Merge branch 'linus' into x86/platform, to pick up fixes

Signed-off-by: Ingo Molnar <mingo@kernel.org>
author: Ingo Molnar <mingo@kernel.org> 2016-09-22 05:15:38 -0400
committer: Ingo Molnar <mingo@kernel.org> 2016-09-22 05:15:38 -0400
commit: baad92e34458fc051735c769437ab33719ebb2ef (patch)
tree: f301627afa3e951cc2f906da1546e5daca9355da /arch/x86
parent: f43ea76cf310c3be95cb75ae1350cbe76a8f2380 (diff)
parent: 7d1e042314619115153a0f6f06e4552c09a50e13 (diff)
32 files changed, 425 insertions, 299 deletions
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index c580d8c33562..2a1f0ce7c59a 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -24,7 +24,6 @@ config X86
        select ARCH_DISCARD_MEMBLOCK
        select ARCH_HAS_ACPI_TABLE_UPGRADE if ACPI
        select ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE
-        select ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS
        select ARCH_HAS_DEVMEM_IS_ALLOWED
        select ARCH_HAS_ELF_RANDOMIZE
        select ARCH_HAS_FAST_MULTIPLIER
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index ff574dad95cc..94dd4a31f5b3 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -1004,79 +1004,87 @@ static efi_status_t alloc_e820ext(u32 nr_desc, struct setup_data **e820ext,
        return status;
 }
-static efi_status_t exit_boot(struct boot_params *boot_params,
+struct exit_boot_struct {
-                              void *handle, bool is64)
+        struct boot_params *boot_params;
-{
+        struct efi_info *efi;
-        struct efi_info *efi = &boot_params->efi_info;
-        unsigned long map_sz, key, desc_size;
-        efi_memory_desc_t *mem_map;
        struct setup_data *e820ext;
-        const char *signature;
        __u32 e820ext_size;
-        __u32 nr_desc, prev_nr_desc;
+        bool is64;
-        efi_status_t status;
+};
-        __u32 desc_version;
-        bool called_exit = false;
-        u8 nr_entries;
-        int i;
-        nr_desc = 0;
-        e820ext = NULL;
-        e820ext_size = 0;
-get_map:
-        status = efi_get_memory_map(sys_table, &mem_map, &map_sz, &desc_size,
-                                    &desc_version, &key);
-        if (status != EFI_SUCCESS)
-                return status;
-        prev_nr_desc = nr_desc;
-        nr_desc = map_sz / desc_size;
-        if (nr_desc > prev_nr_desc &&
-            nr_desc > ARRAY_SIZE(boot_params->e820_map)) {
-                u32 nr_e820ext = nr_desc - ARRAY_SIZE(boot_params->e820_map);
-                status = alloc_e820ext(nr_e820ext, &e820ext, &e820ext_size);
-                if (status != EFI_SUCCESS)
-                        goto free_mem_map;
-                efi_call_early(free_pool, mem_map);
+static efi_status_t exit_boot_func(efi_system_table_t *sys_table_arg,
-                goto get_map; /* Allocated memory, get map again */
+                                   struct efi_boot_memmap *map,
+                                   void *priv)
+{
+        static bool first = true;
+        const char *signature;
+        __u32 nr_desc;
+        efi_status_t status;
+        struct exit_boot_struct *p = priv;
+        if (first) {
+                nr_desc = *map->buff_size / *map->desc_size;
+                if (nr_desc > ARRAY_SIZE(p->boot_params->e820_map)) {
+                        u32 nr_e820ext = nr_desc -
+                                        ARRAY_SIZE(p->boot_params->e820_map);
+                        status = alloc_e820ext(nr_e820ext, &p->e820ext,
+                                               &p->e820ext_size);
+                        if (status != EFI_SUCCESS)
+                                return status;
+                }
+                first = false;
        }
-        signature = is64 ? EFI64_LOADER_SIGNATURE : EFI32_LOADER_SIGNATURE;
+        signature = p->is64 ? EFI64_LOADER_SIGNATURE : EFI32_LOADER_SIGNATURE;
-        memcpy(&efi->efi_loader_signature, signature, sizeof(__u32));
+        memcpy(&p->efi->efi_loader_signature, signature, sizeof(__u32));
-        efi->efi_systab = (unsigned long)sys_table;
+        p->efi->efi_systab = (unsigned long)sys_table_arg;
-        efi->efi_memdesc_size = desc_size;
+        p->efi->efi_memdesc_size = *map->desc_size;
-        efi->efi_memdesc_version = desc_version;
+        p->efi->efi_memdesc_version = *map->desc_ver;
-        efi->efi_memmap = (unsigned long)mem_map;
+        p->efi->efi_memmap = (unsigned long)*map->map;
-        efi->efi_memmap_size = map_sz;
+        p->efi->efi_memmap_size = *map->map_size;
 #ifdef CONFIG_X86_64
-        efi->efi_systab_hi = (unsigned long)sys_table >> 32;
+        p->efi->efi_systab_hi = (unsigned long)sys_table_arg >> 32;
-        efi->efi_memmap_hi = (unsigned long)mem_map >> 32;
+        p->efi->efi_memmap_hi = (unsigned long)*map->map >> 32;
 #endif
+        return EFI_SUCCESS;
+}
+static efi_status_t exit_boot(struct boot_params *boot_params,
+                              void *handle, bool is64)
+{
+        unsigned long map_sz, key, desc_size, buff_size;
+        efi_memory_desc_t *mem_map;
+        struct setup_data *e820ext;
+        __u32 e820ext_size;
+        efi_status_t status;
+        __u32 desc_version;
+        struct efi_boot_memmap map;
+        struct exit_boot_struct priv;
+        map.map =               &mem_map;
+        map.map_size =          &map_sz;
+        map.desc_size =         &desc_size;
+        map.desc_ver =          &desc_version;
+        map.key_ptr =           &key;
+        map.buff_size =         &buff_size;
+        priv.boot_params =      boot_params;
+        priv.efi =              &boot_params->efi_info;
+        priv.e820ext =          NULL;
+        priv.e820ext_size =     0;
+        priv.is64 =             is64;
        /* Might as well exit boot services now */
-        status = efi_call_early(exit_boot_services, handle, key);
+        status = efi_exit_boot_services(sys_table, handle, &map, &priv,
-        if (status != EFI_SUCCESS) {
+                                        exit_boot_func);
-                /*
+        if (status != EFI_SUCCESS)
-                 * ExitBootServices() will fail if any of the event
+                return status;
-                 * handlers change the memory map. In which case, we
-                 * must be prepared to retry, but only once so that
-                 * we're guaranteed to exit on repeated failures instead
-                 * of spinning forever.
-                 */
-                if (called_exit)
-                        goto free_mem_map;
-                called_exit = true;
-                efi_call_early(free_pool, mem_map);
-                goto get_map;
-        }
+        e820ext = priv.e820ext;
+        e820ext_size = priv.e820ext_size;
        /* Historic? */
        boot_params->alt_mem_k = 32 * 1024;
@@ -1085,10 +1093,6 @@ get_map:
                return status;
        return EFI_SUCCESS;
-free_mem_map:
-        efi_call_early(free_pool, mem_map);
-        return status;
 }
 /*
diff --git a/arch/x86/configs/tiny.config b/arch/x86/configs/tiny.config
index 4e2ecfa23c15..4b429df40d7a 100644
--- a/arch/x86/configs/tiny.config
+++ b/arch/x86/configs/tiny.config
@@ -1 +1,3 @@
 CONFIG_NOHIGHMEM=y
+# CONFIG_HIGHMEM4G is not set
+# CONFIG_HIGHMEM64G is not set
diff --git a/arch/x86/crypto/sha256-mb/sha256_mb.c b/arch/x86/crypto/sha256-mb/sha256_mb.c
index 89fa85e8b10c..6f97fb33ae21 100644
--- a/arch/x86/crypto/sha256-mb/sha256_mb.c
+++ b/arch/x86/crypto/sha256-mb/sha256_mb.c
@@ -485,10 +485,10 @@ static int sha_complete_job(struct mcryptd_hash_request_ctx *rctx,
                        req = cast_mcryptd_ctx_to_req(req_ctx);
                        if (irqs_disabled())
-                                rctx->complete(&req->base, ret);
+                                req_ctx->complete(&req->base, ret);
                        else {
                                local_bh_disable();
-                                rctx->complete(&req->base, ret);
+                                req_ctx->complete(&req->base, ret);
                                local_bh_enable();
                        }
                }
diff --git a/arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S b/arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S
index b691da981cd9..a78a0694ddef 100644
--- a/arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S
+++ b/arch/x86/crypto/sha256-mb/sha256_mb_mgr_flush_avx2.S
@@ -265,13 +265,14 @@ ENTRY(sha256_mb_mgr_get_comp_job_avx2)
        vpinsrd $1, _args_digest+1*32(state, idx, 4), %xmm0, %xmm0
        vpinsrd $2, _args_digest+2*32(state, idx, 4), %xmm0, %xmm0
        vpinsrd $3, _args_digest+3*32(state, idx, 4), %xmm0, %xmm0
-        movl    _args_digest+4*32(state, idx, 4), tmp2_w
+        vmovd   _args_digest(state , idx, 4) , %xmm0
        vpinsrd $1, _args_digest+5*32(state, idx, 4), %xmm1, %xmm1
        vpinsrd $2, _args_digest+6*32(state, idx, 4), %xmm1, %xmm1
        vpinsrd $3, _args_digest+7*32(state, idx, 4), %xmm1, %xmm1
-        vmovdqu %xmm0, _result_digest(job_rax)
+        vmovdqu %xmm0, _result_digest(job_rax)
-        movl    tmp2_w, _result_digest+1*16(job_rax)
+        offset =  (_result_digest + 1*16)
+        vmovdqu %xmm1, offset(job_rax)
        pop     %rbx
diff --git a/arch/x86/crypto/sha512-mb/sha512_mb.c b/arch/x86/crypto/sha512-mb/sha512_mb.c
index f4cf5b78fd36..d210174a52b0 100644
--- a/arch/x86/crypto/sha512-mb/sha512_mb.c
+++ b/arch/x86/crypto/sha512-mb/sha512_mb.c
@@ -497,10 +497,10 @@ static int sha_complete_job(struct mcryptd_hash_request_ctx *rctx,
                        req = cast_mcryptd_ctx_to_req(req_ctx);
                        if (irqs_disabled())
-                                rctx->complete(&req->base, ret);
+                                req_ctx->complete(&req->base, ret);
                        else {
                                local_bh_disable();
-                                rctx->complete(&req->base, ret);
+                                req_ctx->complete(&req->base, ret);
                                local_bh_enable();
                        }
                }
diff --git a/arch/x86/events/amd/core.c b/arch/x86/events/amd/core.c
index e07a22bb9308..f5f4b3fbbbc2 100644
--- a/arch/x86/events/amd/core.c
+++ b/arch/x86/events/amd/core.c
@@ -119,8 +119,8 @@ static const u64 amd_perfmon_event_map[PERF_COUNT_HW_MAX] =
 {
  [PERF_COUNT_HW_CPU_CYCLES]                    = 0x0076,
  [PERF_COUNT_HW_INSTRUCTIONS]                  = 0x00c0,
-  [PERF_COUNT_HW_CACHE_REFERENCES]              = 0x0080,
+  [PERF_COUNT_HW_CACHE_REFERENCES]              = 0x077d,
-  [PERF_COUNT_HW_CACHE_MISSES]                  = 0x0081,
+  [PERF_COUNT_HW_CACHE_MISSES]                  = 0x077e,
  [PERF_COUNT_HW_BRANCH_INSTRUCTIONS]           = 0x00c2,
  [PERF_COUNT_HW_BRANCH_MISSES]                 = 0x00c3,
  [PERF_COUNT_HW_STALLED_CYCLES_FRONTEND]       = 0x00d0, /* "Decoder empty" event */
diff --git a/arch/x86/events/amd/uncore.c b/arch/x86/events/amd/uncore.c
index e6131d4454e6..65577f081d07 100644
--- a/arch/x86/events/amd/uncore.c
+++ b/arch/x86/events/amd/uncore.c
@@ -29,6 +29,8 @@
 #define COUNTER_SHIFT           16
+static HLIST_HEAD(uncore_unused_list);
 struct amd_uncore {
        int id;
        int refcnt;
@@ -39,7 +41,7 @@ struct amd_uncore {
        cpumask_t *active_mask;
        struct pmu *pmu;
        struct perf_event *events[MAX_COUNTERS];
-        struct amd_uncore *free_when_cpu_online;
+        struct hlist_node node;
 };
 static struct amd_uncore * __percpu *amd_uncore_nb;
@@ -306,6 +308,7 @@ static int amd_uncore_cpu_up_prepare(unsigned int cpu)
                uncore_nb->msr_base = MSR_F15H_NB_PERF_CTL;
                uncore_nb->active_mask = &amd_nb_active_mask;
                uncore_nb->pmu = &amd_nb_pmu;
+                uncore_nb->id = -1;
                *per_cpu_ptr(amd_uncore_nb, cpu) = uncore_nb;
        }
@@ -319,6 +322,7 @@ static int amd_uncore_cpu_up_prepare(unsigned int cpu)
                uncore_l2->msr_base = MSR_F16H_L2I_PERF_CTL;
                uncore_l2->active_mask = &amd_l2_active_mask;
                uncore_l2->pmu = &amd_l2_pmu;
+                uncore_l2->id = -1;
                *per_cpu_ptr(amd_uncore_l2, cpu) = uncore_l2;
        }
@@ -348,7 +352,7 @@ amd_uncore_find_online_sibling(struct amd_uncore *this,
                        continue;
                if (this->id == that->id) {
-                        that->free_when_cpu_online = this;
+                        hlist_add_head(&this->node, &uncore_unused_list);
                        this = that;
                        break;
                }
@@ -388,13 +392,23 @@ static int amd_uncore_cpu_starting(unsigned int cpu)
        return 0;
 }
+static void uncore_clean_online(void)
+{
+        struct amd_uncore *uncore;
+        struct hlist_node *n;
+        hlist_for_each_entry_safe(uncore, n, &uncore_unused_list, node) {
+                hlist_del(&uncore->node);
+                kfree(uncore);
+        }
+}
 static void uncore_online(unsigned int cpu,
                          struct amd_uncore * __percpu *uncores)
 {
        struct amd_uncore *uncore = *per_cpu_ptr(uncores, cpu);
-        kfree(uncore->free_when_cpu_online);
+        uncore_clean_online();
-        uncore->free_when_cpu_online = NULL;
        if (cpu == uncore->cpu)
                cpumask_set_cpu(cpu, uncore->active_mask);
diff --git a/arch/x86/events/intel/bts.c b/arch/x86/events/intel/bts.c
index 0a6e393a2e62..bdcd6510992c 100644
--- a/arch/x86/events/intel/bts.c
+++ b/arch/x86/events/intel/bts.c
@@ -31,7 +31,17 @@
 struct bts_ctx {
        struct perf_output_handle       handle;
        struct debug_store              ds_back;
-        int                             started;
+        int                             state;
+};
+/* BTS context states: */
+enum {
+        /* no ongoing AUX transactions */
+        BTS_STATE_STOPPED = 0,
+        /* AUX transaction is on, BTS tracing is disabled */
+        BTS_STATE_INACTIVE,
+        /* AUX transaction is on, BTS tracing is running */
+        BTS_STATE_ACTIVE,
 };
 static DEFINE_PER_CPU(struct bts_ctx, bts_ctx);
@@ -204,6 +214,15 @@ static void bts_update(struct bts_ctx *bts)
 static int
 bts_buffer_reset(struct bts_buffer *buf, struct perf_output_handle *handle);
+/*
+ * Ordering PMU callbacks wrt themselves and the PMI is done by means
+ * of bts::state, which:
+ *  - is set when bts::handle::event is valid, that is, between
+ *    perf_aux_output_begin() and perf_aux_output_end();
+ *  - is zero otherwise;
+ *  - is ordered against bts::handle::event with a compiler barrier.
+ */
 static void __bts_event_start(struct perf_event *event)
 {
        struct bts_ctx *bts = this_cpu_ptr(&bts_ctx);
@@ -221,10 +240,13 @@ static void __bts_event_start(struct perf_event *event)
        /*
         * local barrier to make sure that ds configuration made it
-         * before we enable BTS
+         * before we enable BTS and bts::state goes ACTIVE
         */
        wmb();
+        /* INACTIVE/STOPPED -> ACTIVE */
+        WRITE_ONCE(bts->state, BTS_STATE_ACTIVE);
        intel_pmu_enable_bts(config);
 }
@@ -251,9 +273,6 @@ static void bts_event_start(struct perf_event *event, int flags)
        __bts_event_start(event);
-        /* PMI handler: this counter is running and likely generating PMIs */
-        ACCESS_ONCE(bts->started) = 1;
        return;
 fail_end_stop:
@@ -263,30 +282,34 @@ fail_stop:
        event->hw.state = PERF_HES_STOPPED;
 }
-static void __bts_event_stop(struct perf_event *event)
+static void __bts_event_stop(struct perf_event *event, int state)
 {
+        struct bts_ctx *bts = this_cpu_ptr(&bts_ctx);
+        /* ACTIVE -> INACTIVE(PMI)/STOPPED(->stop()) */
+        WRITE_ONCE(bts->state, state);
        /*
         * No extra synchronization is mandated by the documentation to have
         * BTS data stores globally visible.
         */
        intel_pmu_disable_bts();
-        if (event->hw.state & PERF_HES_STOPPED)
-                return;
-        ACCESS_ONCE(event->hw.state) |= PERF_HES_STOPPED;
 }
 static void bts_event_stop(struct perf_event *event, int flags)
 {
        struct cpu_hw_events *cpuc = this_cpu_ptr(&cpu_hw_events);
        struct bts_ctx *bts = this_cpu_ptr(&bts_ctx);
-        struct bts_buffer *buf = perf_get_aux(&bts->handle);
+        struct bts_buffer *buf = NULL;
+        int state = READ_ONCE(bts->state);
-        /* PMI handler: don't restart this counter */
+        if (state == BTS_STATE_ACTIVE)
-        ACCESS_ONCE(bts->started) = 0;
+                __bts_event_stop(event, BTS_STATE_STOPPED);
-        __bts_event_stop(event);
+        if (state != BTS_STATE_STOPPED)
+                buf = perf_get_aux(&bts->handle);
+        event->hw.state |= PERF_HES_STOPPED;
        if (flags & PERF_EF_UPDATE) {
                bts_update(bts);
@@ -296,6 +319,7 @@ static void bts_event_stop(struct perf_event *event, int flags)
                                bts->handle.head =
                                        local_xchg(&buf->data_size,
                                                   buf->nr_pages << PAGE_SHIFT);
                        perf_aux_output_end(&bts->handle, local_xchg(&buf->data_size, 0),
                                            !!local_xchg(&buf->lost, 0));
                }
@@ -310,8 +334,20 @@ static void bts_event_stop(struct perf_event *event, int flags)
 void intel_bts_enable_local(void)
 {
        struct bts_ctx *bts = this_cpu_ptr(&bts_ctx);
+        int state = READ_ONCE(bts->state);
+        /*
+         * Here we transition from INACTIVE to ACTIVE;
+         * if we instead are STOPPED from the interrupt handler,
+         * stay that way. Can't be ACTIVE here though.
+         */
+        if (WARN_ON_ONCE(state == BTS_STATE_ACTIVE))
+                return;
+        if (state == BTS_STATE_STOPPED)
+                return;
-        if (bts->handle.event && bts->started)
+        if (bts->handle.event)
                __bts_event_start(bts->handle.event);
 }
@@ -319,8 +355,15 @@ void intel_bts_disable_local(void)
 {
        struct bts_ctx *bts = this_cpu_ptr(&bts_ctx);
+        /*
+         * Here we transition from ACTIVE to INACTIVE;
+         * do nothing for STOPPED or INACTIVE.
+         */
+        if (READ_ONCE(bts->state) != BTS_STATE_ACTIVE)
+                return;
        if (bts->handle.event)
-                __bts_event_stop(bts->handle.event);
+                __bts_event_stop(bts->handle.event, BTS_STATE_INACTIVE);
 }
 static int
@@ -335,8 +378,6 @@ bts_buffer_reset(struct bts_buffer *buf, struct perf_output_handle *handle)
                return 0;
        head = handle->head & ((buf->nr_pages << PAGE_SHIFT) - 1);
-        if (WARN_ON_ONCE(head != local_read(&buf->head)))
-                return -EINVAL;
        phys = &buf->buf[buf->cur_buf];
        space = phys->offset + phys->displacement + phys->size - head;
@@ -403,22 +444,37 @@ bts_buffer_reset(struct bts_buffer *buf, struct perf_output_handle *handle)
 int intel_bts_interrupt(void)
 {
+        struct debug_store *ds = this_cpu_ptr(&cpu_hw_events)->ds;
        struct bts_ctx *bts = this_cpu_ptr(&bts_ctx);
        struct perf_event *event = bts->handle.event;
        struct bts_buffer *buf;
        s64 old_head;
-        int err;
+        int err = -ENOSPC, handled = 0;
-        if (!event || !bts->started)
+        /*
-                return 0;
+         * The only surefire way of knowing if this NMI is ours is by checking
+         * the write ptr against the PMI threshold.
+         */
+        if (ds->bts_index >= ds->bts_interrupt_threshold)
+                handled = 1;
+        /*
+         * this is wrapped in intel_bts_enable_local/intel_bts_disable_local,
+         * so we can only be INACTIVE or STOPPED
+         */
+        if (READ_ONCE(bts->state) == BTS_STATE_STOPPED)
+                return handled;
        buf = perf_get_aux(&bts->handle);
+        if (!buf)
+                return handled;
        /*
         * Skip snapshot counters: they don't use the interrupt, but
         * there's no other way of telling, because the pointer will
         * keep moving
         */
-        if (!buf || buf->snapshot)
+        if (buf->snapshot)
                return 0;
        old_head = local_read(&buf->head);
@@ -426,18 +482,27 @@ int intel_bts_interrupt(void)
        /* no new data */
        if (old_head == local_read(&buf->head))
-                return 0;
+                return handled;
        perf_aux_output_end(&bts->handle, local_xchg(&buf->data_size, 0),
                            !!local_xchg(&buf->lost, 0));
        buf = perf_aux_output_begin(&bts->handle, event);
-        if (!buf)
+        if (buf)
-                return 1;
+                err = bts_buffer_reset(buf, &bts->handle);
+        if (err) {
+                WRITE_ONCE(bts->state, BTS_STATE_STOPPED);
-        err = bts_buffer_reset(buf, &bts->handle);
+                if (buf) {
-        if (err)
+                        /*
-                perf_aux_output_end(&bts->handle, 0, false);
+                         * BTS_STATE_STOPPED should be visible before
+                         * cleared handle::event
+                         */
+                        barrier();
+                        perf_aux_output_end(&bts->handle, 0, false);
+                }
+        }
        return 1;
 }
diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c
index 2cbde2f449aa..4c9a79b9cd69 100644
--- a/arch/x86/events/intel/core.c
+++ b/arch/x86/events/intel/core.c
@@ -1730,9 +1730,11 @@ static __initconst const u64 knl_hw_cache_extra_regs
 * disabled state if called consecutively.
 *
 * During consecutive calls, the same disable value will be written to related
- * registers, so the PMU state remains unchanged. hw.state in
+ * registers, so the PMU state remains unchanged.
- * intel_bts_disable_local will remain PERF_HES_STOPPED too in consecutive
+ *
- * calls.
+ * intel_bts events don't coexist with intel PMU's BTS events because of
+ * x86_add_exclusive(x86_lbr_exclusive_lbr); there's no need to keep them
+ * disabled around intel PMU's event batching etc, only inside the PMI handler.
 */
 static void __intel_pmu_disable_all(void)
 {
@@ -1742,8 +1744,6 @@ static void __intel_pmu_disable_all(void)
        if (test_bit(INTEL_PMC_IDX_FIXED_BTS, cpuc->active_mask))
                intel_pmu_disable_bts();
-        else
-                intel_bts_disable_local();
        intel_pmu_pebs_disable_all();
 }
@@ -1771,8 +1771,7 @@ static void __intel_pmu_enable_all(int added, bool pmi)
                        return;
                intel_pmu_enable_bts(event->hw.config);
-        } else
+        }
-                intel_bts_enable_local();
 }
 static void intel_pmu_enable_all(int added)
@@ -2073,6 +2072,7 @@ static int intel_pmu_handle_irq(struct pt_regs *regs)
         */
        if (!x86_pmu.late_ack)
                apic_write(APIC_LVTPC, APIC_DM_NMI);
+        intel_bts_disable_local();
        __intel_pmu_disable_all();
        handled = intel_pmu_drain_bts_buffer();
        handled += intel_bts_interrupt();
@@ -2172,6 +2172,7 @@ done:
        /* Only restore PMU state when it's active. See x86_pmu_disable(). */
        if (cpuc->enabled)
                __intel_pmu_enable_all(0, true);
+        intel_bts_enable_local();
        /*
         * Only unmask the NMI after the overflow counters
diff --git a/arch/x86/events/intel/cqm.c b/arch/x86/events/intel/cqm.c
index 783c49ddef29..8f82b02934fa 100644
--- a/arch/x86/events/intel/cqm.c
+++ b/arch/x86/events/intel/cqm.c
@@ -458,6 +458,11 @@ static void __intel_cqm_event_count(void *info);
 static void init_mbm_sample(u32 rmid, u32 evt_type);
 static void __intel_mbm_event_count(void *info);
+static bool is_cqm_event(int e)
+{
+        return (e == QOS_L3_OCCUP_EVENT_ID);
+}
 static bool is_mbm_event(int e)
 {
        return (e >= QOS_MBM_TOTAL_EVENT_ID && e <= QOS_MBM_LOCAL_EVENT_ID);
@@ -1366,6 +1371,10 @@ static int intel_cqm_event_init(struct perf_event *event)
             (event->attr.config > QOS_MBM_LOCAL_EVENT_ID))
                return -EINVAL;
+        if ((is_cqm_event(event->attr.config) && !cqm_enabled) ||
+            (is_mbm_event(event->attr.config) && !mbm_enabled))
+                return -EINVAL;
        /* unsupported modes and filters */
        if (event->attr.exclude_user   ||
            event->attr.exclude_kernel ||
diff --git a/arch/x86/events/intel/ds.c b/arch/x86/events/intel/ds.c
index 7ce9f3f669e6..9b983a474253 100644
--- a/arch/x86/events/intel/ds.c
+++ b/arch/x86/events/intel/ds.c
@@ -1274,18 +1274,18 @@ static void intel_pmu_drain_pebs_nhm(struct pt_regs *iregs)
                struct pebs_record_nhm *p = at;
                u64 pebs_status;
-                /* PEBS v3 has accurate status bits */
+                pebs_status = p->status & cpuc->pebs_enabled;
+                pebs_status &= (1ULL << x86_pmu.max_pebs_events) - 1;
+                /* PEBS v3 has more accurate status bits */
                if (x86_pmu.intel_cap.pebs_format >= 3) {
-                        for_each_set_bit(bit, (unsigned long *)&p->status,
+                        for_each_set_bit(bit, (unsigned long *)&pebs_status,
-                                         MAX_PEBS_EVENTS)
+                                         x86_pmu.max_pebs_events)
                                counts[bit]++;
                        continue;
                }
-                pebs_status = p->status & cpuc->pebs_enabled;
-                pebs_status &= (1ULL << x86_pmu.max_pebs_events) - 1;
                /*
                 * On some CPUs the PEBS status can be zero when PEBS is
                 * racing with clearing of GLOBAL_STATUS.
@@ -1333,8 +1333,11 @@ static void intel_pmu_drain_pebs_nhm(struct pt_regs *iregs)
                        continue;
                event = cpuc->events[bit];
-                WARN_ON_ONCE(!event);
+                if (WARN_ON_ONCE(!event))
-                WARN_ON_ONCE(!event->attr.precise_ip);
+                        continue;
+                if (WARN_ON_ONCE(!event->attr.precise_ip))
+                        continue;
                /* log dropped samples number */
                if (error[bit])
diff --git a/arch/x86/events/intel/pt.c b/arch/x86/events/intel/pt.c
index 04bb5fb5a8d7..861a7d9cb60f 100644
--- a/arch/x86/events/intel/pt.c
+++ b/arch/x86/events/intel/pt.c
@@ -1074,6 +1074,11 @@ static void pt_addr_filters_fini(struct perf_event *event)
        event->hw.addr_filters = NULL;
 }
+static inline bool valid_kernel_ip(unsigned long ip)
+{
+        return virt_addr_valid(ip) && kernel_ip(ip);
+}
 static int pt_event_addr_filters_validate(struct list_head *filters)
 {
        struct perf_addr_filter *filter;
@@ -1081,11 +1086,16 @@ static int pt_event_addr_filters_validate(struct list_head *filters)
        list_for_each_entry(filter, filters, entry) {
                /* PT doesn't support single address triggers */
-                if (!filter->range)
+                if (!filter->range || !filter->size)
                        return -EOPNOTSUPP;
-                if (!filter->inode && !kernel_ip(filter->offset))
+                if (!filter->inode) {
-                        return -EINVAL;
+                        if (!valid_kernel_ip(filter->offset))
+                                return -EINVAL;
+                        if (!valid_kernel_ip(filter->offset + filter->size))
+                                return -EINVAL;
+                }
                if (++range > pt_cap_get(PT_CAP_num_address_ranges))
                        return -EOPNOTSUPP;
@@ -1111,7 +1121,7 @@ static void pt_event_addr_filters_sync(struct perf_event *event)
                } else {
                        /* apply the offset */
                        msr_a = filter->offset + offs[range];
-                        msr_b = filter->size + msr_a;
+                        msr_b = filter->size + msr_a - 1;
                }
                filters->filter[range].msr_a  = msr_a;
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
index a0ae610b9280..2131c4ce7d8a 100644
--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
@@ -433,7 +433,11 @@ do {									\
 #define __get_user_asm_ex(x, addr, itype, rtype, ltype)                 \
        asm volatile("1:        mov"itype" %1,%"rtype"0\n"              \
                     "2:\n"                                             \
-                     _ASM_EXTABLE_EX(1b, 2b)                            \
+                     ".section .fixup,\"ax\"\n"                         \
+                     "3:xor"itype" %"rtype"0,%"rtype"0\n"               \
+                     "  jmp 2b\n"                                       \
+                     ".previous\n"                                      \
+                     _ASM_EXTABLE_EX(1b, 3b)                            \
                     : ltype(x) : "m" (__m(addr)))
 #define __put_user_nocheck(x, ptr, size)                        \
@@ -697,44 +701,15 @@ unsigned long __must_check _copy_from_user(void *to, const void __user *from,
 unsigned long __must_check _copy_to_user(void __user *to, const void *from,
                                         unsigned n);
-#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
+extern void __compiletime_error("usercopy buffer size is too small")
-# define copy_user_diag __compiletime_error
+__bad_copy_user(void);
-#else
-# define copy_user_diag __compiletime_warning
-#endif
-extern void copy_user_diag("copy_from_user() buffer size is too small")
-copy_from_user_overflow(void);
-extern void copy_user_diag("copy_to_user() buffer size is too small")
-copy_to_user_overflow(void) __asm__("copy_from_user_overflow");
-#undef copy_user_diag
-#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
-extern void
-__compiletime_warning("copy_from_user() buffer size is not provably correct")
-__copy_from_user_overflow(void) __asm__("copy_from_user_overflow");
-#define __copy_from_user_overflow(size, count) __copy_from_user_overflow()
-extern void
-__compiletime_warning("copy_to_user() buffer size is not provably correct")
-__copy_to_user_overflow(void) __asm__("copy_from_user_overflow");
-#define __copy_to_user_overflow(size, count) __copy_to_user_overflow()
-#else
+static inline void copy_user_overflow(int size, unsigned long count)
-static inline void
-__copy_from_user_overflow(int size, unsigned long count)
 {
        WARN(1, "Buffer overflow detected (%d < %lu)!\n", size, count);
 }
-#define __copy_to_user_overflow __copy_from_user_overflow
+static __always_inline unsigned long __must_check
-#endif
-static inline unsigned long __must_check
 copy_from_user(void *to, const void __user *from, unsigned long n)
 {
        int sz = __compiletime_object_size(to);
@@ -743,36 +718,18 @@ copy_from_user(void *to, const void __user *from, unsigned long n)
        kasan_check_write(to, n);
-        /*
-         * While we would like to have the compiler do the checking for us
-         * even in the non-constant size case, any false positives there are
-         * a problem (especially when DEBUG_STRICT_USER_COPY_CHECKS, but even
-         * without - the [hopefully] dangerous looking nature of the warning
-         * would make people go look at the respecitive call sites over and
-         * over again just to find that there's no problem).
-         *
-         * And there are cases where it's just not realistic for the compiler
-         * to prove the count to be in range. For example when multiple call
-         * sites of a helper function - perhaps in different source files -
-         * all doing proper range checking, yet the helper function not doing
-         * so again.
-         *
-         * Therefore limit the compile time checking to the constant size
-         * case, and do only runtime checking for non-constant sizes.
-         */
        if (likely(sz < 0 || sz >= n)) {
                check_object_size(to, n, false);
                n = _copy_from_user(to, from, n);
-        } else if (__builtin_constant_p(n))
+        } else if (!__builtin_constant_p(n))
-                copy_from_user_overflow();
+                copy_user_overflow(sz, n);
        else
-                __copy_from_user_overflow(sz, n);
+                __bad_copy_user();
        return n;
 }
-static inline unsigned long __must_check
+static __always_inline unsigned long __must_check
 copy_to_user(void __user *to, const void *from, unsigned long n)
 {
        int sz = __compiletime_object_size(from);
@@ -781,21 +738,17 @@ copy_to_user(void __user *to, const void *from, unsigned long n)
        might_fault();
-        /* See the comment in copy_from_user() above. */
        if (likely(sz < 0 || sz >= n)) {
                check_object_size(from, n, true);
                n = _copy_to_user(to, from, n);
-        } else if (__builtin_constant_p(n))
+        } else if (!__builtin_constant_p(n))
-                copy_to_user_overflow();
+                copy_user_overflow(sz, n);
        else
-                __copy_to_user_overflow(sz, n);
+                __bad_copy_user();
        return n;
 }
-#undef __copy_from_user_overflow
-#undef __copy_to_user_overflow
 /*
 * We rely on the nested NMI work to allow atomic faults from the NMI path; the
 * nested NMI paths are careful to preserve CR2.
diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
index cea4fc19e844..f3e9b2df4b16 100644
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
@@ -1623,6 +1623,9 @@ void __init enable_IR_x2apic(void)
        unsigned long flags;
        int ret, ir_stat;
+        if (skip_ioapic_setup)
+                return;
        ir_stat = irq_remapping_prepare();
        if (ir_stat < 0 && !x2apic_supported())
                return;
@@ -2090,7 +2093,6 @@ int generic_processor_info(int apicid, int version)
                return -EINVAL;
        }
-        num_processors++;
        if (apicid == boot_cpu_physical_apicid) {
                /*
                 * x86_bios_cpu_apicid is required to have processors listed
@@ -2113,10 +2115,13 @@ int generic_processor_info(int apicid, int version)
                pr_warning("APIC: Package limit reached. Processor %d/0x%x ignored.\n",
                           thiscpu, apicid);
                disabled_cpus++;
                return -ENOSPC;
        }
+        num_processors++;
        /*
         * Validate version
         */
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
index f5c69d8974e1..b81fe2d63e15 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -669,6 +669,17 @@ static void init_amd_gh(struct cpuinfo_x86 *c)
                set_cpu_bug(c, X86_BUG_AMD_TLB_MMATCH);
 }
+#define MSR_AMD64_DE_CFG        0xC0011029
+static void init_amd_ln(struct cpuinfo_x86 *c)
+{
+        /*
+         * Apply erratum 665 fix unconditionally so machines without a BIOS
+         * fix work.
+         */
+        msr_set_bit(MSR_AMD64_DE_CFG, 31);
+}
 static void init_amd_bd(struct cpuinfo_x86 *c)
 {
        u64 value;
@@ -726,6 +737,7 @@ static void init_amd(struct cpuinfo_x86 *c)
        case 6:    init_amd_k7(c); break;
        case 0xf:  init_amd_k8(c); break;
        case 0x10: init_amd_gh(c); break;
+        case 0x12: init_amd_ln(c); break;
        case 0x15: init_amd_bd(c); break;
        }
diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c
index 27a0228c9cae..620ab06bcf45 100644
--- a/arch/x86/kernel/cpu/microcode/amd.c
+++ b/arch/x86/kernel/cpu/microcode/amd.c
@@ -54,6 +54,7 @@ static LIST_HEAD(pcache);
 */
 static u8 *container;
 static size_t container_size;
+static bool ucode_builtin;
 static u32 ucode_new_rev;
 static u8 amd_ucode_patch[PATCH_MAX_SIZE];
@@ -281,18 +282,22 @@ static bool __init load_builtin_amd_microcode(struct cpio_data *cp,
 void __init load_ucode_amd_bsp(unsigned int family)
 {
        struct cpio_data cp;
+        bool *builtin;
        void **data;
        size_t *size;
 #ifdef CONFIG_X86_32
        data =  (void **)__pa_nodebug(&ucode_cpio.data);
        size = (size_t *)__pa_nodebug(&ucode_cpio.size);
+        builtin = (bool *)__pa_nodebug(&ucode_builtin);
 #else
        data = &ucode_cpio.data;
        size = &ucode_cpio.size;
+        builtin = &ucode_builtin;
 #endif
-        if (!load_builtin_amd_microcode(&cp, family))
+        *builtin = load_builtin_amd_microcode(&cp, family);
+        if (!*builtin)
                cp = find_ucode_in_initrd();
        if (!(cp.data && cp.size))
@@ -355,6 +360,7 @@ void load_ucode_amd_ap(void)
        unsigned int cpu = smp_processor_id();
        struct equiv_cpu_entry *eq;
        struct microcode_amd *mc;
+        u8 *cont = container;
        u32 rev, eax;
        u16 eq_id;
@@ -371,8 +377,12 @@ void load_ucode_amd_ap(void)
        if (check_current_patch_level(&rev, false))
                return;
+        /* Add CONFIG_RANDOMIZE_MEMORY offset. */
+        if (!ucode_builtin)
+                cont += PAGE_OFFSET - __PAGE_OFFSET_BASE;
        eax = cpuid_eax(0x00000001);
-        eq  = (struct equiv_cpu_entry *)(container + CONTAINER_HDR_SZ);
+        eq  = (struct equiv_cpu_entry *)(cont + CONTAINER_HDR_SZ);
        eq_id = find_equiv_id(eq, eax);
        if (!eq_id)
@@ -434,6 +444,10 @@ int __init save_microcode_in_initrd_amd(void)
        else
                container = cont_va;
+        /* Add CONFIG_RANDOMIZE_MEMORY offset. */
+        if (!ucode_builtin)
+                container += PAGE_OFFSET - __PAGE_OFFSET_BASE;
        eax   = cpuid_eax(0x00000001);
        eax   = ((eax >> 8) & 0xf) + ((eax >> 20) & 0xff);
diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c
index 1d39bfbd26bb..3692249a70f1 100644
--- a/arch/x86/kernel/kvmclock.c
+++ b/arch/x86/kernel/kvmclock.c
@@ -289,6 +289,7 @@ void __init kvmclock_init(void)
        put_cpu();
        x86_platform.calibrate_tsc = kvm_get_tsc_khz;
+        x86_platform.calibrate_cpu = kvm_get_tsc_khz;
        x86_platform.get_wallclock = kvm_get_wallclock;
        x86_platform.set_wallclock = kvm_set_wallclock;
 #ifdef CONFIG_X86_LOCAL_APIC
diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c
index ad5bc9578a73..1acfd76e3e26 100644
--- a/arch/x86/kernel/paravirt.c
+++ b/arch/x86/kernel/paravirt.c
@@ -56,12 +56,12 @@ asm (".pushsection .entry.text, \"ax\"\n"
     ".popsection");
 /* identity function, which can be inlined */
-u32 _paravirt_ident_32(u32 x)
+u32 notrace _paravirt_ident_32(u32 x)
 {
        return x;
 }
-u64 _paravirt_ident_64(u64 x)
+u64 notrace _paravirt_ident_64(u64 x)
 {
        return x;
 }
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
index 2a6e84a30a54..4296beb8fdd3 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
@@ -100,10 +100,11 @@ EXPORT_PER_CPU_SYMBOL(cpu_info);
 /* Logical package management. We might want to allocate that dynamically */
 static int *physical_to_logical_pkg __read_mostly;
 static unsigned long *physical_package_map __read_mostly;;
-static unsigned long *logical_package_map  __read_mostly;
 static unsigned int max_physical_pkg_id __read_mostly;
 unsigned int __max_logical_packages __read_mostly;
 EXPORT_SYMBOL(__max_logical_packages);
+static unsigned int logical_packages __read_mostly;
+static bool logical_packages_frozen __read_mostly;
 /* Maximum number of SMT threads on any online core */
 int __max_smt_threads __read_mostly;
@@ -277,14 +278,14 @@ int topology_update_package_map(unsigned int apicid, unsigned int cpu)
        if (test_and_set_bit(pkg, physical_package_map))
                goto found;
-        new = find_first_zero_bit(logical_package_map, __max_logical_packages);
+        if (logical_packages_frozen) {
-        if (new >= __max_logical_packages) {
                physical_to_logical_pkg[pkg] = -1;
-                pr_warn("APIC(%x) Package %u exceeds logical package map\n",
+                pr_warn("APIC(%x) Package %u exceeds logical package max\n",
                        apicid, pkg);
                return -ENOSPC;
        }
-        set_bit(new, logical_package_map);
+        new = logical_packages++;
        pr_info("APIC(%x) Converting physical %u to logical package %u\n",
                apicid, pkg, new);
        physical_to_logical_pkg[pkg] = new;
@@ -341,6 +342,7 @@ static void __init smp_init_package_map(void)
        }
        __max_logical_packages = DIV_ROUND_UP(total_cpus, ncpus);
+        logical_packages = 0;
        /*
         * Possibly larger than what we need as the number of apic ids per
@@ -352,10 +354,6 @@ static void __init smp_init_package_map(void)
        memset(physical_to_logical_pkg, 0xff, size);
        size = BITS_TO_LONGS(max_physical_pkg_id) * sizeof(unsigned long);
        physical_package_map = kzalloc(size, GFP_KERNEL);
-        size = BITS_TO_LONGS(__max_logical_packages) * sizeof(unsigned long);
-        logical_package_map = kzalloc(size, GFP_KERNEL);
-        pr_info("Max logical packages: %u\n", __max_logical_packages);
        for_each_present_cpu(cpu) {
                unsigned int apicid = apic->cpu_present_to_apicid(cpu);
@@ -369,6 +367,15 @@ static void __init smp_init_package_map(void)
                set_cpu_possible(cpu, false);
                set_cpu_present(cpu, false);
        }
+        if (logical_packages > __max_logical_packages) {
+                pr_warn("Detected more packages (%u), then computed by BIOS data (%u).\n",
+                        logical_packages, __max_logical_packages);
+                logical_packages_frozen = true;
+                __max_logical_packages  = logical_packages;
+        }
+        pr_info("Max logical packages: %u\n", __max_logical_packages);
 }
 void __init smp_store_boot_cpu_info(void)
diff --git a/arch/x86/kvm/ioapic.c b/arch/x86/kvm/ioapic.c
index 5f42d038fcb4..c7220ba94aa7 100644
--- a/arch/x86/kvm/ioapic.c
+++ b/arch/x86/kvm/ioapic.c
@@ -109,6 +109,7 @@ static void __rtc_irq_eoi_tracking_restore_one(struct kvm_vcpu *vcpu)
 {
        bool new_val, old_val;
        struct kvm_ioapic *ioapic = vcpu->kvm->arch.vioapic;
+        struct dest_map *dest_map = &ioapic->rtc_status.dest_map;
        union kvm_ioapic_redirect_entry *e;
        e = &ioapic->redirtbl[RTC_GSI];
@@ -117,16 +118,17 @@ static void __rtc_irq_eoi_tracking_restore_one(struct kvm_vcpu *vcpu)
                return;
        new_val = kvm_apic_pending_eoi(vcpu, e->fields.vector);
-        old_val = test_bit(vcpu->vcpu_id, ioapic->rtc_status.dest_map.map);
+        old_val = test_bit(vcpu->vcpu_id, dest_map->map);
        if (new_val == old_val)
                return;
        if (new_val) {
-                __set_bit(vcpu->vcpu_id, ioapic->rtc_status.dest_map.map);
+                __set_bit(vcpu->vcpu_id, dest_map->map);
+                dest_map->vectors[vcpu->vcpu_id] = e->fields.vector;
                ioapic->rtc_status.pending_eoi++;
        } else {
-                __clear_bit(vcpu->vcpu_id, ioapic->rtc_status.dest_map.map);
+                __clear_bit(vcpu->vcpu_id, dest_map->map);
                ioapic->rtc_status.pending_eoi--;
                rtc_status_pending_eoi_check_valid(ioapic);
        }
diff --git a/arch/x86/kvm/pmu_amd.c b/arch/x86/kvm/pmu_amd.c
index 39b91127ef07..cd944435dfbd 100644
--- a/arch/x86/kvm/pmu_amd.c
+++ b/arch/x86/kvm/pmu_amd.c
@@ -23,8 +23,8 @@
 static struct kvm_event_hw_type_mapping amd_event_mapping[] = {
        [0] = { 0x76, 0x00, PERF_COUNT_HW_CPU_CYCLES },
        [1] = { 0xc0, 0x00, PERF_COUNT_HW_INSTRUCTIONS },
-        [2] = { 0x80, 0x00, PERF_COUNT_HW_CACHE_REFERENCES },
+        [2] = { 0x7d, 0x07, PERF_COUNT_HW_CACHE_REFERENCES },
-        [3] = { 0x81, 0x00, PERF_COUNT_HW_CACHE_MISSES },
+        [3] = { 0x7e, 0x07, PERF_COUNT_HW_CACHE_MISSES },
        [4] = { 0xc2, 0x00, PERF_COUNT_HW_BRANCH_INSTRUCTIONS },
        [5] = { 0xc3, 0x00, PERF_COUNT_HW_BRANCH_MISSES },
        [6] = { 0xd0, 0x00, PERF_COUNT_HW_STALLED_CYCLES_FRONTEND },
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index a45d8580f91e..5cede40e2552 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -422,6 +422,7 @@ struct nested_vmx {
        struct list_head vmcs02_pool;
        int vmcs02_num;
        u64 vmcs01_tsc_offset;
+        bool change_vmcs01_virtual_x2apic_mode;
        /* L2 must run next, and mustn't decide to exit to L1. */
        bool nested_run_pending;
        /*
@@ -435,6 +436,8 @@ struct nested_vmx {
        bool pi_pending;
        u16 posted_intr_nv;
+        unsigned long *msr_bitmap;
        struct hrtimer preemption_timer;
        bool preemption_timer_expired;
@@ -924,7 +927,6 @@ static unsigned long *vmx_msr_bitmap_legacy;
 static unsigned long *vmx_msr_bitmap_longmode;
 static unsigned long *vmx_msr_bitmap_legacy_x2apic;
 static unsigned long *vmx_msr_bitmap_longmode_x2apic;
-static unsigned long *vmx_msr_bitmap_nested;
 static unsigned long *vmx_vmread_bitmap;
 static unsigned long *vmx_vmwrite_bitmap;
@@ -2198,6 +2200,12 @@ static void vmx_vcpu_pi_load(struct kvm_vcpu *vcpu, int cpu)
                        new.control) != old.control);
 }
+static void decache_tsc_multiplier(struct vcpu_vmx *vmx)
+{
+        vmx->current_tsc_ratio = vmx->vcpu.arch.tsc_scaling_ratio;
+        vmcs_write64(TSC_MULTIPLIER, vmx->current_tsc_ratio);
+}
 /*
 * Switches to specified vcpu, until a matching vcpu_put(), but assumes
 * vcpu mutex is already taken.
@@ -2256,10 +2264,8 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
        /* Setup TSC multiplier */
        if (kvm_has_tsc_control &&
-            vmx->current_tsc_ratio != vcpu->arch.tsc_scaling_ratio) {
+            vmx->current_tsc_ratio != vcpu->arch.tsc_scaling_ratio)
-                vmx->current_tsc_ratio = vcpu->arch.tsc_scaling_ratio;
+                decache_tsc_multiplier(vmx);
-                vmcs_write64(TSC_MULTIPLIER, vmx->current_tsc_ratio);
-        }
        vmx_vcpu_pi_load(vcpu, cpu);
        vmx->host_pkru = read_pkru();
@@ -2508,7 +2514,7 @@ static void vmx_set_msr_bitmap(struct kvm_vcpu *vcpu)
        unsigned long *msr_bitmap;
        if (is_guest_mode(vcpu))
-                msr_bitmap = vmx_msr_bitmap_nested;
+                msr_bitmap = to_vmx(vcpu)->nested.msr_bitmap;
        else if (cpu_has_secondary_exec_ctrls() &&
                 (vmcs_read32(SECONDARY_VM_EXEC_CONTROL) &
                  SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE)) {
@@ -6363,13 +6369,6 @@ static __init int hardware_setup(void)
        if (!vmx_msr_bitmap_longmode_x2apic)
                goto out4;
-        if (nested) {
-                vmx_msr_bitmap_nested =
-                        (unsigned long *)__get_free_page(GFP_KERNEL);
-                if (!vmx_msr_bitmap_nested)
-                        goto out5;
-        }
        vmx_vmread_bitmap = (unsigned long *)__get_free_page(GFP_KERNEL);
        if (!vmx_vmread_bitmap)
                goto out6;
@@ -6392,8 +6391,6 @@ static __init int hardware_setup(void)
        memset(vmx_msr_bitmap_legacy, 0xff, PAGE_SIZE);
        memset(vmx_msr_bitmap_longmode, 0xff, PAGE_SIZE);
-        if (nested)
-                memset(vmx_msr_bitmap_nested, 0xff, PAGE_SIZE);
        if (setup_vmcs_config(&vmcs_config) < 0) {
                r = -EIO;
@@ -6529,9 +6526,6 @@ out8:
 out7:
        free_page((unsigned long)vmx_vmread_bitmap);
 out6:
-        if (nested)
-                free_page((unsigned long)vmx_msr_bitmap_nested);
-out5:
        free_page((unsigned long)vmx_msr_bitmap_longmode_x2apic);
 out4:
        free_page((unsigned long)vmx_msr_bitmap_longmode);
@@ -6557,8 +6551,6 @@ static __exit void hardware_unsetup(void)
        free_page((unsigned long)vmx_io_bitmap_a);
        free_page((unsigned long)vmx_vmwrite_bitmap);
        free_page((unsigned long)vmx_vmread_bitmap);
-        if (nested)
-                free_page((unsigned long)vmx_msr_bitmap_nested);
        free_kvm_area();
 }
@@ -6995,16 +6987,21 @@ static int handle_vmon(struct kvm_vcpu *vcpu)
                return 1;
        }
+        if (cpu_has_vmx_msr_bitmap()) {
+                vmx->nested.msr_bitmap =
+                                (unsigned long *)__get_free_page(GFP_KERNEL);
+                if (!vmx->nested.msr_bitmap)
+                        goto out_msr_bitmap;
+        }
        vmx->nested.cached_vmcs12 = kmalloc(VMCS12_SIZE, GFP_KERNEL);
        if (!vmx->nested.cached_vmcs12)
-                return -ENOMEM;
+                goto out_cached_vmcs12;
        if (enable_shadow_vmcs) {
                shadow_vmcs = alloc_vmcs();
-                if (!shadow_vmcs) {
+                if (!shadow_vmcs)
-                        kfree(vmx->nested.cached_vmcs12);
+                        goto out_shadow_vmcs;
-                        return -ENOMEM;
-                }
                /* mark vmcs as shadow */
                shadow_vmcs->revision_id |= (1u << 31);
                /* init shadow vmcs */
@@ -7024,6 +7021,15 @@ static int handle_vmon(struct kvm_vcpu *vcpu)
        skip_emulated_instruction(vcpu);
        nested_vmx_succeed(vcpu);
        return 1;
+out_shadow_vmcs:
+        kfree(vmx->nested.cached_vmcs12);
+out_cached_vmcs12:
+        free_page((unsigned long)vmx->nested.msr_bitmap);
+out_msr_bitmap:
+        return -ENOMEM;
 }
 /*
@@ -7098,6 +7104,10 @@ static void free_nested(struct vcpu_vmx *vmx)
        vmx->nested.vmxon = false;
        free_vpid(vmx->nested.vpid02);
        nested_release_vmcs12(vmx);
+        if (vmx->nested.msr_bitmap) {
+                free_page((unsigned long)vmx->nested.msr_bitmap);
+                vmx->nested.msr_bitmap = NULL;
+        }
        if (enable_shadow_vmcs)
                free_vmcs(vmx->nested.current_shadow_vmcs);
        kfree(vmx->nested.cached_vmcs12);
@@ -8419,6 +8429,12 @@ static void vmx_set_virtual_x2apic_mode(struct kvm_vcpu *vcpu, bool set)
 {
        u32 sec_exec_control;
+        /* Postpone execution until vmcs01 is the current VMCS. */
+        if (is_guest_mode(vcpu)) {
+                to_vmx(vcpu)->nested.change_vmcs01_virtual_x2apic_mode = true;
+                return;
+        }
        /*
         * There is not point to enable virtualize x2apic without enable
         * apicv
@@ -9472,8 +9488,10 @@ static inline bool nested_vmx_merge_msr_bitmap(struct kvm_vcpu *vcpu,
 {
        int msr;
        struct page *page;
-        unsigned long *msr_bitmap;
+        unsigned long *msr_bitmap_l1;
+        unsigned long *msr_bitmap_l0 = to_vmx(vcpu)->nested.msr_bitmap;
+        /* This shortcut is ok because we support only x2APIC MSRs so far. */
        if (!nested_cpu_has_virt_x2apic_mode(vmcs12))
                return false;
@@ -9482,63 +9500,37 @@ static inline bool nested_vmx_merge_msr_bitmap(struct kvm_vcpu *vcpu,
                WARN_ON(1);
                return false;
        }
-        msr_bitmap = (unsigned long *)kmap(page);
+        msr_bitmap_l1 = (unsigned long *)kmap(page);
-        if (!msr_bitmap) {
+        if (!msr_bitmap_l1) {
                nested_release_page_clean(page);
                WARN_ON(1);
                return false;
        }
+        memset(msr_bitmap_l0, 0xff, PAGE_SIZE);
        if (nested_cpu_has_virt_x2apic_mode(vmcs12)) {
                if (nested_cpu_has_apic_reg_virt(vmcs12))
                        for (msr = 0x800; msr <= 0x8ff; msr++)
                                nested_vmx_disable_intercept_for_msr(
-                                        msr_bitmap,
+                                        msr_bitmap_l1, msr_bitmap_l0,
-                                        vmx_msr_bitmap_nested,
                                        msr, MSR_TYPE_R);
-                /* TPR is allowed */
-                nested_vmx_disable_intercept_for_msr(msr_bitmap,
+                nested_vmx_disable_intercept_for_msr(
-                                vmx_msr_bitmap_nested,
+                                msr_bitmap_l1, msr_bitmap_l0,
                                APIC_BASE_MSR + (APIC_TASKPRI >> 4),
                                MSR_TYPE_R | MSR_TYPE_W);
                if (nested_cpu_has_vid(vmcs12)) {
-                        /* EOI and self-IPI are allowed */
                        nested_vmx_disable_intercept_for_msr(
-                                msr_bitmap,
+                                msr_bitmap_l1, msr_bitmap_l0,
-                                vmx_msr_bitmap_nested,
                                APIC_BASE_MSR + (APIC_EOI >> 4),
                                MSR_TYPE_W);
                        nested_vmx_disable_intercept_for_msr(
-                                msr_bitmap,
+                                msr_bitmap_l1, msr_bitmap_l0,
-                                vmx_msr_bitmap_nested,
                                APIC_BASE_MSR + (APIC_SELF_IPI >> 4),
                                MSR_TYPE_W);
                }
-        } else {
-                /*
-                 * Enable reading intercept of all the x2apic
-                 * MSRs. We should not rely on vmcs12 to do any
-                 * optimizations here, it may have been modified
-                 * by L1.
-                 */
-                for (msr = 0x800; msr <= 0x8ff; msr++)
-                        __vmx_enable_intercept_for_msr(
-                                vmx_msr_bitmap_nested,
-                                msr,
-                                MSR_TYPE_R);
-                __vmx_enable_intercept_for_msr(
-                                vmx_msr_bitmap_nested,
-                                APIC_BASE_MSR + (APIC_TASKPRI >> 4),
-                                MSR_TYPE_W);
-                __vmx_enable_intercept_for_msr(
-                                vmx_msr_bitmap_nested,
-                                APIC_BASE_MSR + (APIC_EOI >> 4),
-                                MSR_TYPE_W);
-                __vmx_enable_intercept_for_msr(
-                                vmx_msr_bitmap_nested,
-                                APIC_BASE_MSR + (APIC_SELF_IPI >> 4),
-                                MSR_TYPE_W);
        }
        kunmap(page);
        nested_release_page_clean(page);
@@ -9957,10 +9949,10 @@ static void prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
        }
        if (cpu_has_vmx_msr_bitmap() &&
-            exec_control & CPU_BASED_USE_MSR_BITMAPS) {
+            exec_control & CPU_BASED_USE_MSR_BITMAPS &&
-                nested_vmx_merge_msr_bitmap(vcpu, vmcs12);
+            nested_vmx_merge_msr_bitmap(vcpu, vmcs12))
-                /* MSR_BITMAP will be set by following vmx_set_efer. */
+                ; /* MSR_BITMAP will be set by following vmx_set_efer. */
-        } else
+        else
                exec_control &= ~CPU_BASED_USE_MSR_BITMAPS;
        /*
@@ -10011,6 +10003,8 @@ static void prepare_vmcs02(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12)
                        vmx->nested.vmcs01_tsc_offset + vmcs12->tsc_offset);
        else
                vmcs_write64(TSC_OFFSET, vmx->nested.vmcs01_tsc_offset);
+        if (kvm_has_tsc_control)
+                decache_tsc_multiplier(vmx);
        if (enable_vpid) {
                /*
@@ -10767,6 +10761,14 @@ static void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 exit_reason,
        else
                vmcs_set_bits(PIN_BASED_VM_EXEC_CONTROL,
                              PIN_BASED_VMX_PREEMPTION_TIMER);
+        if (kvm_has_tsc_control)
+                decache_tsc_multiplier(vmx);
+        if (vmx->nested.change_vmcs01_virtual_x2apic_mode) {
+                vmx->nested.change_vmcs01_virtual_x2apic_mode = false;
+                vmx_set_virtual_x2apic_mode(vcpu,
+                                vcpu->arch.apic_base & X2APIC_ENABLE);
+        }
        /* This is needed for same reason as it was needed in prepare_vmcs02 */
        vmx->host_rsp = 0;
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 19f9f9e05c2a..699f8726539a 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -2743,16 +2743,16 @@ void kvm_arch_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
                if (tsc_delta < 0)
                        mark_tsc_unstable("KVM discovered backwards TSC");
-                if (kvm_lapic_hv_timer_in_use(vcpu) &&
-                                kvm_x86_ops->set_hv_timer(vcpu,
-                                        kvm_get_lapic_tscdeadline_msr(vcpu)))
-                        kvm_lapic_switch_to_sw_timer(vcpu);
                if (check_tsc_unstable()) {
                        u64 offset = kvm_compute_tsc_offset(vcpu,
                                                vcpu->arch.last_guest_tsc);
                        kvm_x86_ops->write_tsc_offset(vcpu, offset);
                        vcpu->arch.tsc_catchup = 1;
                }
+                if (kvm_lapic_hv_timer_in_use(vcpu) &&
+                                kvm_x86_ops->set_hv_timer(vcpu,
+                                        kvm_get_lapic_tscdeadline_msr(vcpu)))
+                        kvm_lapic_switch_to_sw_timer(vcpu);
                /*
                 * On a host with synchronized TSC, there is no need to update
                 * kvmclock on vcpu->cpu migration
diff --git a/arch/x86/mm/kaslr.c b/arch/x86/mm/kaslr.c
index ec8654f117d8..bda8d5eef04d 100644
--- a/arch/x86/mm/kaslr.c
+++ b/arch/x86/mm/kaslr.c
@@ -77,7 +77,7 @@ static inline unsigned long get_padding(struct kaslr_memory_region *region)
 */
 static inline bool kaslr_memory_enabled(void)
 {
-        return kaslr_enabled() && !config_enabled(CONFIG_KASAN);
+        return kaslr_enabled() && !IS_ENABLED(CONFIG_KASAN);
 }
 /* Initialize base and padding for each memory region randomized with KASLR */
diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c
index ecb1b69c1651..170cc4ff057b 100644
--- a/arch/x86/mm/pat.c
+++ b/arch/x86/mm/pat.c
@@ -927,9 +927,10 @@ int track_pfn_copy(struct vm_area_struct *vma)
 }
 /*
- * prot is passed in as a parameter for the new mapping. If the vma has a
+ * prot is passed in as a parameter for the new mapping. If the vma has
- * linear pfn mapping for the entire range reserve the entire vma range with
+ * a linear pfn mapping for the entire range, or no vma is provided,
- * single reserve_pfn_range call.
+ * reserve the entire pfn + size range with single reserve_pfn_range
+ * call.
 */
 int track_pfn_remap(struct vm_area_struct *vma, pgprot_t *prot,
                    unsigned long pfn, unsigned long addr, unsigned long size)
@@ -938,11 +939,12 @@ int track_pfn_remap(struct vm_area_struct *vma, pgprot_t *prot,
        enum page_cache_mode pcm;
        /* reserve the whole chunk starting from paddr */
-        if (addr == vma->vm_start && size == (vma->vm_end - vma->vm_start)) {
+        if (!vma || (addr == vma->vm_start
+                                && size == (vma->vm_end - vma->vm_start))) {
                int ret;
                ret = reserve_pfn_range(paddr, size, prot, 0);
-                if (!ret)
+                if (ret == 0 && vma)
                        vma->vm_flags |= VM_PAT;
                return ret;
        }
@@ -997,7 +999,7 @@ void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn,
        resource_size_t paddr;
        unsigned long prot;
-        if (!(vma->vm_flags & VM_PAT))
+        if (vma && !(vma->vm_flags & VM_PAT))
                return;
        /* free the chunk starting from pfn or the whole chunk */
@@ -1011,7 +1013,8 @@ void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn,
                size = vma->vm_end - vma->vm_start;
        }
        free_pfn_range(paddr, size);
-        vma->vm_flags &= ~VM_PAT;
+        if (vma)
+                vma->vm_flags &= ~VM_PAT;
 }
 /*
diff --git a/arch/x86/pci/fixup.c b/arch/x86/pci/fixup.c
index 837ea36a837d..6d52b94f4bb9 100644
--- a/arch/x86/pci/fixup.c
+++ b/arch/x86/pci/fixup.c
@@ -553,15 +553,21 @@ static void twinhead_reserve_killing_zone(struct pci_dev *dev)
 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x27B9, twinhead_reserve_killing_zone);
 /*
- * Broadwell EP Home Agent BARs erroneously return non-zero values when read.
+ * Device [8086:2fc0]
+ * Erratum HSE43
+ * CONFIG_TDP_NOMINAL CSR Implemented at Incorrect Offset
+ * http://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html
 *
- * See http://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v4-spec-update.html
+ * Devices [8086:6f60,6fa0,6fc0]
- * entry BDF2.
+ * Erratum BDF2
+ * PCI BARs in the Home Agent Will Return Non-Zero Values During Enumeration
+ * http://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v4-spec-update.html
 */
-static void pci_bdwep_bar(struct pci_dev *dev)
+static void pci_invalid_bar(struct pci_dev *dev)
 {
        dev->non_compliant_bars = 1;
 }
-DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0x6f60, pci_bdwep_bar);
+DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0x2fc0, pci_invalid_bar);
-DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0x6fa0, pci_bdwep_bar);
+DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0x6f60, pci_invalid_bar);
-DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0x6fc0, pci_bdwep_bar);
+DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0x6fa0, pci_invalid_bar);
+DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_INTEL, 0x6fc0, pci_invalid_bar);
diff --git a/arch/x86/pci/vmd.c b/arch/x86/pci/vmd.c
index b814ca675131..7948be342ee9 100644
--- a/arch/x86/pci/vmd.c
+++ b/arch/x86/pci/vmd.c
@@ -41,6 +41,7 @@ static DEFINE_RAW_SPINLOCK(list_lock);
 * @node:       list item for parent traversal.
 * @rcu:        RCU callback item for freeing.
 * @irq:        back pointer to parent.
+ * @enabled:    true if driver enabled IRQ
 * @virq:       the virtual IRQ value provided to the requesting driver.
 *
 * Every MSI/MSI-X IRQ requested for a device in a VMD domain will be mapped to
@@ -50,6 +51,7 @@ struct vmd_irq {
        struct list_head        node;
        struct rcu_head         rcu;
        struct vmd_irq_list     *irq;
+        bool                    enabled;
        unsigned int            virq;
 };
@@ -122,7 +124,9 @@ static void vmd_irq_enable(struct irq_data *data)
        unsigned long flags;
        raw_spin_lock_irqsave(&list_lock, flags);
+        WARN_ON(vmdirq->enabled);
        list_add_tail_rcu(&vmdirq->node, &vmdirq->irq->irq_list);
+        vmdirq->enabled = true;
        raw_spin_unlock_irqrestore(&list_lock, flags);
        data->chip->irq_unmask(data);
@@ -136,8 +140,10 @@ static void vmd_irq_disable(struct irq_data *data)
        data->chip->irq_mask(data);
        raw_spin_lock_irqsave(&list_lock, flags);
-        list_del_rcu(&vmdirq->node);
+        if (vmdirq->enabled) {
-        INIT_LIST_HEAD_RCU(&vmdirq->node);
+                list_del_rcu(&vmdirq->node);
+                vmdirq->enabled = false;
+        }
        raw_spin_unlock_irqrestore(&list_lock, flags);
 }
diff --git a/arch/x86/power/hibernate_64.c b/arch/x86/power/hibernate_64.c
index a3e3ccc87138..9634557a5444 100644
--- a/arch/x86/power/hibernate_64.c
+++ b/arch/x86/power/hibernate_64.c
@@ -113,7 +113,7 @@ static int set_up_temporary_mappings(void)
                        return result;
        }
-        temp_level4_pgt = (unsigned long)pgd - __PAGE_OFFSET;
+        temp_level4_pgt = __pa(pgd);
        return 0;
 }
diff --git a/arch/x86/um/ptrace_32.c b/arch/x86/um/ptrace_32.c
index ebd4dd6ef73b..a7ef7b131e25 100644
--- a/arch/x86/um/ptrace_32.c
+++ b/arch/x86/um/ptrace_32.c
@@ -84,7 +84,10 @@ int putreg(struct task_struct *child, int regno, unsigned long value)
        case EAX:
        case EIP:
        case UESP:
+                break;
        case ORIG_EAX:
+                /* Update the syscall number. */
+                UPT_SYSCALL_NR(&child->thread.regs.regs) = value;
                break;
        case FS:
                if (value && (value & 3) != 3)
diff --git a/arch/x86/um/ptrace_64.c b/arch/x86/um/ptrace_64.c
index faab418876ce..0b5c184dd5b3 100644
--- a/arch/x86/um/ptrace_64.c
+++ b/arch/x86/um/ptrace_64.c
@@ -78,7 +78,11 @@ int putreg(struct task_struct *child, int regno, unsigned long value)
        case RSI:
        case RDI:
        case RBP:
+                break;
        case ORIG_RAX:
+                /* Update the syscall number. */
+                UPT_SYSCALL_NR(&child->thread.regs.regs) = value;
                break;
        case FS:
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
index 8ffb089b19a5..b86ebb1a9a7f 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -118,7 +118,7 @@ DEFINE_PER_CPU(struct vcpu_info *, xen_vcpu);
 DEFINE_PER_CPU(struct vcpu_info, xen_vcpu_info);
 /* Linux <-> Xen vCPU id mapping */
-DEFINE_PER_CPU(int, xen_vcpu_id) = -1;
+DEFINE_PER_CPU(uint32_t, xen_vcpu_id);
 EXPORT_PER_CPU_SYMBOL(xen_vcpu_id);
 enum xen_domain_type xen_domain_type = XEN_NATIVE;
author	Ingo Molnar <mingo@kernel.org>	2016-09-22 05:15:38 -0400
committer	Ingo Molnar <mingo@kernel.org>	2016-09-22 05:15:38 -0400
commit	baad92e34458fc051735c769437ab33719ebb2ef (patch)
tree	f301627afa3e951cc2f906da1546e5daca9355da /arch/x86
parent	f43ea76cf310c3be95cb75ae1350cbe76a8f2380 (diff)
parent	7d1e042314619115153a0f6f06e4552c09a50e13 (diff)