              byte 0,1        : length
+**              byte 2          : command code 0x52
+**              byte 3          : raidset#
+**              byte 4/5/6/7    : device mask for expansion
+**              byte 8/9/10     : (8:0 no change, 1 change, 0xff:terminate,
+**                              9:new raid level,
+**                              10:new stripe size
+**                              0/1/2/3/4/5->4/8/16/32/64/128K )
+**              byte 11/12/13   : repeat for each volume in the raidset
+**      GUI_ACTIVATE_RAIDSET : Activate incomplete raid set
+**              byte 0,1        : length
+**              byte 2          : command code 0x53
+**              byte 3          : raidset#
+**      GUI_CREATE_HOT_SPARE : Create hot spare disk
+**              byte 0,1        : length
+**              byte 2          : command code 0x54
+**              byte 3/4/5/6    : device mask for hot spare creation
+**      GUI_DELETE_HOT_SPARE : Delete hot spare disk
+**              byte 0,1        : length
+**              byte 2          : command code 0x55
+**              byte 3/4/5/6    : device mask for hot spare deletion
+**      GUI_CREATE_VOLUME : Create volume set
+**              byte 0,1        : length
+**              byte 2          : command code 0x60
+**              byte 3          : raidset#
+**              byte 4-19       : volume set name
+**                              (if byte4 == 0, use default)
+**              byte 20-27      : volume capacity (blocks)
+**              byte 28                 : raid level
+**              byte 29                 : stripe size
+**                              (0/1/2/3/4/5->4/8/16/32/64/128K)
+**              byte 30                 : channel
+**              byte 31                 : ID
+**              byte 32                 : LUN
+**              byte 33                 : 1 enable tag
+**              byte 34                 : 1 enable cache
+**              byte 35                 : speed
+**              (0/1/2/3/4->async/20/40/80/160 for scsi)
+**              (0/1/2/3/4->33/66/100/133/150 for IDE  )
+**              byte 36                 : 1 to select quick init
+**
+**      GUI_MODIFY_VOLUME : Modify volume Set
+**              byte 0,1        : length
+**              byte 2          : command code 0x61
+**              byte 3          : volumeset#
+**              byte 4-19       : new volume set name
+**              (if byte4 == 0, not change)
+**              byte 20-27      : new volume capacity (reserved)
+**              byte 28                 : new raid level
+**              byte 29                 : new stripe size
+**              (0/1/2/3/4/5->4/8/16/32/64/128K)
+**              byte 30                 : new channel
+**              byte 31                 : new ID
+**              byte 32                 : new LUN
+**              byte 33                 : 1 enable tag
+**              byte 34                 : 1 enable cache
+**              byte 35                 : speed
+**              (0/1/2/3/4->async/20/40/80/160 for scsi)
+**              (0/1/2/3/4->33/66/100/133/150 for IDE  )
+**      GUI_DELETE_VOLUME : Delete volume set
+**              byte 0,1        : length
+**              byte 2          : command code 0x62
+**              byte 3          : volumeset#
+**      GUI_START_CHECK_VOLUME : Start volume consistency check
+**              byte 0,1        : length
+**              byte 2          : command code 0x63
+**              byte 3          : volumeset#
+**      GUI_STOP_CHECK_VOLUME : Stop volume consistency check
+**              byte 0,1        : length
+**              byte 2          : command code 0x64
+** ---------------------------------------------------------------------
+**    4. Returned data
+** ---------------------------------------------------------------------
+**      (A) Header          : 3 bytes sequence (0x5E, 0x01, 0x61)
+**      (B) Length          : 2 bytes
+**                      (low byte 1st, excludes length and checksum byte)
+**      (C) status or data  :
+**           <1> If length == 1 ==> 1 byte status code
+**              #define GUI_OK                    0x41
+**              #define GUI_RAIDSET_NOT_NORMAL    0x42
+**              #define GUI_VOLUMESET_NOT_NORMAL  0x43
+**              #define GUI_NO_RAIDSET            0x44
+**              #define GUI_NO_VOLUMESET          0x45
+**              #define GUI_NO_PHYSICAL_DRIVE     0x46
+**              #define GUI_PARAMETER_ERROR       0x47
+**              #define GUI_UNSUPPORTED_COMMAND   0x48
+**              #define GUI_DISK_CONFIG_CHANGED   0x49
+**              #define GUI_INVALID_PASSWORD      0x4a
+**              #define GUI_NO_DISK_SPACE         0x4b
+**              #define GUI_CHECKSUM_ERROR        0x4c
+**              #define GUI_PASSWORD_REQUIRED     0x4d
+**           <2> If length > 1 ==>
+**              data block returned from controller
+**              and the contents depends on the command code
+**      (E) Checksum        : checksum of length and status or data byte
+**************************************************************************
diff --git a/Documentation/scsi/libsas.txt b/Documentation/scsi/libsas.txt
new file mode 100644
index 000000000000..9e2078b2a615
--- /dev/null
+++ b/Documentation/scsi/libsas.txt
@@ -0,0 +1,484 @@
+SAS Layer
+---------
+
+The SAS Layer is a management infrastructure which manages
+SAS LLDDs.  It sits between SCSI Core and SAS LLDDs.  The
+layout is as follows: while SCSI Core is concerned with
+SAM/SPC issues, and a SAS LLDD+sequencer is concerned with
+phy/OOB/link management, the SAS layer is concerned with:
+
+      * SAS Phy/Port/HA event management (LLDD generates,
+        SAS Layer processes),
+      * SAS Port management (creation/destruction),
+      * SAS Domain discovery and revalidation,
+      * SAS Domain device management,
+      * SCSI Host registration/unregistration,
+      * Device registration with SCSI Core (SAS) or libata
+        (SATA), and
+      * Expander management and exporting expander control
+        to user space.
+
+A SAS LLDD is a PCI device driver.  It is concerned with
+phy/OOB management, and vendor specific tasks and generates
+events to the SAS layer.
+
+The SAS Layer does most SAS tasks as outlined in the SAS 1.1
+spec.
+
+The sas_ha_struct describes the SAS LLDD to the SAS layer.
+Most of it is used by the SAS Layer but a few fields need to
+be initialized by the LLDDs.
+
+After initializing your hardware, from the probe() function
+you call sas_register_ha(). It will register your LLDD with
+the SCSI subsystem, creating a SCSI host and it will
+register your SAS driver with the sysfs SAS tree it creates.
+It will then return.  Then you enable your phys to actually
+start OOB (at which point your driver will start calling the
+notify_* event callbacks).
+
+Structure descriptions:
+
+struct sas_phy --------------------
+Normally this is statically embedded to your driver's
+phy structure:
+        struct my_phy {
+               blah;
+               struct sas_phy sas_phy;
+               bleh;
+        };
+And then all the phys are an array of my_phy in your HA
+struct (shown below).
+
+Then as you go along and initialize your phys you also
+initialize the sas_phy struct, along with your own
+phy structure.
+
+In general, the phys are managed by the LLDD and the ports
+are managed by the SAS layer.  So the phys are initialized
+and updated by the LLDD and the ports are initialized and
+updated by the SAS layer.
+
+There is a scheme where the LLDD can RW certain fields,
+and the SAS layer can only read such ones, and vice versa.
+The idea is to avoid unnecessary locking.
+
+enabled -- must be set (0/1)
+id -- must be set [0,MAX_PHYS)
+class, proto, type, role, oob_mode, linkrate -- must be set
+oob_mode --  you set this when OOB has finished and then notify
+the SAS Layer.
+
+sas_addr -- this normally points to an array holding the sas
+address of the phy, possibly somewhere in your my_phy
+struct.
+
+attached_sas_addr -- set this when you (LLDD) receive an
+IDENTIFY frame or a FIS frame, _before_ notifying the SAS
+layer.  The idea is that sometimes the LLDD may want to fake
+or provide a different SAS address on that phy/port and this
+allows it to do this.  At best you should copy the sas
+address from the IDENTIFY frame or maybe generate a SAS
+address for SATA directly attached devices.  The Discover
+process may later change this.
+
+frame_rcvd -- this is where you copy the IDENTIFY/FIS frame
+when you get it; you lock, copy, set frame_rcvd_size and
+unlock the lock, and then call the event.  It is a pointer
+since there's no way to know your hw frame size _exactly_,
+so you define the actual array in your phy struct and let
+this pointer point to it.  You copy the frame from your
+DMAable memory to that area holding the lock.
+
+sas_prim -- this is where primitives go when they're
+received.  See sas.h. Grab the lock, set the primitive,
+release the lock, notify.
+
+port -- this points to the sas_port if the phy belongs
+to a port -- the LLDD only reads this. It points to the
+sas_port this phy is part of.  Set by the SAS Layer.
+
+ha -- may be set; the SAS layer sets it anyway.
+
+lldd_phy -- you should set this to point to your phy so you
+can find your way around faster when the SAS layer calls one
+of your callbacks and passes you a phy.  If the sas_phy is
+embedded you can also use container_of -- whatever you
+prefer.
+
+
+struct sas_port --------------------
+The LLDD doesn't set any fields of this struct -- it only
+reads them.  They should be self explanatory.
+
+phy_mask is 32 bit, this should be enough for now, as I
+haven't heard of a HA having more than 8 phys.
+
+lldd_port -- I haven't found use for that -- maybe other
+LLDD who wish to have internal port representation can make
+use of this.
+
+
+struct sas_ha_struct --------------------
+It normally is statically declared in your own LLDD
+structure describing your adapter:
+struct my_sas_ha {
+       blah;
+       struct sas_ha_struct sas_ha;
+       struct my_phy phys[MAX_PHYS];
+       struct sas_port sas_ports[MAX_PHYS]; /* (1) */
+       bleh;
+};
+
+(1) If your LLDD doesn't have its own port representation.
+
+What needs to be initialized (sample function given below).
+
+pcidev
+sas_addr -- since the SAS layer doesn't want to mess with
+         memory allocation, etc, this points to statically
+         allocated array somewhere (say in your host adapter
+         structure) and holds the SAS address of the host
+         adapter as given by you or the manufacturer, etc.
+sas_port
+sas_phy -- an array of pointers to structures. (see
+        note above on sas_addr).
+        These must be set.  See more notes below.
+num_phys -- the number of phys present in the sas_phy array,
+         and the number of ports present in the sas_port
+         array.  There can be a maximum num_phys ports (one per
+         port) so we drop the num_ports, and only use
+         num_phys.
+
+The event interface:
+
+        /* LLDD calls these to notify the class of an event. */
+        void (*notify_ha_event)(struct sas_ha_struct *, enum ha_event);
+        void (*notify_port_event)(struct sas_phy *, enum port_event);
+        void (*notify_phy_event)(struct sas_phy *, enum phy_event);
+
+When sas_register_ha() returns, those are set and can be
+called by the LLDD to notify the SAS layer of such events
+the SAS layer.
+
+The port notification:
+
+        /* The class calls these to notify the LLDD of an event. */
+        void (*lldd_port_formed)(struct sas_phy *);
+        void (*lldd_port_deformed)(struct sas_phy *);
+
+If the LLDD wants notification when a port has been formed
+or deformed it sets those to a function satisfying the type.
+
+A SAS LLDD should also implement at least one of the Task
+Management Functions (TMFs) described in SAM:
+
+        /* Task Management Functions. Must be called from process context. */
+        int (*lldd_abort_task)(struct sas_task *);
+        int (*lldd_abort_task_set)(struct domain_device *, u8 *lun);
+        int (*lldd_clear_aca)(struct domain_device *, u8 *lun);
+        int (*lldd_clear_task_set)(struct domain_device *, u8 *lun);
+        int (*lldd_I_T_nexus_reset)(struct domain_device *);
+        int (*lldd_lu_reset)(struct domain_device *, u8 *lun);
+        int (*lldd_query_task)(struct sas_task *);
+
+For more information please read SAM from T10.org.
+
+Port and Adapter management:
+
+        /* Port and Adapter management */
+        int (*lldd_clear_nexus_port)(struct sas_port *);
+        int (*lldd_clear_nexus_ha)(struct sas_ha_struct *);
+
+A SAS LLDD should implement at least one of those.
+
+Phy management:
+
+        /* Phy management */
+        int (*lldd_control_phy)(struct sas_phy *, enum phy_func);
+
+lldd_ha -- set this to point to your HA struct. You can also
+use container_of if you embedded it as shown above.
+
+A sample initialization and registration function
+can look like this (called last thing from probe())
+*but* before you enable the phys to do OOB:
+
+static int register_sas_ha(struct my_sas_ha *my_ha)
+{
+        int i;
+        static struct sas_phy   *sas_phys[MAX_PHYS];
+        static struct sas_port  *sas_ports[MAX_PHYS];
+
+        my_ha->sas_ha.sas_addr = &my_ha->sas_addr[0];
+
+        for (i = 0; i < MAX_PHYS; i++) {
+                sas_phys[i] = &my_ha->phys[i].sas_phy;
+                sas_ports[i] = &my_ha->sas_ports[i];
+        }
+
+        my_ha->sas_ha.sas_phy  = sas_phys;
+        my_ha->sas_ha.sas_port = sas_ports;
+        my_ha->sas_ha.num_phys = MAX_PHYS;
+
+        my_ha->sas_ha.lldd_port_formed = my_port_formed;
+
+        my_ha->sas_ha.lldd_dev_found = my_dev_found;
+        my_ha->sas_ha.lldd_dev_gone = my_dev_gone;
+
+        my_ha->sas_ha.lldd_max_execute_num = lldd_max_execute_num; (1)
+
+        my_ha->sas_ha.lldd_queue_size = ha_can_queue;
+        my_ha->sas_ha.lldd_execute_task = my_execute_task;
+
+        my_ha->sas_ha.lldd_abort_task     = my_abort_task;
+        my_ha->sas_ha.lldd_abort_task_set = my_abort_task_set;
+        my_ha->sas_ha.lldd_clear_aca      = my_clear_aca;
+        my_ha->sas_ha.lldd_clear_task_set = my_clear_task_set;
+        my_ha->sas_ha.lldd_I_T_nexus_reset= NULL; (2)
+        my_ha->sas_ha.lldd_lu_reset       = my_lu_reset;
+        my_ha->sas_ha.lldd_query_task     = my_query_task;
+
+        my_ha->sas_ha.lldd_clear_nexus_port = my_clear_nexus_port;
+        my_ha->sas_ha.lldd_clear_nexus_ha = my_clear_nexus_ha;
+
+        my_ha->sas_ha.lldd_control_phy = my_control_phy;
+
+        return sas_register_ha(&my_ha->sas_ha);
+}
+
+(1) This is normally a LLDD parameter, something of the
+lines of a task collector.  What it tells the SAS Layer is
+whether the SAS layer should run in Direct Mode (default:
+value 0 or 1) or Task Collector Mode (value greater than 1).
+
+In Direct Mode, the SAS Layer calls Execute Task as soon as
+it has a command to send to the SDS, _and_ this is a single
+command, i.e. not linked.
+
+Some hardware (e.g. aic94xx) has the capability to DMA more
+than one task at a time (interrupt) from host memory.  Task
+Collector Mode is an optional feature for HAs which support
+this in their hardware.  (Again, it is completely optional
+even if your hardware supports it.)
+
+In Task Collector Mode, the SAS Layer would do _natural_
+coalescing of tasks and at the appropriate moment it would
+call your driver to DMA more than one task in a single HA
+interrupt. DMBS may want to use this by insmod/modprobe
+setting the lldd_max_execute_num to something greater than
+1.
+
+(2) SAS 1.1 does not define I_T Nexus Reset TMF.
+
+Events
+------
+
+Events are _the only way_ a SAS LLDD notifies the SAS layer
+of anything.  There is no other method or way a LLDD to tell
+the SAS layer of anything happening internally or in the SAS
+domain.
+
+Phy events:
+        PHYE_LOSS_OF_SIGNAL, (C)
+        PHYE_OOB_DONE,
+        PHYE_OOB_ERROR,      (C)
+        PHYE_SPINUP_HOLD.
+
+Port events, passed on a _phy_:
+        PORTE_BYTES_DMAED,      (M)
+        PORTE_BROADCAST_RCVD,   (E)
+        PORTE_LINK_RESET_ERR,   (C)
+        PORTE_TIMER_EVENT,      (C)
+        PORTE_HARD_RESET.
+
+Host Adapter event:
+        HAE_RESET
+
+A SAS LLDD should be able to generate
+        - at least one event from group C (choice),
+        - events marked M (mandatory) are mandatory (only one),
+        - events marked E (expander) if it wants the SAS layer
+          to handle domain revalidation (only one such).
+        - Unmarked events are optional.
+
+Meaning:
+
+HAE_RESET -- when your HA got internal error and was reset.
+
+PORTE_BYTES_DMAED -- on receiving an IDENTIFY/FIS frame
+PORTE_BROADCAST_RCVD -- on receiving a primitive
+PORTE_LINK_RESET_ERR -- timer expired, loss of signal, loss
+of DWS, etc. (*)
+PORTE_TIMER_EVENT -- DWS reset timeout timer expired (*)
+PORTE_HARD_RESET -- Hard Reset primitive received.
+
+PHYE_LOSS_OF_SIGNAL -- the device is gone (*)
+PHYE_OOB_DONE -- OOB went fine and oob_mode is valid
+PHYE_OOB_ERROR -- Error while doing OOB, the device probably
+got disconnected. (*)
+PHYE_SPINUP_HOLD -- SATA is present, COMWAKE not sent.
+
+(*) should set/clear the appropriate fields in the phy,
+    or alternatively call the inlined sas_phy_disconnected()
+    which is just a helper, from their tasklet.
+
+The Execute Command SCSI RPC:
+
+        int (*lldd_execute_task)(struct sas_task *, int num,
+                                 unsigned long gfp_flags);
+
+Used to queue a task to the SAS LLDD.  @task is the tasks to
+be executed.  @num should be the number of tasks being
+queued at this function call (they are linked listed via
+task::list), @gfp_mask should be the gfp_mask defining the
+context of the caller.
+
+This function should implement the Execute Command SCSI RPC,
+or if you're sending a SCSI Task as linked commands, you
+should also use this function.
+
+That is, when lldd_execute_task() is called, the command(s)
+go out on the transport *immediately*.  There is *no*
+queuing of any sort and at any level in a SAS LLDD.
+
+The use of task::list is two-fold, one for linked commands,
+the other discussed below.
+
+It is possible to queue up more than one task at a time, by
+initializing the list element of struct sas_task, and
+passing the number of tasks enlisted in this manner in num.
+
+Returns: -SAS_QUEUE_FULL, -ENOMEM, nothing was queued;
+         0, the task(s) were queued.
+
+If you want to pass num > 1, then either
+A) you're the only caller of this function and keep track
+   of what you've queued to the LLDD, or
+B) you know what you're doing and have a strategy of
+   retrying.
+
+As opposed to queuing one task at a time (function call),
+batch queuing of tasks, by having num > 1, greatly
+simplifies LLDD code, sequencer code, and _hardware design_,
+and has some performance advantages in certain situations
+(DBMS).
+
+The LLDD advertises if it can take more than one command at
+a time at lldd_execute_task(), by setting the
+lldd_max_execute_num parameter (controlled by "collector"
+module parameter in aic94xx SAS LLDD).
+
+You should leave this to the default 1, unless you know what
+you're doing.
+
+This is a function of the LLDD, to which the SAS layer can
+cater to.
+
+int lldd_queue_size
+        The host adapter's queue size.  This is the maximum
+number of commands the lldd can have pending to domain
+devices on behalf of all upper layers submitting through
+lldd_execute_task().
+
+You really want to set this to something (much) larger than
+1.
+
+This _really_ has absolutely nothing to do with queuing.
+There is no queuing in SAS LLDDs.
+
+struct sas_task {
+        dev -- the device this task is destined to
+        list -- must be initialized (INIT_LIST_HEAD)
+        task_proto -- _one_ of enum sas_proto
+        scatter -- pointer to scatter gather list array
+        num_scatter -- number of elements in scatter
+        total_xfer_len -- total number of bytes expected to be transfered
+        data_dir -- PCI_DMA_...
+        task_done -- callback when the task has finished execution
+};
+
+When an external entity, entity other than the LLDD or the
+SAS Layer, wants to work with a struct domain_device, it
+_must_ call kobject_get() when getting a handle on the
+device and kobject_put() when it is done with the device.
+
+This does two things:
+     A) implements proper kfree() for the device;
+     B) increments/decrements the kref for all players:
+     domain_device
+        all domain_device's ... (if past an expander)
+            port
+                host adapter
+                     pci device
+                         and up the ladder, etc.
+
+DISCOVERY
+---------
+
+The sysfs tree has the following purposes:
+    a) It shows you the physical layout of the SAS domain at
+       the current time, i.e. how the domain looks in the
+       physical world right now.
+    b) Shows some device parameters _at_discovery_time_.
+
+This is a link to the tree(1) program, very useful in
+viewing the SAS domain:
+ftp://mama.indstate.edu/linux/tree/
+I expect user space applications to actually create a
+graphical interface of this.
+
+That is, the sysfs domain tree doesn't show or keep state if
+you e.g., change the meaning of the READY LED MEANING
+setting, but it does show you the current connection status
+of the domain device.
+
+Keeping internal device state changes is responsibility of
+upper layers (Command set drivers) and user space.
+
+When a device or devices are unplugged from the domain, this
+is reflected in the sysfs tree immediately, and the device(s)
+removed from the system.
+
+The structure domain_device describes any device in the SAS
+domain.  It is completely managed by the SAS layer.  A task
+points to a domain device, this is how the SAS LLDD knows
+where to send the task(s) to.  A SAS LLDD only reads the
+contents of the domain_device structure, but it never creates
+or destroys one.
+
+Expander management from User Space
+-----------------------------------
+
+In each expander directory in sysfs, there is a file called
+"smp_portal".  It is a binary sysfs attribute file, which
+implements an SMP portal (Note: this is *NOT* an SMP port),
+to which user space applications can send SMP requests and
+receive SMP responses.
+
+Functionality is deceptively simple:
+
+1. Build the SMP frame you want to send. The format and layout
+   is described in the SAS spec.  Leave the CRC field equal 0.
+open(2)
+2. Open the expander's SMP portal sysfs file in RW mode.
+write(2)
+3. Write the frame you built in 1.
+read(2)
+4. Read the amount of data you expect to receive for the frame you built.
+   If you receive different amount of data you expected to receive,
+   then there was some kind of error.
+close(2)
+All this process is shown in detail in the function do_smp_func()
+and its callers, in the file "expander_conf.c".
+
+The kernel functionality is implemented in the file
+"sas_expander.c".
+
+The program "expander_conf.c" implements this. It takes one
+argument, the sysfs file name of the SMP portal to the
+expander, and gives expander information, including routing
+tables.
+
+The SMP portal gives you complete control of the expander,
+so please be careful.
diff --git a/Documentation/sound/alsa/ALSA-Configuration.txt b/Documentation/sound/alsa/ALSA-Configuration.txt
index f61af23dd85d..e6b57dd46a4f 100644
--- a/Documentation/sound/alsa/ALSA-Configuration.txt
+++ b/Documentation/sound/alsa/ALSA-Configuration.txt
@@ -758,6 +758,7 @@ Prior to version 0.9.0rc4 options had a 'snd_' prefix. This was removed.
     position_fix - Fix DMA pointer (0 = auto, 1 = none, 2 = POSBUF, 3 = FIFO size)
     single_cmd  - Use single immediate commands to communicate with
                 codecs (for debugging only)
+    disable_msi - Disable Message Signaled Interrupt (MSI)
 
     This module supports one card and autoprobe.
 
@@ -778,11 +779,16 @@ Prior to version 0.9.0rc4 options had a 'snd_' prefix. This was removed.
           6stack-digout 6-jack with a SPDIF out
           w810          3-jack
           z71v          3-jack (HP shared SPDIF)
-          asus          3-jack
+          asus          3-jack (ASUS Mobo)
+          asus-w1v      ASUS W1V
+          asus-dig      ASUS with SPDIF out
+          asus-dig2     ASUS with SPDIF out (using GPIO2)
           uniwill       3-jack
           F1734         2-jack
           lg            LG laptop (m1 express dual)
-          lg-lw         LG LW20 laptop
+          lg-lw         LG LW20/LW25 laptop
+          tcl           TCL S700
+          clevo         Clevo laptops (m520G, m665n)
           test          for testing/debugging purpose, almost all controls can be
                         adjusted.  Appearing only when compiled with
                         $CONFIG_SND_DEBUG=y
@@ -790,6 +796,7 @@ Prior to version 0.9.0rc4 options had a 'snd_' prefix. This was removed.
 
         ALC260
           hp            HP machines
+          hp-3013       HP machines (3013-variant)
           fujitsu       Fujitsu S7020
           acer          Acer TravelMate
           basic         fixed pin assignment (old default model)
@@ -797,24 +804,32 @@ Prior to version 0.9.0rc4 options had a 'snd_' prefix. This was removed.
 
         ALC262
           fujitsu       Fujitsu Laptop
+          hp-bpc        HP xw4400/6400/8400/9400 laptops
+          benq          Benq ED8
           basic         fixed pin assignment w/o SPDIF
           auto          auto-config reading BIOS (default)
 
         ALC882/885
           3stack-dig    3-jack with SPDIF I/O
           6stck-dig     6-jack digital with SPDIF I/O
+          arima         Arima W820Di1
           auto          auto-config reading BIOS (default)
 
         ALC883/888
           3stack-dig    3-jack with SPDIF I/O
           6stack-dig    6-jack digital with SPDIF I/O
-          6stack-dig-demo  6-stack digital for Intel demo board
+          3stack-6ch    3-jack 6-channel
+          3stack-6ch-dig 3-jack 6-channel with SPDIF I/O
+          6stack-dig-demo  6-jack digital for Intel demo board
+          acer          Acer laptops (Travelmate 3012WTMi, Aspire 5600, etc)
           auto          auto-config reading BIOS (default)
 
         ALC861/660
           3stack        3-jack
           3stack-dig    3-jack with SPDIF I/O
           6stack-dig    6-jack with SPDIF I/O
+          3stack-660    3-jack (for ALC660)
+          uniwill-m31   Uniwill M31 laptop
           auto          auto-config reading BIOS (default)
 
         CMI9880
@@ -843,10 +858,21 @@ Prior to version 0.9.0rc4 options had a 'snd_' prefix. This was removed.
           3stack-dig    ditto with SPDIF
           laptop        3-jack with hp-jack automute
           laptop-dig    ditto with SPDIF
-          auto          auto-confgi reading BIOS (default)
+          auto          auto-config reading BIOS (default)
+
+        STAC9200/9205/9220/9221/9254
+          ref           Reference board
+          3stack        D945 3stack
+          5stack        D945 5stack + SPDIF
 
-        STAC7661(?)
+        STAC9227/9228/9229/927x
+          ref           Reference board
+          3stack        D965 3stack
+          5stack        D965 5stack + SPDIF
+
+        STAC9872
           vaio          Setup for VAIO FE550G/SZ110
+          vaio-ar Setup for VAIO AR
 
     If the default configuration doesn't work and one of the above
     matches with your device, report it together with the PCI
@@ -1213,6 +1239,14 @@ Prior to version 0.9.0rc4 options had a 'snd_' prefix. This was removed.
     
     Module supports only 1 card.  This module has no enable option.
 
+  Module snd-mts64
+  ----------------
+
+    Module for Ego Systems (ESI) Miditerminal 4140
+
+    This module supports multiple devices.
+    Requires parport (CONFIG_PARPORT).
+
   Module snd-nm256
   ----------------
 
diff --git a/Documentation/sound/alsa/DocBook/writing-an-alsa-driver.tmpl b/Documentation/sound/alsa/DocBook/writing-an-alsa-driver.tmpl
index b8dc51ca776c..4807ef79a94d 100644
--- a/Documentation/sound/alsa/DocBook/writing-an-alsa-driver.tmpl
+++ b/Documentation/sound/alsa/DocBook/writing-an-alsa-driver.tmpl
@@ -1054,9 +1054,8 @@
 
       <para>
       For a device which allows hotplugging, you can use
-      <function>snd_card_free_in_thread</function>.  This one will
-      postpone the destruction and wait in a kernel-thread until all
-      devices are closed.
+      <function>snd_card_free_when_closed</function>.  This one will
+      postpone the destruction until all devices are closed.
       </para>
 
     </section>