73 files changed, 1941 insertions, 1084 deletions
diff --git a/arch/um/Kconfig b/arch/um/Kconfig
index 5982fe2753e0..05fbb20636cb 100644
--- a/arch/um/Kconfig
+++ b/arch/um/Kconfig
@@ -22,6 +22,9 @@ config SBUS
 config PCI
        bool
+config PCMCIA
+        bool
 config GENERIC_CALIBRATE_DELAY
        bool
        default y
diff --git a/arch/um/Kconfig.i386 b/arch/um/Kconfig.i386
index ef79ed25aecd..85e6a55b3b59 100644
--- a/arch/um/Kconfig.i386
+++ b/arch/um/Kconfig.i386
@@ -52,3 +52,8 @@ config ARCH_HAS_SC_SIGNALS
 config ARCH_REUSE_HOST_VSYSCALL_AREA
        bool
        default y
+config GENERIC_HWEIGHT
+        bool
+        default y
diff --git a/arch/um/Kconfig.x86_64 b/arch/um/Kconfig.x86_64
index aae19bc4b06a..f60e9e506424 100644
--- a/arch/um/Kconfig.x86_64
+++ b/arch/um/Kconfig.x86_64
@@ -46,3 +46,8 @@ config ARCH_REUSE_HOST_VSYSCALL_AREA
 config SMP_BROKEN
        bool
        default y
+config GENERIC_HWEIGHT
+        bool
+        default y
diff --git a/arch/um/Makefile b/arch/um/Makefile
index c58b657f0097..24790bed2054 100644
--- a/arch/um/Makefile
+++ b/arch/um/Makefile
@@ -1,4 +1,7 @@
-# 
+#
+# This file is included by the global makefile so that you can add your own
+# architecture-specific flags and dependencies.
+#
 # Copyright (C) 2002 Jeff Dike (jdike@karaya.com)
 # Licensed under the GPL
 #
@@ -17,7 +20,7 @@ core-y			+= $(ARCH_DIR)/kernel/		\
 # Have to precede the include because the included Makefiles reference them.
 SYMLINK_HEADERS := archparam.h system.h sigcontext.h processor.h ptrace.h \
-        module.h vm-flags.h elf.h ldt.h
+        module.h vm-flags.h elf.h host_ldt.h
 SYMLINK_HEADERS := $(foreach header,$(SYMLINK_HEADERS),include/asm-um/$(header))
 # XXX: The "os" symlink is only used by arch/um/include/os.h, which includes
@@ -88,7 +91,7 @@ CONFIG_KERNEL_HALF_GIGS ?= 0
 SIZE = (($(CONFIG_NEST_LEVEL) + $(CONFIG_KERNEL_HALF_GIGS)) * 0x20000000)
-.PHONY: linux
+PHONY += linux
 all: linux
@@ -126,7 +129,7 @@ CPPFLAGS_vmlinux.lds = -U$(SUBARCH) \
        -DSTART=$(START) -DELF_ARCH=$(ELF_ARCH) \
        -DELF_FORMAT="$(ELF_FORMAT)" $(CPP_MODE-y) \
        -DKERNEL_STACK_SIZE=$(STACK_SIZE) \
-        -DUNMAP_PATH=arch/um/sys-$(SUBARCH)/unmap_fin.o
+        -DUNMAP_PATH=arch/um/sys-$(SUBARCH)/unmap.o
 #The wrappers will select whether using "malloc" or the kernel allocator.
 LINK_WRAPS = -Wl,--wrap,malloc -Wl,--wrap,free -Wl,--wrap,calloc
@@ -147,8 +150,7 @@ CLEAN_FILES += linux x.i gmon.out $(ARCH_DIR)/include/uml-config.h \
        $(ARCH_DIR)/include/user_constants.h \
        $(ARCH_DIR)/include/kern_constants.h $(ARCH_DIR)/Kconfig.arch
-MRPROPER_FILES += $(SYMLINK_HEADERS) $(ARCH_SYMLINKS) \
+MRPROPER_FILES += $(ARCH_SYMLINKS)
-        $(addprefix $(ARCH_DIR)/kernel/,$(KERN_SYMLINKS)) $(ARCH_DIR)/os
 archclean:
        @find . \( -name '*.bb' -o -name '*.bbg' -o -name '*.da' \
diff --git a/arch/um/Makefile-x86_64 b/arch/um/Makefile-x86_64
index 38df311e75dc..dfd88b652fbe 100644
--- a/arch/um/Makefile-x86_64
+++ b/arch/um/Makefile-x86_64
@@ -1,7 +1,7 @@
 # Copyright 2003 - 2004 Pathscale, Inc
 # Released under the GPL
-libs-y += arch/um/sys-x86_64/
+core-y += arch/um/sys-x86_64/
 START := 0x60000000
 #We #undef __x86_64__ for kernelspace, not for userspace where
diff --git a/arch/um/drivers/daemon_kern.c b/arch/um/drivers/daemon_kern.c
index a61b7b46bc02..53d09ed78b42 100644
--- a/arch/um/drivers/daemon_kern.c
+++ b/arch/um/drivers/daemon_kern.c
@@ -95,18 +95,7 @@ static struct transport daemon_transport = {
 static int register_daemon(void)
 {
        register_transport(&daemon_transport);
-        return(1);
+        return 0;
 }
 __initcall(register_daemon);
-/*
- * Overrides for Emacs so that we follow Linus's tabbing style.
- * Emacs will notice this stuff at the end of the file and automatically
- * adjust the settings for this buffer only.  This must remain at the end
- * of the file.
- * ---------------------------------------------------------------------------
- * Local variables:
- * c-file-style: "linux"
- * End:
- */
diff --git a/arch/um/drivers/harddog_kern.c b/arch/um/drivers/harddog_kern.c
index 49acb2badf32..d18a974735e6 100644
--- a/arch/um/drivers/harddog_kern.c
+++ b/arch/um/drivers/harddog_kern.c
@@ -104,7 +104,7 @@ static int harddog_release(struct inode *inode, struct file *file)
 extern int ping_watchdog(int fd);
-static ssize_t harddog_write(struct file *file, const char *data, size_t len,
+static ssize_t harddog_write(struct file *file, const char __user *data, size_t len,
                             loff_t *ppos)
 {
        /*
@@ -118,6 +118,7 @@ static ssize_t harddog_write(struct file *file, const char *data, size_t len,
 static int harddog_ioctl(struct inode *inode, struct file *file,
                         unsigned int cmd, unsigned long arg)
 {
+        void __user *argp= (void __user *)arg;
        static struct watchdog_info ident = {
                WDIOC_SETTIMEOUT,
                0,
@@ -127,13 +128,12 @@ static int harddog_ioctl(struct inode *inode, struct file *file,
                default:
                        return -ENOTTY;
                case WDIOC_GETSUPPORT:
-                        if(copy_to_user((struct harddog_info *)arg, &ident,
+                        if(copy_to_user(argp, &ident, sizeof(ident)))
-                                        sizeof(ident)))
                                return -EFAULT;
                        return 0;
                case WDIOC_GETSTATUS:
                case WDIOC_GETBOOTSTATUS:
-                        return put_user(0,(int *)arg);
+                        return put_user(0,(int __user *)argp);
                case WDIOC_KEEPALIVE:
                        return(ping_watchdog(harddog_out_fd));
        }
diff --git a/arch/um/drivers/hostaudio_kern.c b/arch/um/drivers/hostaudio_kern.c
index 59602b81b240..37232f908cd7 100644
--- a/arch/um/drivers/hostaudio_kern.c
+++ b/arch/um/drivers/hostaudio_kern.c
@@ -67,8 +67,8 @@ MODULE_PARM_DESC(mixer, MIXER_HELP);
 /* /dev/dsp file operations */
-static ssize_t hostaudio_read(struct file *file, char *buffer, size_t count, 
+static ssize_t hostaudio_read(struct file *file, char __user *buffer,
-                              loff_t *ppos)
+                              size_t count, loff_t *ppos)
 {
        struct hostaudio_state *state = file->private_data;
        void *kbuf;
@@ -94,7 +94,7 @@ static ssize_t hostaudio_read(struct file *file, char *buffer, size_t count,
        return(err);
 }
-static ssize_t hostaudio_write(struct file *file, const char *buffer, 
+static ssize_t hostaudio_write(struct file *file, const char __user *buffer,
                               size_t count, loff_t *ppos)
 {
        struct hostaudio_state *state = file->private_data;
@@ -152,7 +152,7 @@ static int hostaudio_ioctl(struct inode *inode, struct file *file,
        case SNDCTL_DSP_CHANNELS:
        case SNDCTL_DSP_SUBDIVIDE:
        case SNDCTL_DSP_SETFRAGMENT:
-                if(get_user(data, (int *) arg))
+                if(get_user(data, (int __user *) arg))
                        return(-EFAULT);
                break;
        default:
@@ -168,7 +168,7 @@ static int hostaudio_ioctl(struct inode *inode, struct file *file,
        case SNDCTL_DSP_CHANNELS:
        case SNDCTL_DSP_SUBDIVIDE:
        case SNDCTL_DSP_SETFRAGMENT:
-                if(put_user(data, (int *) arg))
+                if(put_user(data, (int __user *) arg))
                        return(-EFAULT);
                break;
        default:
diff --git a/arch/um/drivers/mcast_kern.c b/arch/um/drivers/mcast_kern.c
index c9b078fba03e..3a7af18cf944 100644
--- a/arch/um/drivers/mcast_kern.c
+++ b/arch/um/drivers/mcast_kern.c
@@ -124,18 +124,7 @@ static struct transport mcast_transport = {
 static int register_mcast(void)
 {
        register_transport(&mcast_transport);
-        return(1);
+        return 0;
 }
 __initcall(register_mcast);
-/*
- * Overrides for Emacs so that we follow Linus's tabbing style.
- * Emacs will notice this stuff at the end of the file and automatically
- * adjust the settings for this buffer only.  This must remain at the end
- * of the file.
- * ---------------------------------------------------------------------------
- * Local variables:
- * c-file-style: "linux"
- * End:
- */
diff --git a/arch/um/drivers/mconsole_kern.c b/arch/um/drivers/mconsole_kern.c
index 54388d10bcf9..28e3760e8b98 100644
--- a/arch/um/drivers/mconsole_kern.c
+++ b/arch/um/drivers/mconsole_kern.c
@@ -20,6 +20,8 @@
 #include "linux/namei.h"
 #include "linux/proc_fs.h"
 #include "linux/syscalls.h"
+#include "linux/list.h"
+#include "linux/mm.h"
 #include "linux/console.h"
 #include "asm/irq.h"
 #include "asm/uaccess.h"
@@ -347,6 +349,142 @@ static struct mc_device *mconsole_find_dev(char *name)
        return(NULL);
 }
+#define UNPLUGGED_PER_PAGE \
+        ((PAGE_SIZE - sizeof(struct list_head)) / sizeof(unsigned long))
+struct unplugged_pages {
+        struct list_head list;
+        void *pages[UNPLUGGED_PER_PAGE];
+};
+static unsigned long long unplugged_pages_count = 0;
+static struct list_head unplugged_pages = LIST_HEAD_INIT(unplugged_pages);
+static int unplug_index = UNPLUGGED_PER_PAGE;
+static int mem_config(char *str)
+{
+        unsigned long long diff;
+        int err = -EINVAL, i, add;
+        char *ret;
+        if(str[0] != '=')
+                goto out;
+        str++;
+        if(str[0] == '-')
+                add = 0;
+        else if(str[0] == '+'){
+                add = 1;
+        }
+        else goto out;
+        str++;
+        diff = memparse(str, &ret);
+        if(*ret != '\0')
+                goto out;
+        diff /= PAGE_SIZE;
+        for(i = 0; i < diff; i++){
+                struct unplugged_pages *unplugged;
+                void *addr;
+                if(add){
+                        if(list_empty(&unplugged_pages))
+                                break;
+                        unplugged = list_entry(unplugged_pages.next,
+                                               struct unplugged_pages, list);
+                        if(unplug_index > 0)
+                                addr = unplugged->pages[--unplug_index];
+                        else {
+                                list_del(&unplugged->list);
+                                addr = unplugged;
+                                unplug_index = UNPLUGGED_PER_PAGE;
+                        }
+                        free_page((unsigned long) addr);
+                        unplugged_pages_count--;
+                }
+                else {
+                        struct page *page;
+                        page = alloc_page(GFP_ATOMIC);
+                        if(page == NULL)
+                                break;
+                        unplugged = page_address(page);
+                        if(unplug_index == UNPLUGGED_PER_PAGE){
+                                INIT_LIST_HEAD(&unplugged->list);
+                                list_add(&unplugged->list, &unplugged_pages);
+                                unplug_index = 0;
+                        }
+                        else {
+                                struct list_head *entry = unplugged_pages.next;
+                                addr = unplugged;
+                                unplugged = list_entry(entry,
+                                                       struct unplugged_pages,
+                                                       list);
+                                unplugged->pages[unplug_index++] = addr;
+                                err = os_drop_memory(addr, PAGE_SIZE);
+                                if(err)
+                                        printk("Failed to release memory - "
+                                               "errno = %d\n", err);
+                        }
+                        unplugged_pages_count++;
+                }
+        }
+        err = 0;
+out:
+        return err;
+}
+static int mem_get_config(char *name, char *str, int size, char **error_out)
+{
+        char buf[sizeof("18446744073709551615")];
+        int len = 0;
+        sprintf(buf, "%ld", uml_physmem);
+        CONFIG_CHUNK(str, size, len, buf, 1);
+        return len;
+}
+static int mem_id(char **str, int *start_out, int *end_out)
+{
+        *start_out = 0;
+        *end_out = 0;
+        return 0;
+}
+static int mem_remove(int n)
+{
+        return -EBUSY;
+}
+static struct mc_device mem_mc = {
+        .name           = "mem",
+        .config         = mem_config,
+        .get_config     = mem_get_config,
+        .id             = mem_id,
+        .remove         = mem_remove,
+};
+static int mem_mc_init(void)
+{
+        if(can_drop_memory())
+                mconsole_register_dev(&mem_mc);
+        else printk("Can't release memory to the host - memory hotplug won't "
+                    "be supported\n");
+        return 0;
+}
+__initcall(mem_mc_init);
 #define CONFIG_BUF_SIZE 64
 static void mconsole_get_config(int (*get_config)(char *, char *, int,
@@ -478,7 +616,7 @@ static void console_write(struct console *console, const char *string,
                return;
        while(1){
-                n = min(len, ARRAY_SIZE(console_buf) - console_index);
+                n = min((size_t)len, ARRAY_SIZE(console_buf) - console_index);
                strncpy(&console_buf[console_index], string, n);
                console_index += n;
                string += n;
@@ -762,7 +900,8 @@ static struct notifier_block panic_exit_notifier = {
 static int add_notifier(void)
 {
-        notifier_chain_register(&panic_notifier_list, &panic_exit_notifier);
+        atomic_notifier_chain_register(&panic_notifier_list,
+                        &panic_exit_notifier);
        return(0);
 }
diff --git a/arch/um/drivers/pcap_kern.c b/arch/um/drivers/pcap_kern.c
index 07c80f2156ef..466ff2c2f918 100644
--- a/arch/um/drivers/pcap_kern.c
+++ b/arch/um/drivers/pcap_kern.c
@@ -106,18 +106,7 @@ static struct transport pcap_transport = {
 static int register_pcap(void)
 {
        register_transport(&pcap_transport);
-        return(1);
+        return 0;
 }
 __initcall(register_pcap);
-/*
- * Overrides for Emacs so that we follow Linus's tabbing style.
- * Emacs will notice this stuff at the end of the file and automatically
- * adjust the settings for this buffer only.  This must remain at the end
- * of the file.
- * ---------------------------------------------------------------------------
- * Local variables:
- * c-file-style: "linux"
- * End:
- */
diff --git a/arch/um/drivers/slip_kern.c b/arch/um/drivers/slip_kern.c
index a62f5ef445cf..163ee0d5f75e 100644
--- a/arch/um/drivers/slip_kern.c
+++ b/arch/um/drivers/slip_kern.c
@@ -93,18 +93,7 @@ static struct transport slip_transport = {
 static int register_slip(void)
 {
        register_transport(&slip_transport);
-        return(1);
+        return 0;
 }
 __initcall(register_slip);
-/*
- * Overrides for Emacs so that we follow Linus's tabbing style.
- * Emacs will notice this stuff at the end of the file and automatically
- * adjust the settings for this buffer only.  This must remain at the end
- * of the file.
- * ---------------------------------------------------------------------------
- * Local variables:
- * c-file-style: "linux"
- * End:
- */
diff --git a/arch/um/drivers/slirp_kern.c b/arch/um/drivers/slirp_kern.c
index 33d7982be5d3..95e50c943e14 100644
--- a/arch/um/drivers/slirp_kern.c
+++ b/arch/um/drivers/slirp_kern.c
@@ -77,7 +77,7 @@ static int slirp_setup(char *str, char **mac_out, void *data)
        int i=0;
        *init = ((struct slirp_init)
-                { argw :                { { "slirp", NULL  } } });
+                { .argw = { { "slirp", NULL  } } });
        str = split_if_spec(str, mac_out, NULL);
@@ -116,18 +116,7 @@ static struct transport slirp_transport = {
 static int register_slirp(void)
 {
        register_transport(&slirp_transport);
-        return(1);
+        return 0;
 }
 __initcall(register_slirp);
-/*
- * Overrides for Emacs so that we follow Linus's tabbing style.
- * Emacs will notice this stuff at the end of the file and automatically
- * adjust the settings for this buffer only.  This must remain at the end
- * of the file.
- * ---------------------------------------------------------------------------
- * Local variables:
- * c-file-style: "linux"
- * End:
- */
diff --git a/arch/um/drivers/ubd_kern.c b/arch/um/drivers/ubd_kern.c
index fa617e0719ab..0897852b09a3 100644
--- a/arch/um/drivers/ubd_kern.c
+++ b/arch/um/drivers/ubd_kern.c
@@ -1,4 +1,4 @@
-/* 
+/*
 * Copyright (C) 2000 Jeff Dike (jdike@karaya.com)
 * Licensed under the GPL
 */
@@ -71,7 +71,7 @@ struct io_thread_req {
        int error;
 };
-extern int open_ubd_file(char *file, struct openflags *openflags,
+extern int open_ubd_file(char *file, struct openflags *openflags, int shared,
                         char **backing_file_out, int *bitmap_offset_out,
                         unsigned long *bitmap_len_out, int *data_offset_out,
                         int *create_cow_out);
@@ -137,7 +137,7 @@ static int fake_major = MAJOR_NR;
 static struct gendisk *ubd_gendisk[MAX_DEV];
 static struct gendisk *fake_gendisk[MAX_DEV];
- 
 #ifdef CONFIG_BLK_DEV_UBD_SYNC
 #define OPEN_FLAGS ((struct openflags) { .r = 1, .w = 1, .s = 1, .c = 0, \
                                         .cl = 1 })
@@ -168,6 +168,7 @@ struct ubd {
        __u64 size;
        struct openflags boot_openflags;
        struct openflags openflags;
+        int shared;
        int no_cow;
        struct cow cow;
        struct platform_device pdev;
@@ -189,6 +190,7 @@ struct ubd {
        .boot_openflags =       OPEN_FLAGS, \
        .openflags =            OPEN_FLAGS, \
        .no_cow =               0, \
+        .shared =               0, \
        .cow =                  DEFAULT_COW, \
 }
@@ -305,7 +307,7 @@ static int ubd_setup_common(char *str, int *index_out)
                }
                major = simple_strtoul(str, &end, 0);
                if((*end != '\0') || (end == str)){
-                        printk(KERN_ERR 
+                        printk(KERN_ERR
                               "ubd_setup : didn't parse major number\n");
                        return(1);
                }
@@ -316,7 +318,7 @@ static int ubd_setup_common(char *str, int *index_out)
                        printk(KERN_ERR "Can't assign a fake major twice\n");
                        goto out1;
                }
- 
                fake_major = major;
                printk(KERN_INFO "Setting extra ubd major number to %d\n",
@@ -351,7 +353,7 @@ static int ubd_setup_common(char *str, int *index_out)
        if (index_out)
                *index_out = n;
-        for (i = 0; i < 4; i++) {
+        for (i = 0; i < sizeof("rscd="); i++) {
                switch (*str) {
                case 'r':
                        flags.w = 0;
@@ -362,11 +364,14 @@ static int ubd_setup_common(char *str, int *index_out)
                case 'd':
                        dev->no_cow = 1;
                        break;
+                case 'c':
+                        dev->shared = 1;
+                        break;
                case '=':
                        str++;
                        goto break_loop;
                default:
-                        printk(KERN_ERR "ubd_setup : Expected '=' or flag letter (r,s or d)\n");
+                        printk(KERN_ERR "ubd_setup : Expected '=' or flag letter (r, s, c, or d)\n");
                        goto out;
                }
                str++;
@@ -515,7 +520,7 @@ static void ubd_handler(void)
                spin_unlock(&ubd_io_lock);
                return;
        }
-        
        ubd_finish(rq, req.error);
        reactivate_fd(thread_fd, UBD_IRQ);      
        do_ubd_request(ubd_queue);
@@ -532,7 +537,7 @@ static int io_pid = -1;
 void kill_io_thread(void)
 {
-        if(io_pid != -1) 
+        if(io_pid != -1)
                os_kill_process(io_pid, 1);
 }
@@ -567,14 +572,15 @@ static int ubd_open_dev(struct ubd *dev)
        create_cow = 0;
        create_ptr = (dev->cow.file != NULL) ? &create_cow : NULL;
        back_ptr = dev->no_cow ? NULL : &dev->cow.file;
-        dev->fd = open_ubd_file(dev->file, &dev->openflags, back_ptr,
+        dev->fd = open_ubd_file(dev->file, &dev->openflags, dev->shared,
-                                &dev->cow.bitmap_offset, &dev->cow.bitmap_len, 
+                                back_ptr, &dev->cow.bitmap_offset,
-                                &dev->cow.data_offset, create_ptr);
+                                &dev->cow.bitmap_len, &dev->cow.data_offset,
+                                create_ptr);
        if((dev->fd == -ENOENT) && create_cow){
-                dev->fd = create_cow_file(dev->file, dev->cow.file, 
+                dev->fd = create_cow_file(dev->file, dev->cow.file,
                                          dev->openflags, 1 << 9, PAGE_SIZE,
-                                          &dev->cow.bitmap_offset, 
+                                          &dev->cow.bitmap_offset,
                                          &dev->cow.bitmap_len,
                                          &dev->cow.data_offset);
                if(dev->fd >= 0){
@@ -598,16 +604,16 @@ static int ubd_open_dev(struct ubd *dev)
                }
                flush_tlb_kernel_vm();
-                err = read_cow_bitmap(dev->fd, dev->cow.bitmap, 
+                err = read_cow_bitmap(dev->fd, dev->cow.bitmap,
-                                      dev->cow.bitmap_offset, 
+                                      dev->cow.bitmap_offset,
                                      dev->cow.bitmap_len);
                if(err < 0)
                        goto error;
                flags = dev->openflags;
                flags.w = 0;
-                err = open_ubd_file(dev->cow.file, &flags, NULL, NULL, NULL, 
+                err = open_ubd_file(dev->cow.file, &flags, dev->shared, NULL,
-                                    NULL, NULL);
+                                    NULL, NULL, NULL, NULL);
                if(err < 0) goto error;
                dev->cow.fd = err;
        }
@@ -685,11 +691,11 @@ static int ubd_add(int n)
        dev->size = ROUND_BLOCK(dev->size);
        err = ubd_new_disk(MAJOR_NR, dev->size, n, &ubd_gendisk[n]);
-        if(err) 
+        if(err)
                goto out_close;
- 
        if(fake_major != MAJOR_NR)
-                ubd_new_disk(fake_major, dev->size, n, 
+                ubd_new_disk(fake_major, dev->size, n,
                             &fake_gendisk[n]);
        /* perhaps this should also be under the "if (fake_major)" above */
@@ -854,7 +860,7 @@ int ubd_init(void)
                        return -1;
        }
        platform_driver_register(&ubd_driver);
-        for (i = 0; i < MAX_DEV; i++) 
+        for (i = 0; i < MAX_DEV; i++)
                ubd_add(i);
        return 0;
 }
@@ -872,20 +878,20 @@ int ubd_driver_init(void){
                 * enough. So use anyway the io thread. */
        }
        stack = alloc_stack(0, 0);
-        io_pid = start_io_thread(stack + PAGE_SIZE - sizeof(void *), 
+        io_pid = start_io_thread(stack + PAGE_SIZE - sizeof(void *),
                                 &thread_fd);
        if(io_pid < 0){
-                printk(KERN_ERR 
+                printk(KERN_ERR
                       "ubd : Failed to start I/O thread (errno = %d) - "
                       "falling back to synchronous I/O\n", -io_pid);
                io_pid = -1;
                return(0);
        }
-        err = um_request_irq(UBD_IRQ, thread_fd, IRQ_READ, ubd_intr, 
+        err = um_request_irq(UBD_IRQ, thread_fd, IRQ_READ, ubd_intr,
                             SA_INTERRUPT, "ubd", ubd_dev);
        if(err != 0)
                printk(KERN_ERR "um_request_irq failed - errno = %d\n", -err);
-        return(err);
+        return 0;
 }
 device_initcall(ubd_driver_init);
@@ -978,7 +984,7 @@ static void cowify_req(struct io_thread_req *req, unsigned long *bitmap,
        if(req->op == UBD_READ) {
                for(i = 0; i < req->length >> 9; i++){
                        if(ubd_test_bit(sector + i, (unsigned char *) bitmap))
-                                ubd_set_bit(i, (unsigned char *) 
+                                ubd_set_bit(i, (unsigned char *)
                                            &req->sector_mask);
                }
        }
@@ -999,7 +1005,7 @@ static int prepare_request(struct request *req, struct io_thread_req *io_req)
        /* This should be impossible now */
        if((rq_data_dir(req) == WRITE) && !dev->openflags.w){
-                printk("Write attempted on readonly ubd device %s\n", 
+                printk("Write attempted on readonly ubd device %s\n",
                       disk->disk_name);
                end_request(req, 0);
                return(1);
@@ -1182,7 +1188,7 @@ int read_cow_bitmap(int fd, void *buf, int offset, int len)
        return(0);
 }
-int open_ubd_file(char *file, struct openflags *openflags,
+int open_ubd_file(char *file, struct openflags *openflags, int shared,
                  char **backing_file_out, int *bitmap_offset_out,
                  unsigned long *bitmap_len_out, int *data_offset_out,
                  int *create_cow_out)
@@ -1206,10 +1212,14 @@ int open_ubd_file(char *file, struct openflags *openflags,
                        return fd;
        }
-        err = os_lock_file(fd, openflags->w);
+        if(shared)
-        if(err < 0){
+                printk("Not locking \"%s\" on the host\n", file);
-                printk("Failed to lock '%s', err = %d\n", file, -err);
+        else {
-                goto out_close;
+                err = os_lock_file(fd, openflags->w);
+                if(err < 0){
+                        printk("Failed to lock '%s', err = %d\n", file, -err);
+                        goto out_close;
+                }
        }
        /* Succesful return case! */
@@ -1260,7 +1270,7 @@ int create_cow_file(char *cow_file, char *backing_file, struct openflags flags,
        int err, fd;
        flags.c = 1;
-        fd = open_ubd_file(cow_file, &flags, NULL, NULL, NULL, NULL, NULL);
+        fd = open_ubd_file(cow_file, &flags, 0, NULL, NULL, NULL, NULL, NULL);
        if(fd < 0){
                err = fd;
                printk("Open of COW file '%s' failed, errno = %d\n", cow_file,
diff --git a/arch/um/include/irq_user.h b/arch/um/include/irq_user.h
index b61deb8b362a..69a93c804f0e 100644
--- a/arch/um/include/irq_user.h
+++ b/arch/um/include/irq_user.h
@@ -1,4 +1,4 @@
-/* 
+/*
 * Copyright (C) 2001, 2002 Jeff Dike (jdike@karaya.com)
 * Licensed under the GPL
 */
@@ -6,6 +6,17 @@
 #ifndef __IRQ_USER_H__
 #define __IRQ_USER_H__
+struct irq_fd {
+        struct irq_fd *next;
+        void *id;
+        int fd;
+        int type;
+        int irq;
+        int pid;
+        int events;
+        int current_events;
+};
 enum { IRQ_READ, IRQ_WRITE };
 extern void sigio_handler(int sig, union uml_pt_regs *regs);
@@ -16,8 +27,6 @@ extern void reactivate_fd(int fd, int irqnum);
 extern void deactivate_fd(int fd, int irqnum);
 extern int deactivate_all_fds(void);
 extern void forward_interrupts(int pid);
-extern void init_irq_signals(int on_sigstack);
-extern void forward_ipi(int fd, int pid);
 extern int activate_ipi(int fd, int pid);
 extern unsigned long irq_lock(void);
 extern void irq_unlock(unsigned long flags);
diff --git a/arch/um/include/kern.h b/arch/um/include/kern.h
index 7d223beccbc0..4ce3fc650e57 100644
--- a/arch/um/include/kern.h
+++ b/arch/um/include/kern.h
@@ -29,7 +29,7 @@ extern int getuid(void);
 extern int getgid(void);
 extern int pause(void);
 extern int write(int, const void *, int);
-extern int exit(int);
+extern void exit(int);
 extern int close(int);
 extern int read(unsigned int, char *, int);
 extern int pipe(int *);
diff --git a/arch/um/include/kern_util.h b/arch/um/include/kern_util.h
index 07176d92e1c9..42557130a408 100644
--- a/arch/um/include/kern_util.h
+++ b/arch/um/include/kern_util.h
@@ -116,7 +116,11 @@ extern void *get_current(void);
 extern struct task_struct *get_task(int pid, int require);
 extern void machine_halt(void);
 extern int is_syscall(unsigned long addr);
-extern void arch_switch(void);
+extern void arch_switch_to_tt(struct task_struct *from, struct task_struct *to);
+extern void arch_switch_to_skas(struct task_struct *from, struct task_struct *to);
 extern void free_irq(unsigned int, void *);
 extern int cpu(void);
diff --git a/arch/um/include/line.h b/arch/um/include/line.h
index 6f4d680dc1d4..6ac0f8252e21 100644
--- a/arch/um/include/line.h
+++ b/arch/um/include/line.h
@@ -58,23 +58,17 @@ struct line {
 };
 #define LINE_INIT(str, d) \
-        { init_str :    str, \
+        { .init_str =   str, \
-          init_pri :    INIT_STATIC, \
+          .init_pri =   INIT_STATIC, \
-          valid :       1, \
+          .valid =      1, \
-          throttled :   0, \
+          .lock =       SPIN_LOCK_UNLOCKED, \
-          lock :        SPIN_LOCK_UNLOCKED, \
+          .driver =     d }
-          buffer :      NULL, \
-          head :        NULL, \
-          tail :        NULL, \
-          sigio :       0, \
-          driver :      d, \
-          have_irq :    0 }
 struct lines {
        int num;
 };
-#define LINES_INIT(n) {  num :          n }
+#define LINES_INIT(n) {  .num = n }
 extern void line_close(struct tty_struct *tty, struct file * filp);
 extern int line_open(struct line *lines, struct tty_struct *tty);
diff --git a/arch/um/include/mem_user.h b/arch/um/include/mem_user.h
index a1064c5823bf..a54514d2cc3a 100644
--- a/arch/um/include/mem_user.h
+++ b/arch/um/include/mem_user.h
@@ -49,7 +49,6 @@ extern int iomem_size;
 extern unsigned long host_task_size;
 extern unsigned long task_size;
-extern void check_devanon(void);
 extern int init_mem_user(void);
 extern void setup_memory(void *entry);
 extern unsigned long find_iomem(char *driver, unsigned long *len_out);
diff --git a/arch/um/include/misc_constants.h b/arch/um/include/misc_constants.h
new file mode 100644
index 000000000000..989bc08de36e
--- /dev/null
+++ b/arch/um/include/misc_constants.h
@@ -0,0 +1,6 @@
+#ifndef __MISC_CONSTANT_H_
+#define __MISC_CONSTANT_H_
+#include <user_constants.h>
+#endif
diff --git a/arch/um/include/os.h b/arch/um/include/os.h
index 2a1c64d8d0bf..f88856c28a66 100644
--- a/arch/um/include/os.h
+++ b/arch/um/include/os.h
@@ -12,6 +12,8 @@
 #include "sysdep/ptrace.h"
 #include "kern_util.h"
 #include "skas/mm_id.h"
+#include "irq_user.h"
+#include "sysdep/tls.h"
 #define OS_TYPE_FILE 1 
 #define OS_TYPE_DIR 2 
@@ -121,6 +123,7 @@ static inline struct openflags of_cloexec(struct openflags flags)
        return(flags); 
 }
  
+/* file.c */
 extern int os_stat_file(const char *file_name, struct uml_stat *buf);
 extern int os_stat_fd(const int fd, struct uml_stat *buf);
 extern int os_access(const char *file, int mode);
@@ -156,10 +159,21 @@ extern int os_connect_socket(char *name);
 extern int os_file_type(char *file);
 extern int os_file_mode(char *file, struct openflags *mode_out);
 extern int os_lock_file(int fd, int excl);
+extern void os_flush_stdout(void);
+extern int os_stat_filesystem(char *path, long *bsize_out,
+                              long long *blocks_out, long long *bfree_out,
+                              long long *bavail_out, long long *files_out,
+                              long long *ffree_out, void *fsid_out,
+                              int fsid_size, long *namelen_out,
+                              long *spare_out);
+extern int os_change_dir(char *dir);
+extern int os_fchange_dir(int fd);
 /* start_up.c */
 extern void os_early_checks(void);
 extern int can_do_skas(void);
+extern void os_check_bugs(void);
+extern void check_host_supports_tls(int *supports_tls, int *tls_min);
 /* Make sure they are clear when running in TT mode. Required by
 * SEGV_MAYBE_FIXABLE */
@@ -193,11 +207,15 @@ extern int os_map_memory(void *virt, int fd, unsigned long long off,
 extern int os_protect_memory(void *addr, unsigned long len, 
                             int r, int w, int x);
 extern int os_unmap_memory(void *addr, int len);
+extern int os_drop_memory(void *addr, int length);
+extern int can_drop_memory(void);
 extern void os_flush_stdout(void);
 /* tt.c
 * for tt mode only (will be deleted in future...)
 */
+extern void forward_ipi(int fd, int pid);
+extern void kill_child_dead(int pid);
 extern void stop(void);
 extern int wait_for_stop(int pid, int sig, int cont_type, void *relay);
 extern int protect_memory(unsigned long addr, unsigned long len,
@@ -220,8 +238,12 @@ extern int run_helper_thread(int (*proc)(void *), void *arg,
                             int stack_order);
 extern int helper_wait(int pid);
-/* umid.c */
+/* tls.c */
+extern int os_set_thread_area(user_desc_t *info, int pid);
+extern int os_get_thread_area(user_desc_t *info, int pid);
+/* umid.c */
 extern int umid_file_name(char *name, char *buf, int len);
 extern int set_umid(char *name);
 extern char *get_umid(void);
@@ -294,4 +316,26 @@ extern void initial_thread_cb_skas(void (*proc)(void *),
 extern void halt_skas(void);
 extern void reboot_skas(void);
+/* irq.c */
+extern int os_waiting_for_events(struct irq_fd *active_fds);
+extern int os_isatty(int fd);
+extern int os_create_pollfd(int fd, int events, void *tmp_pfd, int size_tmpfds);
+extern void os_free_irq_by_cb(int (*test)(struct irq_fd *, void *), void *arg,
+                struct irq_fd *active_fds, struct irq_fd ***last_irq_ptr2);
+extern void os_free_irq_later(struct irq_fd *active_fds,
+                int irq, void *dev_id);
+extern int os_get_pollfd(int i);
+extern void os_set_pollfd(int i, int fd);
+extern void os_set_ioignore(void);
+extern void init_irq_signals(int on_sigstack);
+/* sigio.c */
+extern void write_sigio_workaround(void);
+extern int add_sigio_fd(int fd, int read);
+extern int ignore_sigio_fd(int fd);
+/* skas/trap */
+extern void sig_handler_common_skas(int sig, void *sc_ptr);
+extern void user_signal(int sig, union uml_pt_regs *regs, int pid);
 #endif
diff --git a/arch/um/include/sigio.h b/arch/um/include/sigio.h
index 37d76e29a147..fe99ea163c2e 100644
--- a/arch/um/include/sigio.h
+++ b/arch/um/include/sigio.h
@@ -8,9 +8,6 @@
 extern int write_sigio_irq(int fd);
 extern int register_sigio_fd(int fd);
-extern int read_sigio_fd(int fd);
-extern int add_sigio_fd(int fd, int read);
-extern int ignore_sigio_fd(int fd);
 extern void sigio_lock(void);
 extern void sigio_unlock(void);
diff --git a/arch/um/include/skas/mode-skas.h b/arch/um/include/skas/mode-skas.h
index 260065cfeef1..8bc6916bbbb1 100644
--- a/arch/um/include/skas/mode-skas.h
+++ b/arch/um/include/skas/mode-skas.h
@@ -13,7 +13,6 @@ extern unsigned long exec_fp_regs[];
 extern unsigned long exec_fpx_regs[];
 extern int have_fpx_regs;
-extern void sig_handler_common_skas(int sig, void *sc_ptr);
 extern void kill_off_processes_skas(void);
 #endif
diff --git a/arch/um/include/skas/skas.h b/arch/um/include/skas/skas.h
index 86357282d681..853b26f148c5 100644
--- a/arch/um/include/skas/skas.h
+++ b/arch/um/include/skas/skas.h
@@ -17,7 +17,6 @@ extern int user_thread(unsigned long stack, int flags);
 extern void new_thread_proc(void *stack, void (*handler)(int sig));
 extern void new_thread_handler(int sig);
 extern void handle_syscall(union uml_pt_regs *regs);
-extern void user_signal(int sig, union uml_pt_regs *regs, int pid);
 extern int new_mm(unsigned long stack);
 extern void get_skas_faultinfo(int pid, struct faultinfo * fi);
 extern long execute_syscall_skas(void *r);
diff --git a/arch/um/include/sysdep-i386/checksum.h b/arch/um/include/sysdep-i386/checksum.h
index 7d3d202d7fff..052bb061a978 100644
--- a/arch/um/include/sysdep-i386/checksum.h
+++ b/arch/um/include/sysdep-i386/checksum.h
@@ -48,7 +48,8 @@ unsigned int csum_partial_copy_nocheck(const unsigned char *src, unsigned char *
 */
 static __inline__
-unsigned int csum_partial_copy_from_user(const unsigned char *src, unsigned char *dst,
+unsigned int csum_partial_copy_from_user(const unsigned char __user *src,
+                                         unsigned char *dst,
                                         int len, int sum, int *err_ptr)
 {
        if(copy_from_user(dst, src, len)){
@@ -192,7 +193,7 @@ static __inline__ unsigned short int csum_ipv6_magic(struct in6_addr *saddr,
 */
 #define HAVE_CSUM_COPY_USER
 static __inline__ unsigned int csum_and_copy_to_user(const unsigned char *src,
-                                                     unsigned char *dst,
+                                                     unsigned char __user *dst,
                                                     int len, int sum, int *err_ptr)
 {
        if (access_ok(VERIFY_WRITE, dst, len)){
diff --git a/arch/um/include/sysdep-i386/ptrace.h b/arch/um/include/sysdep-i386/ptrace.h
index c8ee9559f3ab..6670cc992ecb 100644
--- a/arch/um/include/sysdep-i386/ptrace.h
+++ b/arch/um/include/sysdep-i386/ptrace.h
@@ -14,7 +14,12 @@
 #define MAX_REG_NR (UM_FRAME_SIZE / sizeof(unsigned long))
 #define MAX_REG_OFFSET (UM_FRAME_SIZE)
+#ifdef UML_CONFIG_PT_PROXY
 extern void update_debugregs(int seq);
+#else
+static inline void update_debugregs(int seq) {}
+#endif
 /* syscall emulation path in ptrace */
diff --git a/arch/um/include/sysdep-i386/tls.h b/arch/um/include/sysdep-i386/tls.h
new file mode 100644
index 000000000000..918fd3c5ff9c
--- /dev/null
+++ b/arch/um/include/sysdep-i386/tls.h
@@ -0,0 +1,32 @@
+#ifndef _SYSDEP_TLS_H
+#define _SYSDEP_TLS_H
+# ifndef __KERNEL__
+/* Change name to avoid conflicts with the original one from <asm/ldt.h>, which
+ * may be named user_desc (but in 2.4 and in header matching its API was named
+ * modify_ldt_ldt_s). */
+typedef struct um_dup_user_desc {
+        unsigned int  entry_number;
+        unsigned int  base_addr;
+        unsigned int  limit;
+        unsigned int  seg_32bit:1;
+        unsigned int  contents:2;
+        unsigned int  read_exec_only:1;
+        unsigned int  limit_in_pages:1;
+        unsigned int  seg_not_present:1;
+        unsigned int  useable:1;
+} user_desc_t;
+# else /* __KERNEL__ */
+#  include <asm/ldt.h>
+typedef struct user_desc user_desc_t;
+# endif /* __KERNEL__ */
+#define GDT_ENTRY_TLS_MIN_I386 6
+#define GDT_ENTRY_TLS_MIN_X86_64 12
+#endif /* _SYSDEP_TLS_H */
diff --git a/arch/um/include/sysdep-x86_64/tls.h b/arch/um/include/sysdep-x86_64/tls.h
new file mode 100644
index 000000000000..35f19f25bd3b
--- /dev/null
+++ b/arch/um/include/sysdep-x86_64/tls.h
@@ -0,0 +1,29 @@
+#ifndef _SYSDEP_TLS_H
+#define _SYSDEP_TLS_H
+# ifndef __KERNEL__
+/* Change name to avoid conflicts with the original one from <asm/ldt.h>, which
+ * may be named user_desc (but in 2.4 and in header matching its API was named
+ * modify_ldt_ldt_s). */
+typedef struct um_dup_user_desc {
+        unsigned int  entry_number;
+        unsigned int  base_addr;
+        unsigned int  limit;
+        unsigned int  seg_32bit:1;
+        unsigned int  contents:2;
+        unsigned int  read_exec_only:1;
+        unsigned int  limit_in_pages:1;
+        unsigned int  seg_not_present:1;
+        unsigned int  useable:1;
+        unsigned int  lm:1;
+} user_desc_t;
+# else /* __KERNEL__ */
+#  include <asm/ldt.h>
+typedef struct user_desc user_desc_t;
+# endif /* __KERNEL__ */
+#endif /* _SYSDEP_TLS_H */
diff --git a/arch/um/include/user_util.h b/arch/um/include/user_util.h
index a6f1f176cf84..fe0c29b5144d 100644
--- a/arch/um/include/user_util.h
+++ b/arch/um/include/user_util.h
@@ -8,6 +8,9 @@
 #include "sysdep/ptrace.h"
+/* Copied from kernel.h */
+#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
 #define CATCH_EINTR(expr) while ((errno = 0, ((expr) < 0)) && (errno == EINTR))
 extern int mode_tt;
@@ -31,7 +34,7 @@ extern unsigned long uml_physmem;
 extern unsigned long uml_reserved;
 extern unsigned long end_vm;
 extern unsigned long start_vm;
-extern unsigned long highmem;
+extern unsigned long long highmem;
 extern char host_info[];
@@ -58,7 +61,6 @@ extern int attach(int pid);
 extern void kill_child_dead(int pid);
 extern int cont(int pid);
 extern void check_sigio(void);
-extern void write_sigio_workaround(void);
 extern void arch_check_bugs(void);
 extern int cpu_feature(char *what, char *buf, int len);
 extern int arch_handle_signal(int sig, union uml_pt_regs *regs);
diff --git a/arch/um/kernel/Makefile b/arch/um/kernel/Makefile
index 693018ba80f1..fe08971b64cf 100644
--- a/arch/um/kernel/Makefile
+++ b/arch/um/kernel/Makefile
@@ -7,23 +7,20 @@ extra-y := vmlinux.lds
 clean-files :=
 obj-y = config.o exec_kern.o exitcode.o \
-        init_task.o irq.o irq_user.o ksyms.o mem.o physmem.o \
+        init_task.o irq.o ksyms.o mem.o physmem.o \
-        process_kern.o ptrace.o reboot.o resource.o sigio_user.o sigio_kern.o \
+        process_kern.o ptrace.o reboot.o resource.o sigio_kern.o \
        signal_kern.o smp.o syscall_kern.o sysrq.o \
        time_kern.o tlb.o trap_kern.o uaccess.o um_arch.o umid.o
 obj-$(CONFIG_BLK_DEV_INITRD) += initrd.o
 obj-$(CONFIG_GPROF)     += gprof_syms.o
 obj-$(CONFIG_GCOV)      += gmon_syms.o
-obj-$(CONFIG_TTY_LOG)   += tty_log.o
 obj-$(CONFIG_SYSCALL_DEBUG) += syscall.o
 obj-$(CONFIG_MODE_TT) += tt/
 obj-$(CONFIG_MODE_SKAS) += skas/
-user-objs-$(CONFIG_TTY_LOG) += tty_log.o
+USER_OBJS := config.o
-USER_OBJS := $(user-objs-y) config.o tty_log.o
 include arch/um/scripts/Makefile.rules
diff --git a/arch/um/kernel/exec_kern.c b/arch/um/kernel/exec_kern.c
index c264e1c05ab3..c0cb627bf594 100644
--- a/arch/um/kernel/exec_kern.c
+++ b/arch/um/kernel/exec_kern.c
@@ -22,6 +22,7 @@
 void flush_thread(void)
 {
+        arch_flush_thread(&current->thread.arch);
        CHOOSE_MODE(flush_thread_tt(), flush_thread_skas());
 }
@@ -30,8 +31,6 @@ void start_thread(struct pt_regs *regs, unsigned long eip, unsigned long esp)
        CHOOSE_MODE_PROC(start_thread_tt, start_thread_skas, regs, eip, esp);
 }
-extern void log_exec(char **argv, void *tty);
 static long execve1(char *file, char __user * __user *argv,
                    char __user *__user *env)
 {
@@ -60,14 +59,14 @@ long um_execve(char *file, char __user *__user *argv, char __user *__user *env)
        return(err);
 }
-long sys_execve(char *file, char __user *__user *argv,
+long sys_execve(char __user *file, char __user *__user *argv,
                char __user *__user *env)
 {
        long error;
        char *filename;
        lock_kernel();
-        filename = getname((char __user *) file);
+        filename = getname(file);
        error = PTR_ERR(filename);
        if (IS_ERR(filename)) goto out;
        error = execve1(filename, argv, env);
@@ -76,14 +75,3 @@ long sys_execve(char *file, char __user *__user *argv,
        unlock_kernel();
        return(error);
 }
-/*
- * Overrides for Emacs so that we follow Linus's tabbing style.
- * Emacs will notice this stuff at the end of the file and automatically
- * adjust the settings for this buffer only.  This must remain at the end
- * of the file.
- * ---------------------------------------------------------------------------
- * Local variables:
- * c-file-style: "linux"
- * End:
- */
diff --git a/arch/um/kernel/irq.c b/arch/um/kernel/irq.c
index bbf94bf2921e..c39ea3abeda4 100644
--- a/arch/um/kernel/irq.c
+++ b/arch/um/kernel/irq.c
@@ -31,6 +31,8 @@
 #include "irq_user.h"
 #include "irq_kern.h"
 #include "os.h"
+#include "sigio.h"
+#include "misc_constants.h"
 /*
 * Generic, controller-independent functions:
@@ -77,6 +79,298 @@ skip:
        return 0;
 }
+struct irq_fd *active_fds = NULL;
+static struct irq_fd **last_irq_ptr = &active_fds;
+extern void free_irqs(void);
+void sigio_handler(int sig, union uml_pt_regs *regs)
+{
+        struct irq_fd *irq_fd;
+        int n;
+        if(smp_sigio_handler()) return;
+        while(1){
+                n = os_waiting_for_events(active_fds);
+                if (n <= 0) {
+                        if(n == -EINTR) continue;
+                        else break;
+                }
+                for(irq_fd = active_fds; irq_fd != NULL; irq_fd = irq_fd->next){
+                        if(irq_fd->current_events != 0){
+                                irq_fd->current_events = 0;
+                                do_IRQ(irq_fd->irq, regs);
+                        }
+                }
+        }
+        free_irqs();
+}
+static void maybe_sigio_broken(int fd, int type)
+{
+        if(os_isatty(fd)){
+                if((type == IRQ_WRITE) && !pty_output_sigio){
+                        write_sigio_workaround();
+                        add_sigio_fd(fd, 0);
+                }
+                else if((type == IRQ_READ) && !pty_close_sigio){
+                        write_sigio_workaround();
+                        add_sigio_fd(fd, 1);
+                }
+        }
+}
+int activate_fd(int irq, int fd, int type, void *dev_id)
+{
+        struct pollfd *tmp_pfd;
+        struct irq_fd *new_fd, *irq_fd;
+        unsigned long flags;
+        int pid, events, err, n;
+        pid = os_getpid();
+        err = os_set_fd_async(fd, pid);
+        if(err < 0)
+                goto out;
+        new_fd = um_kmalloc(sizeof(*new_fd));
+        err = -ENOMEM;
+        if(new_fd == NULL)
+                goto out;
+        if(type == IRQ_READ) events = UM_POLLIN | UM_POLLPRI;
+        else events = UM_POLLOUT;
+        *new_fd = ((struct irq_fd) { .next              = NULL,
+                                     .id                = dev_id,
+                                     .fd                = fd,
+                                     .type              = type,
+                                     .irq               = irq,
+                                     .pid               = pid,
+                                     .events            = events,
+                                     .current_events    = 0 } );
+        /* Critical section - locked by a spinlock because this stuff can
+         * be changed from interrupt handlers.  The stuff above is done
+         * outside the lock because it allocates memory.
+         */
+        /* Actually, it only looks like it can be called from interrupt
+         * context.  The culprit is reactivate_fd, which calls
+         * maybe_sigio_broken, which calls write_sigio_workaround,
+         * which calls activate_fd.  However, write_sigio_workaround should
+         * only be called once, at boot time.  That would make it clear that
+         * this is called only from process context, and can be locked with
+         * a semaphore.
+         */
+        flags = irq_lock();
+        for(irq_fd = active_fds; irq_fd != NULL; irq_fd = irq_fd->next){
+                if((irq_fd->fd == fd) && (irq_fd->type == type)){
+                        printk("Registering fd %d twice\n", fd);
+                        printk("Irqs : %d, %d\n", irq_fd->irq, irq);
+                        printk("Ids : 0x%p, 0x%p\n", irq_fd->id, dev_id);
+                        goto out_unlock;
+                }
+        }
+        /*-------------*/
+        if(type == IRQ_WRITE)
+                fd = -1;
+        tmp_pfd = NULL;
+        n = 0;
+        while(1){
+                n = os_create_pollfd(fd, events, tmp_pfd, n);
+                if (n == 0)
+                        break;
+                /* n > 0
+                 * It means we couldn't put new pollfd to current pollfds
+                 * and tmp_fds is NULL or too small for new pollfds array.
+                 * Needed size is equal to n as minimum.
+                 *
+                 * Here we have to drop the lock in order to call
+                 * kmalloc, which might sleep.
+                 * If something else came in and changed the pollfds array
+                 * so we will not be able to put new pollfd struct to pollfds
+                 * then we free the buffer tmp_fds and try again.
+                 */
+                irq_unlock(flags);
+                if (tmp_pfd != NULL) {
+                        kfree(tmp_pfd);
+                        tmp_pfd = NULL;
+                }
+                tmp_pfd = um_kmalloc(n);
+                if (tmp_pfd == NULL)
+                        goto out_kfree;
+                flags = irq_lock();
+        }
+        /*-------------*/
+        *last_irq_ptr = new_fd;
+        last_irq_ptr = &new_fd->next;
+        irq_unlock(flags);
+        /* This calls activate_fd, so it has to be outside the critical
+         * section.
+         */
+        maybe_sigio_broken(fd, type);
+        return(0);
+ out_unlock:
+        irq_unlock(flags);
+ out_kfree:
+        kfree(new_fd);
+ out:
+        return(err);
+}
+static void free_irq_by_cb(int (*test)(struct irq_fd *, void *), void *arg)
+{
+        unsigned long flags;
+        flags = irq_lock();
+        os_free_irq_by_cb(test, arg, active_fds, &last_irq_ptr);
+        irq_unlock(flags);
+}
+struct irq_and_dev {
+        int irq;
+        void *dev;
+};
+static int same_irq_and_dev(struct irq_fd *irq, void *d)
+{
+        struct irq_and_dev *data = d;
+        return((irq->irq == data->irq) && (irq->id == data->dev));
+}
+void free_irq_by_irq_and_dev(unsigned int irq, void *dev)
+{
+        struct irq_and_dev data = ((struct irq_and_dev) { .irq  = irq,
+                                                          .dev  = dev });
+        free_irq_by_cb(same_irq_and_dev, &data);
+}
+static int same_fd(struct irq_fd *irq, void *fd)
+{
+        return(irq->fd == *((int *) fd));
+}
+void free_irq_by_fd(int fd)
+{
+        free_irq_by_cb(same_fd, &fd);
+}
+static struct irq_fd *find_irq_by_fd(int fd, int irqnum, int *index_out)
+{
+        struct irq_fd *irq;
+        int i = 0;
+        int fdi;
+        for(irq=active_fds; irq != NULL; irq = irq->next){
+                if((irq->fd == fd) && (irq->irq == irqnum)) break;
+                i++;
+        }
+        if(irq == NULL){
+                printk("find_irq_by_fd doesn't have descriptor %d\n", fd);
+                goto out;
+        }
+        fdi = os_get_pollfd(i);
+        if((fdi != -1) && (fdi != fd)){
+                printk("find_irq_by_fd - mismatch between active_fds and "
+                       "pollfds, fd %d vs %d, need %d\n", irq->fd,
+                       fdi, fd);
+                irq = NULL;
+                goto out;
+        }
+        *index_out = i;
+ out:
+        return(irq);
+}
+void reactivate_fd(int fd, int irqnum)
+{
+        struct irq_fd *irq;
+        unsigned long flags;
+        int i;
+        flags = irq_lock();
+        irq = find_irq_by_fd(fd, irqnum, &i);
+        if(irq == NULL){
+                irq_unlock(flags);
+                return;
+        }
+        os_set_pollfd(i, irq->fd);
+        irq_unlock(flags);
+        /* This calls activate_fd, so it has to be outside the critical
+         * section.
+         */
+        maybe_sigio_broken(fd, irq->type);
+}
+void deactivate_fd(int fd, int irqnum)
+{
+        struct irq_fd *irq;
+        unsigned long flags;
+        int i;
+        flags = irq_lock();
+        irq = find_irq_by_fd(fd, irqnum, &i);
+        if(irq == NULL)
+                goto out;
+        os_set_pollfd(i, -1);
+ out:
+        irq_unlock(flags);
+}
+int deactivate_all_fds(void)
+{
+        struct irq_fd *irq;
+        int err;
+        for(irq=active_fds;irq != NULL;irq = irq->next){
+                err = os_clear_fd_async(irq->fd);
+                if(err)
+                        return(err);
+        }
+        /* If there is a signal already queued, after unblocking ignore it */
+        os_set_ioignore();
+        return(0);
+}
+void forward_interrupts(int pid)
+{
+        struct irq_fd *irq;
+        unsigned long flags;
+        int err;
+        flags = irq_lock();
+        for(irq=active_fds;irq != NULL;irq = irq->next){
+                err = os_set_owner(irq->fd, pid);
+                if(err < 0){
+                        /* XXX Just remove the irq rather than
+                         * print out an infinite stream of these
+                         */
+                        printk("Failed to forward %d to pid %d, err = %d\n",
+                               irq->fd, pid, -err);
+                }
+                irq->pid = pid;
+        }
+        irq_unlock(flags);
+}
 /*
 * do_IRQ handles all normal device IRQ's (the special
 * SMP cross-CPU interrupts have their own specific
diff --git a/arch/um/kernel/irq_user.c b/arch/um/kernel/irq_user.c
deleted file mode 100644
index 0e32f5f4a887..000000000000
--- a/arch/um/kernel/irq_user.c
+++ /dev/null
@@ -1,412 +0,0 @@
-/* 
- * Copyright (C) 2000 Jeff Dike (jdike@karaya.com)
- * Licensed under the GPL
- */
-#include <stdlib.h>
-#include <unistd.h>
-#include <errno.h>
-#include <signal.h>
-#include <string.h>
-#include <sys/poll.h>
-#include <sys/types.h>
-#include <sys/time.h>
-#include "user_util.h"
-#include "kern_util.h"
-#include "user.h"
-#include "process.h"
-#include "sigio.h"
-#include "irq_user.h"
-#include "os.h"
-struct irq_fd {
-        struct irq_fd *next;
-        void *id;
-        int fd;
-        int type;
-        int irq;
-        int pid;
-        int events;
-        int current_events;
-};
-static struct irq_fd *active_fds = NULL;
-static struct irq_fd **last_irq_ptr = &active_fds;
-static struct pollfd *pollfds = NULL;
-static int pollfds_num = 0;
-static int pollfds_size = 0;
-extern int io_count, intr_count;
-extern void free_irqs(void);
-void sigio_handler(int sig, union uml_pt_regs *regs)
-{
-        struct irq_fd *irq_fd;
-        int i, n;
-        if(smp_sigio_handler()) return;
-        while(1){
-                n = poll(pollfds, pollfds_num, 0);
-                if(n < 0){
-                        if(errno == EINTR) continue;
-                        printk("sigio_handler : poll returned %d, "
-                               "errno = %d\n", n, errno);
-                        break;
-                }
-                if(n == 0) break;
-                irq_fd = active_fds;
-                for(i = 0; i < pollfds_num; i++){
-                        if(pollfds[i].revents != 0){
-                                irq_fd->current_events = pollfds[i].revents;
-                                pollfds[i].fd = -1;
-                        }
-                        irq_fd = irq_fd->next;
-                }
-                for(irq_fd = active_fds; irq_fd != NULL; irq_fd = irq_fd->next){
-                        if(irq_fd->current_events != 0){
-                                irq_fd->current_events = 0;
-                                do_IRQ(irq_fd->irq, regs);
-                        }
-                }
-        }
-        free_irqs();
-}
-int activate_ipi(int fd, int pid)
-{
-        return(os_set_fd_async(fd, pid));
-}
-static void maybe_sigio_broken(int fd, int type)
-{
-        if(isatty(fd)){
-                if((type == IRQ_WRITE) && !pty_output_sigio){
-                        write_sigio_workaround();
-                        add_sigio_fd(fd, 0);
-                }
-                else if((type == IRQ_READ) && !pty_close_sigio){
-                        write_sigio_workaround();
-                        add_sigio_fd(fd, 1);                    
-                }
-        }
-}
-int activate_fd(int irq, int fd, int type, void *dev_id)
-{
-        struct pollfd *tmp_pfd;
-        struct irq_fd *new_fd, *irq_fd;
-        unsigned long flags;
-        int pid, events, err, n, size;
-        pid = os_getpid();
-        err = os_set_fd_async(fd, pid);
-        if(err < 0)
-                goto out;
-        new_fd = um_kmalloc(sizeof(*new_fd));
-        err = -ENOMEM;
-        if(new_fd == NULL)
-                goto out;
-        if(type == IRQ_READ) events = POLLIN | POLLPRI;
-        else events = POLLOUT;
-        *new_fd = ((struct irq_fd) { .next              = NULL,
-                                     .id                = dev_id,
-                                     .fd                = fd,
-                                     .type              = type,
-                                     .irq               = irq,
-                                     .pid               = pid,
-                                     .events            = events,
-                                     .current_events    = 0 } );
-        /* Critical section - locked by a spinlock because this stuff can
-         * be changed from interrupt handlers.  The stuff above is done 
-         * outside the lock because it allocates memory.
-         */
-        /* Actually, it only looks like it can be called from interrupt
-         * context.  The culprit is reactivate_fd, which calls 
-         * maybe_sigio_broken, which calls write_sigio_workaround,
-         * which calls activate_fd.  However, write_sigio_workaround should
-         * only be called once, at boot time.  That would make it clear that
-         * this is called only from process context, and can be locked with
-         * a semaphore.
-         */
-        flags = irq_lock();
-        for(irq_fd = active_fds; irq_fd != NULL; irq_fd = irq_fd->next){
-                if((irq_fd->fd == fd) && (irq_fd->type == type)){
-                        printk("Registering fd %d twice\n", fd);
-                        printk("Irqs : %d, %d\n", irq_fd->irq, irq);
-                        printk("Ids : 0x%x, 0x%x\n", irq_fd->id, dev_id);
-                        goto out_unlock;
-                }
-        }
-        n = pollfds_num;
-        if(n == pollfds_size){
-                while(1){
-                        /* Here we have to drop the lock in order to call 
-                         * kmalloc, which might sleep.  If something else
-                         * came in and changed the pollfds array, we free
-                         * the buffer and try again.
-                         */
-                        irq_unlock(flags);
-                        size = (pollfds_num + 1) * sizeof(pollfds[0]);
-                        tmp_pfd = um_kmalloc(size);
-                        flags = irq_lock();
-                        if(tmp_pfd == NULL)
-                                goto out_unlock;
-                        if(n == pollfds_size)
-                                break;
-                        kfree(tmp_pfd);
-                }
-                if(pollfds != NULL){
-                        memcpy(tmp_pfd, pollfds,
-                               sizeof(pollfds[0]) * pollfds_size);
-                        kfree(pollfds);
-                }
-                pollfds = tmp_pfd;
-                pollfds_size++;
-        }
-        if(type == IRQ_WRITE) 
-                fd = -1;
-        pollfds[pollfds_num] = ((struct pollfd) { .fd   = fd,
-                                                  .events       = events,
-                                                  .revents      = 0 });
-        pollfds_num++;
-        *last_irq_ptr = new_fd;
-        last_irq_ptr = &new_fd->next;
-        irq_unlock(flags);
-        /* This calls activate_fd, so it has to be outside the critical
-         * section.
-         */
-        maybe_sigio_broken(fd, type);
-        return(0);
- out_unlock:
-        irq_unlock(flags);
-        kfree(new_fd);
- out:
-        return(err);
-}
-static void free_irq_by_cb(int (*test)(struct irq_fd *, void *), void *arg)
-{
-        struct irq_fd **prev;
-        unsigned long flags;
-        int i = 0;
-        flags = irq_lock();
-        prev = &active_fds;
-        while(*prev != NULL){
-                if((*test)(*prev, arg)){
-                        struct irq_fd *old_fd = *prev;
-                        if((pollfds[i].fd != -1) && 
-                           (pollfds[i].fd != (*prev)->fd)){
-                                printk("free_irq_by_cb - mismatch between "
-                                       "active_fds and pollfds, fd %d vs %d\n",
-                                       (*prev)->fd, pollfds[i].fd);
-                                goto out;
-                        }
-                        pollfds_num--;
-                        /* This moves the *whole* array after pollfds[i] (though
-                         * it doesn't spot as such)! */
-                        memmove(&pollfds[i], &pollfds[i + 1],
-                               (pollfds_num - i) * sizeof(pollfds[0]));
-                        if(last_irq_ptr == &old_fd->next) 
-                                last_irq_ptr = prev;
-                        *prev = (*prev)->next;
-                        if(old_fd->type == IRQ_WRITE) 
-                                ignore_sigio_fd(old_fd->fd);
-                        kfree(old_fd);
-                        continue;
-                }
-                prev = &(*prev)->next;
-                i++;
-        }
- out:
-        irq_unlock(flags);
-}
-struct irq_and_dev {
-        int irq;
-        void *dev;
-};
-static int same_irq_and_dev(struct irq_fd *irq, void *d)
-{
-        struct irq_and_dev *data = d;
-        return((irq->irq == data->irq) && (irq->id == data->dev));
-}
-void free_irq_by_irq_and_dev(unsigned int irq, void *dev)
-{
-        struct irq_and_dev data = ((struct irq_and_dev) { .irq  = irq,
-                                                          .dev  = dev });
-        free_irq_by_cb(same_irq_and_dev, &data);
-}
-static int same_fd(struct irq_fd *irq, void *fd)
-{
-        return(irq->fd == *((int *) fd));
-}
-void free_irq_by_fd(int fd)
-{
-        free_irq_by_cb(same_fd, &fd);
-}
-static struct irq_fd *find_irq_by_fd(int fd, int irqnum, int *index_out)
-{
-        struct irq_fd *irq;
-        int i = 0;
-        for(irq=active_fds; irq != NULL; irq = irq->next){
-                if((irq->fd == fd) && (irq->irq == irqnum)) break;
-                i++;
-        }
-        if(irq == NULL){
-                printk("find_irq_by_fd doesn't have descriptor %d\n", fd);
-                goto out;
-        }
-        if((pollfds[i].fd != -1) && (pollfds[i].fd != fd)){
-                printk("find_irq_by_fd - mismatch between active_fds and "
-                       "pollfds, fd %d vs %d, need %d\n", irq->fd, 
-                       pollfds[i].fd, fd);
-                irq = NULL;
-                goto out;
-        }
-        *index_out = i;
- out:
-        return(irq);
-}
-void reactivate_fd(int fd, int irqnum)
-{
-        struct irq_fd *irq;
-        unsigned long flags;
-        int i;
-        flags = irq_lock();
-        irq = find_irq_by_fd(fd, irqnum, &i);
-        if(irq == NULL){
-                irq_unlock(flags);
-                return;
-        }
-        pollfds[i].fd = irq->fd;
-        irq_unlock(flags);
-        /* This calls activate_fd, so it has to be outside the critical
-         * section.
-         */
-        maybe_sigio_broken(fd, irq->type);
-}
-void deactivate_fd(int fd, int irqnum)
-{
-        struct irq_fd *irq;
-        unsigned long flags;
-        int i;
-        flags = irq_lock();
-        irq = find_irq_by_fd(fd, irqnum, &i);
-        if(irq == NULL)
-                goto out;
-        pollfds[i].fd = -1;
- out:
-        irq_unlock(flags);
-}
-int deactivate_all_fds(void)
-{
-        struct irq_fd *irq;
-        int err;
-        for(irq=active_fds;irq != NULL;irq = irq->next){
-                err = os_clear_fd_async(irq->fd);
-                if(err)
-                        return(err);
-        }
-        /* If there is a signal already queued, after unblocking ignore it */
-        set_handler(SIGIO, SIG_IGN, 0, -1);
-        return(0);
-}
-void forward_ipi(int fd, int pid)
-{
-        int err;
-        err = os_set_owner(fd, pid);
-        if(err < 0)
-                printk("forward_ipi: set_owner failed, fd = %d, me = %d, "
-                       "target = %d, err = %d\n", fd, os_getpid(), pid, -err);
-}
-void forward_interrupts(int pid)
-{
-        struct irq_fd *irq;
-        unsigned long flags;
-        int err;
-        flags = irq_lock();
-        for(irq=active_fds;irq != NULL;irq = irq->next){
-                err = os_set_owner(irq->fd, pid);
-                if(err < 0){
-                        /* XXX Just remove the irq rather than
-                         * print out an infinite stream of these
-                         */
-                        printk("Failed to forward %d to pid %d, err = %d\n",
-                               irq->fd, pid, -err);
-                }
-                irq->pid = pid;
-        }
-        irq_unlock(flags);
-}
-void init_irq_signals(int on_sigstack)
-{
-        __sighandler_t h;
-        int flags;
-        flags = on_sigstack ? SA_ONSTACK : 0;
-        if(timer_irq_inited) h = (__sighandler_t) alarm_handler;
-        else h = boot_timer_handler;
-        set_handler(SIGVTALRM, h, flags | SA_RESTART, 
-                    SIGUSR1, SIGIO, SIGWINCH, SIGALRM, -1);
-        set_handler(SIGIO, (__sighandler_t) sig_handler, flags | SA_RESTART,
-                    SIGUSR1, SIGIO, SIGWINCH, SIGALRM, SIGVTALRM, -1);
-        signal(SIGWINCH, SIG_IGN);
-}
-/*
- * Overrides for Emacs so that we follow Linus's tabbing style.
- * Emacs will notice this stuff at the end of the file and automatically
- * adjust the settings for this buffer only.  This must remain at the end
- * of the file.
- * ---------------------------------------------------------------------------
- * Local variables:
- * c-file-style: "linux"
- * End:
- */
diff --git a/arch/um/kernel/mem.c b/arch/um/kernel/mem.c
index fa4f915be5c5..44e41a35f000 100644
--- a/arch/um/kernel/mem.c
+++ b/arch/um/kernel/mem.c
@@ -30,7 +30,7 @@ extern char __binary_start;
 unsigned long *empty_zero_page = NULL;
 unsigned long *empty_bad_page = NULL;
 pgd_t swapper_pg_dir[PTRS_PER_PGD];
-unsigned long highmem;
+unsigned long long highmem;
 int kmalloc_ok = 0;
 static unsigned long brk_end;
@@ -57,7 +57,7 @@ static void setup_highmem(unsigned long highmem_start,
        for(i = 0; i < highmem_len >> PAGE_SHIFT; i++){
                page = &mem_map[highmem_pfn + i];
                ClearPageReserved(page);
-                set_page_count(page, 1);
+                init_page_count(page);
                __free_page(page);
        }
 }
@@ -296,7 +296,7 @@ void free_initrd_mem(unsigned long start, unsigned long end)
                        (end - start) >> 10);
        for (; start < end; start += PAGE_SIZE) {
                ClearPageReserved(virt_to_page(start));
-                set_page_count(virt_to_page(start), 1);
+                init_page_count(virt_to_page(start));
                free_page(start);
                totalram_pages++;
        }
diff --git a/arch/um/kernel/physmem.c b/arch/um/kernel/physmem.c
index 544665e04513..0500800df1c1 100644
--- a/arch/um/kernel/physmem.c
+++ b/arch/um/kernel/physmem.c
@@ -9,6 +9,7 @@
 #include "linux/vmalloc.h"
 #include "linux/bootmem.h"
 #include "linux/module.h"
+#include "linux/pfn.h"
 #include "asm/types.h"
 #include "asm/pgtable.h"
 #include "kern_util.h"
@@ -279,7 +280,7 @@ int init_maps(unsigned long physmem, unsigned long iomem, unsigned long highmem)
        for(i = 0; i < total_pages; i++){
                p = &map[i];
-                set_page_count(p, 0);
+                memset(p, 0, sizeof(struct page));
                SetPageReserved(p);
                INIT_LIST_HEAD(&p->lru);
        }
@@ -316,8 +317,6 @@ void map_memory(unsigned long virt, unsigned long phys, unsigned long len,
        }
 }
-#define PFN_UP(x) (((x) + PAGE_SIZE-1) >> PAGE_SHIFT)
 extern int __syscall_stub_start, __binary_start;
 void setup_physmem(unsigned long start, unsigned long reserve_end,
diff --git a/arch/um/kernel/process_kern.c b/arch/um/kernel/process_kern.c
index 3113cab8675e..f6a5a502120b 100644
--- a/arch/um/kernel/process_kern.c
+++ b/arch/um/kernel/process_kern.c
@@ -156,9 +156,25 @@ int copy_thread(int nr, unsigned long clone_flags, unsigned long sp,
                unsigned long stack_top, struct task_struct * p, 
                struct pt_regs *regs)
 {
+        int ret;
        p->thread = (struct thread_struct) INIT_THREAD;
-        return(CHOOSE_MODE_PROC(copy_thread_tt, copy_thread_skas, nr, 
+        ret = CHOOSE_MODE_PROC(copy_thread_tt, copy_thread_skas, nr,
-                                clone_flags, sp, stack_top, p, regs));
+                                clone_flags, sp, stack_top, p, regs);
+        if (ret || !current->thread.forking)
+                goto out;
+        clear_flushed_tls(p);
+        /*
+         * Set a new TLS for the child thread?
+         */
+        if (clone_flags & CLONE_SETTLS)
+                ret = arch_copy_tls(p);
+out:
+        return ret;
 }
 void initial_thread_cb(void (*proc)(void *), void *arg)
@@ -185,10 +201,6 @@ void default_idle(void)
 {
        CHOOSE_MODE(uml_idle_timer(), (void) 0);
-        atomic_inc(&init_mm.mm_count);
-        current->mm = &init_mm;
-        current->active_mm = &init_mm;
        while(1){
                /* endless idle loop with no priority at all */
@@ -407,7 +419,7 @@ static int proc_read_sysemu(char *buf, char **start, off_t offset, int size,int
        return strlen(buf);
 }
-static int proc_write_sysemu(struct file *file,const char *buf, unsigned long count,void *data)
+static int proc_write_sysemu(struct file *file,const char __user *buf, unsigned long count,void *data)
 {
        char tmp[2];
diff --git a/arch/um/kernel/ptrace.c b/arch/um/kernel/ptrace.c
index 98e09395c093..60d2eda995c1 100644
--- a/arch/um/kernel/ptrace.c
+++ b/arch/um/kernel/ptrace.c
@@ -46,6 +46,7 @@ extern int poke_user(struct task_struct * child, long addr, long data);
 long arch_ptrace(struct task_struct *child, long request, long addr, long data)
 {
        int i, ret;
+        unsigned long __user *p = (void __user *)(unsigned long)data;
        switch (request) {
                /* when I and D space are separate, these will need to be fixed. */
@@ -58,7 +59,7 @@ long arch_ptrace(struct task_struct *child, long request, long addr, long data)
                copied = access_process_vm(child, addr, &tmp, sizeof(tmp), 0);
                if (copied != sizeof(tmp))
                        break;
-                ret = put_user(tmp, (unsigned long __user *) data);
+                ret = put_user(tmp, p);
                break;
        }
@@ -136,15 +137,13 @@ long arch_ptrace(struct task_struct *child, long request, long addr, long data)
 #ifdef PTRACE_GETREGS
        case PTRACE_GETREGS: { /* Get all gp regs from the child. */
-                if (!access_ok(VERIFY_WRITE, (unsigned long *)data, 
+                if (!access_ok(VERIFY_WRITE, p, MAX_REG_OFFSET)) {
-                               MAX_REG_OFFSET)) {
                        ret = -EIO;
                        break;
                }
                for ( i = 0; i < MAX_REG_OFFSET; i += sizeof(long) ) {
-                        __put_user(getreg(child, i),
+                        __put_user(getreg(child, i), p);
-                                   (unsigned long __user *) data);
+                        p++;
-                        data += sizeof(long);
                }
                ret = 0;
                break;
@@ -153,15 +152,14 @@ long arch_ptrace(struct task_struct *child, long request, long addr, long data)
 #ifdef PTRACE_SETREGS
        case PTRACE_SETREGS: { /* Set all gp regs in the child. */
                unsigned long tmp = 0;
-                if (!access_ok(VERIFY_READ, (unsigned *)data, 
+                if (!access_ok(VERIFY_READ, p, MAX_REG_OFFSET)) {
-                               MAX_REG_OFFSET)) {
                        ret = -EIO;
                        break;
                }
                for ( i = 0; i < MAX_REG_OFFSET; i += sizeof(long) ) {
-                        __get_user(tmp, (unsigned long __user *) data);
+                        __get_user(tmp, p);
                        putreg(child, i, tmp);
-                        data += sizeof(long);
+                        p++;
                }
                ret = 0;
                break;
@@ -187,14 +185,23 @@ long arch_ptrace(struct task_struct *child, long request, long addr, long data)
                ret = set_fpxregs(data, child);
                break;
 #endif
+        case PTRACE_GET_THREAD_AREA:
+                ret = ptrace_get_thread_area(child, addr,
+                                             (struct user_desc __user *) data);
+                break;
+        case PTRACE_SET_THREAD_AREA:
+                ret = ptrace_set_thread_area(child, addr,
+                                             (struct user_desc __user *) data);
+                break;
        case PTRACE_FAULTINFO: {
-                /* Take the info from thread->arch->faultinfo,
+                /* Take the info from thread->arch->faultinfo,
-                 * but transfer max. sizeof(struct ptrace_faultinfo).
+                 * but transfer max. sizeof(struct ptrace_faultinfo).
-                 * On i386, ptrace_faultinfo is smaller!
+                 * On i386, ptrace_faultinfo is smaller!
-                 */
+                 */
-                ret = copy_to_user((unsigned long __user *) data,
+                ret = copy_to_user(p, &child->thread.arch.faultinfo,
-                                   &child->thread.arch.faultinfo,
+                                   sizeof(struct ptrace_faultinfo));
-                                   sizeof(struct ptrace_faultinfo));
                if(ret)
                        break;
                break;
@@ -204,8 +211,7 @@ long arch_ptrace(struct task_struct *child, long request, long addr, long data)
        case PTRACE_LDT: {
                struct ptrace_ldt ldt;
-                if(copy_from_user(&ldt, (unsigned long __user *) data,
+                if(copy_from_user(&ldt, p, sizeof(ldt))){
-                                  sizeof(ldt))){
                        ret = -EIO;
                        break;
                }
diff --git a/arch/um/kernel/sigio_kern.c b/arch/um/kernel/sigio_kern.c
index 229988463c4c..1c1300fb1e95 100644
--- a/arch/um/kernel/sigio_kern.c
+++ b/arch/um/kernel/sigio_kern.c
@@ -1,4 +1,4 @@
-/* 
+/*
 * Copyright (C) 2002 - 2003 Jeff Dike (jdike@addtoit.com)
 * Licensed under the GPL
 */
@@ -12,13 +12,16 @@
 #include "sigio.h"
 #include "irq_user.h"
 #include "irq_kern.h"
+#include "os.h"
 /* Protected by sigio_lock() called from write_sigio_workaround */
 static int sigio_irq_fd = -1;
 static irqreturn_t sigio_interrupt(int irq, void *data, struct pt_regs *unused)
 {
-        read_sigio_fd(sigio_irq_fd);
+        char c;
+        os_read_file(sigio_irq_fd, &c, sizeof(c));
        reactivate_fd(sigio_irq_fd, SIGIO_WRITE_IRQ);
        return(IRQ_HANDLED);
 }
@@ -51,6 +54,9 @@ void sigio_unlock(void)
        spin_unlock(&sigio_spinlock);
 }
+extern void sigio_cleanup(void);
+__uml_exitcall(sigio_cleanup);
 /*
 * Overrides for Emacs so that we follow Linus's tabbing style.
 * Emacs will notice this stuff at the end of the file and automatically
diff --git a/arch/um/kernel/skas/process_kern.c b/arch/um/kernel/skas/process_kern.c
index 3f70a2e12f06..2135eaf98a93 100644
--- a/arch/um/kernel/skas/process_kern.c
+++ b/arch/um/kernel/skas/process_kern.c
@@ -35,6 +35,8 @@ void switch_to_skas(void *prev, void *next)
        switch_threads(&from->thread.mode.skas.switch_buf,
                       to->thread.mode.skas.switch_buf);
+        arch_switch_to_skas(current->thread.prev_sched, current);
        if(current->pid == 0)
                switch_timers(1);
 }
@@ -89,10 +91,17 @@ void fork_handler(int sig)
                panic("blech");
        schedule_tail(current->thread.prev_sched);
+        /* XXX: if interrupt_end() calls schedule, this call to
+         * arch_switch_to_skas isn't needed. We could want to apply this to
+         * improve performance. -bb */
+        arch_switch_to_skas(current->thread.prev_sched, current);
        current->thread.prev_sched = NULL;
 /* Handle any immediate reschedules or signals */
        interrupt_end();
        userspace(&current->thread.regs.regs);
 }
@@ -109,6 +118,8 @@ int copy_thread_skas(int nr, unsigned long clone_flags, unsigned long sp,
                if(sp != 0) REGS_SP(p->thread.regs.regs.skas.regs) = sp;
                handler = fork_handler;
+                arch_copy_thread(&current->thread.arch, &p->thread.arch);
        }
        else {
                init_thread_registers(&p->thread.regs.regs);
diff --git a/arch/um/kernel/smp.c b/arch/um/kernel/smp.c
index 72113b0a96e7..511116aebaf7 100644
--- a/arch/um/kernel/smp.c
+++ b/arch/um/kernel/smp.c
@@ -1,4 +1,4 @@
-/* 
+/*
 * Copyright (C) 2000 - 2003 Jeff Dike (jdike@addtoit.com)
 * Licensed under the GPL
 */
@@ -77,9 +77,9 @@ static int idle_proc(void *cpup)
        if(err < 0)
                panic("CPU#%d failed to create IPI pipe, err = %d", cpu, -err);
-        activate_ipi(cpu_data[cpu].ipi_pipe[0], 
+        os_set_fd_async(cpu_data[cpu].ipi_pipe[0],
                     current->thread.mode.tt.extern_pid);
- 
        wmb();
        if (cpu_test_and_set(cpu, cpu_callin_map)) {
                printk("huh, CPU#%d already present??\n", cpu);
@@ -106,7 +106,7 @@ static struct task_struct *idle_thread(int cpu)
                panic("copy_process failed in idle_thread, error = %ld",
                      PTR_ERR(new_task));
-        cpu_tasks[cpu] = ((struct cpu_task) 
+        cpu_tasks[cpu] = ((struct cpu_task)
                          { .pid =      new_task->thread.mode.tt.extern_pid,
                            .task =     new_task } );
        idle_threads[cpu] = new_task;
@@ -134,16 +134,15 @@ void smp_prepare_cpus(unsigned int maxcpus)
        if(err < 0)
                panic("CPU#0 failed to create IPI pipe, errno = %d", -err);
-        activate_ipi(cpu_data[me].ipi_pipe[0],
+        os_set_fd_async(cpu_data[me].ipi_pipe[0],
                     current->thread.mode.tt.extern_pid);
        for(cpu = 1; cpu < ncpus; cpu++){
                printk("Booting processor %d...\n", cpu);
-                
                idle = idle_thread(cpu);
                init_idle(idle, cpu);
-                unhash_process(idle);
                waittime = 200000000;
                while (waittime-- && !cpu_isset(cpu, cpu_callin_map))
@@ -223,7 +222,7 @@ void smp_call_function_slave(int cpu)
        atomic_inc(&scf_finished);
 }
-int smp_call_function(void (*_func)(void *info), void *_info, int nonatomic, 
+int smp_call_function(void (*_func)(void *info), void *_info, int nonatomic,
                      int wait)
 {
        int cpus = num_online_cpus() - 1;
diff --git a/arch/um/kernel/syscall_kern.c b/arch/um/kernel/syscall_kern.c
index 8e1a3501ff46..37d3978337d8 100644
--- a/arch/um/kernel/syscall_kern.c
+++ b/arch/um/kernel/syscall_kern.c
@@ -104,7 +104,7 @@ long sys_pipe(unsigned long __user * fildes)
 }
-long sys_uname(struct old_utsname * name)
+long sys_uname(struct old_utsname __user * name)
 {
        long err;
        if (!name)
@@ -115,7 +115,7 @@ long sys_uname(struct old_utsname * name)
        return err?-EFAULT:0;
 }
-long sys_olduname(struct oldold_utsname * name)
+long sys_olduname(struct oldold_utsname __user * name)
 {
        long error;
diff --git a/arch/um/kernel/trap_kern.c b/arch/um/kernel/trap_kern.c
index d56046c2aba2..02f6d4d8dc3a 100644
--- a/arch/um/kernel/trap_kern.c
+++ b/arch/um/kernel/trap_kern.c
@@ -198,7 +198,7 @@ unsigned long segv(struct faultinfo fi, unsigned long ip, int is_user, void *sc)
                si.si_signo = SIGBUS;
                si.si_errno = 0;
                si.si_code = BUS_ADRERR;
-                si.si_addr = (void *)address;
+                si.si_addr = (void __user *)address;
                current->thread.arch.faultinfo = fi;
                force_sig_info(SIGBUS, &si, current);
        } else if (err == -ENOMEM) {
@@ -207,7 +207,7 @@ unsigned long segv(struct faultinfo fi, unsigned long ip, int is_user, void *sc)
        } else {
                BUG_ON(err != -EFAULT);
                si.si_signo = SIGSEGV;
-                si.si_addr = (void *) address;
+                si.si_addr = (void __user *) address;
                current->thread.arch.faultinfo = fi;
                force_sig_info(SIGSEGV, &si, current);
        }
@@ -220,8 +220,8 @@ void bad_segv(struct faultinfo fi, unsigned long ip)
        si.si_signo = SIGSEGV;
        si.si_code = SEGV_ACCERR;
-        si.si_addr = (void *) FAULT_ADDRESS(fi);
+        si.si_addr = (void __user *) FAULT_ADDRESS(fi);
-        current->thread.arch.faultinfo = fi;
+        current->thread.arch.faultinfo = fi;
        force_sig_info(SIGSEGV, &si, current);
 }
diff --git a/arch/um/kernel/tt/process_kern.c b/arch/um/kernel/tt/process_kern.c
index 295c1ac817b3..a9c1443fc548 100644
--- a/arch/um/kernel/tt/process_kern.c
+++ b/arch/um/kernel/tt/process_kern.c
@@ -51,6 +51,13 @@ void switch_to_tt(void *prev, void *next)
        c = 0;
+        /* Notice that here we "up" the semaphore on which "to" is waiting, and
+         * below (the read) we wait on this semaphore (which is implemented by
+         * switch_pipe) and go sleeping. Thus, after that, we have resumed in
+         * "to", and can't use any more the value of "from" (which is outdated),
+         * nor the value in "to" (since it was the task which stole us the CPU,
+         * which we don't care about). */
        err = os_write_file(to->thread.mode.tt.switch_pipe[1], &c, sizeof(c));
        if(err != sizeof(c))
                panic("write of switch_pipe failed, err = %d", -err);
@@ -77,7 +84,7 @@ void switch_to_tt(void *prev, void *next)
        change_sig(SIGALRM, alrm);
        change_sig(SIGPROF, prof);
-        arch_switch();
+        arch_switch_to_tt(prev_sched, current);
        flush_tlb_all();
        local_irq_restore(flags);
@@ -141,7 +148,6 @@ static void new_thread_handler(int sig)
        set_cmdline("(kernel thread)");
        change_sig(SIGUSR1, 1);
-        change_sig(SIGVTALRM, 1);
        change_sig(SIGPROF, 1);
        local_irq_enable();
        if(!run_kernel_thread(fn, arg, &current->thread.exec_buf))
diff --git a/arch/um/kernel/um_arch.c b/arch/um/kernel/um_arch.c
index 27cdf9164422..7d51dd7201c3 100644
--- a/arch/um/kernel/um_arch.c
+++ b/arch/um/kernel/um_arch.c
@@ -421,7 +421,7 @@ int linux_main(int argc, char **argv)
 #ifndef CONFIG_HIGHMEM
                highmem = 0;
                printf("CONFIG_HIGHMEM not enabled - physical memory shrunk "
-                       "to %lu bytes\n", physmem_size);
+                       "to %Lu bytes\n", physmem_size);
 #endif
        }
@@ -433,8 +433,8 @@ int linux_main(int argc, char **argv)
        setup_physmem(uml_physmem, uml_reserved, physmem_size, highmem);
        if(init_maps(physmem_size, iomem_size, highmem)){
-                printf("Failed to allocate mem_map for %lu bytes of physical "
+                printf("Failed to allocate mem_map for %Lu bytes of physical "
-                       "memory and %lu bytes of highmem\n", physmem_size,
+                       "memory and %Lu bytes of highmem\n", physmem_size,
                       highmem);
                exit(1);
        }
@@ -477,7 +477,8 @@ static struct notifier_block panic_exit_notifier = {
 void __init setup_arch(char **cmdline_p)
 {
-        notifier_chain_register(&panic_notifier_list, &panic_exit_notifier);
+        atomic_notifier_chain_register(&panic_notifier_list,
+                        &panic_exit_notifier);
        paging_init();
        strlcpy(saved_command_line, command_line, COMMAND_LINE_SIZE);
        *cmdline_p = command_line;
@@ -487,10 +488,19 @@ void __init setup_arch(char **cmdline_p)
 void __init check_bugs(void)
 {
        arch_check_bugs();
-        check_sigio();
+        os_check_bugs();
-        check_devanon();
 }
-void apply_alternatives(void *start, void *end)
+void apply_alternatives(struct alt_instr *start, struct alt_instr *end)
+{
+}
+void alternatives_smp_module_add(struct module *mod, char *name,
+                                 void *locks, void *locks_end,
+                                 void *text,  void *text_end)
+{
+}
+void alternatives_smp_module_del(struct module *mod)
 {
 }
diff --git a/arch/um/os-Linux/Makefile b/arch/um/os-Linux/Makefile
index 08a4e628b24c..f4bfc4c7ccac 100644
--- a/arch/um/os-Linux/Makefile
+++ b/arch/um/os-Linux/Makefile
@@ -3,17 +3,17 @@
 # Licensed under the GPL
 #
-obj-y = aio.o elf_aux.o file.o helper.o main.o mem.o process.o signal.o \
+obj-y = aio.o elf_aux.o file.o helper.o irq.o main.o mem.o process.o sigio.o \
-        start_up.o time.o trap.o tt.o tty.o uaccess.o umid.o user_syms.o \
+        signal.o start_up.o time.o trap.o tt.o tty.o uaccess.o umid.o tls.o \
-        util.o drivers/ sys-$(SUBARCH)/
+        user_syms.o util.o drivers/ sys-$(SUBARCH)/
 obj-$(CONFIG_MODE_SKAS) += skas/
+obj-$(CONFIG_TTY_LOG) += tty_log.o
+user-objs-$(CONFIG_TTY_LOG) += tty_log.o
-USER_OBJS := aio.o elf_aux.o file.o helper.o main.o mem.o process.o signal.o \
+USER_OBJS := $(user-objs-y) aio.o elf_aux.o file.o helper.o irq.o main.o mem.o \
-        start_up.o time.o trap.o tt.o tty.o uaccess.o umid.o util.o
+        process.o sigio.o signal.o start_up.o time.o trap.o tt.o tty.o tls.o \
+        uaccess.o umid.o util.o
-elf_aux.o: $(ARCH_DIR)/kernel-offsets.h
-CFLAGS_elf_aux.o += -I$(objtree)/arch/um
 CFLAGS_user_syms.o += -DSUBARCH_$(SUBARCH)
diff --git a/arch/um/os-Linux/drivers/ethertap_kern.c b/arch/um/os-Linux/drivers/ethertap_kern.c
index 6ae4b19d9f50..768606bec233 100644
--- a/arch/um/os-Linux/drivers/ethertap_kern.c
+++ b/arch/um/os-Linux/drivers/ethertap_kern.c
@@ -102,18 +102,7 @@ static struct transport ethertap_transport = {
 static int register_ethertap(void)
 {
        register_transport(&ethertap_transport);
-        return(1);
+        return 0;
 }
 __initcall(register_ethertap);
-/*
- * Overrides for Emacs so that we follow Linus's tabbing style.
- * Emacs will notice this stuff at the end of the file and automatically
- * adjust the settings for this buffer only.  This must remain at the end
- * of the file.
- * ---------------------------------------------------------------------------
- * Local variables:
- * c-file-style: "linux"
- * End:
- */
diff --git a/arch/um/os-Linux/drivers/tuntap_kern.c b/arch/um/os-Linux/drivers/tuntap_kern.c
index 4202b9ebad4c..190009a6f89c 100644
--- a/arch/um/os-Linux/drivers/tuntap_kern.c
+++ b/arch/um/os-Linux/drivers/tuntap_kern.c
@@ -87,18 +87,7 @@ static struct transport tuntap_transport = {
 static int register_tuntap(void)
 {
        register_transport(&tuntap_transport);
-        return(1);
+        return 0;
 }
 __initcall(register_tuntap);
-/*
- * Overrides for Emacs so that we follow Linus's tabbing style.
- * Emacs will notice this stuff at the end of the file and automatically
- * adjust the settings for this buffer only.  This must remain at the end
- * of the file.
- * ---------------------------------------------------------------------------
- * Local variables:
- * c-file-style: "linux"
- * End:
- */
diff --git a/arch/um/os-Linux/irq.c b/arch/um/os-Linux/irq.c
new file mode 100644
index 000000000000..e599be423da1
--- /dev/null
+++ b/arch/um/os-Linux/irq.c
@@ -0,0 +1,162 @@
+/*
+ * Copyright (C) 2000, 2001, 2002 Jeff Dike (jdike@karaya.com)
+ * Licensed under the GPL
+ */
+#include <stdlib.h>
+#include <unistd.h>
+#include <errno.h>
+#include <signal.h>
+#include <string.h>
+#include <sys/poll.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include "user_util.h"
+#include "kern_util.h"
+#include "user.h"
+#include "process.h"
+#include "sigio.h"
+#include "irq_user.h"
+#include "os.h"
+static struct pollfd *pollfds = NULL;
+static int pollfds_num = 0;
+static int pollfds_size = 0;
+int os_waiting_for_events(struct irq_fd *active_fds)
+{
+        struct irq_fd *irq_fd;
+        int i, n, err;
+        n = poll(pollfds, pollfds_num, 0);
+        if(n < 0){
+                err = -errno;
+                if(errno != EINTR)
+                        printk("sigio_handler: os_waiting_for_events:"
+                               " poll returned %d, errno = %d\n", n, errno);
+                return err;
+        }
+        if(n == 0)
+                return 0;
+        irq_fd = active_fds;
+        for(i = 0; i < pollfds_num; i++){
+                if(pollfds[i].revents != 0){
+                        irq_fd->current_events = pollfds[i].revents;
+                        pollfds[i].fd = -1;
+                }
+                irq_fd = irq_fd->next;
+        }
+        return n;
+}
+int os_isatty(int fd)
+{
+        return(isatty(fd));
+}
+int os_create_pollfd(int fd, int events, void *tmp_pfd, int size_tmpfds)
+{
+        if (pollfds_num == pollfds_size) {
+                if (size_tmpfds <= pollfds_size * sizeof(pollfds[0])) {
+                        /* return min size needed for new pollfds area */
+                        return((pollfds_size + 1) * sizeof(pollfds[0]));
+                }
+                if(pollfds != NULL){
+                        memcpy(tmp_pfd, pollfds,
+                               sizeof(pollfds[0]) * pollfds_size);
+                        /* remove old pollfds */
+                        kfree(pollfds);
+                }
+                pollfds = tmp_pfd;
+                pollfds_size++;
+        } else {
+                /* remove not used tmp_pfd */
+                if (tmp_pfd != NULL)
+                        kfree(tmp_pfd);
+        }
+        pollfds[pollfds_num] = ((struct pollfd) { .fd   = fd,
+                                                  .events       = events,
+                                                  .revents      = 0 });
+        pollfds_num++;
+        return(0);
+}
+void os_free_irq_by_cb(int (*test)(struct irq_fd *, void *), void *arg,
+                struct irq_fd *active_fds, struct irq_fd ***last_irq_ptr2)
+{
+        struct irq_fd **prev;
+        int i = 0;
+        prev = &active_fds;
+        while(*prev != NULL){
+                if((*test)(*prev, arg)){
+                        struct irq_fd *old_fd = *prev;
+                        if((pollfds[i].fd != -1) &&
+                           (pollfds[i].fd != (*prev)->fd)){
+                                printk("os_free_irq_by_cb - mismatch between "
+                                       "active_fds and pollfds, fd %d vs %d\n",
+                                       (*prev)->fd, pollfds[i].fd);
+                                goto out;
+                        }
+                        pollfds_num--;
+                        /* This moves the *whole* array after pollfds[i]
+                         * (though it doesn't spot as such)!
+                         */
+                        memmove(&pollfds[i], &pollfds[i + 1],
+                               (pollfds_num - i) * sizeof(pollfds[0]));
+                        if(*last_irq_ptr2 == &old_fd->next)
+                                *last_irq_ptr2 = prev;
+                        *prev = (*prev)->next;
+                        if(old_fd->type == IRQ_WRITE)
+                                ignore_sigio_fd(old_fd->fd);
+                        kfree(old_fd);
+                        continue;
+                }
+                prev = &(*prev)->next;
+                i++;
+        }
+ out:
+        return;
+}
+int os_get_pollfd(int i)
+{
+        return(pollfds[i].fd);
+}
+void os_set_pollfd(int i, int fd)
+{
+        pollfds[i].fd = fd;
+}
+void os_set_ioignore(void)
+{
+        set_handler(SIGIO, SIG_IGN, 0, -1);
+}
+void init_irq_signals(int on_sigstack)
+{
+        __sighandler_t h;
+        int flags;
+        flags = on_sigstack ? SA_ONSTACK : 0;
+        if(timer_irq_inited) h = (__sighandler_t) alarm_handler;
+        else h = boot_timer_handler;
+        set_handler(SIGVTALRM, h, flags | SA_RESTART,
+                    SIGUSR1, SIGIO, SIGWINCH, SIGALRM, -1);
+        set_handler(SIGIO, (__sighandler_t) sig_handler, flags | SA_RESTART,
+                    SIGUSR1, SIGIO, SIGWINCH, SIGALRM, SIGVTALRM, -1);
+        signal(SIGWINCH, SIG_IGN);
+}
diff --git a/arch/um/os-Linux/mem.c b/arch/um/os-Linux/mem.c
index 9d7d69a523bb..6ab372da9657 100644
--- a/arch/um/os-Linux/mem.c
+++ b/arch/um/os-Linux/mem.c
@@ -121,36 +121,11 @@ int create_tmp_file(unsigned long long len)
        return(fd);
 }
-static int create_anon_file(unsigned long long len)
-{
-        void *addr;
-        int fd;
-        fd = open("/dev/anon", O_RDWR);
-        if(fd < 0) {
-                perror("opening /dev/anon");
-                exit(1);
-        }
-        addr = mmap(NULL, len, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
-        if(addr == MAP_FAILED){
-                perror("mapping physmem file");
-                exit(1);
-        }
-        munmap(addr, len);
-        return(fd);
-}
-extern int have_devanon;
 int create_mem_file(unsigned long long len)
 {
        int err, fd;
-        if(have_devanon)
+        fd = create_tmp_file(len);
-                fd = create_anon_file(len);
-        else fd = create_tmp_file(len);
        err = os_set_exec_close(fd, 1);
        if(err < 0){
diff --git a/arch/um/os-Linux/process.c b/arch/um/os-Linux/process.c
index d261888f39c4..8176b0b52047 100644
--- a/arch/um/os-Linux/process.c
+++ b/arch/um/os-Linux/process.c
@@ -11,6 +11,7 @@
 #include <linux/unistd.h>
 #include <sys/mman.h>
 #include <sys/wait.h>
+#include <sys/mman.h>
 #include "ptrace_user.h"
 #include "os.h"
 #include "user.h"
@@ -20,6 +21,7 @@
 #include "kern_util.h"
 #include "longjmp.h"
 #include "skas_ptrace.h"
+#include "kern_constants.h"
 #define ARBITRARY_ADDR -1
 #define FAILURE_PID    -1
@@ -187,6 +189,48 @@ int os_unmap_memory(void *addr, int len)
        return(0);
 }
+#ifndef MADV_REMOVE
+#define MADV_REMOVE     0x5             /* remove these pages & resources */
+#endif
+int os_drop_memory(void *addr, int length)
+{
+        int err;
+        err = madvise(addr, length, MADV_REMOVE);
+        if(err < 0)
+                err = -errno;
+        return err;
+}
+int can_drop_memory(void)
+{
+        void *addr;
+        int fd;
+        printk("Checking host MADV_REMOVE support...");
+        fd = create_mem_file(UM_KERN_PAGE_SIZE);
+        if(fd < 0){
+                printk("Creating test memory file failed, err = %d\n", -fd);
+                return 0;
+        }
+        addr = mmap64(NULL, UM_KERN_PAGE_SIZE, PROT_READ | PROT_WRITE,
+                      MAP_PRIVATE, fd, 0);
+        if(addr == MAP_FAILED){
+                printk("Mapping test memory file failed, err = %d\n", -errno);
+                return 0;
+        }
+        if(madvise(addr, UM_KERN_PAGE_SIZE, MADV_REMOVE) != 0){
+                printk("MADV_REMOVE failed, err = %d\n", -errno);
+                return 0;
+        }
+        printk("OK\n");
+        return 1;
+}
 void init_new_thread_stack(void *sig_stack, void (*usr1_handler)(int))
 {
        int flags = 0, pages;
diff --git a/arch/um/kernel/sigio_user.c b/arch/um/os-Linux/sigio.c
index f7b18e157d35..9ba942947146 100644
--- a/arch/um/kernel/sigio_user.c
+++ b/arch/um/os-Linux/sigio.c
@@ -1,4 +1,4 @@
-/* 
+/*
 * Copyright (C) 2002 Jeff Dike (jdike@karaya.com)
 * Licensed under the GPL
 */
@@ -20,128 +20,7 @@
 #include "sigio.h"
 #include "os.h"
-/* Changed during early boot */
+/* Protected by sigio_lock(), also used by sigio_cleanup, which is an
-int pty_output_sigio = 0;
-int pty_close_sigio = 0;
-/* Used as a flag during SIGIO testing early in boot */
-static volatile int got_sigio = 0;
-void __init handler(int sig)
-{
-        got_sigio = 1;
-}
-struct openpty_arg {
-        int master;
-        int slave;
-        int err;
-};
-static void openpty_cb(void *arg)
-{
-        struct openpty_arg *info = arg;
-        info->err = 0;
-        if(openpty(&info->master, &info->slave, NULL, NULL, NULL))
-                info->err = -errno;
-}
-void __init check_one_sigio(void (*proc)(int, int))
-{
-        struct sigaction old, new;
-        struct openpty_arg pty = { .master = -1, .slave = -1 };
-        int master, slave, err;
-        initial_thread_cb(openpty_cb, &pty);
-        if(pty.err){
-                printk("openpty failed, errno = %d\n", -pty.err);
-                return;
-        }
-        master = pty.master;
-        slave = pty.slave;
-        if((master == -1) || (slave == -1)){
-                printk("openpty failed to allocate a pty\n");
-                return;
-        }
-        /* Not now, but complain so we now where we failed. */
-        err = raw(master);
-        if (err < 0)
-                panic("check_sigio : __raw failed, errno = %d\n", -err);
-        err = os_sigio_async(master, slave);
-        if(err < 0)
-                panic("tty_fds : sigio_async failed, err = %d\n", -err);
-        if(sigaction(SIGIO, NULL, &old) < 0)
-                panic("check_sigio : sigaction 1 failed, errno = %d\n", errno);
-        new = old;
-        new.sa_handler = handler;
-        if(sigaction(SIGIO, &new, NULL) < 0)
-                panic("check_sigio : sigaction 2 failed, errno = %d\n", errno);
-        got_sigio = 0;
-        (*proc)(master, slave);
-                
-        os_close_file(master);
-        os_close_file(slave);
-        if(sigaction(SIGIO, &old, NULL) < 0)
-                panic("check_sigio : sigaction 3 failed, errno = %d\n", errno);
-}
-static void tty_output(int master, int slave)
-{
-        int n;
-        char buf[512];
-        printk("Checking that host ptys support output SIGIO...");
-        memset(buf, 0, sizeof(buf));
-        while(os_write_file(master, buf, sizeof(buf)) > 0) ;
-        if(errno != EAGAIN)
-                panic("check_sigio : write failed, errno = %d\n", errno);
-        while(((n = os_read_file(slave, buf, sizeof(buf))) > 0) && !got_sigio) ;
-        if (got_sigio) {
-                printk("Yes\n");
-                pty_output_sigio = 1;
-        } else if (n == -EAGAIN) {
-                printk("No, enabling workaround\n");
-        } else {
-                panic("check_sigio : read failed, err = %d\n", n);
-        }
-}
-static void tty_close(int master, int slave)
-{
-        printk("Checking that host ptys support SIGIO on close...");
-        os_close_file(slave);
-        if(got_sigio){
-                printk("Yes\n");
-                pty_close_sigio = 1;
-        }
-        else printk("No, enabling workaround\n");
-}
-void __init check_sigio(void)
-{
-        if((os_access("/dev/ptmx", OS_ACC_R_OK) < 0) &&
-           (os_access("/dev/ptyp0", OS_ACC_R_OK) < 0)){
-                printk("No pseudo-terminals available - skipping pty SIGIO "
-                       "check\n");
-                return;
-        }
-        check_one_sigio(tty_output);
-        check_one_sigio(tty_close);
-}
-/* Protected by sigio_lock(), also used by sigio_cleanup, which is an 
 * exitcall.
 */
 static int write_sigio_pid = -1;
@@ -150,8 +29,10 @@ static int write_sigio_pid = -1;
 * the descriptors closed after it is killed.  So, it can't see them change.
 * On the UML side, they are changed under the sigio_lock.
 */
-static int write_sigio_fds[2] = { -1, -1 };
+#define SIGIO_FDS_INIT {-1, -1}
-static int sigio_private[2] = { -1, -1 };
+static int write_sigio_fds[2] = SIGIO_FDS_INIT;
+static int sigio_private[2] = SIGIO_FDS_INIT;
 struct pollfds {
        struct pollfd *poll;
@@ -264,13 +145,13 @@ static void update_thread(void)
        return;
 fail:
        /* Critical section start */
-        if(write_sigio_pid != -1) 
+        if(write_sigio_pid != -1)
                os_kill_process(write_sigio_pid, 1);
        write_sigio_pid = -1;
-        os_close_file(sigio_private[0]);
+        close(sigio_private[0]);
-        os_close_file(sigio_private[1]);
+        close(sigio_private[1]);
-        os_close_file(write_sigio_fds[0]);
+        close(write_sigio_fds[0]);
-        os_close_file(write_sigio_fds[1]);
+        close(write_sigio_fds[1]);
        /* Critical section end */
        set_signals(flags);
 }
@@ -281,13 +162,13 @@ int add_sigio_fd(int fd, int read)
        sigio_lock();
        for(i = 0; i < current_poll.used; i++){
-                if(current_poll.poll[i].fd == fd) 
+                if(current_poll.poll[i].fd == fd)
                        goto out;
        }
        n = current_poll.used + 1;
        err = need_poll(n);
-        if(err) 
+        if(err)
                goto out;
        for(i = 0; i < current_poll.used; i++)
@@ -316,7 +197,7 @@ int ignore_sigio_fd(int fd)
        }
        if(i == current_poll.used)
                goto out;
-        
        err = need_poll(current_poll.used - 1);
        if(err)
                goto out;
@@ -337,7 +218,7 @@ int ignore_sigio_fd(int fd)
        return(err);
 }
-static struct pollfd* setup_initial_poll(int fd)
+static struct pollfd *setup_initial_poll(int fd)
 {
        struct pollfd *p;
@@ -377,7 +258,7 @@ void write_sigio_workaround(void)
        }
        err = os_pipe(l_sigio_private, 1, 1);
        if(err < 0){
-                printk("write_sigio_workaround - os_pipe 1 failed, "
+                printk("write_sigio_workaround - os_pipe 2 failed, "
                       "err = %d\n", -err);
                goto out_close1;
        }
@@ -391,76 +272,52 @@ void write_sigio_workaround(void)
        /* Did we race? Don't try to optimize this, please, it's not so likely
         * to happen, and no more than once at the boot. */
        if(write_sigio_pid != -1)
-                goto out_unlock;
+                goto out_free;
-        write_sigio_pid = run_helper_thread(write_sigio_thread, NULL,
+        current_poll = ((struct pollfds) { .poll        = p,
-                                            CLONE_FILES | CLONE_VM, &stack, 0);
+                                           .used        = 1,
+                                           .size        = 1 });
-        if (write_sigio_pid < 0)
-                goto out_clear;
        if (write_sigio_irq(l_write_sigio_fds[0]))
-                goto out_kill;
+                goto out_clear_poll;
-        /* Success, finally. */
        memcpy(write_sigio_fds, l_write_sigio_fds, sizeof(l_write_sigio_fds));
        memcpy(sigio_private, l_sigio_private, sizeof(l_sigio_private));
-        current_poll = ((struct pollfds) { .poll        = p,
+        write_sigio_pid = run_helper_thread(write_sigio_thread, NULL,
-                                           .used        = 1,
+                                            CLONE_FILES | CLONE_VM, &stack, 0);
-                                           .size        = 1 });
-        sigio_unlock();
+        if (write_sigio_pid < 0)
-        return;
+                goto out_clear;
- out_kill:
-        l_write_sigio_pid = write_sigio_pid;
-        write_sigio_pid = -1;
        sigio_unlock();
-        /* Going to call waitpid, avoid holding the lock. */
+        return;
-        os_kill_process(l_write_sigio_pid, 1);
-        goto out_free;
- out_clear:
+out_clear:
        write_sigio_pid = -1;
- out_unlock:
+        write_sigio_fds[0] = -1;
-        sigio_unlock();
+        write_sigio_fds[1] = -1;
- out_free:
+        sigio_private[0] = -1;
+        sigio_private[1] = -1;
+out_clear_poll:
+        current_poll = ((struct pollfds) { .poll        = NULL,
+                                           .size        = 0,
+                                           .used        = 0 });
+out_free:
        kfree(p);
- out_close2:
+        sigio_unlock();
-        os_close_file(l_sigio_private[0]);
+out_close2:
-        os_close_file(l_sigio_private[1]);
+        close(l_sigio_private[0]);
- out_close1:
+        close(l_sigio_private[1]);
-        os_close_file(l_write_sigio_fds[0]);
+out_close1:
-        os_close_file(l_write_sigio_fds[1]);
+        close(l_write_sigio_fds[0]);
-        return;
+        close(l_write_sigio_fds[1]);
-}
-int read_sigio_fd(int fd)
-{
-        int n;
-        char c;
-        n = os_read_file(fd, &c, sizeof(c));
-        if(n != sizeof(c)){
-                if(n < 0) {
-                        printk("read_sigio_fd - read failed, err = %d\n", -n);
-                        return(n);
-                }
-                else {
-                        printk("read_sigio_fd - short read, bytes = %d\n", n);
-                        return(-EIO);
-                }
-        }
-        return(n);
 }
-static void sigio_cleanup(void)
+void sigio_cleanup(void)
 {
-        if (write_sigio_pid != -1) {
+        if(write_sigio_pid != -1){
                os_kill_process(write_sigio_pid, 1);
                write_sigio_pid = -1;
        }
 }
-__uml_exitcall(sigio_cleanup);
diff --git a/arch/um/os-Linux/start_up.c b/arch/um/os-Linux/start_up.c
index 829d6b0d8b02..387e26af301a 100644
--- a/arch/um/os-Linux/start_up.c
+++ b/arch/um/os-Linux/start_up.c
@@ -3,6 +3,7 @@
 * Licensed under the GPL
 */
+#include <pty.h>
 #include <stdio.h>
 #include <stddef.h>
 #include <stdarg.h>
@@ -469,25 +470,6 @@ int can_do_skas(void)
 }
 #endif
-int have_devanon = 0;
-/* Runs on boot kernel stack - already safe to use printk. */
-void check_devanon(void)
-{
-        int fd;
-        printk("Checking for /dev/anon on the host...");
-        fd = open("/dev/anon", O_RDWR);
-        if(fd < 0){
-                printk("Not available (open failed with errno %d)\n", errno);
-                return;
-        }
-        printk("OK\n");
-        have_devanon = 1;
-}
 int __init parse_iomem(char *str, int *add)
 {
        struct iomem_region *new;
@@ -539,3 +521,129 @@ int __init parse_iomem(char *str, int *add)
        return(1);
 }
+/* Changed during early boot */
+int pty_output_sigio = 0;
+int pty_close_sigio = 0;
+/* Used as a flag during SIGIO testing early in boot */
+static volatile int got_sigio = 0;
+static void __init handler(int sig)
+{
+        got_sigio = 1;
+}
+struct openpty_arg {
+        int master;
+        int slave;
+        int err;
+};
+static void openpty_cb(void *arg)
+{
+        struct openpty_arg *info = arg;
+        info->err = 0;
+        if(openpty(&info->master, &info->slave, NULL, NULL, NULL))
+                info->err = -errno;
+}
+static void __init check_one_sigio(void (*proc)(int, int))
+{
+        struct sigaction old, new;
+        struct openpty_arg pty = { .master = -1, .slave = -1 };
+        int master, slave, err;
+        initial_thread_cb(openpty_cb, &pty);
+        if(pty.err){
+                printk("openpty failed, errno = %d\n", -pty.err);
+                return;
+        }
+        master = pty.master;
+        slave = pty.slave;
+        if((master == -1) || (slave == -1)){
+                printk("openpty failed to allocate a pty\n");
+                return;
+        }
+        /* Not now, but complain so we now where we failed. */
+        err = raw(master);
+        if (err < 0)
+                panic("check_sigio : __raw failed, errno = %d\n", -err);
+        err = os_sigio_async(master, slave);
+        if(err < 0)
+                panic("tty_fds : sigio_async failed, err = %d\n", -err);
+        if(sigaction(SIGIO, NULL, &old) < 0)
+                panic("check_sigio : sigaction 1 failed, errno = %d\n", errno);
+        new = old;
+        new.sa_handler = handler;
+        if(sigaction(SIGIO, &new, NULL) < 0)
+                panic("check_sigio : sigaction 2 failed, errno = %d\n", errno);
+        got_sigio = 0;
+        (*proc)(master, slave);
+        close(master);
+        close(slave);
+        if(sigaction(SIGIO, &old, NULL) < 0)
+                panic("check_sigio : sigaction 3 failed, errno = %d\n", errno);
+}
+static void tty_output(int master, int slave)
+{
+        int n;
+        char buf[512];
+        printk("Checking that host ptys support output SIGIO...");
+        memset(buf, 0, sizeof(buf));
+        while(os_write_file(master, buf, sizeof(buf)) > 0) ;
+        if(errno != EAGAIN)
+                panic("check_sigio : write failed, errno = %d\n", errno);
+        while(((n = os_read_file(slave, buf, sizeof(buf))) > 0) && !got_sigio) ;
+        if(got_sigio){
+                printk("Yes\n");
+                pty_output_sigio = 1;
+        }
+        else if(n == -EAGAIN) printk("No, enabling workaround\n");
+        else panic("check_sigio : read failed, err = %d\n", n);
+}
+static void tty_close(int master, int slave)
+{
+        printk("Checking that host ptys support SIGIO on close...");
+        close(slave);
+        if(got_sigio){
+                printk("Yes\n");
+                pty_close_sigio = 1;
+        }
+        else printk("No, enabling workaround\n");
+}
+void __init check_sigio(void)
+{
+        if((os_access("/dev/ptmx", OS_ACC_R_OK) < 0) &&
+           (os_access("/dev/ptyp0", OS_ACC_R_OK) < 0)){
+                printk("No pseudo-terminals available - skipping pty SIGIO "
+                       "check\n");
+                return;
+        }
+        check_one_sigio(tty_output);
+        check_one_sigio(tty_close);
+}
+void os_check_bugs(void)
+{
+        check_ptrace();
+        check_sigio();
+}
diff --git a/arch/um/os-Linux/sys-i386/Makefile b/arch/um/os-Linux/sys-i386/Makefile
index 340ef26f5944..b3213613c41c 100644
--- a/arch/um/os-Linux/sys-i386/Makefile
+++ b/arch/um/os-Linux/sys-i386/Makefile
@@ -3,7 +3,7 @@
 # Licensed under the GPL
 #
-obj-$(CONFIG_MODE_SKAS) = registers.o
+obj-$(CONFIG_MODE_SKAS) = registers.o tls.o
 USER_OBJS := $(obj-y)
diff --git a/arch/um/os-Linux/sys-i386/tls.c b/arch/um/os-Linux/sys-i386/tls.c
new file mode 100644
index 000000000000..ba21f0e04a2f
--- /dev/null
+++ b/arch/um/os-Linux/sys-i386/tls.c
@@ -0,0 +1,33 @@
+#include <linux/unistd.h>
+#include "sysdep/tls.h"
+#include "user_util.h"
+static _syscall1(int, get_thread_area, user_desc_t *, u_info);
+/* Checks whether host supports TLS, and sets *tls_min according to the value
+ * valid on the host.
+ * i386 host have it == 6; x86_64 host have it == 12, for i386 emulation. */
+void check_host_supports_tls(int *supports_tls, int *tls_min) {
+        /* Values for x86 and x86_64.*/
+        int val[] = {GDT_ENTRY_TLS_MIN_I386, GDT_ENTRY_TLS_MIN_X86_64};
+        int i;
+        for (i = 0; i < ARRAY_SIZE(val); i++) {
+                user_desc_t info;
+                info.entry_number = val[i];
+                if (get_thread_area(&info) == 0) {
+                        *tls_min = val[i];
+                        *supports_tls = 1;
+                        return;
+                } else {
+                        if (errno == EINVAL)
+                                continue;
+                        else if (errno == ENOSYS)
+                                *supports_tls = 0;
+                                return;
+                }
+        }
+        *supports_tls = 0;
+}
diff --git a/arch/um/os-Linux/tls.c b/arch/um/os-Linux/tls.c
new file mode 100644
index 000000000000..9cb09a45546b
--- /dev/null
+++ b/arch/um/os-Linux/tls.c
@@ -0,0 +1,76 @@
+#include <errno.h>
+#include <sys/ptrace.h>
+#include <asm/ldt.h>
+#include "sysdep/tls.h"
+#include "uml-config.h"
+/* TLS support - we basically rely on the host's one.*/
+/* In TT mode, this should be called only by the tracing thread, and makes sense
+ * only for PTRACE_SET_THREAD_AREA. In SKAS mode, it's used normally.
+ *
+ */
+#ifndef PTRACE_GET_THREAD_AREA
+#define PTRACE_GET_THREAD_AREA 25
+#endif
+#ifndef PTRACE_SET_THREAD_AREA
+#define PTRACE_SET_THREAD_AREA 26
+#endif
+int os_set_thread_area(user_desc_t *info, int pid)
+{
+        int ret;
+        ret = ptrace(PTRACE_SET_THREAD_AREA, pid, info->entry_number,
+                     (unsigned long) info);
+        if (ret < 0)
+                ret = -errno;
+        return ret;
+}
+#ifdef UML_CONFIG_MODE_SKAS
+int os_get_thread_area(user_desc_t *info, int pid)
+{
+        int ret;
+        ret = ptrace(PTRACE_GET_THREAD_AREA, pid, info->entry_number,
+                     (unsigned long) info);
+        if (ret < 0)
+                ret = -errno;
+        return ret;
+}
+#endif
+#ifdef UML_CONFIG_MODE_TT
+#include "linux/unistd.h"
+static _syscall1(int, get_thread_area, user_desc_t *, u_info);
+static _syscall1(int, set_thread_area, user_desc_t *, u_info);
+int do_set_thread_area_tt(user_desc_t *info)
+{
+        int ret;
+        ret = set_thread_area(info);
+        if (ret < 0) {
+                ret = -errno;
+        }
+        return ret;
+}
+int do_get_thread_area_tt(user_desc_t *info)
+{
+        int ret;
+        ret = get_thread_area(info);
+        if (ret < 0) {
+                ret = -errno;
+        }
+        return ret;
+}
+#endif /* UML_CONFIG_MODE_TT */
diff --git a/arch/um/os-Linux/tt.c b/arch/um/os-Linux/tt.c
index 919d19f11537..5461a065bbb9 100644
--- a/arch/um/os-Linux/tt.c
+++ b/arch/um/os-Linux/tt.c
@@ -110,6 +110,16 @@ int wait_for_stop(int pid, int sig, int cont_type, void *relay)
        }
 }
+void forward_ipi(int fd, int pid)
+{
+        int err;
+        err = os_set_owner(fd, pid);
+        if(err < 0)
+                printk("forward_ipi: set_owner failed, fd = %d, me = %d, "
+                       "target = %d, err = %d\n", fd, os_getpid(), pid, -err);
+}
 /*
 *-------------------------
 * only for tt mode (will be deleted in future...)
diff --git a/arch/um/kernel/tty_log.c b/arch/um/os-Linux/tty_log.c
index 9ada656f68ce..c6ba56c1560f 100644
--- a/arch/um/kernel/tty_log.c
+++ b/arch/um/os-Linux/tty_log.c
@@ -1,5 +1,5 @@
-/* 
+/*
- * Copyright (C) 2002 Jeff Dike (jdike@karaya.com) and 
+ * Copyright (C) 2002 Jeff Dike (jdike@karaya.com) and
 * geoffrey hing <ghing@net.ohio-state.edu>
 * Licensed under the GPL
 */
@@ -58,7 +58,7 @@ int open_tty_log(void *tty, void *current_tty)
                return(tty_log_fd);
        }
-        sprintf(buf, "%s/%0u-%0u", tty_log_dir, (unsigned int) tv.tv_sec, 
+        sprintf(buf, "%s/%0u-%0u", tty_log_dir, (unsigned int) tv.tv_sec,
                (unsigned int) tv.tv_usec);
        fd = os_open_file(buf, of_append(of_create(of_rdwr(OPENFLAGS()))),
@@ -216,15 +216,3 @@ __uml_setup("tty_log_fd=", set_tty_log_fd,
 "    tty data will be written.  Preconfigure the descriptor with something\n"
 "    like '10>tty_log tty_log_fd=10'.\n\n"
 );
-/*
- * Overrides for Emacs so that we follow Linus's tabbing style.
- * Emacs will notice this stuff at the end of the file and automatically
- * adjust the settings for this buffer only.  This must remain at the end
- * of the file.
- * ---------------------------------------------------------------------------
- * Local variables:
- * c-file-style: "linux"
- * End:
- */
diff --git a/arch/um/os-Linux/umid.c b/arch/um/os-Linux/umid.c
index ecf107ae5ac8..198e59163288 100644
--- a/arch/um/os-Linux/umid.c
+++ b/arch/um/os-Linux/umid.c
@@ -143,8 +143,10 @@ static int not_dead_yet(char *dir)
                goto out_close;
        }
-        if((kill(p, 0) == 0) || (errno != ESRCH))
+        if((kill(p, 0) == 0) || (errno != ESRCH)){
+                printk("umid \"%s\" is already in use by pid %d\n", umid, p);
                return 1;
+        }
        err = actually_do_remove(dir);
        if(err)
@@ -234,33 +236,44 @@ int __init make_umid(void)
        err = mkdir(tmp, 0777);
        if(err < 0){
                err = -errno;
-                if(errno != EEXIST)
+                if(err != -EEXIST)
                        goto err;
-                if(not_dead_yet(tmp) < 0)
+                /* 1   -> this umid is already in use
+                 * < 0 -> we couldn't remove the umid directory
+                 * In either case, we can't use this umid, so return -EEXIST.
+                 */
+                if(not_dead_yet(tmp) != 0)
                        goto err;
                err = mkdir(tmp, 0777);
        }
-        if(err < 0){
+        if(err){
-                printk("Failed to create '%s' - err = %d\n", umid, err);
+                err = -errno;
-                goto err_rmdir;
+                printk("Failed to create '%s' - err = %d\n", umid, -errno);
+                goto err;
        }
        umid_setup = 1;
        create_pid_file();
-        return 0;
+        err = 0;
- err_rmdir:
-        rmdir(tmp);
 err:
        return err;
 }
 static int __init make_umid_init(void)
 {
+        if(!make_umid())
+                return 0;
+        /* If initializing with the given umid failed, then try again with
+         * a random one.
+         */
+        printk("Failed to initialize umid \"%s\", trying with a random umid\n",
+               umid);
+        *umid = '\0';
        make_umid();
        return 0;
diff --git a/arch/um/scripts/Makefile.rules b/arch/um/scripts/Makefile.rules
index 2e41cabd3d93..b696b451774c 100644
--- a/arch/um/scripts/Makefile.rules
+++ b/arch/um/scripts/Makefile.rules
@@ -20,25 +20,7 @@ define unprofile
        $(patsubst -pg,,$(patsubst -fprofile-arcs -ftest-coverage,,$(1)))
 endef
+ifdef subarch-obj-y
-# cmd_make_link checks to see if the $(foo-dir) variable starts with a /.  If
+obj-y += subarch.o
-# so, it's considered to be a path relative to $(srcdir) rather than
+subarch-y = $(addprefix ../../$(SUBARCH)/,$(subarch-obj-y))
-# $(srcdir)/arch/$(SUBARCH).  This is because x86_64 wants to get ldt.c from
+endif
-# arch/um/sys-i386 rather than arch/i386 like the other borrowed files.  So,
-# it sets $(ldt.c-dir) to /arch/um/sys-i386.
-quiet_cmd_make_link = SYMLINK $@
-cmd_make_link       = rm -f $@; ln -sf $(srctree)$(if $(filter-out /%,$($(notdir $@)-dir)),/arch/$(SUBARCH))/$($(notdir $@)-dir)/$(notdir $@) $@
-# this needs to be before the foreach, because targets does not accept
-# complete paths like $(obj)/$(f). To make sure this works, use a := assignment
-# or we will get $(obj)/$(f) in the "targets" value.
-# Also, this forces you to use the := syntax when assigning to targets.
-# Otherwise the line below will cause an infinite loop (if you don't know why,
-# just do it).
-targets := $(targets) $(SYMLINKS)
-SYMLINKS := $(foreach f,$(SYMLINKS),$(obj)/$(f))
-$(SYMLINKS): FORCE
-        $(call if_changed,make_link)
diff --git a/arch/um/scripts/Makefile.unmap b/arch/um/scripts/Makefile.unmap
deleted file mode 100644
index b2165188d942..000000000000
--- a/arch/um/scripts/Makefile.unmap
+++ /dev/null
@@ -1,22 +0,0 @@
-clean-files += unmap_tmp.o unmap_fin.o unmap.o
-ifdef CONFIG_MODE_TT
-#Always build unmap_fin.o
-extra-y += unmap_fin.o
-#Do dependency tracking for unmap.o (it will be always built, but won't get the tracking unless we use this).
-targets += unmap.o
-#XXX: partially copied from arch/um/scripts/Makefile.rules
-$(obj)/unmap.o: _c_flags = $(call unprofile,$(CFLAGS))
-quiet_cmd_wrapld = LD      $@
-define cmd_wrapld
-        $(LD) $(LDFLAGS) -r -o $(obj)/unmap_tmp.o $< ; \
-        $(OBJCOPY) $(UML_OBJCOPYFLAGS) $(obj)/unmap_tmp.o $@ -G switcheroo
-endef
-$(obj)/unmap_fin.o : $(obj)/unmap.o FORCE
-        $(call if_changed,wrapld)
-endif
diff --git a/arch/um/sys-i386/Makefile b/arch/um/sys-i386/Makefile
index f5fd5b0156d0..98b20b7bba4f 100644
--- a/arch/um/sys-i386/Makefile
+++ b/arch/um/sys-i386/Makefile
@@ -1,23 +1,18 @@
-obj-y := bitops.o bugs.o checksum.o delay.o fault.o ksyms.o ldt.o ptrace.o \
+obj-y = bugs.o checksum.o delay.o fault.o ksyms.o ldt.o ptrace.o \
-        ptrace_user.o semaphore.o signal.o sigcontext.o syscalls.o sysrq.o \
+        ptrace_user.o signal.o sigcontext.o syscalls.o sysrq.o \
-        sys_call_table.o
+        sys_call_table.o tls.o
 obj-$(CONFIG_MODE_SKAS) += stub.o stub_segv.o
-obj-$(CONFIG_HIGHMEM) += highmem.o
+subarch-obj-y = lib/bitops.o kernel/semaphore.o
-obj-$(CONFIG_MODULES) += module.o
+subarch-obj-$(CONFIG_HIGHMEM) += mm/highmem.o
+subarch-obj-$(CONFIG_MODULES) += kernel/module.o
 USER_OBJS := bugs.o ptrace_user.o sigcontext.o fault.o stub_segv.o
-SYMLINKS = bitops.c semaphore.c highmem.c module.c
 include arch/um/scripts/Makefile.rules
-bitops.c-dir = lib
+extra-$(CONFIG_MODE_TT) += unmap.o
-semaphore.c-dir = kernel
-highmem.c-dir = mm
-module.c-dir = kernel
-$(obj)/stub_segv.o : _c_flags = $(call unprofile,$(CFLAGS))
-include arch/um/scripts/Makefile.unmap
+$(obj)/stub_segv.o $(obj)/unmap.o: \
+        _c_flags = $(call unprofile,$(CFLAGS))
diff --git a/arch/um/sys-i386/ptrace.c b/arch/um/sys-i386/ptrace.c
index e839ce65ad28..6028bc7cc01b 100644
--- a/arch/um/sys-i386/ptrace.c
+++ b/arch/um/sys-i386/ptrace.c
@@ -6,6 +6,7 @@
 #include <linux/config.h>
 #include <linux/compiler.h>
 #include "linux/sched.h"
+#include "linux/mm.h"
 #include "asm/elf.h"
 #include "asm/ptrace.h"
 #include "asm/uaccess.h"
@@ -14,9 +15,22 @@
 #include "sysdep/sigcontext.h"
 #include "sysdep/sc.h"
-void arch_switch(void)
+void arch_switch_to_tt(struct task_struct *from, struct task_struct *to)
 {
-        update_debugregs(current->thread.arch.debugregs_seq);
+        update_debugregs(to->thread.arch.debugregs_seq);
+        arch_switch_tls_tt(from, to);
+}
+void arch_switch_to_skas(struct task_struct *from, struct task_struct *to)
+{
+        int err = arch_switch_tls_skas(from, to);
+        if (!err)
+                return;
+        if (err != -EINVAL)
+                printk(KERN_WARNING "arch_switch_tls_skas failed, errno %d, not EINVAL\n", -err);
+        else
+                printk(KERN_WARNING "arch_switch_tls_skas failed, errno = EINVAL\n");
 }
 int is_syscall(unsigned long addr)
@@ -26,9 +40,17 @@ int is_syscall(unsigned long addr)
        n = copy_from_user(&instr, (void __user *) addr, sizeof(instr));
        if(n){
-                printk("is_syscall : failed to read instruction from 0x%lx\n",
+                /* access_process_vm() grants access to vsyscall and stub,
-                       addr);
+                 * while copy_from_user doesn't. Maybe access_process_vm is
-                return(0);
+                 * slow, but that doesn't matter, since it will be called only
+                 * in case of singlestepping, if copy_from_user failed.
+                 */
+                n = access_process_vm(current, addr, &instr, sizeof(instr), 0);
+                if(n != sizeof(instr)) {
+                        printk("is_syscall : failed to read instruction from "
+                               "0x%lx\n", addr);
+                        return(1);
+                }
        }
        /* int 0x80 or sysenter */
        return((instr == 0x80cd) || (instr == 0x340f));
@@ -115,22 +137,22 @@ unsigned long getreg(struct task_struct *child, int regno)
 int peek_user(struct task_struct *child, long addr, long data)
 {
 /* read the word at location addr in the USER area. */
-        unsigned long tmp;
+        unsigned long tmp;
-        if ((addr & 3) || addr < 0)
+        if ((addr & 3) || addr < 0)
-                return -EIO;
+                return -EIO;
-        tmp = 0;  /* Default return condition */
+        tmp = 0;  /* Default return condition */
-        if(addr < MAX_REG_OFFSET){
+        if(addr < MAX_REG_OFFSET){
-                tmp = getreg(child, addr);
+                tmp = getreg(child, addr);
-        }
+        }
-        else if((addr >= offsetof(struct user, u_debugreg[0])) &&
+        else if((addr >= offsetof(struct user, u_debugreg[0])) &&
-                (addr <= offsetof(struct user, u_debugreg[7]))){
+                (addr <= offsetof(struct user, u_debugreg[7]))){
-                addr -= offsetof(struct user, u_debugreg[0]);
+                addr -= offsetof(struct user, u_debugreg[0]);
-                addr = addr >> 2;
+                addr = addr >> 2;
-                tmp = child->thread.arch.debugregs[addr];
+                tmp = child->thread.arch.debugregs[addr];
-        }
+        }
-        return put_user(tmp, (unsigned long *) data);
+        return put_user(tmp, (unsigned long __user *) data);
 }
 struct i387_fxsave_struct {
diff --git a/arch/um/sys-i386/ptrace_user.c b/arch/um/sys-i386/ptrace_user.c
index 7c376c95de50..9f3bd8ed78f5 100644
--- a/arch/um/sys-i386/ptrace_user.c
+++ b/arch/um/sys-i386/ptrace_user.c
@@ -14,6 +14,7 @@
 #include "sysdep/thread.h"
 #include "user.h"
 #include "os.h"
+#include "uml-config.h"
 int ptrace_getregs(long pid, unsigned long *regs_out)
 {
@@ -43,6 +44,7 @@ int ptrace_setfpregs(long pid, unsigned long *regs)
        return 0;
 }
+/* All the below stuff is of interest for TT mode only */
 static void write_debugregs(int pid, unsigned long *regs)
 {
        struct user *dummy;
@@ -75,7 +77,6 @@ static void read_debugregs(int pid, unsigned long *regs)
 /* Accessed only by the tracing thread */
 static unsigned long kernel_debugregs[8] = { [ 0 ... 7 ] = 0 };
-static int debugregs_seq = 0;
 void arch_enter_kernel(void *task, int pid)
 {
@@ -89,6 +90,11 @@ void arch_leave_kernel(void *task, int pid)
        write_debugregs(pid, TASK_DEBUGREGS(task));
 }
+#ifdef UML_CONFIG_PT_PROXY
+/* Accessed only by the tracing thread */
+static int debugregs_seq;
+/* Only called by the ptrace proxy */
 void ptrace_pokeuser(unsigned long addr, unsigned long data)
 {
        if((addr < offsetof(struct user, u_debugreg[0])) ||
@@ -109,6 +115,7 @@ static void update_debugregs_cb(void *arg)
        write_debugregs(pid, kernel_debugregs);
 }
+/* Optimized out in its header when not defined */
 void update_debugregs(int seq)
 {
        int me;
@@ -118,6 +125,7 @@ void update_debugregs(int seq)
        me = os_getpid();
        initial_thread_cb(update_debugregs_cb, &me);
 }
+#endif
 /*
 * Overrides for Emacs so that we follow Linus's tabbing style.
diff --git a/arch/um/sys-i386/signal.c b/arch/um/sys-i386/signal.c
index 7cd1a82dc8c2..f5d0e1c37ea2 100644
--- a/arch/um/sys-i386/signal.c
+++ b/arch/um/sys-i386/signal.c
@@ -19,7 +19,7 @@
 #include "skas.h"
 static int copy_sc_from_user_skas(struct pt_regs *regs,
-                                  struct sigcontext *from)
+                                  struct sigcontext __user *from)
 {
        struct sigcontext sc;
        unsigned long fpregs[HOST_FP_SIZE];
@@ -57,8 +57,8 @@ static int copy_sc_from_user_skas(struct pt_regs *regs,
        return(0);
 }
-int copy_sc_to_user_skas(struct sigcontext *to, struct _fpstate *to_fp,
+int copy_sc_to_user_skas(struct sigcontext *to, struct _fpstate __user *to_fp,
-                         struct pt_regs *regs)
+                         struct pt_regs *regs, unsigned long sp)
 {
        struct sigcontext sc;
        unsigned long fpregs[HOST_FP_SIZE];
@@ -72,7 +72,7 @@ int copy_sc_to_user_skas(struct sigcontext *to, struct _fpstate *to_fp,
        sc.edi = REGS_EDI(regs->regs.skas.regs);
        sc.esi = REGS_ESI(regs->regs.skas.regs);
        sc.ebp = REGS_EBP(regs->regs.skas.regs);
-        sc.esp = REGS_SP(regs->regs.skas.regs);
+        sc.esp = sp;
        sc.ebx = REGS_EBX(regs->regs.skas.regs);
        sc.edx = REGS_EDX(regs->regs.skas.regs);
        sc.ecx = REGS_ECX(regs->regs.skas.regs);
@@ -92,7 +92,7 @@ int copy_sc_to_user_skas(struct sigcontext *to, struct _fpstate *to_fp,
                       "errno = %d\n", err);
                return(1);
        }
-        to_fp = (to_fp ? to_fp : (struct _fpstate *) (to + 1));
+        to_fp = (to_fp ? to_fp : (struct _fpstate __user *) (to + 1));
        sc.fpstate = to_fp;
        if(err)
@@ -113,10 +113,11 @@ int copy_sc_to_user_skas(struct sigcontext *to, struct _fpstate *to_fp,
 * saved pointer is in the kernel, but the sigcontext is in userspace, so we
 * copy_to_user it.
 */
-int copy_sc_from_user_tt(struct sigcontext *to, struct sigcontext *from,
+int copy_sc_from_user_tt(struct sigcontext *to, struct sigcontext __user *from,
                         int fpsize)
 {
-        struct _fpstate *to_fp, *from_fp;
+        struct _fpstate *to_fp;
+        struct _fpstate __user *from_fp;
        unsigned long sigs;
        int err;
@@ -131,20 +132,28 @@ int copy_sc_from_user_tt(struct sigcontext *to, struct sigcontext *from,
        return(err);
 }
-int copy_sc_to_user_tt(struct sigcontext *to, struct _fpstate *fp,
+int copy_sc_to_user_tt(struct sigcontext *to, struct _fpstate __user *fp,
-                       struct sigcontext *from, int fpsize)
+                       struct sigcontext *from, int fpsize, unsigned long sp)
 {
-        struct _fpstate *to_fp, *from_fp;
+        struct _fpstate __user *to_fp;
+        struct _fpstate *from_fp;
        int err;
-        to_fp = (fp ? fp : (struct _fpstate *) (to + 1));
+        to_fp = (fp ? fp : (struct _fpstate __user *) (to + 1));
        from_fp = from->fpstate;
        err = copy_to_user(to, from, sizeof(*to));
+        /* The SP in the sigcontext is the updated one for the signal
+         * delivery.  The sp passed in is the original, and this needs
+         * to be restored, so we stick it in separately.
+         */
+        err |= copy_to_user(&SC_SP(to), sp, sizeof(sp));
        if(from_fp != NULL){
                err |= copy_to_user(&to->fpstate, &to_fp, sizeof(to->fpstate));
                err |= copy_to_user(to_fp, from_fp, fpsize);
        }
-        return(err);
+        return err;
 }
 #endif
@@ -158,15 +167,15 @@ static int copy_sc_from_user(struct pt_regs *to, void __user *from)
        return(ret);
 }
-static int copy_sc_to_user(struct sigcontext *to, struct _fpstate *fp,
+static int copy_sc_to_user(struct sigcontext *to, struct _fpstate __user *fp,
-                           struct pt_regs *from)
+                           struct pt_regs *from, unsigned long sp)
 {
        return(CHOOSE_MODE(copy_sc_to_user_tt(to, fp, UPT_SC(&from->regs),
-                                              sizeof(*fp)),
+                                              sizeof(*fp), sp),
-                           copy_sc_to_user_skas(to, fp, from)));
+                           copy_sc_to_user_skas(to, fp, from, sp)));
 }
-static int copy_ucontext_to_user(struct ucontext *uc, struct _fpstate *fp,
+static int copy_ucontext_to_user(struct ucontext __user *uc, struct _fpstate __user *fp,
                                 sigset_t *set, unsigned long sp)
 {
        int err = 0;
@@ -174,14 +183,14 @@ static int copy_ucontext_to_user(struct ucontext *uc, struct _fpstate *fp,
        err |= put_user(current->sas_ss_sp, &uc->uc_stack.ss_sp);
        err |= put_user(sas_ss_flags(sp), &uc->uc_stack.ss_flags);
        err |= put_user(current->sas_ss_size, &uc->uc_stack.ss_size);
-        err |= copy_sc_to_user(&uc->uc_mcontext, fp, &current->thread.regs);
+        err |= copy_sc_to_user(&uc->uc_mcontext, fp, &current->thread.regs, sp);
        err |= copy_to_user(&uc->uc_sigmask, set, sizeof(*set));
        return(err);
 }
 struct sigframe
 {
-        char *pretcode;
+        char __user *pretcode;
        int sig;
        struct sigcontext sc;
        struct _fpstate fpstate;
@@ -191,10 +200,10 @@ struct sigframe
 struct rt_sigframe
 {
-        char *pretcode;
+        char __user *pretcode;
        int sig;
-        struct siginfo *pinfo;
+        struct siginfo __user *pinfo;
-        void *puc;
+        void __user *puc;
        struct siginfo info;
        struct ucontext uc;
        struct _fpstate fpstate;
@@ -206,21 +215,32 @@ int setup_signal_stack_sc(unsigned long stack_top, int sig,
                          sigset_t *mask)
 {
        struct sigframe __user *frame;
-        void *restorer;
+        void __user *restorer;
+        unsigned long save_sp = PT_REGS_SP(regs);
        int err = 0;
        stack_top &= -8UL;
-        frame = (struct sigframe *) stack_top - 1;
+        frame = (struct sigframe __user *) stack_top - 1;
        if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame)))
                return 1;
-        restorer = (void *) frame->retcode;
+        restorer = frame->retcode;
        if(ka->sa.sa_flags & SA_RESTORER)
                restorer = ka->sa.sa_restorer;
+        /* Update SP now because the page fault handler refuses to extend
+         * the stack if the faulting address is too far below the current
+         * SP, which frame now certainly is.  If there's an error, the original
+         * value is restored on the way out.
+         * When writing the sigcontext to the stack, we have to write the
+         * original value, so that's passed to copy_sc_to_user, which does
+         * the right thing with it.
+         */
+        PT_REGS_SP(regs) = (unsigned long) frame;
        err |= __put_user(restorer, &frame->pretcode);
        err |= __put_user(sig, &frame->sig);
-        err |= copy_sc_to_user(&frame->sc, NULL, regs);
+        err |= copy_sc_to_user(&frame->sc, NULL, regs, save_sp);
        err |= __put_user(mask->sig[0], &frame->sc.oldmask);
        if (_NSIG_WORDS > 1)
                err |= __copy_to_user(&frame->extramask, &mask->sig[1],
@@ -238,7 +258,7 @@ int setup_signal_stack_sc(unsigned long stack_top, int sig,
        err |= __put_user(0x80cd, (short __user *)(frame->retcode+6));
        if(err)
-                return(err);
+                goto err;
        PT_REGS_SP(regs) = (unsigned long) frame;
        PT_REGS_IP(regs) = (unsigned long) ka->sa.sa_handler;
@@ -248,7 +268,11 @@ int setup_signal_stack_sc(unsigned long stack_top, int sig,
        if ((current->ptrace & PT_DTRACE) && (current->ptrace & PT_PTRACED))
                ptrace_notify(SIGTRAP);
-        return(0);
+        return 0;
+err:
+        PT_REGS_SP(regs) = save_sp;
+        return err;
 }
 int setup_signal_stack_si(unsigned long stack_top, int sig,
@@ -256,25 +280,29 @@ int setup_signal_stack_si(unsigned long stack_top, int sig,
                          siginfo_t *info, sigset_t *mask)
 {
        struct rt_sigframe __user *frame;
-        void *restorer;
+        void __user *restorer;
+        unsigned long save_sp = PT_REGS_SP(regs);
        int err = 0;
        stack_top &= -8UL;
-        frame = (struct rt_sigframe *) stack_top - 1;
+        frame = (struct rt_sigframe __user *) stack_top - 1;
        if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame)))
                return 1;
-        restorer = (void *) frame->retcode;
+        restorer = frame->retcode;
        if(ka->sa.sa_flags & SA_RESTORER)
                restorer = ka->sa.sa_restorer;
+        /* See comment above about why this is here */
+        PT_REGS_SP(regs) = (unsigned long) frame;
        err |= __put_user(restorer, &frame->pretcode);
        err |= __put_user(sig, &frame->sig);
        err |= __put_user(&frame->info, &frame->pinfo);
        err |= __put_user(&frame->uc, &frame->puc);
        err |= copy_siginfo_to_user(&frame->info, info);
        err |= copy_ucontext_to_user(&frame->uc, &frame->fpstate, mask,
-                                     PT_REGS_SP(regs));
+                                     save_sp);
        /*
         * This is movl $,%eax ; int $0x80
@@ -288,9 +316,8 @@ int setup_signal_stack_si(unsigned long stack_top, int sig,
        err |= __put_user(0x80cd, (short __user *)(frame->retcode+5));
        if(err)
-                return(err);
+                goto err;
-        PT_REGS_SP(regs) = (unsigned long) frame;
        PT_REGS_IP(regs) = (unsigned long) ka->sa.sa_handler;
        PT_REGS_EAX(regs) = (unsigned long) sig;
        PT_REGS_EDX(regs) = (unsigned long) &frame->info;
@@ -298,13 +325,17 @@ int setup_signal_stack_si(unsigned long stack_top, int sig,
        if ((current->ptrace & PT_DTRACE) && (current->ptrace & PT_PTRACED))
                ptrace_notify(SIGTRAP);
-        return(0);
+        return 0;
+err:
+        PT_REGS_SP(regs) = save_sp;
+        return err;
 }
 long sys_sigreturn(struct pt_regs regs)
 {
        unsigned long sp = PT_REGS_SP(&current->thread.regs);
-        struct sigframe __user *frame = (struct sigframe *)(sp - 8);
+        struct sigframe __user *frame = (struct sigframe __user *)(sp - 8);
        sigset_t set;
        struct sigcontext __user *sc = &frame->sc;
        unsigned long __user *oldmask = &sc->oldmask;
@@ -336,8 +367,8 @@ long sys_sigreturn(struct pt_regs regs)
 long sys_rt_sigreturn(struct pt_regs regs)
 {
-        unsigned long __user sp = PT_REGS_SP(&current->thread.regs);
+        unsigned long sp = PT_REGS_SP(&current->thread.regs);
-        struct rt_sigframe __user *frame = (struct rt_sigframe *) (sp - 4);
+        struct rt_sigframe __user *frame = (struct rt_sigframe __user *) (sp - 4);
        sigset_t set;
        struct ucontext __user *uc = &frame->uc;
        int sig_size = _NSIG_WORDS * sizeof(unsigned long);
diff --git a/arch/um/sys-i386/sys_call_table.S b/arch/um/sys-i386/sys_call_table.S
index ad75c27afe38..1ff61474b25c 100644
--- a/arch/um/sys-i386/sys_call_table.S
+++ b/arch/um/sys-i386/sys_call_table.S
@@ -6,8 +6,6 @@
 #define sys_vm86old sys_ni_syscall
 #define sys_vm86 sys_ni_syscall
-#define sys_set_thread_area sys_ni_syscall
-#define sys_get_thread_area sys_ni_syscall
 #define sys_stime um_stime
 #define sys_time um_time
diff --git a/arch/um/sys-i386/syscalls.c b/arch/um/sys-i386/syscalls.c
index 83e9be820a86..749dd1bfe60f 100644
--- a/arch/um/sys-i386/syscalls.c
+++ b/arch/um/sys-i386/syscalls.c
@@ -61,21 +61,27 @@ long old_select(struct sel_arg_struct __user *arg)
        return sys_select(a.n, a.inp, a.outp, a.exp, a.tvp);
 }
-/* The i386 version skips reading from %esi, the fourth argument. So we must do
+/*
- * this, too.
+ * The prototype on i386 is:
+ *
+ *     int clone(int flags, void * child_stack, int * parent_tidptr, struct user_desc * newtls, int * child_tidptr)
+ *
+ * and the "newtls" arg. on i386 is read by copy_thread directly from the
+ * register saved on the stack.
 */
 long sys_clone(unsigned long clone_flags, unsigned long newsp,
-               int __user *parent_tid, int unused, int __user *child_tid)
+               int __user *parent_tid, void *newtls, int __user *child_tid)
 {
        long ret;
        if (!newsp)
                newsp = UPT_SP(&current->thread.regs.regs);
        current->thread.forking = 1;
        ret = do_fork(clone_flags, newsp, &current->thread.regs, 0, parent_tid,
                      child_tid);
        current->thread.forking = 0;
-        return(ret);
+        return ret;
 }
 /*
@@ -104,7 +110,7 @@ long sys_ipc (uint call, int first, int second,
                union semun fourth;
                if (!ptr)
                        return -EINVAL;
-                if (get_user(fourth.__pad, (void **) ptr))
+                if (get_user(fourth.__pad, (void __user * __user *) ptr))
                        return -EFAULT;
                return sys_semctl (first, second, third, fourth);
        }
diff --git a/arch/um/sys-i386/tls.c b/arch/um/sys-i386/tls.c
new file mode 100644
index 000000000000..a3188e861cc7
--- /dev/null
+++ b/arch/um/sys-i386/tls.c
@@ -0,0 +1,384 @@
+/*
+ * Copyright (C) 2005 Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
+ * Licensed under the GPL
+ */
+#include "linux/config.h"
+#include "linux/kernel.h"
+#include "linux/sched.h"
+#include "linux/slab.h"
+#include "linux/types.h"
+#include "asm/uaccess.h"
+#include "asm/ptrace.h"
+#include "asm/segment.h"
+#include "asm/smp.h"
+#include "asm/desc.h"
+#include "choose-mode.h"
+#include "kern.h"
+#include "kern_util.h"
+#include "mode_kern.h"
+#include "os.h"
+#include "mode.h"
+#ifdef CONFIG_MODE_SKAS
+#include "skas.h"
+#endif
+/* If needed we can detect when it's uninitialized. */
+static int host_supports_tls = -1;
+int host_gdt_entry_tls_min = -1;
+#ifdef CONFIG_MODE_SKAS
+int do_set_thread_area_skas(struct user_desc *info)
+{
+        int ret;
+        u32 cpu;
+        cpu = get_cpu();
+        ret = os_set_thread_area(info, userspace_pid[cpu]);
+        put_cpu();
+        return ret;
+}
+int do_get_thread_area_skas(struct user_desc *info)
+{
+        int ret;
+        u32 cpu;
+        cpu = get_cpu();
+        ret = os_get_thread_area(info, userspace_pid[cpu]);
+        put_cpu();
+        return ret;
+}
+#endif
+/*
+ * sys_get_thread_area: get a yet unused TLS descriptor index.
+ * XXX: Consider leaving one free slot for glibc usage at first place. This must
+ * be done here (and by changing GDT_ENTRY_TLS_* macros) and nowhere else.
+ *
+ * Also, this must be tested when compiling in SKAS mode with dinamic linking
+ * and running against NPTL.
+ */
+static int get_free_idx(struct task_struct* task)
+{
+        struct thread_struct *t = &task->thread;
+        int idx;
+        if (!t->arch.tls_array)
+                return GDT_ENTRY_TLS_MIN;
+        for (idx = 0; idx < GDT_ENTRY_TLS_ENTRIES; idx++)
+                if (!t->arch.tls_array[idx].present)
+                        return idx + GDT_ENTRY_TLS_MIN;
+        return -ESRCH;
+}
+static inline void clear_user_desc(struct user_desc* info)
+{
+        /* Postcondition: LDT_empty(info) returns true. */
+        memset(info, 0, sizeof(*info));
+        /* Check the LDT_empty or the i386 sys_get_thread_area code - we obtain
+         * indeed an empty user_desc.
+         */
+        info->read_exec_only = 1;
+        info->seg_not_present = 1;
+}
+#define O_FORCE 1
+static int load_TLS(int flags, struct task_struct *to)
+{
+        int ret = 0;
+        int idx;
+        for (idx = GDT_ENTRY_TLS_MIN; idx < GDT_ENTRY_TLS_MAX; idx++) {
+                struct uml_tls_struct* curr = &to->thread.arch.tls_array[idx - GDT_ENTRY_TLS_MIN];
+                /* Actually, now if it wasn't flushed it gets cleared and
+                 * flushed to the host, which will clear it.*/
+                if (!curr->present) {
+                        if (!curr->flushed) {
+                                clear_user_desc(&curr->tls);
+                                curr->tls.entry_number = idx;
+                        } else {
+                                WARN_ON(!LDT_empty(&curr->tls));
+                                continue;
+                        }
+                }
+                if (!(flags & O_FORCE) && curr->flushed)
+                        continue;
+                ret = do_set_thread_area(&curr->tls);
+                if (ret)
+                        goto out;
+                curr->flushed = 1;
+        }
+out:
+        return ret;
+}
+/* Verify if we need to do a flush for the new process, i.e. if there are any
+ * present desc's, only if they haven't been flushed.
+ */
+static inline int needs_TLS_update(struct task_struct *task)
+{
+        int i;
+        int ret = 0;
+        for (i = GDT_ENTRY_TLS_MIN; i < GDT_ENTRY_TLS_MAX; i++) {
+                struct uml_tls_struct* curr = &task->thread.arch.tls_array[i - GDT_ENTRY_TLS_MIN];
+                /* Can't test curr->present, we may need to clear a descriptor
+                 * which had a value. */
+                if (curr->flushed)
+                        continue;
+                ret = 1;
+                break;
+        }
+        return ret;
+}
+/* On a newly forked process, the TLS descriptors haven't yet been flushed. So
+ * we mark them as such and the first switch_to will do the job.
+ */
+void clear_flushed_tls(struct task_struct *task)
+{
+        int i;
+        for (i = GDT_ENTRY_TLS_MIN; i < GDT_ENTRY_TLS_MAX; i++) {
+                struct uml_tls_struct* curr = &task->thread.arch.tls_array[i - GDT_ENTRY_TLS_MIN];
+                /* Still correct to do this, if it wasn't present on the host it
+                 * will remain as flushed as it was. */
+                if (!curr->present)
+                        continue;
+                curr->flushed = 0;
+        }
+}
+/* In SKAS0 mode, currently, multiple guest threads sharing the same ->mm have a
+ * common host process. So this is needed in SKAS0 too.
+ *
+ * However, if each thread had a different host process (and this was discussed
+ * for SMP support) this won't be needed.
+ *
+ * And this will not need be used when (and if) we'll add support to the host
+ * SKAS patch. */
+int arch_switch_tls_skas(struct task_struct *from, struct task_struct *to)
+{
+        if (!host_supports_tls)
+                return 0;
+        /* We have no need whatsoever to switch TLS for kernel threads; beyond
+         * that, that would also result in us calling os_set_thread_area with
+         * userspace_pid[cpu] == 0, which gives an error. */
+        if (likely(to->mm))
+                return load_TLS(O_FORCE, to);
+        return 0;
+}
+int arch_switch_tls_tt(struct task_struct *from, struct task_struct *to)
+{
+        if (!host_supports_tls)
+                return 0;
+        if (needs_TLS_update(to))
+                return load_TLS(0, to);
+        return 0;
+}
+static int set_tls_entry(struct task_struct* task, struct user_desc *info,
+                         int idx, int flushed)
+{
+        struct thread_struct *t = &task->thread;
+        if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX)
+                return -EINVAL;
+        t->arch.tls_array[idx - GDT_ENTRY_TLS_MIN].tls = *info;
+        t->arch.tls_array[idx - GDT_ENTRY_TLS_MIN].present = 1;
+        t->arch.tls_array[idx - GDT_ENTRY_TLS_MIN].flushed = flushed;
+        return 0;
+}
+int arch_copy_tls(struct task_struct *new)
+{
+        struct user_desc info;
+        int idx, ret = -EFAULT;
+        if (copy_from_user(&info,
+                           (void __user *) UPT_ESI(&new->thread.regs.regs),
+                           sizeof(info)))
+                goto out;
+        ret = -EINVAL;
+        if (LDT_empty(&info))
+                goto out;
+        idx = info.entry_number;
+        ret = set_tls_entry(new, &info, idx, 0);
+out:
+        return ret;
+}
+/* XXX: use do_get_thread_area to read the host value? I'm not at all sure! */
+static int get_tls_entry(struct task_struct* task, struct user_desc *info, int idx)
+{
+        struct thread_struct *t = &task->thread;
+        if (!t->arch.tls_array)
+                goto clear;
+        if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX)
+                return -EINVAL;
+        if (!t->arch.tls_array[idx - GDT_ENTRY_TLS_MIN].present)
+                goto clear;
+        *info = t->arch.tls_array[idx - GDT_ENTRY_TLS_MIN].tls;
+out:
+        /* Temporary debugging check, to make sure that things have been
+         * flushed. This could be triggered if load_TLS() failed.
+         */
+        if (unlikely(task == current && !t->arch.tls_array[idx - GDT_ENTRY_TLS_MIN].flushed)) {
+                printk(KERN_ERR "get_tls_entry: task with pid %d got here "
+                                "without flushed TLS.", current->pid);
+        }
+        return 0;
+clear:
+        /* When the TLS entry has not been set, the values read to user in the
+         * tls_array are 0 (because it's cleared at boot, see
+         * arch/i386/kernel/head.S:cpu_gdt_table). Emulate that.
+         */
+        clear_user_desc(info);
+        info->entry_number = idx;
+        goto out;
+}
+asmlinkage int sys_set_thread_area(struct user_desc __user *user_desc)
+{
+        struct user_desc info;
+        int idx, ret;
+        if (!host_supports_tls)
+                return -ENOSYS;
+        if (copy_from_user(&info, user_desc, sizeof(info)))
+                return -EFAULT;
+        idx = info.entry_number;
+        if (idx == -1) {
+                idx = get_free_idx(current);
+                if (idx < 0)
+                        return idx;
+                info.entry_number = idx;
+                /* Tell the user which slot we chose for him.*/
+                if (put_user(idx, &user_desc->entry_number))
+                        return -EFAULT;
+        }
+        ret = CHOOSE_MODE_PROC(do_set_thread_area_tt, do_set_thread_area_skas, &info);
+        if (ret)
+                return ret;
+        return set_tls_entry(current, &info, idx, 1);
+}
+/*
+ * Perform set_thread_area on behalf of the traced child.
+ * Note: error handling is not done on the deferred load, and this differ from
+ * i386. However the only possible error are caused by bugs.
+ */
+int ptrace_set_thread_area(struct task_struct *child, int idx,
+                struct user_desc __user *user_desc)
+{
+        struct user_desc info;
+        if (!host_supports_tls)
+                return -EIO;
+        if (copy_from_user(&info, user_desc, sizeof(info)))
+                return -EFAULT;
+        return set_tls_entry(child, &info, idx, 0);
+}
+asmlinkage int sys_get_thread_area(struct user_desc __user *user_desc)
+{
+        struct user_desc info;
+        int idx, ret;
+        if (!host_supports_tls)
+                return -ENOSYS;
+        if (get_user(idx, &user_desc->entry_number))
+                return -EFAULT;
+        ret = get_tls_entry(current, &info, idx);
+        if (ret < 0)
+                goto out;
+        if (copy_to_user(user_desc, &info, sizeof(info)))
+                ret = -EFAULT;
+out:
+        return ret;
+}
+/*
+ * Perform get_thread_area on behalf of the traced child.
+ */
+int ptrace_get_thread_area(struct task_struct *child, int idx,
+                struct user_desc __user *user_desc)
+{
+        struct user_desc info;
+        int ret;
+        if (!host_supports_tls)
+                return -EIO;
+        ret = get_tls_entry(child, &info, idx);
+        if (ret < 0)
+                goto out;
+        if (copy_to_user(user_desc, &info, sizeof(info)))
+                ret = -EFAULT;
+out:
+        return ret;
+}
+/* XXX: This part is probably common to i386 and x86-64. Don't create a common
+ * file for now, do that when implementing x86-64 support.*/
+static int __init __setup_host_supports_tls(void) {
+        check_host_supports_tls(&host_supports_tls, &host_gdt_entry_tls_min);
+        if (host_supports_tls) {
+                printk(KERN_INFO "Host TLS support detected\n");
+                printk(KERN_INFO "Detected host type: ");
+                switch (host_gdt_entry_tls_min) {
+                        case GDT_ENTRY_TLS_MIN_I386:
+                                printk("i386\n");
+                                break;
+                        case GDT_ENTRY_TLS_MIN_X86_64:
+                                printk("x86_64\n");
+                                break;
+                }
+        } else
+                printk(KERN_ERR "  Host TLS support NOT detected! "
+                                "TLS support inside UML will not work\n");
+        return 1;
+}
+__initcall(__setup_host_supports_tls);
diff --git a/arch/um/sys-i386/user-offsets.c b/arch/um/sys-i386/user-offsets.c
index 26b68675053d..6f4ef2b7fa4a 100644
--- a/arch/um/sys-i386/user-offsets.c
+++ b/arch/um/sys-i386/user-offsets.c
@@ -3,12 +3,13 @@
 #include <asm/ptrace.h>
 #include <asm/user.h>
 #include <linux/stddef.h>
+#include <sys/poll.h>
 #define DEFINE(sym, val) \
-        asm volatile("\n->" #sym " %0 " #val : : "i" (val))
+        asm volatile("\n->" #sym " %0 " #val : : "i" (val))
 #define DEFINE_LONGS(sym, val) \
-        asm volatile("\n->" #sym " %0 " #val : : "i" (val/sizeof(unsigned long)))
+        asm volatile("\n->" #sym " %0 " #val : : "i" (val/sizeof(unsigned long)))
 #define OFFSET(sym, str, mem) \
        DEFINE(sym, offsetof(struct str, mem));
@@ -67,4 +68,9 @@ void foo(void)
        DEFINE(HOST_ES, ES);
        DEFINE(HOST_GS, GS);
        DEFINE(UM_FRAME_SIZE, sizeof(struct user_regs_struct));
+        /* XXX Duplicated between i386 and x86_64 */
+        DEFINE(UM_POLLIN, POLLIN);
+        DEFINE(UM_POLLPRI, POLLPRI);
+        DEFINE(UM_POLLOUT, POLLOUT);
 }
diff --git a/arch/um/sys-x86_64/Makefile b/arch/um/sys-x86_64/Makefile
index a351091fbd99..b5fc22babddf 100644
--- a/arch/um/sys-x86_64/Makefile
+++ b/arch/um/sys-x86_64/Makefile
@@ -4,31 +4,23 @@
 # Licensed under the GPL
 #
-#XXX: why into lib-y?
+obj-y = bugs.o delay.o fault.o ldt.o mem.o ptrace.o ptrace_user.o \
-lib-y = bitops.o bugs.o csum-partial.o delay.o fault.o ldt.o mem.o memcpy.o \
+        sigcontext.o signal.o syscalls.o syscall_table.o sysrq.o ksyms.o \
-        ptrace.o ptrace_user.o sigcontext.o signal.o syscalls.o \
+        tls.o
-        syscall_table.o sysrq.o thunk.o
-lib-$(CONFIG_MODE_SKAS) += stub.o stub_segv.o
-obj-y := ksyms.o
+obj-$(CONFIG_MODE_SKAS) += stub.o stub_segv.o
-obj-$(CONFIG_MODULES) += module.o um_module.o
+obj-$(CONFIG_MODULES) += um_module.o
-USER_OBJS := ptrace_user.o sigcontext.o stub_segv.o
+subarch-obj-y = lib/bitops.o lib/csum-partial.o lib/memcpy.o lib/thunk.o
+subarch-obj-$(CONFIG_MODULES) += kernel/module.o
-SYMLINKS = bitops.c csum-copy.S csum-partial.c csum-wrappers.c ldt.c memcpy.S \
+ldt-y = ../sys-i386/ldt.o
-        thunk.S module.c
-include arch/um/scripts/Makefile.rules
+USER_OBJS := ptrace_user.o sigcontext.o stub_segv.o
-bitops.c-dir = lib
+include arch/um/scripts/Makefile.rules
-csum-copy.S-dir = lib
-csum-partial.c-dir = lib
-csum-wrappers.c-dir = lib
-ldt.c-dir = /arch/um/sys-i386
-memcpy.S-dir = lib
-thunk.S-dir = lib
-module.c-dir = kernel
-$(obj)/stub_segv.o: _c_flags = $(call unprofile,$(CFLAGS))
+extra-$(CONFIG_MODE_TT) += unmap.o
-include arch/um/scripts/Makefile.unmap
+$(obj)/stub_segv.o $(obj)/unmap.o: \
+        _c_flags = $(call unprofile,$(CFLAGS))
diff --git a/arch/um/sys-x86_64/ptrace.c b/arch/um/sys-x86_64/ptrace.c
index 74eee5c7c6dd..147bbf05cbc2 100644
--- a/arch/um/sys-x86_64/ptrace.c
+++ b/arch/um/sys-x86_64/ptrace.c
@@ -8,6 +8,7 @@
 #include <asm/ptrace.h>
 #include <linux/sched.h>
 #include <linux/errno.h>
+#include <linux/mm.h>
 #include <asm/uaccess.h>
 #include <asm/elf.h>
@@ -136,9 +137,28 @@ void arch_switch(void)
 */
 }
+/* XXX Mostly copied from sys-i386 */
 int is_syscall(unsigned long addr)
 {
-        panic("is_syscall");
+        unsigned short instr;
+        int n;
+        n = copy_from_user(&instr, (void __user *) addr, sizeof(instr));
+        if(n){
+                /* access_process_vm() grants access to vsyscall and stub,
+                 * while copy_from_user doesn't. Maybe access_process_vm is
+                 * slow, but that doesn't matter, since it will be called only
+                 * in case of singlestepping, if copy_from_user failed.
+                 */
+                n = access_process_vm(current, addr, &instr, sizeof(instr), 0);
+                if(n != sizeof(instr)) {
+                        printk("is_syscall : failed to read instruction from "
+                               "0x%lx\n", addr);
+                        return(1);
+                }
+        }
+        /* sysenter */
+        return(instr == 0x050f);
 }
 int dump_fpu(struct pt_regs *regs, elf_fpregset_t *fpu )
diff --git a/arch/um/sys-x86_64/signal.c b/arch/um/sys-x86_64/signal.c
index fe1d065332b1..e75c4e1838b0 100644
--- a/arch/um/sys-x86_64/signal.c
+++ b/arch/um/sys-x86_64/signal.c
@@ -55,7 +55,8 @@ static int copy_sc_from_user_skas(struct pt_regs *regs,
 }
 int copy_sc_to_user_skas(struct sigcontext *to, struct _fpstate *to_fp,
-                        struct pt_regs *regs, unsigned long mask)
+                         struct pt_regs *regs, unsigned long mask,
+                         unsigned long sp)
 {
        struct faultinfo * fi = &current->thread.arch.faultinfo;
        int err = 0;
@@ -70,7 +71,11 @@ int copy_sc_to_user_skas(struct sigcontext *to, struct _fpstate *to_fp,
        err |= PUTREG(regs, RDI, to, rdi);
        err |= PUTREG(regs, RSI, to, rsi);
        err |= PUTREG(regs, RBP, to, rbp);
-        err |= PUTREG(regs, RSP, to, rsp);
+        /* Must use orignal RSP, which is passed in, rather than what's in
+         * the pt_regs, because that's already been updated to point at the
+         * signal frame.
+         */
+        err |= __put_user(sp, &to->rsp);
        err |= PUTREG(regs, RBX, to, rbx);
        err |= PUTREG(regs, RDX, to, rdx);
        err |= PUTREG(regs, RCX, to, rcx);
@@ -102,7 +107,7 @@ int copy_sc_to_user_skas(struct sigcontext *to, struct _fpstate *to_fp,
 #ifdef CONFIG_MODE_TT
 int copy_sc_from_user_tt(struct sigcontext *to, struct sigcontext *from,
-                        int fpsize)
+                         int fpsize)
 {
        struct _fpstate *to_fp, *from_fp;
        unsigned long sigs;
@@ -120,7 +125,7 @@ int copy_sc_from_user_tt(struct sigcontext *to, struct sigcontext *from,
 }
 int copy_sc_to_user_tt(struct sigcontext *to, struct _fpstate *fp,
-                      struct sigcontext *from, int fpsize)
+                       struct sigcontext *from, int fpsize, unsigned long sp)
 {
        struct _fpstate *to_fp, *from_fp;
        int err;
@@ -128,11 +133,17 @@ int copy_sc_to_user_tt(struct sigcontext *to, struct _fpstate *fp,
        to_fp = (fp ? fp : (struct _fpstate *) (to + 1));
        from_fp = from->fpstate;
        err = copy_to_user(to, from, sizeof(*to));
+        /* The SP in the sigcontext is the updated one for the signal
+         * delivery.  The sp passed in is the original, and this needs
+         * to be restored, so we stick it in separately.
+         */
+        err |= copy_to_user(&SC_SP(to), sp, sizeof(sp));
        if(from_fp != NULL){
                err |= copy_to_user(&to->fpstate, &to_fp, sizeof(to->fpstate));
                err |= copy_to_user(to_fp, from_fp, fpsize);
        }
-        return(err);
+        return err;
 }
 #endif
@@ -148,11 +159,12 @@ static int copy_sc_from_user(struct pt_regs *to, void __user *from)
 }
 static int copy_sc_to_user(struct sigcontext *to, struct _fpstate *fp,
-                          struct pt_regs *from, unsigned long mask)
+                           struct pt_regs *from, unsigned long mask,
+                           unsigned long sp)
 {
       return(CHOOSE_MODE(copy_sc_to_user_tt(to, fp, UPT_SC(&from->regs),
-                                             sizeof(*fp)),
+                                             sizeof(*fp), sp),
-                          copy_sc_to_user_skas(to, fp, from, mask)));
+                          copy_sc_to_user_skas(to, fp, from, mask, sp)));
 }
 struct rt_sigframe
@@ -170,6 +182,7 @@ int setup_signal_stack_si(unsigned long stack_top, int sig,
 {
        struct rt_sigframe __user *frame;
        struct _fpstate __user *fp = NULL;
+        unsigned long save_sp = PT_REGS_RSP(regs);
        int err = 0;
        struct task_struct *me = current;
@@ -193,14 +206,25 @@ int setup_signal_stack_si(unsigned long stack_top, int sig,
                        goto out;
        }
+        /* Update SP now because the page fault handler refuses to extend
+         * the stack if the faulting address is too far below the current
+         * SP, which frame now certainly is.  If there's an error, the original
+         * value is restored on the way out.
+         * When writing the sigcontext to the stack, we have to write the
+         * original value, so that's passed to copy_sc_to_user, which does
+         * the right thing with it.
+         */
+        PT_REGS_RSP(regs) = (unsigned long) frame;
        /* Create the ucontext.  */
        err |= __put_user(0, &frame->uc.uc_flags);
        err |= __put_user(0, &frame->uc.uc_link);
        err |= __put_user(me->sas_ss_sp, &frame->uc.uc_stack.ss_sp);
-        err |= __put_user(sas_ss_flags(PT_REGS_SP(regs)),
+        err |= __put_user(sas_ss_flags(save_sp),
                          &frame->uc.uc_stack.ss_flags);
        err |= __put_user(me->sas_ss_size, &frame->uc.uc_stack.ss_size);
-        err |= copy_sc_to_user(&frame->uc.uc_mcontext, fp, regs, set->sig[0]);
+        err |= copy_sc_to_user(&frame->uc.uc_mcontext, fp, regs, set->sig[0],
+                save_sp);
        err |= __put_user(fp, &frame->uc.uc_mcontext.fpstate);
        if (sizeof(*set) == 16) {
                __put_user(set->sig[0], &frame->uc.uc_sigmask.sig[0]);
@@ -217,10 +241,10 @@ int setup_signal_stack_si(unsigned long stack_top, int sig,
                err |= __put_user(ka->sa.sa_restorer, &frame->pretcode);
        else
                /* could use a vstub here */
-                goto out;
+                goto restore_sp;
        if (err)
-                goto out;
+                goto restore_sp;
        /* Set up registers for signal handler */
        {
@@ -238,10 +262,12 @@ int setup_signal_stack_si(unsigned long stack_top, int sig,
        PT_REGS_RSI(regs) = (unsigned long) &frame->info;
        PT_REGS_RDX(regs) = (unsigned long) &frame->uc;
        PT_REGS_RIP(regs) = (unsigned long) ka->sa.sa_handler;
-        PT_REGS_RSP(regs) = (unsigned long) frame;
 out:
-        return(err);
+        return err;
+restore_sp:
+        PT_REGS_RSP(regs) = save_sp;
+        return err;
 }
 long sys_rt_sigreturn(struct pt_regs *regs)
diff --git a/arch/um/sys-x86_64/tls.c b/arch/um/sys-x86_64/tls.c
new file mode 100644
index 000000000000..ce1bf1b81c43
--- /dev/null
+++ b/arch/um/sys-x86_64/tls.c
@@ -0,0 +1,14 @@
+#include "linux/sched.h"
+void debug_arch_force_load_TLS(void)
+{
+}
+void clear_flushed_tls(struct task_struct *task)
+{
+}
+int arch_copy_tls(struct task_struct *t)
+{
+        return 0;
+}
diff --git a/arch/um/sys-x86_64/user-offsets.c b/arch/um/sys-x86_64/user-offsets.c
index 7bd54a921cf7..899cebb57c3f 100644
--- a/arch/um/sys-x86_64/user-offsets.c
+++ b/arch/um/sys-x86_64/user-offsets.c
@@ -1,6 +1,7 @@
 #include <stdio.h>
 #include <stddef.h>
 #include <signal.h>
+#include <sys/poll.h>
 #define __FRAME_OFFSETS
 #include <asm/ptrace.h>
 #include <asm/types.h>
@@ -88,4 +89,9 @@ void foo(void)
        DEFINE_LONGS(HOST_IP, RIP);
        DEFINE_LONGS(HOST_SP, RSP);
        DEFINE(UM_FRAME_SIZE, sizeof(struct user_regs_struct));
+        /* XXX Duplicated between i386 and x86_64 */
+        DEFINE(UM_POLLIN, POLLIN);
+        DEFINE(UM_POLLPRI, POLLPRI);
+        DEFINE(UM_POLLOUT, POLLOUT);
 }