Merge git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-x86

* git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-x86:
  x86: fix deadlock, make pgd_lock irq-safe
  virtio: fix trivial build bug
  x86: fix mttr trimming
  x86: delay CPA self-test and repeat it
  x86: fix 64-bit sections
  generic: add __FINITDATA
  x86: remove suprious ifdefs from pageattr.c
  x86: mark the .rodata section also NX
  x86: fix iret exception recovery on 64-bit
  cpuidle: dubious one-bit signed bitfield in cpuidle.h
  x86: fix sparse warnings in powernow-k8.c
  x86: fix sparse error in traps_32.c
  x86: trivial sparse/checkpatch in quirks.c
  x86 ptrace: disallow null cs/ss
  MAINTAINERS: RDC R-321x SoC maintainer
  brk randomization: introduce CONFIG_COMPAT_BRK
  brk: check the lower bound properly
  x86: remove X2 workaround
  x86: make spurious fault handler aware of large mappings
  x86: make traps on entry code be debuggable in user space, 64-bit

8 files changed, 72 insertions, 55 deletions

diff --git a/arch/x86/kernel/cpu/cpufreq/powernow-k8.c b/arch/x86/kernel/cpu/cpufreq/powernow-k8.c
index a0522735dd9d..5affe91ca1e5 100644
--- a/arch/x86/kernel/cpu/cpufreq/powernow-k8.c
+++ b/arch/x86/kernel/cpu/cpufreq/powernow-k8.c
@@ -827,7 +827,6 @@ static int fill_powernow_table_pstate(struct powernow_k8_data *data, struct cpuf
 
         for (i = 0; i < data->acpi_data.state_count; i++) {
                 u32 index;
-                u32 hi = 0, lo = 0;
 
                 index = data->acpi_data.states[i].control & HW_PSTATE_MASK;
                 if (index > data->max_hw_pstate) {
diff --git a/arch/x86/kernel/cpu/mtrr/main.c b/arch/x86/kernel/cpu/mtrr/main.c
index 1e27b69a7a0e..b6e136f23d3d 100644
--- a/arch/x86/kernel/cpu/mtrr/main.c
+++ b/arch/x86/kernel/cpu/mtrr/main.c
@@ -659,7 +659,7 @@ static __init int amd_special_default_mtrr(void)
  */
 int __init mtrr_trim_uncached_memory(unsigned long end_pfn)
 {
-        unsigned long i, base, size, highest_addr = 0, def, dummy;
+        unsigned long i, base, size, highest_pfn = 0, def, dummy;
         mtrr_type type;
         u64 trim_start, trim_size;
 
@@ -682,28 +682,27 @@ int __init mtrr_trim_uncached_memory(unsigned long end_pfn)
                 mtrr_if->get(i, &base, &size, &type);
                 if (type != MTRR_TYPE_WRBACK)
                         continue;
-                base <<= PAGE_SHIFT;
-                size <<= PAGE_SHIFT;
-                if (highest_addr < base + size)
-                        highest_addr = base + size;
+                if (highest_pfn < base + size)
+                        highest_pfn = base + size;
         }
 
         /* kvm/qemu doesn't have mtrr set right, don't trim them all */
-        if (!highest_addr) {
+        if (!highest_pfn) {
                 printk(KERN_WARNING "WARNING: strange, CPU MTRRs all blank?\n");
                 WARN_ON(1);
                 return 0;
         }
 
-        if ((highest_addr >> PAGE_SHIFT) < end_pfn) {
+        if (highest_pfn < end_pfn) {
                 printk(KERN_WARNING "WARNING: BIOS bug: CPU MTRRs don't cover"
-                        " all of memory, losing %LdMB of RAM.\n",
-                        (((u64)end_pfn << PAGE_SHIFT) - highest_addr) >> 20);
+                        " all of memory, losing %luMB of RAM.\n",
+                        (end_pfn - highest_pfn) >> (20 - PAGE_SHIFT));
 
                 WARN_ON(1);
 
                 printk(KERN_INFO "update e820 for mtrr\n");
-                trim_start = highest_addr;
+                trim_start = highest_pfn;
+                trim_start <<= PAGE_SHIFT;
                 trim_size = end_pfn;
                 trim_size <<= PAGE_SHIFT;
                 trim_size -= trim_start;
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
index bea8474744ff..c7341e81941c 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -582,7 +582,6 @@ retint_restore_args:	/* return to kernel space */
         TRACE_IRQS_IRETQ
 restore_args:
         RESTORE_ARGS 0,8,0                                              
-iret_label:     
 #ifdef CONFIG_PARAVIRT
         INTERRUPT_RETURN
 #endif
@@ -593,13 +592,22 @@ ENTRY(native_iret)
         .quad native_iret, bad_iret
         .previous
         .section .fixup,"ax"
-        /* force a signal here? this matches i386 behaviour */
-        /* running with kernel gs */
 bad_iret:
-        movq $11,%rdi   /* SIGSEGV */
-        TRACE_IRQS_ON
-        ENABLE_INTERRUPTS(CLBR_ANY | ~(CLBR_RDI))
-        jmp do_exit
+        /*
+         * The iret traps when the %cs or %ss being restored is bogus.
+         * We've lost the original trap vector and error code.
+         * #GPF is the most likely one to get for an invalid selector.
+         * So pretend we completed the iret and took the #GPF in user mode.
+         *
+         * We are now running with the kernel GS after exception recovery.
+         * But error_entry expects us to have user GS to match the user %cs,
+         * so swap back.
+         */
+        pushq $0
+
+        SWAPGS
+        jmp general_protection
+
         .previous
 
         /* edi: workmask, edx: work */
@@ -911,7 +919,7 @@ error_kernelspace:
            iret run with kernel gs again, so don't set the user space flag.
            B stepping K8s sometimes report an truncated RIP for IRET 
            exceptions returning to compat mode. Check for these here too. */
-        leaq iret_label(%rip),%rbp
+        leaq native_iret(%rip),%rbp
         cmpq %rbp,RIP(%rsp) 
         je   error_swapgs
         movl %ebp,%ebp  /* zero extend */
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
index 4f283ad215ec..09b38d539b09 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -250,18 +250,13 @@ ENTRY(secondary_startup_64)
         lretq
 
         /* SMP bootup changes these two */
-#ifndef CONFIG_HOTPLUG_CPU
-        .pushsection .init.data
-#endif
+        __CPUINITDATA
         .align  8
-        .globl  initial_code
-initial_code:
+        ENTRY(initial_code)
         .quad   x86_64_start_kernel
-#ifndef CONFIG_HOTPLUG_CPU
-        .popsection
-#endif
-        .globl init_rsp
-init_rsp:
+        __FINITDATA
+
+        ENTRY(init_rsp)
         .quad  init_thread_union+THREAD_SIZE-8
 
 bad_address:
diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
index 96286df1bb81..702c33efea84 100644
--- a/arch/x86/kernel/ptrace.c
+++ b/arch/x86/kernel/ptrace.c
@@ -103,9 +103,26 @@ static int set_segment_reg(struct task_struct *task,
         if (invalid_selector(value))
                 return -EIO;
 
-        if (offset != offsetof(struct user_regs_struct, gs))
+        /*
+         * For %cs and %ss we cannot permit a null selector.
+         * We can permit a bogus selector as long as it has USER_RPL.
+         * Null selectors are fine for other segment registers, but
+         * we will never get back to user mode with invalid %cs or %ss
+         * and will take the trap in iret instead.  Much code relies
+         * on user_mode() to distinguish a user trap frame (which can
+         * safely use invalid selectors) from a kernel trap frame.
+         */
+        switch (offset) {
+        case offsetof(struct user_regs_struct, cs):
+        case offsetof(struct user_regs_struct, ss):
+                if (unlikely(value == 0))
+                        return -EIO;
+
+        default:
                 *pt_regs_access(task_pt_regs(task), offset) = value;
-        else {
+                break;
+
+        case offsetof(struct user_regs_struct, gs):
                 task->thread.gs = value;
                 if (task == current)
                         /*
@@ -227,12 +244,16 @@ static int set_segment_reg(struct task_struct *task,
                  * Can't actually change these in 64-bit mode.
                  */
         case offsetof(struct user_regs_struct,cs):
+                if (unlikely(value == 0))
+                        return -EIO;
 #ifdef CONFIG_IA32_EMULATION
                 if (test_tsk_thread_flag(task, TIF_IA32))
                         task_pt_regs(task)->cs = value;
 #endif
                 break;
         case offsetof(struct user_regs_struct,ss):
+                if (unlikely(value == 0))
+                        return -EIO;
 #ifdef CONFIG_IA32_EMULATION
                 if (test_tsk_thread_flag(task, TIF_IA32))
                         task_pt_regs(task)->ss = value;
diff --git a/arch/x86/kernel/quirks.c b/arch/x86/kernel/quirks.c
index 3cd7a2dcd4fe..6ba33ca8715a 100644
--- a/arch/x86/kernel/quirks.c
+++ b/arch/x86/kernel/quirks.c
@@ -380,19 +380,19 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_NVIDIA, 0x0367,
 void force_hpet_resume(void)
 {
         switch (force_hpet_resume_type) {
-            case ICH_FORCE_HPET_RESUME:
-                return ich_force_hpet_resume();
-
-            case OLD_ICH_FORCE_HPET_RESUME:
-                return old_ich_force_hpet_resume();
-
-            case VT8237_FORCE_HPET_RESUME:
-                return vt8237_force_hpet_resume();
-
-            case NVIDIA_FORCE_HPET_RESUME:
-                return nvidia_force_hpet_resume();
-
-            default:
+        case ICH_FORCE_HPET_RESUME:
+                ich_force_hpet_resume();
+                return;
+        case OLD_ICH_FORCE_HPET_RESUME:
+                old_ich_force_hpet_resume();
+                return;
+        case VT8237_FORCE_HPET_RESUME:
+                vt8237_force_hpet_resume();
+                return;
+        case NVIDIA_FORCE_HPET_RESUME:
+                nvidia_force_hpet_resume();
+                return;
+        default:
                 break;
         }
 }
diff --git a/arch/x86/kernel/test_nx.c b/arch/x86/kernel/test_nx.c
index 36c100c323aa..10b8a6f69f84 100644
--- a/arch/x86/kernel/test_nx.c
+++ b/arch/x86/kernel/test_nx.c
@@ -139,7 +139,6 @@ static int test_NX(void)
          * Until then, don't run them to avoid too many people getting scared
          * by the error message
          */
-#if 0
 
 #ifdef CONFIG_DEBUG_RODATA
         /* Test 3: Check if the .rodata section is executable */
@@ -152,6 +151,7 @@ static int test_NX(void)
         }
 #endif
 
+#if 0
         /* Test 4: Check if the .data section of a module is executable */
         if (test_address(&test_data)) {
                 printk(KERN_ERR "test_nx: .data section is executable\n");
diff --git a/arch/x86/kernel/traps_32.c b/arch/x86/kernel/traps_32.c
index 3cf72977d012..b22c01e05a18 100644
--- a/arch/x86/kernel/traps_32.c
+++ b/arch/x86/kernel/traps_32.c
@@ -1176,17 +1176,12 @@ void __init trap_init(void)
 #endif
         set_trap_gate(19,&simd_coprocessor_error);
 
+        /*
+         * Verify that the FXSAVE/FXRSTOR data will be 16-byte aligned.
+         * Generate a build-time error if the alignment is wrong.
+         */
+        BUILD_BUG_ON(offsetof(struct task_struct, thread.i387.fxsave) & 15);
         if (cpu_has_fxsr) {
-                /*
-                 * Verify that the FXSAVE/FXRSTOR data will be 16-byte aligned.
-                 * Generates a compile-time "error: zero width for bit-field" if
-                 * the alignment is wrong.
-                 */
-                struct fxsrAlignAssert {
-                        int _:!(offsetof(struct task_struct,
-                                        thread.i387.fxsave) & 15);
-                };
-
                 printk(KERN_INFO "Enabling fast FPU save and restore... ");
                 set_in_cr4(X86_CR4_OSFXSR);
                 printk("done.\n");