--- olpc-2.6-master.00/arch/alpha/kernel/asm-offsets.c	2007-02-28 20:05:25.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/alpha/kernel/asm-offsets.c	2007-03-01 11:52:20.000000000 -0500
@@ -36,6 +36,7 @@ void foo(void)
 	DEFINE(PT_PTRACED, PT_PTRACED);
 	DEFINE(CLONE_VM, CLONE_VM);
 	DEFINE(CLONE_UNTRACED, CLONE_UNTRACED);
+	DEFINE(CLONE_KTHREAD, CLONE_KTHREAD);
 	DEFINE(SIGCHLD, SIGCHLD);
 	BLANK();
 
--- olpc-2.6-master.00/arch/alpha/kernel/entry.S	2007-02-28 20:05:25.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/alpha/kernel/entry.S	2007-03-01 11:52:20.000000000 -0500
@@ -644,7 +644,7 @@ kernel_thread:
 	stq	$2, 152($sp)		/* HAE */
 
 	/* Shuffle FLAGS to the front; add CLONE_VM.  */
-	ldi	$1, CLONE_VM|CLONE_UNTRACED
+	ldi	$1, CLONE_VM | CLONE_UNTRACED | CLONE_KTHREAD;
 	or	$18, $1, $16
 	bsr	$26, sys_clone
 
--- olpc-2.6-master.00/arch/arm/kernel/process.c	2007-02-28 20:05:25.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/arm/kernel/process.c	2007-03-01 11:52:20.000000000 -0500
@@ -414,7 +415,8 @@ pid_t kernel_thread(int (*fn)(void *), v
 	regs.ARM_pc = (unsigned long)kernel_thread_helper;
 	regs.ARM_cpsr = SVC_MODE;
 
-	return do_fork(flags|CLONE_VM|CLONE_UNTRACED, 0, &regs, 0, NULL, NULL);
+	return do_fork(flags | CLONE_VM | CLONE_UNTRACED | CLONE_KTHREAD,
+		0, &regs, 0, NULL, NULL);
 }
 EXPORT_SYMBOL(kernel_thread);
 
--- olpc-2.6-master.00/arch/arm26/kernel/process.c	2007-02-28 20:05:25.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/arm26/kernel/process.c	2007-03-01 11:52:20.000000000 -0500
@@ -365,7 +365,8 @@ pid_t kernel_thread(int (*fn)(void *), v
         regs.ARM_r3 = (unsigned long)do_exit;
         regs.ARM_pc = (unsigned long)kernel_thread_helper | MODE_SVC26;
 
-        return do_fork(flags|CLONE_VM|CLONE_UNTRACED, 0, &regs, 0, NULL, NULL);
+	return do_fork(flags | CLONE_VM | CLONE_UNTRACED | CLONE_KTHREAD,
+		0, &regs, 0, NULL, NULL);
 }
 EXPORT_SYMBOL(kernel_thread);
 
--- olpc-2.6-master.00/arch/cris/arch-v10/kernel/process.c	2007-02-28 20:05:25.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/cris/arch-v10/kernel/process.c	2007-03-01 11:52:20.000000000 -0500
@@ -103,7 +103,8 @@ int kernel_thread(int (*fn)(void *), voi
 	regs.dccr = 1 << I_DCCR_BITNR;
 
 	/* Ok, create the new process.. */
-        return do_fork(flags | CLONE_VM | CLONE_UNTRACED, 0, &regs, 0, NULL, NULL);
+	return do_fork(flags | CLONE_VM | CLONE_UNTRACED | CLONE_KTHREAD,
+		0, &regs, 0, NULL, NULL);
 }
 
 /* setup the child's kernel stack with a pt_regs and switch_stack on it.
--- olpc-2.6-master.00/arch/cris/arch-v32/kernel/process.c	2007-02-28 20:05:25.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/cris/arch-v32/kernel/process.c	2007-03-01 11:52:20.000000000 -0500
@@ -120,7 +120,8 @@ kernel_thread(int (*fn)(void *), void * 
 	regs.ccs = 1 << (I_CCS_BITNR + CCS_SHIFT);
 
 	/* Create the new process. */
-        return do_fork(flags | CLONE_VM | CLONE_UNTRACED, 0, &regs, 0, NULL, NULL);
+	return do_fork(flags | CLONE_VM | CLONE_UNTRACED | CLONE_KTHREAD,
+		0, &regs, 0, NULL, NULL);
 }
 
 /*
--- olpc-2.6-master.00/arch/frv/kernel/kernel_thread.S	2007-02-28 20:05:25.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/frv/kernel/kernel_thread.S	2007-03-01 11:52:20.000000000 -0500
@@ -13,6 +13,8 @@
 #include <asm/unistd.h>
 
 #define CLONE_VM	0x00000100	/* set if VM shared between processes */
+#define CLONE_KTHREAD	0x10000000	/* kernel thread */
+#define CLONE_KT	(CLONE_VM | CLONE_KTHREAD)	/* kernel thread flags */
 #define	KERN_ERR	"<3>"
 
 	.section .rodata
--- olpc-2.6-master.00/arch/frv/kernel/kernel_thread.S	2007-02-28 20:05:25.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/frv/kernel/kernel_thread.S	2007-03-01 11:52:20.000000000 -0500
@@ -37,7 +39,7 @@ kernel_thread:
 
 	# start by forking the current process, but with shared VM
 	setlos.p	#__NR_clone,gr7		; syscall number
-	ori		gr10,#CLONE_VM,gr8	; first syscall arg	[clone_flags]
+	ori		gr10,#CLONE_KT,gr8	; first syscall arg	[clone_flags]
 	sethi.p		#0xe4e4,gr9		; second syscall arg	[newsp]
 	setlo		#0xe4e4,gr9
 	setlos.p	#0,gr10			; third syscall arg	[parent_tidptr]
--- olpc-2.6-master.00/arch/h8300/kernel/process.c	2007-02-28 20:05:25.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/h8300/kernel/process.c	2007-03-01 11:52:20.000000000 -0500
@@ -134,7 +134,7 @@ int kernel_thread(int (*fn)(void *), voi
 
 	fs = get_fs();
 	set_fs (KERNEL_DS);
-	clone_arg = flags | CLONE_VM;
+	clone_arg = flags | CLONE_VM | CLONE_KTHREAD;
 	__asm__("mov.l sp,er3\n\t"
 		"sub.l er2,er2\n\t"
 		"mov.l %2,er1\n\t"
--- olpc-2.6-master.00/arch/i386/kernel/process.c	2007-02-28 20:05:25.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/i386/kernel/process.c	2007-03-01 11:52:20.000000000 -0500
@@ -350,7 +352,8 @@ int kernel_thread(int (*fn)(void *), voi
 	regs.eflags = X86_EFLAGS_IF | X86_EFLAGS_SF | X86_EFLAGS_PF | 0x2;
 
 	/* Ok, create the new process.. */
-	return do_fork(flags | CLONE_VM | CLONE_UNTRACED, 0, &regs, 0, NULL, NULL);
+	return do_fork(flags | CLONE_VM | CLONE_UNTRACED | CLONE_KTHREAD,
+		0, &regs, 0, NULL, NULL);
 }
 EXPORT_SYMBOL(kernel_thread);
 
--- olpc-2.6-master.00/arch/ia64/kernel/asm-offsets.c	2007-02-28 20:05:25.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/ia64/kernel/asm-offsets.c	2007-03-01 11:52:20.000000000 -0500
@@ -191,6 +191,7 @@ void foo(void)
     /* for assembly files which can't include sched.h: */
 	DEFINE(IA64_CLONE_VFORK, CLONE_VFORK);
 	DEFINE(IA64_CLONE_VM, CLONE_VM);
+	DEFINE(IA64_CLONE_KTHREAD, CLONE_KTHREAD);
 
 	BLANK();
 	DEFINE(IA64_CPUINFO_NSEC_PER_CYC_OFFSET,
--- olpc-2.6-master.00/arch/ia64/kernel/process.c	2007-02-28 20:05:25.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/ia64/kernel/process.c	2007-03-01 11:52:20.000000000 -0500
@@ -695,7 +696,8 @@ kernel_thread (int (*fn)(void *), void *
 	regs.sw.ar_fpsr = regs.pt.ar_fpsr = ia64_getreg(_IA64_REG_AR_FPSR);
 	regs.sw.ar_bspstore = (unsigned long) current + IA64_RBS_OFFSET;
 	regs.sw.pr = (1 << PRED_KERNEL_STACK);
-	return do_fork(flags | CLONE_VM | CLONE_UNTRACED, 0, &regs.pt, 0, NULL, NULL);
+	return do_fork(flags | CLONE_VM | CLONE_UNTRACED | CLONE_KTHREAD,
+		0, &regs.pt, 0, NULL, NULL);
 }
 EXPORT_SYMBOL(kernel_thread);
 
--- olpc-2.6-master.00/arch/m32r/kernel/process.c	2007-02-28 20:05:25.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/m32r/kernel/process.c	2007-03-01 11:52:20.000000000 -0500
@@ -211,8 +211,8 @@ int kernel_thread(int (*fn)(void *), voi
 	regs.psw = M32R_PSW_BIE;
 
 	/* Ok, create the new process. */
-	return do_fork(flags | CLONE_VM | CLONE_UNTRACED, 0, &regs, 0, NULL,
-		NULL);
+	return do_fork(flags | CLONE_VM | CLONE_UNTRACED | CLONE_KTHREAD,
+		0, &regs, 0, NULL, NULL);
 }
 
 /*
--- olpc-2.6-master.00/arch/m68k/kernel/process.c	2007-02-28 20:05:25.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/m68k/kernel/process.c	2007-03-01 11:52:20.000000000 -0500
@@ -159,7 +159,8 @@ int kernel_thread(int (*fn)(void *), voi
 
 	{
 	register long retval __asm__ ("d0");
-	register long clone_arg __asm__ ("d1") = flags | CLONE_VM | CLONE_UNTRACED;
+	register long clone_arg __asm__ ("d1") =
+		flags | CLONE_VM | CLONE_UNTRACED | CLONE_KTHREAD;
 
 	retval = __NR_clone;
 	__asm__ __volatile__
--- olpc-2.6-master.00/arch/m68knommu/kernel/process.c	2007-02-28 20:05:25.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/m68knommu/kernel/process.c	2007-03-01 11:52:20.000000000 -0500
@@ -122,7 +122,7 @@ void show_regs(struct pt_regs * regs)
 int kernel_thread(int (*fn)(void *), void * arg, unsigned long flags)
 {
 	int retval;
-	long clone_arg = flags | CLONE_VM;
+	long clone_arg = flags | CLONE_VM | CLONE_KTHREAD;
 	mm_segment_t fs;
 
 	fs = get_fs();
--- olpc-2.6-master.00/arch/mips/kernel/process.c	2007-02-28 20:05:25.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/mips/kernel/process.c	2007-03-01 11:52:20.000000000 -0500
@@ -236,7 +236,8 @@ long kernel_thread(int (*fn)(void *), vo
 #endif
 
 	/* Ok, create the new process.. */
-	return do_fork(flags | CLONE_VM | CLONE_UNTRACED, 0, &regs, 0, NULL, NULL);
+	return do_fork(flags | CLONE_VM | CLONE_UNTRACED | CLONE_KTHREAD,
+		0, &regs, 0, NULL, NULL);
 }
 
 /*
--- olpc-2.6-master.00/arch/parisc/kernel/entry.S	2007-02-28 20:05:25.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/parisc/kernel/entry.S	2007-03-01 11:52:20.000000000 -0500
@@ -761,6 +761,7 @@ END(fault_vector_11)
 
 #define CLONE_VM 0x100	/* Must agree with <linux/sched.h> */
 #define CLONE_UNTRACED 0x00800000
+#define CLONE_KTHREAD 0x10000000
 
 	.import do_fork
 ENTRY(__kernel_thread)
--- olpc-2.6-master.00/arch/parisc/kernel/process.c	2007-02-28 20:05:25.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/parisc/kernel/process.c	2007-03-01 11:52:20.000000000 -0500
@@ -173,7 +173,7 @@ pid_t kernel_thread(int (*fn)(void *), v
 	 *	  kernel_thread can become a #define.
 	 */
 
-	return __kernel_thread(fn, arg, flags);
+	return __kernel_thread(fn, arg, flags | CLONE_KTHREAD);
 }
 EXPORT_SYMBOL(kernel_thread);
 
--- olpc-2.6-master.00/arch/powerpc/kernel/asm-offsets.c	2007-02-28 20:05:25.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/powerpc/kernel/asm-offsets.c	2007-03-01 11:52:20.000000000 -0500
@@ -244,6 +244,7 @@ int main(void)
 
 	DEFINE(CLONE_VM, CLONE_VM);
 	DEFINE(CLONE_UNTRACED, CLONE_UNTRACED);
+	DEFINE(CLONE_KTHREAD, CLONE_KTHREAD);
 
 #ifndef CONFIG_PPC64
 	DEFINE(MM_PGD, offsetof(struct mm_struct, pgd));
--- olpc-2.6-master.00/arch/powerpc/kernel/misc_32.S	2007-02-28 20:05:25.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/powerpc/kernel/misc_32.S	2007-03-01 11:52:20.000000000 -0500
@@ -749,7 +749,7 @@ _GLOBAL(kernel_thread)
 	mr	r30,r3		/* function */
 	mr	r31,r4		/* argument */
 	ori	r3,r5,CLONE_VM	/* flags */
-	oris	r3,r3,CLONE_UNTRACED>>16
+	oris	r3,r3,(CLONE_UNTRACED|CLONE_KTHREAD)>>16
 	li	r4,0		/* new sp (unused) */
 	li	r0,__NR_clone
 	sc
--- olpc-2.6-master.00/arch/powerpc/kernel/misc_64.S	2007-02-28 20:05:25.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/powerpc/kernel/misc_64.S	2007-03-01 11:52:20.000000000 -0500
@@ -434,7 +434,7 @@ _GLOBAL(kernel_thread)
 	mr	r29,r3
 	mr	r30,r4
 	ori	r3,r5,CLONE_VM	/* flags */
-	oris	r3,r3,(CLONE_UNTRACED>>16)
+	oris	r3,r3,(CLONE_UNTRACED|CLONE_KTHREAD)>>16
 	li	r4,0		/* new sp (unused) */
 	li	r0,__NR_clone
 	sc
--- olpc-2.6-master.00/arch/ppc/kernel/asm-offsets.c	2007-02-28 20:05:26.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/ppc/kernel/asm-offsets.c	2007-03-01 11:52:20.000000000 -0500
@@ -121,6 +121,7 @@ main(void)
 	DEFINE(TRAP, STACK_FRAME_OVERHEAD+offsetof(struct pt_regs, trap));
 	DEFINE(CLONE_VM, CLONE_VM);
 	DEFINE(CLONE_UNTRACED, CLONE_UNTRACED);
+	DEFINE(CLONE_KTHREAD, CLONE_KTHREAD);
 	DEFINE(MM_PGD, offsetof(struct mm_struct, pgd));
 
 	/* About the CPU features table */
--- olpc-2.6-master.00/arch/ppc/kernel/misc.S	2007-02-28 20:05:26.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/ppc/kernel/misc.S	2007-03-01 11:52:20.000000000 -0500
@@ -848,7 +848,7 @@ _GLOBAL(kernel_thread)
 	mr	r30,r3		/* function */
 	mr	r31,r4		/* argument */
 	ori	r3,r5,CLONE_VM	/* flags */
-	oris	r3,r3,CLONE_UNTRACED>>16
+	oris	r3,r3,(CLONE_UNTRACED|CLONE_KTHREAD)>>16
 	li	r4,0		/* new sp (unused) */
 	li	r0,__NR_clone
 	sc
--- olpc-2.6-master.00/arch/s390/kernel/process.c	2007-02-28 20:05:26.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/s390/kernel/process.c	2007-03-01 11:52:20.000000000 -0500
@@ -198,7 +198,7 @@ int kernel_thread(int (*fn)(void *), voi
 	regs.orig_gpr2 = -1;
 
 	/* Ok, create the new process.. */
-	return do_fork(flags | CLONE_VM | CLONE_UNTRACED,
+	return do_fork(flags | CLONE_VM | CLONE_UNTRACED | CLONE_KTHREAD,
 		       0, &regs, 0, NULL, NULL);
 }
 
--- olpc-2.6-master.00/arch/sh/kernel/process.c	2007-02-28 20:05:26.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/sh/kernel/process.c	2007-03-01 11:52:20.000000000 -0500
@@ -151,7 +152,7 @@ int kernel_thread(int (*fn)(void *), voi
 	regs.sr = (1 << 30);
 
 	/* Ok, create the new process.. */
-	return do_fork(flags | CLONE_VM | CLONE_UNTRACED, 0,
+	return do_fork(flags | CLONE_VM | CLONE_UNTRACED | CLONE_KTHREAD, 0,
 		       &regs, 0, NULL, NULL);
 }
 
--- olpc-2.6-master.00/arch/sh64/kernel/process.c	2007-02-28 20:05:26.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/sh64/kernel/process.c	2007-03-01 11:52:20.000000000 -0500
@@ -400,8 +400,8 @@ int kernel_thread(int (*fn)(void *), voi
 	regs.pc = (unsigned long)kernel_thread_helper;
 	regs.sr = (1 << 30);
 
-	return do_fork(flags | CLONE_VM | CLONE_UNTRACED, 0,
-		       &regs, 0, NULL, NULL);
+	return do_fork(flags | CLONE_VM | CLONE_UNTRACED | CLONE_KTHREAD,
+		0, &regs, 0, NULL, NULL);
 }
 
 /*
--- olpc-2.6-master.00/arch/sparc/kernel/process.c	2007-02-28 20:05:26.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/sparc/kernel/process.c	2007-03-01 11:52:20.000000000 -0500
@@ -706,7 +706,8 @@ pid_t kernel_thread(int (*fn)(void *), v
 			     /* Notreached by child. */
 			     "1: mov %%o0, %0\n\t" :
 			     "=r" (retval) :
-			     "i" (__NR_clone), "r" (flags | CLONE_VM | CLONE_UNTRACED),
+			     "i" (__NR_clone), "r" (flags |
+					CLONE_VM | CLONE_UNTRACED | CLONE_KTHREAD),
 			     "i" (__NR_exit),  "r" (fn), "r" (arg) :
 			     "g1", "g2", "g3", "o0", "o1", "memory", "cc");
 	return retval;
--- olpc-2.6-master.00/arch/sparc64/kernel/process.c	2007-02-28 20:05:26.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/sparc64/kernel/process.c	2007-03-01 11:52:20.000000000 -0500
@@ -696,7 +696,8 @@ pid_t kernel_thread(int (*fn)(void *), v
 			     /* Notreached by child. */
 			     "1:" :
 			     "=r" (retval) :
-			     "i" (__NR_clone), "r" (flags | CLONE_VM | CLONE_UNTRACED),
+			     "i" (__NR_clone), "r" (flags |
+				CLONE_VM | CLONE_UNTRACED | CLONE_KTHREAD),
 			     "i" (__NR_exit),  "r" (fn), "r" (arg) :
 			     "g1", "g2", "g3", "o0", "o1", "memory", "cc");
 	return retval;
--- olpc-2.6-master.00/arch/v850/kernel/process.c	2007-02-28 20:05:26.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/v850/kernel/process.c	2007-03-01 11:52:20.000000000 -0500
@@ -83,7 +83,7 @@ int kernel_thread (int (*fn)(void *), vo
 	/* Clone this thread.  Note that we don't pass the clone syscall's
 	   second argument -- it's ignored for calls from kernel mode (the
 	   child's SP is always set to the top of the kernel stack).  */
-	arg0 = flags | CLONE_VM;
+	arg0 = flags | CLONE_VM | CLONE_KTHREAD;
 	syscall = __NR_clone;
 	asm volatile ("trap " SYSCALL_SHORT_TRAP
 		      : "=r" (ret), "=r" (syscall)
--- olpc-2.6-master.00/arch/x86_64/kernel/process.c	2007-02-28 20:05:26.000000000 -0500
+++ olpc-2.6-master-vs22x.02/arch/x86_64/kernel/process.c	2007-03-01 11:52:20.000000000 -0500
@@ -54,7 +54,8 @@
 
 asmlinkage extern void ret_from_fork(void);
 
-unsigned long kernel_thread_flags = CLONE_VM | CLONE_UNTRACED;
+unsigned long kernel_thread_flags =
+	CLONE_VM | CLONE_UNTRACED | CLONE_KTHREAD;
 
 unsigned long boot_option_idle_override = 0;
 EXPORT_SYMBOL(boot_option_idle_override);
--- olpc-2.6-master.00/include/linux/sched.h	2007-02-28 20:05:29.000000000 -0500
+++ olpc-2.6-master-vs22x.02/include/linux/sched.h	2007-03-01 11:52:20.000000000 -0500
@@ -26,6 +26,7 @@
 #define CLONE_STOPPED		0x02000000	/* Start in stopped state */
 #define CLONE_NEWUTS		0x04000000	/* New utsname group? */
 #define CLONE_NEWIPC		0x08000000	/* New ipcs */
+#define CLONE_KTHREAD		0x10000000	/* clone a kernel thread */
 
 /*
  * Scheduling policies
--- olpc-2.6-master.00/include/linux/sched.h	2007-02-28 20:05:29.000000000 -0500
+++ olpc-2.6-master-vs22x.02/include/linux/sched.h	2007-03-01 11:52:20.000000000 -0500
@@ -93,7 +95,7 @@ struct futex_pi_state;
  * List of flags we want to share for kernel threads,
  * if only because they are not used by them anyway.
  */
-#define CLONE_KERNEL	(CLONE_FS | CLONE_FILES | CLONE_SIGHAND)
+#define CLONE_KERNEL	(CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_KTHREAD)
 
 /*
  * These are the constant used to fake the fixed-point load-average
--- olpc-2.6-master.00/kernel/fork.c	2007-02-28 20:05:29.000000000 -0500
+++ olpc-2.6-master-vs22x.02/kernel/fork.c	2007-03-01 11:52:20.000000000 -0500
@@ -1363,6 +1412,15 @@ long do_fork(unsigned long clone_flags,
 
 	if (!pid)
 		return -EAGAIN;
+
+	/* kernel threads are host only */
+	if ((clone_flags & CLONE_KTHREAD) && !vx_check(0, VS_ADMIN)) {
+		vxwprintk(1, "xid=%d tried to spawn a kernel thread.",
+			vx_current_xid());
+		free_pid(pid);
+		return -EPERM;
+	}
+
 	nr = pid->nr;
 	if (unlikely(current->ptrace)) {
 		trace = fork_traceflag (clone_flags);