Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

Fun set of conflict resolutions here...

For the mac80211 stuff, these were fortunately just parallel
adds.  Trivially resolved.

In drivers/net/phy/phy.c we had a bug fix in 'net' that moved the
function phy_disable_interrupts() earlier in the file, whilst in
'net-next' the phy_error() call from this function was removed.

In net/ipv4/xfrm4_policy.c, David Ahern's changes to remove the
'rt_table_id' member of rtable collided with a bug fix in 'net' that
added a new struct member "rt_mtu_locked" which needs to be copied
over here.

The mlxsw driver conflict consisted of net-next separating
the span code and definitions into separate files, whilst
a 'net' bug fix made some changes to that moved code.

The mlx5 infiniband conflict resolution was quite non-trivial,
the RDMA tree's merge commit was used as a guide here, and
here are their notes:

====================

    Due to bug fixes found by the syzkaller bot and taken into the for-rc
    branch after development for the 4.17 merge window had already started
    being taken into the for-next branch, there were fairly non-trivial
    merge issues that would need to be resolved between the for-rc branch
    and the for-next branch.  This merge resolves those conflicts and
    provides a unified base upon which ongoing development for 4.17 can
    be based.

    Conflicts:
            drivers/infiniband/hw/mlx5/main.c - Commit 42cea83f9524
            (IB/mlx5: Fix cleanup order on unload) added to for-rc and
            commit b5ca15ad7e61 (IB/mlx5: Add proper representors support)
            add as part of the devel cycle both needed to modify the
            init/de-init functions used by mlx5.  To support the new
            representors, the new functions added by the cleanup patch
            needed to be made non-static, and the init/de-init list
            added by the representors patch needed to be modified to
            match the init/de-init list changes made by the cleanup
            patch.
    Updates:
            drivers/infiniband/hw/mlx5/mlx5_ib.h - Update function
            prototypes added by representors patch to reflect new function
            names as changed by cleanup patch
            drivers/infiniband/hw/mlx5/ib_rep.c - Update init/de-init
            stage list to match new order from cleanup patch
====================

Signed-off-by: David S. Miller <davem@davemloft.net>

31 files changed, 512 insertions, 220 deletions

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index eb7f43f23521..0fa71a78ec99 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -2307,7 +2307,7 @@ choice
           it can be used to assist security vulnerability exploitation.
 
           This setting can be changed at boot time via the kernel command
-          line parameter vsyscall=[native|emulate|none].
+          line parameter vsyscall=[emulate|none].
 
           On a system with recent enough glibc (2.14 or newer) and no
           static binaries, you can say None without a performance penalty
@@ -2315,15 +2315,6 @@ choice
 
           If unsure, select "Emulate".
 
-        config LEGACY_VSYSCALL_NATIVE
-                bool "Native"
-                help
-                  Actual executable code is located in the fixed vsyscall
-                  address mapping, implementing time() efficiently. Since
-                  this makes the mapping executable, it can be used during
-                  security vulnerability exploitation (traditionally as
-                  ROP gadgets). This configuration is not recommended.
-
         config LEGACY_VSYSCALL_EMULATE
                 bool "Emulate"
                 help
diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_compat.S
index e811dd9c5e99..08425c42f8b7 100644
--- a/arch/x86/entry/entry_64_compat.S
+++ b/arch/x86/entry/entry_64_compat.S
@@ -363,9 +363,7 @@ ENTRY(entry_INT80_compat)
         pushq   2*8(%rdi)               /* regs->ip */
         pushq   1*8(%rdi)               /* regs->orig_ax */
 
-        movq    (%rdi), %rdi            /* restore %rdi */
-
-        pushq   %rdi                    /* pt_regs->di */
+        pushq   (%rdi)                  /* pt_regs->di */
         pushq   %rsi                    /* pt_regs->si */
         pushq   %rdx                    /* pt_regs->dx */
         pushq   %rcx                    /* pt_regs->cx */
@@ -406,15 +404,3 @@ ENTRY(entry_INT80_compat)
         TRACE_IRQS_ON
         jmp     swapgs_restore_regs_and_return_to_usermode
 END(entry_INT80_compat)
-
-ENTRY(stub32_clone)
-        /*
-         * The 32-bit clone ABI is: clone(..., int tls_val, int *child_tidptr).
-         * The 64-bit clone ABI is: clone(..., int *child_tidptr, int tls_val).
-         *
-         * The native 64-bit kernel's sys_clone() implements the latter,
-         * so we need to swap arguments here before calling it:
-         */
-        xchg    %r8, %rcx
-        jmp     sys_clone
-ENDPROC(stub32_clone)
diff --git a/arch/x86/entry/syscalls/syscall_32.tbl b/arch/x86/entry/syscalls/syscall_32.tbl
index 448ac2161112..2a5e99cff859 100644
--- a/arch/x86/entry/syscalls/syscall_32.tbl
+++ b/arch/x86/entry/syscalls/syscall_32.tbl
@@ -8,12 +8,12 @@
 #
 0       i386    restart_syscall         sys_restart_syscall
 1       i386    exit                    sys_exit
-2       i386    fork                    sys_fork                        sys_fork
+2       i386    fork                    sys_fork
 3       i386    read                    sys_read
 4       i386    write                   sys_write
 5       i386    open                    sys_open                        compat_sys_open
 6       i386    close                   sys_close
-7       i386    waitpid                 sys_waitpid                     sys32_waitpid
+7       i386    waitpid                 sys_waitpid                     compat_sys_x86_waitpid
 8       i386    creat                   sys_creat
 9       i386    link                    sys_link
 10      i386    unlink                  sys_unlink
@@ -78,7 +78,7 @@
 69      i386    ssetmask                sys_ssetmask
 70      i386    setreuid                sys_setreuid16
 71      i386    setregid                sys_setregid16
-72      i386    sigsuspend              sys_sigsuspend                  sys_sigsuspend
+72      i386    sigsuspend              sys_sigsuspend
 73      i386    sigpending              sys_sigpending                  compat_sys_sigpending
 74      i386    sethostname             sys_sethostname
 75      i386    setrlimit               sys_setrlimit                   compat_sys_setrlimit
@@ -96,7 +96,7 @@
 87      i386    swapon                  sys_swapon
 88      i386    reboot                  sys_reboot
 89      i386    readdir                 sys_old_readdir                 compat_sys_old_readdir
-90      i386    mmap                    sys_old_mmap                    sys32_mmap
+90      i386    mmap                    sys_old_mmap                    compat_sys_x86_mmap
 91      i386    munmap                  sys_munmap
 92      i386    truncate                sys_truncate                    compat_sys_truncate
 93      i386    ftruncate               sys_ftruncate                   compat_sys_ftruncate
@@ -126,7 +126,7 @@
 117     i386    ipc                     sys_ipc                         compat_sys_ipc
 118     i386    fsync                   sys_fsync
 119     i386    sigreturn               sys_sigreturn                   sys32_sigreturn
-120     i386    clone                   sys_clone                       stub32_clone
+120     i386    clone                   sys_clone                       compat_sys_x86_clone
 121     i386    setdomainname           sys_setdomainname
 122     i386    uname                   sys_newuname
 123     i386    modify_ldt              sys_modify_ldt
@@ -186,8 +186,8 @@
 177     i386    rt_sigtimedwait         sys_rt_sigtimedwait             compat_sys_rt_sigtimedwait
 178     i386    rt_sigqueueinfo         sys_rt_sigqueueinfo             compat_sys_rt_sigqueueinfo
 179     i386    rt_sigsuspend           sys_rt_sigsuspend
-180     i386    pread64                 sys_pread64                     sys32_pread
-181     i386    pwrite64                sys_pwrite64                    sys32_pwrite
+180     i386    pread64                 sys_pread64                     compat_sys_x86_pread
+181     i386    pwrite64                sys_pwrite64                    compat_sys_x86_pwrite
 182     i386    chown                   sys_chown16
 183     i386    getcwd                  sys_getcwd
 184     i386    capget                  sys_capget
@@ -196,14 +196,14 @@
 187     i386    sendfile                sys_sendfile                    compat_sys_sendfile
 188     i386    getpmsg
 189     i386    putpmsg
-190     i386    vfork                   sys_vfork                       sys_vfork
+190     i386    vfork                   sys_vfork
 191     i386    ugetrlimit              sys_getrlimit                   compat_sys_getrlimit
 192     i386    mmap2                   sys_mmap_pgoff
-193     i386    truncate64              sys_truncate64                  sys32_truncate64
-194     i386    ftruncate64             sys_ftruncate64                 sys32_ftruncate64
-195     i386    stat64                  sys_stat64                      sys32_stat64
-196     i386    lstat64                 sys_lstat64                     sys32_lstat64
-197     i386    fstat64                 sys_fstat64                     sys32_fstat64
+193     i386    truncate64              sys_truncate64                  compat_sys_x86_truncate64
+194     i386    ftruncate64             sys_ftruncate64                 compat_sys_x86_ftruncate64
+195     i386    stat64                  sys_stat64                      compat_sys_x86_stat64
+196     i386    lstat64                 sys_lstat64                     compat_sys_x86_lstat64
+197     i386    fstat64                 sys_fstat64                     compat_sys_x86_fstat64
 198     i386    lchown32                sys_lchown
 199     i386    getuid32                sys_getuid
 200     i386    getgid32                sys_getgid
@@ -231,7 +231,7 @@
 # 222 is unused
 # 223 is unused
 224     i386    gettid                  sys_gettid
-225     i386    readahead               sys_readahead                   sys32_readahead
+225     i386    readahead               sys_readahead                   compat_sys_x86_readahead
 226     i386    setxattr                sys_setxattr
 227     i386    lsetxattr               sys_lsetxattr
 228     i386    fsetxattr               sys_fsetxattr
@@ -256,7 +256,7 @@
 247     i386    io_getevents            sys_io_getevents                compat_sys_io_getevents
 248     i386    io_submit               sys_io_submit                   compat_sys_io_submit
 249     i386    io_cancel               sys_io_cancel
-250     i386    fadvise64               sys_fadvise64                   sys32_fadvise64
+250     i386    fadvise64               sys_fadvise64                   compat_sys_x86_fadvise64
 # 251 is available for reuse (was briefly sys_set_zone_reclaim)
 252     i386    exit_group              sys_exit_group
 253     i386    lookup_dcookie          sys_lookup_dcookie              compat_sys_lookup_dcookie
@@ -278,7 +278,7 @@
 269     i386    fstatfs64               sys_fstatfs64                   compat_sys_fstatfs64
 270     i386    tgkill                  sys_tgkill
 271     i386    utimes                  sys_utimes                      compat_sys_utimes
-272     i386    fadvise64_64            sys_fadvise64_64                sys32_fadvise64_64
+272     i386    fadvise64_64            sys_fadvise64_64                compat_sys_x86_fadvise64_64
 273     i386    vserver
 274     i386    mbind                   sys_mbind
 275     i386    get_mempolicy           sys_get_mempolicy               compat_sys_get_mempolicy
@@ -306,7 +306,7 @@
 297     i386    mknodat                 sys_mknodat
 298     i386    fchownat                sys_fchownat
 299     i386    futimesat               sys_futimesat                   compat_sys_futimesat
-300     i386    fstatat64               sys_fstatat64                   sys32_fstatat
+300     i386    fstatat64               sys_fstatat64                   compat_sys_x86_fstatat
 301     i386    unlinkat                sys_unlinkat
 302     i386    renameat                sys_renameat
 303     i386    linkat                  sys_linkat
@@ -320,7 +320,7 @@
 311     i386    set_robust_list         sys_set_robust_list             compat_sys_set_robust_list
 312     i386    get_robust_list         sys_get_robust_list             compat_sys_get_robust_list
 313     i386    splice                  sys_splice
-314     i386    sync_file_range         sys_sync_file_range             sys32_sync_file_range
+314     i386    sync_file_range         sys_sync_file_range             compat_sys_x86_sync_file_range
 315     i386    tee                     sys_tee
 316     i386    vmsplice                sys_vmsplice                    compat_sys_vmsplice
 317     i386    move_pages              sys_move_pages                  compat_sys_move_pages
@@ -330,7 +330,7 @@
 321     i386    signalfd                sys_signalfd                    compat_sys_signalfd
 322     i386    timerfd_create          sys_timerfd_create
 323     i386    eventfd                 sys_eventfd
-324     i386    fallocate               sys_fallocate                   sys32_fallocate
+324     i386    fallocate               sys_fallocate                   compat_sys_x86_fallocate
 325     i386    timerfd_settime         sys_timerfd_settime             compat_sys_timerfd_settime
 326     i386    timerfd_gettime         sys_timerfd_gettime             compat_sys_timerfd_gettime
 327     i386    signalfd4               sys_signalfd4                   compat_sys_signalfd4
diff --git a/arch/x86/entry/vsyscall/vsyscall_64.c b/arch/x86/entry/vsyscall/vsyscall_64.c
index 577fa8adb785..8560ef68a9d6 100644
--- a/arch/x86/entry/vsyscall/vsyscall_64.c
+++ b/arch/x86/entry/vsyscall/vsyscall_64.c
@@ -42,10 +42,8 @@
 #define CREATE_TRACE_POINTS
 #include "vsyscall_trace.h"
 
-static enum { EMULATE, NATIVE, NONE } vsyscall_mode =
-#if defined(CONFIG_LEGACY_VSYSCALL_NATIVE)
-        NATIVE;
-#elif defined(CONFIG_LEGACY_VSYSCALL_NONE)
+static enum { EMULATE, NONE } vsyscall_mode =
+#ifdef CONFIG_LEGACY_VSYSCALL_NONE
         NONE;
 #else
         EMULATE;
@@ -56,8 +54,6 @@ static int __init vsyscall_setup(char *str)
         if (str) {
                 if (!strcmp("emulate", str))
                         vsyscall_mode = EMULATE;
-                else if (!strcmp("native", str))
-                        vsyscall_mode = NATIVE;
                 else if (!strcmp("none", str))
                         vsyscall_mode = NONE;
                 else
@@ -139,10 +135,6 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address)
 
         WARN_ON_ONCE(address != regs->ip);
 
-        /* This should be unreachable in NATIVE mode. */
-        if (WARN_ON(vsyscall_mode == NATIVE))
-                return false;
-
         if (vsyscall_mode == NONE) {
                 warn_bad_vsyscall(KERN_INFO, regs,
                                   "vsyscall attempted with vsyscall=none");
@@ -370,9 +362,7 @@ void __init map_vsyscall(void)
 
         if (vsyscall_mode != NONE) {
                 __set_fixmap(VSYSCALL_PAGE, physaddr_vsyscall,
-                             vsyscall_mode == NATIVE
-                             ? PAGE_KERNEL_VSYSCALL
-                             : PAGE_KERNEL_VVAR);
+                             PAGE_KERNEL_VVAR);
                 set_vsyscall_pgtable_user_bits(swapper_pg_dir);
         }
 
diff --git a/arch/x86/events/intel/uncore_snbep.c b/arch/x86/events/intel/uncore_snbep.c
index 6d8044ab1060..22ec65bc033a 100644
--- a/arch/x86/events/intel/uncore_snbep.c
+++ b/arch/x86/events/intel/uncore_snbep.c
@@ -3606,7 +3606,7 @@ static struct intel_uncore_type skx_uncore_imc = {
 };
 
 static struct attribute *skx_upi_uncore_formats_attr[] = {
-        &format_attr_event_ext.attr,
+        &format_attr_event.attr,
         &format_attr_umask_ext.attr,
         &format_attr_edge.attr,
         &format_attr_inv.attr,
diff --git a/arch/x86/ia32/sys_ia32.c b/arch/x86/ia32/sys_ia32.c
index 96cd33bbfc85..6512498bbef6 100644
--- a/arch/x86/ia32/sys_ia32.c
+++ b/arch/x86/ia32/sys_ia32.c
@@ -51,15 +51,14 @@
 #define AA(__x)         ((unsigned long)(__x))
 
 
-asmlinkage long sys32_truncate64(const char __user *filename,
-                                 unsigned long offset_low,
-                                 unsigned long offset_high)
+COMPAT_SYSCALL_DEFINE3(x86_truncate64, const char __user *, filename,
+                       unsigned long, offset_low, unsigned long, offset_high)
 {
        return sys_truncate(filename, ((loff_t) offset_high << 32) | offset_low);
 }
 
-asmlinkage long sys32_ftruncate64(unsigned int fd, unsigned long offset_low,
-                                  unsigned long offset_high)
+COMPAT_SYSCALL_DEFINE3(x86_ftruncate64, unsigned int, fd,
+                       unsigned long, offset_low, unsigned long, offset_high)
 {
        return sys_ftruncate(fd, ((loff_t) offset_high << 32) | offset_low);
 }
@@ -96,8 +95,8 @@ static int cp_stat64(struct stat64 __user *ubuf, struct kstat *stat)
         return 0;
 }
 
-asmlinkage long sys32_stat64(const char __user *filename,
-                             struct stat64 __user *statbuf)
+COMPAT_SYSCALL_DEFINE2(x86_stat64, const char __user *, filename,
+                       struct stat64 __user *, statbuf)
 {
         struct kstat stat;
         int ret = vfs_stat(filename, &stat);
@@ -107,8 +106,8 @@ asmlinkage long sys32_stat64(const char __user *filename,
         return ret;
 }
 
-asmlinkage long sys32_lstat64(const char __user *filename,
-                              struct stat64 __user *statbuf)
+COMPAT_SYSCALL_DEFINE2(x86_lstat64, const char __user *, filename,
+                       struct stat64 __user *, statbuf)
 {
         struct kstat stat;
         int ret = vfs_lstat(filename, &stat);
@@ -117,7 +116,8 @@ asmlinkage long sys32_lstat64(const char __user *filename,
         return ret;
 }
 
-asmlinkage long sys32_fstat64(unsigned int fd, struct stat64 __user *statbuf)
+COMPAT_SYSCALL_DEFINE2(x86_fstat64, unsigned int, fd,
+                       struct stat64 __user *, statbuf)
 {
         struct kstat stat;
         int ret = vfs_fstat(fd, &stat);
@@ -126,8 +126,9 @@ asmlinkage long sys32_fstat64(unsigned int fd, struct stat64 __user *statbuf)
         return ret;
 }
 
-asmlinkage long sys32_fstatat(unsigned int dfd, const char __user *filename,
-                              struct stat64 __user *statbuf, int flag)
+COMPAT_SYSCALL_DEFINE4(x86_fstatat, unsigned int, dfd,
+                       const char __user *, filename,
+                       struct stat64 __user *, statbuf, int, flag)
 {
         struct kstat stat;
         int error;
@@ -153,7 +154,7 @@ struct mmap_arg_struct32 {
         unsigned int offset;
 };
 
-asmlinkage long sys32_mmap(struct mmap_arg_struct32 __user *arg)
+COMPAT_SYSCALL_DEFINE1(x86_mmap, struct mmap_arg_struct32 __user *, arg)
 {
         struct mmap_arg_struct32 a;
 
@@ -167,22 +168,22 @@ asmlinkage long sys32_mmap(struct mmap_arg_struct32 __user *arg)
                                a.offset>>PAGE_SHIFT);
 }
 
-asmlinkage long sys32_waitpid(compat_pid_t pid, unsigned int __user *stat_addr,
-                              int options)
+COMPAT_SYSCALL_DEFINE3(x86_waitpid, compat_pid_t, pid, unsigned int __user *,
+                       stat_addr, int, options)
 {
         return compat_sys_wait4(pid, stat_addr, options, NULL);
 }
 
 /* warning: next two assume little endian */
-asmlinkage long sys32_pread(unsigned int fd, char __user *ubuf, u32 count,
-                            u32 poslo, u32 poshi)
+COMPAT_SYSCALL_DEFINE5(x86_pread, unsigned int, fd, char __user *, ubuf,
+                       u32, count, u32, poslo, u32, poshi)
 {
         return sys_pread64(fd, ubuf, count,
                          ((loff_t)AA(poshi) << 32) | AA(poslo));
 }
 
-asmlinkage long sys32_pwrite(unsigned int fd, const char __user *ubuf,
-                             u32 count, u32 poslo, u32 poshi)
+COMPAT_SYSCALL_DEFINE5(x86_pwrite, unsigned int, fd, const char __user *, ubuf,
+                       u32, count, u32, poslo, u32, poshi)
 {
         return sys_pwrite64(fd, ubuf, count,
                           ((loff_t)AA(poshi) << 32) | AA(poslo));
@@ -193,8 +194,9 @@ asmlinkage long sys32_pwrite(unsigned int fd, const char __user *ubuf,
  * Some system calls that need sign extended arguments. This could be
  * done by a generic wrapper.
  */
-long sys32_fadvise64_64(int fd, __u32 offset_low, __u32 offset_high,
-                        __u32 len_low, __u32 len_high, int advice)
+COMPAT_SYSCALL_DEFINE6(x86_fadvise64_64, int, fd, __u32, offset_low,
+                       __u32, offset_high, __u32, len_low, __u32, len_high,
+                       int, advice)
 {
         return sys_fadvise64_64(fd,
                                (((u64)offset_high)<<32) | offset_low,
@@ -202,31 +204,43 @@ long sys32_fadvise64_64(int fd, __u32 offset_low, __u32 offset_high,
                                 advice);
 }
 
-asmlinkage ssize_t sys32_readahead(int fd, unsigned off_lo, unsigned off_hi,
-                                   size_t count)
+COMPAT_SYSCALL_DEFINE4(x86_readahead, int, fd, unsigned int, off_lo,
+                       unsigned int, off_hi, size_t, count)
 {
         return sys_readahead(fd, ((u64)off_hi << 32) | off_lo, count);
 }
 
-asmlinkage long sys32_sync_file_range(int fd, unsigned off_low, unsigned off_hi,
-                                      unsigned n_low, unsigned n_hi,  int flags)
+COMPAT_SYSCALL_DEFINE6(x86_sync_file_range, int, fd, unsigned int, off_low,
+                       unsigned int, off_hi, unsigned int, n_low,
+                       unsigned int, n_hi, int, flags)
 {
         return sys_sync_file_range(fd,
                                    ((u64)off_hi << 32) | off_low,
                                    ((u64)n_hi << 32) | n_low, flags);
 }
 
-asmlinkage long sys32_fadvise64(int fd, unsigned offset_lo, unsigned offset_hi,
-                                size_t len, int advice)
+COMPAT_SYSCALL_DEFINE5(x86_fadvise64, int, fd, unsigned int, offset_lo,
+                       unsigned int, offset_hi, size_t, len, int, advice)
 {
         return sys_fadvise64_64(fd, ((u64)offset_hi << 32) | offset_lo,
                                 len, advice);
 }
 
-asmlinkage long sys32_fallocate(int fd, int mode, unsigned offset_lo,
-                                unsigned offset_hi, unsigned len_lo,
-                                unsigned len_hi)
+COMPAT_SYSCALL_DEFINE6(x86_fallocate, int, fd, int, mode,
+                       unsigned int, offset_lo, unsigned int, offset_hi,
+                       unsigned int, len_lo, unsigned int, len_hi)
 {
         return sys_fallocate(fd, mode, ((u64)offset_hi << 32) | offset_lo,
                              ((u64)len_hi << 32) | len_lo);
 }
+
+/*
+ * The 32-bit clone ABI is CONFIG_CLONE_BACKWARDS
+ */
+COMPAT_SYSCALL_DEFINE5(x86_clone, unsigned long, clone_flags,
+                       unsigned long, newsp, int __user *, parent_tidptr,
+                       unsigned long, tls_val, int __user *, child_tidptr)
+{
+        return sys_clone(clone_flags, newsp, parent_tidptr, child_tidptr,
+                        tls_val);
+}
diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index f41079da38c5..d554c11e01ff 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -316,6 +316,7 @@
 #define X86_FEATURE_VPCLMULQDQ          (16*32+10) /* Carry-Less Multiplication Double Quadword */
 #define X86_FEATURE_AVX512_VNNI         (16*32+11) /* Vector Neural Network Instructions */
 #define X86_FEATURE_AVX512_BITALG       (16*32+12) /* Support for VPOPCNT[B,W] and VPSHUF-BITQMB instructions */
+#define X86_FEATURE_TME                 (16*32+13) /* Intel Total Memory Encryption */
 #define X86_FEATURE_AVX512_VPOPCNTDQ    (16*32+14) /* POPCNT for vectors of DW/QW */
 #define X86_FEATURE_LA57                (16*32+16) /* 5-level page tables */
 #define X86_FEATURE_RDPID               (16*32+22) /* RDPID instruction */
@@ -328,6 +329,7 @@
 /* Intel-defined CPU features, CPUID level 0x00000007:0 (EDX), word 18 */
 #define X86_FEATURE_AVX512_4VNNIW       (18*32+ 2) /* AVX-512 Neural Network Instructions */
 #define X86_FEATURE_AVX512_4FMAPS       (18*32+ 3) /* AVX-512 Multiply Accumulation Single precision */
+#define X86_FEATURE_PCONFIG             (18*32+18) /* Intel PCONFIG */
 #define X86_FEATURE_SPEC_CTRL           (18*32+26) /* "" Speculation Control (IBRS + IBPB) */
 #define X86_FEATURE_INTEL_STIBP         (18*32+27) /* "" Single Thread Indirect Branch Predictors */
 #define X86_FEATURE_ARCH_CAPABILITIES   (18*32+29) /* IA32_ARCH_CAPABILITIES MSR (Intel) */
diff --git a/arch/x86/include/asm/microcode.h b/arch/x86/include/asm/microcode.h
index 7fb1047d61c7..6cf0e4cb7b97 100644
--- a/arch/x86/include/asm/microcode.h
+++ b/arch/x86/include/asm/microcode.h
@@ -39,6 +39,7 @@ struct device;
 
 enum ucode_state {
         UCODE_OK        = 0,
+        UCODE_NEW,
         UCODE_UPDATED,
         UCODE_NFOUND,
         UCODE_ERROR,
diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
index d0dabeae0505..f928ad9b143f 100644
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -183,7 +183,10 @@
  * otherwise we'll run out of registers. We don't care about CET
  * here, anyway.
  */
-# define CALL_NOSPEC ALTERNATIVE("call *%[thunk_target]\n",     \
+# define CALL_NOSPEC                                            \
+        ALTERNATIVE(                                            \
+        ANNOTATE_RETPOLINE_SAFE                                 \
+        "call *%[thunk_target]\n",                              \
         "       jmp    904f;\n"                                 \
         "       .align 16\n"                                    \
         "901:   call   903f;\n"                                 \
diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h
index 246f15b4e64c..acfe755562a6 100644
--- a/arch/x86/include/asm/pgtable_types.h
+++ b/arch/x86/include/asm/pgtable_types.h
@@ -174,7 +174,6 @@ enum page_cache_mode {
 #define __PAGE_KERNEL_RO                (__PAGE_KERNEL & ~_PAGE_RW)
 #define __PAGE_KERNEL_RX                (__PAGE_KERNEL_EXEC & ~_PAGE_RW)
 #define __PAGE_KERNEL_NOCACHE           (__PAGE_KERNEL | _PAGE_NOCACHE)
-#define __PAGE_KERNEL_VSYSCALL          (__PAGE_KERNEL_RX | _PAGE_USER)
 #define __PAGE_KERNEL_VVAR              (__PAGE_KERNEL_RO | _PAGE_USER)
 #define __PAGE_KERNEL_LARGE             (__PAGE_KERNEL | _PAGE_PSE)
 #define __PAGE_KERNEL_LARGE_EXEC        (__PAGE_KERNEL_EXEC | _PAGE_PSE)
@@ -206,7 +205,6 @@ enum page_cache_mode {
 #define PAGE_KERNEL_NOCACHE     __pgprot(__PAGE_KERNEL_NOCACHE | _PAGE_ENC)
 #define PAGE_KERNEL_LARGE       __pgprot(__PAGE_KERNEL_LARGE | _PAGE_ENC)
 #define PAGE_KERNEL_LARGE_EXEC  __pgprot(__PAGE_KERNEL_LARGE_EXEC | _PAGE_ENC)
-#define PAGE_KERNEL_VSYSCALL    __pgprot(__PAGE_KERNEL_VSYSCALL | _PAGE_ENC)
 #define PAGE_KERNEL_VVAR        __pgprot(__PAGE_KERNEL_VVAR | _PAGE_ENC)
 
 #define PAGE_KERNEL_IO          __pgprot(__PAGE_KERNEL_IO)
diff --git a/arch/x86/include/asm/sections.h b/arch/x86/include/asm/sections.h
index d6baf23782bc..5c019d23d06b 100644
--- a/arch/x86/include/asm/sections.h
+++ b/arch/x86/include/asm/sections.h
@@ -10,6 +10,7 @@ extern struct exception_table_entry __stop___ex_table[];
 
 #if defined(CONFIG_X86_64)
 extern char __end_rodata_hpage_align[];
+extern char __entry_trampoline_start[], __entry_trampoline_end[];
 #endif
 
 #endif  /* _ASM_X86_SECTIONS_H */
diff --git a/arch/x86/include/asm/sys_ia32.h b/arch/x86/include/asm/sys_ia32.h
index 82c34ee25a65..906794aa034e 100644
--- a/arch/x86/include/asm/sys_ia32.h
+++ b/arch/x86/include/asm/sys_ia32.h
@@ -20,31 +20,43 @@
 #include <asm/ia32.h>
 
 /* ia32/sys_ia32.c */
-asmlinkage long sys32_truncate64(const char __user *, unsigned long, unsigned long);
-asmlinkage long sys32_ftruncate64(unsigned int, unsigned long, unsigned long);
+asmlinkage long compat_sys_x86_truncate64(const char __user *, unsigned long,
+                                          unsigned long);
+asmlinkage long compat_sys_x86_ftruncate64(unsigned int, unsigned long,
+                                           unsigned long);
 
-asmlinkage long sys32_stat64(const char __user *, struct stat64 __user *);
-asmlinkage long sys32_lstat64(const char __user *, struct stat64 __user *);
-asmlinkage long sys32_fstat64(unsigned int, struct stat64 __user *);
-asmlinkage long sys32_fstatat(unsigned int, const char __user *,
+asmlinkage long compat_sys_x86_stat64(const char __user *,
+                                      struct stat64 __user *);
+asmlinkage long compat_sys_x86_lstat64(const char __user *,
+                                       struct stat64 __user *);
+asmlinkage long compat_sys_x86_fstat64(unsigned int, struct stat64 __user *);
+asmlinkage long compat_sys_x86_fstatat(unsigned int, const char __user *,
                               struct stat64 __user *, int);
 struct mmap_arg_struct32;
-asmlinkage long sys32_mmap(struct mmap_arg_struct32 __user *);
+asmlinkage long compat_sys_x86_mmap(struct mmap_arg_struct32 __user *);
 
-asmlinkage long sys32_waitpid(compat_pid_t, unsigned int __user *, int);
+asmlinkage long compat_sys_x86_waitpid(compat_pid_t, unsigned int __user *,
+                                       int);
 
-asmlinkage long sys32_pread(unsigned int, char __user *, u32, u32, u32);
-asmlinkage long sys32_pwrite(unsigned int, const char __user *, u32, u32, u32);
+asmlinkage long compat_sys_x86_pread(unsigned int, char __user *, u32, u32,
+                                     u32);
+asmlinkage long compat_sys_x86_pwrite(unsigned int, const char __user *, u32,
+                                      u32, u32);
 
-long sys32_fadvise64_64(int, __u32, __u32, __u32, __u32, int);
-long sys32_vm86_warning(void);
+asmlinkage long compat_sys_x86_fadvise64_64(int, __u32, __u32, __u32, __u32,
+                                            int);
 
-asmlinkage ssize_t sys32_readahead(int, unsigned, unsigned, size_t);
-asmlinkage long sys32_sync_file_range(int, unsigned, unsigned,
-                                      unsigned, unsigned, int);
-asmlinkage long sys32_fadvise64(int, unsigned, unsigned, size_t, int);
-asmlinkage long sys32_fallocate(int, int, unsigned,
-                                unsigned, unsigned, unsigned);
+asmlinkage ssize_t compat_sys_x86_readahead(int, unsigned int, unsigned int,
+                                            size_t);
+asmlinkage long compat_sys_x86_sync_file_range(int, unsigned int, unsigned int,
+                                               unsigned int, unsigned int,
+                                               int);
+asmlinkage long compat_sys_x86_fadvise64(int, unsigned int, unsigned int,
+                                         size_t, int);
+asmlinkage long compat_sys_x86_fallocate(int, int, unsigned int, unsigned int,
+                                         unsigned int, unsigned int);
+asmlinkage long compat_sys_x86_clone(unsigned long, unsigned long, int __user *,
+                                     unsigned long, int __user *);
 
 /* ia32/ia32_signal.c */
 asmlinkage long sys32_sigreturn(void);
diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
index 8b6780751132..5db8b0b10766 100644
--- a/arch/x86/include/asm/vmx.h
+++ b/arch/x86/include/asm/vmx.h
@@ -352,6 +352,7 @@ enum vmcs_field {
 #define INTR_TYPE_NMI_INTR              (2 << 8) /* NMI */
 #define INTR_TYPE_HARD_EXCEPTION        (3 << 8) /* processor exception */
 #define INTR_TYPE_SOFT_INTR             (4 << 8) /* software interrupt */
+#define INTR_TYPE_PRIV_SW_EXCEPTION     (5 << 8) /* ICE breakpoint - undocumented */
 #define INTR_TYPE_SOFT_EXCEPTION        (6 << 8) /* software exception */
 
 /* GUEST_INTERRUPTIBILITY_INFO flags. */
diff --git a/arch/x86/include/uapi/asm/mce.h b/arch/x86/include/uapi/asm/mce.h
index 91723461dc1f..435db58a7bad 100644
--- a/arch/x86/include/uapi/asm/mce.h
+++ b/arch/x86/include/uapi/asm/mce.h
@@ -30,6 +30,7 @@ struct mce {
         __u64 synd;     /* MCA_SYND MSR: only valid on SMCA systems */
         __u64 ipid;     /* MCA_IPID MSR: only valid on SMCA systems */
         __u64 ppin;     /* Protected Processor Inventory Number */
+        __u32 microcode;/* Microcode revision */
 };
 
 #define MCE_GET_RECORD_LEN   _IOR('M', 1, int)
diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index d19e903214b4..c3af167d0a70 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -105,7 +105,7 @@ static void probe_xeon_phi_r3mwait(struct cpuinfo_x86 *c)
 /*
  * Early microcode releases for the Spectre v2 mitigation were broken.
  * Information taken from;
- * - https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/microcode-update-guidance.pdf
+ * - https://newsroom.intel.com/wp-content/uploads/sites/11/2018/03/microcode-update-guidance.pdf
  * - https://kb.vmware.com/s/article/52345
  * - Microcode revisions observed in the wild
  * - Release note from 20180108 microcode release
@@ -123,7 +123,6 @@ static const struct sku_microcode spectre_bad_microcodes[] = {
         { INTEL_FAM6_KABYLAKE_MOBILE,   0x09,   0x80 },
         { INTEL_FAM6_SKYLAKE_X,         0x03,   0x0100013e },
         { INTEL_FAM6_SKYLAKE_X,         0x04,   0x0200003c },
-        { INTEL_FAM6_SKYLAKE_DESKTOP,   0x03,   0xc2 },
         { INTEL_FAM6_BROADWELL_CORE,    0x04,   0x28 },
         { INTEL_FAM6_BROADWELL_GT3E,    0x01,   0x1b },
         { INTEL_FAM6_BROADWELL_XEON_D,  0x02,   0x14 },
@@ -144,6 +143,13 @@ static bool bad_spectre_microcode(struct cpuinfo_x86 *c)
 {
         int i;
 
+        /*
+         * We know that the hypervisor lie to us on the microcode version so
+         * we may as well hope that it is running the correct version.
+         */
+        if (cpu_has(c, X86_FEATURE_HYPERVISOR))
+                return false;
+
         for (i = 0; i < ARRAY_SIZE(spectre_bad_microcodes); i++) {
                 if (c->x86_model == spectre_bad_microcodes[i].model &&
                     c->x86_stepping == spectre_bad_microcodes[i].stepping)
diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c
index 8ff94d1e2dce..466f47301334 100644
--- a/arch/x86/kernel/cpu/mcheck/mce.c
+++ b/arch/x86/kernel/cpu/mcheck/mce.c
@@ -56,6 +56,9 @@
 
 static DEFINE_MUTEX(mce_log_mutex);
 
+/* sysfs synchronization */
+static DEFINE_MUTEX(mce_sysfs_mutex);
+
 #define CREATE_TRACE_POINTS
 #include <trace/events/mce.h>
 
@@ -130,6 +133,8 @@ void mce_setup(struct mce *m)
 
         if (this_cpu_has(X86_FEATURE_INTEL_PPIN))
                 rdmsrl(MSR_PPIN, m->ppin);
+
+        m->microcode = boot_cpu_data.microcode;
 }
 
 DEFINE_PER_CPU(struct mce, injectm);
@@ -262,7 +267,7 @@ static void __print_mce(struct mce *m)
          */
         pr_emerg(HW_ERR "PROCESSOR %u:%x TIME %llu SOCKET %u APIC %x microcode %x\n",
                 m->cpuvendor, m->cpuid, m->time, m->socketid, m->apicid,
-                cpu_data(m->extcpu).microcode);
+                m->microcode);
 }
 
 static void print_mce(struct mce *m)
@@ -2086,6 +2091,7 @@ static ssize_t set_ignore_ce(struct device *s,
         if (kstrtou64(buf, 0, &new) < 0)
                 return -EINVAL;
 
+        mutex_lock(&mce_sysfs_mutex);
         if (mca_cfg.ignore_ce ^ !!new) {
                 if (new) {
                         /* disable ce features */
@@ -2098,6 +2104,8 @@ static ssize_t set_ignore_ce(struct device *s,
                         on_each_cpu(mce_enable_ce, (void *)1, 1);
                 }
         }
+        mutex_unlock(&mce_sysfs_mutex);
+
         return size;
 }
 
@@ -2110,6 +2118,7 @@ static ssize_t set_cmci_disabled(struct device *s,
         if (kstrtou64(buf, 0, &new) < 0)
                 return -EINVAL;
 
+        mutex_lock(&mce_sysfs_mutex);
         if (mca_cfg.cmci_disabled ^ !!new) {
                 if (new) {
                         /* disable cmci */
@@ -2121,6 +2130,8 @@ static ssize_t set_cmci_disabled(struct device *s,
                         on_each_cpu(mce_enable_ce, NULL, 1);
                 }
         }
+        mutex_unlock(&mce_sysfs_mutex);
+
         return size;
 }
 
@@ -2128,8 +2139,19 @@ static ssize_t store_int_with_restart(struct device *s,
                                       struct device_attribute *attr,
                                       const char *buf, size_t size)
 {
-        ssize_t ret = device_store_int(s, attr, buf, size);
+        unsigned long old_check_interval = check_interval;
+        ssize_t ret = device_store_ulong(s, attr, buf, size);
+
+        if (check_interval == old_check_interval)
+                return ret;
+
+        if (check_interval < 1)
+                check_interval = 1;
+
+        mutex_lock(&mce_sysfs_mutex);
         mce_restart();
+        mutex_unlock(&mce_sysfs_mutex);
+
         return ret;
 }
 
diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c
index a998e1a7d46f..48179928ff38 100644
--- a/arch/x86/kernel/cpu/microcode/amd.c
+++ b/arch/x86/kernel/cpu/microcode/amd.c
@@ -339,7 +339,7 @@ int __init save_microcode_in_initrd_amd(unsigned int cpuid_1_eax)
                 return -EINVAL;
 
         ret = load_microcode_amd(true, x86_family(cpuid_1_eax), desc.data, desc.size);
-        if (ret != UCODE_OK)
+        if (ret > UCODE_UPDATED)
                 return -EINVAL;
 
         return 0;
@@ -683,27 +683,35 @@ static enum ucode_state __load_microcode_amd(u8 family, const u8 *data,
 static enum ucode_state
 load_microcode_amd(bool save, u8 family, const u8 *data, size_t size)
 {
+        struct ucode_patch *p;
         enum ucode_state ret;
 
         /* free old equiv table */
         free_equiv_cpu_table();
 
         ret = __load_microcode_amd(family, data, size);
-
-        if (ret != UCODE_OK)
+        if (ret != UCODE_OK) {
                 cleanup();
+                return ret;
+        }
 
-#ifdef CONFIG_X86_32
-        /* save BSP's matching patch for early load */
-        if (save) {
-                struct ucode_patch *p = find_patch(0);
-                if (p) {
-                        memset(amd_ucode_patch, 0, PATCH_MAX_SIZE);
-                        memcpy(amd_ucode_patch, p->data, min_t(u32, ksize(p->data),
-                                                               PATCH_MAX_SIZE));
-                }
+        p = find_patch(0);
+        if (!p) {
+                return ret;
+        } else {
+                if (boot_cpu_data.microcode == p->patch_id)
+                        return ret;
+
+                ret = UCODE_NEW;
         }
-#endif
+
+        /* save BSP's matching patch for early load */
+        if (!save)
+                return ret;
+
+        memset(amd_ucode_patch, 0, PATCH_MAX_SIZE);
+        memcpy(amd_ucode_patch, p->data, min_t(u32, ksize(p->data), PATCH_MAX_SIZE));
+
         return ret;
 }
 
diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c
index aa1b9a422f2b..10c4fc2c91f8 100644
--- a/arch/x86/kernel/cpu/microcode/core.c
+++ b/arch/x86/kernel/cpu/microcode/core.c
@@ -22,13 +22,16 @@
 #define pr_fmt(fmt) "microcode: " fmt
 
 #include <linux/platform_device.h>
+#include <linux/stop_machine.h>
 #include <linux/syscore_ops.h>
 #include <linux/miscdevice.h>
 #include <linux/capability.h>
 #include <linux/firmware.h>
 #include <linux/kernel.h>
+#include <linux/delay.h>
 #include <linux/mutex.h>
 #include <linux/cpu.h>
+#include <linux/nmi.h>
 #include <linux/fs.h>
 #include <linux/mm.h>
 
@@ -64,6 +67,11 @@ LIST_HEAD(microcode_cache);
  */
 static DEFINE_MUTEX(microcode_mutex);
 
+/*
+ * Serialize late loading so that CPUs get updated one-by-one.
+ */
+static DEFINE_SPINLOCK(update_lock);
+
 struct ucode_cpu_info           ucode_cpu_info[NR_CPUS];
 
 struct cpu_info_ctx {
@@ -373,26 +381,23 @@ static int collect_cpu_info(int cpu)
         return ret;
 }
 
-struct apply_microcode_ctx {
-        enum ucode_state err;
-};
-
 static void apply_microcode_local(void *arg)
 {
-        struct apply_microcode_ctx *ctx = arg;
+        enum ucode_state *err = arg;
 
-        ctx->err = microcode_ops->apply_microcode(smp_processor_id());
+        *err = microcode_ops->apply_microcode(smp_processor_id());
 }
 
 static int apply_microcode_on_target(int cpu)
 {
-        struct apply_microcode_ctx ctx = { .err = 0 };
+        enum ucode_state err;
         int ret;
 
-        ret = smp_call_function_single(cpu, apply_microcode_local, &ctx, 1);
-        if (!ret)
-                ret = ctx.err;
-
+        ret = smp_call_function_single(cpu, apply_microcode_local, &err, 1);
+        if (!ret) {
+                if (err == UCODE_ERROR)
+                        ret = 1;
+        }
         return ret;
 }
 
@@ -489,19 +494,114 @@ static void __exit microcode_dev_exit(void)
 /* fake device for request_firmware */
 static struct platform_device   *microcode_pdev;
 
-static enum ucode_state reload_for_cpu(int cpu)
+/*
+ * Late loading dance. Why the heavy-handed stomp_machine effort?
+ *
+ * - HT siblings must be idle and not execute other code while the other sibling
+ *   is loading microcode in order to avoid any negative interactions caused by
+ *   the loading.
+ *
+ * - In addition, microcode update on the cores must be serialized until this
+ *   requirement can be relaxed in the future. Right now, this is conservative
+ *   and good.
+ */
+#define SPINUNIT 100 /* 100 nsec */
+
+static int check_online_cpus(void)
 {
-        struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
-        enum ucode_state ustate;
+        if (num_online_cpus() == num_present_cpus())
+                return 0;
 
-        if (!uci->valid)
-                return UCODE_OK;
+        pr_err("Not all CPUs online, aborting microcode update.\n");
+
+        return -EINVAL;
+}
+
+static atomic_t late_cpus_in;
+static atomic_t late_cpus_out;
+
+static int __wait_for_cpus(atomic_t *t, long long timeout)
+{
+        int all_cpus = num_online_cpus();
+
+        atomic_inc(t);
 
-        ustate = microcode_ops->request_microcode_fw(cpu, &microcode_pdev->dev, true);
-        if (ustate != UCODE_OK)
-                return ustate;
+        while (atomic_read(t) < all_cpus) {
+                if (timeout < SPINUNIT) {
+                        pr_err("Timeout while waiting for CPUs rendezvous, remaining: %d\n",
+                                all_cpus - atomic_read(t));
+                        return 1;
+                }
 
-        return apply_microcode_on_target(cpu);
+                ndelay(SPINUNIT);
+                timeout -= SPINUNIT;
+
+                touch_nmi_watchdog();
+        }
+        return 0;
+}
+
+/*
+ * Returns:
+ * < 0 - on error
+ *   0 - no update done
+ *   1 - microcode was updated
+ */
+static int __reload_late(void *info)
+{
+        int cpu = smp_processor_id();
+        enum ucode_state err;
+        int ret = 0;
+
+        /*
+         * Wait for all CPUs to arrive. A load will not be attempted unless all
+         * CPUs show up.
+         * */
+        if (__wait_for_cpus(&late_cpus_in, NSEC_PER_SEC))
+                return -1;
+
+        spin_lock(&update_lock);
+        apply_microcode_local(&err);
+        spin_unlock(&update_lock);
+
+        if (err > UCODE_NFOUND) {
+                pr_warn("Error reloading microcode on CPU %d\n", cpu);
+                return -1;
+        /* siblings return UCODE_OK because their engine got updated already */
+        } else if (err == UCODE_UPDATED || err == UCODE_OK) {
+                ret = 1;
+        } else {
+                return ret;
+        }
+
+        /*
+         * Increase the wait timeout to a safe value here since we're
+         * serializing the microcode update and that could take a while on a
+         * large number of CPUs. And that is fine as the *actual* timeout will
+         * be determined by the last CPU finished updating and thus cut short.
+         */
+        if (__wait_for_cpus(&late_cpus_out, NSEC_PER_SEC * num_online_cpus()))
+                panic("Timeout during microcode update!\n");
+
+        return ret;
+}
+
+/*
+ * Reload microcode late on all CPUs. Wait for a sec until they
+ * all gather together.
+ */
+static int microcode_reload_late(void)
+{
+        int ret;
+
+        atomic_set(&late_cpus_in,  0);
+        atomic_set(&late_cpus_out, 0);
+
+        ret = stop_machine_cpuslocked(__reload_late, NULL, cpu_online_mask);
+        if (ret > 0)
+                microcode_check();
+
+        return ret;
 }
 
 static ssize_t reload_store(struct device *dev,
@@ -509,10 +609,9 @@ static ssize_t reload_store(struct device *dev,
                             const char *buf, size_t size)
 {
         enum ucode_state tmp_ret = UCODE_OK;
-        bool do_callback = false;
+        int bsp = boot_cpu_data.cpu_index;
         unsigned long val;
         ssize_t ret = 0;
-        int cpu;
 
         ret = kstrtoul(buf, 0, &val);
         if (ret)
@@ -521,29 +620,24 @@ static ssize_t reload_store(struct device *dev,
         if (val != 1)
                 return size;
 
-        get_online_cpus();
-        mutex_lock(&microcode_mutex);
-        for_each_online_cpu(cpu) {
-                tmp_ret = reload_for_cpu(cpu);
-                if (tmp_ret > UCODE_NFOUND) {
-                        pr_warn("Error reloading microcode on CPU %d\n", cpu);
-
-                        /* set retval for the first encountered reload error */
-                        if (!ret)
-                                ret = -EINVAL;
-                }
+        tmp_ret = microcode_ops->request_microcode_fw(bsp, &microcode_pdev->dev, true);
+        if (tmp_ret != UCODE_NEW)
+                return size;
 
-                if (tmp_ret == UCODE_UPDATED)
-                        do_callback = true;
-        }
+        get_online_cpus();
 
-        if (!ret && do_callback)
-                microcode_check();
+        ret = check_online_cpus();
+        if (ret)
+                goto put;
 
+        mutex_lock(&microcode_mutex);
+        ret = microcode_reload_late();
         mutex_unlock(&microcode_mutex);
+
+put:
         put_online_cpus();
 
-        if (!ret)
+        if (ret >= 0)
                 ret = size;
 
         return ret;
@@ -611,10 +705,8 @@ static enum ucode_state microcode_init_cpu(int cpu, bool refresh_fw)
         if (system_state != SYSTEM_RUNNING)
                 return UCODE_NFOUND;
 
-        ustate = microcode_ops->request_microcode_fw(cpu, &microcode_pdev->dev,
-                                                     refresh_fw);
-
-        if (ustate == UCODE_OK) {
+        ustate = microcode_ops->request_microcode_fw(cpu, &microcode_pdev->dev, refresh_fw);
+        if (ustate == UCODE_NEW) {
                 pr_debug("CPU%d updated upon init\n", cpu);
                 apply_microcode_on_target(cpu);
         }
diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c
index 923054a6b760..32b8e5724f96 100644
--- a/arch/x86/kernel/cpu/microcode/intel.c
+++ b/arch/x86/kernel/cpu/microcode/intel.c
@@ -589,6 +589,23 @@ static int apply_microcode_early(struct ucode_cpu_info *uci, bool early)
         if (!mc)
                 return 0;
 
+        /*
+         * Save us the MSR write below - which is a particular expensive
+         * operation - when the other hyperthread has updated the microcode
+         * already.
+         */
+        rev = intel_get_microcode_revision();
+        if (rev >= mc->hdr.rev) {
+                uci->cpu_sig.rev = rev;
+                return UCODE_OK;
+        }
+
+        /*
+         * Writeback and invalidate caches before updating microcode to avoid
+         * internal issues depending on what the microcode is updating.
+         */
+        native_wbinvd();
+
         /* write microcode via MSR 0x79 */
         native_wrmsrl(MSR_IA32_UCODE_WRITE, (unsigned long)mc->bits);
 
@@ -774,9 +791,9 @@ static int collect_cpu_info(int cpu_num, struct cpu_signature *csig)
 
 static enum ucode_state apply_microcode_intel(int cpu)
 {
+        struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
+        struct cpuinfo_x86 *c = &cpu_data(cpu);
         struct microcode_intel *mc;
-        struct ucode_cpu_info *uci;
-        struct cpuinfo_x86 *c;
         static int prev_rev;
         u32 rev;
 
@@ -784,15 +801,32 @@ static enum ucode_state apply_microcode_intel(int cpu)
         if (WARN_ON(raw_smp_processor_id() != cpu))
                 return UCODE_ERROR;
 
-        uci = ucode_cpu_info + cpu;
-        mc = uci->mc;
+        /* Look for a newer patch in our cache: */
+        mc = find_patch(uci);
         if (!mc) {
-                /* Look for a newer patch in our cache: */
-                mc = find_patch(uci);
+                mc = uci->mc;
                 if (!mc)
                         return UCODE_NFOUND;
         }
 
+        /*
+         * Save us the MSR write below - which is a particular expensive
+         * operation - when the other hyperthread has updated the microcode
+         * already.
+         */
+        rev = intel_get_microcode_revision();
+        if (rev >= mc->hdr.rev) {
+                uci->cpu_sig.rev = rev;
+                c->microcode = rev;
+                return UCODE_OK;
+        }
+
+        /*
+         * Writeback and invalidate caches before updating microcode to avoid
+         * internal issues depending on what the microcode is updating.
+         */
+        native_wbinvd();
+
         /* write microcode via MSR 0x79 */
         wrmsrl(MSR_IA32_UCODE_WRITE, (unsigned long)mc->bits);
 
@@ -813,8 +847,6 @@ static enum ucode_state apply_microcode_intel(int cpu)
                 prev_rev = rev;
         }
 
-        c = &cpu_data(cpu);
-
         uci->cpu_sig.rev = rev;
         c->microcode = rev;
 
@@ -830,6 +862,7 @@ static enum ucode_state generic_load_microcode(int cpu, void *data, size_t size,
         unsigned int leftover = size;
         unsigned int curr_mc_size = 0, new_mc_size = 0;
         unsigned int csig, cpf;
+        enum ucode_state ret = UCODE_OK;
 
         while (leftover) {
                 struct microcode_header_intel mc_header;
@@ -871,6 +904,7 @@ static enum ucode_state generic_load_microcode(int cpu, void *data, size_t size,
                         new_mc  = mc;
                         new_mc_size = mc_size;
                         mc = NULL;      /* trigger new vmalloc */
+                        ret = UCODE_NEW;
                 }
 
                 ucode_ptr += mc_size;
@@ -900,7 +934,7 @@ static enum ucode_state generic_load_microcode(int cpu, void *data, size_t size,
         pr_debug("CPU%d found a matching microcode update with version 0x%x (current=0x%x)\n",
                  cpu, new_rev, uci->cpu_sig.rev);
 
-        return UCODE_OK;
+        return ret;
 }
 
 static int get_ucode_fw(void *to, const void *from, size_t n)
diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c
index 2f723301eb58..38deafebb21b 100644
--- a/arch/x86/kernel/ioport.c
+++ b/arch/x86/kernel/ioport.c
@@ -23,7 +23,7 @@
 /*
  * this changes the io permissions bitmap in the current task.
  */
-asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on)
+SYSCALL_DEFINE3(ioperm, unsigned long, from, unsigned long, num, int, turn_on)
 {
         struct thread_struct *t = &current->thread;
         struct tss_struct *tss;
diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c
index bd36f3c33cd0..0715f827607c 100644
--- a/arch/x86/kernel/kprobes/core.c
+++ b/arch/x86/kernel/kprobes/core.c
@@ -1168,10 +1168,18 @@ NOKPROBE_SYMBOL(longjmp_break_handler);
 
 bool arch_within_kprobe_blacklist(unsigned long addr)
 {
+        bool is_in_entry_trampoline_section = false;
+
+#ifdef CONFIG_X86_64
+        is_in_entry_trampoline_section =
+                (addr >= (unsigned long)__entry_trampoline_start &&
+                 addr < (unsigned long)__entry_trampoline_end);
+#endif
         return  (addr >= (unsigned long)__kprobes_text_start &&
                  addr < (unsigned long)__kprobes_text_end) ||
                 (addr >= (unsigned long)__entry_text_start &&
-                 addr < (unsigned long)__entry_text_end);
+                 addr < (unsigned long)__entry_text_end) ||
+                is_in_entry_trampoline_section;
 }
 
 int __init arch_init_kprobes(void)
diff --git a/arch/x86/kernel/signal_compat.c b/arch/x86/kernel/signal_compat.c
index ac057f9b0763..0d930d8987cc 100644
--- a/arch/x86/kernel/signal_compat.c
+++ b/arch/x86/kernel/signal_compat.c
@@ -43,6 +43,13 @@ static inline void signal_compat_build_tests(void)
         BUILD_BUG_ON(offsetof(compat_siginfo_t, _sifields) != 3 * sizeof(int));
 #define CHECK_CSI_OFFSET(name)    BUILD_BUG_ON(_sifields_offset != offsetof(compat_siginfo_t, _sifields.name))
 
+        BUILD_BUG_ON(offsetof(siginfo_t, si_signo) != 0);
+        BUILD_BUG_ON(offsetof(siginfo_t, si_errno) != 4);
+        BUILD_BUG_ON(offsetof(siginfo_t, si_code)  != 8);
+
+        BUILD_BUG_ON(offsetof(compat_siginfo_t, si_signo) != 0);
+        BUILD_BUG_ON(offsetof(compat_siginfo_t, si_errno) != 4);
+        BUILD_BUG_ON(offsetof(compat_siginfo_t, si_code)  != 8);
          /*
          * Ensure that the size of each si_field never changes.
          * If it does, it is a sign that the
@@ -63,36 +70,94 @@ static inline void signal_compat_build_tests(void)
         CHECK_CSI_SIZE  (_kill, 2*sizeof(int));
         CHECK_SI_SIZE   (_kill, 2*sizeof(int));
 
+        BUILD_BUG_ON(offsetof(siginfo_t, si_pid) != 0x10);
+        BUILD_BUG_ON(offsetof(siginfo_t, si_uid) != 0x14);
+        BUILD_BUG_ON(offsetof(compat_siginfo_t, si_pid) != 0xC);
+        BUILD_BUG_ON(offsetof(compat_siginfo_t, si_uid) != 0x10);
+
         CHECK_CSI_OFFSET(_timer);
         CHECK_CSI_SIZE  (_timer, 3*sizeof(int));
         CHECK_SI_SIZE   (_timer, 6*sizeof(int));
 
+        BUILD_BUG_ON(offsetof(siginfo_t, si_tid)     != 0x10);
+        BUILD_BUG_ON(offsetof(siginfo_t, si_overrun) != 0x14);
+        BUILD_BUG_ON(offsetof(siginfo_t, si_value)   != 0x18);
+        BUILD_BUG_ON(offsetof(compat_siginfo_t, si_tid)     != 0x0C);
+        BUILD_BUG_ON(offsetof(compat_siginfo_t, si_overrun) != 0x10);
+        BUILD_BUG_ON(offsetof(compat_siginfo_t, si_value)   != 0x14);
+
         CHECK_CSI_OFFSET(_rt);
         CHECK_CSI_SIZE  (_rt, 3*sizeof(int));
         CHECK_SI_SIZE   (_rt, 4*sizeof(int));
 
+        BUILD_BUG_ON(offsetof(siginfo_t, si_pid)   != 0x10);
+        BUILD_BUG_ON(offsetof(siginfo_t, si_uid)   != 0x14);
+        BUILD_BUG_ON(offsetof(siginfo_t, si_value) != 0x18);
+        BUILD_BUG_ON(offsetof(compat_siginfo_t, si_pid)   != 0x0C);
+        BUILD_BUG_ON(offsetof(compat_siginfo_t, si_uid)   != 0x10);
+        BUILD_BUG_ON(offsetof(compat_siginfo_t, si_value) != 0x14);
+
         CHECK_CSI_OFFSET(_sigchld);
         CHECK_CSI_SIZE  (_sigchld, 5*sizeof(int));
         CHECK_SI_SIZE   (_sigchld, 8*sizeof(int));
 
+        BUILD_BUG_ON(offsetof(siginfo_t, si_pid)    != 0x10);
+        BUILD_BUG_ON(offsetof(siginfo_t, si_uid)    != 0x14);
+        BUILD_BUG_ON(offsetof(siginfo_t, si_status) != 0x18);
+        BUILD_BUG_ON(offsetof(siginfo_t, si_utime)  != 0x20);
+        BUILD_BUG_ON(offsetof(siginfo_t, si_stime)  != 0x28);
+        BUILD_BUG_ON(offsetof(compat_siginfo_t, si_pid)    != 0x0C);
+        BUILD_BUG_ON(offsetof(compat_siginfo_t, si_uid)    != 0x10);
+        BUILD_BUG_ON(offsetof(compat_siginfo_t, si_status) != 0x14);
+        BUILD_BUG_ON(offsetof(compat_siginfo_t, si_utime)  != 0x18);
+        BUILD_BUG_ON(offsetof(compat_siginfo_t, si_stime)  != 0x1C);
+
 #ifdef CONFIG_X86_X32_ABI
         CHECK_CSI_OFFSET(_sigchld_x32);
         CHECK_CSI_SIZE  (_sigchld_x32, 7*sizeof(int));
         /* no _sigchld_x32 in the generic siginfo_t */
+        BUILD_BUG_ON(offsetof(compat_siginfo_t, _sifields._sigchld_x32._utime)  != 0x18);
+        BUILD_BUG_ON(offsetof(compat_siginfo_t, _sifields._sigchld_x32._stime)  != 0x20);
 #endif
 
         CHECK_CSI_OFFSET(_sigfault);
         CHECK_CSI_SIZE  (_sigfault, 4*sizeof(int));
         CHECK_SI_SIZE   (_sigfault, 8*sizeof(int));
 
+        BUILD_BUG_ON(offsetof(siginfo_t, si_addr) != 0x10);
+        BUILD_BUG_ON(offsetof(compat_siginfo_t, si_addr) != 0x0C);
+
+        BUILD_BUG_ON(offsetof(siginfo_t, si_addr_lsb) != 0x18);
+        BUILD_BUG_ON(offsetof(compat_siginfo_t, si_addr_lsb) != 0x10);
+
+        BUILD_BUG_ON(offsetof(siginfo_t, si_lower) != 0x20);
+        BUILD_BUG_ON(offsetof(siginfo_t, si_upper) != 0x28);
+        BUILD_BUG_ON(offsetof(compat_siginfo_t, si_lower) != 0x14);
+        BUILD_BUG_ON(offsetof(compat_siginfo_t, si_upper) != 0x18);
+
+        BUILD_BUG_ON(offsetof(siginfo_t, si_pkey) != 0x20);
+        BUILD_BUG_ON(offsetof(compat_siginfo_t, si_pkey) != 0x14);
+
         CHECK_CSI_OFFSET(_sigpoll);
         CHECK_CSI_SIZE  (_sigpoll, 2*sizeof(int));
         CHECK_SI_SIZE   (_sigpoll, 4*sizeof(int));
 
+        BUILD_BUG_ON(offsetof(siginfo_t, si_band)   != 0x10);
+        BUILD_BUG_ON(offsetof(siginfo_t, si_fd)     != 0x18);
+        BUILD_BUG_ON(offsetof(compat_siginfo_t, si_band) != 0x0C);
+        BUILD_BUG_ON(offsetof(compat_siginfo_t, si_fd)   != 0x10);
+
         CHECK_CSI_OFFSET(_sigsys);
         CHECK_CSI_SIZE  (_sigsys, 3*sizeof(int));
         CHECK_SI_SIZE   (_sigsys, 4*sizeof(int));
 
+        BUILD_BUG_ON(offsetof(siginfo_t, si_call_addr) != 0x10);
+        BUILD_BUG_ON(offsetof(siginfo_t, si_syscall)   != 0x18);
+        BUILD_BUG_ON(offsetof(siginfo_t, si_arch)      != 0x1C);
+        BUILD_BUG_ON(offsetof(compat_siginfo_t, si_call_addr) != 0x0C);
+        BUILD_BUG_ON(offsetof(compat_siginfo_t, si_syscall)   != 0x10);
+        BUILD_BUG_ON(offsetof(compat_siginfo_t, si_arch)      != 0x14);
+
         /* any new si_fields should be added here */
 }
 
diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c
index 5edb27f1a2c4..9d0b5af7db91 100644
--- a/arch/x86/kernel/vm86_32.c
+++ b/arch/x86/kernel/vm86_32.c
@@ -727,7 +727,8 @@ void handle_vm86_fault(struct kernel_vm86_regs *regs, long error_code)
         return;
 
 check_vip:
-        if (VEFLAGS & X86_EFLAGS_VIP) {
+        if ((VEFLAGS & (X86_EFLAGS_VIP | X86_EFLAGS_VIF)) ==
+            (X86_EFLAGS_VIP | X86_EFLAGS_VIF)) {
                 save_v86_state(regs, VM86_STI);
                 return;
         }
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 9b138a06c1a4..b854ebf5851b 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -118,9 +118,11 @@ SECTIONS
 
 #ifdef CONFIG_X86_64
                 . = ALIGN(PAGE_SIZE);
+                VMLINUX_SYMBOL(__entry_trampoline_start) = .;
                 _entry_trampoline = .;
                 *(.entry_trampoline)
                 . = ALIGN(PAGE_SIZE);
+                VMLINUX_SYMBOL(__entry_trampoline_end) = .;
                 ASSERT(. - _entry_trampoline == PAGE_SIZE, "entry trampoline is too big");
 #endif
 
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index f551962ac294..763bb3bade63 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -2770,8 +2770,10 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep,
         else
                 pte_access &= ~ACC_WRITE_MASK;
 
+        if (!kvm_is_mmio_pfn(pfn))
+                spte |= shadow_me_mask;
+
         spte |= (u64)pfn << PAGE_SHIFT;
-        spte |= shadow_me_mask;
 
         if (pte_access & ACC_WRITE_MASK) {
 
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 051dab74e4e9..2d87603f9179 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -1045,6 +1045,13 @@ static inline bool is_machine_check(u32 intr_info)
                 (INTR_TYPE_HARD_EXCEPTION | MC_VECTOR | INTR_INFO_VALID_MASK);
 }
 
+/* Undocumented: icebp/int1 */
+static inline bool is_icebp(u32 intr_info)
+{
+        return (intr_info & (INTR_INFO_INTR_TYPE_MASK | INTR_INFO_VALID_MASK))
+                == (INTR_TYPE_PRIV_SW_EXCEPTION | INTR_INFO_VALID_MASK);
+}
+
 static inline bool cpu_has_vmx_msr_bitmap(void)
 {
         return vmcs_config.cpu_based_exec_ctrl & CPU_BASED_USE_MSR_BITMAPS;
@@ -6179,7 +6186,7 @@ static int handle_exception(struct kvm_vcpu *vcpu)
                       (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP))) {
                         vcpu->arch.dr6 &= ~15;
                         vcpu->arch.dr6 |= dr6 | DR6_RTM;
-                        if (!(dr6 & ~DR6_RESERVED)) /* icebp */
+                        if (is_icebp(intr_info))
                                 skip_emulated_instruction(vcpu);
 
                         kvm_queue_exception(vcpu, DB_VECTOR);
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index c88573d90f3e..25a30b5d6582 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -330,7 +330,7 @@ static noinline int vmalloc_fault(unsigned long address)
         if (!pmd_k)
                 return -1;
 
-        if (pmd_huge(*pmd_k))
+        if (pmd_large(*pmd_k))
                 return 0;
 
         pte_k = pte_offset_kernel(pmd_k, address);
@@ -475,7 +475,7 @@ static noinline int vmalloc_fault(unsigned long address)
         if (pud_none(*pud) || pud_pfn(*pud) != pud_pfn(*pud_ref))
                 BUG();
 
-        if (pud_huge(*pud))
+        if (pud_large(*pud))
                 return 0;
 
         pmd = pmd_offset(pud, address);
@@ -486,7 +486,7 @@ static noinline int vmalloc_fault(unsigned long address)
         if (pmd_none(*pmd) || pmd_pfn(*pmd) != pmd_pfn(*pmd_ref))
                 BUG();
 
-        if (pmd_huge(*pmd))
+        if (pmd_large(*pmd))
                 return 0;
 
         pte_ref = pte_offset_kernel(pmd_ref, address);
diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
index 8b72923f1d35..af11a2890235 100644
--- a/arch/x86/mm/init_64.c
+++ b/arch/x86/mm/init_64.c
@@ -800,17 +800,11 @@ int arch_add_memory(int nid, u64 start, u64 size, struct vmem_altmap *altmap,
 
 #define PAGE_INUSE 0xFD
 
-static void __meminit free_pagetable(struct page *page, int order,
-                struct vmem_altmap *altmap)
+static void __meminit free_pagetable(struct page *page, int order)
 {
         unsigned long magic;
         unsigned int nr_pages = 1 << order;
 
-        if (altmap) {
-                vmem_altmap_free(altmap, nr_pages);
-                return;
-        }
-
         /* bootmem page has reserved flag */
         if (PageReserved(page)) {
                 __ClearPageReserved(page);
@@ -826,9 +820,17 @@ static void __meminit free_pagetable(struct page *page, int order,
                 free_pages((unsigned long)page_address(page), order);
 }
 
-static void __meminit free_pte_table(pte_t *pte_start, pmd_t *pmd,
+static void __meminit free_hugepage_table(struct page *page,
                 struct vmem_altmap *altmap)
 {
+        if (altmap)
+                vmem_altmap_free(altmap, PMD_SIZE / PAGE_SIZE);
+        else
+                free_pagetable(page, get_order(PMD_SIZE));
+}
+
+static void __meminit free_pte_table(pte_t *pte_start, pmd_t *pmd)
+{
         pte_t *pte;
         int i;
 
@@ -839,14 +841,13 @@ static void __meminit free_pte_table(pte_t *pte_start, pmd_t *pmd,
         }
 
         /* free a pte talbe */
-        free_pagetable(pmd_page(*pmd), 0, altmap);
+        free_pagetable(pmd_page(*pmd), 0);
         spin_lock(&init_mm.page_table_lock);
         pmd_clear(pmd);
         spin_unlock(&init_mm.page_table_lock);
 }
 
-static void __meminit free_pmd_table(pmd_t *pmd_start, pud_t *pud,
-                struct vmem_altmap *altmap)
+static void __meminit free_pmd_table(pmd_t *pmd_start, pud_t *pud)
 {
         pmd_t *pmd;
         int i;
@@ -858,14 +859,13 @@ static void __meminit free_pmd_table(pmd_t *pmd_start, pud_t *pud,
         }
 
         /* free a pmd talbe */
-        free_pagetable(pud_page(*pud), 0, altmap);
+        free_pagetable(pud_page(*pud), 0);
         spin_lock(&init_mm.page_table_lock);
         pud_clear(pud);
         spin_unlock(&init_mm.page_table_lock);
 }
 
-static void __meminit free_pud_table(pud_t *pud_start, p4d_t *p4d,
-                struct vmem_altmap *altmap)
+static void __meminit free_pud_table(pud_t *pud_start, p4d_t *p4d)
 {
         pud_t *pud;
         int i;
@@ -877,7 +877,7 @@ static void __meminit free_pud_table(pud_t *pud_start, p4d_t *p4d,
         }
 
         /* free a pud talbe */
-        free_pagetable(p4d_page(*p4d), 0, altmap);
+        free_pagetable(p4d_page(*p4d), 0);
         spin_lock(&init_mm.page_table_lock);
         p4d_clear(p4d);
         spin_unlock(&init_mm.page_table_lock);
@@ -885,7 +885,7 @@ static void __meminit free_pud_table(pud_t *pud_start, p4d_t *p4d,
 
 static void __meminit
 remove_pte_table(pte_t *pte_start, unsigned long addr, unsigned long end,
-                 struct vmem_altmap *altmap, bool direct)
+                 bool direct)
 {
         unsigned long next, pages = 0;
         pte_t *pte;
@@ -916,7 +916,7 @@ remove_pte_table(pte_t *pte_start, unsigned long addr, unsigned long end,
                          * freed when offlining, or simplely not in use.
                          */
                         if (!direct)
-                                free_pagetable(pte_page(*pte), 0, altmap);
+                                free_pagetable(pte_page(*pte), 0);
 
                         spin_lock(&init_mm.page_table_lock);
                         pte_clear(&init_mm, addr, pte);
@@ -939,7 +939,7 @@ remove_pte_table(pte_t *pte_start, unsigned long addr, unsigned long end,
 
                         page_addr = page_address(pte_page(*pte));
                         if (!memchr_inv(page_addr, PAGE_INUSE, PAGE_SIZE)) {
-                                free_pagetable(pte_page(*pte), 0, altmap);
+                                free_pagetable(pte_page(*pte), 0);
 
                                 spin_lock(&init_mm.page_table_lock);
                                 pte_clear(&init_mm, addr, pte);
@@ -974,9 +974,8 @@ remove_pmd_table(pmd_t *pmd_start, unsigned long addr, unsigned long end,
                         if (IS_ALIGNED(addr, PMD_SIZE) &&
                             IS_ALIGNED(next, PMD_SIZE)) {
                                 if (!direct)
-                                        free_pagetable(pmd_page(*pmd),
-                                                       get_order(PMD_SIZE),
-                                                       altmap);
+                                        free_hugepage_table(pmd_page(*pmd),
+                                                            altmap);
 
                                 spin_lock(&init_mm.page_table_lock);
                                 pmd_clear(pmd);
@@ -989,9 +988,8 @@ remove_pmd_table(pmd_t *pmd_start, unsigned long addr, unsigned long end,
                                 page_addr = page_address(pmd_page(*pmd));
                                 if (!memchr_inv(page_addr, PAGE_INUSE,
                                                 PMD_SIZE)) {
-                                        free_pagetable(pmd_page(*pmd),
-                                                       get_order(PMD_SIZE),
-                                                       altmap);
+                                        free_hugepage_table(pmd_page(*pmd),
+                                                            altmap);
 
                                         spin_lock(&init_mm.page_table_lock);
                                         pmd_clear(pmd);
@@ -1003,8 +1001,8 @@ remove_pmd_table(pmd_t *pmd_start, unsigned long addr, unsigned long end,
                 }
 
                 pte_base = (pte_t *)pmd_page_vaddr(*pmd);
-                remove_pte_table(pte_base, addr, next, altmap, direct);
-                free_pte_table(pte_base, pmd, altmap);
+                remove_pte_table(pte_base, addr, next, direct);
+                free_pte_table(pte_base, pmd);
         }
 
         /* Call free_pmd_table() in remove_pud_table(). */
@@ -1033,8 +1031,7 @@ remove_pud_table(pud_t *pud_start, unsigned long addr, unsigned long end,
                             IS_ALIGNED(next, PUD_SIZE)) {
                                 if (!direct)
                                         free_pagetable(pud_page(*pud),
-                                                       get_order(PUD_SIZE),
-                                                       altmap);
+                                                       get_order(PUD_SIZE));
 
                                 spin_lock(&init_mm.page_table_lock);
                                 pud_clear(pud);
@@ -1048,8 +1045,7 @@ remove_pud_table(pud_t *pud_start, unsigned long addr, unsigned long end,
                                 if (!memchr_inv(page_addr, PAGE_INUSE,
                                                 PUD_SIZE)) {
                                         free_pagetable(pud_page(*pud),
-                                                       get_order(PUD_SIZE),
-                                                       altmap);
+                                                       get_order(PUD_SIZE));
 
                                         spin_lock(&init_mm.page_table_lock);
                                         pud_clear(pud);
@@ -1062,7 +1058,7 @@ remove_pud_table(pud_t *pud_start, unsigned long addr, unsigned long end,
 
                 pmd_base = pmd_offset(pud, 0);
                 remove_pmd_table(pmd_base, addr, next, direct, altmap);
-                free_pmd_table(pmd_base, pud, altmap);
+                free_pmd_table(pmd_base, pud);
         }
 
         if (direct)
@@ -1094,7 +1090,7 @@ remove_p4d_table(p4d_t *p4d_start, unsigned long addr, unsigned long end,
                  * to adapt for boot-time switching between 4 and 5 level page tables.
                  */
                 if (CONFIG_PGTABLE_LEVELS == 5)
-                        free_pud_table(pud_base, p4d, altmap);
+                        free_pud_table(pud_base, p4d);
         }
 
         if (direct)
diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c
index 004abf9ebf12..34cda7e0551b 100644
--- a/arch/x86/mm/pgtable.c
+++ b/arch/x86/mm/pgtable.c
@@ -702,4 +702,52 @@ int pmd_clear_huge(pmd_t *pmd)
 
         return 0;
 }
+
+/**
+ * pud_free_pmd_page - Clear pud entry and free pmd page.
+ * @pud: Pointer to a PUD.
+ *
+ * Context: The pud range has been unmaped and TLB purged.
+ * Return: 1 if clearing the entry succeeded. 0 otherwise.
+ */
+int pud_free_pmd_page(pud_t *pud)
+{
+        pmd_t *pmd;
+        int i;
+
+        if (pud_none(*pud))
+                return 1;
+
+        pmd = (pmd_t *)pud_page_vaddr(*pud);
+
+        for (i = 0; i < PTRS_PER_PMD; i++)
+                if (!pmd_free_pte_page(&pmd[i]))
+                        return 0;
+
+        pud_clear(pud);
+        free_page((unsigned long)pmd);
+
+        return 1;
+}
+
+/**
+ * pmd_free_pte_page - Clear pmd entry and free pte page.
+ * @pmd: Pointer to a PMD.
+ *
+ * Context: The pmd range has been unmaped and TLB purged.
+ * Return: 1 if clearing the entry succeeded. 0 otherwise.
+ */
+int pmd_free_pte_page(pmd_t *pmd)
+{
+        pte_t *pte;
+
+        if (pmd_none(*pmd))
+                return 1;
+
+        pte = (pte_t *)pmd_page_vaddr(*pmd);
+        pmd_clear(pmd);
+        free_page((unsigned long)pte);
+
+        return 1;
+}
 #endif  /* CONFIG_HAVE_ARCH_HUGE_VMAP */
diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c
index ce38f165489b..631507f0c198 100644
--- a/arch/x86/mm/pti.c
+++ b/arch/x86/mm/pti.c
@@ -332,7 +332,7 @@ static void __init pti_clone_user_shared(void)
 }
 
 /*
- * Clone the ESPFIX P4D into the user space visinble page table
+ * Clone the ESPFIX P4D into the user space visible page table
  */
 static void __init pti_setup_espfix64(void)
 {
diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
index eb661fff94d7..b725154182cc 100644
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -1223,7 +1223,7 @@ skip_init_addrs:
          * may converge on the last pass. In such case do one more
          * pass to emit the final image
          */
-        for (pass = 0; pass < 10 || image; pass++) {
+        for (pass = 0; pass < 20 || image; pass++) {
                 proglen = do_jit(prog, addrs, image, oldproglen, &ctx);
                 if (proglen <= 0) {
                         image = NULL;
@@ -1250,6 +1250,7 @@ skip_init_addrs:
                         }
                 }
                 oldproglen = proglen;
+                cond_resched();
         }
 
         if (bpf_jit_enable > 1)