Merge branch 'consolidate-clksrc-i8253' of master.kernel.org:~rmk/linux-2.6-arm into timers/clocksource

Conflicts:
	arch/ia64/kernel/cyclone.c
	arch/mips/kernel/i8253.c
	arch/x86/kernel/i8253.c

Reason: Resolve conflicts so further cleanups do not conflict further

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>

10 files changed, 683 insertions, 63 deletions

diff --git a/arch/x86/xen/Kconfig b/arch/x86/xen/Kconfig
index 5b54892e4bc3..5cc821cb2e09 100644
--- a/arch/x86/xen/Kconfig
+++ b/arch/x86/xen/Kconfig
@@ -38,7 +38,8 @@ config XEN_MAX_DOMAIN_MEMORY
 
 config XEN_SAVE_RESTORE
        bool
-       depends on XEN && PM
+       depends on XEN
+       select HIBERNATE_CALLBACKS
        default y
 
 config XEN_DEBUG_FS
@@ -48,3 +49,11 @@ config XEN_DEBUG_FS
         help
           Enable statistics output and various tuning options in debugfs.
           Enabling this option may incur a significant performance overhead.
+
+config XEN_DEBUG
+        bool "Enable Xen debug checks"
+        depends on XEN
+        default n
+        help
+          Enable various WARN_ON checks in the Xen MMU code.
+          Enabling this option WILL incur a significant performance overhead.
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
index 50542efe45fb..e3c6a06cf725 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -238,6 +238,7 @@ static void xen_cpuid(unsigned int *ax, unsigned int *bx,
 static __init void xen_init_cpuid_mask(void)
 {
         unsigned int ax, bx, cx, dx;
+        unsigned int xsave_mask;
 
         cpuid_leaf1_edx_mask =
                 ~((1 << X86_FEATURE_MCE)  |  /* disable MCE */
@@ -249,24 +250,16 @@ static __init void xen_init_cpuid_mask(void)
                 cpuid_leaf1_edx_mask &=
                         ~((1 << X86_FEATURE_APIC) |  /* disable local APIC */
                           (1 << X86_FEATURE_ACPI));  /* disable ACPI */
-
         ax = 1;
-        cx = 0;
         xen_cpuid(&ax, &bx, &cx, &dx);
 
-        /* cpuid claims we support xsave; try enabling it to see what happens */
-        if (cx & (1 << (X86_FEATURE_XSAVE % 32))) {
-                unsigned long cr4;
-
-                set_in_cr4(X86_CR4_OSXSAVE);
-                
-                cr4 = read_cr4();
-
-                if ((cr4 & X86_CR4_OSXSAVE) == 0)
-                        cpuid_leaf1_ecx_mask &= ~(1 << (X86_FEATURE_XSAVE % 32));
+        xsave_mask =
+                (1 << (X86_FEATURE_XSAVE % 32)) |
+                (1 << (X86_FEATURE_OSXSAVE % 32));
 
-                clear_in_cr4(X86_CR4_OSXSAVE);
-        }
+        /* Xen will set CR4.OSXSAVE if supported and not disabled by force */
+        if ((cx & xsave_mask) != xsave_mask)
+                cpuid_leaf1_ecx_mask &= ~xsave_mask; /* disable XSAVE & OSXSAVE */
 }
 
 static void xen_set_debugreg(int reg, unsigned long val)
@@ -1284,15 +1277,14 @@ static int init_hvm_pv_info(int *major, int *minor)
 
         xen_setup_features();
 
-        pv_info = xen_info;
-        pv_info.kernel_rpl = 0;
+        pv_info.name = "Xen HVM";
 
         xen_domain_type = XEN_HVM_DOMAIN;
 
         return 0;
 }
 
-void xen_hvm_init_shared_info(void)
+void __ref xen_hvm_init_shared_info(void)
 {
         int cpu;
         struct xen_add_to_physmap xatp;
@@ -1331,6 +1323,8 @@ static int __cpuinit xen_hvm_cpu_notify(struct notifier_block *self,
         switch (action) {
         case CPU_UP_PREPARE:
                 per_cpu(xen_vcpu, cpu) = &HYPERVISOR_shared_info->vcpu_info[cpu];
+                if (xen_have_vector_callback)
+                        xen_init_lock_cpu(cpu);
                 break;
         default:
                 break;
@@ -1355,6 +1349,7 @@ static void __init xen_hvm_guest_init(void)
 
         if (xen_feature(XENFEAT_hvm_callback_vector))
                 xen_have_vector_callback = 1;
+        xen_hvm_smp_init();
         register_cpu_notifier(&xen_hvm_cpu_notifier);
         xen_unplug_emulated_devices();
         have_vcpu_info_placement = 0;
diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
index 5e92b61ad574..55c965b38c27 100644
--- a/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
@@ -46,6 +46,7 @@
 #include <linux/module.h>
 #include <linux/gfp.h>
 #include <linux/memblock.h>
+#include <linux/seq_file.h>
 
 #include <asm/pgtable.h>
 #include <asm/tlbflush.h>
@@ -78,8 +79,7 @@
 
 /*
  * Protects atomic reservation decrease/increase against concurrent increases.
- * Also protects non-atomic updates of current_pages and driver_pages, and
- * balloon lists.
+ * Also protects non-atomic updates of current_pages and balloon lists.
  */
 DEFINE_SPINLOCK(xen_reservation_lock);
 
@@ -416,8 +416,12 @@ static pteval_t pte_pfn_to_mfn(pteval_t val)
         if (val & _PAGE_PRESENT) {
                 unsigned long pfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT;
                 pteval_t flags = val & PTE_FLAGS_MASK;
-                unsigned long mfn = pfn_to_mfn(pfn);
+                unsigned long mfn;
 
+                if (!xen_feature(XENFEAT_auto_translated_physmap))
+                        mfn = get_phys_to_machine(pfn);
+                else
+                        mfn = pfn;
                 /*
                  * If there's no mfn for the pfn, then just create an
                  * empty non-present pte.  Unfortunately this loses
@@ -427,8 +431,18 @@ static pteval_t pte_pfn_to_mfn(pteval_t val)
                 if (unlikely(mfn == INVALID_P2M_ENTRY)) {
                         mfn = 0;
                         flags = 0;
+                } else {
+                        /*
+                         * Paramount to do this test _after_ the
+                         * INVALID_P2M_ENTRY as INVALID_P2M_ENTRY &
+                         * IDENTITY_FRAME_BIT resolves to true.
+                         */
+                        mfn &= ~FOREIGN_FRAME_BIT;
+                        if (mfn & IDENTITY_FRAME_BIT) {
+                                mfn &= ~IDENTITY_FRAME_BIT;
+                                flags |= _PAGE_IOMAP;
+                        }
                 }
-
                 val = ((pteval_t)mfn << PAGE_SHIFT) | flags;
         }
 
@@ -532,6 +546,41 @@ pte_t xen_make_pte(pteval_t pte)
 }
 PV_CALLEE_SAVE_REGS_THUNK(xen_make_pte);
 
+#ifdef CONFIG_XEN_DEBUG
+pte_t xen_make_pte_debug(pteval_t pte)
+{
+        phys_addr_t addr = (pte & PTE_PFN_MASK);
+        phys_addr_t other_addr;
+        bool io_page = false;
+        pte_t _pte;
+
+        if (pte & _PAGE_IOMAP)
+                io_page = true;
+
+        _pte = xen_make_pte(pte);
+
+        if (!addr)
+                return _pte;
+
+        if (io_page &&
+            (xen_initial_domain() || addr >= ISA_END_ADDRESS)) {
+                other_addr = pfn_to_mfn(addr >> PAGE_SHIFT) << PAGE_SHIFT;
+                WARN_ONCE(addr != other_addr,
+                        "0x%lx is using VM_IO, but it is 0x%lx!\n",
+                        (unsigned long)addr, (unsigned long)other_addr);
+        } else {
+                pteval_t iomap_set = (_pte.pte & PTE_FLAGS_MASK) & _PAGE_IOMAP;
+                other_addr = (_pte.pte & PTE_PFN_MASK);
+                WARN_ONCE((addr == other_addr) && (!io_page) && (!iomap_set),
+                        "0x%lx is missing VM_IO (and wasn't fixed)!\n",
+                        (unsigned long)addr);
+        }
+
+        return _pte;
+}
+PV_CALLEE_SAVE_REGS_THUNK(xen_make_pte_debug);
+#endif
+
 pgd_t xen_make_pgd(pgdval_t pgd)
 {
         pgd = pte_pfn_to_mfn(pgd);
@@ -986,10 +1035,9 @@ static void xen_pgd_pin(struct mm_struct *mm)
  */
 void xen_mm_pin_all(void)
 {
-        unsigned long flags;
         struct page *page;
 
-        spin_lock_irqsave(&pgd_lock, flags);
+        spin_lock(&pgd_lock);
 
         list_for_each_entry(page, &pgd_list, lru) {
                 if (!PagePinned(page)) {
@@ -998,7 +1046,7 @@ void xen_mm_pin_all(void)
                 }
         }
 
-        spin_unlock_irqrestore(&pgd_lock, flags);
+        spin_unlock(&pgd_lock);
 }
 
 /*
@@ -1099,10 +1147,9 @@ static void xen_pgd_unpin(struct mm_struct *mm)
  */
 void xen_mm_unpin_all(void)
 {
-        unsigned long flags;
         struct page *page;
 
-        spin_lock_irqsave(&pgd_lock, flags);
+        spin_lock(&pgd_lock);
 
         list_for_each_entry(page, &pgd_list, lru) {
                 if (PageSavePinned(page)) {
@@ -1112,7 +1159,7 @@ void xen_mm_unpin_all(void)
                 }
         }
 
-        spin_unlock_irqrestore(&pgd_lock, flags);
+        spin_unlock(&pgd_lock);
 }
 
 void xen_activate_mm(struct mm_struct *prev, struct mm_struct *next)
@@ -1416,6 +1463,119 @@ static int xen_pgd_alloc(struct mm_struct *mm)
         return ret;
 }
 
+#ifdef CONFIG_X86_64
+static __initdata u64 __last_pgt_set_rw = 0;
+static __initdata u64 __pgt_buf_start = 0;
+static __initdata u64 __pgt_buf_end = 0;
+static __initdata u64 __pgt_buf_top = 0;
+/*
+ * As a consequence of the commit:
+ * 
+ * commit 4b239f458c229de044d6905c2b0f9fe16ed9e01e
+ * Author: Yinghai Lu <yinghai@kernel.org>
+ * Date:   Fri Dec 17 16:58:28 2010 -0800
+ * 
+ *     x86-64, mm: Put early page table high
+ * 
+ * at some point init_memory_mapping is going to reach the pagetable pages
+ * area and map those pages too (mapping them as normal memory that falls
+ * in the range of addresses passed to init_memory_mapping as argument).
+ * Some of those pages are already pagetable pages (they are in the range
+ * pgt_buf_start-pgt_buf_end) therefore they are going to be mapped RO and
+ * everything is fine.
+ * Some of these pages are not pagetable pages yet (they fall in the range
+ * pgt_buf_end-pgt_buf_top; for example the page at pgt_buf_end) so they
+ * are going to be mapped RW.  When these pages become pagetable pages and
+ * are hooked into the pagetable, xen will find that the guest has already
+ * a RW mapping of them somewhere and fail the operation.
+ * The reason Xen requires pagetables to be RO is that the hypervisor needs
+ * to verify that the pagetables are valid before using them. The validation
+ * operations are called "pinning".
+ * 
+ * In order to fix the issue we mark all the pages in the entire range
+ * pgt_buf_start-pgt_buf_top as RO, however when the pagetable allocation
+ * is completed only the range pgt_buf_start-pgt_buf_end is reserved by
+ * init_memory_mapping. Hence the kernel is going to crash as soon as one
+ * of the pages in the range pgt_buf_end-pgt_buf_top is reused (b/c those
+ * ranges are RO).
+ * 
+ * For this reason, 'mark_rw_past_pgt' is introduced which is called _after_
+ * the init_memory_mapping has completed (in a perfect world we would
+ * call this function from init_memory_mapping, but lets ignore that).
+ * 
+ * Because we are called _after_ init_memory_mapping the pgt_buf_[start,
+ * end,top] have all changed to new values (b/c init_memory_mapping
+ * is called and setting up another new page-table). Hence, the first time
+ * we enter this function, we save away the pgt_buf_start value and update
+ * the pgt_buf_[end,top].
+ * 
+ * When we detect that the "old" pgt_buf_start through pgt_buf_end
+ * PFNs have been reserved (so memblock_x86_reserve_range has been called),
+ * we immediately set out to RW the "old" pgt_buf_end through pgt_buf_top.
+ * 
+ * And then we update those "old" pgt_buf_[end|top] with the new ones
+ * so that we can redo this on the next pagetable.
+ */
+static __init void mark_rw_past_pgt(void) {
+
+        if (pgt_buf_end > pgt_buf_start) {
+                u64 addr, size;
+
+                /* Save it away. */
+                if (!__pgt_buf_start) {
+                        __pgt_buf_start = pgt_buf_start;
+                        __pgt_buf_end = pgt_buf_end;
+                        __pgt_buf_top = pgt_buf_top;
+                        return;
+                }
+                /* If we get the range that starts at __pgt_buf_end that means
+                 * the range is reserved, and that in 'init_memory_mapping'
+                 * the 'memblock_x86_reserve_range' has been called with the
+                 * outdated __pgt_buf_start, __pgt_buf_end (the "new"
+                 * pgt_buf_[start|end|top] refer now to a new pagetable.
+                 * Note: we are called _after_ the pgt_buf_[..] have been
+                 * updated.*/
+
+                addr = memblock_x86_find_in_range_size(PFN_PHYS(__pgt_buf_start),
+                                                       &size, PAGE_SIZE);
+
+                /* Still not reserved, meaning 'memblock_x86_reserve_range'
+                 * hasn't been called yet. Update the _end and _top.*/
+                if (addr == PFN_PHYS(__pgt_buf_start)) {
+                        __pgt_buf_end = pgt_buf_end;
+                        __pgt_buf_top = pgt_buf_top;
+                        return;
+                }
+
+                /* OK, the area is reserved, meaning it is time for us to
+                 * set RW for the old end->top PFNs. */
+
+                /* ..unless we had already done this. */
+                if (__pgt_buf_end == __last_pgt_set_rw)
+                        return;
+
+                addr = PFN_PHYS(__pgt_buf_end);
+                
+                /* set as RW the rest */
+                printk(KERN_DEBUG "xen: setting RW the range %llx - %llx\n",
+                        PFN_PHYS(__pgt_buf_end), PFN_PHYS(__pgt_buf_top));
+                
+                while (addr < PFN_PHYS(__pgt_buf_top)) {
+                        make_lowmem_page_readwrite(__va(addr));
+                        addr += PAGE_SIZE;
+                }
+                /* And update everything so that we are ready for the next
+                 * pagetable (the one created for regions past 4GB) */
+                __last_pgt_set_rw = __pgt_buf_end;
+                __pgt_buf_start = pgt_buf_start;
+                __pgt_buf_end = pgt_buf_end;
+                __pgt_buf_top = pgt_buf_top;
+        }
+        return;
+}
+#else
+static __init void mark_rw_past_pgt(void) { }
+#endif
 static void xen_pgd_free(struct mm_struct *mm, pgd_t *pgd)
 {
 #ifdef CONFIG_X86_64
@@ -1426,28 +1586,43 @@ static void xen_pgd_free(struct mm_struct *mm, pgd_t *pgd)
 #endif
 }
 
+#ifdef CONFIG_X86_32
 static __init pte_t mask_rw_pte(pte_t *ptep, pte_t pte)
 {
-        unsigned long pfn = pte_pfn(pte);
-
-#ifdef CONFIG_X86_32
         /* If there's an existing pte, then don't allow _PAGE_RW to be set */
         if (pte_val_ma(*ptep) & _PAGE_PRESENT)
                 pte = __pte_ma(((pte_val_ma(*ptep) & _PAGE_RW) | ~_PAGE_RW) &
                                pte_val_ma(pte));
-#endif
+
+        return pte;
+}
+#else /* CONFIG_X86_64 */
+static __init pte_t mask_rw_pte(pte_t *ptep, pte_t pte)
+{
+        unsigned long pfn = pte_pfn(pte);
 
         /*
+         * A bit of optimization. We do not need to call the workaround
+         * when xen_set_pte_init is called with a PTE with 0 as PFN.
+         * That is b/c the pagetable at that point are just being populated
+         * with empty values and we can save some cycles by not calling
+         * the 'memblock' code.*/
+        if (pfn)
+                mark_rw_past_pgt();
+        /*
          * If the new pfn is within the range of the newly allocated
          * kernel pagetable, and it isn't being mapped into an
-         * early_ioremap fixmap slot, make sure it is RO.
+         * early_ioremap fixmap slot as a freshly allocated page, make sure
+         * it is RO.
          */
-        if (!is_early_ioremap_ptep(ptep) &&
-            pfn >= e820_table_start && pfn < e820_table_end)
+        if (((!is_early_ioremap_ptep(ptep) &&
+                        pfn >= pgt_buf_start && pfn < pgt_buf_top)) ||
+                        (is_early_ioremap_ptep(ptep) && pfn != (pgt_buf_end - 1)))
                 pte = pte_wrprotect(pte);
 
         return pte;
 }
+#endif /* CONFIG_X86_64 */
 
 /* Init-time set_pte while constructing initial pagetables, which
    doesn't allow RO pagetable pages to be remapped RW */
@@ -1653,9 +1828,6 @@ static __init void xen_map_identity_early(pmd_t *pmd, unsigned long max_pfn)
                 for (pteidx = 0; pteidx < PTRS_PER_PTE; pteidx++, pfn++) {
                         pte_t pte;
 
-                        if (pfn > max_pfn_mapped)
-                                max_pfn_mapped = pfn;
-
                         if (!pte_none(pte_page[pteidx]))
                                 continue;
 
@@ -1697,7 +1869,7 @@ static void convert_pfn_mfn(void *v)
 }
 
 /*
- * Set up the inital kernel pagetable.
+ * Set up the initial kernel pagetable.
  *
  * We can construct this by grafting the Xen provided pagetable into
  * head_64.S's preconstructed pagetables.  We copy the Xen L2's into
@@ -1713,6 +1885,12 @@ __init pgd_t *xen_setup_kernel_pagetable(pgd_t *pgd,
         pud_t *l3;
         pmd_t *l2;
 
+        /* max_pfn_mapped is the last pfn mapped in the initial memory
+         * mappings. Considering that on Xen after the kernel mappings we
+         * have the mappings of some pages that don't exist in pfn space, we
+         * set max_pfn_mapped to the last real pfn mapped. */
+        max_pfn_mapped = PFN_DOWN(__pa(xen_start_info->mfn_list));
+
         /* Zap identity mapping */
         init_level4_pgt[0] = __pgd(0);
 
@@ -1817,9 +1995,7 @@ __init pgd_t *xen_setup_kernel_pagetable(pgd_t *pgd,
         initial_kernel_pmd =
                 extend_brk(sizeof(pmd_t) * PTRS_PER_PMD, PAGE_SIZE);
 
-        max_pfn_mapped = PFN_DOWN(__pa(xen_start_info->pt_base) +
-                                  xen_start_info->nr_pt_frames * PAGE_SIZE +
-                                  512*1024);
+        max_pfn_mapped = PFN_DOWN(__pa(xen_start_info->mfn_list));
 
         kernel_pmd = m2v(pgd[KERNEL_PGD_BOUNDARY].pgd);
         memcpy(initial_kernel_pmd, kernel_pmd, sizeof(pmd_t) * PTRS_PER_PMD);
@@ -1942,6 +2118,11 @@ __init void xen_ident_map_ISA(void)
 
 static __init void xen_post_allocator_init(void)
 {
+        mark_rw_past_pgt();
+
+#ifdef CONFIG_XEN_DEBUG
+        pv_mmu_ops.make_pte = PV_CALLEE_SAVE(xen_make_pte_debug);
+#endif
         pv_mmu_ops.set_pte = xen_set_pte;
         pv_mmu_ops.set_pmd = xen_set_pmd;
         pv_mmu_ops.set_pud = xen_set_pud;
@@ -2074,7 +2255,7 @@ static void xen_zap_pfn_range(unsigned long vaddr, unsigned int order,
                         in_frames[i] = virt_to_mfn(vaddr);
 
                 MULTI_update_va_mapping(mcs.mc, vaddr, VOID_PTE, 0);
-                set_phys_to_machine(virt_to_pfn(vaddr), INVALID_P2M_ENTRY);
+                __set_phys_to_machine(virt_to_pfn(vaddr), INVALID_P2M_ENTRY);
 
                 if (out_frames)
                         out_frames[i] = virt_to_pfn(vaddr);
@@ -2353,6 +2534,18 @@ EXPORT_SYMBOL_GPL(xen_remap_domain_mfn_range);
 
 #ifdef CONFIG_XEN_DEBUG_FS
 
+static int p2m_dump_open(struct inode *inode, struct file *filp)
+{
+        return single_open(filp, p2m_dump_show, NULL);
+}
+
+static const struct file_operations p2m_dump_fops = {
+        .open           = p2m_dump_open,
+        .read           = seq_read,
+        .llseek         = seq_lseek,
+        .release        = single_release,
+};
+
 static struct dentry *d_mmu_debug;
 
 static int __init xen_mmu_debugfs(void)
@@ -2408,6 +2601,7 @@ static int __init xen_mmu_debugfs(void)
         debugfs_create_u32("prot_commit_batched", 0444, d_mmu_debug,
                            &mmu_stats.prot_commit_batched);
 
+        debugfs_create_file("p2m", 0600, d_mmu_debug, NULL, &p2m_dump_fops);
         return 0;
 }
 fs_initcall(xen_mmu_debugfs);
diff --git a/arch/x86/xen/p2m.c b/arch/x86/xen/p2m.c
index fd12d7ce7ff9..141eb0de8b06 100644
--- a/arch/x86/xen/p2m.c
+++ b/arch/x86/xen/p2m.c
@@ -23,6 +23,129 @@
  * P2M_PER_PAGE depends on the architecture, as a mfn is always
  * unsigned long (8 bytes on 64-bit, 4 bytes on 32), leading to
  * 512 and 1024 entries respectively. 
+ *
+ * In short, these structures contain the Machine Frame Number (MFN) of the PFN.
+ *
+ * However not all entries are filled with MFNs. Specifically for all other
+ * leaf entries, or for the top  root, or middle one, for which there is a void
+ * entry, we assume it is  "missing". So (for example)
+ *  pfn_to_mfn(0x90909090)=INVALID_P2M_ENTRY.
+ *
+ * We also have the possibility of setting 1-1 mappings on certain regions, so
+ * that:
+ *  pfn_to_mfn(0xc0000)=0xc0000
+ *
+ * The benefit of this is, that we can assume for non-RAM regions (think
+ * PCI BARs, or ACPI spaces), we can create mappings easily b/c we
+ * get the PFN value to match the MFN.
+ *
+ * For this to work efficiently we have one new page p2m_identity and
+ * allocate (via reserved_brk) any other pages we need to cover the sides
+ * (1GB or 4MB boundary violations). All entries in p2m_identity are set to
+ * INVALID_P2M_ENTRY type (Xen toolstack only recognizes that and MFNs,
+ * no other fancy value).
+ *
+ * On lookup we spot that the entry points to p2m_identity and return the
+ * identity value instead of dereferencing and returning INVALID_P2M_ENTRY.
+ * If the entry points to an allocated page, we just proceed as before and
+ * return the PFN.  If the PFN has IDENTITY_FRAME_BIT set we unmask that in
+ * appropriate functions (pfn_to_mfn).
+ *
+ * The reason for having the IDENTITY_FRAME_BIT instead of just returning the
+ * PFN is that we could find ourselves where pfn_to_mfn(pfn)==pfn for a
+ * non-identity pfn. To protect ourselves against we elect to set (and get) the
+ * IDENTITY_FRAME_BIT on all identity mapped PFNs.
+ *
+ * This simplistic diagram is used to explain the more subtle piece of code.
+ * There is also a digram of the P2M at the end that can help.
+ * Imagine your E820 looking as so:
+ *
+ *                    1GB                                           2GB
+ * /-------------------+---------\/----\         /----------\    /---+-----\
+ * | System RAM        | Sys RAM ||ACPI|         | reserved |    | Sys RAM |
+ * \-------------------+---------/\----/         \----------/    \---+-----/
+ *                               ^- 1029MB                       ^- 2001MB
+ *
+ * [1029MB = 263424 (0x40500), 2001MB = 512256 (0x7D100),
+ *  2048MB = 524288 (0x80000)]
+ *
+ * And dom0_mem=max:3GB,1GB is passed in to the guest, meaning memory past 1GB
+ * is actually not present (would have to kick the balloon driver to put it in).
+ *
+ * When we are told to set the PFNs for identity mapping (see patch: "xen/setup:
+ * Set identity mapping for non-RAM E820 and E820 gaps.") we pass in the start
+ * of the PFN and the end PFN (263424 and 512256 respectively). The first step
+ * is to reserve_brk a top leaf page if the p2m[1] is missing. The top leaf page
+ * covers 512^2 of page estate (1GB) and in case the start or end PFN is not
+ * aligned on 512^2*PAGE_SIZE (1GB) we loop on aligned 1GB PFNs from start pfn
+ * to end pfn.  We reserve_brk top leaf pages if they are missing (means they
+ * point to p2m_mid_missing).
+ *
+ * With the E820 example above, 263424 is not 1GB aligned so we allocate a
+ * reserve_brk page which will cover the PFNs estate from 0x40000 to 0x80000.
+ * Each entry in the allocate page is "missing" (points to p2m_missing).
+ *
+ * Next stage is to determine if we need to do a more granular boundary check
+ * on the 4MB (or 2MB depending on architecture) off the start and end pfn's.
+ * We check if the start pfn and end pfn violate that boundary check, and if
+ * so reserve_brk a middle (p2m[x][y]) leaf page. This way we have a much finer
+ * granularity of setting which PFNs are missing and which ones are identity.
+ * In our example 263424 and 512256 both fail the check so we reserve_brk two
+ * pages. Populate them with INVALID_P2M_ENTRY (so they both have "missing"
+ * values) and assign them to p2m[1][2] and p2m[1][488] respectively.
+ *
+ * At this point we would at minimum reserve_brk one page, but could be up to
+ * three. Each call to set_phys_range_identity has at maximum a three page
+ * cost. If we were to query the P2M at this stage, all those entries from
+ * start PFN through end PFN (so 1029MB -> 2001MB) would return
+ * INVALID_P2M_ENTRY ("missing").
+ *
+ * The next step is to walk from the start pfn to the end pfn setting
+ * the IDENTITY_FRAME_BIT on each PFN. This is done in set_phys_range_identity.
+ * If we find that the middle leaf is pointing to p2m_missing we can swap it
+ * over to p2m_identity - this way covering 4MB (or 2MB) PFN space.  At this
+ * point we do not need to worry about boundary aligment (so no need to
+ * reserve_brk a middle page, figure out which PFNs are "missing" and which
+ * ones are identity), as that has been done earlier.  If we find that the
+ * middle leaf is not occupied by p2m_identity or p2m_missing, we dereference
+ * that page (which covers 512 PFNs) and set the appropriate PFN with
+ * IDENTITY_FRAME_BIT. In our example 263424 and 512256 end up there, and we
+ * set from p2m[1][2][256->511] and p2m[1][488][0->256] with
+ * IDENTITY_FRAME_BIT set.
+ *
+ * All other regions that are void (or not filled) either point to p2m_missing
+ * (considered missing) or have the default value of INVALID_P2M_ENTRY (also
+ * considered missing). In our case, p2m[1][2][0->255] and p2m[1][488][257->511]
+ * contain the INVALID_P2M_ENTRY value and are considered "missing."
+ *
+ * This is what the p2m ends up looking (for the E820 above) with this
+ * fabulous drawing:
+ *
+ *    p2m         /--------------\
+ *  /-----\       | &mfn_list[0],|                           /-----------------\
+ *  |  0  |------>| &mfn_list[1],|    /---------------\      | ~0, ~0, ..      |
+ *  |-----|       |  ..., ~0, ~0 |    | ~0, ~0, [x]---+----->| IDENTITY [@256] |
+ *  |  1  |---\   \--------------/    | [p2m_identity]+\     | IDENTITY [@257] |
+ *  |-----|    \                      | [p2m_identity]+\\    | ....            |
+ *  |  2  |--\  \-------------------->|  ...          | \\   \----------------/
+ *  |-----|   \                       \---------------/  \\
+ *  |  3  |\   \                                          \\  p2m_identity
+ *  |-----| \   \-------------------->/---------------\   /-----------------\
+ *  | ..  +->+                        | [p2m_identity]+-->| ~0, ~0, ~0, ... |
+ *  \-----/ /                         | [p2m_identity]+-->| ..., ~0         |
+ *         / /---------------\        | ....          |   \-----------------/
+ *        /  | IDENTITY[@0]  |      /-+-[x], ~0, ~0.. |
+ *       /   | IDENTITY[@256]|<----/  \---------------/
+ *      /    | ~0, ~0, ....  |
+ *     |     \---------------/
+ *     |
+ *     p2m_missing             p2m_missing
+ * /------------------\     /------------\
+ * | [p2m_mid_missing]+---->| ~0, ~0, ~0 |
+ * | [p2m_mid_missing]+---->| ..., ~0    |
+ * \------------------/     \------------/
+ *
+ * where ~0 is INVALID_P2M_ENTRY. IDENTITY is (PFN | IDENTITY_BIT)
  */
 
 #include <linux/init.h>
@@ -30,6 +153,7 @@
 #include <linux/list.h>
 #include <linux/hash.h>
 #include <linux/sched.h>
+#include <linux/seq_file.h>
 
 #include <asm/cache.h>
 #include <asm/setup.h>
@@ -59,9 +183,15 @@ static RESERVE_BRK_ARRAY(unsigned long **, p2m_top, P2M_TOP_PER_PAGE);
 static RESERVE_BRK_ARRAY(unsigned long, p2m_top_mfn, P2M_TOP_PER_PAGE);
 static RESERVE_BRK_ARRAY(unsigned long *, p2m_top_mfn_p, P2M_TOP_PER_PAGE);
 
+static RESERVE_BRK_ARRAY(unsigned long, p2m_identity, P2M_PER_PAGE);
+
 RESERVE_BRK(p2m_mid, PAGE_SIZE * (MAX_DOMAIN_PAGES / (P2M_PER_PAGE * P2M_MID_PER_PAGE)));
 RESERVE_BRK(p2m_mid_mfn, PAGE_SIZE * (MAX_DOMAIN_PAGES / (P2M_PER_PAGE * P2M_MID_PER_PAGE)));
 
+/* We might hit two boundary violations at the start and end, at max each
+ * boundary violation will require three middle nodes. */
+RESERVE_BRK(p2m_mid_identity, PAGE_SIZE * 2 * 3);
+
 static inline unsigned p2m_top_index(unsigned long pfn)
 {
         BUG_ON(pfn >= MAX_P2M_PFN);
@@ -136,7 +266,7 @@ static void p2m_init(unsigned long *p2m)
  * - After resume we're called from within stop_machine, but the mfn
  *   tree should alreay be completely allocated.
  */
-void xen_build_mfn_list_list(void)
+void __ref xen_build_mfn_list_list(void)
 {
         unsigned long pfn;
 
@@ -221,6 +351,9 @@ void __init xen_build_dynamic_phys_to_machine(void)
         p2m_top = extend_brk(PAGE_SIZE, PAGE_SIZE);
         p2m_top_init(p2m_top);
 
+        p2m_identity = extend_brk(PAGE_SIZE, PAGE_SIZE);
+        p2m_init(p2m_identity);
+
         /*
          * The domain builder gives us a pre-constructed p2m array in
          * mfn_list for all the pages initially given to us, so we just
@@ -266,6 +399,14 @@ unsigned long get_phys_to_machine(unsigned long pfn)
         mididx = p2m_mid_index(pfn);
         idx = p2m_index(pfn);
 
+        /*
+         * The INVALID_P2M_ENTRY is filled in both p2m_*identity
+         * and in p2m_*missing, so returning the INVALID_P2M_ENTRY
+         * would be wrong.
+         */
+        if (p2m_top[topidx][mididx] == p2m_identity)
+                return IDENTITY_FRAME(pfn);
+
         return p2m_top[topidx][mididx][idx];
 }
 EXPORT_SYMBOL_GPL(get_phys_to_machine);
@@ -335,9 +476,11 @@ static bool alloc_p2m(unsigned long pfn)
                         p2m_top_mfn_p[topidx] = mid_mfn;
         }
 
-        if (p2m_top[topidx][mididx] == p2m_missing) {
+        if (p2m_top[topidx][mididx] == p2m_identity ||
+            p2m_top[topidx][mididx] == p2m_missing) {
                 /* p2m leaf page is missing */
                 unsigned long *p2m;
+                unsigned long *p2m_orig = p2m_top[topidx][mididx];
 
                 p2m = alloc_p2m_page();
                 if (!p2m)
@@ -345,7 +488,7 @@ static bool alloc_p2m(unsigned long pfn)
 
                 p2m_init(p2m);
 
-                if (cmpxchg(&mid[mididx], p2m_missing, p2m) != p2m_missing)
+                if (cmpxchg(&mid[mididx], p2m_orig, p2m) != p2m_orig)
                         free_p2m_page(p2m);
                 else
                         mid_mfn[mididx] = virt_to_mfn(p2m);
@@ -354,11 +497,91 @@ static bool alloc_p2m(unsigned long pfn)
         return true;
 }
 
+static bool __init __early_alloc_p2m(unsigned long pfn)
+{
+        unsigned topidx, mididx, idx;
+
+        topidx = p2m_top_index(pfn);
+        mididx = p2m_mid_index(pfn);
+        idx = p2m_index(pfn);
+
+        /* Pfff.. No boundary cross-over, lets get out. */
+        if (!idx)
+                return false;
+
+        WARN(p2m_top[topidx][mididx] == p2m_identity,
+                "P2M[%d][%d] == IDENTITY, should be MISSING (or alloced)!\n",
+                topidx, mididx);
+
+        /*
+         * Could be done by xen_build_dynamic_phys_to_machine..
+         */
+        if (p2m_top[topidx][mididx] != p2m_missing)
+                return false;
+
+        /* Boundary cross-over for the edges: */
+        if (idx) {
+                unsigned long *p2m = extend_brk(PAGE_SIZE, PAGE_SIZE);
+
+                p2m_init(p2m);
+
+                p2m_top[topidx][mididx] = p2m;
+
+        }
+        return idx != 0;
+}
+unsigned long __init set_phys_range_identity(unsigned long pfn_s,
+                                      unsigned long pfn_e)
+{
+        unsigned long pfn;
+
+        if (unlikely(pfn_s >= MAX_P2M_PFN || pfn_e >= MAX_P2M_PFN))
+                return 0;
+
+        if (unlikely(xen_feature(XENFEAT_auto_translated_physmap)))
+                return pfn_e - pfn_s;
+
+        if (pfn_s > pfn_e)
+                return 0;
+
+        for (pfn = (pfn_s & ~(P2M_MID_PER_PAGE * P2M_PER_PAGE - 1));
+                pfn < ALIGN(pfn_e, (P2M_MID_PER_PAGE * P2M_PER_PAGE));
+                pfn += P2M_MID_PER_PAGE * P2M_PER_PAGE)
+        {
+                unsigned topidx = p2m_top_index(pfn);
+                if (p2m_top[topidx] == p2m_mid_missing) {
+                        unsigned long **mid = extend_brk(PAGE_SIZE, PAGE_SIZE);
+
+                        p2m_mid_init(mid);
+
+                        p2m_top[topidx] = mid;
+                }
+        }
+
+        __early_alloc_p2m(pfn_s);
+        __early_alloc_p2m(pfn_e);
+
+        for (pfn = pfn_s; pfn < pfn_e; pfn++)
+                if (!__set_phys_to_machine(pfn, IDENTITY_FRAME(pfn)))
+                        break;
+
+        if (!WARN((pfn - pfn_s) != (pfn_e - pfn_s),
+                "Identity mapping failed. We are %ld short of 1-1 mappings!\n",
+                (pfn_e - pfn_s) - (pfn - pfn_s)))
+                printk(KERN_DEBUG "1-1 mapping on %lx->%lx\n", pfn_s, pfn);
+
+        return pfn - pfn_s;
+}
+
 /* Try to install p2m mapping; fail if intermediate bits missing */
 bool __set_phys_to_machine(unsigned long pfn, unsigned long mfn)
 {
         unsigned topidx, mididx, idx;
 
+        if (unlikely(xen_feature(XENFEAT_auto_translated_physmap))) {
+                BUG_ON(pfn != mfn && mfn != INVALID_P2M_ENTRY);
+                return true;
+        }
         if (unlikely(pfn >= MAX_P2M_PFN)) {
                 BUG_ON(mfn != INVALID_P2M_ENTRY);
                 return true;
@@ -368,6 +591,21 @@ bool __set_phys_to_machine(unsigned long pfn, unsigned long mfn)
         mididx = p2m_mid_index(pfn);
         idx = p2m_index(pfn);
 
+        /* For sparse holes were the p2m leaf has real PFN along with
+         * PCI holes, stick in the PFN as the MFN value.
+         */
+        if (mfn != INVALID_P2M_ENTRY && (mfn & IDENTITY_FRAME_BIT)) {
+                if (p2m_top[topidx][mididx] == p2m_identity)
+                        return true;
+
+                /* Swap over from MISSING to IDENTITY if needed. */
+                if (p2m_top[topidx][mididx] == p2m_missing) {
+                        WARN_ON(cmpxchg(&p2m_top[topidx][mididx], p2m_missing,
+                                p2m_identity) != p2m_missing);
+                        return true;
+                }
+        }
+
         if (p2m_top[topidx][mididx] == p2m_missing)
                 return mfn == INVALID_P2M_ENTRY;
 
@@ -378,11 +616,6 @@ bool __set_phys_to_machine(unsigned long pfn, unsigned long mfn)
 
 bool set_phys_to_machine(unsigned long pfn, unsigned long mfn)
 {
-        if (unlikely(xen_feature(XENFEAT_auto_translated_physmap))) {
-                BUG_ON(pfn != mfn && mfn != INVALID_P2M_ENTRY);
-                return true;
-        }
-
         if (unlikely(!__set_phys_to_machine(pfn, mfn)))  {
                 if (!alloc_p2m(pfn))
                         return false;
@@ -421,7 +654,7 @@ int m2p_add_override(unsigned long mfn, struct page *page)
 {
         unsigned long flags;
         unsigned long pfn;
-        unsigned long address;
+        unsigned long uninitialized_var(address);
         unsigned level;
         pte_t *ptep = NULL;
 
@@ -438,7 +671,9 @@ int m2p_add_override(unsigned long mfn, struct page *page)
         page->private = mfn;
         page->index = pfn_to_mfn(pfn);
 
-        __set_phys_to_machine(pfn, FOREIGN_FRAME(mfn));
+        if (unlikely(!set_phys_to_machine(pfn, FOREIGN_FRAME(mfn))))
+                return -ENOMEM;
+
         if (!PageHighMem(page))
                 /* Just zap old mapping for now */
                 pte_clear(&init_mm, address, ptep);
@@ -455,7 +690,7 @@ int m2p_remove_override(struct page *page)
         unsigned long flags;
         unsigned long mfn;
         unsigned long pfn;
-        unsigned long address;
+        unsigned long uninitialized_var(address);
         unsigned level;
         pte_t *ptep = NULL;
 
@@ -476,7 +711,7 @@ int m2p_remove_override(struct page *page)
         spin_lock_irqsave(&m2p_override_lock, flags);
         list_del(&page->lru);
         spin_unlock_irqrestore(&m2p_override_lock, flags);
-        __set_phys_to_machine(pfn, page->index);
+        set_phys_to_machine(pfn, page->index);
 
         if (!PageHighMem(page))
                 set_pte_at(&init_mm, address, ptep,
@@ -520,3 +755,80 @@ unsigned long m2p_find_override_pfn(unsigned long mfn, unsigned long pfn)
         return ret;
 }
 EXPORT_SYMBOL_GPL(m2p_find_override_pfn);
+
+#ifdef CONFIG_XEN_DEBUG_FS
+
+int p2m_dump_show(struct seq_file *m, void *v)
+{
+        static const char * const level_name[] = { "top", "middle",
+                                                "entry", "abnormal" };
+        static const char * const type_name[] = { "identity", "missing",
+                                                "pfn", "abnormal"};
+#define TYPE_IDENTITY 0
+#define TYPE_MISSING 1
+#define TYPE_PFN 2
+#define TYPE_UNKNOWN 3
+        unsigned long pfn, prev_pfn_type = 0, prev_pfn_level = 0;
+        unsigned int uninitialized_var(prev_level);
+        unsigned int uninitialized_var(prev_type);
+
+        if (!p2m_top)
+                return 0;
+
+        for (pfn = 0; pfn < MAX_DOMAIN_PAGES; pfn++) {
+                unsigned topidx = p2m_top_index(pfn);
+                unsigned mididx = p2m_mid_index(pfn);
+                unsigned idx = p2m_index(pfn);
+                unsigned lvl, type;
+
+                lvl = 4;
+                type = TYPE_UNKNOWN;
+                if (p2m_top[topidx] == p2m_mid_missing) {
+                        lvl = 0; type = TYPE_MISSING;
+                } else if (p2m_top[topidx] == NULL) {
+                        lvl = 0; type = TYPE_UNKNOWN;
+                } else if (p2m_top[topidx][mididx] == NULL) {
+                        lvl = 1; type = TYPE_UNKNOWN;
+                } else if (p2m_top[topidx][mididx] == p2m_identity) {
+                        lvl = 1; type = TYPE_IDENTITY;
+                } else if (p2m_top[topidx][mididx] == p2m_missing) {
+                        lvl = 1; type = TYPE_MISSING;
+                } else if (p2m_top[topidx][mididx][idx] == 0) {
+                        lvl = 2; type = TYPE_UNKNOWN;
+                } else if (p2m_top[topidx][mididx][idx] == IDENTITY_FRAME(pfn)) {
+                        lvl = 2; type = TYPE_IDENTITY;
+                } else if (p2m_top[topidx][mididx][idx] == INVALID_P2M_ENTRY) {
+                        lvl = 2; type = TYPE_MISSING;
+                } else if (p2m_top[topidx][mididx][idx] == pfn) {
+                        lvl = 2; type = TYPE_PFN;
+                } else if (p2m_top[topidx][mididx][idx] != pfn) {
+                        lvl = 2; type = TYPE_PFN;
+                }
+                if (pfn == 0) {
+                        prev_level = lvl;
+                        prev_type = type;
+                }
+                if (pfn == MAX_DOMAIN_PAGES-1) {
+                        lvl = 3;
+                        type = TYPE_UNKNOWN;
+                }
+                if (prev_type != type) {
+                        seq_printf(m, " [0x%lx->0x%lx] %s\n",
+                                prev_pfn_type, pfn, type_name[prev_type]);
+                        prev_pfn_type = pfn;
+                        prev_type = type;
+                }
+                if (prev_level != lvl) {
+                        seq_printf(m, " [0x%lx->0x%lx] level %s\n",
+                                prev_pfn_level, pfn, level_name[prev_level]);
+                        prev_pfn_level = pfn;
+                        prev_level = lvl;
+                }
+        }
+        return 0;
+#undef TYPE_IDENTITY
+#undef TYPE_MISSING
+#undef TYPE_PFN
+#undef TYPE_UNKNOWN
+}
+#endif
diff --git a/arch/x86/xen/setup.c b/arch/x86/xen/setup.c
index a8a66a50d446..90bac0aac3a5 100644
--- a/arch/x86/xen/setup.c
+++ b/arch/x86/xen/setup.c
@@ -52,6 +52,8 @@ phys_addr_t xen_extra_mem_start, xen_extra_mem_size;
 
 static __init void xen_add_extra_mem(unsigned long pages)
 {
+        unsigned long pfn;
+
         u64 size = (u64)pages * PAGE_SIZE;
         u64 extra_start = xen_extra_mem_start + xen_extra_mem_size;
 
@@ -66,6 +68,9 @@ static __init void xen_add_extra_mem(unsigned long pages)
         xen_extra_mem_size += size;
 
         xen_max_p2m_pfn = PFN_DOWN(extra_start + size);
+
+        for (pfn = PFN_DOWN(extra_start); pfn <= xen_max_p2m_pfn; pfn++)
+                __set_phys_to_machine(pfn, INVALID_P2M_ENTRY);
 }
 
 static unsigned long __init xen_release_chunk(phys_addr_t start_addr,
@@ -104,7 +109,7 @@ static unsigned long __init xen_release_chunk(phys_addr_t start_addr,
                 WARN(ret != 1, "Failed to release memory %lx-%lx err=%d\n",
                      start, end, ret);
                 if (ret == 1) {
-                        set_phys_to_machine(pfn, INVALID_P2M_ENTRY);
+                        __set_phys_to_machine(pfn, INVALID_P2M_ENTRY);
                         len++;
                 }
         }
@@ -138,12 +143,55 @@ static unsigned long __init xen_return_unused_memory(unsigned long max_pfn,
         return released;
 }
 
+static unsigned long __init xen_set_identity(const struct e820entry *list,
+                                             ssize_t map_size)
+{
+        phys_addr_t last = xen_initial_domain() ? 0 : ISA_END_ADDRESS;
+        phys_addr_t start_pci = last;
+        const struct e820entry *entry;
+        unsigned long identity = 0;
+        int i;
+
+        for (i = 0, entry = list; i < map_size; i++, entry++) {
+                phys_addr_t start = entry->addr;
+                phys_addr_t end = start + entry->size;
+
+                if (start < last)
+                        start = last;
+
+                if (end <= start)
+                        continue;
+
+                /* Skip over the 1MB region. */
+                if (last > end)
+                        continue;
+
+                if (entry->type == E820_RAM) {
+                        if (start > start_pci)
+                                identity += set_phys_range_identity(
+                                                PFN_UP(start_pci), PFN_DOWN(start));
+
+                        /* Without saving 'last' we would gooble RAM too
+                         * at the end of the loop. */
+                        last = end;
+                        start_pci = end;
+                        continue;
+                }
+                start_pci = min(start, start_pci);
+                last = end;
+        }
+        if (last > start_pci)
+                identity += set_phys_range_identity(
+                                        PFN_UP(start_pci), PFN_DOWN(last));
+        return identity;
+}
 /**
  * machine_specific_memory_setup - Hook for machine specific memory setup.
  **/
 char * __init xen_memory_setup(void)
 {
         static struct e820entry map[E820MAX] __initdata;
+        static struct e820entry map_raw[E820MAX] __initdata;
 
         unsigned long max_pfn = xen_start_info->nr_pages;
         unsigned long long mem_end;
@@ -151,6 +199,7 @@ char * __init xen_memory_setup(void)
         struct xen_memory_map memmap;
         unsigned long extra_pages = 0;
         unsigned long extra_limit;
+        unsigned long identity_pages = 0;
         int i;
         int op;
 
@@ -176,8 +225,9 @@ char * __init xen_memory_setup(void)
         }
         BUG_ON(rc);
 
+        memcpy(map_raw, map, sizeof(map));
         e820.nr_map = 0;
-        xen_extra_mem_start = mem_end;
+        xen_extra_mem_start = max((1ULL << 32), mem_end);
         for (i = 0; i < memmap.nr_entries; i++) {
                 unsigned long long end;
 
@@ -194,6 +244,15 @@ char * __init xen_memory_setup(void)
                         end -= delta;
 
                         extra_pages += PFN_DOWN(delta);
+                        /*
+                         * Set RAM below 4GB that is not for us to be unusable.
+                         * This prevents "System RAM" address space from being
+                         * used as potential resource for I/O address (happens
+                         * when 'allocate_resource' is called).
+                         */
+                        if (delta &&
+                                (xen_initial_domain() && end < 0x100000000ULL))
+                                e820_add_region(end, delta, E820_UNUSABLE);
                 }
 
                 if (map[i].size > 0 && end > xen_extra_mem_start)
@@ -251,6 +310,13 @@ char * __init xen_memory_setup(void)
 
         xen_add_extra_mem(extra_pages);
 
+        /*
+         * Set P2M for all non-RAM pages and E820 gaps to be identity
+         * type PFNs. We supply it with the non-sanitized version
+         * of the E820.
+         */
+        identity_pages = xen_set_identity(map_raw, memmap.nr_entries);
+        printk(KERN_INFO "Set %ld page(s) to 1-1 mapping.\n", identity_pages);
         return "Xen";
 }
 
diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c
index 72a4c7959045..30612441ed99 100644
--- a/arch/x86/xen/smp.c
+++ b/arch/x86/xen/smp.c
@@ -509,3 +509,41 @@ void __init xen_smp_init(void)
         xen_fill_possible_map();
         xen_init_spinlocks();
 }
+
+static void __init xen_hvm_smp_prepare_cpus(unsigned int max_cpus)
+{
+        native_smp_prepare_cpus(max_cpus);
+        WARN_ON(xen_smp_intr_init(0));
+
+        if (!xen_have_vector_callback)
+                return;
+        xen_init_lock_cpu(0);
+        xen_init_spinlocks();
+}
+
+static int __cpuinit xen_hvm_cpu_up(unsigned int cpu)
+{
+        int rc;
+        rc = native_cpu_up(cpu);
+        WARN_ON (xen_smp_intr_init(cpu));
+        return rc;
+}
+
+static void xen_hvm_cpu_die(unsigned int cpu)
+{
+        unbind_from_irqhandler(per_cpu(xen_resched_irq, cpu), NULL);
+        unbind_from_irqhandler(per_cpu(xen_callfunc_irq, cpu), NULL);
+        unbind_from_irqhandler(per_cpu(xen_debug_irq, cpu), NULL);
+        unbind_from_irqhandler(per_cpu(xen_callfuncsingle_irq, cpu), NULL);
+        native_cpu_die(cpu);
+}
+
+void __init xen_hvm_smp_init(void)
+{
+        smp_ops.smp_prepare_cpus = xen_hvm_smp_prepare_cpus;
+        smp_ops.smp_send_reschedule = xen_smp_send_reschedule;
+        smp_ops.cpu_up = xen_hvm_cpu_up;
+        smp_ops.cpu_die = xen_hvm_cpu_die;
+        smp_ops.send_call_func_ipi = xen_smp_send_call_function_ipi;
+        smp_ops.send_call_func_single_ipi = xen_smp_send_call_function_single_ipi;
+}
diff --git a/arch/x86/xen/suspend.c b/arch/x86/xen/suspend.c
index 9bbd63a129b5..45329c8c226e 100644
--- a/arch/x86/xen/suspend.c
+++ b/arch/x86/xen/suspend.c
@@ -12,7 +12,7 @@
 #include "xen-ops.h"
 #include "mmu.h"
 
-void xen_pre_suspend(void)
+void xen_arch_pre_suspend(void)
 {
         xen_start_info->store_mfn = mfn_to_pfn(xen_start_info->store_mfn);
         xen_start_info->console.domU.mfn =
@@ -26,8 +26,9 @@ void xen_pre_suspend(void)
                 BUG();
 }
 
-void xen_hvm_post_suspend(int suspend_cancelled)
+void xen_arch_hvm_post_suspend(int suspend_cancelled)
 {
+#ifdef CONFIG_XEN_PVHVM
         int cpu;
         xen_hvm_init_shared_info();
         xen_callback_vector();
@@ -37,9 +38,10 @@ void xen_hvm_post_suspend(int suspend_cancelled)
                         xen_setup_runstate_info(cpu);
                 }
         }
+#endif
 }
 
-void xen_post_suspend(int suspend_cancelled)
+void xen_arch_post_suspend(int suspend_cancelled)
 {
         xen_build_mfn_list_list();
 
diff --git a/arch/x86/xen/time.c b/arch/x86/xen/time.c
index 04e11597a8c5..c532d280ce36 100644
--- a/arch/x86/xen/time.c
+++ b/arch/x86/xen/time.c
@@ -393,7 +393,9 @@ void xen_setup_timer(int cpu)
                 name = "<timer kasprintf failed>";
 
         irq = bind_virq_to_irqhandler(VIRQ_TIMER, cpu, xen_timer_interrupt,
-                                      IRQF_DISABLED|IRQF_PERCPU|IRQF_NOBALANCING|IRQF_TIMER,
+                                      IRQF_DISABLED|IRQF_PERCPU|
+                                      IRQF_NOBALANCING|IRQF_TIMER|
+                                      IRQF_FORCE_RESUME,
                                       name, NULL);
 
         evt = &per_cpu(xen_clock_events, cpu);
diff --git a/arch/x86/xen/xen-head.S b/arch/x86/xen/xen-head.S
index 1a5ff24e29c0..aaa7291c9259 100644
--- a/arch/x86/xen/xen-head.S
+++ b/arch/x86/xen/xen-head.S
@@ -28,9 +28,9 @@ ENTRY(startup_xen)
         __FINIT
 
 .pushsection .text
-        .align PAGE_SIZE_asm
+        .align PAGE_SIZE
 ENTRY(hypercall_page)
-        .skip PAGE_SIZE_asm
+        .skip PAGE_SIZE
 .popsection
 
         ELFNOTE(Xen, XEN_ELFNOTE_GUEST_OS,       .asciz "linux")
diff --git a/arch/x86/xen/xen-ops.h b/arch/x86/xen/xen-ops.h
index 9d41bf985757..3112f55638c4 100644
--- a/arch/x86/xen/xen-ops.h
+++ b/arch/x86/xen/xen-ops.h
@@ -64,10 +64,12 @@ void xen_setup_vcpu_info_placement(void);
 
 #ifdef CONFIG_SMP
 void xen_smp_init(void);
+void __init xen_hvm_smp_init(void);
 
 extern cpumask_var_t xen_cpu_initialized_map;
 #else
 static inline void xen_smp_init(void) {}
+static inline void xen_hvm_smp_init(void) {}
 #endif
 
 #ifdef CONFIG_PARAVIRT_SPINLOCKS