29 files changed, 144 insertions, 59 deletions

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 7aef2d52daa0..328c8352480c 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1006,7 +1006,7 @@ config X86_THERMAL_VECTOR
         depends on X86_MCE_INTEL
 
 config X86_LEGACY_VM86
-        bool "Legacy VM86 support (obsolete)"
+        bool "Legacy VM86 support"
         default n
         depends on X86_32
         ---help---
@@ -1018,19 +1018,20 @@ config X86_LEGACY_VM86
           available to accelerate real mode DOS programs.  However, any
           recent version of DOSEMU, X, or vbetool should be fully
           functional even without kernel VM86 support, as they will all
-          fall back to (pretty well performing) software emulation.
+          fall back to software emulation. Nevertheless, if you are using
+          a 16-bit DOS program where 16-bit performance matters, vm86
+          mode might be faster than emulation and you might want to
+          enable this option.
 
-          Anything that works on a 64-bit kernel is unlikely to need
-          this option, as 64-bit kernels don't, and can't, support V8086
-          mode.  This option is also unrelated to 16-bit protected mode
-          and is not needed to run most 16-bit programs under Wine.
+          Note that any app that works on a 64-bit kernel is unlikely to
+          need this option, as 64-bit kernels don't, and can't, support
+          V8086 mode. This option is also unrelated to 16-bit protected
+          mode and is not needed to run most 16-bit programs under Wine.
 
-          Enabling this option adds considerable attack surface to the
-          kernel and slows down system calls and exception handling.
+          Enabling this option increases the complexity of the kernel
+          and slows down exception handling a tiny bit.
 
-          Unless you use very old userspace or need the last drop of
-          performance in your real mode DOS games and can't use KVM,
-          say N here.
+          If unsure, say N here.
 
 config VM86
        bool
diff --git a/arch/x86/entry/syscalls/syscall_32.tbl b/arch/x86/entry/syscalls/syscall_32.tbl
index 477bfa6db370..7663c455b9f6 100644
--- a/arch/x86/entry/syscalls/syscall_32.tbl
+++ b/arch/x86/entry/syscalls/syscall_32.tbl
@@ -381,3 +381,4 @@
 372     i386    recvmsg                 sys_recvmsg                     compat_sys_recvmsg
 373     i386    shutdown                sys_shutdown
 374     i386    userfaultfd             sys_userfaultfd
+375     i386    membarrier              sys_membarrier
diff --git a/arch/x86/entry/syscalls/syscall_64.tbl b/arch/x86/entry/syscalls/syscall_64.tbl
index 81c490634db9..278842fdf1f6 100644
--- a/arch/x86/entry/syscalls/syscall_64.tbl
+++ b/arch/x86/entry/syscalls/syscall_64.tbl
@@ -330,6 +330,7 @@
 321     common  bpf                     sys_bpf
 322     64      execveat                stub_execveat
 323     common  userfaultfd             sys_userfaultfd
+324     common  membarrier              sys_membarrier
 
 #
 # x32-specific system call numbers start at 512 to avoid cache impact
diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h
index 477fc28050e4..e6cf2ad350d1 100644
--- a/arch/x86/include/asm/cpufeature.h
+++ b/arch/x86/include/asm/cpufeature.h
@@ -241,6 +241,7 @@
 #define X86_FEATURE_AVX512PF    ( 9*32+26) /* AVX-512 Prefetch */
 #define X86_FEATURE_AVX512ER    ( 9*32+27) /* AVX-512 Exponential and Reciprocal */
 #define X86_FEATURE_AVX512CD    ( 9*32+28) /* AVX-512 Conflict Detection */
+#define X86_FEATURE_SHA_NI      ( 9*32+29) /* SHA1/SHA256 Instruction Extensions */
 
 /* Extended state features, CPUID level 0x0000000d:1 (eax), word 10 */
 #define X86_FEATURE_XSAVEOPT    (10*32+ 0) /* XSAVEOPT */
diff --git a/arch/x86/include/asm/efi.h b/arch/x86/include/asm/efi.h
index 155162ea0e00..ab5f1d447ef9 100644
--- a/arch/x86/include/asm/efi.h
+++ b/arch/x86/include/asm/efi.h
@@ -86,6 +86,16 @@ extern u64 asmlinkage efi_call(void *fp, ...);
 extern void __iomem *__init efi_ioremap(unsigned long addr, unsigned long size,
                                         u32 type, u64 attribute);
 
+/*
+ * CONFIG_KASAN may redefine memset to __memset.  __memset function is present
+ * only in kernel binary.  Since the EFI stub linked into a separate binary it
+ * doesn't have __memset().  So we should use standard memset from
+ * arch/x86/boot/compressed/string.c.  The same applies to memcpy and memmove.
+ */
+#undef memcpy
+#undef memset
+#undef memmove
+
 #endif /* CONFIG_X86_32 */
 
 extern struct efi_scratch efi_scratch;
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index c12e845f59e6..2beee0382088 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -40,6 +40,7 @@
 
 #define KVM_PIO_PAGE_OFFSET 1
 #define KVM_COALESCED_MMIO_PAGE_OFFSET 2
+#define KVM_HALT_POLL_NS_DEFAULT 500000
 
 #define KVM_IRQCHIP_NUM_PINS  KVM_IOAPIC_NUM_PINS
 
@@ -711,6 +712,7 @@ struct kvm_vcpu_stat {
         u32 nmi_window_exits;
         u32 halt_exits;
         u32 halt_successful_poll;
+        u32 halt_attempted_poll;
         u32 halt_wakeup;
         u32 request_irq_exits;
         u32 irq_exits;
diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
index c1c0a1c14344..b98b471a3b7e 100644
--- a/arch/x86/include/asm/msr-index.h
+++ b/arch/x86/include/asm/msr-index.h
@@ -331,6 +331,7 @@
 /* C1E active bits in int pending message */
 #define K8_INTP_C1E_ACTIVE_MASK         0x18000000
 #define MSR_K8_TSEG_ADDR                0xc0010112
+#define MSR_K8_TSEG_MASK                0xc0010113
 #define K8_MTRRFIXRANGE_DRAM_ENABLE     0x00040000 /* MtrrFixDramEn bit    */
 #define K8_MTRRFIXRANGE_DRAM_MODIFY     0x00080000 /* MtrrFixDramModEn bit */
 #define K8_MTRR_RDMEM_WRMEM_MASK        0x18181818 /* Mask: RdMem|WrMem    */
diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h
index ce029e4fa7c6..31247b5bff7c 100644
--- a/arch/x86/include/asm/paravirt_types.h
+++ b/arch/x86/include/asm/paravirt_types.h
@@ -97,7 +97,6 @@ struct pv_lazy_ops {
 struct pv_time_ops {
         unsigned long long (*sched_clock)(void);
         unsigned long long (*steal_clock)(int cpu);
-        unsigned long (*get_tsc_khz)(void);
 };
 
 struct pv_cpu_ops {
diff --git a/arch/x86/include/asm/qspinlock.h b/arch/x86/include/asm/qspinlock.h
index 9d51fae1cba3..eaba08076030 100644
--- a/arch/x86/include/asm/qspinlock.h
+++ b/arch/x86/include/asm/qspinlock.h
@@ -39,18 +39,27 @@ static inline void queued_spin_unlock(struct qspinlock *lock)
 }
 #endif
 
-#define virt_queued_spin_lock virt_queued_spin_lock
-
-static inline bool virt_queued_spin_lock(struct qspinlock *lock)
+#ifdef CONFIG_PARAVIRT
+#define virt_spin_lock virt_spin_lock
+static inline bool virt_spin_lock(struct qspinlock *lock)
 {
         if (!static_cpu_has(X86_FEATURE_HYPERVISOR))
                 return false;
 
-        while (atomic_cmpxchg(&lock->val, 0, _Q_LOCKED_VAL) != 0)
-                cpu_relax();
+        /*
+         * On hypervisors without PARAVIRT_SPINLOCKS support we fall
+         * back to a Test-and-Set spinlock, because fair locks have
+         * horrible lock 'holder' preemption issues.
+         */
+
+        do {
+                while (atomic_read(&lock->val) != 0)
+                        cpu_relax();
+        } while (atomic_cmpxchg(&lock->val, 0, _Q_LOCKED_VAL) != 0);
 
         return true;
 }
+#endif /* CONFIG_PARAVIRT */
 
 #include <asm-generic/qspinlock.h>
 
diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c
index c42827eb86cf..25f909362b7a 100644
--- a/arch/x86/kernel/alternative.c
+++ b/arch/x86/kernel/alternative.c
@@ -338,10 +338,15 @@ done:
 
 static void __init_or_module optimize_nops(struct alt_instr *a, u8 *instr)
 {
+        unsigned long flags;
+
         if (instr[0] != 0x90)
                 return;
 
+        local_irq_save(flags);
         add_nops(instr + (a->instrlen - a->padlen), a->padlen);
+        sync_core();
+        local_irq_restore(flags);
 
         DUMP_BYTES(instr, a->instrlen, "%p: [%d:%d) optimized NOPs: ",
                    instr, a->instrlen - a->padlen, a->padlen);
diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
index 3ca3e46aa405..24e94ce454e2 100644
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
@@ -336,6 +336,13 @@ static void __setup_APIC_LVTT(unsigned int clocks, int oneshot, int irqen)
         apic_write(APIC_LVTT, lvtt_value);
 
         if (lvtt_value & APIC_LVT_TIMER_TSCDEADLINE) {
+                /*
+                 * See Intel SDM: TSC-Deadline Mode chapter. In xAPIC mode,
+                 * writing to the APIC LVTT and TSC_DEADLINE MSR isn't serialized.
+                 * According to Intel, MFENCE can do the serialization here.
+                 */
+                asm volatile("mfence" : : : "memory");
+
                 printk_once(KERN_DEBUG "TSC deadline timer enabled\n");
                 return;
         }
diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c
index 38a76f826530..5c60bb162622 100644
--- a/arch/x86/kernel/apic/io_apic.c
+++ b/arch/x86/kernel/apic/io_apic.c
@@ -2522,6 +2522,7 @@ void __init setup_ioapic_dest(void)
         int pin, ioapic, irq, irq_entry;
         const struct cpumask *mask;
         struct irq_data *idata;
+        struct irq_chip *chip;
 
         if (skip_ioapic_setup == 1)
                 return;
@@ -2545,9 +2546,9 @@ void __init setup_ioapic_dest(void)
                 else
                         mask = apic->target_cpus();
 
-                irq_set_affinity(irq, mask);
+                chip = irq_data_get_irq_chip(idata);
+                chip->irq_set_affinity(idata, mask, false);
         }
-
 }
 #endif
 
diff --git a/arch/x86/kernel/apic/vector.c b/arch/x86/kernel/apic/vector.c
index 1bbd0fe2c806..836d11b92811 100644
--- a/arch/x86/kernel/apic/vector.c
+++ b/arch/x86/kernel/apic/vector.c
@@ -489,10 +489,8 @@ static int apic_set_affinity(struct irq_data *irq_data,
 
         err = assign_irq_vector(irq, data, dest);
         if (err) {
-                struct irq_data *top = irq_get_irq_data(irq);
-
                 if (assign_irq_vector(irq, data,
-                                      irq_data_get_affinity_mask(top)))
+                                      irq_data_get_affinity_mask(irq_data)))
                         pr_err("Failed to recover vector for irq %d\n", irq);
                 return err;
         }
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 07ce52c22ec8..de22ea7ff82f 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -1110,10 +1110,10 @@ void print_cpu_info(struct cpuinfo_x86 *c)
         else
                 printk(KERN_CONT "%d86", c->x86);
 
-        printk(KERN_CONT " (fam: %02x, model: %02x", c->x86, c->x86_model);
+        printk(KERN_CONT " (family: 0x%x, model: 0x%x", c->x86, c->x86_model);
 
         if (c->x86_mask || c->cpuid_level >= 0)
-                printk(KERN_CONT ", stepping: %02x)\n", c->x86_mask);
+                printk(KERN_CONT ", stepping: 0x%x)\n", c->x86_mask);
         else
                 printk(KERN_CONT ")\n");
 
diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c
index cd9b6d0b10bf..3fefebfbdf4b 100644
--- a/arch/x86/kernel/cpu/perf_event_intel.c
+++ b/arch/x86/kernel/cpu/perf_event_intel.c
@@ -2316,9 +2316,12 @@ static struct event_constraint *
 intel_get_event_constraints(struct cpu_hw_events *cpuc, int idx,
                             struct perf_event *event)
 {
-        struct event_constraint *c1 = cpuc->event_constraint[idx];
+        struct event_constraint *c1 = NULL;
         struct event_constraint *c2;
 
+        if (idx >= 0) /* fake does < 0 */
+                c1 = cpuc->event_constraint[idx];
+
         /*
          * first time only
          * - static constraint: no change across incremental scheduling calls
diff --git a/arch/x86/kernel/cpu/perf_event_intel_bts.c b/arch/x86/kernel/cpu/perf_event_intel_bts.c
index 54690e885759..d1c0f254afbe 100644
--- a/arch/x86/kernel/cpu/perf_event_intel_bts.c
+++ b/arch/x86/kernel/cpu/perf_event_intel_bts.c
@@ -222,6 +222,7 @@ static void __bts_event_start(struct perf_event *event)
         if (!buf || bts_buffer_is_full(buf, bts))
                 return;
 
+        event->hw.itrace_started = 1;
         event->hw.state = 0;
 
         if (!buf->snapshot)
diff --git a/arch/x86/kernel/irq_32.c b/arch/x86/kernel/irq_32.c
index c80cf6699678..38da8f29a9c8 100644
--- a/arch/x86/kernel/irq_32.c
+++ b/arch/x86/kernel/irq_32.c
@@ -68,11 +68,10 @@ static inline void *current_stack(void)
         return (void *)(current_stack_pointer() & ~(THREAD_SIZE - 1));
 }
 
-static inline int
-execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq)
+static inline int execute_on_irq_stack(int overflow, struct irq_desc *desc)
 {
         struct irq_stack *curstk, *irqstk;
-        u32 *isp, *prev_esp, arg1, arg2;
+        u32 *isp, *prev_esp, arg1;
 
         curstk = (struct irq_stack *) current_stack();
         irqstk = __this_cpu_read(hardirq_stack);
@@ -98,8 +97,8 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq)
         asm volatile("xchgl     %%ebx,%%esp     \n"
                      "call      *%%edi          \n"
                      "movl      %%ebx,%%esp     \n"
-                     : "=a" (arg1), "=d" (arg2), "=b" (isp)
-                     :  "0" (irq),   "1" (desc),  "2" (isp),
+                     : "=a" (arg1), "=b" (isp)
+                     :  "0" (desc),   "1" (isp),
                         "D" (desc->handle_irq)
                      : "memory", "cc", "ecx");
         return 1;
@@ -150,19 +149,15 @@ void do_softirq_own_stack(void)
 
 bool handle_irq(struct irq_desc *desc, struct pt_regs *regs)
 {
-        unsigned int irq;
-        int overflow;
-
-        overflow = check_stack_overflow();
+        int overflow = check_stack_overflow();
 
         if (IS_ERR_OR_NULL(desc))
                 return false;
 
-        irq = irq_desc_get_irq(desc);
-        if (user_mode(regs) || !execute_on_irq_stack(overflow, desc, irq)) {
+        if (user_mode(regs) || !execute_on_irq_stack(overflow, desc)) {
                 if (unlikely(overflow))
                         print_stack_overflow();
-                generic_handle_irq_desc(irq, desc);
+                generic_handle_irq_desc(desc);
         }
 
         return true;
diff --git a/arch/x86/kernel/irq_64.c b/arch/x86/kernel/irq_64.c
index ff16ccb918f2..c767cf2bc80a 100644
--- a/arch/x86/kernel/irq_64.c
+++ b/arch/x86/kernel/irq_64.c
@@ -75,6 +75,6 @@ bool handle_irq(struct irq_desc *desc, struct pt_regs *regs)
         if (unlikely(IS_ERR_OR_NULL(desc)))
                 return false;
 
-        generic_handle_irq_desc(irq_desc_get_irq(desc), desc);
+        generic_handle_irq_desc(desc);
         return true;
 }
diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c
index 2bcc0525f1c1..6acc9dd91f36 100644
--- a/arch/x86/kernel/ldt.c
+++ b/arch/x86/kernel/ldt.c
@@ -58,7 +58,7 @@ static struct ldt_struct *alloc_ldt_struct(int size)
         if (alloc_size > PAGE_SIZE)
                 new_ldt->entries = vzalloc(alloc_size);
         else
-                new_ldt->entries = kzalloc(PAGE_SIZE, GFP_KERNEL);
+                new_ldt->entries = (void *)get_zeroed_page(GFP_KERNEL);
 
         if (!new_ldt->entries) {
                 kfree(new_ldt);
@@ -95,7 +95,7 @@ static void free_ldt_struct(struct ldt_struct *ldt)
         if (ldt->size * LDT_ENTRY_SIZE > PAGE_SIZE)
                 vfree(ldt->entries);
         else
-                kfree(ldt->entries);
+                free_page((unsigned long)ldt->entries);
         kfree(ldt);
 }
 
diff --git a/arch/x86/kernel/pci-dma.c b/arch/x86/kernel/pci-dma.c
index 84b8ef82a159..1b55de1267cf 100644
--- a/arch/x86/kernel/pci-dma.c
+++ b/arch/x86/kernel/pci-dma.c
@@ -131,8 +131,8 @@ void dma_generic_free_coherent(struct device *dev, size_t size, void *vaddr,
 
 bool arch_dma_alloc_attrs(struct device **dev, gfp_t *gfp)
 {
-        *gfp = dma_alloc_coherent_gfp_flags(*dev, *gfp);
         *gfp &= ~(__GFP_DMA | __GFP_HIGHMEM | __GFP_DMA32);
+        *gfp = dma_alloc_coherent_gfp_flags(*dev, *gfp);
 
         if (!*dev)
                 *dev = &x86_dma_fallback_dev;
diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c
index c8d52cb4cb6e..c3f7602cd038 100644
--- a/arch/x86/kernel/tsc.c
+++ b/arch/x86/kernel/tsc.c
@@ -21,6 +21,7 @@
 #include <asm/hypervisor.h>
 #include <asm/nmi.h>
 #include <asm/x86_init.h>
+#include <asm/geode.h>
 
 unsigned int __read_mostly cpu_khz;     /* TSC clocks / usec, not used here */
 EXPORT_SYMBOL(cpu_khz);
@@ -1013,15 +1014,17 @@ EXPORT_SYMBOL_GPL(mark_tsc_unstable);
 
 static void __init check_system_tsc_reliable(void)
 {
-#ifdef CONFIG_MGEODE_LX
-        /* RTSC counts during suspend */
+#if defined(CONFIG_MGEODEGX1) || defined(CONFIG_MGEODE_LX) || defined(CONFIG_X86_GENERIC)
+        if (is_geode_lx()) {
+                /* RTSC counts during suspend */
 #define RTSC_SUSP 0x100
-        unsigned long res_low, res_high;
+                unsigned long res_low, res_high;
 
-        rdmsr_safe(MSR_GEODE_BUSCONT_CONF0, &res_low, &res_high);
-        /* Geode_LX - the OLPC CPU has a very reliable TSC */
-        if (res_low & RTSC_SUSP)
-                tsc_clocksource_reliable = 1;
+                rdmsr_safe(MSR_GEODE_BUSCONT_CONF0, &res_low, &res_high);
+                /* Geode_LX - the OLPC CPU has a very reliable TSC */
+                if (res_low & RTSC_SUSP)
+                        tsc_clocksource_reliable = 1;
+        }
 #endif
         if (boot_cpu_has(X86_FEATURE_TSC_RELIABLE))
                 tsc_clocksource_reliable = 1;
diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c
index abd8b856bd2b..524619351961 100644
--- a/arch/x86/kernel/vm86_32.c
+++ b/arch/x86/kernel/vm86_32.c
@@ -45,6 +45,7 @@
 #include <linux/audit.h>
 #include <linux/stddef.h>
 #include <linux/slab.h>
+#include <linux/security.h>
 
 #include <asm/uaccess.h>
 #include <asm/io.h>
@@ -232,6 +233,32 @@ static long do_sys_vm86(struct vm86plus_struct __user *user_vm86, bool plus)
         struct pt_regs *regs = current_pt_regs();
         unsigned long err = 0;
 
+        err = security_mmap_addr(0);
+        if (err) {
+                /*
+                 * vm86 cannot virtualize the address space, so vm86 users
+                 * need to manage the low 1MB themselves using mmap.  Given
+                 * that BIOS places important data in the first page, vm86
+                 * is essentially useless if mmap_min_addr != 0.  DOSEMU,
+                 * for example, won't even bother trying to use vm86 if it
+                 * can't map a page at virtual address 0.
+                 *
+                 * To reduce the available kernel attack surface, simply
+                 * disallow vm86(old) for users who cannot mmap at va 0.
+                 *
+                 * The implementation of security_mmap_addr will allow
+                 * suitably privileged users to map va 0 even if
+                 * vm.mmap_min_addr is set above 0, and we want this
+                 * behavior for vm86 as well, as it ensures that legacy
+                 * tools like vbetool will not fail just because of
+                 * vm.mmap_min_addr.
+                 */
+                pr_info_once("Denied a call to vm86(old) from %s[%d] (uid: %d).  Set the vm.mmap_min_addr sysctl to 0 and/or adjust LSM mmap_min_addr policy to enable vm86 if you are using a vm86-based DOS emulator.\n",
+                             current->comm, task_pid_nr(current),
+                             from_kuid_munged(&init_user_ns, current_uid()));
+                return -EPERM;
+        }
+
         if (!vm86) {
                 if (!(vm86 = kzalloc(sizeof(*vm86), GFP_KERNEL)))
                         return -ENOMEM;
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index 69088a1ba509..ff606f507913 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -3322,7 +3322,7 @@ walk_shadow_page_get_mmio_spte(struct kvm_vcpu *vcpu, u64 addr, u64 *sptep)
                         break;
 
                 reserved |= is_shadow_zero_bits_set(&vcpu->arch.mmu, spte,
-                                                    leaf);
+                                                    iterator.level);
         }
 
         walk_shadow_page_lockless_end(vcpu);
@@ -3614,7 +3614,7 @@ static void
 __reset_rsvds_bits_mask(struct kvm_vcpu *vcpu,
                         struct rsvd_bits_validate *rsvd_check,
                         int maxphyaddr, int level, bool nx, bool gbpages,
-                        bool pse)
+                        bool pse, bool amd)
 {
         u64 exb_bit_rsvd = 0;
         u64 gbpages_bit_rsvd = 0;
@@ -3631,7 +3631,7 @@ __reset_rsvds_bits_mask(struct kvm_vcpu *vcpu,
          * Non-leaf PML4Es and PDPEs reserve bit 8 (which would be the G bit for
          * leaf entries) on AMD CPUs only.
          */
-        if (guest_cpuid_is_amd(vcpu))
+        if (amd)
                 nonleaf_bit8_rsvd = rsvd_bits(8, 8);
 
         switch (level) {
@@ -3699,7 +3699,7 @@ static void reset_rsvds_bits_mask(struct kvm_vcpu *vcpu,
         __reset_rsvds_bits_mask(vcpu, &context->guest_rsvd_check,
                                 cpuid_maxphyaddr(vcpu), context->root_level,
                                 context->nx, guest_cpuid_has_gbpages(vcpu),
-                                is_pse(vcpu));
+                                is_pse(vcpu), guest_cpuid_is_amd(vcpu));
 }
 
 static void
@@ -3749,13 +3749,24 @@ static void reset_rsvds_bits_mask_ept(struct kvm_vcpu *vcpu,
 void
 reset_shadow_zero_bits_mask(struct kvm_vcpu *vcpu, struct kvm_mmu *context)
 {
+        /*
+         * Passing "true" to the last argument is okay; it adds a check
+         * on bit 8 of the SPTEs which KVM doesn't use anyway.
+         */
         __reset_rsvds_bits_mask(vcpu, &context->shadow_zero_check,
                                 boot_cpu_data.x86_phys_bits,
                                 context->shadow_root_level, context->nx,
-                                guest_cpuid_has_gbpages(vcpu), is_pse(vcpu));
+                                guest_cpuid_has_gbpages(vcpu), is_pse(vcpu),
+                                true);
 }
 EXPORT_SYMBOL_GPL(reset_shadow_zero_bits_mask);
 
+static inline bool boot_cpu_is_amd(void)
+{
+        WARN_ON_ONCE(!tdp_enabled);
+        return shadow_x_mask == 0;
+}
+
 /*
  * the direct page table on host, use as much mmu features as
  * possible, however, kvm currently does not do execution-protection.
@@ -3764,11 +3775,11 @@ static void
 reset_tdp_shadow_zero_bits_mask(struct kvm_vcpu *vcpu,
                                 struct kvm_mmu *context)
 {
-        if (guest_cpuid_is_amd(vcpu))
+        if (boot_cpu_is_amd())
                 __reset_rsvds_bits_mask(vcpu, &context->shadow_zero_check,
                                         boot_cpu_data.x86_phys_bits,
                                         context->shadow_root_level, false,
-                                        cpu_has_gbpages, true);
+                                        cpu_has_gbpages, true, true);
         else
                 __reset_rsvds_bits_mask_ept(&context->shadow_zero_check,
                                             boot_cpu_data.x86_phys_bits,
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index fdb8cb63a6c0..94b7d15db3fc 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -202,6 +202,7 @@ module_param(npt, int, S_IRUGO);
 static int nested = true;
 module_param(nested, int, S_IRUGO);
 
+static void svm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0);
 static void svm_flush_tlb(struct kvm_vcpu *vcpu);
 static void svm_complete_interrupts(struct vcpu_svm *svm);
 
@@ -1263,7 +1264,8 @@ static void init_vmcb(struct vcpu_svm *svm, bool init_event)
          * svm_set_cr0() sets PG and WP and clears NW and CD on save->cr0.
          * It also updates the guest-visible cr0 value.
          */
-        (void)kvm_set_cr0(&svm->vcpu, X86_CR0_NW | X86_CR0_CD | X86_CR0_ET);
+        svm_set_cr0(&svm->vcpu, X86_CR0_NW | X86_CR0_CD | X86_CR0_ET);
+        kvm_mmu_reset_context(&svm->vcpu);
 
         save->cr4 = X86_CR4_PAE;
         /* rdx = ?? */
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index d01986832afc..64076740251e 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -6064,6 +6064,8 @@ static __init int hardware_setup(void)
         memcpy(vmx_msr_bitmap_longmode_x2apic,
                         vmx_msr_bitmap_longmode, PAGE_SIZE);
 
+        set_bit(0, vmx_vpid_bitmap); /* 0 is reserved for host */
+
         if (enable_apicv) {
                 for (msr = 0x800; msr <= 0x8ff; msr++)
                         vmx_disable_intercept_msr_read_x2apic(msr);
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index a60bdbccff51..991466bf8dee 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -149,6 +149,7 @@ struct kvm_stats_debugfs_item debugfs_entries[] = {
         { "nmi_window", VCPU_STAT(nmi_window_exits) },
         { "halt_exits", VCPU_STAT(halt_exits) },
         { "halt_successful_poll", VCPU_STAT(halt_successful_poll) },
+        { "halt_attempted_poll", VCPU_STAT(halt_attempted_poll) },
         { "halt_wakeup", VCPU_STAT(halt_wakeup) },
         { "hypercalls", VCPU_STAT(hypercalls) },
         { "request_irq", VCPU_STAT(request_irq_exits) },
@@ -2189,6 +2190,8 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
         case MSR_IA32_LASTINTFROMIP:
         case MSR_IA32_LASTINTTOIP:
         case MSR_K8_SYSCFG:
+        case MSR_K8_TSEG_ADDR:
+        case MSR_K8_TSEG_MASK:
         case MSR_K7_HWCR:
         case MSR_VM_HSAVE_PA:
         case MSR_K8_INT_PENDING_MSG:
diff --git a/arch/x86/lguest/boot.c b/arch/x86/lguest/boot.c
index 161804de124a..a0d09f6c6533 100644
--- a/arch/x86/lguest/boot.c
+++ b/arch/x86/lguest/boot.c
@@ -1015,7 +1015,7 @@ static struct clock_event_device lguest_clockevent = {
  * This is the Guest timer interrupt handler (hardware interrupt 0).  We just
  * call the clockevent infrastructure and it does whatever needs doing.
  */
-static void lguest_time_irq(unsigned int irq, struct irq_desc *desc)
+static void lguest_time_irq(struct irq_desc *desc)
 {
         unsigned long flags;
 
diff --git a/arch/x86/mm/srat.c b/arch/x86/mm/srat.c
index 66338a60aa6e..c2aea63bee20 100644
--- a/arch/x86/mm/srat.c
+++ b/arch/x86/mm/srat.c
@@ -192,10 +192,11 @@ acpi_numa_memory_affinity_init(struct acpi_srat_mem_affinity *ma)
 
         node_set(node, numa_nodes_parsed);
 
-        pr_info("SRAT: Node %u PXM %u [mem %#010Lx-%#010Lx]%s\n",
+        pr_info("SRAT: Node %u PXM %u [mem %#010Lx-%#010Lx]%s%s\n",
                 node, pxm,
                 (unsigned long long) start, (unsigned long long) end - 1,
-                hotpluggable ? " hotplug" : "");
+                hotpluggable ? " hotplug" : "",
+                ma->flags & ACPI_SRAT_MEM_NON_VOLATILE ? " non-volatile" : "");
 
         /* Mark hotplug range in memblock. */
         if (hotpluggable && memblock_mark_hotplug(start, ma->length))
diff --git a/arch/x86/pci/common.c b/arch/x86/pci/common.c
index 09d3afc0a181..dc78a4a9a466 100644
--- a/arch/x86/pci/common.c
+++ b/arch/x86/pci/common.c
@@ -166,6 +166,7 @@ void pcibios_fixup_bus(struct pci_bus *b)
 {
         struct pci_dev *dev;
 
+        pci_read_bridge_bases(b);
         list_for_each_entry(dev, &b->devices, bus_list)
                 pcibios_fixup_device_resources(dev);
 }