17 files changed, 197 insertions, 96 deletions
diff --git a/arch/i386/.kernel_offset.lds b/arch/i386/.kernel_offset.lds
new file mode 100644
index 000000000..9cfd927bf
--- /dev/null
+++ b/arch/i386/.kernel_offset.lds
@@ -0,0 +1 @@
+__kernel_offset__ = (0x1000-1024)*1024*1024;
diff --git a/arch/i386/Makefile b/arch/i386/Makefile
index 98bde850f..359c20b9b 100644
--- a/arch/i386/Makefile
+++ b/arch/i386/Makefile
@@ -58,6 +58,9 @@ SUBDIRS := $(SUBDIRS) arch/i386/math-emu
 DRIVERS := $(DRIVERS) arch/i386/math-emu/math.a
 endif
 
+memsize: dummy
+	@echo "__kernel_offset__ = (0x1000-$(CONFIG_MAX_MEMSIZE))*1024*1024;" > arch/i386/.kernel_offset.lds
+
 arch/i386/kernel: dummy
 	$(MAKE) linuxsubdirs SUBDIRS=arch/i386/kernel
 
@@ -66,27 +69,27 @@ arch/i386/mm: dummy
 
 MAKEBOOT = $(MAKE) -C arch/$(ARCH)/boot
 
-zImage: vmlinux
+zImage: memsize vmlinux
 	@$(MAKEBOOT) zImage
 
-bzImage: vmlinux
+bzImage: memsize vmlinux
 	@$(MAKEBOOT) bzImage
 
 compressed: zImage
 
-zlilo: vmlinux
+zlilo: memsize vmlinux
 	@$(MAKEBOOT) BOOTIMAGE=zImage zlilo
 
-bzlilo: vmlinux
+bzlilo: memsize vmlinux
 	@$(MAKEBOOT) BOOTIMAGE=bzImage zlilo
 
-zdisk: vmlinux
+zdisk: memsize vmlinux
 	@$(MAKEBOOT) BOOTIMAGE=zImage zdisk
 
-bzdisk: vmlinux
+bzdisk: memsize vmlinux
 	@$(MAKEBOOT) BOOTIMAGE=bzImage zdisk
 
-install: vmlinux
+install: memsize vmlinux
 	@$(MAKEBOOT) BOOTIMAGE=bzImage install
 
 archclean:
diff --git a/arch/i386/config.in b/arch/i386/config.in
index 3e52c2218..058f908e3 100644
--- a/arch/i386/config.in
+++ b/arch/i386/config.in
@@ -17,6 +17,7 @@ choice 'Processor family' \
 	 Pentium/K5/5x86/6x86	CONFIG_M586	\
 	 PPro/K6/6x86MX		CONFIG_M686" Pentium
 bool 'Math emulation' CONFIG_MATH_EMULATION
+int ' Max physical memory in MB' CONFIG_MAX_MEMSIZE 1024
 endmenu
 
 mainmenu_option next_comment
@@ -24,7 +25,7 @@ comment 'Loadable module support'
 bool 'Enable loadable module support' CONFIG_MODULES
 if [ "$CONFIG_MODULES" = "y" ]; then
   bool 'Set version information on all symbols for modules' CONFIG_MODVERSIONS
-  bool 'Kernel daemon support (e.g. autoload of modules)' CONFIG_KERNELD
+  bool 'Kernel module loader' CONFIG_KMOD
 fi
 endmenu
 
diff --git a/arch/i386/defconfig b/arch/i386/defconfig
index 2ca6da6bc..f3792ce05 100644
--- a/arch/i386/defconfig
+++ b/arch/i386/defconfig
@@ -15,13 +15,14 @@
 CONFIG_M586=y
 # CONFIG_M686 is not set
 # CONFIG_MATH_EMULATION is not set
+CONFIG_MAX_MEMSIZE=1024
 
 #
 # Loadable module support
 #
 CONFIG_MODULES=y
 # CONFIG_MODVERSIONS is not set
-# CONFIG_KERNELD is not set
+# CONFIG_KMOD is not set
 
 #
 # General setup
@@ -30,7 +31,6 @@ CONFIG_NET=y
 CONFIG_PCI=y
 CONFIG_PCI_BIOS=y
 CONFIG_PCI_DIRECT=y
-# CONFIG_PCI_OPTIMIZE is not set
 CONFIG_PCI_OLD_PROC=y
 # CONFIG_MCA is not set
 CONFIG_SYSVIPC=y
@@ -94,7 +94,6 @@ CONFIG_INET=y
 # CONFIG_IP_ADVANCED_ROUTER is not set
 # CONFIG_IP_PNP is not set
 # CONFIG_IP_ACCT is not set
-# CONFIG_IP_MASQUERADE is not set
 # CONFIG_IP_ROUTER is not set
 # CONFIG_NET_IPIP is not set
 # CONFIG_NET_IPGRE is not set
diff --git a/arch/i386/kernel/head.S b/arch/i386/kernel/head.S
index 6722c4f7f..048921838 100644
--- a/arch/i386/kernel/head.S
+++ b/arch/i386/kernel/head.S
@@ -11,6 +11,9 @@
 #include <linux/tasks.h>
 #include <linux/linkage.h>
 #include <asm/segment.h>
+#include <asm/page.h>
+#include <asm/pgtable.h>
+
 
 #define CL_MAGIC_ADDR	0x90020
 #define CL_MAGIC	0xA33F
@@ -54,9 +57,9 @@ startup_32:
  *	be using the global pages. 
  *
  *	NOTE! We have to correct for the fact that we're
- *	not yet offset 0xC0000000..
+ *	not yet offset PAGE_OFFSET..
  */
-#define cr4_bits mmu_cr4_features-0xC0000000
+#define cr4_bits mmu_cr4_features-__PAGE_OFFSET
 	movl %cr4,%eax		# Turn on 4Mb pages
 	orl cr4_bits,%eax
 	movl %eax,%cr4
@@ -368,7 +371,7 @@ check_x87:
  *  sets up a idt with 256 entries pointing to
  *  ignore_int, interrupt gates. It doesn't actually load
  *  idt - that can be done only after paging has been enabled
- *  and the kernel moved to 0xC0000000. Interrupts
+ *  and the kernel moved to PAGE_OFFSET. Interrupts
  *  are enabled elsewhere, when we can be relatively
  *  sure everything is ok.
  */
@@ -444,14 +447,16 @@ SYMBOL_NAME(gdt):
 /*
  * This is initialized to create a identity-mapping at 0-4M (for bootup
  * purposes) and another mapping of the 0-4M area at virtual address
- * 0xC0000000.
+ * PAGE_OFFSET.
  */
 .org 0x1000
 ENTRY(swapper_pg_dir)
 	.long 0x00102007
-	.fill 767,4,0
+	.fill __USER_PGD_PTRS-1,4,0
+	/* default: 767 entries */
 	.long 0x00102007
-	.fill 255,4,0
+	/* default: 255 entries */
+	.fill __KERNEL_PGD_PTRS-1,4,0
 
 /*
  * The page tables are initialized to only 4MB here - the final page
@@ -614,8 +619,8 @@ ENTRY(idt_table)
 	.fill 256,8,0		# idt is uninitialized
 
 /*
- * This gdt setup gives the kernel a 1GB address space at virtual
- * address 0xC0000000 - space enough for expansion, I hope.
+ * This gdt setup gives the kernel a CONFIG_MAX_MEMSIZE sized address space at
+ * virtual address PAGE_OFFSET.
  *
  * This contains up to 8192 quadwords depending on NR_TASKS - 64kB of
  * gdt entries.  Ugh. 
diff --git a/arch/i386/kernel/i386_ksyms.c b/arch/i386/kernel/i386_ksyms.c
index e5812400e..d2837d648 100644
--- a/arch/i386/kernel/i386_ksyms.c
+++ b/arch/i386/kernel/i386_ksyms.c
@@ -8,6 +8,7 @@
 #include <linux/in6.h>
 #include <linux/interrupt.h>
 #include <linux/smp_lock.h>
+#include <linux/pci.h>
 
 #include <asm/semaphore.h>
 #include <asm/processor.h>
@@ -97,3 +98,6 @@ EXPORT_SYMBOL(mca_isenabled);
 EXPORT_SYMBOL(mca_isadapter);
 #endif
 
+#if CONFIG_PCI
+EXPORT_SYMBOL(pci_devices);
+#endif
diff --git a/arch/i386/kernel/init_task.c b/arch/i386/kernel/init_task.c
index acc206942..c0571c769 100644
--- a/arch/i386/kernel/init_task.c
+++ b/arch/i386/kernel/init_task.c
@@ -6,6 +6,7 @@
 
 static struct vm_area_struct init_mmap = INIT_MMAP;
 static struct fs_struct init_fs = INIT_FS;
+static struct file * init_fd_array[NR_OPEN] = { NULL, };
 static struct files_struct init_files = INIT_FILES;
 static struct signal_struct init_signals = INIT_SIGNALS;
 struct mm_struct init_mm = INIT_MM;
diff --git a/arch/i386/kernel/io_apic.c b/arch/i386/kernel/io_apic.c
index be074cac6..219e7f853 100644
--- a/arch/i386/kernel/io_apic.c
+++ b/arch/i386/kernel/io_apic.c
@@ -271,7 +271,7 @@ void setup_IO_APIC_irqs (void)
 		if (!IO_APIC_IRQ(irq))
 			continue;
 
-		entry.vector = IO_APIC_GATE_OFFSET + (irq<<3);
+		entry.vector = IO_APIC_VECTOR(irq);
 
 		/*
 		 * Determine IRQ line polarity (high active or low active):
@@ -383,7 +383,7 @@ void setup_IO_APIC_irq_ISA_default (unsigned int irq)
 	entry.mask = 1;					/* unmask IRQ now */
 	entry.dest.logical.logical_dest = 0xff;		/* all CPUs */
 
-	entry.vector = IO_APIC_GATE_OFFSET + (irq<<3);
+	entry.vector = IO_APIC_VECTOR(irq);
 
 	entry.polarity=0;
 	entry.trigger=0;
@@ -513,7 +513,7 @@ void print_IO_APIC (void)
 	return;
 }
 
-void init_sym_mode (void)
+static void init_sym_mode (void)
 {
 	printk("enabling Symmetric IO mode ... ");
 		outb (0x70, 0x22);
@@ -521,6 +521,14 @@ void init_sym_mode (void)
 	printk("...done.\n");
 }
 
+void init_pic_mode (void)
+{
+	printk("disabling Symmetric IO mode ... ");
+		outb (0x70, 0x22);
+		outb (0x00, 0x23);
+	printk("...done.\n");
+}
+
 char ioapic_OEM_ID [16];
 char ioapic_Product_ID [16];
 
diff --git a/arch/i386/kernel/ioport.c b/arch/i386/kernel/ioport.c
index 9bb150075..44fd26530 100644
--- a/arch/i386/kernel/ioport.c
+++ b/arch/i386/kernel/ioport.c
@@ -13,6 +13,7 @@
 #include <linux/mm.h>
 #include <linux/smp.h>
 #include <linux/smp_lock.h>
+#include <linux/stddef.h>
 
 /* Set EXTENT bits starting at BASE in BITMAP to value TURN_ON. */
 static void set_bitmap(unsigned long *bitmap, short base, short extent, int new_value)
@@ -53,12 +54,25 @@ static void set_bitmap(unsigned long *bitmap, short base, short extent, int new_
  */
 asmlinkage int sys_ioperm(unsigned long from, unsigned long num, int turn_on)
 {
+	struct thread_struct * t = &current->tss;
+
 	if ((from + num <= from) || (from + num > IO_BITMAP_SIZE*32))
 		return -EINVAL;
 	if (!suser())
 		return -EPERM;
+	/*
+	 * If it's the first ioperm() call in this thread's lifetime, set the
+	 * IO bitmap up. ioperm() is much less timing critical than clone(),
+	 * this is why we delay this operation until now:
+	 */
+#define IO_BITMAP_OFFSET offsetof(struct thread_struct,io_bitmap)
+
+	if (t->bitmap != IO_BITMAP_OFFSET) {
+		t->bitmap = IO_BITMAP_OFFSET;
+		memset(t->io_bitmap,0xff,(IO_BITMAP_SIZE+1)*4);
+	}
 		
-	set_bitmap((unsigned long *)current->tss.io_bitmap, from, num, !turn_on);
+	set_bitmap((unsigned long *)t->io_bitmap, from, num, !turn_on);
 	return 0;
 }
 
diff --git a/arch/i386/kernel/irq.c b/arch/i386/kernel/irq.c
index 24c33be65..4823c1546 100644
--- a/arch/i386/kernel/irq.c
+++ b/arch/i386/kernel/irq.c
@@ -70,6 +70,7 @@ spinlock_t irq_controller_lock;
 
 static unsigned int irq_events [NR_IRQS] = { -1, };
 static int disabled_irq [NR_IRQS] = { 0, };
+static int ipi_pending [NR_IRQS] = { 0, };
 
 /*
  * Not all IRQs can be routed through the IO-APIC, eg. on certain (older)
@@ -489,12 +490,8 @@ static inline void wait_on_irq(int cpu)
  */
 void synchronize_bh(void)
 {
-	if (atomic_read(&global_bh_count)) {
-		int cpu = smp_processor_id();
-		if (!local_irq_count[cpu] && !local_bh_count[cpu]) {
+	if (atomic_read(&global_bh_count) && !in_interrupt())
 			wait_on_bh();
-		}
-	}
 }
 
 /*
@@ -672,8 +669,8 @@ void enable_8259A_irq (unsigned int irq)
 #ifdef __SMP__
 void enable_ioapic_irq (unsigned int irq)
 {
-	unsigned long flags;
-	int cpu = smp_processor_id(), should_handle_irq;
+	unsigned long flags, should_handle_irq;
+	int cpu = smp_processor_id();
 
 	spin_lock_irqsave(&irq_controller_lock, flags);
 	if (disabled_irq[irq])
@@ -682,18 +679,32 @@ void enable_ioapic_irq (unsigned int irq)
 		spin_unlock_irqrestore(&irq_controller_lock, flags);
 		return;
 	}
+#if 0
 	/*
 	 * In the SMP+IOAPIC case it might happen that there are an unspecified
-	 * number of pending IRQ events unhandled. We protect against multiple
-	 * enable_irq()'s executing them via disable_irq[irq]++
+	 * number of pending IRQ events unhandled. These cases are very rare,
+	 * so we 'resend' these IRQs via IPIs, to the same CPU. It's much
+	 * better to do it this way as thus we dont have to be aware of
+	 * 'pending' interrupts in the IRQ path, except at this point.
 	 */
 	if (!disabled_irq[irq] && irq_events[irq]) {
+		if (!ipi_pending[irq]) {
+			ipi_pending[irq] = 1;
+			--irq_events[irq];
+			send_IPI(cpu,IO_APIC_VECTOR(irq));
+		}
+	}
+	spin_unlock_irqrestore(&irq_controller_lock, flags);
+#else
+	if (!disabled_irq[irq] && irq_events[irq]) {
 		struct pt_regs regs; /* FIXME: these are fake currently */
 
 		disabled_irq[irq]++;
+		hardirq_enter(cpu);
 		spin_unlock(&irq_controller_lock);
+
 		release_irqlock(cpu);
-		irq_enter(cpu, irq);
+		while (test_bit(0,&global_irq_lock)) mb();
 again:
 		handle_IRQ_event(irq, &regs);
 
@@ -713,6 +724,7 @@ again:
 		__restore_flags(flags);
 	} else
 		spin_unlock_irqrestore(&irq_controller_lock, flags);
+#endif
 }
 #endif
 
@@ -775,15 +787,16 @@ static void do_ioapic_IRQ(unsigned int irq, int cpu, struct pt_regs * regs)
 	ack_APIC_irq();
 
 	spin_lock(&irq_controller_lock);
+	if (ipi_pending[irq])
+		ipi_pending[irq] = 0;
 
 	if (!irq_events[irq]++ && !disabled_irq[irq])
 		should_handle_irq = 1;
-
+	hardirq_enter(cpu);
 	spin_unlock(&irq_controller_lock);
 
-	irq_enter(cpu, irq);
-
 	if (should_handle_irq) {
+		while (test_bit(0,&global_irq_lock)) mb();
 again:
 		handle_IRQ_event(irq, regs);
 
@@ -797,7 +810,8 @@ again:
 			goto again;
 	}
 
-	irq_exit(cpu, irq);
+	hardirq_exit(cpu);
+	release_irqlock(cpu);
 }
 #endif
 
@@ -1034,7 +1048,7 @@ void init_IO_APIC_traps(void)
 	 * 0x80, because int 0x80 is hm, kindof importantish ;)
 	 */
 	for (i = 0; i < NR_IRQS ; i++)
-		if (IO_APIC_GATE_OFFSET+(i<<3) <= 0xfe)  /* HACK */ {
+		if (IO_APIC_VECTOR(i) <= 0xfe)  /* HACK */ {
 			if (IO_APIC_IRQ(i)) {
 				irq_handles[i] = &ioapic_irq_type;
 				/*
@@ -1071,8 +1085,8 @@ __initfunc(void init_IRQ(void))
 #ifdef __SMP__	
 
 	for (i = 0; i < NR_IRQS ; i++)
-		if (IO_APIC_GATE_OFFSET+(i<<3) <= 0xfe)  /* hack -- mingo */
-			set_intr_gate(IO_APIC_GATE_OFFSET+(i<<3),interrupt[i]);
+		if (IO_APIC_VECTOR(i) <= 0xfe)  /* hack -- mingo */
+			set_intr_gate(IO_APIC_VECTOR(i),interrupt[i]);
 
 	/*
 	 * The reschedule interrupt slowly changes it's functionality,
diff --git a/arch/i386/kernel/irq.h b/arch/i386/kernel/irq.h
index 6404bc9e3..9824026dc 100644
--- a/arch/i386/kernel/irq.h
+++ b/arch/i386/kernel/irq.h
@@ -2,13 +2,12 @@
 #define __irq_h
 
 /*
- * Various low-level irq details needed by irq.c and smp.c
+ * Various low-level irq details needed by irq.c, process.c,
+ * time.c, io_apic.c and smp.c
  *
  * Interrupt entry/exit code at both C and assembly level
  */
 
-#define IO_APIC_GATE_OFFSET 0x51
-
 void mask_irq(unsigned int irq);
 void unmask_irq(unsigned int irq);
 void enable_IO_APIC_irq (unsigned int irq);
@@ -19,9 +18,16 @@ void setup_IO_APIC (void);
 void init_IO_APIC_traps(void);
 int IO_APIC_get_PCI_irq_vector (int bus, int slot, int fn);
 void make_8259A_irq (unsigned int irq);
+void send_IPI (int dest, int vector);
+void init_pic_mode (void);
 
 extern unsigned int io_apic_irqs;
 
+extern inline int IO_APIC_VECTOR (int irq)
+{
+	return (0x51+(irq<<3));
+}
+
 #define MAX_IRQ_SOURCES 128
 #define MAX_MP_BUSSES 32
 enum mp_bustype {
@@ -38,6 +44,7 @@ extern spinlock_t irq_controller_lock; /*
 					* IO-APIC
 					*/
 
+
 #ifdef __SMP__
 
 #include <asm/atomic.h>
diff --git a/arch/i386/kernel/process.c b/arch/i386/kernel/process.c
index 629e7ef12..6f2245790 100644
--- a/arch/i386/kernel/process.c
+++ b/arch/i386/kernel/process.c
@@ -44,6 +44,7 @@
 #ifdef CONFIG_MATH_EMULATION
 #include <asm/math_emu.h>
 #endif
+#include "irq.h"
 
 #ifdef __SMP__
 asmlinkage void ret_from_smpfork(void) __asm__("ret_from_smpfork");
@@ -280,6 +281,12 @@ static inline void kb_wait(void)
 
 void machine_restart(char * __unused)
 {
+#if __SMP__
+	/*
+	 * turn off the IO-APIC, so we can do a clean reboot
+	 */
+	init_pic_mode();
+#endif
 
 	if(!reboot_thru_bios) {
 		/* rebooting needs to touch the page at absolute addr 0 */
@@ -314,10 +321,10 @@ void machine_restart(char * __unused)
 
 	/* Remap the kernel at virtual address zero, as well as offset zero
 	   from the kernel segment.  This assumes the kernel segment starts at
-	   virtual address 0xc0000000. */
+	   virtual address PAGE_OFFSET. */
 
-	memcpy (swapper_pg_dir, swapper_pg_dir + 768,
-		sizeof (swapper_pg_dir [0]) * 256);
+	memcpy (swapper_pg_dir, swapper_pg_dir + USER_PGD_PTRS,
+		sizeof (swapper_pg_dir [0]) * KERNEL_PGD_PTRS);
 
 	/* Make sure the first page is mapped to the start of physical memory.
 	   It is normally not mapped, to trap kernel NULL pointer dereferences. */
@@ -473,7 +480,6 @@ void release_thread(struct task_struct *dead_task)
 int copy_thread(int nr, unsigned long clone_flags, unsigned long esp,
 	struct task_struct * p, struct pt_regs * regs)
 {
-	int i;
 	struct pt_regs * childregs;
 
 	p->tss.tr = _TSS(nr);
@@ -510,9 +516,13 @@ int copy_thread(int nr, unsigned long clone_flags, unsigned long esp,
 		set_ldt_desc(gdt+(nr<<1)+FIRST_LDT_ENTRY,p->ldt, 512);
 	else
 		set_ldt_desc(gdt+(nr<<1)+FIRST_LDT_ENTRY,&default_ldt, 1);
-	p->tss.bitmap = offsetof(struct thread_struct,io_bitmap);
-	for (i = 0; i < IO_BITMAP_SIZE+1 ; i++) /* IO bitmap is actually SIZE+1 */
-		p->tss.io_bitmap[i] = ~0;
+	/*
+	 * a bitmap offset pointing outside of the TSS limit causes a nicely
+	 * controllable SIGSEGV. The first sys_ioperm() call sets up the
+	 * bitmap properly.
+	 */
+	p->tss.bitmap = sizeof(struct thread_struct);
+
 	if (last_task_used_math == current)
 		__asm__("clts ; fnsave %0 ; frstor %0":"=m" (p->tss.i387));
 
diff --git a/arch/i386/kernel/ptrace.c b/arch/i386/kernel/ptrace.c
index ca2147ee7..d05b54b63 100644
--- a/arch/i386/kernel/ptrace.c
+++ b/arch/i386/kernel/ptrace.c
@@ -371,7 +371,10 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
 	if (pid == 1)		/* you may not mess with init */
 		goto out;
 	ret = -ESRCH;
-	if (!(child = find_task_by_pid(pid)))
+	read_lock(&tasklist_lock);
+	child = find_task_by_pid(pid);
+	read_unlock(&tasklist_lock);	/* FIXME!!! */
+	if (!child)
 		goto out;
 	ret = -EPERM;
 	if (request == PTRACE_ATTACH) {
@@ -390,9 +393,13 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
 			goto out;
 		child->flags |= PF_PTRACED;
 		if (child->p_pptr != current) {
+			unsigned long flags;
+
+			write_lock_irqsave(&tasklist_lock, flags);
 			REMOVE_LINKS(child);
 			child->p_pptr = current;
 			SET_LINKS(child);
+			write_unlock_irqrestore(&tasklist_lock, flags);
 		}
 		send_sig(SIGSTOP, child, 1);
 		ret = 0;
@@ -545,6 +552,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
 		}
 
 		case PTRACE_DETACH: { /* detach a process that was attached. */
+			unsigned long flags;
 			long tmp;
 
 			ret = -EIO;
@@ -553,9 +561,11 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
 			child->flags &= ~(PF_PTRACED|PF_TRACESYS);
 			wake_up_process(child);
 			child->exit_code = data;
+			write_lock_irqsave(&tasklist_lock, flags);
 			REMOVE_LINKS(child);
 			child->p_pptr = child->p_opptr;
 			SET_LINKS(child);
+			write_unlock_irqrestore(&tasklist_lock, flags);
 			/* make sure the single step bit is not set. */
 			tmp = get_stack_long(child, EFL_OFFSET) & ~TRAP_FLAG;
 			put_stack_long(child, EFL_OFFSET, tmp);
diff --git a/arch/i386/kernel/smp.c b/arch/i386/kernel/smp.c
index 6f4bc60ec..9ca377128 100644
--- a/arch/i386/kernel/smp.c
+++ b/arch/i386/kernel/smp.c
@@ -1108,23 +1108,59 @@ __initfunc(void smp_boot_cpus(void))
 	setup_IO_APIC();
 }
 
+
+void send_IPI (int dest, int vector)
+{
+	unsigned long cfg;
+	unsigned long flags;
+
+	__save_flags(flags);
+	__cli();
+
+	/*
+	 * prepare target chip field
+	 */
+
+	cfg = apic_read(APIC_ICR2) & 0x00FFFFFF;
+	apic_write(APIC_ICR2, cfg|SET_APIC_DEST_FIELD(dest));
+
+	cfg = apic_read(APIC_ICR);
+	cfg &= ~0xFDFFF;
+	cfg |= APIC_DEST_FIELD|APIC_DEST_DM_FIXED|vector;
+	cfg |= dest;
+	
+	/*
+	 * Send the IPI. The write to APIC_ICR fires this off.
+	 */
+	
+	apic_write(APIC_ICR, cfg);
+	__restore_flags(flags);
+}
+
+void funny (void)
+{
+	send_IPI(APIC_DEST_ALLBUT,0x30 /*IO_APIC_VECTOR(11)*/);
+	for(;;)__cli();
+}
+
 /*
- *	A non wait message cannot pass data or cpu source info. This current setup
- *	is only safe because the kernel lock owner is the only person who can send a message.
+ * A non wait message cannot pass data or cpu source info. This current setup
+ * is only safe because the kernel lock owner is the only person who can send
+ * a message.
  *
- *	Wrapping this whole block in a spinlock is not the safe answer either. A processor may
- *	get stuck with irq's off waiting to send a message and thus not replying to the person
- *	spinning for a reply....
+ * Wrapping this whole block in a spinlock is not the safe answer either. A
+ * processor may get stuck with irq's off waiting to send a message and thus
+ * not replying to the person spinning for a reply....
  *
- *	In the end flush tlb ought to be the NMI and a very very short function (to avoid the old
- *	IDE disk problems), and other messages sent with IRQ's enabled in a civilised fashion. That
- *	will also boost performance.
+ * In the end flush tlb ought to be the NMI and a very very short function
+ * (to avoid the old IDE disk problems), and other messages sent with IRQ's
+ * enabled in a civilised fashion. That will also boost performance.
  */
 
 void smp_message_pass(int target, int msg, unsigned long data, int wait)
 {
-	unsigned long flags;
 	unsigned long cfg;
+	unsigned long dest = 0;
 	unsigned long target_map;
 	int p=smp_processor_id();
 	int irq;
@@ -1166,11 +1202,11 @@ void smp_message_pass(int target, int msg, unsigned long data, int wait)
 	}
 
 	/*
-	 *	Sanity check we don't re-enter this across CPU's. Only the kernel
-	 *	lock holder may send messages. For a STOP_CPU we are bringing the
-	 *	entire box to the fastest halt we can.. A reschedule carries
-	 *	no data and can occur during a flush.. guess what panic
-	 *	I got to notice this bug...
+	 * Sanity check we don't re-enter this across CPU's. Only the kernel
+	 * lock holder may send messages. For a STOP_CPU we are bringing the
+	 * entire box to the fastest halt we can.. A reschedule carries
+	 * no data and can occur during a flush.. guess what panic
+	 * I got to notice this bug...
 	 */
 	
 	/*
@@ -1183,11 +1219,11 @@ void smp_message_pass(int target, int msg, unsigned long data, int wait)
 		p, msg, target);*/
 
 	/*
-	 *	Wait for the APIC to become ready - this should never occur. Its
-	 *	a debugging check really.
+	 * Wait for the APIC to become ready - this should never occur. Its
+	 * a debugging check really.
 	 */
 	
-	while(ct<1000)
+	while (ct<1000)
 	{
 		cfg=apic_read(APIC_ICR);
 		if(!(cfg&(1<<12)))
@@ -1204,49 +1240,32 @@ void smp_message_pass(int target, int msg, unsigned long data, int wait)
 		printk("CPU #%d: previous IPI still not cleared after 10mS\n", p);
 
 	/*
-	 *	Program the APIC to deliver the IPI
-	 */
-
-	__save_flags(flags);
-	__cli();
-	cfg=apic_read(APIC_ICR2);
-	cfg&=0x00FFFFFF;
-	apic_write(APIC_ICR2, cfg|SET_APIC_DEST_FIELD(target));			/* Target chip     		*/
-	cfg=apic_read(APIC_ICR);
-	cfg&=~0xFDFFF;								/* Clear bits 			*/
-	cfg|=APIC_DEST_FIELD|APIC_DEST_DM_FIXED|irq;				/* Send an IRQ 13		*/
-
-	/*
 	 *	Set the target requirement
 	 */
 	
 	if(target==MSG_ALL_BUT_SELF)
 	{
-		cfg|=APIC_DEST_ALLBUT;
+		dest=APIC_DEST_ALLBUT;
 		target_map=cpu_present_map;
 		cpu_callin_map[0]=(1<<p);
 	}
 	else if(target==MSG_ALL)
 	{
-		cfg|=APIC_DEST_ALLINC;
+		dest=APIC_DEST_ALLINC;
 		target_map=cpu_present_map;
 		cpu_callin_map[0]=0;
 	}
 	else
-	{
-		target_map=(1<<target);
-		cpu_callin_map[0]=0;
-	}
+		panic("huh?");
 
 	/*
-	 *	Send the IPI. The write to APIC_ICR fires this off.
+	 * Program the APIC to deliver the IPI
 	 */
-	
-	apic_write(APIC_ICR, cfg);
-	__restore_flags(flags);
+
+	send_IPI(dest,irq);
 
 	/*
-	 *	Spin waiting for completion
+	 * Spin waiting for completion
 	 */
 	
 	switch(wait)
@@ -1443,6 +1462,7 @@ asmlinkage void smp_reschedule_interrupt(void)
 	int cpu = smp_processor_id();
 
 	ack_APIC_irq();
+	for (;;) __cli();
 	/*
 	 * This looks silly, but we actually do need to wait
 	 * for the global interrupt lock.
@@ -1694,8 +1714,10 @@ __initfunc(void setup_APIC_clock (void))
 	/*
 	 * We ACK the APIC, just in case there is something pending.
 	 */
+
 	ack_APIC_irq ();
 
+
 	restore_flags(flags);
 }
 
diff --git a/arch/i386/kernel/trampoline.S b/arch/i386/kernel/trampoline.S
index 9cee704f1..1f5303a9e 100644
--- a/arch/i386/kernel/trampoline.S
+++ b/arch/i386/kernel/trampoline.S
@@ -28,6 +28,7 @@
 
 #include <linux/linkage.h>
 #include <asm/segment.h>
+#include <asm/page.h>
 
 .data
 
@@ -62,7 +63,7 @@ idt_48:
 
 gdt_48:
 	.word	0x0800			# gdt limit = 2048, 256 GDT entries
-	.long	gdt_table-0xc0000000	# gdt base = gdt (first SMP CPU)
+	.long	gdt_table-__PAGE_OFFSET	# gdt base = gdt (first SMP CPU)
 
 .globl SYMBOL_NAME(trampoline_end)
 SYMBOL_NAME_LABEL(trampoline_end)
diff --git a/arch/i386/mm/init.c b/arch/i386/mm/init.c
index f9172bdae..ef3ac57f4 100644
--- a/arch/i386/mm/init.c
+++ b/arch/i386/mm/init.c
@@ -204,8 +204,8 @@ __initfunc(unsigned long paging_init(unsigned long start_mem, unsigned long end_
 	/* unmap the original low memory mappings */
 	pgd_val(pg_dir[0]) = 0;
 
-	/* Map whole memory from 0xC0000000 */
-	pg_dir += 768;
+	/* Map whole memory from PAGE_OFFSET */
+	pg_dir += USER_PGD_PTRS;
 	while (address < end_mem) {
 		/*
 		 * If we're running on a Pentium CPU, we can use the 4MB
diff --git a/arch/i386/vmlinux.lds b/arch/i386/vmlinux.lds
index 7a1fd3d08..0284015ad 100644
--- a/arch/i386/vmlinux.lds
+++ b/arch/i386/vmlinux.lds
@@ -1,12 +1,13 @@
 /* ld script to make i386 Linux kernel
  * Written by Martin Mares <mj@atrey.karlin.mff.cuni.cz>
  */
+INCLUDE arch/i386/.kernel_offset.lds
 OUTPUT_FORMAT("elf32-i386", "elf32-i386", "elf32-i386")
 OUTPUT_ARCH(i386)
 ENTRY(_start)
 SECTIONS
 {
-  . = 0xc0100000;
+  . = __kernel_offset__ + 0x100000;
   _text = .;			/* Text and read-only data */
   .text : {
 	*(.text)