16 files changed, 609 insertions, 202 deletions
diff --git a/arch/um/kernel/skas/Makefile b/arch/um/kernel/skas/Makefile
index d37d1bfcd6f7..d296d55ade4b 100644
--- a/arch/um/kernel/skas/Makefile
+++ b/arch/um/kernel/skas/Makefile
@@ -3,11 +3,14 @@
 # Licensed under the GPL
 #
-obj-y := exec_kern.o mem.o mem_user.o mmu.o process.o process_kern.o \
+obj-y := clone.o exec_kern.o mem.o mem_user.o mmu.o process.o process_kern.o \
-        syscall_kern.o syscall_user.o time.o tlb.o trap_user.o uaccess.o \
+        syscall_kern.o syscall_user.o tlb.o trap_user.o uaccess.o \
 subdir- := util
-USER_OBJS := process.o time.o
+USER_OBJS := process.o clone.o
 include arch/um/scripts/Makefile.rules
+# clone.o is in the stub, so it can't be built with profiling
+$(obj)/clone.o : c_flags = -Wp,-MD,$(depfile) $(call unprofile,$(USER_CFLAGS))
diff --git a/arch/um/kernel/skas/clone.c b/arch/um/kernel/skas/clone.c
new file mode 100644
index 000000000000..4dc55f10cd18
--- /dev/null
+++ b/arch/um/kernel/skas/clone.c
@@ -0,0 +1,44 @@
+#include <sched.h>
+#include <signal.h>
+#include <sys/mman.h>
+#include <sys/time.h>
+#include <asm/unistd.h>
+#include <asm/page.h>
+#include "ptrace_user.h"
+#include "skas.h"
+#include "stub-data.h"
+#include "uml-config.h"
+#include "sysdep/stub.h"
+/* This is in a separate file because it needs to be compiled with any
+ * extraneous gcc flags (-pg, -fprofile-arcs, -ftest-coverage) disabled
+ */
+void __attribute__ ((__section__ (".__syscall_stub")))
+stub_clone_handler(void)
+{
+        long err;
+        struct stub_data *from = (struct stub_data *) UML_CONFIG_STUB_DATA;
+        err = stub_syscall2(__NR_clone, CLONE_PARENT | CLONE_FILES | SIGCHLD,
+                            UML_CONFIG_STUB_DATA + PAGE_SIZE / 2 -
+                            sizeof(void *));
+        if(err != 0)
+                goto out;
+        err = stub_syscall4(__NR_ptrace, PTRACE_TRACEME, 0, 0, 0);
+        if(err)
+                goto out;
+        err = stub_syscall3(__NR_setitimer, ITIMER_VIRTUAL,
+                            (long) &from->timer, 0);
+        if(err)
+                goto out;
+        err = stub_syscall6(STUB_MMAP_NR, UML_CONFIG_STUB_DATA, PAGE_SIZE,
+                            PROT_READ | PROT_WRITE, MAP_FIXED | MAP_SHARED,
+                            from->fd, from->offset);
+ out:
+        /* save current result. Parent: pid; child: retcode of mmap */
+        from->err = err;
+        trap_myself();
+}
diff --git a/arch/um/kernel/skas/exec_kern.c b/arch/um/kernel/skas/exec_kern.c
index c6b4d5dba789..77ed7bbab219 100644
--- a/arch/um/kernel/skas/exec_kern.c
+++ b/arch/um/kernel/skas/exec_kern.c
@@ -18,7 +18,7 @@
 void flush_thread_skas(void)
 {
        force_flush_all();
-        switch_mm_skas(current->mm->context.skas.mm_fd);
+        switch_mm_skas(&current->mm->context.skas.id);
 }
 void start_thread_skas(struct pt_regs *regs, unsigned long eip, 
diff --git a/arch/um/kernel/skas/include/mm_id.h b/arch/um/kernel/skas/include/mm_id.h
new file mode 100644
index 000000000000..48dd0989ddaa
--- /dev/null
+++ b/arch/um/kernel/skas/include/mm_id.h
@@ -0,0 +1,17 @@
+/*
+ * Copyright (C) 2005 Jeff Dike (jdike@karaya.com)
+ * Licensed under the GPL
+ */
+#ifndef __MM_ID_H
+#define __MM_ID_H
+struct mm_id {
+        union {
+                int mm_fd;
+                int pid;
+        } u;
+        unsigned long stack;
+};
+#endif
diff --git a/arch/um/kernel/skas/include/mmu-skas.h b/arch/um/kernel/skas/include/mmu-skas.h
index 4cd60d7213f3..278b72f1d9ad 100644
--- a/arch/um/kernel/skas/include/mmu-skas.h
+++ b/arch/um/kernel/skas/include/mmu-skas.h
@@ -6,10 +6,15 @@
 #ifndef __SKAS_MMU_H
 #define __SKAS_MMU_H
+#include "mm_id.h"
 struct mmu_context_skas {
-        int mm_fd;
+        struct mm_id id;
+        unsigned long last_page_table;
 };
+extern void switch_mm_skas(struct mm_id * mm_idp);
 #endif
 /*
diff --git a/arch/um/kernel/skas/include/mode-skas.h b/arch/um/kernel/skas/include/mode-skas.h
index c1e33bd788db..bcd26a6a3888 100644
--- a/arch/um/kernel/skas/include/mode-skas.h
+++ b/arch/um/kernel/skas/include/mode-skas.h
@@ -13,7 +13,6 @@ extern unsigned long exec_fp_regs[];
 extern unsigned long exec_fpx_regs[];
 extern int have_fpx_regs;
-extern void user_time_init_skas(void);
 extern void sig_handler_common_skas(int sig, void *sc_ptr);
 extern void halt_skas(void);
 extern void reboot_skas(void);
diff --git a/arch/um/kernel/skas/include/skas.h b/arch/um/kernel/skas/include/skas.h
index 96b51dba3471..d983ea842547 100644
--- a/arch/um/kernel/skas/include/skas.h
+++ b/arch/um/kernel/skas/include/skas.h
@@ -6,9 +6,11 @@
 #ifndef __SKAS_H
 #define __SKAS_H
+#include "mm_id.h"
 #include "sysdep/ptrace.h"
 extern int userspace_pid[];
+extern int proc_mm, ptrace_faultinfo;
 extern void switch_threads(void *me, void *next);
 extern void thread_wait(void *sw, void *fb);
@@ -22,16 +24,18 @@ extern void new_thread_proc(void *stack, void (*handler)(int sig));
 extern void remove_sigstack(void);
 extern void new_thread_handler(int sig);
 extern void handle_syscall(union uml_pt_regs *regs);
-extern void map(int fd, unsigned long virt, unsigned long len, int r, int w,
+extern int map(struct mm_id * mm_idp, unsigned long virt, unsigned long len,
-                int x, int phys_fd, unsigned long long offset);
+               int r, int w, int x, int phys_fd, unsigned long long offset);
-extern int unmap(int fd, void *addr, unsigned long len);
+extern int unmap(struct mm_id * mm_idp, void *addr, unsigned long len);
-extern int protect(int fd, unsigned long addr, unsigned long len, 
+extern int protect(struct mm_id * mm_idp, unsigned long addr,
-                   int r, int w, int x);
+                   unsigned long len, int r, int w, int x);
 extern void user_signal(int sig, union uml_pt_regs *regs, int pid);
 extern int new_mm(int from);
-extern void start_userspace(int cpu);
+extern int start_userspace(unsigned long stub_stack);
+extern int copy_context_skas0(unsigned long stack, int pid);
 extern void get_skas_faultinfo(int pid, struct faultinfo * fi);
 extern long execute_syscall_skas(void *r);
+extern unsigned long current_stub_stack(void);
 #endif
diff --git a/arch/um/kernel/skas/include/stub-data.h b/arch/um/kernel/skas/include/stub-data.h
new file mode 100644
index 000000000000..f6ed92c3727d
--- /dev/null
+++ b/arch/um/kernel/skas/include/stub-data.h
@@ -0,0 +1,18 @@
+/*
+ * Copyright (C) 2005 Jeff Dike (jdike@karaya.com)
+ * Licensed under the GPL
+ */
+#ifndef __STUB_DATA_H
+#define __STUB_DATA_H
+#include <sys/time.h>
+struct stub_data {
+        long offset;
+        int fd;
+        struct itimerval timer;
+        long err;
+};
+#endif
diff --git a/arch/um/kernel/skas/mem.c b/arch/um/kernel/skas/mem.c
index 438db2f43456..147466d7ff4f 100644
--- a/arch/um/kernel/skas/mem.c
+++ b/arch/um/kernel/skas/mem.c
@@ -5,7 +5,9 @@
 #include "linux/config.h"
 #include "linux/mm.h"
+#include "asm/pgtable.h"
 #include "mem_user.h"
+#include "skas.h"
 unsigned long set_task_sizes_skas(int arg, unsigned long *host_size_out, 
                                  unsigned long *task_size_out)
@@ -18,7 +20,9 @@ unsigned long set_task_sizes_skas(int arg, unsigned long *host_size_out,
        *task_size_out = CONFIG_HOST_TASK_SIZE;
 #else
        *host_size_out = top;
-        *task_size_out = top;
+        if (proc_mm && ptrace_faultinfo)
+                *task_size_out = top;
+        else *task_size_out = CONFIG_STUB_START & PGDIR_MASK;
 #endif
        return(((unsigned long) set_task_sizes_skas) & ~0xffffff);
 }
diff --git a/arch/um/kernel/skas/mem_user.c b/arch/um/kernel/skas/mem_user.c
index 1310bf1e88d1..b0980ff3bd95 100644
--- a/arch/um/kernel/skas/mem_user.c
+++ b/arch/um/kernel/skas/mem_user.c
@@ -3,100 +3,171 @@
 * Licensed under the GPL
 */
+#include <signal.h>
 #include <errno.h>
 #include <sys/mman.h>
+#include <sys/wait.h>
+#include <asm/page.h>
+#include <asm/unistd.h>
 #include "mem_user.h"
 #include "mem.h"
+#include "mm_id.h"
 #include "user.h"
 #include "os.h"
 #include "proc_mm.h"
+#include "ptrace_user.h"
-void map(int fd, unsigned long virt, unsigned long len, int r, int w,
+#include "user_util.h"
-         int x, int phys_fd, unsigned long long offset)
+#include "kern_util.h"
+#include "task.h"
+#include "registers.h"
+#include "uml-config.h"
+#include "sysdep/ptrace.h"
+#include "sysdep/stub.h"
+#include "skas.h"
+extern unsigned long syscall_stub, __syscall_stub_start;
+extern void wait_stub_done(int pid, int sig, char * fname);
+static long run_syscall_stub(struct mm_id * mm_idp, int syscall,
+                             unsigned long *args)
 {
-        struct proc_mm_op map;
+        int n, pid = mm_idp->u.pid;
-        int prot, n;
+        unsigned long regs[MAX_REG_NR];
-        prot = (r ? PROT_READ : 0) | (w ? PROT_WRITE : 0) | 
+        get_safe_registers(regs);
-                (x ? PROT_EXEC : 0);
+        regs[REGS_IP_INDEX] = UML_CONFIG_STUB_CODE +
+                ((unsigned long) &syscall_stub -
-        map = ((struct proc_mm_op) { .op        = MM_MMAP,
+                 (unsigned long) &__syscall_stub_start);
-                                     .u         = 
+        /* XXX Don't have a define for starting a syscall */
-                                     { .mmap    = 
+        regs[REGS_SYSCALL_NR] = syscall;
-                                       { .addr          = virt,
+        regs[REGS_SYSCALL_ARG1] = args[0];
-                                         .len           = len,
+        regs[REGS_SYSCALL_ARG2] = args[1];
-                                         .prot          = prot,
+        regs[REGS_SYSCALL_ARG3] = args[2];
-                                         .flags         = MAP_SHARED | 
+        regs[REGS_SYSCALL_ARG4] = args[3];
-                                                          MAP_FIXED,
+        regs[REGS_SYSCALL_ARG5] = args[4];
-                                         .fd            = phys_fd,
+        regs[REGS_SYSCALL_ARG6] = args[5];
-                                         .offset        = offset
+        n = ptrace_setregs(pid, regs);
-                                       } } } );
+        if(n < 0){
-        n = os_write_file(fd, &map, sizeof(map));
+                printk("run_syscall_stub : PTRACE_SETREGS failed, "
-        if(n != sizeof(map)) 
+                       "errno = %d\n", n);
-                printk("map : /proc/mm map failed, err = %d\n", -n);
+                return(n);
+        }
+        wait_stub_done(pid, 0, "run_syscall_stub");
+        return(*((unsigned long *) mm_idp->stack));
 }
-int unmap(int fd, void *addr, unsigned long len)
+int map(struct mm_id *mm_idp, unsigned long virt, unsigned long len,
+        int r, int w, int x, int phys_fd, unsigned long long offset)
 {
-        struct proc_mm_op unmap;
+        int prot, n;
-        int n;
+        prot = (r ? PROT_READ : 0) | (w ? PROT_WRITE : 0) |
-        unmap = ((struct proc_mm_op) { .op      = MM_MUNMAP,
+                (x ? PROT_EXEC : 0);
-                                       .u       = 
-                                       { .munmap        = 
+        if(proc_mm){
-                                         { .addr        = (unsigned long) addr,
+                struct proc_mm_op map;
-                                           .len         = len } } } );
+                int fd = mm_idp->u.mm_fd;
-        n = os_write_file(fd, &unmap, sizeof(unmap));
+                map = ((struct proc_mm_op) { .op        = MM_MMAP,
-        if(n != sizeof(unmap)) {
+                                             .u         =
-                if(n < 0)
+                                             { .mmap    =
-                        return(n);
+                                               { .addr  = virt,
-                else if(n > 0)
+                                                 .len   = len,
-                        return(-EIO);
+                                                 .prot  = prot,
-        }
+                                                 .flags = MAP_SHARED |
+                                                 MAP_FIXED,
-        return(0);
+                                                 .fd    = phys_fd,
+                                                 .offset= offset
+                                               } } } );
+                n = os_write_file(fd, &map, sizeof(map));
+                if(n != sizeof(map))
+                        printk("map : /proc/mm map failed, err = %d\n", -n);
+        }
+        else {
+                long res;
+                unsigned long args[] = { virt, len, prot,
+                                         MAP_SHARED | MAP_FIXED, phys_fd,
+                                         MMAP_OFFSET(offset) };
+                res = run_syscall_stub(mm_idp, STUB_MMAP_NR, args);
+                if((void *) res == MAP_FAILED)
+                        printk("mmap stub failed, errno = %d\n", res);
+        }
+        return 0;
 }
-int protect(int fd, unsigned long addr, unsigned long len, int r, int w, 
+int unmap(struct mm_id *mm_idp, void *addr, unsigned long len)
-            int x, int must_succeed)
 {
-        struct proc_mm_op protect;
+        int n;
-        int prot, n;
+        if(proc_mm){
-        prot = (r ? PROT_READ : 0) | (w ? PROT_WRITE : 0) | 
+                struct proc_mm_op unmap;
-                (x ? PROT_EXEC : 0);
+                int fd = mm_idp->u.mm_fd;
+                unmap = ((struct proc_mm_op) { .op      = MM_MUNMAP,
-        protect = ((struct proc_mm_op) { .op    = MM_MPROTECT,
+                                               .u       =
-                                       .u       = 
+                                               { .munmap        =
-                                       { .mprotect      = 
+                                                 { .addr        =
-                                         { .addr        = (unsigned long) addr,
+                                                   (unsigned long) addr,
-                                           .len         = len,
+                                                   .len         = len } } } );
-                                           .prot        = prot } } } );
+                n = os_write_file(fd, &unmap, sizeof(unmap));
+                if(n != sizeof(unmap)) {
-        n = os_write_file(fd, &protect, sizeof(protect));
+                        if(n < 0)
-        if(n != sizeof(protect)) {
+                                return(n);
-                if(n == 0) return(0);
+                        else if(n > 0)
+                                return(-EIO);
-                if(must_succeed)
+                }
-                        panic("protect failed, err = %d", -n);
+        }
+        else {
-                return(-EIO);
+                int res;
-        }
+                unsigned long args[] = { (unsigned long) addr, len, 0, 0, 0,
+                                         0 };
+                res = run_syscall_stub(mm_idp, __NR_munmap, args);
+                if(res < 0)
+                        printk("munmap stub failed, errno = %d\n", res);
+        }
+        return(0);
+}
-        return(0);
+int protect(struct mm_id *mm_idp, unsigned long addr, unsigned long len,
+            int r, int w, int x)
+{
+        struct proc_mm_op protect;
+        int prot, n;
+        prot = (r ? PROT_READ : 0) | (w ? PROT_WRITE : 0) |
+                (x ? PROT_EXEC : 0);
+        if(proc_mm){
+                int fd = mm_idp->u.mm_fd;
+                protect = ((struct proc_mm_op) { .op    = MM_MPROTECT,
+                                                 .u     =
+                                                 { .mprotect    =
+                                                   { .addr      =
+                                                     (unsigned long) addr,
+                                                     .len       = len,
+                                                     .prot      = prot } } } );
+                n = os_write_file(fd, &protect, sizeof(protect));
+                if(n != sizeof(protect))
+                        panic("protect failed, err = %d", -n);
+        }
+        else {
+                int res;
+                unsigned long args[] = { addr, len, prot, 0, 0, 0 };
+                res = run_syscall_stub(mm_idp, __NR_mprotect, args);
+                if(res < 0)
+                        panic("mprotect stub failed, errno = %d\n", res);
+        }
+        return(0);
 }
 void before_mem_skas(unsigned long unused)
 {
 }
-/*
- * Overrides for Emacs so that we follow Linus's tabbing style.
- * Emacs will notice this stuff at the end of the file and automatically
- * adjust the settings for this buffer only.  This must remain at the end
- * of the file.
- * ---------------------------------------------------------------------------
- * Local variables:
- * c-file-style: "linux"
- * End:
- */
diff --git a/arch/um/kernel/skas/mmu.c b/arch/um/kernel/skas/mmu.c
index 6cb9a6d028a9..d232daa42c31 100644
--- a/arch/um/kernel/skas/mmu.c
+++ b/arch/um/kernel/skas/mmu.c
@@ -3,46 +3,143 @@
 * Licensed under the GPL
 */
+#include "linux/config.h"
 #include "linux/sched.h"
 #include "linux/list.h"
 #include "linux/spinlock.h"
 #include "linux/slab.h"
+#include "linux/errno.h"
+#include "linux/mm.h"
 #include "asm/current.h"
 #include "asm/segment.h"
 #include "asm/mmu.h"
+#include "asm/pgalloc.h"
+#include "asm/pgtable.h"
 #include "os.h"
 #include "skas.h"
+extern int __syscall_stub_start;
+static int init_stub_pte(struct mm_struct *mm, unsigned long proc,
+                         unsigned long kernel)
+{
+        pgd_t *pgd;
+        pud_t *pud;
+        pmd_t *pmd;
+        pte_t *pte;
+        spin_lock(&mm->page_table_lock);
+        pgd = pgd_offset(mm, proc);
+        pud = pud_alloc(mm, pgd, proc);
+        if (!pud)
+                goto out;
+        pmd = pmd_alloc(mm, pud, proc);
+        if (!pmd)
+                goto out_pmd;
+        pte = pte_alloc_map(mm, pmd, proc);
+        if (!pte)
+                goto out_pte;
+        /* There's an interaction between the skas0 stub pages, stack
+         * randomization, and the BUG at the end of exit_mmap.  exit_mmap
+         * checks that the number of page tables freed is the same as had
+         * been allocated.  If the stack is on the last page table page,
+         * then the stack pte page will be freed, and if not, it won't.  To
+         * avoid having to know where the stack is, or if the process mapped
+         * something at the top of its address space for some other reason,
+         * we set TASK_SIZE to end at the start of the last page table.
+         * This keeps exit_mmap off the last page, but introduces a leak
+         * of that page.  So, we hang onto it here and free it in
+         * destroy_context_skas.
+         */
+        mm->context.skas.last_page_table = pmd_page_kernel(*pmd);
+        *pte = mk_pte(virt_to_page(kernel), __pgprot(_PAGE_PRESENT));
+        *pte = pte_mkexec(*pte);
+        *pte = pte_wrprotect(*pte);
+        spin_unlock(&mm->page_table_lock);
+        return(0);
+ out_pmd:
+        pud_free(pud);
+ out_pte:
+        pmd_free(pmd);
+ out:
+        spin_unlock(&mm->page_table_lock);
+        return(-ENOMEM);
+}
 int init_new_context_skas(struct task_struct *task, struct mm_struct *mm)
 {
-        int from;
+        struct mm_struct *cur_mm = current->mm;
+        struct mm_id *cur_mm_id = &cur_mm->context.skas.id;
+        struct mm_id *mm_id = &mm->context.skas.id;
+        unsigned long stack;
+        int from, ret;
-        if((current->mm != NULL) && (current->mm != &init_mm))
+        if(proc_mm){
-                from = current->mm->context.skas.mm_fd;
+                if((cur_mm != NULL) && (cur_mm != &init_mm))
-        else from = -1;
+                        from = cur_mm->context.skas.id.u.mm_fd;
+                else from = -1;
-        mm->context.skas.mm_fd = new_mm(from);
+                ret = new_mm(from);
-        if(mm->context.skas.mm_fd < 0){
+                if(ret < 0){
-                printk("init_new_context_skas - new_mm failed, errno = %d\n",
+                        printk("init_new_context_skas - new_mm failed, "
-                       mm->context.skas.mm_fd);
+                               "errno = %d\n", ret);
-                return(mm->context.skas.mm_fd);
+                        return ret;
+                }
+                mm_id->u.mm_fd = ret;
        }
+        else {
+                /* This zeros the entry that pgd_alloc didn't, needed since
+                 * we are about to reinitialize it, and want mm.nr_ptes to
+                 * be accurate.
+                 */
+                mm->pgd[USER_PTRS_PER_PGD] = __pgd(0);
-        return(0);
+                ret = init_stub_pte(mm, CONFIG_STUB_CODE,
+                                    (unsigned long) &__syscall_stub_start);
+                if(ret)
+                        goto out;
+                ret = -ENOMEM;
+                stack = get_zeroed_page(GFP_KERNEL);
+                if(stack == 0)
+                        goto out;
+                mm_id->stack = stack;
+                ret = init_stub_pte(mm, CONFIG_STUB_DATA, stack);
+                if(ret)
+                        goto out_free;
+                mm->nr_ptes--;
+                if((cur_mm != NULL) && (cur_mm != &init_mm))
+                        mm_id->u.pid = copy_context_skas0(stack,
+                                                          cur_mm_id->u.pid);
+                else mm_id->u.pid = start_userspace(stack);
+        }
+        return 0;
+ out_free:
+        free_page(mm_id->stack);
+ out:
+        return ret;
 }
 void destroy_context_skas(struct mm_struct *mm)
 {
-        os_close_file(mm->context.skas.mm_fd);
+        struct mmu_context_skas *mmu = &mm->context.skas;
-}
-/*
+        if(proc_mm)
- * Overrides for Emacs so that we follow Linus's tabbing style.
+                os_close_file(mmu->id.u.mm_fd);
- * Emacs will notice this stuff at the end of the file and automatically
+        else {
- * adjust the settings for this buffer only.  This must remain at the end
+                os_kill_ptraced_process(mmu->id.u.pid, 1);
- * of the file.
+                free_page(mmu->id.stack);
- * ---------------------------------------------------------------------------
+                free_page(mmu->last_page_table);
- * Local variables:
+        }
- * c-file-style: "linux"
+}
- * End:
- */
diff --git a/arch/um/kernel/skas/process.c b/arch/um/kernel/skas/process.c
index 773cd2b525fc..ba671dab8878 100644
--- a/arch/um/kernel/skas/process.c
+++ b/arch/um/kernel/skas/process.c
@@ -1,5 +1,5 @@
 /* 
- * Copyright (C) 2002 Jeff Dike (jdike@karaya.com)
+ * Copyright (C) 2002- 2004 Jeff Dike (jdike@addtoit.com)
 * Licensed under the GPL
 */
@@ -13,7 +13,9 @@
 #include <sys/wait.h>
 #include <sys/mman.h>
 #include <sys/user.h>
+#include <sys/time.h>
 #include <asm/unistd.h>
+#include <asm/types.h>
 #include "user.h"
 #include "ptrace_user.h"
 #include "time_user.h"
@@ -21,13 +23,18 @@
 #include "user_util.h"
 #include "kern_util.h"
 #include "skas.h"
+#include "stub-data.h"
+#include "mm_id.h"
 #include "sysdep/sigcontext.h"
+#include "sysdep/stub.h"
 #include "os.h"
 #include "proc_mm.h"
 #include "skas_ptrace.h"
 #include "chan_user.h"
 #include "signal_user.h"
 #include "registers.h"
+#include "mem.h"
+#include "uml-config.h"
 #include "process.h"
 int is_skas_winch(int pid, int fd, void *data)
@@ -39,20 +46,55 @@ int is_skas_winch(int pid, int fd, void *data)
        return(1);
 }
-void get_skas_faultinfo(int pid, struct faultinfo * fi)
+void wait_stub_done(int pid, int sig, char * fname)
 {
-        int err;
+        int n, status, err;
-        err = ptrace(PTRACE_FAULTINFO, pid, 0, fi);
+        do {
-        if(err)
+                if ( sig != -1 ) {
-                panic("get_skas_faultinfo - PTRACE_FAULTINFO failed, "
+                        err = ptrace(PTRACE_CONT, pid, 0, sig);
-                      "errno = %d\n", errno);
+                        if(err)
+                                panic("%s : continue failed, errno = %d\n",
+                                      fname, errno);
+                }
+                sig = 0;
+                CATCH_EINTR(n = waitpid(pid, &status, WUNTRACED));
+        } while((n >= 0) && WIFSTOPPED(status) &&
+                (WSTOPSIG(status) == SIGVTALRM));
+        if((n < 0) || !WIFSTOPPED(status) ||
+           (WSTOPSIG(status) != SIGUSR1 && WSTOPSIG(status != SIGTRAP))){
+                panic("%s : failed to wait for SIGUSR1/SIGTRAP, "
+                      "pid = %d, n = %d, errno = %d, status = 0x%x\n",
+                      fname, pid, n, errno, status);
+        }
+}
-        /* Special handling for i386, which has different structs */
+void get_skas_faultinfo(int pid, struct faultinfo * fi)
-        if (sizeof(struct ptrace_faultinfo) < sizeof(struct faultinfo))
+{
-                memset((char *)fi + sizeof(struct ptrace_faultinfo), 0,
+        int err;
-                       sizeof(struct faultinfo) -
-                       sizeof(struct ptrace_faultinfo));
+        if(ptrace_faultinfo){
+                err = ptrace(PTRACE_FAULTINFO, pid, 0, fi);
+                if(err)
+                        panic("get_skas_faultinfo - PTRACE_FAULTINFO failed, "
+                              "errno = %d\n", errno);
+                /* Special handling for i386, which has different structs */
+                if (sizeof(struct ptrace_faultinfo) < sizeof(struct faultinfo))
+                        memset((char *)fi + sizeof(struct ptrace_faultinfo), 0,
+                               sizeof(struct faultinfo) -
+                               sizeof(struct ptrace_faultinfo));
+        }
+        else {
+                wait_stub_done(pid, SIGSEGV, "get_skas_faultinfo");
+                /* faultinfo is prepared by the stub-segv-handler at start of
+                 * the stub stack page. We just have to copy it.
+                 */
+                memcpy(fi, (void *)current_stub_stack(), sizeof(*fi));
+        }
 }
 static void handle_segv(int pid, union uml_pt_regs * regs)
@@ -91,11 +133,56 @@ static void handle_trap(int pid, union uml_pt_regs *regs, int local_using_sysemu
        handle_syscall(regs);
 }
-static int userspace_tramp(void *arg)
+extern int __syscall_stub_start;
+static int userspace_tramp(void *stack)
 {
-        init_new_thread_signals(0);
+        void *addr;
-        enable_timer();
        ptrace(PTRACE_TRACEME, 0, 0, 0);
+        init_new_thread_signals(1);
+        enable_timer();
+        if(!proc_mm){
+                /* This has a pte, but it can't be mapped in with the usual
+                 * tlb_flush mechanism because this is part of that mechanism
+                 */
+                int fd;
+                __u64 offset;
+                fd = phys_mapping(to_phys(&__syscall_stub_start), &offset);
+                addr = mmap64((void *) UML_CONFIG_STUB_CODE, page_size(),
+                              PROT_EXEC, MAP_FIXED | MAP_PRIVATE, fd, offset);
+                if(addr == MAP_FAILED){
+                        printk("mapping mmap stub failed, errno = %d\n",
+                               errno);
+                        exit(1);
+                }
+                if(stack != NULL){
+                        fd = phys_mapping(to_phys(stack), &offset);
+                        addr = mmap((void *) UML_CONFIG_STUB_DATA, page_size(),
+                                    PROT_READ | PROT_WRITE,
+                                    MAP_FIXED | MAP_SHARED, fd, offset);
+                        if(addr == MAP_FAILED){
+                                printk("mapping segfault stack failed, "
+                                       "errno = %d\n", errno);
+                                exit(1);
+                        }
+                }
+        }
+        if(!ptrace_faultinfo && (stack != NULL)){
+                unsigned long v = UML_CONFIG_STUB_CODE +
+                                  (unsigned long) stub_segv_handler -
+                                  (unsigned long) &__syscall_stub_start;
+                set_sigstack((void *) UML_CONFIG_STUB_DATA, page_size());
+                set_handler(SIGSEGV, (void *) v, SA_ONSTACK,
+                            SIGIO, SIGWINCH, SIGALRM, SIGVTALRM,
+                            SIGUSR1, -1);
+        }
        os_stop_process(os_getpid());
        return(0);
 }
@@ -105,11 +192,11 @@ static int userspace_tramp(void *arg)
 #define NR_CPUS 1
 int userspace_pid[NR_CPUS];
-void start_userspace(int cpu)
+int start_userspace(unsigned long stub_stack)
 {
        void *stack;
        unsigned long sp;
-        int pid, status, n;
+        int pid, status, n, flags;
        stack = mmap(NULL, PAGE_SIZE, PROT_READ | PROT_WRITE | PROT_EXEC,
                     MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
@@ -117,8 +204,9 @@ void start_userspace(int cpu)
                panic("start_userspace : mmap failed, errno = %d", errno);
        sp = (unsigned long) stack + PAGE_SIZE - sizeof(void *);
-        pid = clone(userspace_tramp, (void *) sp, 
+        flags = CLONE_FILES | SIGCHLD;
-                    CLONE_FILES | CLONE_VM | SIGCHLD, NULL);
+        if(proc_mm) flags |= CLONE_VM;
+        pid = clone(userspace_tramp, (void *) sp, flags, (void *) stub_stack);
        if(pid < 0)
                panic("start_userspace : clone failed, errno = %d", errno);
@@ -140,7 +228,7 @@ void start_userspace(int cpu)
        if(munmap(stack, PAGE_SIZE) < 0)
                panic("start_userspace : munmap failed, errno = %d\n", errno);
-        userspace_pid[cpu] = pid;
+        return(pid);
 }
 void userspace(union uml_pt_regs *regs)
@@ -174,7 +262,9 @@ void userspace(union uml_pt_regs *regs)
                if(WIFSTOPPED(status)){
                        switch(WSTOPSIG(status)){
                        case SIGSEGV:
-                                handle_segv(pid, regs);
+                                if(PTRACE_FULL_FAULTINFO || !ptrace_faultinfo)
+                                        user_signal(SIGSEGV, regs, pid);
+                                else handle_segv(pid, regs);
                                break;
                        case SIGTRAP + 0x80:
                                handle_trap(pid, regs, local_using_sysemu);
@@ -194,6 +284,7 @@ void userspace(union uml_pt_regs *regs)
                                printk("userspace - child stopped with signal "
                                       "%d\n", WSTOPSIG(status));
                        }
+                        pid = userspace_pid[0];
                        interrupt_end();
                        /* Avoid -ERESTARTSYS handling in host */
@@ -207,6 +298,67 @@ void userspace(union uml_pt_regs *regs)
 #define INIT_JMP_HALT 3
 #define INIT_JMP_REBOOT 4
+int copy_context_skas0(unsigned long new_stack, int pid)
+{
+        int err;
+        unsigned long regs[MAX_REG_NR];
+        unsigned long current_stack = current_stub_stack();
+        struct stub_data *data = (struct stub_data *) current_stack;
+        struct stub_data *child_data = (struct stub_data *) new_stack;
+        __u64 new_offset;
+        int new_fd = phys_mapping(to_phys((void *)new_stack), &new_offset);
+        /* prepare offset and fd of child's stack as argument for parent's
+         * and child's mmap2 calls
+         */
+        *data = ((struct stub_data) { .offset   = MMAP_OFFSET(new_offset),
+                                      .fd       = new_fd,
+                                      .timer    = ((struct itimerval)
+                                                   { { 0, 1000000 / hz() },
+                                                     { 0, 1000000 / hz() }})});
+        get_safe_registers(regs);
+        /* Set parent's instruction pointer to start of clone-stub */
+        regs[REGS_IP_INDEX] = UML_CONFIG_STUB_CODE +
+                                (unsigned long) stub_clone_handler -
+                                (unsigned long) &__syscall_stub_start;
+        regs[REGS_SP_INDEX] = UML_CONFIG_STUB_DATA + PAGE_SIZE -
+                sizeof(void *);
+        err = ptrace_setregs(pid, regs);
+        if(err < 0)
+                panic("copy_context_skas0 : PTRACE_SETREGS failed, "
+                      "pid = %d, errno = %d\n", pid, errno);
+        /* set a well known return code for detection of child write failure */
+        child_data->err = 12345678;
+        /* Wait, until parent has finished its work: read child's pid from
+         * parent's stack, and check, if bad result.
+         */
+        wait_stub_done(pid, 0, "copy_context_skas0");
+        pid = data->err;
+        if(pid < 0)
+                panic("copy_context_skas0 - stub-parent reports error %d\n",
+                      pid);
+        /* Wait, until child has finished too: read child's result from
+         * child's stack and check it.
+         */
+        wait_stub_done(pid, -1, "copy_context_skas0");
+        if (child_data->err != UML_CONFIG_STUB_DATA)
+                panic("copy_context_skas0 - stub-child reports error %d\n",
+                      child_data->err);
+        if (ptrace(PTRACE_OLDSETOPTIONS, pid, NULL,
+                   (void *)PTRACE_O_TRACESYSGOOD) < 0)
+                panic("copy_context_skas0 : PTRACE_SETOPTIONS failed, "
+                      "errno = %d\n", errno);
+        return pid;
+}
 void new_thread(void *stack, void **switch_buf_ptr, void **fork_buf_ptr,
                void (*handler)(int))
 {
@@ -334,21 +486,19 @@ void reboot_skas(void)
        siglongjmp(initial_jmpbuf, INIT_JMP_REBOOT);
 }
-void switch_mm_skas(int mm_fd)
+void switch_mm_skas(struct mm_id *mm_idp)
 {
        int err;
 #warning need cpu pid in switch_mm_skas
-        err = ptrace(PTRACE_SWITCH_MM, userspace_pid[0], 0, mm_fd);
+        if(proc_mm){
-        if(err)
+                err = ptrace(PTRACE_SWITCH_MM, userspace_pid[0], 0,
-                panic("switch_mm_skas - PTRACE_SWITCH_MM failed, errno = %d\n",
+                             mm_idp->u.mm_fd);
-                      errno);
+                if(err)
-}
+                        panic("switch_mm_skas - PTRACE_SWITCH_MM failed, "
+                              "errno = %d\n", errno);
-void kill_off_processes_skas(void)
+        }
-{
+        else userspace_pid[0] = mm_idp->u.pid;
-#warning need to loop over userspace_pids in kill_off_processes_skas
-        os_kill_ptraced_process(userspace_pid[0], 1);
 }
 /*
diff --git a/arch/um/kernel/skas/process_kern.c b/arch/um/kernel/skas/process_kern.c
index fc71ef295782..cbabab104ac3 100644
--- a/arch/um/kernel/skas/process_kern.c
+++ b/arch/um/kernel/skas/process_kern.c
@@ -111,8 +111,7 @@ int copy_thread_skas(int nr, unsigned long clone_flags, unsigned long sp,
        void (*handler)(int);
        if(current->thread.forking){
-                memcpy(&p->thread.regs.regs.skas, 
+                memcpy(&p->thread.regs.regs.skas, &regs->regs.skas,
-                       &current->thread.regs.regs.skas, 
                       sizeof(p->thread.regs.regs.skas));
                REGS_SET_SYSCALL_RETURN(p->thread.regs.regs.skas.regs, 0);
                if(sp != 0) REGS_SP(p->thread.regs.regs.skas.regs) = sp;
@@ -176,12 +175,14 @@ static int start_kernel_proc(void *unused)
        return(0);
 }
+extern int userspace_pid[];
 int start_uml_skas(void)
 {
-        start_userspace(0);
+        if(proc_mm)
+                userspace_pid[0] = start_userspace(0);
        init_new_thread_signals(1);
-        uml_idle_timer();
        init_task.thread.request.u.thread.proc = start_kernel_proc;
        init_task.thread.request.u.thread.arg = NULL;
@@ -202,13 +203,30 @@ int thread_pid_skas(struct task_struct *task)
        return(userspace_pid[0]);
 }
-/*
+void kill_off_processes_skas(void)
- * Overrides for Emacs so that we follow Linus's tabbing style.
+{
- * Emacs will notice this stuff at the end of the file and automatically
+        if(proc_mm)
- * adjust the settings for this buffer only.  This must remain at the end
+#warning need to loop over userspace_pids in kill_off_processes_skas
- * of the file.
+                os_kill_ptraced_process(userspace_pid[0], 1);
- * ---------------------------------------------------------------------------
+        else {
- * Local variables:
+                struct task_struct *p;
- * c-file-style: "linux"
+                int pid, me;
- * End:
- */
+                me = os_getpid();
+                for_each_process(p){
+                        if(p->mm == NULL)
+                                continue;
+                        pid = p->mm->context.skas.id.u.pid;
+                        os_kill_ptraced_process(pid, 1);
+                }
+        }
+}
+unsigned long current_stub_stack(void)
+{
+        if(current->mm == NULL)
+                return(0);
+        return(current->mm->context.skas.id.stack);
+}
diff --git a/arch/um/kernel/skas/syscall_user.c b/arch/um/kernel/skas/syscall_user.c
index 2828e6e37721..6b0664970147 100644
--- a/arch/um/kernel/skas/syscall_user.c
+++ b/arch/um/kernel/skas/syscall_user.c
@@ -15,7 +15,7 @@
 void handle_syscall(union uml_pt_regs *regs)
 {
        long result;
-#if UML_CONFIG_SYSCALL_DEBUG
+#ifdef UML_CONFIG_SYSCALL_DEBUG
        int index;
        index = record_syscall_start(UPT_SYSCALL_NR(regs));
@@ -27,7 +27,7 @@ void handle_syscall(union uml_pt_regs *regs)
        REGS_SET_SYSCALL_RETURN(regs->skas.regs, result);
        syscall_trace(regs, 1);
-#if UML_CONFIG_SYSCALL_DEBUG
+#ifdef UML_CONFIG_SYSCALL_DEBUG
        record_syscall_end(index, result);
 #endif
 }
diff --git a/arch/um/kernel/skas/time.c b/arch/um/kernel/skas/time.c
deleted file mode 100644
index 98091494b897..000000000000
--- a/arch/um/kernel/skas/time.c
+++ /dev/null
@@ -1,30 +0,0 @@
-/* 
- * Copyright (C) 2002 Jeff Dike (jdike@karaya.com)
- * Licensed under the GPL
- */
-#include <sys/signal.h>
-#include <sys/time.h>
-#include "time_user.h"
-#include "process.h"
-#include "user.h"
-void user_time_init_skas(void)
-{
-        if(signal(SIGALRM, (__sighandler_t) alarm_handler) == SIG_ERR)
-                panic("Couldn't set SIGALRM handler");
-        if(signal(SIGVTALRM, (__sighandler_t) alarm_handler) == SIG_ERR)
-                panic("Couldn't set SIGVTALRM handler");
-        set_interval(ITIMER_VIRTUAL);
-}
-/*
- * Overrides for Emacs so that we follow Linus's tabbing style.
- * Emacs will notice this stuff at the end of the file and automatically
- * adjust the settings for this buffer only.  This must remain at the end
- * of the file.
- * ---------------------------------------------------------------------------
- * Local variables:
- * c-file-style: "linux"
- * End:
- */
diff --git a/arch/um/kernel/skas/tlb.c b/arch/um/kernel/skas/tlb.c
index b8c5e71763d1..6230999c672c 100644
--- a/arch/um/kernel/skas/tlb.c
+++ b/arch/um/kernel/skas/tlb.c
@@ -6,6 +6,7 @@
 #include "linux/stddef.h"
 #include "linux/sched.h"
+#include "linux/config.h"
 #include "linux/mm.h"
 #include "asm/page.h"
 #include "asm/pgtable.h"
@@ -17,7 +18,7 @@
 #include "os.h"
 #include "tlb.h"
-static void do_ops(int fd, struct host_vm_op *ops, int last)
+static void do_ops(union mm_context *mmu, struct host_vm_op *ops, int last)
 {
        struct host_vm_op *op;
        int i;
@@ -26,18 +27,18 @@ static void do_ops(int fd, struct host_vm_op *ops, int last)
                op = &ops[i];
                switch(op->type){
                case MMAP:
-                        map(fd, op->u.mmap.addr, op->u.mmap.len,
+                        map(&mmu->skas.id, op->u.mmap.addr, op->u.mmap.len,
                            op->u.mmap.r, op->u.mmap.w, op->u.mmap.x,
                            op->u.mmap.fd, op->u.mmap.offset);
                        break;
                case MUNMAP:
-                        unmap(fd, (void *) op->u.munmap.addr,
+                        unmap(&mmu->skas.id, (void *) op->u.munmap.addr,
                              op->u.munmap.len);
                        break;
                case MPROTECT:
-                        protect(fd, op->u.mprotect.addr, op->u.mprotect.len,
+                        protect(&mmu->skas.id, op->u.mprotect.addr,
-                                op->u.mprotect.r, op->u.mprotect.w,
+                                op->u.mprotect.len, op->u.mprotect.r,
-                                op->u.mprotect.x);
+                                op->u.mprotect.w, op->u.mprotect.x);
                        break;
                default:
                        printk("Unknown op type %d in do_ops\n", op->type);
@@ -46,12 +47,15 @@ static void do_ops(int fd, struct host_vm_op *ops, int last)
        }
 }
+extern int proc_mm;
 static void fix_range(struct mm_struct *mm, unsigned long start_addr,
                      unsigned long end_addr, int force)
 {
-        int fd = mm->context.skas.mm_fd;
+        if(!proc_mm && (end_addr > CONFIG_STUB_START))
+                end_addr = CONFIG_STUB_START;
-        fix_range_common(mm, start_addr, end_addr, force, fd, do_ops);
+        fix_range_common(mm, start_addr, end_addr, force, do_ops);
 }
 void __flush_tlb_one_skas(unsigned long addr)
@@ -69,17 +73,20 @@ void flush_tlb_range_skas(struct vm_area_struct *vma, unsigned long start,
 void flush_tlb_mm_skas(struct mm_struct *mm)
 {
+        unsigned long end;
        /* Don't bother flushing if this address space is about to be
         * destroyed.
         */
        if(atomic_read(&mm->mm_users) == 0)
                return;
-        fix_range(mm, 0, host_task_size, 0);
+        end = proc_mm ? task_size : CONFIG_STUB_START;
-        flush_tlb_kernel_range_common(start_vm, end_vm);
+        fix_range(mm, 0, end, 0);
 }
 void force_flush_all_skas(void)
 {
-        fix_range(current->mm, 0, host_task_size, 1);
+        unsigned long end = proc_mm ? task_size : CONFIG_STUB_START;
+        fix_range(current->mm, 0, end, 1);
 }