Merge commit 'linus/master' into merge-linus

Conflicts:

	arch/x86/kvm/i8254.c

229 files changed, 17032 insertions, 9459 deletions

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index ed92864d1325..bd3c2c53873e 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -18,6 +18,7 @@ config X86_64
 ### Arch settings
 config X86
         def_bool y
+        select HAVE_AOUT if X86_32
         select HAVE_UNSTABLE_SCHED_CLOCK
         select HAVE_IDE
         select HAVE_OPROFILE
@@ -29,6 +30,7 @@ config X86
         select HAVE_FTRACE
         select HAVE_KVM if ((X86_32 && !X86_VOYAGER && !X86_VISWS && !X86_NUMAQ) || X86_64)
         select HAVE_ARCH_KGDB if !X86_VOYAGER
+        select HAVE_ARCH_TRACEHOOK
         select HAVE_GENERIC_DMA_COHERENT if X86_32
         select HAVE_EFFICIENT_UNALIGNED_ACCESS
 
@@ -37,10 +39,6 @@ config ARCH_DEFCONFIG
         default "arch/x86/configs/i386_defconfig" if X86_32
         default "arch/x86/configs/x86_64_defconfig" if X86_64
 
-
-config GENERIC_LOCKBREAK
-        def_bool n
-
 config GENERIC_TIME
         def_bool y
 
@@ -93,7 +91,7 @@ config GENERIC_HWEIGHT
         def_bool y
 
 config GENERIC_GPIO
-        def_bool n
+        bool
 
 config ARCH_MAY_HAVE_PC_FDC
         def_bool y
@@ -104,12 +102,6 @@ config RWSEM_GENERIC_SPINLOCK
 config RWSEM_XCHGADD_ALGORITHM
         def_bool X86_XADD
 
-config ARCH_HAS_ILOG2_U32
-        def_bool n
-
-config ARCH_HAS_ILOG2_U64
-        def_bool n
-
 config ARCH_HAS_CPU_IDLE_WAIT
         def_bool y
 
@@ -151,9 +143,6 @@ config AUDIT_ARCH
         bool
         default X86_64
 
-config ARCH_SUPPORTS_AOUT
-        def_bool y
-
 config ARCH_SUPPORTS_OPTIMIZED_INLINING
         def_bool y
 
@@ -553,6 +542,7 @@ config CALGARY_IOMMU_ENABLED_BY_DEFAULT
 config AMD_IOMMU
         bool "AMD IOMMU support"
         select SWIOTLB
+        select PCI_MSI
         depends on X86_64 && PCI && ACPI
         help
           With this option you can enable support for AMD IOMMU hardware in
@@ -758,9 +748,8 @@ config I8K
           Say N otherwise.
 
 config X86_REBOOTFIXUPS
-        def_bool n
-        prompt "Enable X86 board specific fixups for reboot"
-        depends on X86_32 && X86
+        bool "Enable X86 board specific fixups for reboot"
+        depends on X86_32
         ---help---
           This enables chipset and/or board specific fixups to be done
           in order to get reboot to work correctly. This is only needed on
@@ -776,23 +765,45 @@ config X86_REBOOTFIXUPS
           Say N otherwise.
 
 config MICROCODE
-        tristate "/dev/cpu/microcode - Intel IA32 CPU microcode support"
+        tristate "/dev/cpu/microcode - microcode support"
         select FW_LOADER
         ---help---
           If you say Y here, you will be able to update the microcode on
-          Intel processors in the IA32 family, e.g. Pentium Pro, Pentium II,
-          Pentium III, Pentium 4, Xeon etc.  You will obviously need the
-          actual microcode binary data itself which is not shipped with the
-          Linux kernel.
+          certain Intel and AMD processors. The Intel support is for the
+          IA32 family, e.g. Pentium Pro, Pentium II, Pentium III,
+          Pentium 4, Xeon etc. The AMD support is for family 0x10 and
+          0x11 processors, e.g. Opteron, Phenom and Turion 64 Ultra.
+          You will obviously need the actual microcode binary data itself
+          which is not shipped with the Linux kernel.
 
-          For latest news and information on obtaining all the required
-          ingredients for this driver, check:
-          <http://www.urbanmyth.org/microcode/>.
+          This option selects the general module only, you need to select
+          at least one vendor specific module as well.
 
           To compile this driver as a module, choose M here: the
           module will be called microcode.
 
-config MICROCODE_OLD_INTERFACE
+config MICROCODE_INTEL
+       bool "Intel microcode patch loading support"
+       depends on MICROCODE
+       default MICROCODE
+       select FW_LOADER
+       --help---
+         This options enables microcode patch loading support for Intel
+         processors.
+
+         For latest news and information on obtaining all the required
+         Intel ingredients for this driver, check:
+         <http://www.urbanmyth.org/microcode/>.
+
+config MICROCODE_AMD
+       bool "AMD microcode patch loading support"
+       depends on MICROCODE
+       select FW_LOADER
+       --help---
+         If you select this option, microcode patch loading support for AMD
+         processors will be enabled.
+
+   config MICROCODE_OLD_INTERFACE
         def_bool y
         depends on MICROCODE
 
@@ -922,16 +933,17 @@ config HIGHMEM
         depends on X86_32 && (HIGHMEM64G || HIGHMEM4G)
 
 config X86_PAE
-        def_bool n
-        prompt "PAE (Physical Address Extension) Support"
+        bool "PAE (Physical Address Extension) Support"
         depends on X86_32 && !HIGHMEM4G
-        select RESOURCES_64BIT
         help
           PAE is required for NX support, and furthermore enables
           larger swapspace support for non-overcommit purposes. It
           has the cost of more pagetable lookup overhead, and also
           consumes more pagetable space per process.
 
+config ARCH_PHYS_ADDR_T_64BIT
+       def_bool X86_64 || X86_PAE
+
 # Common NUMA Features
 config NUMA
         bool "Numa Memory Allocation and Scheduler Support (EXPERIMENTAL)"
@@ -1020,7 +1032,7 @@ config HAVE_ARCH_ALLOC_REMAP
 
 config ARCH_FLATMEM_ENABLE
         def_bool y
-        depends on X86_32 && ARCH_SELECT_MEMORY_MODEL && X86_PC && !NUMA
+        depends on X86_32 && ARCH_SELECT_MEMORY_MODEL && !NUMA
 
 config ARCH_DISCONTIGMEM_ENABLE
         def_bool y
@@ -1036,7 +1048,7 @@ config ARCH_SPARSEMEM_DEFAULT
 
 config ARCH_SPARSEMEM_ENABLE
         def_bool y
-        depends on X86_64 || NUMA || (EXPERIMENTAL && X86_PC)
+        depends on X86_64 || NUMA || (EXPERIMENTAL && X86_PC) || X86_GENERICARCH
         select SPARSEMEM_STATIC if X86_32
         select SPARSEMEM_VMEMMAP_ENABLE if X86_64
 
@@ -1059,6 +1071,56 @@ config HIGHPTE
           low memory.  Setting this option will put user-space page table
           entries in high memory.
 
+config X86_CHECK_BIOS_CORRUPTION
+        bool "Check for low memory corruption"
+        help
+         Periodically check for memory corruption in low memory, which
+         is suspected to be caused by BIOS.  Even when enabled in the
+         configuration, it is disabled at runtime.  Enable it by
+         setting "memory_corruption_check=1" on the kernel command
+         line.  By default it scans the low 64k of memory every 60
+         seconds; see the memory_corruption_check_size and
+         memory_corruption_check_period parameters in
+         Documentation/kernel-parameters.txt to adjust this.
+
+         When enabled with the default parameters, this option has
+         almost no overhead, as it reserves a relatively small amount
+         of memory and scans it infrequently.  It both detects corruption
+         and prevents it from affecting the running system.
+
+         It is, however, intended as a diagnostic tool; if repeatable
+         BIOS-originated corruption always affects the same memory,
+         you can use memmap= to prevent the kernel from using that
+         memory.
+
+config X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK
+        bool "Set the default setting of memory_corruption_check"
+        depends on X86_CHECK_BIOS_CORRUPTION
+        default y
+        help
+         Set whether the default state of memory_corruption_check is
+         on or off.
+
+config X86_RESERVE_LOW_64K
+        bool "Reserve low 64K of RAM on AMI/Phoenix BIOSen"
+        default y
+        help
+         Reserve the first 64K of physical RAM on BIOSes that are known
+         to potentially corrupt that memory range. A numbers of BIOSes are
+         known to utilize this area during suspend/resume, so it must not
+         be used by the kernel.
+
+         Set this to N if you are absolutely sure that you trust the BIOS
+         to get all its memory reservations and usages right.
+
+         If you have doubts about the BIOS (e.g. suspend/resume does not
+         work or there's kernel crashes after certain hardware hotplug
+         events) and it's not AMI or Phoenix, then you might want to enable
+         X86_CHECK_BIOS_CORRUPTION=y to allow the kernel to check typical
+         corruption patterns.
+
+         Say Y if unsure.
+
 config MATH_EMULATION
         bool
         prompt "Math emulation" if X86_32
@@ -1117,10 +1179,10 @@ config MTRR
           You can safely say Y even if your machine doesn't have MTRRs, you'll
           just add about 9 KB to your kernel.
 
-          See <file:Documentation/mtrr.txt> for more information.
+          See <file:Documentation/x86/mtrr.txt> for more information.
 
 config MTRR_SANITIZER
-        bool
+        def_bool y
         prompt "MTRR cleanup support"
         depends on MTRR
         help
@@ -1131,7 +1193,7 @@ config MTRR_SANITIZER
           The largest mtrr entry size for a continous block can be set with
           mtrr_chunk_size.
 
-          If unsure, say N.
+          If unsure, say Y.
 
 config MTRR_SANITIZER_ENABLE_DEFAULT
         int "MTRR cleanup enable value (0-1)"
@@ -1166,8 +1228,7 @@ config X86_PAT
           If unsure, say Y.
 
 config EFI
-        def_bool n
-        prompt "EFI runtime service support"
+        bool "EFI runtime service support"
         depends on ACPI
         ---help---
         This enables the kernel to use EFI runtime services that are
@@ -1191,7 +1252,6 @@ config IRQBALANCE
 config SECCOMP
         def_bool y
         prompt "Enable seccomp to safely compute untrusted bytecode"
-        depends on PROC_FS
         help
           This kernel feature is useful for number crunching applications
           that may need to compute untrusted bytecode during their
@@ -1199,7 +1259,7 @@ config SECCOMP
           the process as file descriptors supporting the read/write
           syscalls, it's possible to isolate those applications in
           their own address space using seccomp. Once seccomp is
-          enabled via /proc/<pid>/seccomp, it cannot be disabled
+          enabled via prctl(PR_SET_SECCOMP), it cannot be disabled
           and the task is only allowed to execute a few safe syscalls
           defined by each seccomp mode.
 
@@ -1356,14 +1416,14 @@ config PHYSICAL_ALIGN
           Don't change this unless you know what you are doing.
 
 config HOTPLUG_CPU
-        bool "Support for suspend on SMP and hot-pluggable CPUs (EXPERIMENTAL)"
-        depends on SMP && HOTPLUG && EXPERIMENTAL && !X86_VOYAGER
+        bool "Support for hot-pluggable CPUs"
+        depends on SMP && HOTPLUG && !X86_VOYAGER
         ---help---
-          Say Y here to experiment with turning CPUs off and on, and to
-          enable suspend on SMP systems. CPUs can be controlled through
-          /sys/devices/system/cpu.
-          Say N if you want to disable CPU hotplug and don't need to
-          suspend.
+          Say Y here to allow turning CPUs off and on. CPUs can be
+          controlled through /sys/devices/system/cpu.
+          ( Note: power management support will enable this option
+            automatically on SMP systems. )
+          Say N if you want to disable CPU hotplug.
 
 config COMPAT_VDSO
         def_bool y
@@ -1378,6 +1438,51 @@ config COMPAT_VDSO
 
           If unsure, say Y.
 
+config CMDLINE_BOOL
+        bool "Built-in kernel command line"
+        default n
+        help
+          Allow for specifying boot arguments to the kernel at
+          build time.  On some systems (e.g. embedded ones), it is
+          necessary or convenient to provide some or all of the
+          kernel boot arguments with the kernel itself (that is,
+          to not rely on the boot loader to provide them.)
+
+          To compile command line arguments into the kernel,
+          set this option to 'Y', then fill in the
+          the boot arguments in CONFIG_CMDLINE.
+
+          Systems with fully functional boot loaders (i.e. non-embedded)
+          should leave this option set to 'N'.
+
+config CMDLINE
+        string "Built-in kernel command string"
+        depends on CMDLINE_BOOL
+        default ""
+        help
+          Enter arguments here that should be compiled into the kernel
+          image and used at boot time.  If the boot loader provides a
+          command line at boot time, it is appended to this string to
+          form the full kernel command line, when the system boots.
+
+          However, you can use the CONFIG_CMDLINE_OVERRIDE option to
+          change this behavior.
+
+          In most cases, the command line (whether built-in or provided
+          by the boot loader) should specify the device for the root
+          file system.
+
+config CMDLINE_OVERRIDE
+        bool "Built-in command line overrides boot loader arguments"
+        default n
+        depends on CMDLINE_BOOL
+        help
+          Set this option to 'Y' to have the kernel ignore the boot loader
+          command line, and use ONLY the built-in command line.
+
+          This is used to work around broken boot loaders.  This should
+          be set to 'N' under normal conditions.
+
 endmenu
 
 config ARCH_ENABLE_MEMORY_HOTPLUG
@@ -1643,6 +1748,14 @@ config DMAR_FLOPPY_WA
          workaround will setup a 1:1 mapping for the first
          16M to make floppy (an ISA device) work.
 
+config INTR_REMAP
+        bool "Support for Interrupt Remapping (EXPERIMENTAL)"
+        depends on X86_64 && X86_IO_APIC && PCI_MSI && ACPI && EXPERIMENTAL
+        help
+         Supports Interrupt remapping for IO-APIC and MSI devices.
+         To use x2apic mode in the CPU's which support x2APIC enhancements or
+         to support platforms with CPU's having > 8 bit APIC ID, say Y.
+
 source "drivers/pci/pcie/Kconfig"
 
 source "drivers/pci/Kconfig"
@@ -1759,7 +1872,7 @@ config IA32_EMULATION
 
 config IA32_AOUT
        tristate "IA32 a.out support"
-       depends on IA32_EMULATION && ARCH_SUPPORTS_AOUT
+       depends on IA32_EMULATION
        help
          Support old a.out binaries in the 32bit emulation.
 
@@ -1773,7 +1886,7 @@ config COMPAT_FOR_U64_ALIGNMENT
 
 config SYSVIPC_COMPAT
         def_bool y
-        depends on X86_64 && COMPAT && SYSVIPC
+        depends on COMPAT && SYSVIPC
 
 endmenu
 
diff --git a/arch/x86/Kconfig.cpu b/arch/x86/Kconfig.cpu
index 2c518fbc52ec..0b7c4a3f0651 100644
--- a/arch/x86/Kconfig.cpu
+++ b/arch/x86/Kconfig.cpu
@@ -38,8 +38,7 @@ config M386
           - "Crusoe" for the Transmeta Crusoe series.
           - "Efficeon" for the Transmeta Efficeon series.
           - "Winchip-C6" for original IDT Winchip.
-          - "Winchip-2" for IDT Winchip 2.
-          - "Winchip-2A" for IDT Winchips with 3dNow! capabilities.
+          - "Winchip-2" for IDT Winchips with 3dNow! capabilities.
           - "GeodeGX1" for Geode GX1 (Cyrix MediaGX).
           - "Geode GX/LX" For AMD Geode GX and LX processors.
           - "CyrixIII/VIA C3" for VIA Cyrix III or VIA C3.
@@ -194,19 +193,11 @@ config MWINCHIPC6
           treat this chip as a 586TSC with some extended instructions
           and alignment requirements.
 
-config MWINCHIP2
-        bool "Winchip-2"
-        depends on X86_32
-        help
-          Select this for an IDT Winchip-2.  Linux and GCC
-          treat this chip as a 586TSC with some extended instructions
-          and alignment requirements.
-
 config MWINCHIP3D
-        bool "Winchip-2A/Winchip-3"
+        bool "Winchip-2/Winchip-2A/Winchip-3"
         depends on X86_32
         help
-          Select this for an IDT Winchip-2A or 3.  Linux and GCC
+          Select this for an IDT Winchip-2, 2A or 3.  Linux and GCC
           treat this chip as a 586TSC with some extended instructions
           and alignment requirements.  Also enable out of order memory
           stores for this CPU, which can increase performance of some
@@ -318,7 +309,7 @@ config X86_L1_CACHE_SHIFT
         int
         default "7" if MPENTIUM4 || X86_GENERIC || GENERIC_CPU || MPSC
         default "4" if X86_ELAN || M486 || M386 || MGEODEGX1
-        default "5" if MWINCHIP3D || MWINCHIP2 || MWINCHIPC6 || MCRUSOE || MEFFICEON || MCYRIXIII || MK6 || MPENTIUMIII || MPENTIUMII || M686 || M586MMX || M586TSC || M586 || MVIAC3_2 || MGEODE_LX
+        default "5" if MWINCHIP3D || MWINCHIPC6 || MCRUSOE || MEFFICEON || MCYRIXIII || MK6 || MPENTIUMIII || MPENTIUMII || M686 || M586MMX || M586TSC || M586 || MVIAC3_2 || MGEODE_LX
         default "6" if MK7 || MK8 || MPENTIUMM || MCORE2 || MVIAC7
 
 config X86_XADD
@@ -360,7 +351,7 @@ config X86_POPAD_OK
 
 config X86_ALIGNMENT_16
         def_bool y
-        depends on MWINCHIP3D || MWINCHIP2 || MWINCHIPC6 || MCYRIXIII || X86_ELAN || MK6 || M586MMX || M586TSC || M586 || M486 || MVIAC3_2 || MGEODEGX1
+        depends on MWINCHIP3D || MWINCHIPC6 || MCYRIXIII || X86_ELAN || MK6 || M586MMX || M586TSC || M586 || M486 || MVIAC3_2 || MGEODEGX1
 
 config X86_INTEL_USERCOPY
         def_bool y
@@ -368,7 +359,7 @@ config X86_INTEL_USERCOPY
 
 config X86_USE_PPRO_CHECKSUM
         def_bool y
-        depends on MWINCHIP3D || MWINCHIP2 || MWINCHIPC6 || MCYRIXIII || MK7 || MK6 || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MK8 || MVIAC3_2 || MEFFICEON || MGEODE_LX || MCORE2
+        depends on MWINCHIP3D || MWINCHIPC6 || MCYRIXIII || MK7 || MK6 || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MK8 || MVIAC3_2 || MEFFICEON || MGEODE_LX || MCORE2
 
 config X86_USE_3DNOW
         def_bool y
@@ -376,24 +367,27 @@ config X86_USE_3DNOW
 
 config X86_OOSTORE
         def_bool y
-        depends on (MWINCHIP3D || MWINCHIP2 || MWINCHIPC6) && MTRR
+        depends on (MWINCHIP3D || MWINCHIPC6) && MTRR
 
 #
 # P6_NOPs are a relatively minor optimization that require a family >=
 # 6 processor, except that it is broken on certain VIA chips.
 # Furthermore, AMD chips prefer a totally different sequence of NOPs
-# (which work on all CPUs).  As a result, disallow these if we're
-# compiling X86_GENERIC but not X86_64 (these NOPs do work on all
-# x86-64 capable chips); the list of processors in the right-hand clause
-# are the cores that benefit from this optimization.
+# (which work on all CPUs).  In addition, it looks like Virtual PC
+# does not understand them.
+#
+# As a result, disallow these if we're not compiling for X86_64 (these
+# NOPs do work on all x86-64 capable chips); the list of processors in
+# the right-hand clause are the cores that benefit from this optimization.
 #
 config X86_P6_NOP
         def_bool y
-        depends on (X86_64 || !X86_GENERIC) && (M686 || MPENTIUMII || MPENTIUMIII || MPENTIUMM || MCORE2 || MPENTIUM4 || MPSC)
+        depends on X86_64
+        depends on (MCORE2 || MPENTIUM4 || MPSC)
 
 config X86_TSC
         def_bool y
-        depends on ((MWINCHIP3D || MWINCHIP2 || MCRUSOE || MEFFICEON || MCYRIXIII || MK7 || MK6 || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || M586MMX || M586TSC || MK8 || MVIAC3_2 || MVIAC7 || MGEODEGX1 || MGEODE_LX || MCORE2) && !X86_NUMAQ) || X86_64
+        depends on ((MWINCHIP3D || MCRUSOE || MEFFICEON || MCYRIXIII || MK7 || MK6 || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || M586MMX || M586TSC || MK8 || MVIAC3_2 || MVIAC7 || MGEODEGX1 || MGEODE_LX || MCORE2) && !X86_NUMAQ) || X86_64
 
 config X86_CMPXCHG64
         def_bool y
@@ -403,7 +397,7 @@ config X86_CMPXCHG64
 # generates cmov.
 config X86_CMOV
         def_bool y
-        depends on (MK7 || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MVIAC3_2 || MVIAC7 || X86_64)
+        depends on (MK8 || MK7 || MCORE2 || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MVIAC3_2 || MVIAC7 || MCRUSOE || MEFFICEON || X86_64)
 
 config X86_MINIMUM_CPU_FAMILY
         int
@@ -414,4 +408,124 @@ config X86_MINIMUM_CPU_FAMILY
 
 config X86_DEBUGCTLMSR
         def_bool y
-        depends on !(MK6 || MWINCHIPC6 || MWINCHIP2 || MWINCHIP3D || MCYRIXIII || M586MMX || M586TSC || M586 || M486 || M386)
+        depends on !(MK6 || MWINCHIPC6 || MWINCHIP3D || MCYRIXIII || M586MMX || M586TSC || M586 || M486 || M386)
+
+menuconfig PROCESSOR_SELECT
+        bool "Supported processor vendors" if EMBEDDED
+        help
+          This lets you choose what x86 vendor support code your kernel
+          will include.
+
+config CPU_SUP_INTEL
+        default y
+        bool "Support Intel processors" if PROCESSOR_SELECT
+        help
+          This enables detection, tunings and quirks for Intel processors
+
+          You need this enabled if you want your kernel to run on an
+          Intel CPU. Disabling this option on other types of CPUs
+          makes the kernel a tiny bit smaller. Disabling it on an Intel
+          CPU might render the kernel unbootable.
+
+          If unsure, say N.
+
+config CPU_SUP_CYRIX_32
+        default y
+        bool "Support Cyrix processors" if PROCESSOR_SELECT
+        depends on !64BIT
+        help
+          This enables detection, tunings and quirks for Cyrix processors
+
+          You need this enabled if you want your kernel to run on a
+          Cyrix CPU. Disabling this option on other types of CPUs
+          makes the kernel a tiny bit smaller. Disabling it on a Cyrix
+          CPU might render the kernel unbootable.
+
+          If unsure, say N.
+
+config CPU_SUP_AMD
+        default y
+        bool "Support AMD processors" if PROCESSOR_SELECT
+        help
+          This enables detection, tunings and quirks for AMD processors
+
+          You need this enabled if you want your kernel to run on an
+          AMD CPU. Disabling this option on other types of CPUs
+          makes the kernel a tiny bit smaller. Disabling it on an AMD
+          CPU might render the kernel unbootable.
+
+          If unsure, say N.
+
+config CPU_SUP_CENTAUR_32
+        default y
+        bool "Support Centaur processors" if PROCESSOR_SELECT
+        depends on !64BIT
+        help
+          This enables detection, tunings and quirks for Centaur processors
+
+          You need this enabled if you want your kernel to run on a
+          Centaur CPU. Disabling this option on other types of CPUs
+          makes the kernel a tiny bit smaller. Disabling it on a Centaur
+          CPU might render the kernel unbootable.
+
+          If unsure, say N.
+
+config CPU_SUP_CENTAUR_64
+        default y
+        bool "Support Centaur processors" if PROCESSOR_SELECT
+        depends on 64BIT
+        help
+          This enables detection, tunings and quirks for Centaur processors
+
+          You need this enabled if you want your kernel to run on a
+          Centaur CPU. Disabling this option on other types of CPUs
+          makes the kernel a tiny bit smaller. Disabling it on a Centaur
+          CPU might render the kernel unbootable.
+
+          If unsure, say N.
+
+config CPU_SUP_TRANSMETA_32
+        default y
+        bool "Support Transmeta processors" if PROCESSOR_SELECT
+        depends on !64BIT
+        help
+          This enables detection, tunings and quirks for Transmeta processors
+
+          You need this enabled if you want your kernel to run on a
+          Transmeta CPU. Disabling this option on other types of CPUs
+          makes the kernel a tiny bit smaller. Disabling it on a Transmeta
+          CPU might render the kernel unbootable.
+
+          If unsure, say N.
+
+config CPU_SUP_UMC_32
+        default y
+        bool "Support UMC processors" if PROCESSOR_SELECT
+        depends on !64BIT
+        help
+          This enables detection, tunings and quirks for UMC processors
+
+          You need this enabled if you want your kernel to run on a
+          UMC CPU. Disabling this option on other types of CPUs
+          makes the kernel a tiny bit smaller. Disabling it on a UMC
+          CPU might render the kernel unbootable.
+
+          If unsure, say N.
+
+config X86_DS
+        bool "Debug Store support"
+        default y
+        help
+          Add support for Debug Store.
+          This allows the kernel to provide a memory buffer to the hardware
+          to store various profiling and tracing events.
+
+config X86_PTRACE_BTS
+        bool "ptrace interface to Branch Trace Store"
+        default y
+        depends on (X86_DS && X86_DEBUGCTLMSR)
+        help
+          Add a ptrace interface to allow collecting an execution trace
+          of the traced task.
+          This collects control flow changes in a (cyclic) buffer and allows
+          debuggers to fill in the gaps and show an execution trace of the debuggee.
diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
index 092f019e033a..2a3dfbd5e677 100644
--- a/arch/x86/Kconfig.debug
+++ b/arch/x86/Kconfig.debug
@@ -43,6 +43,19 @@ config EARLY_PRINTK
           with klogd/syslogd or the X server. You should normally N here,
           unless you want to debug such a crash.
 
+config EARLY_PRINTK_DBGP
+        bool "Early printk via EHCI debug port"
+        default n
+        depends on EARLY_PRINTK && PCI
+        help
+          Write kernel log output directly into the EHCI debug port.
+
+          This is useful for kernel debugging when your machine crashes very
+          early before the console code is initialized. For normal operation
+          it is not recommended because it looks ugly and doesn't cooperate
+          with klogd/syslogd or the X server. You should normally N here,
+          unless you want to debug such a crash. You need usb debug device.
+
 config DEBUG_STACKOVERFLOW
         bool "Check for stack overflows"
         depends on DEBUG_KERNEL
diff --git a/arch/x86/Makefile_32.cpu b/arch/x86/Makefile_32.cpu
index e372b584e919..80177ec052f0 100644
--- a/arch/x86/Makefile_32.cpu
+++ b/arch/x86/Makefile_32.cpu
@@ -28,7 +28,6 @@ cflags-$(CONFIG_MK8)		+= $(call cc-option,-march=k8,-march=athlon)
 cflags-$(CONFIG_MCRUSOE)        += -march=i686 $(align)-functions=0 $(align)-jumps=0 $(align)-loops=0
 cflags-$(CONFIG_MEFFICEON)      += -march=i686 $(call tune,pentium3) $(align)-functions=0 $(align)-jumps=0 $(align)-loops=0
 cflags-$(CONFIG_MWINCHIPC6)     += $(call cc-option,-march=winchip-c6,-march=i586)
-cflags-$(CONFIG_MWINCHIP2)      += $(call cc-option,-march=winchip2,-march=i586)
 cflags-$(CONFIG_MWINCHIP3D)     += $(call cc-option,-march=winchip2,-march=i586)
 cflags-$(CONFIG_MCYRIXIII)      += $(call cc-option,-march=c3,-march=i486) $(align)-functions=0 $(align)-jumps=0 $(align)-loops=0
 cflags-$(CONFIG_MVIAC3_2)       += $(call cc-option,-march=c3-2,-march=i686)
@@ -45,3 +44,8 @@ cflags-$(CONFIG_MGEODEGX1)	+= -march=pentium-mmx
 # cpu entries
 cflags-$(CONFIG_X86_GENERIC)    += $(call tune,generic,$(call tune,i686))
 
+# Bug fix for binutils: this option is required in order to keep
+# binutils from generating NOPL instructions against our will.
+ifneq ($(CONFIG_X86_P6_NOP),y)
+cflags-y                        += $(call cc-option,-Wa$(comma)-mtune=generic32,)
+endif
diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile
index 7ee102f9c4f8..cd48c7210016 100644
--- a/arch/x86/boot/Makefile
+++ b/arch/x86/boot/Makefile
@@ -72,9 +72,7 @@ KBUILD_CFLAGS	:= $(LINUXINCLUDE) -g -Os -D_SETUP -D__KERNEL__ \
 KBUILD_CFLAGS +=   $(call cc-option,-m32)
 KBUILD_AFLAGS   := $(KBUILD_CFLAGS) -D__ASSEMBLY__
 
-$(obj)/zImage:  IMAGE_OFFSET := 0x1000
 $(obj)/zImage:  asflags-y := $(SVGA_MODE) $(RAMDISK)
-$(obj)/bzImage: IMAGE_OFFSET := 0x100000
 $(obj)/bzImage: ccflags-y := -D__BIG_KERNEL__
 $(obj)/bzImage: asflags-y := $(SVGA_MODE) $(RAMDISK) -D__BIG_KERNEL__
 $(obj)/bzImage: BUILDFLAGS   := -b
@@ -117,7 +115,7 @@ $(obj)/setup.bin: $(obj)/setup.elf FORCE
         $(call if_changed,objcopy)
 
 $(obj)/compressed/vmlinux: FORCE
-        $(Q)$(MAKE) $(build)=$(obj)/compressed IMAGE_OFFSET=$(IMAGE_OFFSET) $@
+        $(Q)$(MAKE) $(build)=$(obj)/compressed $@
 
 # Set this if you want to pass append arguments to the zdisk/fdimage/isoimage kernel
 FDARGS =
@@ -181,6 +179,7 @@ isoimage: $(BOOTIMAGE)
         mkisofs -J -r -o $(obj)/image.iso -b isolinux.bin -c boot.cat \
                 -no-emul-boot -boot-load-size 4 -boot-info-table \
                 $(obj)/isoimage
+        isohybrid $(obj)/image.iso 2>/dev/null || true
         rm -rf $(obj)/isoimage
 
 zlilo: $(BOOTIMAGE)
diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
index 92fdd35bd93e..1771c804e02f 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -27,9 +27,8 @@ $(obj)/vmlinux.bin: vmlinux FORCE
         $(call if_changed,objcopy)
 
 
-ifeq ($(CONFIG_X86_32),y)
-targets += vmlinux.bin.all vmlinux.relocs
-hostprogs-y := relocs
+targets += vmlinux.bin.all vmlinux.relocs relocs
+hostprogs-$(CONFIG_X86_32) += relocs
 
 quiet_cmd_relocs = RELOCS  $@
       cmd_relocs = $(obj)/relocs $< > $@;$(obj)/relocs --abs-relocs $<
@@ -43,6 +42,8 @@ quiet_cmd_relocbin = BUILD   $@
 $(obj)/vmlinux.bin.all: $(vmlinux.bin.all-y) FORCE
         $(call if_changed,relocbin)
 
+ifeq ($(CONFIG_X86_32),y)
+
 ifdef CONFIG_RELOCATABLE
 $(obj)/vmlinux.bin.gz: $(obj)/vmlinux.bin.all FORCE
         $(call if_changed,gzip)
@@ -59,6 +60,5 @@ $(obj)/vmlinux.bin.gz: $(obj)/vmlinux.bin FORCE
 LDFLAGS_piggy.o := -r --format binary --oformat elf64-x86-64 -T
 endif
 
-
 $(obj)/piggy.o: $(obj)/vmlinux.scr $(obj)/vmlinux.bin.gz FORCE
         $(call if_changed,ld)
diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S
index ba7736cf2ec7..29c5fbf08392 100644
--- a/arch/x86/boot/compressed/head_32.S
+++ b/arch/x86/boot/compressed/head_32.S
@@ -137,14 +137,15 @@ relocated:
  */
         movl output_len(%ebx), %eax
         pushl %eax
+                        # push arguments for decompress_kernel:
         pushl %ebp      # output address
         movl input_len(%ebx), %eax
         pushl %eax      # input_len
         leal input_data(%ebx), %eax
         pushl %eax      # input_data
         leal boot_heap(%ebx), %eax
-        pushl %eax      # heap area as third argument
-        pushl %esi      # real mode pointer as second arg
+        pushl %eax      # heap area
+        pushl %esi      # real mode pointer
         call decompress_kernel
         addl $20, %esp
         popl %ecx
diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
index 9fea73706479..5780d361105b 100644
--- a/arch/x86/boot/compressed/misc.c
+++ b/arch/x86/boot/compressed/misc.c
@@ -16,7 +16,7 @@
  */
 #undef CONFIG_PARAVIRT
 #ifdef CONFIG_X86_32
-#define _ASM_DESC_H_ 1
+#define ASM_X86__DESC_H 1
 #endif
 
 #ifdef CONFIG_X86_64
@@ -27,7 +27,7 @@
 #include <linux/linkage.h>
 #include <linux/screen_info.h>
 #include <linux/elf.h>
-#include <asm/io.h>
+#include <linux/io.h>
 #include <asm/page.h>
 #include <asm/boot.h>
 #include <asm/bootparam.h>
@@ -251,7 +251,7 @@ static void __putstr(int error, const char *s)
                                 y--;
                         }
                 } else {
-                        vidmem [(x + cols * y) * 2] = c;
+                        vidmem[(x + cols * y) * 2] = c;
                         if (++x >= cols) {
                                 x = 0;
                                 if (++y >= lines) {
@@ -277,7 +277,8 @@ static void *memset(void *s, int c, unsigned n)
         int i;
         char *ss = s;
 
-        for (i = 0; i < n; i++) ss[i] = c;
+        for (i = 0; i < n; i++)
+                ss[i] = c;
         return s;
 }
 
@@ -287,7 +288,8 @@ static void *memcpy(void *dest, const void *src, unsigned n)
         const char *s = src;
         char *d = dest;
 
-        for (i = 0; i < n; i++) d[i] = s[i];
+        for (i = 0; i < n; i++)
+                d[i] = s[i];
         return dest;
 }
 
diff --git a/arch/x86/boot/compressed/relocs.c b/arch/x86/boot/compressed/relocs.c
index a1310c52fc0c..857e492c571e 100644
--- a/arch/x86/boot/compressed/relocs.c
+++ b/arch/x86/boot/compressed/relocs.c
@@ -492,7 +492,7 @@ static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym))
                         continue;
                 }
                 sh_symtab = sec_symtab->symtab;
-                sym_strtab = sec->link->strtab;
+                sym_strtab = sec_symtab->link->strtab;
                 for (j = 0; j < sec->shdr.sh_size/sizeof(Elf32_Rel); j++) {
                         Elf32_Rel *rel;
                         Elf32_Sym *sym;
diff --git a/arch/x86/boot/cpu.c b/arch/x86/boot/cpu.c
index 75298fe2edca..6ec6bb6e9957 100644
--- a/arch/x86/boot/cpu.c
+++ b/arch/x86/boot/cpu.c
@@ -59,17 +59,18 @@ int validate_cpu(void)
                         u32 e = err_flags[i];
 
                         for (j = 0; j < 32; j++) {
-                                int n = (i << 5)+j;
-                                if (*msg_strs < n) {
+                                if (msg_strs[0] < i ||
+                                    (msg_strs[0] == i && msg_strs[1] < j)) {
                                         /* Skip to the next string */
-                                        do {
-                                                msg_strs++;
-                                        } while (*msg_strs);
-                                        msg_strs++;
+                                        msg_strs += 2;
+                                        while (*msg_strs++)
+                                                ;
                                 }
                                 if (e & 1) {
-                                        if (*msg_strs == n && msg_strs[1])
-                                                printf("%s ", msg_strs+1);
+                                        if (msg_strs[0] == i &&
+                                            msg_strs[1] == j &&
+                                            msg_strs[2])
+                                                printf("%s ", msg_strs+2);
                                         else
                                                 printf("%d:%d ", i, j);
                                 }
diff --git a/arch/x86/boot/cpucheck.c b/arch/x86/boot/cpucheck.c
index 4b9ae7c56748..4d3ff037201f 100644
--- a/arch/x86/boot/cpucheck.c
+++ b/arch/x86/boot/cpucheck.c
@@ -38,12 +38,12 @@ static const u32 req_flags[NCAPINTS] =
 {
         REQUIRED_MASK0,
         REQUIRED_MASK1,
-        REQUIRED_MASK2,
-        REQUIRED_MASK3,
+        0, /* REQUIRED_MASK2 not implemented in this file */
+        0, /* REQUIRED_MASK3 not implemented in this file */
         REQUIRED_MASK4,
-        REQUIRED_MASK5,
+        0, /* REQUIRED_MASK5 not implemented in this file */
         REQUIRED_MASK6,
-        REQUIRED_MASK7,
+        0, /* REQUIRED_MASK7 not implemented in this file */
 };
 
 #define A32(a, b, c, d) (((d) << 24)+((c) << 16)+((b) << 8)+(a))
diff --git a/arch/x86/boot/edd.c b/arch/x86/boot/edd.c
index d93cbc6464d0..1aae8f3e5ca1 100644
--- a/arch/x86/boot/edd.c
+++ b/arch/x86/boot/edd.c
@@ -41,6 +41,7 @@ static u32 read_mbr_sig(u8 devno, struct edd_info *ei, u32 *mbrsig)
         char *mbrbuf_ptr, *mbrbuf_end;
         u32 buf_base, mbr_base;
         extern char _end[];
+        u16 mbr_magic;
 
         sector_size = ei->params.bytes_per_sector;
         if (!sector_size)
@@ -58,11 +59,15 @@ static u32 read_mbr_sig(u8 devno, struct edd_info *ei, u32 *mbrsig)
         if (mbrbuf_end > (char *)(size_t)boot_params.hdr.heap_end_ptr)
                 return -1;
 
+        memset(mbrbuf_ptr, 0, sector_size);
         if (read_mbr(devno, mbrbuf_ptr))
                 return -1;
 
         *mbrsig = *(u32 *)&mbrbuf_ptr[EDD_MBR_SIG_OFFSET];
-        return 0;
+        mbr_magic = *(u16 *)&mbrbuf_ptr[510];
+
+        /* check for valid MBR magic */
+        return mbr_magic == 0xAA55 ? 0 : -1;
 }
 
 static int get_edd_info(u8 devno, struct edd_info *ei)
diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
index af86e431acfa..b993062e9a5f 100644
--- a/arch/x86/boot/header.S
+++ b/arch/x86/boot/header.S
@@ -30,7 +30,6 @@ SYSSEG		= DEF_SYSSEG		/* system loaded at 0x10000 (65536) */
 SYSSIZE         = DEF_SYSSIZE           /* system size: # of 16-byte clicks */
                                         /* to be loaded */
 ROOT_DEV        = 0                     /* ROOT_DEV is now written by "build" */
-SWAP_DEV        = 0                     /* SWAP_DEV is now written by "build" */
 
 #ifndef SVGA_MODE
 #define SVGA_MODE ASK_VGA
diff --git a/arch/x86/boot/mkcpustr.c b/arch/x86/boot/mkcpustr.c
index bbe76953bae9..8ef60f20b371 100644
--- a/arch/x86/boot/mkcpustr.c
+++ b/arch/x86/boot/mkcpustr.c
@@ -15,33 +15,33 @@
 
 #include <stdio.h>
 
-#include "../kernel/cpu/feature_names.c"
-
-#if NCAPFLAGS > 8
-# error "Need to adjust the boot code handling of CPUID strings"
-#endif
+#include "../kernel/cpu/capflags.c"
 
 int main(void)
 {
-        int i;
+        int i, j;
         const char *str;
 
         printf("static const char x86_cap_strs[] = \n");
 
-        for (i = 0; i < NCAPINTS*32; i++) {
-                str = x86_cap_flags[i];
-
-                if (i == NCAPINTS*32-1) {
-                        /* The last entry must be unconditional; this
-                           also consumes the compiler-added null character */
-                        if (!str)
-                                str = "";
-                        printf("\t\"\\x%02x\"\"%s\"\n", i, str);
-                } else if (str) {
-                        printf("#if REQUIRED_MASK%d & (1 << %d)\n"
-                               "\t\"\\x%02x\"\"%s\\0\"\n"
-                               "#endif\n",
-                               i >> 5, i & 31, i, str);
+        for (i = 0; i < NCAPINTS; i++) {
+                for (j = 0; j < 32; j++) {
+                        str = x86_cap_flags[i*32+j];
+
+                        if (i == NCAPINTS-1 && j == 31) {
+                                /* The last entry must be unconditional; this
+                                   also consumes the compiler-added null
+                                   character */
+                                if (!str)
+                                        str = "";
+                                printf("\t\"\\x%02x\\x%02x\"\"%s\"\n",
+                                       i, j, str);
+                        } else if (str) {
+                                printf("#if REQUIRED_MASK%d & (1 << %d)\n"
+                                       "\t\"\\x%02x\\x%02x\"\"%s\\0\"\n"
+                                       "#endif\n",
+                                       i, j, i, j, str);
+                        }
                 }
         }
         printf("\t;\n");
diff --git a/arch/x86/boot/video-vesa.c b/arch/x86/boot/video-vesa.c
index 401ad998ad08..99b3079dc6ab 100644
--- a/arch/x86/boot/video-vesa.c
+++ b/arch/x86/boot/video-vesa.c
@@ -88,14 +88,11 @@ static int vesa_probe(void)
                            (vminfo.memory_layout == 4 ||
                             vminfo.memory_layout == 6) &&
                            vminfo.memory_planes == 1) {
-#ifdef CONFIG_FB
+#ifdef CONFIG_FB_BOOT_VESA_SUPPORT
                         /* Graphics mode, color, linear frame buffer
                            supported.  Only register the mode if
                            if framebuffer is configured, however,
-                           otherwise the user will be left without a screen.
-                           We don't require CONFIG_FB_VESA, however, since
-                           some of the other framebuffer drivers can use
-                           this mode-setting, too. */
+                           otherwise the user will be left without a screen. */
                         mi = GET_HEAP(struct mode_info, 1);
                         mi->mode = mode + VIDEO_FIRST_VESA;
                         mi->depth = vminfo.bpp;
@@ -133,10 +130,12 @@ static int vesa_set_mode(struct mode_info *mode)
         if ((vminfo.mode_attr & 0x15) == 0x05) {
                 /* It's a supported text mode */
                 is_graphic = 0;
+#ifdef CONFIG_FB_BOOT_VESA_SUPPORT
         } else if ((vminfo.mode_attr & 0x99) == 0x99) {
                 /* It's a graphics mode with linear frame buffer */
                 is_graphic = 1;
                 vesa_mode |= 0x4000; /* Request linear frame buffer */
+#endif
         } else {
                 return -1;      /* Invalid mode */
         }
@@ -224,7 +223,7 @@ static void vesa_store_pm_info(void)
 static void vesa_store_mode_params_graphics(void)
 {
         /* Tell the kernel we're in VESA graphics mode */
-        boot_params.screen_info.orig_video_isVGA = 0x23;
+        boot_params.screen_info.orig_video_isVGA = VIDEO_TYPE_VLFB;
 
         /* Mode parameters */
         boot_params.screen_info.vesa_attributes = vminfo.mode_attr;
diff --git a/arch/x86/configs/i386_defconfig b/arch/x86/configs/i386_defconfig
index 104275e191a8..52d0359719d7 100644
--- a/arch/x86/configs/i386_defconfig
+++ b/arch/x86/configs/i386_defconfig
@@ -1,7 +1,7 @@
 #
 # Automatically generated make config: don't edit
-# Linux kernel version: 2.6.27-rc4
-# Mon Aug 25 15:04:00 2008
+# Linux kernel version: 2.6.27-rc5
+# Wed Sep  3 17:23:09 2008
 #
 # CONFIG_64BIT is not set
 CONFIG_X86_32=y
@@ -202,7 +202,7 @@ CONFIG_SCHED_NO_NO_OMIT_FRAME_POINTER=y
 # CONFIG_M586 is not set
 # CONFIG_M586TSC is not set
 # CONFIG_M586MMX is not set
-# CONFIG_M686 is not set
+CONFIG_M686=y
 # CONFIG_MPENTIUMII is not set
 # CONFIG_MPENTIUMIII is not set
 # CONFIG_MPENTIUMM is not set
@@ -213,7 +213,6 @@ CONFIG_SCHED_NO_NO_OMIT_FRAME_POINTER=y
 # CONFIG_MCRUSOE is not set
 # CONFIG_MEFFICEON is not set
 # CONFIG_MWINCHIPC6 is not set
-# CONFIG_MWINCHIP2 is not set
 # CONFIG_MWINCHIP3D is not set
 # CONFIG_MGEODEGX1 is not set
 # CONFIG_MGEODE_LX is not set
@@ -221,13 +220,14 @@ CONFIG_SCHED_NO_NO_OMIT_FRAME_POINTER=y
 # CONFIG_MVIAC3_2 is not set
 # CONFIG_MVIAC7 is not set
 # CONFIG_MPSC is not set
-CONFIG_MCORE2=y
+# CONFIG_MCORE2 is not set
 # CONFIG_GENERIC_CPU is not set
 CONFIG_X86_GENERIC=y
 CONFIG_X86_CPU=y
 CONFIG_X86_CMPXCHG=y
 CONFIG_X86_L1_CACHE_SHIFT=7
 CONFIG_X86_XADD=y
+# CONFIG_X86_PPRO_FENCE is not set
 CONFIG_X86_WP_WORKS_OK=y
 CONFIG_X86_INVLPG=y
 CONFIG_X86_BSWAP=y
@@ -235,14 +235,15 @@ CONFIG_X86_POPAD_OK=y
 CONFIG_X86_INTEL_USERCOPY=y
 CONFIG_X86_USE_PPRO_CHECKSUM=y
 CONFIG_X86_TSC=y
+CONFIG_X86_CMOV=y
 CONFIG_X86_MINIMUM_CPU_FAMILY=4
 CONFIG_X86_DEBUGCTLMSR=y
 CONFIG_HPET_TIMER=y
 CONFIG_HPET_EMULATE_RTC=y
 CONFIG_DMI=y
 # CONFIG_IOMMU_HELPER is not set
-CONFIG_NR_CPUS=4
-# CONFIG_SCHED_SMT is not set
+CONFIG_NR_CPUS=64
+CONFIG_SCHED_SMT=y
 CONFIG_SCHED_MC=y
 # CONFIG_PREEMPT_NONE is not set
 CONFIG_PREEMPT_VOLUNTARY=y
@@ -254,7 +255,8 @@ CONFIG_VM86=y
 # CONFIG_TOSHIBA is not set
 # CONFIG_I8K is not set
 CONFIG_X86_REBOOTFIXUPS=y
-# CONFIG_MICROCODE is not set
+CONFIG_MICROCODE=y
+CONFIG_MICROCODE_OLD_INTERFACE=y
 CONFIG_X86_MSR=y
 CONFIG_X86_CPUID=y
 # CONFIG_NOHIGHMEM is not set
@@ -1532,7 +1534,6 @@ CONFIG_BACKLIGHT_CLASS_DEVICE=y
 CONFIG_VGA_CONSOLE=y
 CONFIG_VGACON_SOFT_SCROLLBACK=y
 CONFIG_VGACON_SOFT_SCROLLBACK_SIZE=64
-CONFIG_VIDEO_SELECT=y
 CONFIG_DUMMY_CONSOLE=y
 # CONFIG_FRAMEBUFFER_CONSOLE is not set
 CONFIG_LOGO=y
@@ -2115,7 +2116,7 @@ CONFIG_IO_DELAY_0X80=y
 CONFIG_DEFAULT_IO_DELAY_TYPE=0
 CONFIG_DEBUG_BOOT_PARAMS=y
 # CONFIG_CPA_DEBUG is not set
-# CONFIG_OPTIMIZE_INLINING is not set
+CONFIG_OPTIMIZE_INLINING=y
 
 #
 # Security options
diff --git a/arch/x86/configs/x86_64_defconfig b/arch/x86/configs/x86_64_defconfig
index 678c8acefe04..f0a03d7a7d63 100644
--- a/arch/x86/configs/x86_64_defconfig
+++ b/arch/x86/configs/x86_64_defconfig
@@ -1,7 +1,7 @@
 #
 # Automatically generated make config: don't edit
-# Linux kernel version: 2.6.27-rc4
-# Mon Aug 25 14:40:46 2008
+# Linux kernel version: 2.6.27-rc5
+# Wed Sep  3 17:13:39 2008
 #
 CONFIG_64BIT=y
 # CONFIG_X86_32 is not set
@@ -210,7 +210,6 @@ CONFIG_X86_PC=y
 # CONFIG_MCRUSOE is not set
 # CONFIG_MEFFICEON is not set
 # CONFIG_MWINCHIPC6 is not set
-# CONFIG_MWINCHIP2 is not set
 # CONFIG_MWINCHIP3D is not set
 # CONFIG_MGEODEGX1 is not set
 # CONFIG_MGEODE_LX is not set
@@ -218,17 +217,14 @@ CONFIG_X86_PC=y
 # CONFIG_MVIAC3_2 is not set
 # CONFIG_MVIAC7 is not set
 # CONFIG_MPSC is not set
-CONFIG_MCORE2=y
-# CONFIG_GENERIC_CPU is not set
+# CONFIG_MCORE2 is not set
+CONFIG_GENERIC_CPU=y
 CONFIG_X86_CPU=y
-CONFIG_X86_L1_CACHE_BYTES=64
-CONFIG_X86_INTERNODE_CACHE_BYTES=64
+CONFIG_X86_L1_CACHE_BYTES=128
+CONFIG_X86_INTERNODE_CACHE_BYTES=128
 CONFIG_X86_CMPXCHG=y
-CONFIG_X86_L1_CACHE_SHIFT=6
+CONFIG_X86_L1_CACHE_SHIFT=7
 CONFIG_X86_WP_WORKS_OK=y
-CONFIG_X86_INTEL_USERCOPY=y
-CONFIG_X86_USE_PPRO_CHECKSUM=y
-CONFIG_X86_P6_NOP=y
 CONFIG_X86_TSC=y
 CONFIG_X86_CMPXCHG64=y
 CONFIG_X86_CMOV=y
@@ -243,9 +239,8 @@ CONFIG_CALGARY_IOMMU_ENABLED_BY_DEFAULT=y
 CONFIG_AMD_IOMMU=y
 CONFIG_SWIOTLB=y
 CONFIG_IOMMU_HELPER=y
-# CONFIG_MAXSMP is not set
-CONFIG_NR_CPUS=4
-# CONFIG_SCHED_SMT is not set
+CONFIG_NR_CPUS=64
+CONFIG_SCHED_SMT=y
 CONFIG_SCHED_MC=y
 # CONFIG_PREEMPT_NONE is not set
 CONFIG_PREEMPT_VOLUNTARY=y
@@ -254,7 +249,8 @@ CONFIG_X86_LOCAL_APIC=y
 CONFIG_X86_IO_APIC=y
 # CONFIG_X86_MCE is not set
 # CONFIG_I8K is not set
-# CONFIG_MICROCODE is not set
+CONFIG_MICROCODE=y
+CONFIG_MICROCODE_OLD_INTERFACE=y
 CONFIG_X86_MSR=y
 CONFIG_X86_CPUID=y
 CONFIG_NUMA=y
@@ -290,7 +286,7 @@ CONFIG_BOUNCE=y
 CONFIG_VIRT_TO_BUS=y
 CONFIG_MTRR=y
 # CONFIG_MTRR_SANITIZER is not set
-# CONFIG_X86_PAT is not set
+CONFIG_X86_PAT=y
 CONFIG_EFI=y
 CONFIG_SECCOMP=y
 # CONFIG_HZ_100 is not set
@@ -1508,7 +1504,6 @@ CONFIG_BACKLIGHT_CLASS_DEVICE=y
 CONFIG_VGA_CONSOLE=y
 CONFIG_VGACON_SOFT_SCROLLBACK=y
 CONFIG_VGACON_SOFT_SCROLLBACK_SIZE=64
-CONFIG_VIDEO_SELECT=y
 CONFIG_DUMMY_CONSOLE=y
 # CONFIG_FRAMEBUFFER_CONSOLE is not set
 CONFIG_LOGO=y
@@ -2089,7 +2084,7 @@ CONFIG_IO_DELAY_0X80=y
 CONFIG_DEFAULT_IO_DELAY_TYPE=0
 CONFIG_DEBUG_BOOT_PARAMS=y
 # CONFIG_CPA_DEBUG is not set
-# CONFIG_OPTIMIZE_INLINING is not set
+CONFIG_OPTIMIZE_INLINING=y
 
 #
 # Security options
diff --git a/arch/x86/crypto/Makefile b/arch/x86/crypto/Makefile
index 3874c2de5403..903de4aa5094 100644
--- a/arch/x86/crypto/Makefile
+++ b/arch/x86/crypto/Makefile
@@ -10,6 +10,8 @@ obj-$(CONFIG_CRYPTO_AES_X86_64) += aes-x86_64.o
 obj-$(CONFIG_CRYPTO_TWOFISH_X86_64) += twofish-x86_64.o
 obj-$(CONFIG_CRYPTO_SALSA20_X86_64) += salsa20-x86_64.o
 
+obj-$(CONFIG_CRYPTO_CRC32C_INTEL) += crc32c-intel.o
+
 aes-i586-y := aes-i586-asm_32.o aes_glue.o
 twofish-i586-y := twofish-i586-asm_32.o twofish_glue.o
 salsa20-i586-y := salsa20-i586-asm_32.o salsa20_glue.o
diff --git a/arch/x86/crypto/crc32c-intel.c b/arch/x86/crypto/crc32c-intel.c
new file mode 100644
index 000000000000..070afc5b6c94
--- /dev/null
+++ b/arch/x86/crypto/crc32c-intel.c
@@ -0,0 +1,197 @@
+/*
+ * Using hardware provided CRC32 instruction to accelerate the CRC32 disposal.
+ * CRC32C polynomial:0x1EDC6F41(BE)/0x82F63B78(LE)
+ * CRC32 is a new instruction in Intel SSE4.2, the reference can be found at:
+ * http://www.intel.com/products/processor/manuals/
+ * Intel(R) 64 and IA-32 Architectures Software Developer's Manual
+ * Volume 2A: Instruction Set Reference, A-M
+ *
+ * Copyright (c) 2008 Austin Zhang <austin_zhang@linux.intel.com>
+ * Copyright (c) 2008 Kent Liu <kent.liu@intel.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ */
+#include <linux/init.h>
+#include <linux/module.h>
+#include <linux/string.h>
+#include <linux/kernel.h>
+#include <crypto/internal/hash.h>
+
+#include <asm/cpufeature.h>
+
+#define CHKSUM_BLOCK_SIZE       1
+#define CHKSUM_DIGEST_SIZE      4
+
+#define SCALE_F sizeof(unsigned long)
+
+#ifdef CONFIG_X86_64
+#define REX_PRE "0x48, "
+#else
+#define REX_PRE
+#endif
+
+static u32 crc32c_intel_le_hw_byte(u32 crc, unsigned char const *data, size_t length)
+{
+        while (length--) {
+                __asm__ __volatile__(
+                        ".byte 0xf2, 0xf, 0x38, 0xf0, 0xf1"
+                        :"=S"(crc)
+                        :"0"(crc), "c"(*data)
+                );
+                data++;
+        }
+
+        return crc;
+}
+
+static u32 __pure crc32c_intel_le_hw(u32 crc, unsigned char const *p, size_t len)
+{
+        unsigned int iquotient = len / SCALE_F;
+        unsigned int iremainder = len % SCALE_F;
+        unsigned long *ptmp = (unsigned long *)p;
+
+        while (iquotient--) {
+                __asm__ __volatile__(
+                        ".byte 0xf2, " REX_PRE "0xf, 0x38, 0xf1, 0xf1;"
+                        :"=S"(crc)
+                        :"0"(crc), "c"(*ptmp)
+                );
+                ptmp++;
+        }
+
+        if (iremainder)
+                crc = crc32c_intel_le_hw_byte(crc, (unsigned char *)ptmp,
+                                 iremainder);
+
+        return crc;
+}
+
+/*
+ * Setting the seed allows arbitrary accumulators and flexible XOR policy
+ * If your algorithm starts with ~0, then XOR with ~0 before you set
+ * the seed.
+ */
+static int crc32c_intel_setkey(struct crypto_ahash *hash, const u8 *key,
+                        unsigned int keylen)
+{
+        u32 *mctx = crypto_ahash_ctx(hash);
+
+        if (keylen != sizeof(u32)) {
+                crypto_ahash_set_flags(hash, CRYPTO_TFM_RES_BAD_KEY_LEN);
+                return -EINVAL;
+        }
+        *mctx = le32_to_cpup((__le32 *)key);
+        return 0;
+}
+
+static int crc32c_intel_init(struct ahash_request *req)
+{
+        u32 *mctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req));
+        u32 *crcp = ahash_request_ctx(req);
+
+        *crcp = *mctx;
+
+        return 0;
+}
+
+static int crc32c_intel_update(struct ahash_request *req)
+{
+        struct crypto_hash_walk walk;
+        u32 *crcp = ahash_request_ctx(req);
+        u32 crc = *crcp;
+        int nbytes;
+
+        for (nbytes = crypto_hash_walk_first(req, &walk); nbytes;
+           nbytes = crypto_hash_walk_done(&walk, 0))
+        crc = crc32c_intel_le_hw(crc, walk.data, nbytes);
+
+        *crcp = crc;
+        return 0;
+}
+
+static int crc32c_intel_final(struct ahash_request *req)
+{
+        u32 *crcp = ahash_request_ctx(req);
+
+        *(__le32 *)req->result = ~cpu_to_le32p(crcp);
+        return 0;
+}
+
+static int crc32c_intel_digest(struct ahash_request *req)
+{
+        struct crypto_hash_walk walk;
+        u32 *mctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req));
+        u32 crc = *mctx;
+        int nbytes;
+
+        for (nbytes = crypto_hash_walk_first(req, &walk); nbytes;
+           nbytes = crypto_hash_walk_done(&walk, 0))
+                crc = crc32c_intel_le_hw(crc, walk.data, nbytes);
+
+        *(__le32 *)req->result = ~cpu_to_le32(crc);
+        return 0;
+}
+
+static int crc32c_intel_cra_init(struct crypto_tfm *tfm)
+{
+        u32 *key = crypto_tfm_ctx(tfm);
+
+        *key = ~0;
+
+        tfm->crt_ahash.reqsize = sizeof(u32);
+
+        return 0;
+}
+
+static struct crypto_alg alg = {
+        .cra_name               =       "crc32c",
+        .cra_driver_name        =       "crc32c-intel",
+        .cra_priority           =       200,
+        .cra_flags              =       CRYPTO_ALG_TYPE_AHASH,
+        .cra_blocksize          =       CHKSUM_BLOCK_SIZE,
+        .cra_alignmask          =       3,
+        .cra_ctxsize            =       sizeof(u32),
+        .cra_module             =       THIS_MODULE,
+        .cra_list               =       LIST_HEAD_INIT(alg.cra_list),
+        .cra_init               =       crc32c_intel_cra_init,
+        .cra_type               =       &crypto_ahash_type,
+        .cra_u                  =       {
+                .ahash = {
+                        .digestsize    =       CHKSUM_DIGEST_SIZE,
+                        .setkey        =       crc32c_intel_setkey,
+                        .init          =       crc32c_intel_init,
+                        .update        =       crc32c_intel_update,
+                        .final         =       crc32c_intel_final,
+                        .digest        =       crc32c_intel_digest,
+                }
+        }
+};
+
+
+static int __init crc32c_intel_mod_init(void)
+{
+        if (cpu_has_xmm4_2)
+                return crypto_register_alg(&alg);
+        else
+                return -ENODEV;
+}
+
+static void __exit crc32c_intel_mod_fini(void)
+{
+        crypto_unregister_alg(&alg);
+}
+
+module_init(crc32c_intel_mod_init);
+module_exit(crc32c_intel_mod_fini);
+
+MODULE_AUTHOR("Austin Zhang <austin.zhang@intel.com>, Kent Liu <kent.liu@intel.com>");
+MODULE_DESCRIPTION("CRC32c (Castagnoli) optimization using Intel Hardware.");
+MODULE_LICENSE("GPL");
+
+MODULE_ALIAS("crc32c");
+MODULE_ALIAS("crc32c-intel");
+
diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c
index a0e1dbe67dc1..127ec3f07214 100644
--- a/arch/x86/ia32/ia32_aout.c
+++ b/arch/x86/ia32/ia32_aout.c
@@ -85,8 +85,10 @@ static void dump_thread32(struct pt_regs *regs, struct user32 *dump)
         dump->regs.ax = regs->ax;
         dump->regs.ds = current->thread.ds;
         dump->regs.es = current->thread.es;
-        asm("movl %%fs,%0" : "=r" (fs)); dump->regs.fs = fs;
-        asm("movl %%gs,%0" : "=r" (gs)); dump->regs.gs = gs;
+        savesegment(fs, fs);
+        dump->regs.fs = fs;
+        savesegment(gs, gs);
+        dump->regs.gs = gs;
         dump->regs.orig_ax = regs->orig_ax;
         dump->regs.ip = regs->ip;
         dump->regs.cs = regs->cs;
@@ -430,8 +432,9 @@ beyond_if:
         current->mm->start_stack =
                 (unsigned long)create_aout_tables((char __user *)bprm->p, bprm);
         /* start thread */
-        asm volatile("movl %0,%%fs" :: "r" (0)); \
-        asm volatile("movl %0,%%es; movl %0,%%ds": :"r" (__USER32_DS));
+        loadsegment(fs, 0);
+        loadsegment(ds, __USER32_DS);
+        loadsegment(es, __USER32_DS);
         load_gs_index(0);
         (regs)->ip = ex.a_entry;
         (regs)->sp = current->mm->start_stack;
diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c
index 20af4c79579a..4bc02b23674b 100644
--- a/arch/x86/ia32/ia32_signal.c
+++ b/arch/x86/ia32/ia32_signal.c
@@ -179,9 +179,10 @@ struct sigframe
         u32 pretcode;
         int sig;
         struct sigcontext_ia32 sc;
-        struct _fpstate_ia32 fpstate;
+        struct _fpstate_ia32 fpstate_unused; /* look at kernel/sigframe.h */
         unsigned int extramask[_COMPAT_NSIG_WORDS-1];
         char retcode[8];
+        /* fp state follows here */
 };
 
 struct rt_sigframe
@@ -192,8 +193,8 @@ struct rt_sigframe
         u32 puc;
         compat_siginfo_t info;
         struct ucontext_ia32 uc;
-        struct _fpstate_ia32 fpstate;
         char retcode[8];
+        /* fp state follows here */
 };
 
 #define COPY(x)         {               \
@@ -206,7 +207,7 @@ struct rt_sigframe
         { unsigned int cur;                                             \
           unsigned short pre;                                           \
           err |= __get_user(pre, &sc->seg);                             \
-          asm volatile("movl %%" #seg ",%0" : "=r" (cur));              \
+          savesegment(seg, cur);                                        \
           pre |= mask;                                                  \
           if (pre != cur) loadsegment(seg, pre); }
 
@@ -215,7 +216,7 @@ static int ia32_restore_sigcontext(struct pt_regs *regs,
                                    unsigned int *peax)
 {
         unsigned int tmpflags, gs, oldgs, err = 0;
-        struct _fpstate_ia32 __user *buf;
+        void __user *buf;
         u32 tmp;
 
         /* Always make any pending restarted system calls return -EINTR */
@@ -235,7 +236,7 @@ static int ia32_restore_sigcontext(struct pt_regs *regs,
          */
         err |= __get_user(gs, &sc->gs);
         gs |= 3;
-        asm("movl %%gs,%0" : "=r" (oldgs));
+        savesegment(gs, oldgs);
         if (gs != oldgs)
                 load_gs_index(gs);
 
@@ -259,26 +260,12 @@ static int ia32_restore_sigcontext(struct pt_regs *regs,
 
         err |= __get_user(tmp, &sc->fpstate);
         buf = compat_ptr(tmp);
-        if (buf) {
-                if (!access_ok(VERIFY_READ, buf, sizeof(*buf)))
-                        goto badframe;
-                err |= restore_i387_ia32(buf);
-        } else {
-                struct task_struct *me = current;
-
-                if (used_math()) {
-                        clear_fpu(me);
-                        clear_used_math();
-                }
-        }
+        err |= restore_i387_xstate_ia32(buf);
 
         err |= __get_user(tmp, &sc->ax);
         *peax = tmp;
 
         return err;
-
-badframe:
-        return 1;
 }
 
 asmlinkage long sys32_sigreturn(struct pt_regs *regs)
@@ -350,46 +337,42 @@ badframe:
  */
 
 static int ia32_setup_sigcontext(struct sigcontext_ia32 __user *sc,
-                                 struct _fpstate_ia32 __user *fpstate,
+                                 void __user *fpstate,
                                  struct pt_regs *regs, unsigned int mask)
 {
         int tmp, err = 0;
 
-        tmp = 0;
-        __asm__("movl %%gs,%0" : "=r"(tmp): "0"(tmp));
+        savesegment(gs, tmp);
         err |= __put_user(tmp, (unsigned int __user *)&sc->gs);
-        __asm__("movl %%fs,%0" : "=r"(tmp): "0"(tmp));
+        savesegment(fs, tmp);
         err |= __put_user(tmp, (unsigned int __user *)&sc->fs);
-        __asm__("movl %%ds,%0" : "=r"(tmp): "0"(tmp));
+        savesegment(ds, tmp);
         err |= __put_user(tmp, (unsigned int __user *)&sc->ds);
-        __asm__("movl %%es,%0" : "=r"(tmp): "0"(tmp));
+        savesegment(es, tmp);
         err |= __put_user(tmp, (unsigned int __user *)&sc->es);
 
-        err |= __put_user((u32)regs->di, &sc->di);
-        err |= __put_user((u32)regs->si, &sc->si);
-        err |= __put_user((u32)regs->bp, &sc->bp);
-        err |= __put_user((u32)regs->sp, &sc->sp);
-        err |= __put_user((u32)regs->bx, &sc->bx);
-        err |= __put_user((u32)regs->dx, &sc->dx);
-        err |= __put_user((u32)regs->cx, &sc->cx);
-        err |= __put_user((u32)regs->ax, &sc->ax);
-        err |= __put_user((u32)regs->cs, &sc->cs);
-        err |= __put_user((u32)regs->ss, &sc->ss);
+        err |= __put_user(regs->di, &sc->di);
+        err |= __put_user(regs->si, &sc->si);
+        err |= __put_user(regs->bp, &sc->bp);
+        err |= __put_user(regs->sp, &sc->sp);
+        err |= __put_user(regs->bx, &sc->bx);
+        err |= __put_user(regs->dx, &sc->dx);
+        err |= __put_user(regs->cx, &sc->cx);
+        err |= __put_user(regs->ax, &sc->ax);
+        err |= __put_user(regs->cs, &sc->cs);
+        err |= __put_user(regs->ss, &sc->ss);
         err |= __put_user(current->thread.trap_no, &sc->trapno);
         err |= __put_user(current->thread.error_code, &sc->err);
-        err |= __put_user((u32)regs->ip, &sc->ip);
-        err |= __put_user((u32)regs->flags, &sc->flags);
-        err |= __put_user((u32)regs->sp, &sc->sp_at_signal);
+        err |= __put_user(regs->ip, &sc->ip);
+        err |= __put_user(regs->flags, &sc->flags);
+        err |= __put_user(regs->sp, &sc->sp_at_signal);
 
-        tmp = save_i387_ia32(fpstate);
+        tmp = save_i387_xstate_ia32(fpstate);
         if (tmp < 0)
                 err = -EFAULT;
-        else {
-                clear_used_math();
-                stts();
+        else
                 err |= __put_user(ptr_to_compat(tmp ? fpstate : NULL),
                                         &sc->fpstate);
-        }
 
         /* non-iBCS2 extensions.. */
         err |= __put_user(mask, &sc->oldmask);
@@ -402,7 +385,8 @@ static int ia32_setup_sigcontext(struct sigcontext_ia32 __user *sc,
  * Determine which stack to use..
  */
 static void __user *get_sigframe(struct k_sigaction *ka, struct pt_regs *regs,
-                                 size_t frame_size)
+                                 size_t frame_size,
+                                 void **fpstate)
 {
         unsigned long sp;
 
@@ -421,6 +405,11 @@ static void __user *get_sigframe(struct k_sigaction *ka, struct pt_regs *regs,
                  ka->sa.sa_restorer)
                 sp = (unsigned long) ka->sa.sa_restorer;
 
+        if (used_math()) {
+                sp = sp - sig_xstate_ia32_size;
+                *fpstate = (struct _fpstate_ia32 *) sp;
+        }
+
         sp -= frame_size;
         /* Align the stack pointer according to the i386 ABI,
          * i.e. so that on function entry ((sp + 4) & 15) == 0. */
@@ -434,6 +423,7 @@ int ia32_setup_frame(int sig, struct k_sigaction *ka,
         struct sigframe __user *frame;
         void __user *restorer;
         int err = 0;
+        void __user *fpstate = NULL;
 
         /* copy_to_user optimizes that into a single 8 byte store */
         static const struct {
@@ -448,25 +438,21 @@ int ia32_setup_frame(int sig, struct k_sigaction *ka,
                 0,
         };
 
-        frame = get_sigframe(ka, regs, sizeof(*frame));
+        frame = get_sigframe(ka, regs, sizeof(*frame), &fpstate);
 
         if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame)))
-                goto give_sigsegv;
+                return -EFAULT;
 
-        err |= __put_user(sig, &frame->sig);
-        if (err)
-                goto give_sigsegv;
+        if (__put_user(sig, &frame->sig))
+                return -EFAULT;
 
-        err |= ia32_setup_sigcontext(&frame->sc, &frame->fpstate, regs,
-                                        set->sig[0]);
-        if (err)
-                goto give_sigsegv;
+        if (ia32_setup_sigcontext(&frame->sc, fpstate, regs, set->sig[0]))
+                return -EFAULT;
 
         if (_COMPAT_NSIG_WORDS > 1) {
-                err |= __copy_to_user(frame->extramask, &set->sig[1],
-                                      sizeof(frame->extramask));
-                if (err)
-                        goto give_sigsegv;
+                if (__copy_to_user(frame->extramask, &set->sig[1],
+                                   sizeof(frame->extramask)))
+                        return -EFAULT;
         }
 
         if (ka->sa.sa_flags & SA_RESTORER) {
@@ -487,7 +473,7 @@ int ia32_setup_frame(int sig, struct k_sigaction *ka,
          */
         err |= __copy_to_user(frame->retcode, &code, 8);
         if (err)
-                goto give_sigsegv;
+                return -EFAULT;
 
         /* Set up registers for signal handler */
         regs->sp = (unsigned long) frame;
@@ -498,8 +484,8 @@ int ia32_setup_frame(int sig, struct k_sigaction *ka,
         regs->dx = 0;
         regs->cx = 0;
 
-        asm volatile("movl %0,%%ds" :: "r" (__USER32_DS));
-        asm volatile("movl %0,%%es" :: "r" (__USER32_DS));
+        loadsegment(ds, __USER32_DS);
+        loadsegment(es, __USER32_DS);
 
         regs->cs = __USER32_CS;
         regs->ss = __USER32_DS;
@@ -510,10 +496,6 @@ int ia32_setup_frame(int sig, struct k_sigaction *ka,
 #endif
 
         return 0;
-
-give_sigsegv:
-        force_sigsegv(sig, current);
-        return -EFAULT;
 }
 
 int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
@@ -522,6 +504,7 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
         struct rt_sigframe __user *frame;
         void __user *restorer;
         int err = 0;
+        void __user *fpstate = NULL;
 
         /* __copy_to_user optimizes that into a single 8 byte store */
         static const struct {
@@ -537,30 +520,33 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
                 0,
         };
 
-        frame = get_sigframe(ka, regs, sizeof(*frame));
+        frame = get_sigframe(ka, regs, sizeof(*frame), &fpstate);
 
         if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame)))
-                goto give_sigsegv;
+                return -EFAULT;
 
         err |= __put_user(sig, &frame->sig);
         err |= __put_user(ptr_to_compat(&frame->info), &frame->pinfo);
         err |= __put_user(ptr_to_compat(&frame->uc), &frame->puc);
         err |= copy_siginfo_to_user32(&frame->info, info);
         if (err)
-                goto give_sigsegv;
+                return -EFAULT;
 
         /* Create the ucontext.  */
-        err |= __put_user(0, &frame->uc.uc_flags);
+        if (cpu_has_xsave)
+                err |= __put_user(UC_FP_XSTATE, &frame->uc.uc_flags);
+        else
+                err |= __put_user(0, &frame->uc.uc_flags);
         err |= __put_user(0, &frame->uc.uc_link);
         err |= __put_user(current->sas_ss_sp, &frame->uc.uc_stack.ss_sp);
         err |= __put_user(sas_ss_flags(regs->sp),
                           &frame->uc.uc_stack.ss_flags);
         err |= __put_user(current->sas_ss_size, &frame->uc.uc_stack.ss_size);
-        err |= ia32_setup_sigcontext(&frame->uc.uc_mcontext, &frame->fpstate,
+        err |= ia32_setup_sigcontext(&frame->uc.uc_mcontext, fpstate,
                                      regs, set->sig[0]);
         err |= __copy_to_user(&frame->uc.uc_sigmask, set, sizeof(*set));
         if (err)
-                goto give_sigsegv;
+                return -EFAULT;
 
         if (ka->sa.sa_flags & SA_RESTORER)
                 restorer = ka->sa.sa_restorer;
@@ -575,7 +561,7 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
          */
         err |= __copy_to_user(frame->retcode, &code, 8);
         if (err)
-                goto give_sigsegv;
+                return -EFAULT;
 
         /* Set up registers for signal handler */
         regs->sp = (unsigned long) frame;
@@ -591,8 +577,8 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
         regs->dx = (unsigned long) &frame->info;
         regs->cx = (unsigned long) &frame->uc;
 
-        asm volatile("movl %0,%%ds" :: "r" (__USER32_DS));
-        asm volatile("movl %0,%%es" :: "r" (__USER32_DS));
+        loadsegment(ds, __USER32_DS);
+        loadsegment(es, __USER32_DS);
 
         regs->cs = __USER32_CS;
         regs->ss = __USER32_DS;
@@ -603,8 +589,4 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
 #endif
 
         return 0;
-
-give_sigsegv:
-        force_sigsegv(sig, current);
-        return -EFAULT;
 }
diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
index ffc1bb4fed7d..256b00b61892 100644
--- a/arch/x86/ia32/ia32entry.S
+++ b/arch/x86/ia32/ia32entry.S
@@ -39,11 +39,11 @@
         .endm 
 
         /* clobbers %eax */     
-        .macro  CLEAR_RREGS
+        .macro  CLEAR_RREGS _r9=rax
         xorl    %eax,%eax
         movq    %rax,R11(%rsp)
         movq    %rax,R10(%rsp)
-        movq    %rax,R9(%rsp)
+        movq    %\_r9,R9(%rsp)
         movq    %rax,R8(%rsp)
         .endm
 
@@ -52,11 +52,10 @@
          * We don't reload %eax because syscall_trace_enter() returned
          * the value it wants us to use in the table lookup.
          */
-        .macro LOAD_ARGS32 offset
-        movl \offset(%rsp),%r11d
-        movl \offset+8(%rsp),%r10d
+        .macro LOAD_ARGS32 offset, _r9=0
+        .if \_r9
         movl \offset+16(%rsp),%r9d
-        movl \offset+24(%rsp),%r8d
+        .endif
         movl \offset+40(%rsp),%ecx
         movl \offset+48(%rsp),%edx
         movl \offset+56(%rsp),%esi
@@ -145,7 +144,7 @@ ENTRY(ia32_sysenter_target)
         SAVE_ARGS 0,0,1
         /* no need to do an access_ok check here because rbp has been
            32bit zero extended */ 
-1:      movl    (%rbp),%r9d
+1:      movl    (%rbp),%ebp
         .section __ex_table,"a"
         .quad 1b,ia32_badarg
         .previous       
@@ -157,7 +156,7 @@ ENTRY(ia32_sysenter_target)
         cmpl    $(IA32_NR_syscalls-1),%eax
         ja      ia32_badsys
 sysenter_do_call:
-        IA32_ARG_FIXUP 1
+        IA32_ARG_FIXUP
 sysenter_dispatch:
         call    *ia32_sys_call_table(,%rax,8)
         movq    %rax,RAX-ARGOFFSET(%rsp)
@@ -234,20 +233,17 @@ sysexit_audit:
 #endif
 
 sysenter_tracesys:
-        xchgl   %r9d,%ebp
 #ifdef CONFIG_AUDITSYSCALL
         testl   $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10)
         jz      sysenter_auditsys
 #endif
         SAVE_REST
         CLEAR_RREGS
-        movq    %r9,R9(%rsp)
         movq    $-ENOSYS,RAX(%rsp)/* ptrace can change this for a bad syscall */
         movq    %rsp,%rdi        /* &pt_regs -> arg1 */
         call    syscall_trace_enter
         LOAD_ARGS32 ARGOFFSET  /* reload args from stack in case ptrace changed it */
         RESTORE_REST
-        xchgl   %ebp,%r9d
         cmpl    $(IA32_NR_syscalls-1),%eax
         ja      int_ret_from_sys_call /* sysenter_tracesys has set RAX(%rsp) */
         jmp     sysenter_do_call
@@ -314,9 +310,9 @@ ENTRY(ia32_cstar_target)
         testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r10)
         CFI_REMEMBER_STATE
         jnz   cstar_tracesys
-cstar_do_call:  
         cmpl $IA32_NR_syscalls-1,%eax
         ja  ia32_badsys
+cstar_do_call:
         IA32_ARG_FIXUP 1
 cstar_dispatch:
         call *ia32_sys_call_table(,%rax,8)
@@ -357,15 +353,13 @@ cstar_tracesys:
 #endif
         xchgl %r9d,%ebp
         SAVE_REST
-        CLEAR_RREGS
-        movq %r9,R9(%rsp)
+        CLEAR_RREGS r9
         movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */
         movq %rsp,%rdi        /* &pt_regs -> arg1 */
         call syscall_trace_enter
-        LOAD_ARGS32 ARGOFFSET  /* reload args from stack in case ptrace changed it */
+        LOAD_ARGS32 ARGOFFSET, 1  /* reload args from stack in case ptrace changed it */
         RESTORE_REST
         xchgl %ebp,%r9d
-        movl RSP-ARGOFFSET(%rsp), %r8d
         cmpl $(IA32_NR_syscalls-1),%eax
         ja int_ret_from_sys_call /* cstar_tracesys has set RAX(%rsp) */
         jmp cstar_do_call
@@ -577,8 +571,8 @@ ia32_sys_call_table:
         .quad compat_sys_setrlimit      /* 75 */
         .quad compat_sys_old_getrlimit  /* old_getrlimit */
         .quad compat_sys_getrusage
-        .quad sys32_gettimeofday
-        .quad sys32_settimeofday
+        .quad compat_sys_gettimeofday
+        .quad compat_sys_settimeofday
         .quad sys_getgroups16   /* 80 */
         .quad sys_setgroups16
         .quad sys32_old_select
diff --git a/arch/x86/ia32/sys_ia32.c b/arch/x86/ia32/sys_ia32.c
index d3c64088b981..2e09dcd3c0a6 100644
--- a/arch/x86/ia32/sys_ia32.c
+++ b/arch/x86/ia32/sys_ia32.c
@@ -49,41 +49,6 @@
 
 #define AA(__x)         ((unsigned long)(__x))
 
-int cp_compat_stat(struct kstat *kbuf, struct compat_stat __user *ubuf)
-{
-        compat_ino_t ino;
-
-        typeof(ubuf->st_uid) uid = 0;
-        typeof(ubuf->st_gid) gid = 0;
-        SET_UID(uid, kbuf->uid);
-        SET_GID(gid, kbuf->gid);
-        if (!old_valid_dev(kbuf->dev) || !old_valid_dev(kbuf->rdev))
-                return -EOVERFLOW;
-        if (kbuf->size >= 0x7fffffff)
-                return -EOVERFLOW;
-        ino = kbuf->ino;
-        if (sizeof(ino) < sizeof(kbuf->ino) && ino != kbuf->ino)
-                return -EOVERFLOW;
-        if (!access_ok(VERIFY_WRITE, ubuf, sizeof(struct compat_stat)) ||
-            __put_user(old_encode_dev(kbuf->dev), &ubuf->st_dev) ||
-            __put_user(ino, &ubuf->st_ino) ||
-            __put_user(kbuf->mode, &ubuf->st_mode) ||
-            __put_user(kbuf->nlink, &ubuf->st_nlink) ||
-            __put_user(uid, &ubuf->st_uid) ||
-            __put_user(gid, &ubuf->st_gid) ||
-            __put_user(old_encode_dev(kbuf->rdev), &ubuf->st_rdev) ||
-            __put_user(kbuf->size, &ubuf->st_size) ||
-            __put_user(kbuf->atime.tv_sec, &ubuf->st_atime) ||
-            __put_user(kbuf->atime.tv_nsec, &ubuf->st_atime_nsec) ||
-            __put_user(kbuf->mtime.tv_sec, &ubuf->st_mtime) ||
-            __put_user(kbuf->mtime.tv_nsec, &ubuf->st_mtime_nsec) ||
-            __put_user(kbuf->ctime.tv_sec, &ubuf->st_ctime) ||
-            __put_user(kbuf->ctime.tv_nsec, &ubuf->st_ctime_nsec) ||
-            __put_user(kbuf->blksize, &ubuf->st_blksize) ||
-            __put_user(kbuf->blocks, &ubuf->st_blocks))
-                return -EFAULT;
-        return 0;
-}
 
 asmlinkage long sys32_truncate64(char __user *filename,
                                  unsigned long offset_low,
@@ -402,75 +367,11 @@ asmlinkage long sys32_rt_sigprocmask(int how, compat_sigset_t __user *set,
         return 0;
 }
 
-static inline long get_tv32(struct timeval *o, struct compat_timeval __user *i)
-{
-        int err = -EFAULT;
-
-        if (access_ok(VERIFY_READ, i, sizeof(*i))) {
-                err = __get_user(o->tv_sec, &i->tv_sec);
-                err |= __get_user(o->tv_usec, &i->tv_usec);
-        }
-        return err;
-}
-
-static inline long put_tv32(struct compat_timeval __user *o, struct timeval *i)
-{
-        int err = -EFAULT;
-
-        if (access_ok(VERIFY_WRITE, o, sizeof(*o))) {
-                err = __put_user(i->tv_sec, &o->tv_sec);
-                err |= __put_user(i->tv_usec, &o->tv_usec);
-        }
-        return err;
-}
-
 asmlinkage long sys32_alarm(unsigned int seconds)
 {
         return alarm_setitimer(seconds);
 }
 
-/*
- * Translations due to time_t size differences. Which affects all
- * sorts of things, like timeval and itimerval.
- */
-asmlinkage long sys32_gettimeofday(struct compat_timeval __user *tv,
-                                   struct timezone __user *tz)
-{
-        if (tv) {
-                struct timeval ktv;
-
-                do_gettimeofday(&ktv);
-                if (put_tv32(tv, &ktv))
-                        return -EFAULT;
-        }
-        if (tz) {
-                if (copy_to_user(tz, &sys_tz, sizeof(sys_tz)))
-                        return -EFAULT;
-        }
-        return 0;
-}
-
-asmlinkage long sys32_settimeofday(struct compat_timeval __user *tv,
-                                   struct timezone __user *tz)
-{
-        struct timeval ktv;
-        struct timespec kts;
-        struct timezone ktz;
-
-        if (tv) {
-                if (get_tv32(&ktv, tv))
-                        return -EFAULT;
-                kts.tv_sec = ktv.tv_sec;
-                kts.tv_nsec = ktv.tv_usec * NSEC_PER_USEC;
-        }
-        if (tz) {
-                if (copy_from_user(&ktz, tz, sizeof(ktz)))
-                        return -EFAULT;
-        }
-
-        return do_sys_settimeofday(tv ? &kts : NULL, tz ? &ktz : NULL);
-}
-
 struct sel_arg_struct {
         unsigned int n;
         unsigned int inp;
@@ -556,15 +457,6 @@ asmlinkage long sys32_rt_sigqueueinfo(int pid, int sig,
         return ret;
 }
 
-/* These are here just in case some old ia32 binary calls it. */
-asmlinkage long sys32_pause(void)
-{
-        current->state = TASK_INTERRUPTIBLE;
-        schedule();
-        return -ERESTARTNOHAND;
-}
-
-
 #ifdef CONFIG_SYSCTL_SYSCALL
 struct sysctl_ia32 {
         unsigned int    name;
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index 3db651fc8ec5..0d41f0343dc0 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -10,7 +10,7 @@ ifdef CONFIG_FTRACE
 # Do not profile debug and lowlevel utilities
 CFLAGS_REMOVE_tsc.o = -pg
 CFLAGS_REMOVE_rtc.o = -pg
-CFLAGS_REMOVE_paravirt.o = -pg
+CFLAGS_REMOVE_paravirt-spinlocks.o = -pg
 endif
 
 #
@@ -23,7 +23,7 @@ CFLAGS_hpet.o		:= $(nostackp)
 CFLAGS_tsc.o            := $(nostackp)
 
 obj-y                   := process_$(BITS).o signal_$(BITS).o entry_$(BITS).o
-obj-y                   += traps_$(BITS).o irq_$(BITS).o
+obj-y                   += traps.o irq_$(BITS).o dumpstack_$(BITS).o
 obj-y                   += time_$(BITS).o ioport.o ldt.o
 obj-y                   += setup.o i8259.o irqinit_$(BITS).o setup_percpu.o
 obj-$(CONFIG_X86_VISWS) += visws_quirks.o
@@ -38,7 +38,7 @@ obj-y			+= tsc.o io_delay.o rtc.o
 
 obj-$(CONFIG_X86_TRAMPOLINE)    += trampoline.o
 obj-y                           += process.o
-obj-y                           += i387.o
+obj-y                           += i387.o xsave.o
 obj-y                           += ptrace.o
 obj-y                           += ds.o
 obj-$(CONFIG_X86_32)            += tls.o
@@ -51,7 +51,6 @@ obj-$(CONFIG_X86_BIOS_REBOOT)	+= reboot.o
 obj-$(CONFIG_MCA)               += mca_32.o
 obj-$(CONFIG_X86_MSR)           += msr.o
 obj-$(CONFIG_X86_CPUID)         += cpuid.o
-obj-$(CONFIG_MICROCODE)         += microcode.o
 obj-$(CONFIG_PCI)               += early-quirks.o
 apm-y                           := apm_32.o
 obj-$(CONFIG_APM)               += apm.o
@@ -69,6 +68,7 @@ obj-$(CONFIG_KEXEC)		+= machine_kexec_$(BITS).o
 obj-$(CONFIG_KEXEC)             += relocate_kernel_$(BITS).o crash.o
 obj-$(CONFIG_CRASH_DUMP)        += crash_dump_$(BITS).o
 obj-$(CONFIG_X86_NUMAQ)         += numaq_32.o
+obj-$(CONFIG_X86_ES7000)        += es7000_32.o
 obj-$(CONFIG_X86_SUMMIT_NUMA)   += summit_32.o
 obj-y                           += vsmp_64.o
 obj-$(CONFIG_KPROBES)           += kprobes.o
@@ -89,7 +89,7 @@ obj-$(CONFIG_DEBUG_NX_TEST)	+= test_nx.o
 obj-$(CONFIG_VMI)               += vmi_32.o vmiclock_32.o
 obj-$(CONFIG_KVM_GUEST)         += kvm.o
 obj-$(CONFIG_KVM_CLOCK)         += kvmclock.o
-obj-$(CONFIG_PARAVIRT)          += paravirt.o paravirt_patch_$(BITS).o
+obj-$(CONFIG_PARAVIRT)          += paravirt.o paravirt_patch_$(BITS).o paravirt-spinlocks.o
 obj-$(CONFIG_PARAVIRT_CLOCK)    += pvclock.o
 
 obj-$(CONFIG_PCSPKR_PLATFORM)   += pcspeaker.o
@@ -99,11 +99,18 @@ scx200-y			+= scx200_32.o
 
 obj-$(CONFIG_OLPC)              += olpc.o
 
+microcode-y                             := microcode_core.o
+microcode-$(CONFIG_MICROCODE_INTEL)     += microcode_intel.o
+microcode-$(CONFIG_MICROCODE_AMD)       += microcode_amd.o
+obj-$(CONFIG_MICROCODE)                 += microcode.o
+
 ###
 # 64 bit specific files
 ifeq ($(CONFIG_X86_64),y)
         obj-y                           += genapic_64.o genapic_flat_64.o genx2apic_uv_x.o tlb_uv.o
         obj-y                           += bios_uv.o
+        obj-y                           += genx2apic_cluster.o
+        obj-y                           += genx2apic_phys.o
         obj-$(CONFIG_X86_PM_TIMER)      += pmtimer_64.o
         obj-$(CONFIG_AUDIT)             += audit_64.o
 
diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c
index bfd10fd211cd..eb875cdc7367 100644
--- a/arch/x86/kernel/acpi/boot.c
+++ b/arch/x86/kernel/acpi/boot.c
@@ -58,7 +58,6 @@ EXPORT_SYMBOL(acpi_disabled);
 #ifdef  CONFIG_X86_64
 
 #include <asm/proto.h>
-#include <asm/genapic.h>
 
 #else                           /* X86 */
 
@@ -97,8 +96,6 @@ static u64 acpi_lapic_addr __initdata = APIC_DEFAULT_PHYS_BASE;
 #warning ACPI uses CMPXCHG, i486 and later hardware
 #endif
 
-static int acpi_mcfg_64bit_base_addr __initdata = FALSE;
-
 /* --------------------------------------------------------------------------
                               Boot-time Configuration
    -------------------------------------------------------------------------- */
@@ -160,6 +157,8 @@ char *__init __acpi_map_table(unsigned long phys, unsigned long size)
 struct acpi_mcfg_allocation *pci_mmcfg_config;
 int pci_mmcfg_config_num;
 
+static int acpi_mcfg_64bit_base_addr __initdata = FALSE;
+
 static int __init acpi_mcfg_oem_check(struct acpi_table_mcfg *mcfg)
 {
         if (!strcmp(mcfg->header.oem_id, "SGI"))
@@ -253,10 +252,8 @@ static void __cpuinit acpi_register_lapic(int id, u8 enabled)
                 return;
         }
 
-#ifdef CONFIG_X86_32
         if (boot_cpu_physical_apicid != -1U)
                 ver = apic_version[boot_cpu_physical_apicid];
-#endif
 
         generic_processor_info(id, ver);
 }
@@ -775,11 +772,9 @@ static void __init acpi_register_lapic_address(unsigned long address)
 
         set_fixmap_nocache(FIX_APIC_BASE, address);
         if (boot_cpu_physical_apicid == -1U) {
-                boot_cpu_physical_apicid  = GET_APIC_ID(read_apic_id());
-#ifdef CONFIG_X86_32
+                boot_cpu_physical_apicid  = read_apic_id();
                 apic_version[boot_cpu_physical_apicid] =
                          GET_APIC_VERSION(apic_read(APIC_LVR));
-#endif
         }
 }
 
@@ -1351,7 +1346,9 @@ static void __init acpi_process_madt(void)
                                 acpi_ioapic = 1;
 
                                 smp_found_config = 1;
+#ifdef CONFIG_X86_32
                                 setup_apic_routing();
+#endif
                         }
                 }
                 if (error == -EINVAL) {
@@ -1421,8 +1418,16 @@ static int __init force_acpi_ht(const struct dmi_system_id *d)
  */
 static int __init dmi_ignore_irq0_timer_override(const struct dmi_system_id *d)
 {
-        pr_notice("%s detected: Ignoring BIOS IRQ0 pin2 override\n", d->ident);
-        acpi_skip_timer_override = 1;
+        /*
+         * The ati_ixp4x0_rev() early PCI quirk should have set
+         * the acpi_skip_timer_override flag already:
+         */
+        if (!acpi_skip_timer_override) {
+                WARN(1, KERN_ERR "ati_ixp4x0 quirk not complete.\n");
+                pr_notice("%s detected: Ignoring BIOS IRQ0 pin2 override\n",
+                        d->ident);
+                acpi_skip_timer_override = 1;
+        }
         return 0;
 }
 
@@ -1605,6 +1610,14 @@ static struct dmi_system_id __initdata acpi_dmi_table[] = {
          */
         {
          .callback = dmi_ignore_irq0_timer_override,
+         .ident = "HP nx6115 laptop",
+         .matches = {
+                     DMI_MATCH(DMI_SYS_VENDOR, "Hewlett-Packard"),
+                     DMI_MATCH(DMI_PRODUCT_NAME, "HP Compaq nx6115"),
+                     },
+         },
+        {
+         .callback = dmi_ignore_irq0_timer_override,
          .ident = "HP NX6125 laptop",
          .matches = {
                      DMI_MATCH(DMI_SYS_VENDOR, "Hewlett-Packard"),
@@ -1619,6 +1632,14 @@ static struct dmi_system_id __initdata acpi_dmi_table[] = {
                      DMI_MATCH(DMI_PRODUCT_NAME, "HP Compaq nx6325"),
                      },
          },
+        {
+         .callback = dmi_ignore_irq0_timer_override,
+         .ident = "HP 6715b laptop",
+         .matches = {
+                     DMI_MATCH(DMI_SYS_VENDOR, "Hewlett-Packard"),
+                     DMI_MATCH(DMI_PRODUCT_NAME, "HP Compaq 6715b"),
+                     },
+         },
         {}
 };
 
diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c
index 2763cb37b553..a84ac7b570e6 100644
--- a/arch/x86/kernel/alternative.c
+++ b/arch/x86/kernel/alternative.c
@@ -145,35 +145,25 @@ static const unsigned char *const p6_nops[ASM_NOP_MAX+1] = {
 extern char __vsyscall_0;
 const unsigned char *const *find_nop_table(void)
 {
-        return boot_cpu_data.x86_vendor != X86_VENDOR_INTEL ||
-               boot_cpu_data.x86 < 6 ? k8_nops : p6_nops;
+        if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL &&
+            boot_cpu_has(X86_FEATURE_NOPL))
+                return p6_nops;
+        else
+                return k8_nops;
 }
 
 #else /* CONFIG_X86_64 */
 
-static const struct nop {
-        int cpuid;
-        const unsigned char *const *noptable;
-} noptypes[] = {
-        { X86_FEATURE_K8, k8_nops },
-        { X86_FEATURE_K7, k7_nops },
-        { X86_FEATURE_P4, p6_nops },
-        { X86_FEATURE_P3, p6_nops },
-        { -1, NULL }
-};
-
 const unsigned char *const *find_nop_table(void)
 {
-        const unsigned char *const *noptable = intel_nops;
-        int i;
-
-        for (i = 0; noptypes[i].cpuid >= 0; i++) {
-                if (boot_cpu_has(noptypes[i].cpuid)) {
-                        noptable = noptypes[i].noptable;
-                        break;
-                }
-        }
-        return noptable;
+        if (boot_cpu_has(X86_FEATURE_K8))
+                return k8_nops;
+        else if (boot_cpu_has(X86_FEATURE_K7))
+                return k7_nops;
+        else if (boot_cpu_has(X86_FEATURE_NOPL))
+                return p6_nops;
+        else
+                return intel_nops;
 }
 
 #endif /* CONFIG_X86_64 */
@@ -241,25 +231,25 @@ static void alternatives_smp_lock(u8 **start, u8 **end, u8 *text, u8 *text_end)
                         continue;
                 if (*ptr > text_end)
                         continue;
-                text_poke(*ptr, ((unsigned char []){0xf0}), 1); /* add lock prefix */
+                /* turn DS segment override prefix into lock prefix */
+                text_poke(*ptr, ((unsigned char []){0xf0}), 1);
         };
 }
 
 static void alternatives_smp_unlock(u8 **start, u8 **end, u8 *text, u8 *text_end)
 {
         u8 **ptr;
-        char insn[1];
 
         if (noreplace_smp)
                 return;
 
-        add_nops(insn, 1);
         for (ptr = start; ptr < end; ptr++) {
                 if (*ptr < text)
                         continue;
                 if (*ptr > text_end)
                         continue;
-                text_poke(*ptr, insn, 1);
+                /* turn lock prefix into DS segment override prefix */
+                text_poke(*ptr, ((unsigned char []){0x3E}), 1);
         };
 }
 
@@ -454,7 +444,7 @@ void __init alternative_instructions(void)
                                             _text, _etext);
 
                 /* Only switch to UP mode if we don't immediately boot others */
-                if (num_possible_cpus() == 1 || setup_max_cpus <= 1)
+                if (num_present_cpus() == 1 || setup_max_cpus <= 1)
                         alternatives_smp_switch(0);
         }
 #endif
diff --git a/arch/x86/kernel/amd_iommu.c b/arch/x86/kernel/amd_iommu.c
index 69b4d060b21c..a8fd9ebdc8e2 100644
--- a/arch/x86/kernel/amd_iommu.c
+++ b/arch/x86/kernel/amd_iommu.c
@@ -33,6 +33,10 @@
 
 static DEFINE_RWLOCK(amd_iommu_devtable_lock);
 
+/* A list of preallocated protection domains */
+static LIST_HEAD(iommu_pd_list);
+static DEFINE_SPINLOCK(iommu_pd_list_lock);
+
 /*
  * general struct to manage commands send to an IOMMU
  */
@@ -51,6 +55,102 @@ static int iommu_has_npcache(struct amd_iommu *iommu)
 
 /****************************************************************************
  *
+ * Interrupt handling functions
+ *
+ ****************************************************************************/
+
+static void iommu_print_event(void *__evt)
+{
+        u32 *event = __evt;
+        int type  = (event[1] >> EVENT_TYPE_SHIFT)  & EVENT_TYPE_MASK;
+        int devid = (event[0] >> EVENT_DEVID_SHIFT) & EVENT_DEVID_MASK;
+        int domid = (event[1] >> EVENT_DOMID_SHIFT) & EVENT_DOMID_MASK;
+        int flags = (event[1] >> EVENT_FLAGS_SHIFT) & EVENT_FLAGS_MASK;
+        u64 address = (u64)(((u64)event[3]) << 32) | event[2];
+
+        printk(KERN_ERR "AMD IOMMU: Event logged [");
+
+        switch (type) {
+        case EVENT_TYPE_ILL_DEV:
+                printk("ILLEGAL_DEV_TABLE_ENTRY device=%02x:%02x.%x "
+                       "address=0x%016llx flags=0x%04x]\n",
+                       PCI_BUS(devid), PCI_SLOT(devid), PCI_FUNC(devid),
+                       address, flags);
+                break;
+        case EVENT_TYPE_IO_FAULT:
+                printk("IO_PAGE_FAULT device=%02x:%02x.%x "
+                       "domain=0x%04x address=0x%016llx flags=0x%04x]\n",
+                       PCI_BUS(devid), PCI_SLOT(devid), PCI_FUNC(devid),
+                       domid, address, flags);
+                break;
+        case EVENT_TYPE_DEV_TAB_ERR:
+                printk("DEV_TAB_HARDWARE_ERROR device=%02x:%02x.%x "
+                       "address=0x%016llx flags=0x%04x]\n",
+                       PCI_BUS(devid), PCI_SLOT(devid), PCI_FUNC(devid),
+                       address, flags);
+                break;
+        case EVENT_TYPE_PAGE_TAB_ERR:
+                printk("PAGE_TAB_HARDWARE_ERROR device=%02x:%02x.%x "
+                       "domain=0x%04x address=0x%016llx flags=0x%04x]\n",
+                       PCI_BUS(devid), PCI_SLOT(devid), PCI_FUNC(devid),
+                       domid, address, flags);
+                break;
+        case EVENT_TYPE_ILL_CMD:
+                printk("ILLEGAL_COMMAND_ERROR address=0x%016llx]\n", address);
+                break;
+        case EVENT_TYPE_CMD_HARD_ERR:
+                printk("COMMAND_HARDWARE_ERROR address=0x%016llx "
+                       "flags=0x%04x]\n", address, flags);
+                break;
+        case EVENT_TYPE_IOTLB_INV_TO:
+                printk("IOTLB_INV_TIMEOUT device=%02x:%02x.%x "
+                       "address=0x%016llx]\n",
+                       PCI_BUS(devid), PCI_SLOT(devid), PCI_FUNC(devid),
+                       address);
+                break;
+        case EVENT_TYPE_INV_DEV_REQ:
+                printk("INVALID_DEVICE_REQUEST device=%02x:%02x.%x "
+                       "address=0x%016llx flags=0x%04x]\n",
+                       PCI_BUS(devid), PCI_SLOT(devid), PCI_FUNC(devid),
+                       address, flags);
+                break;
+        default:
+                printk(KERN_ERR "UNKNOWN type=0x%02x]\n", type);
+        }
+}
+
+static void iommu_poll_events(struct amd_iommu *iommu)
+{
+        u32 head, tail;
+        unsigned long flags;
+
+        spin_lock_irqsave(&iommu->lock, flags);
+
+        head = readl(iommu->mmio_base + MMIO_EVT_HEAD_OFFSET);
+        tail = readl(iommu->mmio_base + MMIO_EVT_TAIL_OFFSET);
+
+        while (head != tail) {
+                iommu_print_event(iommu->evt_buf + head);
+                head = (head + EVENT_ENTRY_SIZE) % iommu->evt_buf_size;
+        }
+
+        writel(head, iommu->mmio_base + MMIO_EVT_HEAD_OFFSET);
+
+        spin_unlock_irqrestore(&iommu->lock, flags);
+}
+
+irqreturn_t amd_iommu_int_handler(int irq, void *data)
+{
+        struct amd_iommu *iommu;
+
+        list_for_each_entry(iommu, &amd_iommu_list, list)
+                iommu_poll_events(iommu);
+
+        return IRQ_HANDLED;
+}
+
+/****************************************************************************
+ *
  * IOMMU command queuing functions
  *
  ****************************************************************************/
@@ -101,10 +201,10 @@ static int iommu_queue_command(struct amd_iommu *iommu, struct iommu_cmd *cmd)
  */
 static int iommu_completion_wait(struct amd_iommu *iommu)
 {
-        int ret, ready = 0;
+        int ret = 0, ready = 0;
         unsigned status = 0;
         struct iommu_cmd cmd;
-        unsigned long i = 0;
+        unsigned long flags, i = 0;
 
         memset(&cmd, 0, sizeof(cmd));
         cmd.data[0] = CMD_COMPL_WAIT_INT_MASK;
@@ -112,10 +212,12 @@ static int iommu_completion_wait(struct amd_iommu *iommu)
 
         iommu->need_sync = 0;
 
-        ret = iommu_queue_command(iommu, &cmd);
+        spin_lock_irqsave(&iommu->lock, flags);
+
+        ret = __iommu_queue_command(iommu, &cmd);
 
         if (ret)
-                return ret;
+                goto out;
 
         while (!ready && (i < EXIT_LOOP_COUNT)) {
                 ++i;
@@ -130,6 +232,8 @@ static int iommu_completion_wait(struct amd_iommu *iommu)
 
         if (unlikely((i == EXIT_LOOP_COUNT) && printk_ratelimit()))
                 printk(KERN_WARNING "AMD IOMMU: Completion wait loop failed\n");
+out:
+        spin_unlock_irqrestore(&iommu->lock, flags);
 
         return 0;
 }
@@ -140,6 +244,7 @@ static int iommu_completion_wait(struct amd_iommu *iommu)
 static int iommu_queue_inv_dev_entry(struct amd_iommu *iommu, u16 devid)
 {
         struct iommu_cmd cmd;
+        int ret;
 
         BUG_ON(iommu == NULL);
 
@@ -147,9 +252,11 @@ static int iommu_queue_inv_dev_entry(struct amd_iommu *iommu, u16 devid)
         CMD_SET_TYPE(&cmd, CMD_INV_DEV_ENTRY);
         cmd.data[0] = devid;
 
+        ret = iommu_queue_command(iommu, &cmd);
+
         iommu->need_sync = 1;
 
-        return iommu_queue_command(iommu, &cmd);
+        return ret;
 }
 
 /*
@@ -159,6 +266,7 @@ static int iommu_queue_inv_iommu_pages(struct amd_iommu *iommu,
                 u64 address, u16 domid, int pde, int s)
 {
         struct iommu_cmd cmd;
+        int ret;
 
         memset(&cmd, 0, sizeof(cmd));
         address &= PAGE_MASK;
@@ -171,9 +279,11 @@ static int iommu_queue_inv_iommu_pages(struct amd_iommu *iommu,
         if (pde) /* PDE bit - we wan't flush everything not only the PTEs */
                 cmd.data[2] |= CMD_INV_IOMMU_PAGES_PDE_MASK;
 
+        ret = iommu_queue_command(iommu, &cmd);
+
         iommu->need_sync = 1;
 
-        return iommu_queue_command(iommu, &cmd);
+        return ret;
 }
 
 /*
@@ -185,7 +295,7 @@ static int iommu_flush_pages(struct amd_iommu *iommu, u16 domid,
                 u64 address, size_t size)
 {
         int s = 0;
-        unsigned pages = iommu_num_pages(address, size);
+        unsigned pages = iommu_num_pages(address, size, PAGE_SIZE);
 
         address &= PAGE_MASK;
 
@@ -203,6 +313,14 @@ static int iommu_flush_pages(struct amd_iommu *iommu, u16 domid,
         return 0;
 }
 
+/* Flush the whole IO/TLB for a given protection domain */
+static void iommu_flush_tlb(struct amd_iommu *iommu, u16 domid)
+{
+        u64 address = CMD_INV_IOMMU_ALL_PAGES_ADDRESS;
+
+        iommu_queue_inv_iommu_pages(iommu, address, domid, 0, 1);
+}
+
 /****************************************************************************
  *
  * The functions below are used the create the page table mappings for
@@ -362,11 +480,6 @@ static int init_unity_mappings_for_device(struct dma_ops_domain *dma_dom,
  * efficient allocator.
  *
  ****************************************************************************/
-static unsigned long dma_mask_to_pages(unsigned long mask)
-{
-        return (mask >> PAGE_SHIFT) +
-                (PAGE_ALIGN(mask & ~PAGE_MASK) >> PAGE_SHIFT);
-}
 
 /*
  * The address allocator core function.
@@ -375,25 +488,31 @@ static unsigned long dma_mask_to_pages(unsigned long mask)
  */
 static unsigned long dma_ops_alloc_addresses(struct device *dev,
                                              struct dma_ops_domain *dom,
-                                             unsigned int pages)
+                                             unsigned int pages,
+                                             unsigned long align_mask,
+                                             u64 dma_mask)
 {
-        unsigned long limit = dma_mask_to_pages(*dev->dma_mask);
+        unsigned long limit;
         unsigned long address;
-        unsigned long size = dom->aperture_size >> PAGE_SHIFT;
         unsigned long boundary_size;
 
         boundary_size = ALIGN(dma_get_seg_boundary(dev) + 1,
                         PAGE_SIZE) >> PAGE_SHIFT;
-        limit = limit < size ? limit : size;
+        limit = iommu_device_max_index(dom->aperture_size >> PAGE_SHIFT, 0,
+                                       dma_mask >> PAGE_SHIFT);
 
-        if (dom->next_bit >= limit)
+        if (dom->next_bit >= limit) {
                 dom->next_bit = 0;
+                dom->need_flush = true;
+        }
 
         address = iommu_area_alloc(dom->bitmap, limit, dom->next_bit, pages,
-                        0 , boundary_size, 0);
-        if (address == -1)
+                                   0 , boundary_size, align_mask);
+        if (address == -1) {
                 address = iommu_area_alloc(dom->bitmap, limit, 0, pages,
-                                0, boundary_size, 0);
+                                0, boundary_size, align_mask);
+                dom->need_flush = true;
+        }
 
         if (likely(address != -1)) {
                 dom->next_bit = address + pages;
@@ -459,7 +578,7 @@ static void dma_ops_reserve_addresses(struct dma_ops_domain *dom,
         if (start_page + pages > last_page)
                 pages = last_page - start_page;
 
-        set_bit_string(dom->bitmap, start_page, pages);
+        iommu_area_reserve(dom->bitmap, start_page, pages);
 }
 
 static void dma_ops_free_pagetable(struct dma_ops_domain *dma_dom)
@@ -553,12 +672,16 @@ static struct dma_ops_domain *dma_ops_domain_alloc(struct amd_iommu *iommu,
         dma_dom->bitmap[0] = 1;
         dma_dom->next_bit = 0;
 
+        dma_dom->need_flush = false;
+        dma_dom->target_dev = 0xffff;
+
         /* Intialize the exclusion range if necessary */
         if (iommu->exclusion_start &&
             iommu->exclusion_start < dma_dom->aperture_size) {
                 unsigned long startpage = iommu->exclusion_start >> PAGE_SHIFT;
                 int pages = iommu_num_pages(iommu->exclusion_start,
-                                            iommu->exclusion_length);
+                                            iommu->exclusion_length,
+                                            PAGE_SIZE);
                 dma_ops_reserve_addresses(dma_dom, startpage, pages);
         }
 
@@ -623,12 +746,13 @@ static void set_device_domain(struct amd_iommu *iommu,
 
         u64 pte_root = virt_to_phys(domain->pt_root);
 
-        pte_root |= (domain->mode & 0x07) << 9;
-        pte_root |= IOMMU_PTE_IR | IOMMU_PTE_IW | IOMMU_PTE_P | 2;
+        pte_root |= (domain->mode & DEV_ENTRY_MODE_MASK)
+                    << DEV_ENTRY_MODE_SHIFT;
+        pte_root |= IOMMU_PTE_IR | IOMMU_PTE_IW | IOMMU_PTE_P | IOMMU_PTE_TV;
 
         write_lock_irqsave(&amd_iommu_devtable_lock, flags);
-        amd_iommu_dev_table[devid].data[0] = pte_root;
-        amd_iommu_dev_table[devid].data[1] = pte_root >> 32;
+        amd_iommu_dev_table[devid].data[0] = lower_32_bits(pte_root);
+        amd_iommu_dev_table[devid].data[1] = upper_32_bits(pte_root);
         amd_iommu_dev_table[devid].data[2] = domain->id;
 
         amd_iommu_pd_table[devid] = domain;
@@ -646,6 +770,45 @@ static void set_device_domain(struct amd_iommu *iommu,
  *****************************************************************************/
 
 /*
+ * This function checks if the driver got a valid device from the caller to
+ * avoid dereferencing invalid pointers.
+ */
+static bool check_device(struct device *dev)
+{
+        if (!dev || !dev->dma_mask)
+                return false;
+
+        return true;
+}
+
+/*
+ * In this function the list of preallocated protection domains is traversed to
+ * find the domain for a specific device
+ */
+static struct dma_ops_domain *find_protection_domain(u16 devid)
+{
+        struct dma_ops_domain *entry, *ret = NULL;
+        unsigned long flags;
+
+        if (list_empty(&iommu_pd_list))
+                return NULL;
+
+        spin_lock_irqsave(&iommu_pd_list_lock, flags);
+
+        list_for_each_entry(entry, &iommu_pd_list, list) {
+                if (entry->target_dev == devid) {
+                        ret = entry;
+                        list_del(&ret->list);
+                        break;
+                }
+        }
+
+        spin_unlock_irqrestore(&iommu_pd_list_lock, flags);
+
+        return ret;
+}
+
+/*
  * In the dma_ops path we only have the struct device. This function
  * finds the corresponding IOMMU, the protection domain and the
  * requestor id for a given device.
@@ -661,27 +824,30 @@ static int get_device_resources(struct device *dev,
         struct pci_dev *pcidev;
         u16 _bdf;
 
-        BUG_ON(!dev || dev->bus != &pci_bus_type || !dev->dma_mask);
+        *iommu = NULL;
+        *domain = NULL;
+        *bdf = 0xffff;
+
+        if (dev->bus != &pci_bus_type)
+                return 0;
 
         pcidev = to_pci_dev(dev);
         _bdf = calc_devid(pcidev->bus->number, pcidev->devfn);
 
         /* device not translated by any IOMMU in the system? */
-        if (_bdf > amd_iommu_last_bdf) {
-                *iommu = NULL;
-                *domain = NULL;
-                *bdf = 0xffff;
+        if (_bdf > amd_iommu_last_bdf)
                 return 0;
-        }
 
         *bdf = amd_iommu_alias_table[_bdf];
 
         *iommu = amd_iommu_rlookup_table[*bdf];
         if (*iommu == NULL)
                 return 0;
-        dma_dom = (*iommu)->default_dom;
         *domain = domain_for_device(*bdf);
         if (*domain == NULL) {
+                dma_dom = find_protection_domain(*bdf);
+                if (!dma_dom)
+                        dma_dom = (*iommu)->default_dom;
                 *domain = &dma_dom->domain;
                 set_device_domain(*iommu, *domain, *bdf);
                 printk(KERN_INFO "AMD IOMMU: Using protection domain %d for "
@@ -760,17 +926,24 @@ static dma_addr_t __map_single(struct device *dev,
                                struct dma_ops_domain *dma_dom,
                                phys_addr_t paddr,
                                size_t size,
-                               int dir)
+                               int dir,
+                               bool align,
+                               u64 dma_mask)
 {
         dma_addr_t offset = paddr & ~PAGE_MASK;
         dma_addr_t address, start;
         unsigned int pages;
+        unsigned long align_mask = 0;
         int i;
 
-        pages = iommu_num_pages(paddr, size);
+        pages = iommu_num_pages(paddr, size, PAGE_SIZE);
         paddr &= PAGE_MASK;
 
-        address = dma_ops_alloc_addresses(dev, dma_dom, pages);
+        if (align)
+                align_mask = (1UL << get_order(size)) - 1;
+
+        address = dma_ops_alloc_addresses(dev, dma_dom, pages, align_mask,
+                                          dma_mask);
         if (unlikely(address == bad_dma_address))
                 goto out;
 
@@ -782,6 +955,12 @@ static dma_addr_t __map_single(struct device *dev,
         }
         address += offset;
 
+        if (unlikely(dma_dom->need_flush && !amd_iommu_unmap_flush)) {
+                iommu_flush_tlb(iommu, dma_dom->domain.id);
+                dma_dom->need_flush = false;
+        } else if (unlikely(iommu_has_npcache(iommu)))
+                iommu_flush_pages(iommu, dma_dom->domain.id, address, size);
+
 out:
         return address;
 }
@@ -802,7 +981,7 @@ static void __unmap_single(struct amd_iommu *iommu,
         if ((dma_addr == 0) || (dma_addr + size > dma_dom->aperture_size))
                 return;
 
-        pages = iommu_num_pages(dma_addr, size);
+        pages = iommu_num_pages(dma_addr, size, PAGE_SIZE);
         dma_addr &= PAGE_MASK;
         start = dma_addr;
 
@@ -812,6 +991,9 @@ static void __unmap_single(struct amd_iommu *iommu,
         }
 
         dma_ops_free_addresses(dma_dom, dma_addr, pages);
+
+        if (amd_iommu_unmap_flush)
+                iommu_flush_pages(iommu, dma_dom->domain.id, dma_addr, size);
 }
 
 /*
@@ -825,6 +1007,12 @@ static dma_addr_t map_single(struct device *dev, phys_addr_t paddr,
         struct protection_domain *domain;
         u16 devid;
         dma_addr_t addr;
+        u64 dma_mask;
+
+        if (!check_device(dev))
+                return bad_dma_address;
+
+        dma_mask = *dev->dma_mask;
 
         get_device_resources(dev, &iommu, &domain, &devid);
 
@@ -833,14 +1021,12 @@ static dma_addr_t map_single(struct device *dev, phys_addr_t paddr,
                 return (dma_addr_t)paddr;
 
         spin_lock_irqsave(&domain->lock, flags);
-        addr = __map_single(dev, iommu, domain->priv, paddr, size, dir);
+        addr = __map_single(dev, iommu, domain->priv, paddr, size, dir, false,
+                            dma_mask);
         if (addr == bad_dma_address)
                 goto out;
 
-        if (iommu_has_npcache(iommu))
-                iommu_flush_pages(iommu, domain->id, addr, size);
-
-        if (iommu->need_sync)
+        if (unlikely(iommu->need_sync))
                 iommu_completion_wait(iommu);
 
 out:
@@ -860,7 +1046,8 @@ static void unmap_single(struct device *dev, dma_addr_t dma_addr,
         struct protection_domain *domain;
         u16 devid;
 
-        if (!get_device_resources(dev, &iommu, &domain, &devid))
+        if (!check_device(dev) ||
+            !get_device_resources(dev, &iommu, &domain, &devid))
                 /* device not handled by any AMD IOMMU */
                 return;
 
@@ -868,9 +1055,7 @@ static void unmap_single(struct device *dev, dma_addr_t dma_addr,
 
         __unmap_single(iommu, domain->priv, dma_addr, size, dir);
 
-        iommu_flush_pages(iommu, domain->id, dma_addr, size);
-
-        if (iommu->need_sync)
+        if (unlikely(iommu->need_sync))
                 iommu_completion_wait(iommu);
 
         spin_unlock_irqrestore(&domain->lock, flags);
@@ -909,6 +1094,12 @@ static int map_sg(struct device *dev, struct scatterlist *sglist,
         struct scatterlist *s;
         phys_addr_t paddr;
         int mapped_elems = 0;
+        u64 dma_mask;
+
+        if (!check_device(dev))
+                return 0;
+
+        dma_mask = *dev->dma_mask;
 
         get_device_resources(dev, &iommu, &domain, &devid);
 
@@ -921,19 +1112,17 @@ static int map_sg(struct device *dev, struct scatterlist *sglist,
                 paddr = sg_phys(s);
 
                 s->dma_address = __map_single(dev, iommu, domain->priv,
-                                              paddr, s->length, dir);
+                                              paddr, s->length, dir, false,
+                                              dma_mask);
 
                 if (s->dma_address) {
                         s->dma_length = s->length;
                         mapped_elems++;
                 } else
                         goto unmap;
-                if (iommu_has_npcache(iommu))
-                        iommu_flush_pages(iommu, domain->id, s->dma_address,
-                                          s->dma_length);
         }
 
-        if (iommu->need_sync)
+        if (unlikely(iommu->need_sync))
                 iommu_completion_wait(iommu);
 
 out:
@@ -967,7 +1156,8 @@ static void unmap_sg(struct device *dev, struct scatterlist *sglist,
         u16 devid;
         int i;
 
-        if (!get_device_resources(dev, &iommu, &domain, &devid))
+        if (!check_device(dev) ||
+            !get_device_resources(dev, &iommu, &domain, &devid))
                 return;
 
         spin_lock_irqsave(&domain->lock, flags);
@@ -975,12 +1165,10 @@ static void unmap_sg(struct device *dev, struct scatterlist *sglist,
         for_each_sg(sglist, s, nelems, i) {
                 __unmap_single(iommu, domain->priv, s->dma_address,
                                s->dma_length, dir);
-                iommu_flush_pages(iommu, domain->id, s->dma_address,
-                                  s->dma_length);
                 s->dma_address = s->dma_length = 0;
         }
 
-        if (iommu->need_sync)
+        if (unlikely(iommu->need_sync))
                 iommu_completion_wait(iommu);
 
         spin_unlock_irqrestore(&domain->lock, flags);
@@ -998,25 +1186,33 @@ static void *alloc_coherent(struct device *dev, size_t size,
         struct protection_domain *domain;
         u16 devid;
         phys_addr_t paddr;
+        u64 dma_mask = dev->coherent_dma_mask;
+
+        if (!check_device(dev))
+                return NULL;
 
+        if (!get_device_resources(dev, &iommu, &domain, &devid))
+                flag &= ~(__GFP_DMA | __GFP_HIGHMEM | __GFP_DMA32);
+
+        flag |= __GFP_ZERO;
         virt_addr = (void *)__get_free_pages(flag, get_order(size));
         if (!virt_addr)
                 return 0;
 
-        memset(virt_addr, 0, size);
         paddr = virt_to_phys(virt_addr);
 
-        get_device_resources(dev, &iommu, &domain, &devid);
-
         if (!iommu || !domain) {
                 *dma_addr = (dma_addr_t)paddr;
                 return virt_addr;
         }
 
+        if (!dma_mask)
+                dma_mask = *dev->dma_mask;
+
         spin_lock_irqsave(&domain->lock, flags);
 
         *dma_addr = __map_single(dev, iommu, domain->priv, paddr,
-                                 size, DMA_BIDIRECTIONAL);
+                                 size, DMA_BIDIRECTIONAL, true, dma_mask);
 
         if (*dma_addr == bad_dma_address) {
                 free_pages((unsigned long)virt_addr, get_order(size));
@@ -1024,10 +1220,7 @@ static void *alloc_coherent(struct device *dev, size_t size,
                 goto out;
         }
 
-        if (iommu_has_npcache(iommu))
-                iommu_flush_pages(iommu, domain->id, *dma_addr, size);
-
-        if (iommu->need_sync)
+        if (unlikely(iommu->need_sync))
                 iommu_completion_wait(iommu);
 
 out:
@@ -1038,8 +1231,6 @@ out:
 
 /*
  * The exported free_coherent function for dma_ops.
- * FIXME: fix the generic x86 DMA layer so that it actually calls that
- *        function.
  */
 static void free_coherent(struct device *dev, size_t size,
                           void *virt_addr, dma_addr_t dma_addr)
@@ -1049,6 +1240,9 @@ static void free_coherent(struct device *dev, size_t size,
         struct protection_domain *domain;
         u16 devid;
 
+        if (!check_device(dev))
+                return;
+
         get_device_resources(dev, &iommu, &domain, &devid);
 
         if (!iommu || !domain)
@@ -1057,9 +1251,8 @@ static void free_coherent(struct device *dev, size_t size,
         spin_lock_irqsave(&domain->lock, flags);
 
         __unmap_single(iommu, domain->priv, dma_addr, size, DMA_BIDIRECTIONAL);
-        iommu_flush_pages(iommu, domain->id, dma_addr, size);
 
-        if (iommu->need_sync)
+        if (unlikely(iommu->need_sync))
                 iommu_completion_wait(iommu);
 
         spin_unlock_irqrestore(&domain->lock, flags);
@@ -1069,6 +1262,30 @@ free_mem:
 }
 
 /*
+ * This function is called by the DMA layer to find out if we can handle a
+ * particular device. It is part of the dma_ops.
+ */
+static int amd_iommu_dma_supported(struct device *dev, u64 mask)
+{
+        u16 bdf;
+        struct pci_dev *pcidev;
+
+        /* No device or no PCI device */
+        if (!dev || dev->bus != &pci_bus_type)
+                return 0;
+
+        pcidev = to_pci_dev(dev);
+
+        bdf = calc_devid(pcidev->bus->number, pcidev->devfn);
+
+        /* Out of our scope? */
+        if (bdf > amd_iommu_last_bdf)
+                return 0;
+
+        return 1;
+}
+
+/*
  * The function for pre-allocating protection domains.
  *
  * If the driver core informs the DMA layer if a driver grabs a device
@@ -1097,10 +1314,9 @@ void prealloc_protection_domains(void)
                 if (!dma_dom)
                         continue;
                 init_unity_mappings_for_device(dma_dom, devid);
-                set_device_domain(iommu, &dma_dom->domain, devid);
-                printk(KERN_INFO "AMD IOMMU: Allocated domain %d for device ",
-                       dma_dom->domain.id);
-                print_devid(devid, 1);
+                dma_dom->target_dev = devid;
+
+                list_add_tail(&dma_dom->list, &iommu_pd_list);
         }
 }
 
@@ -1111,6 +1327,7 @@ static struct dma_mapping_ops amd_iommu_dma_ops = {
         .unmap_single = unmap_single,
         .map_sg = map_sg,
         .unmap_sg = unmap_sg,
+        .dma_supported = amd_iommu_dma_supported,
 };
 
 /*
diff --git a/arch/x86/kernel/amd_iommu_init.c b/arch/x86/kernel/amd_iommu_init.c
index a69cc0f52042..4cd8083c58be 100644
--- a/arch/x86/kernel/amd_iommu_init.c
+++ b/arch/x86/kernel/amd_iommu_init.c
@@ -22,6 +22,8 @@
 #include <linux/gfp.h>
 #include <linux/list.h>
 #include <linux/sysdev.h>
+#include <linux/interrupt.h>
+#include <linux/msi.h>
 #include <asm/pci-direct.h>
 #include <asm/amd_iommu_types.h>
 #include <asm/amd_iommu.h>
@@ -30,7 +32,6 @@
 /*
  * definitions for the ACPI scanning code
  */
-#define PCI_BUS(x) (((x) >> 8) & 0xff)
 #define IVRS_HEADER_LENGTH 48
 
 #define ACPI_IVHD_TYPE                  0x10
@@ -121,6 +122,7 @@ LIST_HEAD(amd_iommu_unity_map);		/* a list of required unity mappings
                                            we find in ACPI */
 unsigned amd_iommu_aperture_order = 26; /* size of aperture in power of 2 */
 int amd_iommu_isolate;                  /* if 1, device isolation is enabled */
+bool amd_iommu_unmap_flush;             /* if true, flush on every unmap */
 
 LIST_HEAD(amd_iommu_list);              /* list of all AMD IOMMUs in the
                                            system */
@@ -234,7 +236,7 @@ static void __init iommu_feature_disable(struct amd_iommu *iommu, u8 bit)
 {
         u32 ctrl;
 
-        ctrl = (u64)readl(iommu->mmio_base + MMIO_CONTROL_OFFSET);
+        ctrl = readl(iommu->mmio_base + MMIO_CONTROL_OFFSET);
         ctrl &= ~(1 << bit);
         writel(ctrl, iommu->mmio_base + MMIO_CONTROL_OFFSET);
 }
@@ -242,13 +244,23 @@ static void __init iommu_feature_disable(struct amd_iommu *iommu, u8 bit)
 /* Function to enable the hardware */
 void __init iommu_enable(struct amd_iommu *iommu)
 {
-        printk(KERN_INFO "AMD IOMMU: Enabling IOMMU at ");
-        print_devid(iommu->devid, 0);
-        printk(" cap 0x%hx\n", iommu->cap_ptr);
+        printk(KERN_INFO "AMD IOMMU: Enabling IOMMU "
+               "at %02x:%02x.%x cap 0x%hx\n",
+               iommu->dev->bus->number,
+               PCI_SLOT(iommu->dev->devfn),
+               PCI_FUNC(iommu->dev->devfn),
+               iommu->cap_ptr);
 
         iommu_feature_enable(iommu, CONTROL_IOMMU_EN);
 }
 
+/* Function to enable IOMMU event logging and event interrupts */
+void __init iommu_enable_event_logging(struct amd_iommu *iommu)
+{
+        iommu_feature_enable(iommu, CONTROL_EVT_LOG_EN);
+        iommu_feature_enable(iommu, CONTROL_EVT_INT_EN);
+}
+
 /*
  * mapping and unmapping functions for the IOMMU MMIO space. Each AMD IOMMU in
  * the system has one.
@@ -286,6 +298,14 @@ static void __init iommu_unmap_mmio_space(struct amd_iommu *iommu)
  ****************************************************************************/
 
 /*
+ * This function calculates the length of a given IVHD entry
+ */
+static inline int ivhd_entry_length(u8 *ivhd)
+{
+        return 0x04 << (*ivhd >> 6);
+}
+
+/*
  * This function reads the last device id the IOMMU has to handle from the PCI
  * capability header for this IOMMU
  */
@@ -329,7 +349,7 @@ static int __init find_last_devid_from_ivhd(struct ivhd_header *h)
                 default:
                         break;
                 }
-                p += 0x04 << (*p >> 6);
+                p += ivhd_entry_length(p);
         }
 
         WARN_ON(p != end);
@@ -414,7 +434,32 @@ static u8 * __init alloc_command_buffer(struct amd_iommu *iommu)
 
 static void __init free_command_buffer(struct amd_iommu *iommu)
 {
-        free_pages((unsigned long)iommu->cmd_buf, get_order(CMD_BUFFER_SIZE));
+        free_pages((unsigned long)iommu->cmd_buf,
+                   get_order(iommu->cmd_buf_size));
+}
+
+/* allocates the memory where the IOMMU will log its events to */
+static u8 * __init alloc_event_buffer(struct amd_iommu *iommu)
+{
+        u64 entry;
+        iommu->evt_buf = (u8 *)__get_free_pages(GFP_KERNEL | __GFP_ZERO,
+                                                get_order(EVT_BUFFER_SIZE));
+
+        if (iommu->evt_buf == NULL)
+                return NULL;
+
+        entry = (u64)virt_to_phys(iommu->evt_buf) | EVT_LEN_MASK;
+        memcpy_toio(iommu->mmio_base + MMIO_EVT_BUF_OFFSET,
+                    &entry, sizeof(entry));
+
+        iommu->evt_buf_size = EVT_BUFFER_SIZE;
+
+        return iommu->evt_buf;
+}
+
+static void __init free_event_buffer(struct amd_iommu *iommu)
+{
+        free_pages((unsigned long)iommu->evt_buf, get_order(EVT_BUFFER_SIZE));
 }
 
 /* sets a specific bit in the device table entry. */
@@ -487,19 +532,21 @@ static void __init set_device_exclusion_range(u16 devid, struct ivmd_header *m)
  */
 static void __init init_iommu_from_pci(struct amd_iommu *iommu)
 {
-        int bus = PCI_BUS(iommu->devid);
-        int dev = PCI_SLOT(iommu->devid);
-        int fn  = PCI_FUNC(iommu->devid);
         int cap_ptr = iommu->cap_ptr;
-        u32 range;
+        u32 range, misc;
 
-        iommu->cap = read_pci_config(bus, dev, fn, cap_ptr+MMIO_CAP_HDR_OFFSET);
+        pci_read_config_dword(iommu->dev, cap_ptr + MMIO_CAP_HDR_OFFSET,
+                              &iommu->cap);
+        pci_read_config_dword(iommu->dev, cap_ptr + MMIO_RANGE_OFFSET,
+                              &range);
+        pci_read_config_dword(iommu->dev, cap_ptr + MMIO_MISC_OFFSET,
+                              &misc);
 
-        range = read_pci_config(bus, dev, fn, cap_ptr+MMIO_RANGE_OFFSET);
         iommu->first_device = calc_devid(MMIO_GET_BUS(range),
                                          MMIO_GET_FD(range));
         iommu->last_device = calc_devid(MMIO_GET_BUS(range),
                                         MMIO_GET_LD(range));
+        iommu->evt_msi_num = MMIO_MSI_NUM(misc);
 }
 
 /*
@@ -604,7 +651,7 @@ static void __init init_iommu_from_acpi(struct amd_iommu *iommu,
                         break;
                 }
 
-                p += 0x04 << (e->type >> 6);
+                p += ivhd_entry_length(p);
         }
 }
 
@@ -622,6 +669,7 @@ static int __init init_iommu_devices(struct amd_iommu *iommu)
 static void __init free_iommu_one(struct amd_iommu *iommu)
 {
         free_command_buffer(iommu);
+        free_event_buffer(iommu);
         iommu_unmap_mmio_space(iommu);
 }
 
@@ -649,8 +697,12 @@ static int __init init_iommu_one(struct amd_iommu *iommu, struct ivhd_header *h)
         /*
          * Copy data from ACPI table entry to the iommu struct
          */
-        iommu->devid = h->devid;
+        iommu->dev = pci_get_bus_and_slot(PCI_BUS(h->devid), h->devid & 0xff);
+        if (!iommu->dev)
+                return 1;
+
         iommu->cap_ptr = h->cap_ptr;
+        iommu->pci_seg = h->pci_seg;
         iommu->mmio_phys = h->mmio_phys;
         iommu->mmio_base = iommu_map_mmio_space(h->mmio_phys);
         if (!iommu->mmio_base)
@@ -661,11 +713,17 @@ static int __init init_iommu_one(struct amd_iommu *iommu, struct ivhd_header *h)
         if (!iommu->cmd_buf)
                 return -ENOMEM;
 
+        iommu->evt_buf = alloc_event_buffer(iommu);
+        if (!iommu->evt_buf)
+                return -ENOMEM;
+
+        iommu->int_enabled = false;
+
         init_iommu_from_pci(iommu);
         init_iommu_from_acpi(iommu, h);
         init_iommu_devices(iommu);
 
-        return 0;
+        return pci_enable_device(iommu->dev);
 }
 
 /*
@@ -706,6 +764,95 @@ static int __init init_iommu_all(struct acpi_table_header *table)
 
 /****************************************************************************
  *
+ * The following functions initialize the MSI interrupts for all IOMMUs
+ * in the system. Its a bit challenging because there could be multiple
+ * IOMMUs per PCI BDF but we can call pci_enable_msi(x) only once per
+ * pci_dev.
+ *
+ ****************************************************************************/
+
+static int __init iommu_setup_msix(struct amd_iommu *iommu)
+{
+        struct amd_iommu *curr;
+        struct msix_entry entries[32]; /* only 32 supported by AMD IOMMU */
+        int nvec = 0, i;
+
+        list_for_each_entry(curr, &amd_iommu_list, list) {
+                if (curr->dev == iommu->dev) {
+                        entries[nvec].entry = curr->evt_msi_num;
+                        entries[nvec].vector = 0;
+                        curr->int_enabled = true;
+                        nvec++;
+                }
+        }
+
+        if (pci_enable_msix(iommu->dev, entries, nvec)) {
+                pci_disable_msix(iommu->dev);
+                return 1;
+        }
+
+        for (i = 0; i < nvec; ++i) {
+                int r = request_irq(entries->vector, amd_iommu_int_handler,
+                                    IRQF_SAMPLE_RANDOM,
+                                    "AMD IOMMU",
+                                    NULL);
+                if (r)
+                        goto out_free;
+        }
+
+        return 0;
+
+out_free:
+        for (i -= 1; i >= 0; --i)
+                free_irq(entries->vector, NULL);
+
+        pci_disable_msix(iommu->dev);
+
+        return 1;
+}
+
+static int __init iommu_setup_msi(struct amd_iommu *iommu)
+{
+        int r;
+        struct amd_iommu *curr;
+
+        list_for_each_entry(curr, &amd_iommu_list, list) {
+                if (curr->dev == iommu->dev)
+                        curr->int_enabled = true;
+        }
+
+
+        if (pci_enable_msi(iommu->dev))
+                return 1;
+
+        r = request_irq(iommu->dev->irq, amd_iommu_int_handler,
+                        IRQF_SAMPLE_RANDOM,
+                        "AMD IOMMU",
+                        NULL);
+
+        if (r) {
+                pci_disable_msi(iommu->dev);
+                return 1;
+        }
+
+        return 0;
+}
+
+static int __init iommu_init_msi(struct amd_iommu *iommu)
+{
+        if (iommu->int_enabled)
+                return 0;
+
+        if (pci_find_capability(iommu->dev, PCI_CAP_ID_MSIX))
+                return iommu_setup_msix(iommu);
+        else if (pci_find_capability(iommu->dev, PCI_CAP_ID_MSI))
+                return iommu_setup_msi(iommu);
+
+        return 1;
+}
+
+/****************************************************************************
+ *
  * The next functions belong to the third pass of parsing the ACPI
  * table. In this last pass the memory mapping requirements are
  * gathered (like exclusion and unity mapping reanges).
@@ -811,7 +958,6 @@ static void init_device_table(void)
         for (devid = 0; devid <= amd_iommu_last_bdf; ++devid) {
                 set_dev_entry_bit(devid, DEV_ENTRY_VALID);
                 set_dev_entry_bit(devid, DEV_ENTRY_TRANSLATION);
-                set_dev_entry_bit(devid, DEV_ENTRY_NO_PAGE_FAULT);
         }
 }
 
@@ -825,6 +971,8 @@ static void __init enable_iommus(void)
 
         list_for_each_entry(iommu, &amd_iommu_list, list) {
                 iommu_set_exclusion_range(iommu);
+                iommu_init_msi(iommu);
+                iommu_enable_event_logging(iommu);
                 iommu_enable(iommu);
         }
 }
@@ -995,11 +1143,17 @@ int __init amd_iommu_init(void)
         else
                 printk("disabled\n");
 
+        if (amd_iommu_unmap_flush)
+                printk(KERN_INFO "AMD IOMMU: IO/TLB flush on unmap enabled\n");
+        else
+                printk(KERN_INFO "AMD IOMMU: Lazy IO/TLB flushing enabled\n");
+
 out:
         return ret;
 
 free:
-        free_pages((unsigned long)amd_iommu_pd_alloc_bitmap, 1);
+        free_pages((unsigned long)amd_iommu_pd_alloc_bitmap,
+                   get_order(MAX_DOMAIN_ID/8));
 
         free_pages((unsigned long)amd_iommu_pd_table,
                    get_order(rlookup_table_size));
@@ -1057,8 +1211,10 @@ void __init amd_iommu_detect(void)
 static int __init parse_amd_iommu_options(char *str)
 {
         for (; *str; ++str) {
-                if (strcmp(str, "isolate") == 0)
+                if (strncmp(str, "isolate", 7) == 0)
                         amd_iommu_isolate = 1;
+                if (strncmp(str, "fullflush", 11) == 0)
+                        amd_iommu_unmap_flush = true;
         }
 
         return 1;
diff --git a/arch/x86/kernel/aperture_64.c b/arch/x86/kernel/aperture_64.c
index 44e21826db11..9a32b37ee2ee 100644
--- a/arch/x86/kernel/aperture_64.c
+++ b/arch/x86/kernel/aperture_64.c
@@ -455,11 +455,11 @@ out:
                    force_iommu ||
                    valid_agp ||
                    fallback_aper_force) {
-                printk(KERN_ERR
+                printk(KERN_INFO
                         "Your BIOS doesn't leave a aperture memory hole\n");
-                printk(KERN_ERR
+                printk(KERN_INFO
                         "Please enable the IOMMU option in the BIOS setup\n");
-                printk(KERN_ERR
+                printk(KERN_INFO
                         "This costs you %d MB of RAM\n",
                                 32 << fallback_aper_order);
 
diff --git a/arch/x86/kernel/apic_32.c b/arch/x86/kernel/apic_32.c
index f88bd0d982b0..21c831d96af3 100644
--- a/arch/x86/kernel/apic_32.c
+++ b/arch/x86/kernel/apic_32.c
@@ -60,10 +60,8 @@ unsigned long mp_lapic_addr;
 static int force_enable_local_apic;
 int disable_apic;
 
-/* Local APIC timer verification ok */
-static int local_apic_timer_verify_ok;
 /* Disable local APIC timer from the kernel commandline or via dmi quirk */
-static int local_apic_timer_disabled;
+static int disable_apic_timer __cpuinitdata;
 /* Local APIC timer works in C2 */
 int local_apic_timer_c2_ok;
 EXPORT_SYMBOL_GPL(local_apic_timer_c2_ok);
@@ -130,7 +128,11 @@ static inline int lapic_get_version(void)
  */
 static inline int lapic_is_integrated(void)
 {
+#ifdef CONFIG_X86_64
+        return 1;
+#else
         return APIC_INTEGRATED(lapic_get_version());
+#endif
 }
 
 /*
@@ -145,13 +147,18 @@ static int modern_apic(void)
         return lapic_get_version() >= 0x14;
 }
 
-void apic_wait_icr_idle(void)
+/*
+ * Paravirt kernels also might be using these below ops. So we still
+ * use generic apic_read()/apic_write(), which might be pointing to different
+ * ops in PARAVIRT case.
+ */
+void xapic_wait_icr_idle(void)
 {
         while (apic_read(APIC_ICR) & APIC_ICR_BUSY)
                 cpu_relax();
 }
 
-u32 safe_apic_wait_icr_idle(void)
+u32 safe_xapic_wait_icr_idle(void)
 {
         u32 send_status;
         int timeout;
@@ -167,16 +174,48 @@ u32 safe_apic_wait_icr_idle(void)
         return send_status;
 }
 
+void xapic_icr_write(u32 low, u32 id)
+{
+        apic_write(APIC_ICR2, SET_APIC_DEST_FIELD(id));
+        apic_write(APIC_ICR, low);
+}
+
+u64 xapic_icr_read(void)
+{
+        u32 icr1, icr2;
+
+        icr2 = apic_read(APIC_ICR2);
+        icr1 = apic_read(APIC_ICR);
+
+        return icr1 | ((u64)icr2 << 32);
+}
+
+static struct apic_ops xapic_ops = {
+        .read = native_apic_mem_read,
+        .write = native_apic_mem_write,
+        .icr_read = xapic_icr_read,
+        .icr_write = xapic_icr_write,
+        .wait_icr_idle = xapic_wait_icr_idle,
+        .safe_wait_icr_idle = safe_xapic_wait_icr_idle,
+};
+
+struct apic_ops __read_mostly *apic_ops = &xapic_ops;
+EXPORT_SYMBOL_GPL(apic_ops);
+
 /**
  * enable_NMI_through_LVT0 - enable NMI through local vector table 0
  */
 void __cpuinit enable_NMI_through_LVT0(void)
 {
-        unsigned int v = APIC_DM_NMI;
+        unsigned int v;
 
-        /* Level triggered for 82489DX */
+        /* unmask and set to NMI */
+        v = APIC_DM_NMI;
+
+        /* Level triggered for 82489DX (32bit mode) */
         if (!lapic_is_integrated())
                 v |= APIC_LVT_LEVEL_TRIGGER;
+
         apic_write(APIC_LVT0, v);
 }
 
@@ -193,9 +232,13 @@ int get_physical_broadcast(void)
  */
 int lapic_get_maxlvt(void)
 {
-        unsigned int v = apic_read(APIC_LVR);
+        unsigned int v;
 
-        /* 82489DXs do not report # of LVT entries. */
+        v = apic_read(APIC_LVR);
+        /*
+         * - we always have APIC integrated on 64bit mode
+         * - 82489DXs do not report # of LVT entries
+         */
         return APIC_INTEGRATED(GET_APIC_VERSION(v)) ? GET_APIC_MAXLVT(v) : 2;
 }
 
@@ -203,8 +246,12 @@ int lapic_get_maxlvt(void)
  * Local APIC timer
  */
 
-/* Clock divisor is set to 16 */
+/* Clock divisor */
+#ifdef CONFG_X86_64
+#define APIC_DIVISOR 1
+#else
 #define APIC_DIVISOR 16
+#endif
 
 /*
  * This function sets up the local APIC timer, with a timeout of
@@ -212,6 +259,9 @@ int lapic_get_maxlvt(void)
  * this function twice on the boot CPU, once with a bogus timeout
  * value, second time for real. The other (noncalibrating) CPUs
  * call this function only once, with the real, calibrated value.
+ *
+ * We do reads before writes even if unnecessary, to get around the
+ * P5 APIC double write bug.
  */
 static void __setup_APIC_LVTT(unsigned int clocks, int oneshot, int irqen)
 {
@@ -233,14 +283,48 @@ static void __setup_APIC_LVTT(unsigned int clocks, int oneshot, int irqen)
          */
         tmp_value = apic_read(APIC_TDCR);
         apic_write(APIC_TDCR,
-                   (tmp_value & ~(APIC_TDR_DIV_1 | APIC_TDR_DIV_TMBASE)) |
-                   APIC_TDR_DIV_16);
+                (tmp_value & ~(APIC_TDR_DIV_1 | APIC_TDR_DIV_TMBASE)) |
+                APIC_TDR_DIV_16);
 
         if (!oneshot)
                 apic_write(APIC_TMICT, clocks / APIC_DIVISOR);
 }
 
 /*
+ * Setup extended LVT, AMD specific (K8, family 10h)
+ *
+ * Vector mappings are hard coded. On K8 only offset 0 (APIC500) and
+ * MCE interrupts are supported. Thus MCE offset must be set to 0.
+ *
+ * If mask=1, the LVT entry does not generate interrupts while mask=0
+ * enables the vector. See also the BKDGs.
+ */
+
+#define APIC_EILVT_LVTOFF_MCE 0
+#define APIC_EILVT_LVTOFF_IBS 1
+
+static void setup_APIC_eilvt(u8 lvt_off, u8 vector, u8 msg_type, u8 mask)
+{
+        unsigned long reg = (lvt_off << 4) + APIC_EILVT0;
+        unsigned int  v   = (mask << 16) | (msg_type << 8) | vector;
+
+        apic_write(reg, v);
+}
+
+u8 setup_APIC_eilvt_mce(u8 vector, u8 msg_type, u8 mask)
+{
+        setup_APIC_eilvt(APIC_EILVT_LVTOFF_MCE, vector, msg_type, mask);
+        return APIC_EILVT_LVTOFF_MCE;
+}
+
+u8 setup_APIC_eilvt_ibs(u8 vector, u8 msg_type, u8 mask)
+{
+        setup_APIC_eilvt(APIC_EILVT_LVTOFF_IBS, vector, msg_type, mask);
+        return APIC_EILVT_LVTOFF_IBS;
+}
+EXPORT_SYMBOL_GPL(setup_APIC_eilvt_ibs);
+
+/*
  * Program the next event, relative to now
  */
 static int lapic_next_event(unsigned long delta,
@@ -259,8 +343,8 @@ static void lapic_timer_setup(enum clock_event_mode mode,
         unsigned long flags;
         unsigned int v;
 
-        /* Lapic used for broadcast ? */
-        if (!local_apic_timer_verify_ok)
+        /* Lapic used as dummy for broadcast ? */
+        if (evt->features & CLOCK_EVT_FEAT_DUMMY)
                 return;
 
         local_irq_save(flags);
@@ -473,7 +557,7 @@ static int __init calibrate_APIC_clock(void)
                 return -1;
         }
 
-        local_apic_timer_verify_ok = 1;
+        levt->features &= ~CLOCK_EVT_FEAT_DUMMY;
 
         /* We trust the pm timer based calibration */
         if (!pm_referenced) {
@@ -507,11 +591,11 @@ static int __init calibrate_APIC_clock(void)
                 if (deltaj >= LAPIC_CAL_LOOPS-2 && deltaj <= LAPIC_CAL_LOOPS+2)
                         apic_printk(APIC_VERBOSE, "... jiffies result ok\n");
                 else
-                        local_apic_timer_verify_ok = 0;
+                        levt->features |= CLOCK_EVT_FEAT_DUMMY;
         } else
                 local_irq_enable();
 
-        if (!local_apic_timer_verify_ok) {
+        if (levt->features & CLOCK_EVT_FEAT_DUMMY) {
                 printk(KERN_WARNING
                        "APIC timer disabled due to verification failure.\n");
                         return -1;
@@ -533,7 +617,8 @@ void __init setup_boot_APIC_clock(void)
          * timer as a dummy clock event source on SMP systems, so the
          * broadcast mechanism is used. On UP systems simply ignore it.
          */
-        if (local_apic_timer_disabled) {
+        if (disable_apic_timer) {
+                printk(KERN_INFO "Disabling APIC timer\n");
                 /* No broadcast on UP ! */
                 if (num_possible_cpus() > 1) {
                         lapic_clockevent.mult = 1;
@@ -602,7 +687,11 @@ static void local_apic_timer_interrupt(void)
         /*
          * the NMI deadlock-detector uses this.
          */
+#ifdef CONFIG_X86_64
+        add_pda(apic_timer_irqs, 1);
+#else
         per_cpu(irq_stat, cpu).apic_timer_irqs++;
+#endif
 
         evt->event_handler(evt);
 }
@@ -642,35 +731,6 @@ int setup_profiling_timer(unsigned int multiplier)
 }
 
 /*
- * Setup extended LVT, AMD specific (K8, family 10h)
- *
- * Vector mappings are hard coded. On K8 only offset 0 (APIC500) and
- * MCE interrupts are supported. Thus MCE offset must be set to 0.
- */
-
-#define APIC_EILVT_LVTOFF_MCE 0
-#define APIC_EILVT_LVTOFF_IBS 1
-
-static void setup_APIC_eilvt(u8 lvt_off, u8 vector, u8 msg_type, u8 mask)
-{
-        unsigned long reg = (lvt_off << 4) + APIC_EILVT0;
-        unsigned int  v   = (mask << 16) | (msg_type << 8) | vector;
-        apic_write(reg, v);
-}
-
-u8 setup_APIC_eilvt_mce(u8 vector, u8 msg_type, u8 mask)
-{
-        setup_APIC_eilvt(APIC_EILVT_LVTOFF_MCE, vector, msg_type, mask);
-        return APIC_EILVT_LVTOFF_MCE;
-}
-
-u8 setup_APIC_eilvt_ibs(u8 vector, u8 msg_type, u8 mask)
-{
-        setup_APIC_eilvt(APIC_EILVT_LVTOFF_IBS, vector, msg_type, mask);
-        return APIC_EILVT_LVTOFF_IBS;
-}
-
-/*
  * Local APIC start and shutdown
  */
 
@@ -715,7 +775,7 @@ void clear_local_APIC(void)
         }
 
         /* lets not touch this if we didn't frob it */
-#ifdef CONFIG_X86_MCE_P4THERMAL
+#if defined(CONFIG_X86_MCE_P4THERMAL) || defined(X86_MCE_INTEL)
         if (maxlvt >= 5) {
                 v = apic_read(APIC_LVTTHMR);
                 apic_write(APIC_LVTTHMR, v | APIC_LVT_MASKED);
@@ -732,10 +792,6 @@ void clear_local_APIC(void)
         if (maxlvt >= 4)
                 apic_write(APIC_LVTPC, APIC_LVT_MASKED);
 
-#ifdef CONFIG_X86_MCE_P4THERMAL
-        if (maxlvt >= 5)
-                apic_write(APIC_LVTTHMR, APIC_LVT_MASKED);
-#endif
         /* Integrated APIC (!82489DX) ? */
         if (lapic_is_integrated()) {
                 if (maxlvt > 3)
@@ -750,7 +806,7 @@ void clear_local_APIC(void)
  */
 void disable_local_APIC(void)
 {
-        unsigned long value;
+        unsigned int value;
 
         clear_local_APIC();
 
@@ -762,6 +818,7 @@ void disable_local_APIC(void)
         value &= ~APIC_SPIV_APIC_ENABLED;
         apic_write(APIC_SPIV, value);
 
+#ifdef CONFIG_X86_32
         /*
          * When LAPIC was disabled by the BIOS and enabled by the kernel,
          * restore the disabled state.
@@ -773,6 +830,7 @@ void disable_local_APIC(void)
                 l &= ~MSR_IA32_APICBASE_ENABLE;
                 wrmsr(MSR_IA32_APICBASE, l, h);
         }
+#endif
 }
 
 /*
@@ -789,11 +847,15 @@ void lapic_shutdown(void)
                 return;
 
         local_irq_save(flags);
-        clear_local_APIC();
 
-        if (enabled_via_apicbase)
+#ifdef CONFIG_X86_32
+        if (!enabled_via_apicbase)
+                clear_local_APIC();
+        else
+#endif
                 disable_local_APIC();
 
+
         local_irq_restore(flags);
 }
 
@@ -838,6 +900,12 @@ int __init verify_local_APIC(void)
          */
         reg0 = apic_read(APIC_ID);
         apic_printk(APIC_DEBUG, "Getting ID: %x\n", reg0);
+        apic_write(APIC_ID, reg0 ^ APIC_ID_MASK);
+        reg1 = apic_read(APIC_ID);
+        apic_printk(APIC_DEBUG, "Getting ID: %x\n", reg1);
+        apic_write(APIC_ID, reg0);
+        if (reg1 != (reg0 ^ APIC_ID_MASK))
+                return 0;
 
         /*
          * The next two are just to see if we have sane values.
@@ -863,14 +931,15 @@ void __init sync_Arb_IDs(void)
          */
         if (modern_apic() || boot_cpu_data.x86_vendor == X86_VENDOR_AMD)
                 return;
+
         /*
          * Wait for idle.
          */
         apic_wait_icr_idle();
 
         apic_printk(APIC_DEBUG, "Synchronizing Arb IDs.\n");
-        apic_write(APIC_ICR,
-                   APIC_DEST_ALLINC | APIC_INT_LEVELTRIG | APIC_DM_INIT);
+        apic_write(APIC_ICR, APIC_DEST_ALLINC |
+                        APIC_INT_LEVELTRIG | APIC_DM_INIT);
 }
 
 /*
@@ -878,7 +947,7 @@ void __init sync_Arb_IDs(void)
  */
 void __init init_bsp_APIC(void)
 {
-        unsigned long value;
+        unsigned int value;
 
         /*
          * Don't do the setup now if we have a SMP BIOS as the
@@ -899,11 +968,13 @@ void __init init_bsp_APIC(void)
         value &= ~APIC_VECTOR_MASK;
         value |= APIC_SPIV_APIC_ENABLED;
 
+#ifdef CONFIG_X86_32
         /* This bit is reserved on P4/Xeon and should be cleared */
         if ((boot_cpu_data.x86_vendor == X86_VENDOR_INTEL) &&
             (boot_cpu_data.x86 == 15))
                 value &= ~APIC_SPIV_FOCUS_DISABLED;
         else
+#endif
                 value |= APIC_SPIV_FOCUS_DISABLED;
         value |= SPURIOUS_APIC_VECTOR;
         apic_write(APIC_SPIV, value);
@@ -922,6 +993,16 @@ static void __cpuinit lapic_setup_esr(void)
 {
         unsigned long oldvalue, value, maxlvt;
         if (lapic_is_integrated() && !esr_disable) {
+                if (esr_disable) {
+                        /*
+                         * Something untraceable is creating bad interrupts on
+                         * secondary quads ... for the moment, just leave the
+                         * ESR disabled - we can't do anything useful with the
+                         * errors anyway - mbligh
+                         */
+                        printk(KERN_INFO "Leaving ESR disabled.\n");
+                        return;
+                }
                 /* !82489DX */
                 maxlvt = lapic_get_maxlvt();
                 if (maxlvt > 3)         /* Due to the Pentium erratum 3AP. */
@@ -942,16 +1023,7 @@ static void __cpuinit lapic_setup_esr(void)
                                 "vector: 0x%08lx  after: 0x%08lx\n",
                                 oldvalue, value);
         } else {
-                if (esr_disable)
-                        /*
-                         * Something untraceable is creating bad interrupts on
-                         * secondary quads ... for the moment, just leave the
-                         * ESR disabled - we can't do anything useful with the
-                         * errors anyway - mbligh
-                         */
-                        printk(KERN_INFO "Leaving ESR disabled.\n");
-                else
-                        printk(KERN_INFO "No ESR for 82489DX.\n");
+                printk(KERN_INFO "No ESR for 82489DX.\n");
         }
 }
 
@@ -1089,13 +1161,17 @@ void __cpuinit setup_local_APIC(void)
 
 void __cpuinit end_local_APIC_setup(void)
 {
-        unsigned long value;
-
         lapic_setup_esr();
-        /* Disable the local apic timer */
-        value = apic_read(APIC_LVTT);
-        value |= (APIC_LVT_MASKED | LOCAL_TIMER_VECTOR);
-        apic_write(APIC_LVTT, value);
+
+#ifdef CONFIG_X86_32
+        {
+                unsigned int value;
+                /* Disable the local apic timer */
+                value = apic_read(APIC_LVTT);
+                value |= (APIC_LVT_MASKED | LOCAL_TIMER_VECTOR);
+                apic_write(APIC_LVTT, value);
+        }
+#endif
 
         setup_apic_nmi_watchdog(NULL);
         apic_pm_activate();
@@ -1205,7 +1281,7 @@ void __init init_apic_mappings(void)
          * default configuration (or the MP table is broken).
          */
         if (boot_cpu_physical_apicid == -1U)
-                boot_cpu_physical_apicid = GET_APIC_ID(read_apic_id());
+                boot_cpu_physical_apicid = read_apic_id();
 
 }
 
@@ -1242,7 +1318,7 @@ int __init APIC_init_uniprocessor(void)
          * might be zero if read from MP tables. Get it from LAPIC.
          */
 #ifdef CONFIG_CRASH_DUMP
-        boot_cpu_physical_apicid = GET_APIC_ID(read_apic_id());
+        boot_cpu_physical_apicid = read_apic_id();
 #endif
         physid_set_mask_of_physid(boot_cpu_physical_apicid, &phys_cpu_present_map);
 
@@ -1321,59 +1397,12 @@ void smp_error_interrupt(struct pt_regs *regs)
         irq_exit();
 }
 
-#ifdef CONFIG_SMP
-void __init smp_intr_init(void)
-{
-        /*
-         * IRQ0 must be given a fixed assignment and initialized,
-         * because it's used before the IO-APIC is set up.
-         */
-        set_intr_gate(FIRST_DEVICE_VECTOR, interrupt[0]);
-
-        /*
-         * The reschedule interrupt is a CPU-to-CPU reschedule-helper
-         * IPI, driven by wakeup.
-         */
-        alloc_intr_gate(RESCHEDULE_VECTOR, reschedule_interrupt);
-
-        /* IPI for invalidation */
-        alloc_intr_gate(INVALIDATE_TLB_VECTOR, invalidate_interrupt);
-
-        /* IPI for generic function call */
-        alloc_intr_gate(CALL_FUNCTION_VECTOR, call_function_interrupt);
-
-        /* IPI for single call function */
-        set_intr_gate(CALL_FUNCTION_SINGLE_VECTOR,
-                                call_function_single_interrupt);
-}
-#endif
-
-/*
- * Initialize APIC interrupts
- */
-void __init apic_intr_init(void)
-{
-#ifdef CONFIG_SMP
-        smp_intr_init();
-#endif
-        /* self generated IPI for local APIC timer */
-        alloc_intr_gate(LOCAL_TIMER_VECTOR, apic_timer_interrupt);
-
-        /* IPI vectors for APIC spurious and error interrupts */
-        alloc_intr_gate(SPURIOUS_APIC_VECTOR, spurious_interrupt);
-        alloc_intr_gate(ERROR_APIC_VECTOR, error_interrupt);
-
-        /* thermal monitor LVT interrupt */
-#ifdef CONFIG_X86_MCE_P4THERMAL
-        alloc_intr_gate(THERMAL_APIC_VECTOR, thermal_interrupt);
-#endif
-}
-
 /**
  * connect_bsp_APIC - attach the APIC to the interrupt system
  */
 void __init connect_bsp_APIC(void)
 {
+#ifdef CONFIG_X86_32
         if (pic_mode) {
                 /*
                  * Do not trust the local APIC being empty at bootup.
@@ -1388,6 +1417,7 @@ void __init connect_bsp_APIC(void)
                 outb(0x70, 0x22);
                 outb(0x01, 0x23);
         }
+#endif
         enable_apic_mode();
 }
 
@@ -1400,6 +1430,9 @@ void __init connect_bsp_APIC(void)
  */
 void disconnect_bsp_APIC(int virt_wire_setup)
 {
+        unsigned int value;
+
+#ifdef CONFIG_X86_32
         if (pic_mode) {
                 /*
                  * Put the board back into PIC mode (has an effect only on
@@ -1411,54 +1444,53 @@ void disconnect_bsp_APIC(int virt_wire_setup)
                                 "entering PIC mode.\n");
                 outb(0x70, 0x22);
                 outb(0x00, 0x23);
-        } else {
-                /* Go back to Virtual Wire compatibility mode */
-                unsigned long value;
+                return;
+        }
+#endif
 
-                /* For the spurious interrupt use vector F, and enable it */
-                value = apic_read(APIC_SPIV);
-                value &= ~APIC_VECTOR_MASK;
-                value |= APIC_SPIV_APIC_ENABLED;
-                value |= 0xf;
-                apic_write(APIC_SPIV, value);
+        /* Go back to Virtual Wire compatibility mode */
 
-                if (!virt_wire_setup) {
-                        /*
-                         * For LVT0 make it edge triggered, active high,
-                         * external and enabled
-                         */
-                        value = apic_read(APIC_LVT0);
-                        value &= ~(APIC_MODE_MASK | APIC_SEND_PENDING |
-                                APIC_INPUT_POLARITY | APIC_LVT_REMOTE_IRR |
-                                APIC_LVT_LEVEL_TRIGGER | APIC_LVT_MASKED);
-                        value |= APIC_LVT_REMOTE_IRR | APIC_SEND_PENDING;
-                        value = SET_APIC_DELIVERY_MODE(value, APIC_MODE_EXTINT);
-                        apic_write(APIC_LVT0, value);
-                } else {
-                        /* Disable LVT0 */
-                        apic_write(APIC_LVT0, APIC_LVT_MASKED);
-                }
+        /* For the spurious interrupt use vector F, and enable it */
+        value = apic_read(APIC_SPIV);
+        value &= ~APIC_VECTOR_MASK;
+        value |= APIC_SPIV_APIC_ENABLED;
+        value |= 0xf;
+        apic_write(APIC_SPIV, value);
 
+        if (!virt_wire_setup) {
                 /*
-                 * For LVT1 make it edge triggered, active high, nmi and
-                 * enabled
+                 * For LVT0 make it edge triggered, active high,
+                 * external and enabled
                  */
-                value = apic_read(APIC_LVT1);
-                value &= ~(
-                        APIC_MODE_MASK | APIC_SEND_PENDING |
+                value = apic_read(APIC_LVT0);
+                value &= ~(APIC_MODE_MASK | APIC_SEND_PENDING |
                         APIC_INPUT_POLARITY | APIC_LVT_REMOTE_IRR |
                         APIC_LVT_LEVEL_TRIGGER | APIC_LVT_MASKED);
                 value |= APIC_LVT_REMOTE_IRR | APIC_SEND_PENDING;
-                value = SET_APIC_DELIVERY_MODE(value, APIC_MODE_NMI);
-                apic_write(APIC_LVT1, value);
+                value = SET_APIC_DELIVERY_MODE(value, APIC_MODE_EXTINT);
+                apic_write(APIC_LVT0, value);
+        } else {
+                /* Disable LVT0 */
+                apic_write(APIC_LVT0, APIC_LVT_MASKED);
         }
+
+        /*
+         * For LVT1 make it edge triggered, active high,
+         * nmi and enabled
+         */
+        value = apic_read(APIC_LVT1);
+        value &= ~(APIC_MODE_MASK | APIC_SEND_PENDING |
+                        APIC_INPUT_POLARITY | APIC_LVT_REMOTE_IRR |
+                        APIC_LVT_LEVEL_TRIGGER | APIC_LVT_MASKED);
+        value |= APIC_LVT_REMOTE_IRR | APIC_SEND_PENDING;
+        value = SET_APIC_DELIVERY_MODE(value, APIC_MODE_NMI);
+        apic_write(APIC_LVT1, value);
 }
 
 void __cpuinit generic_processor_info(int apicid, int version)
 {
         int cpu;
         cpumask_t tmp_map;
-        physid_mask_t phys_cpu;
 
         /*
          * Validate version
@@ -1471,9 +1503,6 @@ void __cpuinit generic_processor_info(int apicid, int version)
         }
         apic_version[apicid] = version;
 
-        phys_cpu = apicid_to_cpu_present(apicid);
-        physids_or(phys_cpu_present_map, phys_cpu_present_map, phys_cpu);
-
         if (num_processors >= NR_CPUS) {
                 printk(KERN_WARNING "WARNING: NR_CPUS limit of %i reached."
                         "  Processor ignored.\n", NR_CPUS);
@@ -1484,17 +1513,19 @@ void __cpuinit generic_processor_info(int apicid, int version)
         cpus_complement(tmp_map, cpu_present_map);
         cpu = first_cpu(tmp_map);
 
-        if (apicid == boot_cpu_physical_apicid)
+        physid_set(apicid, phys_cpu_present_map);
+        if (apicid == boot_cpu_physical_apicid) {
                 /*
                  * x86_bios_cpu_apicid is required to have processors listed
                  * in same order as logical cpu numbers. Hence the first
                  * entry is BSP, and so on.
                  */
                 cpu = 0;
-
+        }
         if (apicid > max_physical_apicid)
                 max_physical_apicid = apicid;
 
+#ifdef CONFIG_X86_32
         /*
          * Would be preferable to switch to bigsmp when CONFIG_HOTPLUG_CPU=y
          * but we need to work other dependencies like SMP_SUSPEND etc
@@ -1514,7 +1545,9 @@ void __cpuinit generic_processor_info(int apicid, int version)
                         def_to_bigsmp = 1;
                 }
         }
-#ifdef CONFIG_SMP
+#endif
+
+#if defined(CONFIG_X86_SMP) || defined(CONFIG_X86_64)
         /* are we being called early in kernel startup? */
         if (early_per_cpu_ptr(x86_cpu_to_apicid)) {
                 u16 *cpu_to_apicid = early_per_cpu_ptr(x86_cpu_to_apicid);
@@ -1527,6 +1560,7 @@ void __cpuinit generic_processor_info(int apicid, int version)
                 per_cpu(x86_bios_cpu_apicid, cpu) = apicid;
         }
 #endif
+
         cpu_set(cpu, cpu_possible_map);
         cpu_set(cpu, cpu_present_map);
 }
@@ -1537,6 +1571,11 @@ void __cpuinit generic_processor_info(int apicid, int version)
 #ifdef CONFIG_PM
 
 static struct {
+        /*
+         * 'active' is true if the local APIC was enabled by us and
+         * not the BIOS; this signifies that we are also responsible
+         * for disabling it before entering apm/acpi suspend
+         */
         int active;
         /* r/w apic fields */
         unsigned int apic_id;
@@ -1577,7 +1616,7 @@ static int lapic_suspend(struct sys_device *dev, pm_message_t state)
         apic_pm_state.apic_lvterr = apic_read(APIC_LVTERR);
         apic_pm_state.apic_tmict = apic_read(APIC_TMICT);
         apic_pm_state.apic_tdcr = apic_read(APIC_TDCR);
-#ifdef CONFIG_X86_MCE_P4THERMAL
+#if defined(CONFIG_X86_MCE_P4THERMAL) || defined(CONFIG_X86_MCE_INTEL)
         if (maxlvt >= 5)
                 apic_pm_state.apic_thmr = apic_read(APIC_LVTTHMR);
 #endif
@@ -1601,16 +1640,23 @@ static int lapic_resume(struct sys_device *dev)
 
         local_irq_save(flags);
 
-        /*
-         * Make sure the APICBASE points to the right address
-         *
-         * FIXME! This will be wrong if we ever support suspend on
-         * SMP! We'll need to do this as part of the CPU restore!
-         */
-        rdmsr(MSR_IA32_APICBASE, l, h);
-        l &= ~MSR_IA32_APICBASE_BASE;
-        l |= MSR_IA32_APICBASE_ENABLE | mp_lapic_addr;
-        wrmsr(MSR_IA32_APICBASE, l, h);
+#ifdef CONFIG_X86_64
+        if (x2apic)
+                enable_x2apic();
+        else
+#endif
+        {
+                /*
+                 * Make sure the APICBASE points to the right address
+                 *
+                 * FIXME! This will be wrong if we ever support suspend on
+                 * SMP! We'll need to do this as part of the CPU restore!
+                 */
+                rdmsr(MSR_IA32_APICBASE, l, h);
+                l &= ~MSR_IA32_APICBASE_BASE;
+                l |= MSR_IA32_APICBASE_ENABLE | mp_lapic_addr;
+                wrmsr(MSR_IA32_APICBASE, l, h);
+        }
 
         apic_write(APIC_LVTERR, ERROR_APIC_VECTOR | APIC_LVT_MASKED);
         apic_write(APIC_ID, apic_pm_state.apic_id);
@@ -1620,7 +1666,7 @@ static int lapic_resume(struct sys_device *dev)
         apic_write(APIC_SPIV, apic_pm_state.apic_spiv);
         apic_write(APIC_LVT0, apic_pm_state.apic_lvt0);
         apic_write(APIC_LVT1, apic_pm_state.apic_lvt1);
-#ifdef CONFIG_X86_MCE_P4THERMAL
+#if defined(CONFIG_X86_MCE_P4THERMAL) || defined(CONFIG_X86_MCE_INTEL)
         if (maxlvt >= 5)
                 apic_write(APIC_LVTTHMR, apic_pm_state.apic_thmr);
 #endif
@@ -1634,7 +1680,9 @@ static int lapic_resume(struct sys_device *dev)
         apic_write(APIC_LVTERR, apic_pm_state.apic_lvterr);
         apic_write(APIC_ESR, 0);
         apic_read(APIC_ESR);
+
         local_irq_restore(flags);
+
         return 0;
 }
 
@@ -1690,20 +1738,20 @@ static int __init parse_lapic(char *arg)
 }
 early_param("lapic", parse_lapic);
 
-static int __init parse_nolapic(char *arg)
+static int __init setup_disableapic(char *arg)
 {
         disable_apic = 1;
         setup_clear_cpu_cap(X86_FEATURE_APIC);
         return 0;
 }
-early_param("nolapic", parse_nolapic);
+early_param("disableapic", setup_disableapic);
 
-static int __init parse_disable_lapic_timer(char *arg)
+/* same as disableapic, for compatibility */
+static int __init setup_nolapic(char *arg)
 {
-        local_apic_timer_disabled = 1;
-        return 0;
+        return setup_disableapic(arg);
 }
-early_param("nolapic_timer", parse_disable_lapic_timer);
+early_param("nolapic", setup_nolapic);
 
 static int __init parse_lapic_timer_c2_ok(char *arg)
 {
@@ -1712,15 +1760,40 @@ static int __init parse_lapic_timer_c2_ok(char *arg)
 }
 early_param("lapic_timer_c2_ok", parse_lapic_timer_c2_ok);
 
+static int __init parse_disable_apic_timer(char *arg)
+{
+        disable_apic_timer = 1;
+        return 0;
+}
+early_param("noapictimer", parse_disable_apic_timer);
+
+static int __init parse_nolapic_timer(char *arg)
+{
+        disable_apic_timer = 1;
+        return 0;
+}
+early_param("nolapic_timer", parse_nolapic_timer);
+
 static int __init apic_set_verbosity(char *arg)
 {
-        if (!arg)
+        if (!arg)  {
+#ifdef CONFIG_X86_64
+                skip_ioapic_setup = 0;
+                ioapic_force = 1;
+                return 0;
+#endif
                 return -EINVAL;
+        }
 
-        if (strcmp(arg, "debug") == 0)
+        if (strcmp("debug", arg) == 0)
                 apic_verbosity = APIC_DEBUG;
-        else if (strcmp(arg, "verbose") == 0)
+        else if (strcmp("verbose", arg) == 0)
                 apic_verbosity = APIC_VERBOSE;
+        else {
+                printk(KERN_WARNING "APIC Verbosity level %s not recognised"
+                        " use apic=verbose or apic=debug\n", arg);
+                return -EINVAL;
+        }
 
         return 0;
 }
diff --git a/arch/x86/kernel/apic_64.c b/arch/x86/kernel/apic_64.c
index 446c062e831c..94ddb69ae15e 100644
--- a/arch/x86/kernel/apic_64.c
+++ b/arch/x86/kernel/apic_64.c
@@ -27,6 +27,7 @@
 #include <linux/clockchips.h>
 #include <linux/acpi_pmtmr.h>
 #include <linux/module.h>
+#include <linux/dmar.h>
 
 #include <asm/atomic.h>
 #include <asm/smp.h>
@@ -39,13 +40,20 @@
 #include <asm/proto.h>
 #include <asm/timex.h>
 #include <asm/apic.h>
+#include <asm/i8259.h>
 
 #include <mach_ipi.h>
 #include <mach_apic.h>
 
+/* Disable local APIC timer from the kernel commandline or via dmi quirk */
 static int disable_apic_timer __cpuinitdata;
 static int apic_calibrate_pmtmr __initdata;
 int disable_apic;
+int disable_x2apic;
+int x2apic;
+
+/* x2apic enabled before OS handover */
+int x2apic_preenabled;
 
 /* Local APIC timer works in C2 */
 int local_apic_timer_c2_ok;
@@ -73,6 +81,9 @@ static void lapic_timer_setup(enum clock_event_mode mode,
 static void lapic_timer_broadcast(cpumask_t mask);
 static void apic_pm_activate(void);
 
+/*
+ * The local apic timer can be used for any function which is CPU local.
+ */
 static struct clock_event_device lapic_clockevent = {
         .name           = "lapic",
         .features       = CLOCK_EVT_FEAT_PERIODIC | CLOCK_EVT_FEAT_ONESHOT
@@ -99,11 +110,15 @@ static inline int lapic_get_version(void)
 }
 
 /*
- * Check, if the APIC is integrated or a seperate chip
+ * Check, if the APIC is integrated or a separate chip
  */
 static inline int lapic_is_integrated(void)
 {
+#ifdef CONFIG_X86_64
         return 1;
+#else
+        return APIC_INTEGRATED(lapic_get_version());
+#endif
 }
 
 /*
@@ -118,13 +133,18 @@ static int modern_apic(void)
         return lapic_get_version() >= 0x14;
 }
 
-void apic_wait_icr_idle(void)
+/*
+ * Paravirt kernels also might be using these below ops. So we still
+ * use generic apic_read()/apic_write(), which might be pointing to different
+ * ops in PARAVIRT case.
+ */
+void xapic_wait_icr_idle(void)
 {
         while (apic_read(APIC_ICR) & APIC_ICR_BUSY)
                 cpu_relax();
 }
 
-u32 safe_apic_wait_icr_idle(void)
+u32 safe_xapic_wait_icr_idle(void)
 {
         u32 send_status;
         int timeout;
@@ -140,6 +160,68 @@ u32 safe_apic_wait_icr_idle(void)
         return send_status;
 }
 
+void xapic_icr_write(u32 low, u32 id)
+{
+        apic_write(APIC_ICR2, SET_APIC_DEST_FIELD(id));
+        apic_write(APIC_ICR, low);
+}
+
+u64 xapic_icr_read(void)
+{
+        u32 icr1, icr2;
+
+        icr2 = apic_read(APIC_ICR2);
+        icr1 = apic_read(APIC_ICR);
+
+        return icr1 | ((u64)icr2 << 32);
+}
+
+static struct apic_ops xapic_ops = {
+        .read = native_apic_mem_read,
+        .write = native_apic_mem_write,
+        .icr_read = xapic_icr_read,
+        .icr_write = xapic_icr_write,
+        .wait_icr_idle = xapic_wait_icr_idle,
+        .safe_wait_icr_idle = safe_xapic_wait_icr_idle,
+};
+
+struct apic_ops __read_mostly *apic_ops = &xapic_ops;
+EXPORT_SYMBOL_GPL(apic_ops);
+
+static void x2apic_wait_icr_idle(void)
+{
+        /* no need to wait for icr idle in x2apic */
+        return;
+}
+
+static u32 safe_x2apic_wait_icr_idle(void)
+{
+        /* no need to wait for icr idle in x2apic */
+        return 0;
+}
+
+void x2apic_icr_write(u32 low, u32 id)
+{
+        wrmsrl(APIC_BASE_MSR + (APIC_ICR >> 4), ((__u64) id) << 32 | low);
+}
+
+u64 x2apic_icr_read(void)
+{
+        unsigned long val;
+
+        rdmsrl(APIC_BASE_MSR + (APIC_ICR >> 4), val);
+        return val;
+}
+
+static struct apic_ops x2apic_ops = {
+        .read = native_apic_msr_read,
+        .write = native_apic_msr_write,
+        .icr_read = x2apic_icr_read,
+        .icr_write = x2apic_icr_write,
+        .wait_icr_idle = x2apic_wait_icr_idle,
+        .safe_wait_icr_idle = safe_x2apic_wait_icr_idle,
+};
+
 /**
  * enable_NMI_through_LVT0 - enable NMI through local vector table 0
  */
@@ -149,6 +231,11 @@ void __cpuinit enable_NMI_through_LVT0(void)
 
         /* unmask and set to NMI */
         v = APIC_DM_NMI;
+
+        /* Level triggered for 82489DX (32bit mode) */
+        if (!lapic_is_integrated())
+                v |= APIC_LVT_LEVEL_TRIGGER;
+
         apic_write(APIC_LVT0, v);
 }
 
@@ -157,14 +244,28 @@ void __cpuinit enable_NMI_through_LVT0(void)
  */
 int lapic_get_maxlvt(void)
 {
-        unsigned int v, maxlvt;
+        unsigned int v;
 
         v = apic_read(APIC_LVR);
-        maxlvt = GET_APIC_MAXLVT(v);
-        return maxlvt;
+        /*
+         * - we always have APIC integrated on 64bit mode
+         * - 82489DXs do not report # of LVT entries
+         */
+        return APIC_INTEGRATED(GET_APIC_VERSION(v)) ? GET_APIC_MAXLVT(v) : 2;
 }
 
 /*
+ * Local APIC timer
+ */
+
+/* Clock divisor */
+#ifdef CONFG_X86_64
+#define APIC_DIVISOR 1
+#else
+#define APIC_DIVISOR 16
+#endif
+
+/*
  * This function sets up the local APIC timer, with a timeout of
  * 'clocks' APIC bus clock. During calibration we actually call
  * this function twice on the boot CPU, once with a bogus timeout
@@ -174,7 +275,6 @@ int lapic_get_maxlvt(void)
  * We do reads before writes even if unnecessary, to get around the
  * P5 APIC double write bug.
  */
-
 static void __setup_APIC_LVTT(unsigned int clocks, int oneshot, int irqen)
 {
         unsigned int lvtt_value, tmp_value;
@@ -182,6 +282,9 @@ static void __setup_APIC_LVTT(unsigned int clocks, int oneshot, int irqen)
         lvtt_value = LOCAL_TIMER_VECTOR;
         if (!oneshot)
                 lvtt_value |= APIC_LVT_TIMER_PERIODIC;
+        if (!lapic_is_integrated())
+                lvtt_value |= SET_APIC_TIMER_BASE(APIC_TIMER_BASE_DIV);
+
         if (!irqen)
                 lvtt_value |= APIC_LVT_MASKED;
 
@@ -191,12 +294,12 @@ static void __setup_APIC_LVTT(unsigned int clocks, int oneshot, int irqen)
          * Divide PICLK by 16
          */
         tmp_value = apic_read(APIC_TDCR);
-        apic_write(APIC_TDCR, (tmp_value
-                                & ~(APIC_TDR_DIV_1 | APIC_TDR_DIV_TMBASE))
-                                | APIC_TDR_DIV_16);
+        apic_write(APIC_TDCR,
+                (tmp_value & ~(APIC_TDR_DIV_1 | APIC_TDR_DIV_TMBASE)) |
+                APIC_TDR_DIV_16);
 
         if (!oneshot)
-                apic_write(APIC_TMICT, clocks);
+                apic_write(APIC_TMICT, clocks / APIC_DIVISOR);
 }
 
 /*
@@ -204,6 +307,9 @@ static void __setup_APIC_LVTT(unsigned int clocks, int oneshot, int irqen)
  *
  * Vector mappings are hard coded. On K8 only offset 0 (APIC500) and
  * MCE interrupts are supported. Thus MCE offset must be set to 0.
+ *
+ * If mask=1, the LVT entry does not generate interrupts while mask=0
+ * enables the vector. See also the BKDGs.
  */
 
 #define APIC_EILVT_LVTOFF_MCE 0
@@ -228,6 +334,7 @@ u8 setup_APIC_eilvt_ibs(u8 vector, u8 msg_type, u8 mask)
         setup_APIC_eilvt(APIC_EILVT_LVTOFF_IBS, vector, msg_type, mask);
         return APIC_EILVT_LVTOFF_IBS;
 }
+EXPORT_SYMBOL_GPL(setup_APIC_eilvt_ibs);
 
 /*
  * Program the next event, relative to now
@@ -366,7 +473,7 @@ static int __init calibrate_APIC_clock(void)
         lapic_clockevent.min_delta_ns =
                 clockevent_delta2ns(0xF, &lapic_clockevent);
 
-        calibration_result = result / HZ;
+        calibration_result = (result * APIC_DIVISOR) / HZ;
 
         /*
          * Do a sanity check on the APIC calibration result
@@ -388,10 +495,10 @@ static int __init calibrate_APIC_clock(void)
 void __init setup_boot_APIC_clock(void)
 {
         /*
-         * The local apic timer can be disabled via the kernel commandline.
-         * Register the lapic timer as a dummy clock event source on SMP
-         * systems, so the broadcast mechanism is used. On UP systems simply
-         * ignore it.
+         * The local apic timer can be disabled via the kernel
+         * commandline or from the CPU detection code. Register the lapic
+         * timer as a dummy clock event source on SMP systems, so the
+         * broadcast mechanism is used. On UP systems simply ignore it.
          */
         if (disable_apic_timer) {
                 printk(KERN_INFO "Disabling APIC timer\n");
@@ -403,7 +510,9 @@ void __init setup_boot_APIC_clock(void)
                 return;
         }
 
-        printk(KERN_INFO "Using local APIC timer interrupts.\n");
+        apic_printk(APIC_VERBOSE, "Using local APIC timer interrupts.\n"
+                    "calibrating APIC timer ...\n");
+
         if (calibrate_APIC_clock()) {
                 /* No broadcast on UP ! */
                 if (num_possible_cpus() > 1)
@@ -422,6 +531,7 @@ void __init setup_boot_APIC_clock(void)
                 printk(KERN_WARNING "APIC timer registered as dummy,"
                         " due to nmi_watchdog=%d!\n", nmi_watchdog);
 
+        /* Setup the lapic or request the broadcast */
         setup_APIC_timer();
 }
 
@@ -460,7 +570,11 @@ static void local_apic_timer_interrupt(void)
         /*
          * the NMI deadlock-detector uses this.
          */
+#ifdef CONFIG_X86_64
         add_pda(apic_timer_irqs, 1);
+#else
+        per_cpu(irq_stat, cpu).apic_timer_irqs++;
+#endif
 
         evt->event_handler(evt);
 }
@@ -491,6 +605,7 @@ void smp_apic_timer_interrupt(struct pt_regs *regs)
         irq_enter();
         local_apic_timer_interrupt();
         irq_exit();
+
         set_irq_regs(old_regs);
 }
 
@@ -544,6 +659,13 @@ void clear_local_APIC(void)
                 apic_write(APIC_LVTPC, v | APIC_LVT_MASKED);
         }
 
+        /* lets not touch this if we didn't frob it */
+#if defined(CONFIG_X86_MCE_P4THERMAL) || defined(X86_MCE_INTEL)
+        if (maxlvt >= 5) {
+                v = apic_read(APIC_LVTTHMR);
+                apic_write(APIC_LVTTHMR, v | APIC_LVT_MASKED);
+        }
+#endif
         /*
          * Clean APIC state for other OSs:
          */
@@ -554,8 +676,14 @@ void clear_local_APIC(void)
                 apic_write(APIC_LVTERR, APIC_LVT_MASKED);
         if (maxlvt >= 4)
                 apic_write(APIC_LVTPC, APIC_LVT_MASKED);
-        apic_write(APIC_ESR, 0);
-        apic_read(APIC_ESR);
+
+        /* Integrated APIC (!82489DX) ? */
+        if (lapic_is_integrated()) {
+                if (maxlvt > 3)
+                        /* Clear ESR due to Pentium errata 3AP and 11AP */
+                        apic_write(APIC_ESR, 0);
+                apic_read(APIC_ESR);
+        }
 }
 
 /**
@@ -574,8 +702,28 @@ void disable_local_APIC(void)
         value = apic_read(APIC_SPIV);
         value &= ~APIC_SPIV_APIC_ENABLED;
         apic_write(APIC_SPIV, value);
+
+#ifdef CONFIG_X86_32
+        /*
+         * When LAPIC was disabled by the BIOS and enabled by the kernel,
+         * restore the disabled state.
+         */
+        if (enabled_via_apicbase) {
+                unsigned int l, h;
+
+                rdmsr(MSR_IA32_APICBASE, l, h);
+                l &= ~MSR_IA32_APICBASE_ENABLE;
+                wrmsr(MSR_IA32_APICBASE, l, h);
+        }
+#endif
 }
 
+/*
+ * If Linux enabled the LAPIC against the BIOS default disable it down before
+ * re-entering the BIOS on shutdown.  Otherwise the BIOS may get confused and
+ * not power-off.  Additionally clear all LVT entries before disable_local_APIC
+ * for the case where Linux didn't enable the LAPIC.
+ */
 void lapic_shutdown(void)
 {
         unsigned long flags;
@@ -585,7 +733,13 @@ void lapic_shutdown(void)
 
         local_irq_save(flags);
 
-        disable_local_APIC();
+#ifdef CONFIG_X86_32
+        if (!enabled_via_apicbase)
+                clear_local_APIC();
+        else
+#endif
+                disable_local_APIC();
+
 
         local_irq_restore(flags);
 }
@@ -629,10 +783,10 @@ int __init verify_local_APIC(void)
         /*
          * The ID register is read/write in a real APIC.
          */
-        reg0 = read_apic_id();
+        reg0 = apic_read(APIC_ID);
         apic_printk(APIC_DEBUG, "Getting ID: %x\n", reg0);
         apic_write(APIC_ID, reg0 ^ APIC_ID_MASK);
-        reg1 = read_apic_id();
+        reg1 = apic_read(APIC_ID);
         apic_printk(APIC_DEBUG, "Getting ID: %x\n", reg1);
         apic_write(APIC_ID, reg0);
         if (reg1 != (reg0 ^ APIC_ID_MASK))
@@ -656,8 +810,11 @@ int __init verify_local_APIC(void)
  */
 void __init sync_Arb_IDs(void)
 {
-        /* Unsupported on P4 - see Intel Dev. Manual Vol. 3, Ch. 8.6.1 */
-        if (modern_apic())
+        /*
+         * Unsupported on P4 - see Intel Dev. Manual Vol. 3, Ch. 8.6.1 And not
+         * needed on AMD.
+         */
+        if (modern_apic() || boot_cpu_data.x86_vendor == X86_VENDOR_AMD)
                 return;
 
         /*
@@ -666,8 +823,8 @@ void __init sync_Arb_IDs(void)
         apic_wait_icr_idle();
 
         apic_printk(APIC_DEBUG, "Synchronizing Arb IDs.\n");
-        apic_write(APIC_ICR, APIC_DEST_ALLINC | APIC_INT_LEVELTRIG
-                                | APIC_DM_INIT);
+        apic_write(APIC_ICR, APIC_DEST_ALLINC |
+                        APIC_INT_LEVELTRIG | APIC_DM_INIT);
 }
 
 /*
@@ -684,8 +841,6 @@ void __init init_bsp_APIC(void)
         if (smp_found_config || !cpu_has_apic)
                 return;
 
-        value = apic_read(APIC_LVR);
-
         /*
          * Do not trust the local APIC being empty at bootup.
          */
@@ -697,7 +852,15 @@ void __init init_bsp_APIC(void)
         value = apic_read(APIC_SPIV);
         value &= ~APIC_VECTOR_MASK;
         value |= APIC_SPIV_APIC_ENABLED;
-        value |= APIC_SPIV_FOCUS_DISABLED;
+
+#ifdef CONFIG_X86_32
+        /* This bit is reserved on P4/Xeon and should be cleared */
+        if ((boot_cpu_data.x86_vendor == X86_VENDOR_INTEL) &&
+            (boot_cpu_data.x86 == 15))
+                value &= ~APIC_SPIV_FOCUS_DISABLED;
+        else
+#endif
+                value |= APIC_SPIV_FOCUS_DISABLED;
         value |= SPURIOUS_APIC_VECTOR;
         apic_write(APIC_SPIV, value);
 
@@ -706,9 +869,50 @@ void __init init_bsp_APIC(void)
          */
         apic_write(APIC_LVT0, APIC_DM_EXTINT);
         value = APIC_DM_NMI;
+        if (!lapic_is_integrated())             /* 82489DX */
+                value |= APIC_LVT_LEVEL_TRIGGER;
         apic_write(APIC_LVT1, value);
 }
 
+static void __cpuinit lapic_setup_esr(void)
+{
+        unsigned long oldvalue, value, maxlvt;
+        if (lapic_is_integrated() && !esr_disable) {
+                if (esr_disable) {
+                        /*
+                         * Something untraceable is creating bad interrupts on
+                         * secondary quads ... for the moment, just leave the
+                         * ESR disabled - we can't do anything useful with the
+                         * errors anyway - mbligh
+                         */
+                        printk(KERN_INFO "Leaving ESR disabled.\n");
+                        return;
+                }
+                /* !82489DX */
+                maxlvt = lapic_get_maxlvt();
+                if (maxlvt > 3)         /* Due to the Pentium erratum 3AP. */
+                        apic_write(APIC_ESR, 0);
+                oldvalue = apic_read(APIC_ESR);
+
+                /* enables sending errors */
+                value = ERROR_APIC_VECTOR;
+                apic_write(APIC_LVTERR, value);
+                /*
+                 * spec says clear errors after enabling vector.
+                 */
+                if (maxlvt > 3)
+                        apic_write(APIC_ESR, 0);
+                value = apic_read(APIC_ESR);
+                if (value != oldvalue)
+                        apic_printk(APIC_VERBOSE, "ESR value before enabling "
+                                "vector: 0x%08lx  after: 0x%08lx\n",
+                                oldvalue, value);
+        } else {
+                printk(KERN_INFO "No ESR for 82489DX.\n");
+        }
+}
+
+
 /**
  * setup_local_APIC - setup the local APIC
  */
@@ -814,25 +1018,143 @@ void __cpuinit setup_local_APIC(void)
         preempt_enable();
 }
 
-static void __cpuinit lapic_setup_esr(void)
-{
-        unsigned maxlvt = lapic_get_maxlvt();
-
-        apic_write(APIC_LVTERR, ERROR_APIC_VECTOR);
-        /*
-         * spec says clear errors after enabling vector.
-         */
-        if (maxlvt > 3)
-                apic_write(APIC_ESR, 0);
-}
-
 void __cpuinit end_local_APIC_setup(void)
 {
         lapic_setup_esr();
+
+#ifdef CONFIG_X86_32
+        {
+                unsigned int value;
+                /* Disable the local apic timer */
+                value = apic_read(APIC_LVTT);
+                value |= (APIC_LVT_MASKED | LOCAL_TIMER_VECTOR);
+                apic_write(APIC_LVTT, value);
+        }
+#endif
+
         setup_apic_nmi_watchdog(NULL);
         apic_pm_activate();
 }
 
+void check_x2apic(void)
+{
+        int msr, msr2;
+
+        rdmsr(MSR_IA32_APICBASE, msr, msr2);
+
+        if (msr & X2APIC_ENABLE) {
+                printk("x2apic enabled by BIOS, switching to x2apic ops\n");
+                x2apic_preenabled = x2apic = 1;
+                apic_ops = &x2apic_ops;
+        }
+}
+
+void enable_x2apic(void)
+{
+        int msr, msr2;
+
+        rdmsr(MSR_IA32_APICBASE, msr, msr2);
+        if (!(msr & X2APIC_ENABLE)) {
+                printk("Enabling x2apic\n");
+                wrmsr(MSR_IA32_APICBASE, msr | X2APIC_ENABLE, 0);
+        }
+}
+
+void enable_IR_x2apic(void)
+{
+#ifdef CONFIG_INTR_REMAP
+        int ret;
+        unsigned long flags;
+
+        if (!cpu_has_x2apic)
+                return;
+
+        if (!x2apic_preenabled && disable_x2apic) {
+                printk(KERN_INFO
+                       "Skipped enabling x2apic and Interrupt-remapping "
+                       "because of nox2apic\n");
+                return;
+        }
+
+        if (x2apic_preenabled && disable_x2apic)
+                panic("Bios already enabled x2apic, can't enforce nox2apic");
+
+        if (!x2apic_preenabled && skip_ioapic_setup) {
+                printk(KERN_INFO
+                       "Skipped enabling x2apic and Interrupt-remapping "
+                       "because of skipping io-apic setup\n");
+                return;
+        }
+
+        ret = dmar_table_init();
+        if (ret) {
+                printk(KERN_INFO
+                       "dmar_table_init() failed with %d:\n", ret);
+
+                if (x2apic_preenabled)
+                        panic("x2apic enabled by bios. But IR enabling failed");
+                else
+                        printk(KERN_INFO
+                               "Not enabling x2apic,Intr-remapping\n");
+                return;
+        }
+
+        local_irq_save(flags);
+        mask_8259A();
+        save_mask_IO_APIC_setup();
+
+        ret = enable_intr_remapping(1);
+
+        if (ret && x2apic_preenabled) {
+                local_irq_restore(flags);
+                panic("x2apic enabled by bios. But IR enabling failed");
+        }
+
+        if (ret)
+                goto end;
+
+        if (!x2apic) {
+                x2apic = 1;
+                apic_ops = &x2apic_ops;
+                enable_x2apic();
+        }
+end:
+        if (ret)
+                /*
+                 * IR enabling failed
+                 */
+                restore_IO_APIC_setup();
+        else
+                reinit_intr_remapped_IO_APIC(x2apic_preenabled);
+
+        unmask_8259A();
+        local_irq_restore(flags);
+
+        if (!ret) {
+                if (!x2apic_preenabled)
+                        printk(KERN_INFO
+                               "Enabled x2apic and interrupt-remapping\n");
+                else
+                        printk(KERN_INFO
+                               "Enabled Interrupt-remapping\n");
+        } else
+                printk(KERN_ERR
+                       "Failed to enable Interrupt-remapping and x2apic\n");
+#else
+        if (!cpu_has_x2apic)
+                return;
+
+        if (x2apic_preenabled)
+                panic("x2apic enabled prior OS handover,"
+                      " enable CONFIG_INTR_REMAP");
+
+        printk(KERN_INFO "Enable CONFIG_INTR_REMAP for enabling intr-remapping "
+               " and x2apic\n");
+#endif
+
+        return;
+}
+
 /*
  * Detect and enable local APICs on non-SMP boards.
  * Original code written by Keir Fraser.
@@ -872,7 +1194,7 @@ void __init early_init_lapic_mapping(void)
          * Fetch the APIC ID of the BSP in case we have a
          * default configuration (or the MP table is broken).
          */
-        boot_cpu_physical_apicid = GET_APIC_ID(read_apic_id());
+        boot_cpu_physical_apicid = read_apic_id();
 }
 
 /**
@@ -880,6 +1202,11 @@ void __init early_init_lapic_mapping(void)
  */
 void __init init_apic_mappings(void)
 {
+        if (x2apic) {
+                boot_cpu_physical_apicid = read_apic_id();
+                return;
+        }
+
         /*
          * If no local APIC can be found then set up a fake all
          * zeroes page to simulate the local APIC and another
@@ -899,13 +1226,15 @@ void __init init_apic_mappings(void)
          * Fetch the APIC ID of the BSP in case we have a
          * default configuration (or the MP table is broken).
          */
-        boot_cpu_physical_apicid = GET_APIC_ID(read_apic_id());
+        boot_cpu_physical_apicid = read_apic_id();
 }
 
 /*
  * This initializes the IO-APIC and APIC hardware if this is
  * a UP kernel.
  */
+int apic_version[MAX_APICS];
+
 int __init APIC_init_uniprocessor(void)
 {
         if (disable_apic) {
@@ -918,6 +1247,9 @@ int __init APIC_init_uniprocessor(void)
                 return -1;
         }
 
+        enable_IR_x2apic();
+        setup_apic_routing();
+
         verify_local_APIC();
 
         connect_bsp_APIC();
@@ -1004,17 +1336,57 @@ asmlinkage void smp_error_interrupt(void)
 }
 
 /**
- *  * connect_bsp_APIC - attach the APIC to the interrupt system
- *   */
+ * connect_bsp_APIC - attach the APIC to the interrupt system
+ */
 void __init connect_bsp_APIC(void)
 {
+#ifdef CONFIG_X86_32
+        if (pic_mode) {
+                /*
+                 * Do not trust the local APIC being empty at bootup.
+                 */
+                clear_local_APIC();
+                /*
+                 * PIC mode, enable APIC mode in the IMCR, i.e.  connect BSP's
+                 * local APIC to INT and NMI lines.
+                 */
+                apic_printk(APIC_VERBOSE, "leaving PIC mode, "
+                                "enabling APIC mode.\n");
+                outb(0x70, 0x22);
+                outb(0x01, 0x23);
+        }
+#endif
         enable_apic_mode();
 }
 
+/**
+ * disconnect_bsp_APIC - detach the APIC from the interrupt system
+ * @virt_wire_setup:    indicates, whether virtual wire mode is selected
+ *
+ * Virtual wire mode is necessary to deliver legacy interrupts even when the
+ * APIC is disabled.
+ */
 void disconnect_bsp_APIC(int virt_wire_setup)
 {
+        unsigned int value;
+
+#ifdef CONFIG_X86_32
+        if (pic_mode) {
+                /*
+                 * Put the board back into PIC mode (has an effect only on
+                 * certain older boards).  Note that APIC interrupts, including
+                 * IPIs, won't work beyond this point!  The only exception are
+                 * INIT IPIs.
+                 */
+                apic_printk(APIC_VERBOSE, "disabling APIC mode, "
+                                "entering PIC mode.\n");
+                outb(0x70, 0x22);
+                outb(0x00, 0x23);
+                return;
+        }
+#endif
+
         /* Go back to Virtual Wire compatibility mode */
-        unsigned long value;
 
         /* For the spurious interrupt use vector F, and enable it */
         value = apic_read(APIC_SPIV);
@@ -1040,7 +1412,10 @@ void disconnect_bsp_APIC(int virt_wire_setup)
                 apic_write(APIC_LVT0, APIC_LVT_MASKED);
         }
 
-        /* For LVT1 make it edge triggered, active high, nmi and enabled */
+        /*
+         * For LVT1 make it edge triggered, active high,
+         * nmi and enabled
+         */
         value = apic_read(APIC_LVT1);
         value &= ~(APIC_MODE_MASK | APIC_SEND_PENDING |
                         APIC_INPUT_POLARITY | APIC_LVT_REMOTE_IRR |
@@ -1055,9 +1430,20 @@ void __cpuinit generic_processor_info(int apicid, int version)
         int cpu;
         cpumask_t tmp_map;
 
+        /*
+         * Validate version
+         */
+        if (version == 0x0) {
+                printk(KERN_WARNING "BIOS bug, APIC version is 0 for CPU#%d! "
+                                "fixing up to 0x10. (tell your hw vendor)\n",
+                                version);
+                version = 0x10;
+        }
+        apic_version[apicid] = version;
+
         if (num_processors >= NR_CPUS) {
                 printk(KERN_WARNING "WARNING: NR_CPUS limit of %i reached."
-                       " Processor ignored.\n", NR_CPUS);
+                        "  Processor ignored.\n", NR_CPUS);
                 return;
         }
 
@@ -1077,6 +1463,29 @@ void __cpuinit generic_processor_info(int apicid, int version)
         if (apicid > max_physical_apicid)
                 max_physical_apicid = apicid;
 
+#ifdef CONFIG_X86_32
+        /*
+         * Would be preferable to switch to bigsmp when CONFIG_HOTPLUG_CPU=y
+         * but we need to work other dependencies like SMP_SUSPEND etc
+         * before this can be done without some confusion.
+         * if (CPU_HOTPLUG_ENABLED || num_processors > 8)
+         *       - Ashok Raj <ashok.raj@intel.com>
+         */
+        if (max_physical_apicid >= 8) {
+                switch (boot_cpu_data.x86_vendor) {
+                case X86_VENDOR_INTEL:
+                        if (!APIC_XAPIC(version)) {
+                                def_to_bigsmp = 0;
+                                break;
+                        }
+                        /* If P4 and above fall through */
+                case X86_VENDOR_AMD:
+                        def_to_bigsmp = 1;
+                }
+        }
+#endif
+
+#if defined(CONFIG_X86_SMP) || defined(CONFIG_X86_64)
         /* are we being called early in kernel startup? */
         if (early_per_cpu_ptr(x86_cpu_to_apicid)) {
                 u16 *cpu_to_apicid = early_per_cpu_ptr(x86_cpu_to_apicid);
@@ -1088,20 +1497,28 @@ void __cpuinit generic_processor_info(int apicid, int version)
                 per_cpu(x86_cpu_to_apicid, cpu) = apicid;
                 per_cpu(x86_bios_cpu_apicid, cpu) = apicid;
         }
+#endif
 
         cpu_set(cpu, cpu_possible_map);
         cpu_set(cpu, cpu_present_map);
 }
 
+int hard_smp_processor_id(void)
+{
+        return read_apic_id();
+}
+
 /*
  * Power management
  */
 #ifdef CONFIG_PM
 
 static struct {
-        /* 'active' is true if the local APIC was enabled by us and
-           not the BIOS; this signifies that we are also responsible
-           for disabling it before entering apm/acpi suspend */
+        /*
+         * 'active' is true if the local APIC was enabled by us and
+         * not the BIOS; this signifies that we are also responsible
+         * for disabling it before entering apm/acpi suspend
+         */
         int active;
         /* r/w apic fields */
         unsigned int apic_id;
@@ -1129,7 +1546,7 @@ static int lapic_suspend(struct sys_device *dev, pm_message_t state)
 
         maxlvt = lapic_get_maxlvt();
 
-        apic_pm_state.apic_id = read_apic_id();
+        apic_pm_state.apic_id = apic_read(APIC_ID);
         apic_pm_state.apic_taskpri = apic_read(APIC_TASKPRI);
         apic_pm_state.apic_ldr = apic_read(APIC_LDR);
         apic_pm_state.apic_dfr = apic_read(APIC_DFR);
@@ -1142,10 +1559,11 @@ static int lapic_suspend(struct sys_device *dev, pm_message_t state)
         apic_pm_state.apic_lvterr = apic_read(APIC_LVTERR);
         apic_pm_state.apic_tmict = apic_read(APIC_TMICT);
         apic_pm_state.apic_tdcr = apic_read(APIC_TDCR);
-#ifdef CONFIG_X86_MCE_INTEL
+#if defined(CONFIG_X86_MCE_P4THERMAL) || defined(CONFIG_X86_MCE_INTEL)
         if (maxlvt >= 5)
                 apic_pm_state.apic_thmr = apic_read(APIC_LVTTHMR);
 #endif
+
         local_irq_save(flags);
         disable_local_APIC();
         local_irq_restore(flags);
@@ -1164,10 +1582,25 @@ static int lapic_resume(struct sys_device *dev)
         maxlvt = lapic_get_maxlvt();
 
         local_irq_save(flags);
-        rdmsr(MSR_IA32_APICBASE, l, h);
-        l &= ~MSR_IA32_APICBASE_BASE;
-        l |= MSR_IA32_APICBASE_ENABLE | mp_lapic_addr;
-        wrmsr(MSR_IA32_APICBASE, l, h);
+
+#ifdef CONFIG_X86_64
+        if (x2apic)
+                enable_x2apic();
+        else
+#endif
+        {
+                /*
+                 * Make sure the APICBASE points to the right address
+                 *
+                 * FIXME! This will be wrong if we ever support suspend on
+                 * SMP! We'll need to do this as part of the CPU restore!
+                 */
+                rdmsr(MSR_IA32_APICBASE, l, h);
+                l &= ~MSR_IA32_APICBASE_BASE;
+                l |= MSR_IA32_APICBASE_ENABLE | mp_lapic_addr;
+                wrmsr(MSR_IA32_APICBASE, l, h);
+        }
+
         apic_write(APIC_LVTERR, ERROR_APIC_VECTOR | APIC_LVT_MASKED);
         apic_write(APIC_ID, apic_pm_state.apic_id);
         apic_write(APIC_DFR, apic_pm_state.apic_dfr);
@@ -1176,7 +1609,7 @@ static int lapic_resume(struct sys_device *dev)
         apic_write(APIC_SPIV, apic_pm_state.apic_spiv);
         apic_write(APIC_LVT0, apic_pm_state.apic_lvt0);
         apic_write(APIC_LVT1, apic_pm_state.apic_lvt1);
-#ifdef CONFIG_X86_MCE_INTEL
+#if defined(CONFIG_X86_MCE_P4THERMAL) || defined(CONFIG_X86_MCE_INTEL)
         if (maxlvt >= 5)
                 apic_write(APIC_LVTTHMR, apic_pm_state.apic_thmr);
 #endif
@@ -1190,10 +1623,17 @@ static int lapic_resume(struct sys_device *dev)
         apic_write(APIC_LVTERR, apic_pm_state.apic_lvterr);
         apic_write(APIC_ESR, 0);
         apic_read(APIC_ESR);
+
         local_irq_restore(flags);
+
         return 0;
 }
 
+/*
+ * This device has no shutdown method - fully functioning local APICs
+ * are needed on every CPU up until machine_halt/restart/poweroff.
+ */
+
 static struct sysdev_class lapic_sysclass = {
         .name           = "lapic",
         .resume         = lapic_resume,
@@ -1307,31 +1747,19 @@ __cpuinit int apic_is_clustered_box(void)
         return (clusters > 2);
 }
 
-/*
- * APIC command line parameters
- */
-static int __init apic_set_verbosity(char *str)
+static __init int setup_nox2apic(char *str)
 {
-        if (str == NULL)  {
-                skip_ioapic_setup = 0;
-                ioapic_force = 1;
-                return 0;
-        }
-        if (strcmp("debug", str) == 0)
-                apic_verbosity = APIC_DEBUG;
-        else if (strcmp("verbose", str) == 0)
-                apic_verbosity = APIC_VERBOSE;
-        else {
-                printk(KERN_WARNING "APIC Verbosity level %s not recognised"
-                                " use apic=verbose or apic=debug\n", str);
-                return -EINVAL;
-        }
-
+        disable_x2apic = 1;
+        clear_cpu_cap(&boot_cpu_data, X86_FEATURE_X2APIC);
         return 0;
 }
-early_param("apic", apic_set_verbosity);
+early_param("nox2apic", setup_nox2apic);
+
 
-static __init int setup_disableapic(char *str)
+/*
+ * APIC command line parameters
+ */
+static int __init setup_disableapic(char *arg)
 {
         disable_apic = 1;
         setup_clear_cpu_cap(X86_FEATURE_APIC);
@@ -1340,9 +1768,9 @@ static __init int setup_disableapic(char *str)
 early_param("disableapic", setup_disableapic);
 
 /* same as disableapic, for compatibility */
-static __init int setup_nolapic(char *str)
+static int __init setup_nolapic(char *arg)
 {
-        return setup_disableapic(str);
+        return setup_disableapic(arg);
 }
 early_param("nolapic", setup_nolapic);
 
@@ -1353,14 +1781,19 @@ static int __init parse_lapic_timer_c2_ok(char *arg)
 }
 early_param("lapic_timer_c2_ok", parse_lapic_timer_c2_ok);
 
-static __init int setup_noapictimer(char *str)
+static int __init parse_disable_apic_timer(char *arg)
 {
-        if (str[0] != ' ' && str[0] != 0)
-                return 0;
         disable_apic_timer = 1;
-        return 1;
+        return 0;
 }
-__setup("noapictimer", setup_noapictimer);
+early_param("noapictimer", parse_disable_apic_timer);
+
+static int __init parse_nolapic_timer(char *arg)
+{
+        disable_apic_timer = 1;
+        return 0;
+}
+early_param("nolapic_timer", parse_nolapic_timer);
 
 static __init int setup_apicpmtimer(char *s)
 {
@@ -1370,6 +1803,31 @@ static __init int setup_apicpmtimer(char *s)
 }
 __setup("apicpmtimer", setup_apicpmtimer);
 
+static int __init apic_set_verbosity(char *arg)
+{
+        if (!arg)  {
+#ifdef CONFIG_X86_64
+                skip_ioapic_setup = 0;
+                ioapic_force = 1;
+                return 0;
+#endif
+                return -EINVAL;
+        }
+
+        if (strcmp("debug", arg) == 0)
+                apic_verbosity = APIC_DEBUG;
+        else if (strcmp("verbose", arg) == 0)
+                apic_verbosity = APIC_VERBOSE;
+        else {
+                printk(KERN_WARNING "APIC Verbosity level %s not recognised"
+                        " use apic=verbose or apic=debug\n", arg);
+                return -EINVAL;
+        }
+
+        return 0;
+}
+early_param("apic", apic_set_verbosity);
+
 static int __init lapic_insert_resource(void)
 {
         if (!apic_phys)
diff --git a/arch/x86/kernel/apm_32.c b/arch/x86/kernel/apm_32.c
index 9ee24e6bc4b0..5145a6e72bbb 100644
--- a/arch/x86/kernel/apm_32.c
+++ b/arch/x86/kernel/apm_32.c
@@ -228,12 +228,12 @@
 #include <linux/suspend.h>
 #include <linux/kthread.h>
 #include <linux/jiffies.h>
-#include <linux/smp_lock.h>
 
 #include <asm/system.h>
 #include <asm/uaccess.h>
 #include <asm/desc.h>
 #include <asm/i8253.h>
+#include <asm/olpc.h>
 #include <asm/paravirt.h>
 #include <asm/reboot.h>
 
@@ -2217,7 +2217,7 @@ static int __init apm_init(void)
 
         dmi_check_system(apm_dmi_table);
 
-        if (apm_info.bios.version == 0 || paravirt_enabled()) {
+        if (apm_info.bios.version == 0 || paravirt_enabled() || machine_is_olpc()) {
                 printk(KERN_INFO "apm: BIOS not found.\n");
                 return -ENODEV;
         }
diff --git a/arch/x86/kernel/asm-offsets_64.c b/arch/x86/kernel/asm-offsets_64.c
index aa89387006fe..505543a75a56 100644
--- a/arch/x86/kernel/asm-offsets_64.c
+++ b/arch/x86/kernel/asm-offsets_64.c
@@ -22,7 +22,7 @@
 
 #define __NO_STUBS 1
 #undef __SYSCALL
-#undef _ASM_X86_64_UNISTD_H_
+#undef ASM_X86__UNISTD_64_H
 #define __SYSCALL(nr, sym) [nr] = 1,
 static char syscalls[] = {
 #include <asm/unistd.h>
diff --git a/arch/x86/kernel/bios_uv.c b/arch/x86/kernel/bios_uv.c
index c639bd55391c..fdd585f9c53d 100644
--- a/arch/x86/kernel/bios_uv.c
+++ b/arch/x86/kernel/bios_uv.c
@@ -25,11 +25,11 @@ x86_bios_strerror(long status)
 {
         const char *str;
         switch (status) {
-        case  0: str = "Call completed without error"; break;
-        case -1: str = "Not implemented"; break;
-        case -2: str = "Invalid argument"; break;
-        case -3: str = "Call completed with error"; break;
-        default: str = "Unknown BIOS status code"; break;
+        case  0: str = "Call completed without error";  break;
+        case -1: str = "Not implemented";               break;
+        case -2: str = "Invalid argument";              break;
+        case -3: str = "Call completed with error";     break;
+        default: str = "Unknown BIOS status code";      break;
         }
         return str;
 }
diff --git a/arch/x86/kernel/cpu/Makefile b/arch/x86/kernel/cpu/Makefile
index ee76eaad3001..7f0b45a5d788 100644
--- a/arch/x86/kernel/cpu/Makefile
+++ b/arch/x86/kernel/cpu/Makefile
@@ -3,22 +3,30 @@
 #
 
 obj-y                   := intel_cacheinfo.o addon_cpuid_features.o
-obj-y                   += proc.o feature_names.o
-
-obj-$(CONFIG_X86_32)    += common.o bugs.o
-obj-$(CONFIG_X86_64)    += common_64.o bugs_64.o
-obj-$(CONFIG_X86_32)    += amd.o
-obj-$(CONFIG_X86_64)    += amd_64.o
-obj-$(CONFIG_X86_32)    += cyrix.o
-obj-$(CONFIG_X86_32)    += centaur.o
-obj-$(CONFIG_X86_64)    += centaur_64.o
-obj-$(CONFIG_X86_32)    += transmeta.o
-obj-$(CONFIG_X86_32)    += intel.o
-obj-$(CONFIG_X86_64)    += intel_64.o
-obj-$(CONFIG_X86_32)    += umc.o
+obj-y                   += proc.o capflags.o powerflags.o common.o
+
+obj-$(CONFIG_X86_32)    += bugs.o cmpxchg.o
+obj-$(CONFIG_X86_64)    += bugs_64.o
+
+obj-$(CONFIG_CPU_SUP_INTEL)             += intel.o
+obj-$(CONFIG_CPU_SUP_AMD)               += amd.o
+obj-$(CONFIG_CPU_SUP_CYRIX_32)          += cyrix.o
+obj-$(CONFIG_CPU_SUP_CENTAUR_32)        += centaur.o
+obj-$(CONFIG_CPU_SUP_CENTAUR_64)        += centaur_64.o
+obj-$(CONFIG_CPU_SUP_TRANSMETA_32)      += transmeta.o
+obj-$(CONFIG_CPU_SUP_UMC_32)            += umc.o
 
 obj-$(CONFIG_X86_MCE)   += mcheck/
 obj-$(CONFIG_MTRR)      += mtrr/
 obj-$(CONFIG_CPU_FREQ)  += cpufreq/
 
 obj-$(CONFIG_X86_LOCAL_APIC) += perfctr-watchdog.o
+
+quiet_cmd_mkcapflags = MKCAP   $@
+      cmd_mkcapflags = $(PERL) $(srctree)/$(src)/mkcapflags.pl $< $@
+
+cpufeature = $(src)/../../../../include/asm-x86/cpufeature.h
+
+targets += capflags.c
+$(obj)/capflags.c: $(cpufeature) $(src)/mkcapflags.pl FORCE
+        $(call if_changed,mkcapflags)
diff --git a/arch/x86/kernel/cpu/addon_cpuid_features.c b/arch/x86/kernel/cpu/addon_cpuid_features.c
index a6ef672adbba..0d9c993aa93e 100644
--- a/arch/x86/kernel/cpu/addon_cpuid_features.c
+++ b/arch/x86/kernel/cpu/addon_cpuid_features.c
@@ -7,6 +7,8 @@
 #include <asm/pat.h>
 #include <asm/processor.h>
 
+#include <mach_apic.h>
+
 struct cpuid_bit {
         u16 feature;
         u8 reg;
@@ -48,6 +50,92 @@ void __cpuinit init_scattered_cpuid_features(struct cpuinfo_x86 *c)
         }
 }
 
+/* leaf 0xb SMT level */
+#define SMT_LEVEL       0
+
+/* leaf 0xb sub-leaf types */
+#define INVALID_TYPE    0
+#define SMT_TYPE        1
+#define CORE_TYPE       2
+
+#define LEAFB_SUBTYPE(ecx)              (((ecx) >> 8) & 0xff)
+#define BITS_SHIFT_NEXT_LEVEL(eax)      ((eax) & 0x1f)
+#define LEVEL_MAX_SIBLINGS(ebx)         ((ebx) & 0xffff)
+
+/*
+ * Check for extended topology enumeration cpuid leaf 0xb and if it
+ * exists, use it for populating initial_apicid and cpu topology
+ * detection.
+ */
+void __cpuinit detect_extended_topology(struct cpuinfo_x86 *c)
+{
+#ifdef CONFIG_SMP
+        unsigned int eax, ebx, ecx, edx, sub_index;
+        unsigned int ht_mask_width, core_plus_mask_width;
+        unsigned int core_select_mask, core_level_siblings;
+
+        if (c->cpuid_level < 0xb)
+                return;
+
+        cpuid_count(0xb, SMT_LEVEL, &eax, &ebx, &ecx, &edx);
+
+        /*
+         * check if the cpuid leaf 0xb is actually implemented.
+         */
+        if (ebx == 0 || (LEAFB_SUBTYPE(ecx) != SMT_TYPE))
+                return;
+
+        set_cpu_cap(c, X86_FEATURE_XTOPOLOGY);
+
+        /*
+         * initial apic id, which also represents 32-bit extended x2apic id.
+         */
+        c->initial_apicid = edx;
+
+        /*
+         * Populate HT related information from sub-leaf level 0.
+         */
+        core_level_siblings = smp_num_siblings = LEVEL_MAX_SIBLINGS(ebx);
+        core_plus_mask_width = ht_mask_width = BITS_SHIFT_NEXT_LEVEL(eax);
+
+        sub_index = 1;
+        do {
+                cpuid_count(0xb, sub_index, &eax, &ebx, &ecx, &edx);
+
+                /*
+                 * Check for the Core type in the implemented sub leaves.
+                 */
+                if (LEAFB_SUBTYPE(ecx) == CORE_TYPE) {
+                        core_level_siblings = LEVEL_MAX_SIBLINGS(ebx);
+                        core_plus_mask_width = BITS_SHIFT_NEXT_LEVEL(eax);
+                        break;
+                }
+
+                sub_index++;
+        } while (LEAFB_SUBTYPE(ecx) != INVALID_TYPE);
+
+        core_select_mask = (~(-1 << core_plus_mask_width)) >> ht_mask_width;
+
+#ifdef CONFIG_X86_32
+        c->cpu_core_id = phys_pkg_id(c->initial_apicid, ht_mask_width)
+                                                 & core_select_mask;
+        c->phys_proc_id = phys_pkg_id(c->initial_apicid, core_plus_mask_width);
+#else
+        c->cpu_core_id = phys_pkg_id(ht_mask_width) & core_select_mask;
+        c->phys_proc_id = phys_pkg_id(core_plus_mask_width);
+#endif
+        c->x86_max_cores = (core_level_siblings / smp_num_siblings);
+
+
+        printk(KERN_INFO  "CPU: Physical Processor ID: %d\n",
+               c->phys_proc_id);
+        if (c->x86_max_cores > 1)
+                printk(KERN_INFO  "CPU: Processor Core ID: %d\n",
+                       c->cpu_core_id);
+        return;
+#endif
+}
+
 #ifdef CONFIG_X86_PAT
 void __cpuinit validate_pat_support(struct cpuinfo_x86 *c)
 {
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
index cae9cabc3031..32e73520adf7 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -1,13 +1,22 @@
 #include <linux/init.h>
 #include <linux/bitops.h>
 #include <linux/mm.h>
+
 #include <asm/io.h>
 #include <asm/processor.h>
 #include <asm/apic.h>
 
+#ifdef CONFIG_X86_64
+# include <asm/numa_64.h>
+# include <asm/mmconfig.h>
+# include <asm/cacheflush.h>
+#endif
+
 #include <mach_apic.h>
+
 #include "cpu.h"
 
+#ifdef CONFIG_X86_32
 /*
  *      B step AMD K6 before B 9730xxxx have hardware bugs that can cause
  *      misexecution of code under Linux. Owners of such processors should
@@ -24,21 +33,273 @@
 extern void vide(void);
 __asm__(".align 4\nvide: ret");
 
-static void __cpuinit early_init_amd(struct cpuinfo_x86 *c)
+static void __cpuinit init_amd_k5(struct cpuinfo_x86 *c)
 {
-        if (cpuid_eax(0x80000000) >= 0x80000007) {
-                c->x86_power = cpuid_edx(0x80000007);
-                if (c->x86_power & (1<<8))
-                        set_cpu_cap(c, X86_FEATURE_CONSTANT_TSC);
+/*
+ * General Systems BIOSen alias the cpu frequency registers
+ * of the Elan at 0x000df000. Unfortuantly, one of the Linux
+ * drivers subsequently pokes it, and changes the CPU speed.
+ * Workaround : Remove the unneeded alias.
+ */
+#define CBAR            (0xfffc) /* Configuration Base Address  (32-bit) */
+#define CBAR_ENB        (0x80000000)
+#define CBAR_KEY        (0X000000CB)
+        if (c->x86_model == 9 || c->x86_model == 10) {
+                if (inl (CBAR) & CBAR_ENB)
+                        outl (0 | CBAR_KEY, CBAR);
         }
 }
 
-static void __cpuinit init_amd(struct cpuinfo_x86 *c)
+
+static void __cpuinit init_amd_k6(struct cpuinfo_x86 *c)
 {
         u32 l, h;
         int mbytes = num_physpages >> (20-PAGE_SHIFT);
-        int r;
 
+        if (c->x86_model < 6) {
+                /* Based on AMD doc 20734R - June 2000 */
+                if (c->x86_model == 0) {
+                        clear_cpu_cap(c, X86_FEATURE_APIC);
+                        set_cpu_cap(c, X86_FEATURE_PGE);
+                }
+                return;
+        }
+
+        if (c->x86_model == 6 && c->x86_mask == 1) {
+                const int K6_BUG_LOOP = 1000000;
+                int n;
+                void (*f_vide)(void);
+                unsigned long d, d2;
+
+                printk(KERN_INFO "AMD K6 stepping B detected - ");
+
+                /*
+                 * It looks like AMD fixed the 2.6.2 bug and improved indirect
+                 * calls at the same time.
+                 */
+
+                n = K6_BUG_LOOP;
+                f_vide = vide;
+                rdtscl(d);
+                while (n--)
+                        f_vide();
+                rdtscl(d2);
+                d = d2-d;
+
+                if (d > 20*K6_BUG_LOOP)
+                        printk("system stability may be impaired when more than 32 MB are used.\n");
+                else
+                        printk("probably OK (after B9730xxxx).\n");
+                printk(KERN_INFO "Please see http://membres.lycos.fr/poulot/k6bug.html\n");
+        }
+
+        /* K6 with old style WHCR */
+        if (c->x86_model < 8 ||
+           (c->x86_model == 8 && c->x86_mask < 8)) {
+                /* We can only write allocate on the low 508Mb */
+                if (mbytes > 508)
+                        mbytes = 508;
+
+                rdmsr(MSR_K6_WHCR, l, h);
+                if ((l&0x0000FFFF) == 0) {
+                        unsigned long flags;
+                        l = (1<<0)|((mbytes/4)<<1);
+                        local_irq_save(flags);
+                        wbinvd();
+                        wrmsr(MSR_K6_WHCR, l, h);
+                        local_irq_restore(flags);
+                        printk(KERN_INFO "Enabling old style K6 write allocation for %d Mb\n",
+                                mbytes);
+                }
+                return;
+        }
+
+        if ((c->x86_model == 8 && c->x86_mask > 7) ||
+             c->x86_model == 9 || c->x86_model == 13) {
+                /* The more serious chips .. */
+
+                if (mbytes > 4092)
+                        mbytes = 4092;
+
+                rdmsr(MSR_K6_WHCR, l, h);
+                if ((l&0xFFFF0000) == 0) {
+                        unsigned long flags;
+                        l = ((mbytes>>2)<<22)|(1<<16);
+                        local_irq_save(flags);
+                        wbinvd();
+                        wrmsr(MSR_K6_WHCR, l, h);
+                        local_irq_restore(flags);
+                        printk(KERN_INFO "Enabling new style K6 write allocation for %d Mb\n",
+                                mbytes);
+                }
+
+                return;
+        }
+
+        if (c->x86_model == 10) {
+                /* AMD Geode LX is model 10 */
+                /* placeholder for any needed mods */
+                return;
+        }
+}
+
+static void __cpuinit init_amd_k7(struct cpuinfo_x86 *c)
+{
+        u32 l, h;
+
+        /*
+         * Bit 15 of Athlon specific MSR 15, needs to be 0
+         * to enable SSE on Palomino/Morgan/Barton CPU's.
+         * If the BIOS didn't enable it already, enable it here.
+         */
+        if (c->x86_model >= 6 && c->x86_model <= 10) {
+                if (!cpu_has(c, X86_FEATURE_XMM)) {
+                        printk(KERN_INFO "Enabling disabled K7/SSE Support.\n");
+                        rdmsr(MSR_K7_HWCR, l, h);
+                        l &= ~0x00008000;
+                        wrmsr(MSR_K7_HWCR, l, h);
+                        set_cpu_cap(c, X86_FEATURE_XMM);
+                }
+        }
+
+        /*
+         * It's been determined by AMD that Athlons since model 8 stepping 1
+         * are more robust with CLK_CTL set to 200xxxxx instead of 600xxxxx
+         * As per AMD technical note 27212 0.2
+         */
+        if ((c->x86_model == 8 && c->x86_mask >= 1) || (c->x86_model > 8)) {
+                rdmsr(MSR_K7_CLK_CTL, l, h);
+                if ((l & 0xfff00000) != 0x20000000) {
+                        printk ("CPU: CLK_CTL MSR was %x. Reprogramming to %x\n", l,
+                                ((l & 0x000fffff)|0x20000000));
+                        wrmsr(MSR_K7_CLK_CTL, (l & 0x000fffff)|0x20000000, h);
+                }
+        }
+
+        set_cpu_cap(c, X86_FEATURE_K7);
+}
+#endif
+
+#if defined(CONFIG_NUMA) && defined(CONFIG_X86_64)
+static int __cpuinit nearby_node(int apicid)
+{
+        int i, node;
+
+        for (i = apicid - 1; i >= 0; i--) {
+                node = apicid_to_node[i];
+                if (node != NUMA_NO_NODE && node_online(node))
+                        return node;
+        }
+        for (i = apicid + 1; i < MAX_LOCAL_APIC; i++) {
+                node = apicid_to_node[i];
+                if (node != NUMA_NO_NODE && node_online(node))
+                        return node;
+        }
+        return first_node(node_online_map); /* Shouldn't happen */
+}
+#endif
+
+/*
+ * On a AMD dual core setup the lower bits of the APIC id distingush the cores.
+ * Assumes number of cores is a power of two.
+ */
+static void __cpuinit amd_detect_cmp(struct cpuinfo_x86 *c)
+{
+#ifdef CONFIG_X86_HT
+        unsigned bits;
+
+        bits = c->x86_coreid_bits;
+
+        /* Low order bits define the core id (index of core in socket) */
+        c->cpu_core_id = c->initial_apicid & ((1 << bits)-1);
+        /* Convert the initial APIC ID into the socket ID */
+        c->phys_proc_id = c->initial_apicid >> bits;
+#endif
+}
+
+static void __cpuinit srat_detect_node(struct cpuinfo_x86 *c)
+{
+#if defined(CONFIG_NUMA) && defined(CONFIG_X86_64)
+        int cpu = smp_processor_id();
+        int node;
+        unsigned apicid = hard_smp_processor_id();
+
+        node = c->phys_proc_id;
+        if (apicid_to_node[apicid] != NUMA_NO_NODE)
+                node = apicid_to_node[apicid];
+        if (!node_online(node)) {
+                /* Two possibilities here:
+                   - The CPU is missing memory and no node was created.
+                   In that case try picking one from a nearby CPU
+                   - The APIC IDs differ from the HyperTransport node IDs
+                   which the K8 northbridge parsing fills in.
+                   Assume they are all increased by a constant offset,
+                   but in the same order as the HT nodeids.
+                   If that doesn't result in a usable node fall back to the
+                   path for the previous case.  */
+
+                int ht_nodeid = c->initial_apicid;
+
+                if (ht_nodeid >= 0 &&
+                    apicid_to_node[ht_nodeid] != NUMA_NO_NODE)
+                        node = apicid_to_node[ht_nodeid];
+                /* Pick a nearby node */
+                if (!node_online(node))
+                        node = nearby_node(apicid);
+        }
+        numa_set_node(cpu, node);
+
+        printk(KERN_INFO "CPU %d/%x -> Node %d\n", cpu, apicid, node);
+#endif
+}
+
+static void __cpuinit early_init_amd_mc(struct cpuinfo_x86 *c)
+{
+#ifdef CONFIG_X86_HT
+        unsigned bits, ecx;
+
+        /* Multi core CPU? */
+        if (c->extended_cpuid_level < 0x80000008)
+                return;
+
+        ecx = cpuid_ecx(0x80000008);
+
+        c->x86_max_cores = (ecx & 0xff) + 1;
+
+        /* CPU telling us the core id bits shift? */
+        bits = (ecx >> 12) & 0xF;
+
+        /* Otherwise recompute */
+        if (bits == 0) {
+                while ((1 << bits) < c->x86_max_cores)
+                        bits++;
+        }
+
+        c->x86_coreid_bits = bits;
+#endif
+}
+
+static void __cpuinit early_init_amd(struct cpuinfo_x86 *c)
+{
+        early_init_amd_mc(c);
+
+        /* c->x86_power is 8000_0007 edx. Bit 8 is constant TSC */
+        if (c->x86_power & (1<<8))
+                set_cpu_cap(c, X86_FEATURE_CONSTANT_TSC);
+
+#ifdef CONFIG_X86_64
+        set_cpu_cap(c, X86_FEATURE_SYSCALL32);
+#else
+        /*  Set MTRR capability flag if appropriate */
+        if (c->x86 == 5)
+                if (c->x86_model == 13 || c->x86_model == 9 ||
+                    (c->x86_model == 8 && c->x86_mask >= 8))
+                        set_cpu_cap(c, X86_FEATURE_K6_MTRR);
+#endif
+}
+
+static void __cpuinit init_amd(struct cpuinfo_x86 *c)
+{
 #ifdef CONFIG_SMP
         unsigned long long value;
 
@@ -49,7 +310,7 @@ static void __cpuinit init_amd(struct cpuinfo_x86 *c)
          * Errata 63 for SH-B3 steppings
          * Errata 122 for all steppings (F+ have it disabled by default)
          */
-        if (c->x86 == 15) {
+        if (c->x86 == 0xf) {
                 rdmsrl(MSR_K7_HWCR, value);
                 value |= 1 << 6;
                 wrmsrl(MSR_K7_HWCR, value);
@@ -59,213 +320,119 @@ static void __cpuinit init_amd(struct cpuinfo_x86 *c)
         early_init_amd(c);
 
         /*
-         *      FIXME: We should handle the K5 here. Set up the write
-         *      range and also turn on MSR 83 bits 4 and 31 (write alloc,
-         *      no bus pipeline)
-         */
-
-        /*
          * Bit 31 in normal CPUID used for nonstandard 3DNow ID;
          * 3DNow is IDd by bit 31 in extended CPUID (1*32+31) anyway
          */
         clear_cpu_cap(c, 0*32+31);
 
-        r = get_model_name(c);
+#ifdef CONFIG_X86_64
+        /* On C+ stepping K8 rep microcode works well for copy/memset */
+        if (c->x86 == 0xf) {
+                u32 level;
 
-        switch (c->x86) {
-        case 4:
-                /*
-                 * General Systems BIOSen alias the cpu frequency registers
-                 * of the Elan at 0x000df000. Unfortuantly, one of the Linux
-                 * drivers subsequently pokes it, and changes the CPU speed.
-                 * Workaround : Remove the unneeded alias.
-                 */
-#define CBAR            (0xfffc) /* Configuration Base Address  (32-bit) */
-#define CBAR_ENB        (0x80000000)
-#define CBAR_KEY        (0X000000CB)
-                        if (c->x86_model == 9 || c->x86_model == 10) {
-                                if (inl (CBAR) & CBAR_ENB)
-                                        outl (0 | CBAR_KEY, CBAR);
-                        }
-                        break;
-        case 5:
-                        if (c->x86_model < 6) {
-                                /* Based on AMD doc 20734R - June 2000 */
-                                if (c->x86_model == 0) {
-                                        clear_cpu_cap(c, X86_FEATURE_APIC);
-                                        set_cpu_cap(c, X86_FEATURE_PGE);
-                                }
-                                break;
-                        }
-
-                        if (c->x86_model == 6 && c->x86_mask == 1) {
-                                const int K6_BUG_LOOP = 1000000;
-                                int n;
-                                void (*f_vide)(void);
-                                unsigned long d, d2;
-
-                                printk(KERN_INFO "AMD K6 stepping B detected - ");
-
-                                /*
-                                 * It looks like AMD fixed the 2.6.2 bug and improved indirect
-                                 * calls at the same time.
-                                 */
-
-                                n = K6_BUG_LOOP;
-                                f_vide = vide;
-                                rdtscl(d);
-                                while (n--)
-                                        f_vide();
-                                rdtscl(d2);
-                                d = d2-d;
-
-                                if (d > 20*K6_BUG_LOOP)
-                                        printk("system stability may be impaired when more than 32 MB are used.\n");
-                                else
-                                        printk("probably OK (after B9730xxxx).\n");
-                                printk(KERN_INFO "Please see http://membres.lycos.fr/poulot/k6bug.html\n");
-                        }
-
-                        /* K6 with old style WHCR */
-                        if (c->x86_model < 8 ||
-                           (c->x86_model == 8 && c->x86_mask < 8)) {
-                                /* We can only write allocate on the low 508Mb */
-                                if (mbytes > 508)
-                                        mbytes = 508;
-
-                                rdmsr(MSR_K6_WHCR, l, h);
-                                if ((l&0x0000FFFF) == 0) {
-                                        unsigned long flags;
-                                        l = (1<<0)|((mbytes/4)<<1);
-                                        local_irq_save(flags);
-                                        wbinvd();
-                                        wrmsr(MSR_K6_WHCR, l, h);
-                                        local_irq_restore(flags);
-                                        printk(KERN_INFO "Enabling old style K6 write allocation for %d Mb\n",
-                                                mbytes);
-                                }
-                                break;
-                        }
-
-                        if ((c->x86_model == 8 && c->x86_mask > 7) ||
-                             c->x86_model == 9 || c->x86_model == 13) {
-                                /* The more serious chips .. */
-
-                                if (mbytes > 4092)
-                                        mbytes = 4092;
-
-                                rdmsr(MSR_K6_WHCR, l, h);
-                                if ((l&0xFFFF0000) == 0) {
-                                        unsigned long flags;
-                                        l = ((mbytes>>2)<<22)|(1<<16);
-                                        local_irq_save(flags);
-                                        wbinvd();
-                                        wrmsr(MSR_K6_WHCR, l, h);
-                                        local_irq_restore(flags);
-                                        printk(KERN_INFO "Enabling new style K6 write allocation for %d Mb\n",
-                                                mbytes);
-                                }
-
-                                /*  Set MTRR capability flag if appropriate */
-                                if (c->x86_model == 13 || c->x86_model == 9 ||
-                                   (c->x86_model == 8 && c->x86_mask >= 8))
-                                        set_cpu_cap(c, X86_FEATURE_K6_MTRR);
-                                break;
-                        }
-
-                        if (c->x86_model == 10) {
-                                /* AMD Geode LX is model 10 */
-                                /* placeholder for any needed mods */
-                                break;
-                        }
-                        break;
-        case 6: /* An Athlon/Duron */
-
-                        /*
-                         * Bit 15 of Athlon specific MSR 15, needs to be 0
-                         * to enable SSE on Palomino/Morgan/Barton CPU's.
-                         * If the BIOS didn't enable it already, enable it here.
-                         */
-                        if (c->x86_model >= 6 && c->x86_model <= 10) {
-                                if (!cpu_has(c, X86_FEATURE_XMM)) {
-                                        printk(KERN_INFO "Enabling disabled K7/SSE Support.\n");
-                                        rdmsr(MSR_K7_HWCR, l, h);
-                                        l &= ~0x00008000;
-                                        wrmsr(MSR_K7_HWCR, l, h);
-                                        set_cpu_cap(c, X86_FEATURE_XMM);
-                                }
-                        }
-
-                        /*
-                         * It's been determined by AMD that Athlons since model 8 stepping 1
-                         * are more robust with CLK_CTL set to 200xxxxx instead of 600xxxxx
-                         * As per AMD technical note 27212 0.2
-                         */
-                        if ((c->x86_model == 8 && c->x86_mask >= 1) || (c->x86_model > 8)) {
-                                rdmsr(MSR_K7_CLK_CTL, l, h);
-                                if ((l & 0xfff00000) != 0x20000000) {
-                                        printk ("CPU: CLK_CTL MSR was %x. Reprogramming to %x\n", l,
-                                                ((l & 0x000fffff)|0x20000000));
-                                        wrmsr(MSR_K7_CLK_CTL, (l & 0x000fffff)|0x20000000, h);
-                                }
-                        }
-                        break;
+                level = cpuid_eax(1);
+                if((level >= 0x0f48 && level < 0x0f50) || level >= 0x0f58)
+                        set_cpu_cap(c, X86_FEATURE_REP_GOOD);
         }
+        if (c->x86 == 0x10 || c->x86 == 0x11)
+                set_cpu_cap(c, X86_FEATURE_REP_GOOD);
+#else
+
+        /*
+         *      FIXME: We should handle the K5 here. Set up the write
+         *      range and also turn on MSR 83 bits 4 and 31 (write alloc,
+         *      no bus pipeline)
+         */
 
         switch (c->x86) {
-        case 15:
-        /* Use K8 tuning for Fam10h and Fam11h */
-        case 0x10:
-        case 0x11:
-                set_cpu_cap(c, X86_FEATURE_K8);
+        case 4:
+                init_amd_k5(c);
                 break;
-        case 6:
-                set_cpu_cap(c, X86_FEATURE_K7);
+        case 5:
+                init_amd_k6(c);
+                break;
+        case 6: /* An Athlon/Duron */
+                init_amd_k7(c);
                 break;
         }
+
+        /* K6s reports MCEs but don't actually have all the MSRs */
+        if (c->x86 < 6)
+                clear_cpu_cap(c, X86_FEATURE_MCE);
+#endif
+
+        /* Enable workaround for FXSAVE leak */
         if (c->x86 >= 6)
                 set_cpu_cap(c, X86_FEATURE_FXSAVE_LEAK);
 
-        display_cacheinfo(c);
-
-        if (cpuid_eax(0x80000000) >= 0x80000008)
-                c->x86_max_cores = (cpuid_ecx(0x80000008) & 0xff) + 1;
+        if (!c->x86_model_id[0]) {
+                switch (c->x86) {
+                case 0xf:
+                        /* Should distinguish Models here, but this is only
+                           a fallback anyways. */
+                        strcpy(c->x86_model_id, "Hammer");
+                        break;
+                }
+        }
 
-#ifdef CONFIG_X86_HT
-        /*
-         * On a AMD multi core setup the lower bits of the APIC id
-         * distinguish the cores.
-         */
-        if (c->x86_max_cores > 1) {
-                int cpu = smp_processor_id();
-                unsigned bits = (cpuid_ecx(0x80000008) >> 12) & 0xf;
+        display_cacheinfo(c);
 
-                if (bits == 0) {
-                        while ((1 << bits) < c->x86_max_cores)
-                                bits++;
-                }
-                c->cpu_core_id = c->phys_proc_id & ((1<<bits)-1);
-                c->phys_proc_id >>= bits;
-                printk(KERN_INFO "CPU %d(%d) -> Core %d\n",
-                       cpu, c->x86_max_cores, c->cpu_core_id);
+        /* Multi core CPU? */
+        if (c->extended_cpuid_level >= 0x80000008) {
+                amd_detect_cmp(c);
+                srat_detect_node(c);
         }
+
+#ifdef CONFIG_X86_32
+        detect_ht(c);
 #endif
 
-        if (cpuid_eax(0x80000000) >= 0x80000006) {
-                if ((c->x86 == 0x10) && (cpuid_edx(0x80000006) & 0xf000))
+        if (c->extended_cpuid_level >= 0x80000006) {
+                if ((c->x86 >= 0x0f) && (cpuid_edx(0x80000006) & 0xf000))
                         num_cache_leaves = 4;
                 else
                         num_cache_leaves = 3;
         }
 
-        /* K6s reports MCEs but don't actually have all the MSRs */
-        if (c->x86 < 6)
-                clear_cpu_cap(c, X86_FEATURE_MCE);
+        if (c->x86 >= 0xf && c->x86 <= 0x11)
+                set_cpu_cap(c, X86_FEATURE_K8);
 
-        if (cpu_has_xmm2)
+        if (cpu_has_xmm2) {
+                /* MFENCE stops RDTSC speculation */
                 set_cpu_cap(c, X86_FEATURE_MFENCE_RDTSC);
+        }
+
+#ifdef CONFIG_X86_64
+        if (c->x86 == 0x10) {
+                /* do this for boot cpu */
+                if (c == &boot_cpu_data)
+                        check_enable_amd_mmconf_dmi();
+
+                fam10h_check_enable_mmcfg();
+        }
+
+        if (c == &boot_cpu_data && c->x86 >= 0xf && c->x86 <= 0x11) {
+                unsigned long long tseg;
+
+                /*
+                 * Split up direct mapping around the TSEG SMM area.
+                 * Don't do it for gbpages because there seems very little
+                 * benefit in doing so.
+                 */
+                if (!rdmsrl_safe(MSR_K8_TSEG_ADDR, &tseg)) {
+                    printk(KERN_DEBUG "tseg: %010llx\n", tseg);
+                    if ((tseg>>PMD_SHIFT) <
+                                (max_low_pfn_mapped>>(PMD_SHIFT-PAGE_SHIFT)) ||
+                        ((tseg>>PMD_SHIFT) <
+                                (max_pfn_mapped>>(PMD_SHIFT-PAGE_SHIFT)) &&
+                         (tseg>>PMD_SHIFT) >= (1ULL<<(32 - PMD_SHIFT))))
+                        set_memory_4k((unsigned long)__va(tseg), 1);
+                }
+        }
+#endif
 }
 
+#ifdef CONFIG_X86_32
 static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c, unsigned int size)
 {
         /* AMD errata T13 (order #21922) */
@@ -278,10 +445,12 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c, unsigned int
         }
         return size;
 }
+#endif
 
 static struct cpu_dev amd_cpu_dev __cpuinitdata = {
         .c_vendor       = "AMD",
         .c_ident        = { "AuthenticAMD" },
+#ifdef CONFIG_X86_32
         .c_models = {
                 { .vendor = X86_VENDOR_AMD, .family = 4, .model_names =
                   {
@@ -294,9 +463,11 @@ static struct cpu_dev amd_cpu_dev __cpuinitdata = {
                   }
                 },
         },
+        .c_size_cache   = amd_size_cache,
+#endif
         .c_early_init   = early_init_amd,
         .c_init         = init_amd,
-        .c_size_cache   = amd_size_cache,
+        .c_x86_vendor   = X86_VENDOR_AMD,
 };
 
-cpu_vendor_dev_register(X86_VENDOR_AMD, &amd_cpu_dev);
+cpu_dev_register(amd_cpu_dev);
diff --git a/arch/x86/kernel/cpu/amd_64.c b/arch/x86/kernel/cpu/amd_64.c
deleted file mode 100644
index d1692b2a41ff..000000000000
--- a/arch/x86/kernel/cpu/amd_64.c
+++ /dev/null
@@ -1,224 +0,0 @@
-#include <linux/init.h>
-#include <linux/mm.h>
-
-#include <asm/numa_64.h>
-#include <asm/mmconfig.h>
-#include <asm/cacheflush.h>
-
-#include <mach_apic.h>
-
-#include "cpu.h"
-
-int force_mwait __cpuinitdata;
-
-#ifdef CONFIG_NUMA
-static int __cpuinit nearby_node(int apicid)
-{
-        int i, node;
-
-        for (i = apicid - 1; i >= 0; i--) {
-                node = apicid_to_node[i];
-                if (node != NUMA_NO_NODE && node_online(node))
-                        return node;
-        }
-        for (i = apicid + 1; i < MAX_LOCAL_APIC; i++) {
-                node = apicid_to_node[i];
-                if (node != NUMA_NO_NODE && node_online(node))
-                        return node;
-        }
-        return first_node(node_online_map); /* Shouldn't happen */
-}
-#endif
-
-/*
- * On a AMD dual core setup the lower bits of the APIC id distingush the cores.
- * Assumes number of cores is a power of two.
- */
-static void __cpuinit amd_detect_cmp(struct cpuinfo_x86 *c)
-{
-#ifdef CONFIG_SMP
-        unsigned bits;
-#ifdef CONFIG_NUMA
-        int cpu = smp_processor_id();
-        int node = 0;
-        unsigned apicid = hard_smp_processor_id();
-#endif
-        bits = c->x86_coreid_bits;
-
-        /* Low order bits define the core id (index of core in socket) */
-        c->cpu_core_id = c->initial_apicid & ((1 << bits)-1);
-        /* Convert the initial APIC ID into the socket ID */
-        c->phys_proc_id = c->initial_apicid >> bits;
-
-#ifdef CONFIG_NUMA
-        node = c->phys_proc_id;
-        if (apicid_to_node[apicid] != NUMA_NO_NODE)
-                node = apicid_to_node[apicid];
-        if (!node_online(node)) {
-                /* Two possibilities here:
-                   - The CPU is missing memory and no node was created.
-                   In that case try picking one from a nearby CPU
-                   - The APIC IDs differ from the HyperTransport node IDs
-                   which the K8 northbridge parsing fills in.
-                   Assume they are all increased by a constant offset,
-                   but in the same order as the HT nodeids.
-                   If that doesn't result in a usable node fall back to the
-                   path for the previous case.  */
-
-                int ht_nodeid = c->initial_apicid;
-
-                if (ht_nodeid >= 0 &&
-                    apicid_to_node[ht_nodeid] != NUMA_NO_NODE)
-                        node = apicid_to_node[ht_nodeid];
-                /* Pick a nearby node */
-                if (!node_online(node))
-                        node = nearby_node(apicid);
-        }
-        numa_set_node(cpu, node);
-
-        printk(KERN_INFO "CPU %d/%x -> Node %d\n", cpu, apicid, node);
-#endif
-#endif
-}
-
-static void __cpuinit early_init_amd_mc(struct cpuinfo_x86 *c)
-{
-#ifdef CONFIG_SMP
-        unsigned bits, ecx;
-
-        /* Multi core CPU? */
-        if (c->extended_cpuid_level < 0x80000008)
-                return;
-
-        ecx = cpuid_ecx(0x80000008);
-
-        c->x86_max_cores = (ecx & 0xff) + 1;
-
-        /* CPU telling us the core id bits shift? */
-        bits = (ecx >> 12) & 0xF;
-
-        /* Otherwise recompute */
-        if (bits == 0) {
-                while ((1 << bits) < c->x86_max_cores)
-                        bits++;
-        }
-
-        c->x86_coreid_bits = bits;
-
-#endif
-}
-
-static void __cpuinit early_init_amd(struct cpuinfo_x86 *c)
-{
-        early_init_amd_mc(c);
-
-        /* c->x86_power is 8000_0007 edx. Bit 8 is constant TSC */
-        if (c->x86_power & (1<<8))
-                set_cpu_cap(c, X86_FEATURE_CONSTANT_TSC);
-
-        set_cpu_cap(c, X86_FEATURE_SYSCALL32);
-}
-
-static void __cpuinit init_amd(struct cpuinfo_x86 *c)
-{
-        unsigned level;
-
-#ifdef CONFIG_SMP
-        unsigned long value;
-
-        /*
-         * Disable TLB flush filter by setting HWCR.FFDIS on K8
-         * bit 6 of msr C001_0015
-         *
-         * Errata 63 for SH-B3 steppings
-         * Errata 122 for all steppings (F+ have it disabled by default)
-         */
-        if (c->x86 == 0xf) {
-                rdmsrl(MSR_K8_HWCR, value);
-                value |= 1 << 6;
-                wrmsrl(MSR_K8_HWCR, value);
-        }
-#endif
-
-        /* Bit 31 in normal CPUID used for nonstandard 3DNow ID;
-           3DNow is IDd by bit 31 in extended CPUID (1*32+31) anyway */
-        clear_cpu_cap(c, 0*32+31);
-
-        /* On C+ stepping K8 rep microcode works well for copy/memset */
-        if (c->x86 == 0xf) {
-                level = cpuid_eax(1);
-                if((level >= 0x0f48 && level < 0x0f50) || level >= 0x0f58)
-                        set_cpu_cap(c, X86_FEATURE_REP_GOOD);
-        }
-        if (c->x86 == 0x10 || c->x86 == 0x11)
-                set_cpu_cap(c, X86_FEATURE_REP_GOOD);
-
-        /* Enable workaround for FXSAVE leak */
-        if (c->x86 >= 6)
-                set_cpu_cap(c, X86_FEATURE_FXSAVE_LEAK);
-
-        level = get_model_name(c);
-        if (!level) {
-                switch (c->x86) {
-                case 0xf:
-                        /* Should distinguish Models here, but this is only
-                           a fallback anyways. */
-                        strcpy(c->x86_model_id, "Hammer");
-                        break;
-                }
-        }
-        display_cacheinfo(c);
-
-        /* Multi core CPU? */
-        if (c->extended_cpuid_level >= 0x80000008)
-                amd_detect_cmp(c);
-
-        if (c->extended_cpuid_level >= 0x80000006 &&
-                (cpuid_edx(0x80000006) & 0xf000))
-                num_cache_leaves = 4;
-        else
-                num_cache_leaves = 3;
-
-        if (c->x86 >= 0xf && c->x86 <= 0x11)
-                set_cpu_cap(c, X86_FEATURE_K8);
-
-        /* MFENCE stops RDTSC speculation */
-        set_cpu_cap(c, X86_FEATURE_MFENCE_RDTSC);
-
-        if (c->x86 == 0x10) {
-                /* do this for boot cpu */
-                if (c == &boot_cpu_data)
-                        check_enable_amd_mmconf_dmi();
-
-                fam10h_check_enable_mmcfg();
-        }
-
-        if (c == &boot_cpu_data && c->x86 >= 0xf && c->x86 <= 0x11) {
-                unsigned long long tseg;
-
-                /*
-                 * Split up direct mapping around the TSEG SMM area.
-                 * Don't do it for gbpages because there seems very little
-                 * benefit in doing so.
-                 */
-                if (!rdmsrl_safe(MSR_K8_TSEG_ADDR, &tseg)) {
-                    printk(KERN_DEBUG "tseg: %010llx\n", tseg);
-                    if ((tseg>>PMD_SHIFT) <
-                                (max_low_pfn_mapped>>(PMD_SHIFT-PAGE_SHIFT)) ||
-                        ((tseg>>PMD_SHIFT) <
-                                (max_pfn_mapped>>(PMD_SHIFT-PAGE_SHIFT)) &&
-                         (tseg>>PMD_SHIFT) >= (1ULL<<(32 - PMD_SHIFT))))
-                        set_memory_4k((unsigned long)__va(tseg), 1);
-                }
-        }
-}
-
-static struct cpu_dev amd_cpu_dev __cpuinitdata = {
-        .c_vendor       = "AMD",
-        .c_ident        = { "AuthenticAMD" },
-        .c_early_init   = early_init_amd,
-        .c_init         = init_amd,
-};
-
-cpu_vendor_dev_register(X86_VENDOR_AMD, &amd_cpu_dev);
-
diff --git a/arch/x86/kernel/cpu/centaur.c b/arch/x86/kernel/cpu/centaur.c
index e0f45edd6a55..89bfdd9cacc6 100644
--- a/arch/x86/kernel/cpu/centaur.c
+++ b/arch/x86/kernel/cpu/centaur.c
@@ -289,7 +289,6 @@ static void __cpuinit init_c3(struct cpuinfo_x86 *c)
         if (c->x86_model >= 6 && c->x86_model < 9)
                 set_cpu_cap(c, X86_FEATURE_3DNOW);
 
-        get_model_name(c);
         display_cacheinfo(c);
 }
 
@@ -314,6 +313,16 @@ enum {
                 EAMD3D          = 1<<20,
 };
 
+static void __cpuinit early_init_centaur(struct cpuinfo_x86 *c)
+{
+        switch (c->x86) {
+        case 5:
+                /* Emulate MTRRs using Centaur's MCR. */
+                set_cpu_cap(c, X86_FEATURE_CENTAUR_MCR);
+                break;
+        }
+}
+
 static void __cpuinit init_centaur(struct cpuinfo_x86 *c)
 {
 
@@ -462,8 +471,10 @@ centaur_size_cache(struct cpuinfo_x86 *c, unsigned int size)
 static struct cpu_dev centaur_cpu_dev __cpuinitdata = {
         .c_vendor       = "Centaur",
         .c_ident        = { "CentaurHauls" },
+        .c_early_init   = early_init_centaur,
         .c_init         = init_centaur,
         .c_size_cache   = centaur_size_cache,
+        .c_x86_vendor   = X86_VENDOR_CENTAUR,
 };
 
-cpu_vendor_dev_register(X86_VENDOR_CENTAUR, &centaur_cpu_dev);
+cpu_dev_register(centaur_cpu_dev);
diff --git a/arch/x86/kernel/cpu/centaur_64.c b/arch/x86/kernel/cpu/centaur_64.c
index 1d181c40e2e1..a1625f5a1e78 100644
--- a/arch/x86/kernel/cpu/centaur_64.c
+++ b/arch/x86/kernel/cpu/centaur_64.c
@@ -16,9 +16,10 @@ static void __cpuinit early_init_centaur(struct cpuinfo_x86 *c)
 
 static void __cpuinit init_centaur(struct cpuinfo_x86 *c)
 {
+        early_init_centaur(c);
+
         if (c->x86 == 0x6 && c->x86_model >= 0xf) {
                 c->x86_cache_alignment = c->x86_clflush_size * 2;
-                set_cpu_cap(c, X86_FEATURE_CONSTANT_TSC);
                 set_cpu_cap(c, X86_FEATURE_REP_GOOD);
         }
         set_cpu_cap(c, X86_FEATURE_LFENCE_RDTSC);
@@ -29,7 +30,8 @@ static struct cpu_dev centaur_cpu_dev __cpuinitdata = {
         .c_ident        = { "CentaurHauls" },
         .c_early_init   = early_init_centaur,
         .c_init         = init_centaur,
+        .c_x86_vendor   = X86_VENDOR_CENTAUR,
 };
 
-cpu_vendor_dev_register(X86_VENDOR_CENTAUR, &centaur_cpu_dev);
+cpu_dev_register(centaur_cpu_dev);
 
diff --git a/arch/x86/kernel/cpu/cmpxchg.c b/arch/x86/kernel/cpu/cmpxchg.c
new file mode 100644
index 000000000000..2056ccf572cc
--- /dev/null
+++ b/arch/x86/kernel/cpu/cmpxchg.c
@@ -0,0 +1,72 @@
+/*
+ * cmpxchg*() fallbacks for CPU not supporting these instructions
+ */
+
+#include <linux/kernel.h>
+#include <linux/smp.h>
+#include <linux/module.h>
+
+#ifndef CONFIG_X86_CMPXCHG
+unsigned long cmpxchg_386_u8(volatile void *ptr, u8 old, u8 new)
+{
+        u8 prev;
+        unsigned long flags;
+
+        /* Poor man's cmpxchg for 386. Unsuitable for SMP */
+        local_irq_save(flags);
+        prev = *(u8 *)ptr;
+        if (prev == old)
+                *(u8 *)ptr = new;
+        local_irq_restore(flags);
+        return prev;
+}
+EXPORT_SYMBOL(cmpxchg_386_u8);
+
+unsigned long cmpxchg_386_u16(volatile void *ptr, u16 old, u16 new)
+{
+        u16 prev;
+        unsigned long flags;
+
+        /* Poor man's cmpxchg for 386. Unsuitable for SMP */
+        local_irq_save(flags);
+        prev = *(u16 *)ptr;
+        if (prev == old)
+                *(u16 *)ptr = new;
+        local_irq_restore(flags);
+        return prev;
+}
+EXPORT_SYMBOL(cmpxchg_386_u16);
+
+unsigned long cmpxchg_386_u32(volatile void *ptr, u32 old, u32 new)
+{
+        u32 prev;
+        unsigned long flags;
+
+        /* Poor man's cmpxchg for 386. Unsuitable for SMP */
+        local_irq_save(flags);
+        prev = *(u32 *)ptr;
+        if (prev == old)
+                *(u32 *)ptr = new;
+        local_irq_restore(flags);
+        return prev;
+}
+EXPORT_SYMBOL(cmpxchg_386_u32);
+#endif
+
+#ifndef CONFIG_X86_CMPXCHG64
+unsigned long long cmpxchg_486_u64(volatile void *ptr, u64 old, u64 new)
+{
+        u64 prev;
+        unsigned long flags;
+
+        /* Poor man's cmpxchg8b for 386 and 486. Unsuitable for SMP */
+        local_irq_save(flags);
+        prev = *(u64 *)ptr;
+        if (prev == old)
+                *(u64 *)ptr = new;
+        local_irq_restore(flags);
+        return prev;
+}
+EXPORT_SYMBOL(cmpxchg_486_u64);
+#endif
+
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 80ab20d4fa39..25581dcb280e 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -1,27 +1,62 @@
 #include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/sched.h>
 #include <linux/string.h>
+#include <linux/bootmem.h>
+#include <linux/bitops.h>
+#include <linux/module.h>
+#include <linux/kgdb.h>
+#include <linux/topology.h>
 #include <linux/delay.h>
 #include <linux/smp.h>
-#include <linux/module.h>
 #include <linux/percpu.h>
-#include <linux/bootmem.h>
-#include <asm/processor.h>
 #include <asm/i387.h>
 #include <asm/msr.h>
 #include <asm/io.h>
+#include <asm/linkage.h>
 #include <asm/mmu_context.h>
 #include <asm/mtrr.h>
 #include <asm/mce.h>
 #include <asm/pat.h>
+#include <asm/asm.h>
+#include <asm/numa.h>
 #ifdef CONFIG_X86_LOCAL_APIC
 #include <asm/mpspec.h>
 #include <asm/apic.h>
 #include <mach_apic.h>
+#include <asm/genapic.h>
 #endif
 
+#include <asm/pda.h>
+#include <asm/pgtable.h>
+#include <asm/processor.h>
+#include <asm/desc.h>
+#include <asm/atomic.h>
+#include <asm/proto.h>
+#include <asm/sections.h>
+#include <asm/setup.h>
+
 #include "cpu.h"
 
+static struct cpu_dev *this_cpu __cpuinitdata;
+
+#ifdef CONFIG_X86_64
+/* We need valid kernel segments for data and code in long mode too
+ * IRET will check the segment types  kkeil 2000/10/28
+ * Also sysret mandates a special GDT layout
+ */
+/* The TLS descriptors are currently at a different place compared to i386.
+   Hopefully nobody expects them at a fixed place (Wine?) */
 DEFINE_PER_CPU(struct gdt_page, gdt_page) = { .gdt = {
+        [GDT_ENTRY_KERNEL32_CS] = { { { 0x0000ffff, 0x00cf9b00 } } },
+        [GDT_ENTRY_KERNEL_CS] = { { { 0x0000ffff, 0x00af9b00 } } },
+        [GDT_ENTRY_KERNEL_DS] = { { { 0x0000ffff, 0x00cf9300 } } },
+        [GDT_ENTRY_DEFAULT_USER32_CS] = { { { 0x0000ffff, 0x00cffb00 } } },
+        [GDT_ENTRY_DEFAULT_USER_DS] = { { { 0x0000ffff, 0x00cff300 } } },
+        [GDT_ENTRY_DEFAULT_USER_CS] = { { { 0x0000ffff, 0x00affb00 } } },
+} };
+#else
+DEFINE_PER_CPU_PAGE_ALIGNED(struct gdt_page, gdt_page) = { .gdt = {
         [GDT_ENTRY_KERNEL_CS] = { { { 0x0000ffff, 0x00cf9a00 } } },
         [GDT_ENTRY_KERNEL_DS] = { { { 0x0000ffff, 0x00cf9200 } } },
         [GDT_ENTRY_DEFAULT_USER_CS] = { { { 0x0000ffff, 0x00cffa00 } } },
@@ -55,17 +90,157 @@ DEFINE_PER_CPU(struct gdt_page, gdt_page) = { .gdt = {
         [GDT_ENTRY_ESPFIX_SS] = { { { 0x00000000, 0x00c09200 } } },
         [GDT_ENTRY_PERCPU] = { { { 0x00000000, 0x00000000 } } },
 } };
+#endif
 EXPORT_PER_CPU_SYMBOL_GPL(gdt_page);
 
-__u32 cleared_cpu_caps[NCAPINTS] __cpuinitdata;
-
+#ifdef CONFIG_X86_32
 static int cachesize_override __cpuinitdata = -1;
 static int disable_x86_serial_nr __cpuinitdata = 1;
 
-struct cpu_dev *cpu_devs[X86_VENDOR_NUM] = {};
+static int __init cachesize_setup(char *str)
+{
+        get_option(&str, &cachesize_override);
+        return 1;
+}
+__setup("cachesize=", cachesize_setup);
+
+static int __init x86_fxsr_setup(char *s)
+{
+        setup_clear_cpu_cap(X86_FEATURE_FXSR);
+        setup_clear_cpu_cap(X86_FEATURE_XMM);
+        return 1;
+}
+__setup("nofxsr", x86_fxsr_setup);
+
+static int __init x86_sep_setup(char *s)
+{
+        setup_clear_cpu_cap(X86_FEATURE_SEP);
+        return 1;
+}
+__setup("nosep", x86_sep_setup);
+
+/* Standard macro to see if a specific flag is changeable */
+static inline int flag_is_changeable_p(u32 flag)
+{
+        u32 f1, f2;
+
+        /*
+         * Cyrix and IDT cpus allow disabling of CPUID
+         * so the code below may return different results
+         * when it is executed before and after enabling
+         * the CPUID. Add "volatile" to not allow gcc to
+         * optimize the subsequent calls to this function.
+         */
+        asm volatile ("pushfl\n\t"
+                      "pushfl\n\t"
+                      "popl %0\n\t"
+                      "movl %0,%1\n\t"
+                      "xorl %2,%0\n\t"
+                      "pushl %0\n\t"
+                      "popfl\n\t"
+                      "pushfl\n\t"
+                      "popl %0\n\t"
+                      "popfl\n\t"
+                      : "=&r" (f1), "=&r" (f2)
+                      : "ir" (flag));
+
+        return ((f1^f2) & flag) != 0;
+}
+
+/* Probe for the CPUID instruction */
+static int __cpuinit have_cpuid_p(void)
+{
+        return flag_is_changeable_p(X86_EFLAGS_ID);
+}
+
+static void __cpuinit squash_the_stupid_serial_number(struct cpuinfo_x86 *c)
+{
+        if (cpu_has(c, X86_FEATURE_PN) && disable_x86_serial_nr) {
+                /* Disable processor serial number */
+                unsigned long lo, hi;
+                rdmsr(MSR_IA32_BBL_CR_CTL, lo, hi);
+                lo |= 0x200000;
+                wrmsr(MSR_IA32_BBL_CR_CTL, lo, hi);
+                printk(KERN_NOTICE "CPU serial number disabled.\n");
+                clear_cpu_cap(c, X86_FEATURE_PN);
+
+                /* Disabling the serial number may affect the cpuid level */
+                c->cpuid_level = cpuid_eax(0);
+        }
+}
+
+static int __init x86_serial_nr_setup(char *s)
+{
+        disable_x86_serial_nr = 0;
+        return 1;
+}
+__setup("serialnumber", x86_serial_nr_setup);
+#else
+static inline int flag_is_changeable_p(u32 flag)
+{
+        return 1;
+}
+/* Probe for the CPUID instruction */
+static inline int have_cpuid_p(void)
+{
+        return 1;
+}
+static inline void squash_the_stupid_serial_number(struct cpuinfo_x86 *c)
+{
+}
+#endif
+
+/*
+ * Naming convention should be: <Name> [(<Codename>)]
+ * This table only is used unless init_<vendor>() below doesn't set it;
+ * in particular, if CPUID levels 0x80000002..4 are supported, this isn't used
+ *
+ */
+
+/* Look up CPU names by table lookup. */
+static char __cpuinit *table_lookup_model(struct cpuinfo_x86 *c)
+{
+        struct cpu_model_info *info;
+
+        if (c->x86_model >= 16)
+                return NULL;    /* Range check */
+
+        if (!this_cpu)
+                return NULL;
+
+        info = this_cpu->c_models;
+
+        while (info && info->family) {
+                if (info->family == c->x86)
+                        return info->model_names[c->x86_model];
+                info++;
+        }
+        return NULL;            /* Not found */
+}
+
+__u32 cleared_cpu_caps[NCAPINTS] __cpuinitdata;
+
+/* Current gdt points %fs at the "master" per-cpu area: after this,
+ * it's on the real one. */
+void switch_to_new_gdt(void)
+{
+        struct desc_ptr gdt_descr;
+
+        gdt_descr.address = (long)get_cpu_gdt_table(smp_processor_id());
+        gdt_descr.size = GDT_SIZE - 1;
+        load_gdt(&gdt_descr);
+#ifdef CONFIG_X86_32
+        asm("mov %0, %%fs" : : "r" (__KERNEL_PERCPU) : "memory");
+#endif
+}
+
+static struct cpu_dev *cpu_devs[X86_VENDOR_NUM] = {};
 
 static void __cpuinit default_init(struct cpuinfo_x86 *c)
 {
+#ifdef CONFIG_X86_64
+        display_cacheinfo(c);
+#else
         /* Not much we can do here... */
         /* Check if at least it has cpuid */
         if (c->cpuid_level == -1) {
@@ -75,28 +250,22 @@ static void __cpuinit default_init(struct cpuinfo_x86 *c)
                 else if (c->x86 == 3)
                         strcpy(c->x86_model_id, "386");
         }
+#endif
 }
 
 static struct cpu_dev __cpuinitdata default_cpu = {
         .c_init = default_init,
         .c_vendor = "Unknown",
+        .c_x86_vendor = X86_VENDOR_UNKNOWN,
 };
-static struct cpu_dev *this_cpu __cpuinitdata = &default_cpu;
-
-static int __init cachesize_setup(char *str)
-{
-        get_option(&str, &cachesize_override);
-        return 1;
-}
-__setup("cachesize=", cachesize_setup);
 
-int __cpuinit get_model_name(struct cpuinfo_x86 *c)
+static void __cpuinit get_model_name(struct cpuinfo_x86 *c)
 {
         unsigned int *v;
         char *p, *q;
 
-        if (cpuid_eax(0x80000000) < 0x80000004)
-                return 0;
+        if (c->extended_cpuid_level < 0x80000004)
+                return;
 
         v = (unsigned int *) c->x86_model_id;
         cpuid(0x80000002, &v[0], &v[1], &v[2], &v[3]);
@@ -115,30 +284,34 @@ int __cpuinit get_model_name(struct cpuinfo_x86 *c)
              while (q <= &c->x86_model_id[48])
                   *q++ = '\0';  /* Zero-pad the rest */
         }
-
-        return 1;
 }
 
-
 void __cpuinit display_cacheinfo(struct cpuinfo_x86 *c)
 {
-        unsigned int n, dummy, ecx, edx, l2size;
+        unsigned int n, dummy, ebx, ecx, edx, l2size;
 
-        n = cpuid_eax(0x80000000);
+        n = c->extended_cpuid_level;
 
         if (n >= 0x80000005) {
-                cpuid(0x80000005, &dummy, &dummy, &ecx, &edx);
+                cpuid(0x80000005, &dummy, &ebx, &ecx, &edx);
                 printk(KERN_INFO "CPU: L1 I Cache: %dK (%d bytes/line), D cache %dK (%d bytes/line)\n",
-                        edx>>24, edx&0xFF, ecx>>24, ecx&0xFF);
-                c->x86_cache_size = (ecx>>24)+(edx>>24);
+                                edx>>24, edx&0xFF, ecx>>24, ecx&0xFF);
+                c->x86_cache_size = (ecx>>24) + (edx>>24);
+#ifdef CONFIG_X86_64
+                /* On K8 L1 TLB is inclusive, so don't count it */
+                c->x86_tlbsize = 0;
+#endif
         }
 
         if (n < 0x80000006)     /* Some chips just has a large L1. */
                 return;
 
-        ecx = cpuid_ecx(0x80000006);
+        cpuid(0x80000006, &dummy, &ebx, &ecx, &edx);
         l2size = ecx >> 16;
 
+#ifdef CONFIG_X86_64
+        c->x86_tlbsize += ((ebx >> 16) & 0xfff) + (ebx & 0xfff);
+#else
         /* do processor-specific cache resizing */
         if (this_cpu->c_size_cache)
                 l2size = this_cpu->c_size_cache(c, l2size);
@@ -149,116 +322,106 @@ void __cpuinit display_cacheinfo(struct cpuinfo_x86 *c)
 
         if (l2size == 0)
                 return;         /* Again, no L2 cache is possible */
+#endif
 
         c->x86_cache_size = l2size;
 
         printk(KERN_INFO "CPU: L2 Cache: %dK (%d bytes/line)\n",
-               l2size, ecx & 0xFF);
+                        l2size, ecx & 0xFF);
 }
 
-/*
- * Naming convention should be: <Name> [(<Codename>)]
- * This table only is used unless init_<vendor>() below doesn't set it;
- * in particular, if CPUID levels 0x80000002..4 are supported, this isn't used
- *
- */
-
-/* Look up CPU names by table lookup. */
-static char __cpuinit *table_lookup_model(struct cpuinfo_x86 *c)
+void __cpuinit detect_ht(struct cpuinfo_x86 *c)
 {
-        struct cpu_model_info *info;
+#ifdef CONFIG_X86_HT
+        u32 eax, ebx, ecx, edx;
+        int index_msb, core_bits;
 
-        if (c->x86_model >= 16)
-                return NULL;    /* Range check */
+        if (!cpu_has(c, X86_FEATURE_HT))
+                return;
 
-        if (!this_cpu)
-                return NULL;
+        if (cpu_has(c, X86_FEATURE_CMP_LEGACY))
+                goto out;
 
-        info = this_cpu->c_models;
+        if (cpu_has(c, X86_FEATURE_XTOPOLOGY))
+                return;
 
-        while (info && info->family) {
-                if (info->family == c->x86)
-                        return info->model_names[c->x86_model];
-                info++;
+        cpuid(1, &eax, &ebx, &ecx, &edx);
+
+        smp_num_siblings = (ebx & 0xff0000) >> 16;
+
+        if (smp_num_siblings == 1) {
+                printk(KERN_INFO  "CPU: Hyper-Threading is disabled\n");
+        } else if (smp_num_siblings > 1) {
+
+                if (smp_num_siblings > NR_CPUS) {
+                        printk(KERN_WARNING "CPU: Unsupported number of siblings %d",
+                                        smp_num_siblings);
+                        smp_num_siblings = 1;
+                        return;
+                }
+
+                index_msb = get_count_order(smp_num_siblings);
+#ifdef CONFIG_X86_64
+                c->phys_proc_id = phys_pkg_id(index_msb);
+#else
+                c->phys_proc_id = phys_pkg_id(c->initial_apicid, index_msb);
+#endif
+
+                smp_num_siblings = smp_num_siblings / c->x86_max_cores;
+
+                index_msb = get_count_order(smp_num_siblings);
+
+                core_bits = get_count_order(c->x86_max_cores);
+
+#ifdef CONFIG_X86_64
+                c->cpu_core_id = phys_pkg_id(index_msb) &
+                                               ((1 << core_bits) - 1);
+#else
+                c->cpu_core_id = phys_pkg_id(c->initial_apicid, index_msb) &
+                                               ((1 << core_bits) - 1);
+#endif
         }
-        return NULL;            /* Not found */
-}
 
+out:
+        if ((c->x86_max_cores * smp_num_siblings) > 1) {
+                printk(KERN_INFO  "CPU: Physical Processor ID: %d\n",
+                       c->phys_proc_id);
+                printk(KERN_INFO  "CPU: Processor Core ID: %d\n",
+                       c->cpu_core_id);
+        }
+#endif
+}
 
-static void __cpuinit get_cpu_vendor(struct cpuinfo_x86 *c, int early)
+static void __cpuinit get_cpu_vendor(struct cpuinfo_x86 *c)
 {
         char *v = c->x86_vendor_id;
         int i;
         static int printed;
 
         for (i = 0; i < X86_VENDOR_NUM; i++) {
-                if (cpu_devs[i]) {
-                        if (!strcmp(v, cpu_devs[i]->c_ident[0]) ||
-                            (cpu_devs[i]->c_ident[1] &&
-                             !strcmp(v, cpu_devs[i]->c_ident[1]))) {
-                                c->x86_vendor = i;
-                                if (!early)
-                                        this_cpu = cpu_devs[i];
-                                return;
-                        }
+                if (!cpu_devs[i])
+                        break;
+
+                if (!strcmp(v, cpu_devs[i]->c_ident[0]) ||
+                    (cpu_devs[i]->c_ident[1] &&
+                     !strcmp(v, cpu_devs[i]->c_ident[1]))) {
+                        this_cpu = cpu_devs[i];
+                        c->x86_vendor = this_cpu->c_x86_vendor;
+                        return;
                 }
         }
+
         if (!printed) {
                 printed++;
-                printk(KERN_ERR "CPU: Vendor unknown, using generic init.\n");
+                printk(KERN_ERR "CPU: vendor_id '%s' unknown, using generic init.\n", v);
                 printk(KERN_ERR "CPU: Your system may be unstable.\n");
         }
+
         c->x86_vendor = X86_VENDOR_UNKNOWN;
         this_cpu = &default_cpu;
 }
 
-
-static int __init x86_fxsr_setup(char *s)
-{
-        setup_clear_cpu_cap(X86_FEATURE_FXSR);
-        setup_clear_cpu_cap(X86_FEATURE_XMM);
-        return 1;
-}
-__setup("nofxsr", x86_fxsr_setup);
-
-
-static int __init x86_sep_setup(char *s)
-{
-        setup_clear_cpu_cap(X86_FEATURE_SEP);
-        return 1;
-}
-__setup("nosep", x86_sep_setup);
-
-
-/* Standard macro to see if a specific flag is changeable */
-static inline int flag_is_changeable_p(u32 flag)
-{
-        u32 f1, f2;
-
-        asm("pushfl\n\t"
-            "pushfl\n\t"
-            "popl %0\n\t"
-            "movl %0,%1\n\t"
-            "xorl %2,%0\n\t"
-            "pushl %0\n\t"
-            "popfl\n\t"
-            "pushfl\n\t"
-            "popl %0\n\t"
-            "popfl\n\t"
-            : "=&r" (f1), "=&r" (f2)
-            : "ir" (flag));
-
-        return ((f1^f2) & flag) != 0;
-}
-
-
-/* Probe for the CPUID instruction */
-static int __cpuinit have_cpuid_p(void)
-{
-        return flag_is_changeable_p(X86_EFLAGS_ID);
-}
-
-void __init cpu_detect(struct cpuinfo_x86 *c)
+void __cpuinit cpu_detect(struct cpuinfo_x86 *c)
 {
         /* Get vendor name */
         cpuid(0x00000000, (unsigned int *)&c->cpuid_level,
@@ -267,50 +430,87 @@ void __init cpu_detect(struct cpuinfo_x86 *c)
               (unsigned int *)&c->x86_vendor_id[4]);
 
         c->x86 = 4;
+        /* Intel-defined flags: level 0x00000001 */
         if (c->cpuid_level >= 0x00000001) {
                 u32 junk, tfms, cap0, misc;
                 cpuid(0x00000001, &tfms, &misc, &junk, &cap0);
-                c->x86 = (tfms >> 8) & 15;
-                c->x86_model = (tfms >> 4) & 15;
+                c->x86 = (tfms >> 8) & 0xf;
+                c->x86_model = (tfms >> 4) & 0xf;
+                c->x86_mask = tfms & 0xf;
                 if (c->x86 == 0xf)
                         c->x86 += (tfms >> 20) & 0xff;
                 if (c->x86 >= 0x6)
-                        c->x86_model += ((tfms >> 16) & 0xF) << 4;
-                c->x86_mask = tfms & 15;
+                        c->x86_model += ((tfms >> 16) & 0xf) << 4;
                 if (cap0 & (1<<19)) {
-                        c->x86_cache_alignment = ((misc >> 8) & 0xff) * 8;
                         c->x86_clflush_size = ((misc >> 8) & 0xff) * 8;
+                        c->x86_cache_alignment = c->x86_clflush_size;
                 }
         }
 }
-static void __cpuinit early_get_cap(struct cpuinfo_x86 *c)
+
+static void __cpuinit get_cpu_cap(struct cpuinfo_x86 *c)
 {
         u32 tfms, xlvl;
-        unsigned int ebx;
+        u32 ebx;
 
-        memset(&c->x86_capability, 0, sizeof c->x86_capability);
-        if (have_cpuid_p()) {
-                /* Intel-defined flags: level 0x00000001 */
-                if (c->cpuid_level >= 0x00000001) {
-                        u32 capability, excap;
-                        cpuid(0x00000001, &tfms, &ebx, &excap, &capability);
-                        c->x86_capability[0] = capability;
-                        c->x86_capability[4] = excap;
-                }
+        /* Intel-defined flags: level 0x00000001 */
+        if (c->cpuid_level >= 0x00000001) {
+                u32 capability, excap;
+                cpuid(0x00000001, &tfms, &ebx, &excap, &capability);
+                c->x86_capability[0] = capability;
+                c->x86_capability[4] = excap;
+        }
 
-                /* AMD-defined flags: level 0x80000001 */
-                xlvl = cpuid_eax(0x80000000);
-                if ((xlvl & 0xffff0000) == 0x80000000) {
-                        if (xlvl >= 0x80000001) {
-                                c->x86_capability[1] = cpuid_edx(0x80000001);
-                                c->x86_capability[6] = cpuid_ecx(0x80000001);
-                        }
+        /* AMD-defined flags: level 0x80000001 */
+        xlvl = cpuid_eax(0x80000000);
+        c->extended_cpuid_level = xlvl;
+        if ((xlvl & 0xffff0000) == 0x80000000) {
+                if (xlvl >= 0x80000001) {
+                        c->x86_capability[1] = cpuid_edx(0x80000001);
+                        c->x86_capability[6] = cpuid_ecx(0x80000001);
                 }
+        }
+
+#ifdef CONFIG_X86_64
+        if (c->extended_cpuid_level >= 0x80000008) {
+                u32 eax = cpuid_eax(0x80000008);
 
+                c->x86_virt_bits = (eax >> 8) & 0xff;
+                c->x86_phys_bits = eax & 0xff;
         }
+#endif
+
+        if (c->extended_cpuid_level >= 0x80000007)
+                c->x86_power = cpuid_edx(0x80000007);
 
 }
 
+static void __cpuinit identify_cpu_without_cpuid(struct cpuinfo_x86 *c)
+{
+#ifdef CONFIG_X86_32
+        int i;
+
+        /*
+         * First of all, decide if this is a 486 or higher
+         * It's a 486 if we can modify the AC flag
+         */
+        if (flag_is_changeable_p(X86_EFLAGS_AC))
+                c->x86 = 4;
+        else
+                c->x86 = 3;
+
+        for (i = 0; i < X86_VENDOR_NUM; i++)
+                if (cpu_devs[i] && cpu_devs[i]->c_identify) {
+                        c->x86_vendor_id[0] = 0;
+                        cpu_devs[i]->c_identify(c);
+                        if (c->x86_vendor_id[0]) {
+                                get_cpu_vendor(c);
+                                break;
+                        }
+                }
+#endif
+}
+
 /*
  * Do minimum CPU detection early.
  * Fields really needed: vendor, cpuid_level, family, model, mask,
@@ -320,109 +520,113 @@ static void __cpuinit early_get_cap(struct cpuinfo_x86 *c)
  * WARNING: this function is only called on the BP.  Don't add code here
  * that is supposed to run on all CPUs.
  */
-static void __init early_cpu_detect(void)
+static void __init early_identify_cpu(struct cpuinfo_x86 *c)
 {
-        struct cpuinfo_x86 *c = &boot_cpu_data;
-
-        c->x86_cache_alignment = 32;
+#ifdef CONFIG_X86_64
+        c->x86_clflush_size = 64;
+#else
         c->x86_clflush_size = 32;
+#endif
+        c->x86_cache_alignment = c->x86_clflush_size;
+
+        memset(&c->x86_capability, 0, sizeof c->x86_capability);
+        c->extended_cpuid_level = 0;
+
+        if (!have_cpuid_p())
+                identify_cpu_without_cpuid(c);
 
+        /* cyrix could have cpuid enabled via c_identify()*/
         if (!have_cpuid_p())
                 return;
 
         cpu_detect(c);
 
-        get_cpu_vendor(c, 1);
+        get_cpu_vendor(c);
+
+        get_cpu_cap(c);
 
-        if (c->x86_vendor != X86_VENDOR_UNKNOWN &&
-            cpu_devs[c->x86_vendor]->c_early_init)
-                cpu_devs[c->x86_vendor]->c_early_init(c);
+        if (this_cpu->c_early_init)
+                this_cpu->c_early_init(c);
 
-        early_get_cap(c);
+        validate_pat_support(c);
 }
 
-static void __cpuinit generic_identify(struct cpuinfo_x86 *c)
+void __init early_cpu_init(void)
 {
-        u32 tfms, xlvl;
-        unsigned int ebx;
-
-        if (have_cpuid_p()) {
-                /* Get vendor name */
-                cpuid(0x00000000, (unsigned int *)&c->cpuid_level,
-                      (unsigned int *)&c->x86_vendor_id[0],
-                      (unsigned int *)&c->x86_vendor_id[8],
-                      (unsigned int *)&c->x86_vendor_id[4]);
-
-                get_cpu_vendor(c, 0);
-                /* Initialize the standard set of capabilities */
-                /* Note that the vendor-specific code below might override */
-                /* Intel-defined flags: level 0x00000001 */
-                if (c->cpuid_level >= 0x00000001) {
-                        u32 capability, excap;
-                        cpuid(0x00000001, &tfms, &ebx, &excap, &capability);
-                        c->x86_capability[0] = capability;
-                        c->x86_capability[4] = excap;
-                        c->x86 = (tfms >> 8) & 15;
-                        c->x86_model = (tfms >> 4) & 15;
-                        if (c->x86 == 0xf)
-                                c->x86 += (tfms >> 20) & 0xff;
-                        if (c->x86 >= 0x6)
-                                c->x86_model += ((tfms >> 16) & 0xF) << 4;
-                        c->x86_mask = tfms & 15;
-                        c->initial_apicid = (ebx >> 24) & 0xFF;
-#ifdef CONFIG_X86_HT
-                        c->apicid = phys_pkg_id(c->initial_apicid, 0);
-                        c->phys_proc_id = c->initial_apicid;
-#else
-                        c->apicid = c->initial_apicid;
-#endif
-                        if (test_cpu_cap(c, X86_FEATURE_CLFLSH))
-                                c->x86_clflush_size = ((ebx >> 8) & 0xff) * 8;
-                } else {
-                        /* Have CPUID level 0 only - unheard of */
-                        c->x86 = 4;
-                }
-
-                /* AMD-defined flags: level 0x80000001 */
-                xlvl = cpuid_eax(0x80000000);
-                if ((xlvl & 0xffff0000) == 0x80000000) {
-                        if (xlvl >= 0x80000001) {
-                                c->x86_capability[1] = cpuid_edx(0x80000001);
-                                c->x86_capability[6] = cpuid_ecx(0x80000001);
-                        }
-                        if (xlvl >= 0x80000004)
-                                get_model_name(c); /* Default name */
+        struct cpu_dev **cdev;
+        int count = 0;
+
+        printk("KERNEL supported cpus:\n");
+        for (cdev = __x86_cpu_dev_start; cdev < __x86_cpu_dev_end; cdev++) {
+                struct cpu_dev *cpudev = *cdev;
+                unsigned int j;
+
+                if (count >= X86_VENDOR_NUM)
+                        break;
+                cpu_devs[count] = cpudev;
+                count++;
+
+                for (j = 0; j < 2; j++) {
+                        if (!cpudev->c_ident[j])
+                                continue;
+                        printk("  %s %s\n", cpudev->c_vendor,
+                                cpudev->c_ident[j]);
                 }
-
-                init_scattered_cpuid_features(c);
         }
 
+        early_identify_cpu(&boot_cpu_data);
 }
 
-static void __cpuinit squash_the_stupid_serial_number(struct cpuinfo_x86 *c)
+/*
+ * The NOPL instruction is supposed to exist on all CPUs with
+ * family >= 6; unfortunately, that's not true in practice because
+ * of early VIA chips and (more importantly) broken virtualizers that
+ * are not easy to detect.  In the latter case it doesn't even *fail*
+ * reliably, so probing for it doesn't even work.  Disable it completely
+ * unless we can find a reliable way to detect all the broken cases.
+ */
+static void __cpuinit detect_nopl(struct cpuinfo_x86 *c)
 {
-        if (cpu_has(c, X86_FEATURE_PN) && disable_x86_serial_nr) {
-                /* Disable processor serial number */
-                unsigned long lo, hi;
-                rdmsr(MSR_IA32_BBL_CR_CTL, lo, hi);
-                lo |= 0x200000;
-                wrmsr(MSR_IA32_BBL_CR_CTL, lo, hi);
-                printk(KERN_NOTICE "CPU serial number disabled.\n");
-                clear_cpu_cap(c, X86_FEATURE_PN);
-
-                /* Disabling the serial number may affect the cpuid level */
-                c->cpuid_level = cpuid_eax(0);
-        }
+        clear_cpu_cap(c, X86_FEATURE_NOPL);
 }
 
-static int __init x86_serial_nr_setup(char *s)
+static void __cpuinit generic_identify(struct cpuinfo_x86 *c)
 {
-        disable_x86_serial_nr = 0;
-        return 1;
-}
-__setup("serialnumber", x86_serial_nr_setup);
+        c->extended_cpuid_level = 0;
+
+        if (!have_cpuid_p())
+                identify_cpu_without_cpuid(c);
+
+        /* cyrix could have cpuid enabled via c_identify()*/
+        if (!have_cpuid_p())
+                return;
+
+        cpu_detect(c);
+
+        get_cpu_vendor(c);
 
+        get_cpu_cap(c);
 
+        if (c->cpuid_level >= 0x00000001) {
+                c->initial_apicid = (cpuid_ebx(1) >> 24) & 0xFF;
+#ifdef CONFIG_X86_32
+# ifdef CONFIG_X86_HT
+                c->apicid = phys_pkg_id(c->initial_apicid, 0);
+# else
+                c->apicid = c->initial_apicid;
+# endif
+#endif
+
+#ifdef CONFIG_X86_HT
+                c->phys_proc_id = c->initial_apicid;
+#endif
+        }
+
+        get_model_name(c); /* Default name */
+
+        init_scattered_cpuid_features(c);
+        detect_nopl(c);
+}
 
 /*
  * This does the hard work of actually picking apart the CPU stuff...
@@ -434,30 +638,29 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
         c->loops_per_jiffy = loops_per_jiffy;
         c->x86_cache_size = -1;
         c->x86_vendor = X86_VENDOR_UNKNOWN;
-        c->cpuid_level = -1;    /* CPUID not detected */
         c->x86_model = c->x86_mask = 0; /* So far unknown... */
         c->x86_vendor_id[0] = '\0'; /* Unset */
         c->x86_model_id[0] = '\0';  /* Unset */
         c->x86_max_cores = 1;
+        c->x86_coreid_bits = 0;
+#ifdef CONFIG_X86_64
+        c->x86_clflush_size = 64;
+#else
+        c->cpuid_level = -1;    /* CPUID not detected */
         c->x86_clflush_size = 32;
+#endif
+        c->x86_cache_alignment = c->x86_clflush_size;
         memset(&c->x86_capability, 0, sizeof c->x86_capability);
 
-        if (!have_cpuid_p()) {
-                /*
-                 * First of all, decide if this is a 486 or higher
-                 * It's a 486 if we can modify the AC flag
-                 */
-                if (flag_is_changeable_p(X86_EFLAGS_AC))
-                        c->x86 = 4;
-                else
-                        c->x86 = 3;
-        }
-
         generic_identify(c);
 
         if (this_cpu->c_identify)
                 this_cpu->c_identify(c);
 
+#ifdef CONFIG_X86_64
+        c->apicid = phys_pkg_id(0);
+#endif
+
         /*
          * Vendor-specific initialization.  In this section we
          * canonicalize the feature flags, meaning if there are
@@ -491,6 +694,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
                                 c->x86, c->x86_model);
         }
 
+#ifdef CONFIG_X86_64
+        detect_ht(c);
+#endif
+
         /*
          * On SMP, boot_cpu_data holds the common feature set between
          * all CPUs; so make sure that we indicate which features are
@@ -499,7 +706,7 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
          */
         if (c != &boot_cpu_data) {
                 /* AND the already accumulated flags with these */
-                for (i = 0 ; i < NCAPINTS ; i++)
+                for (i = 0; i < NCAPINTS; i++)
                         boot_cpu_data.x86_capability[i] &= c->x86_capability[i];
         }
 
@@ -507,72 +714,91 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
         for (i = 0; i < NCAPINTS; i++)
                 c->x86_capability[i] &= ~cleared_cpu_caps[i];
 
+#ifdef CONFIG_X86_MCE
         /* Init Machine Check Exception if available. */
         mcheck_init(c);
+#endif
 
         select_idle_routine(c);
+
+#if defined(CONFIG_NUMA) && defined(CONFIG_X86_64)
+        numa_add_cpu(smp_processor_id());
+#endif
 }
 
+#ifdef CONFIG_X86_64
+static void vgetcpu_set_mode(void)
+{
+        if (cpu_has(&boot_cpu_data, X86_FEATURE_RDTSCP))
+                vgetcpu_mode = VGETCPU_RDTSCP;
+        else
+                vgetcpu_mode = VGETCPU_LSL;
+}
+#endif
+
 void __init identify_boot_cpu(void)
 {
         identify_cpu(&boot_cpu_data);
+#ifdef CONFIG_X86_32
         sysenter_setup();
         enable_sep_cpu();
+#else
+        vgetcpu_set_mode();
+#endif
 }
 
 void __cpuinit identify_secondary_cpu(struct cpuinfo_x86 *c)
 {
         BUG_ON(c == &boot_cpu_data);
         identify_cpu(c);
+#ifdef CONFIG_X86_32
         enable_sep_cpu();
+#endif
         mtrr_ap_init();
 }
 
-#ifdef CONFIG_X86_HT
-void __cpuinit detect_ht(struct cpuinfo_x86 *c)
-{
-        u32     eax, ebx, ecx, edx;
-        int     index_msb, core_bits;
-
-        cpuid(1, &eax, &ebx, &ecx, &edx);
-
-        if (!cpu_has(c, X86_FEATURE_HT) || cpu_has(c, X86_FEATURE_CMP_LEGACY))
-                return;
-
-        smp_num_siblings = (ebx & 0xff0000) >> 16;
+struct msr_range {
+        unsigned min;
+        unsigned max;
+};
 
-        if (smp_num_siblings == 1) {
-                printk(KERN_INFO  "CPU: Hyper-Threading is disabled\n");
-        } else if (smp_num_siblings > 1) {
+static struct msr_range msr_range_array[] __cpuinitdata = {
+        { 0x00000000, 0x00000418},
+        { 0xc0000000, 0xc000040b},
+        { 0xc0010000, 0xc0010142},
+        { 0xc0011000, 0xc001103b},
+};
 
-                if (smp_num_siblings > NR_CPUS) {
-                        printk(KERN_WARNING "CPU: Unsupported number of the "
-                                        "siblings %d", smp_num_siblings);
-                        smp_num_siblings = 1;
-                        return;
+static void __cpuinit print_cpu_msr(void)
+{
+        unsigned index;
+        u64 val;
+        int i;
+        unsigned index_min, index_max;
+
+        for (i = 0; i < ARRAY_SIZE(msr_range_array); i++) {
+                index_min = msr_range_array[i].min;
+                index_max = msr_range_array[i].max;
+                for (index = index_min; index < index_max; index++) {
+                        if (rdmsrl_amd_safe(index, &val))
+                                continue;
+                        printk(KERN_INFO " MSR%08x: %016llx\n", index, val);
                 }
+        }
+}
 
-                index_msb = get_count_order(smp_num_siblings);
-                c->phys_proc_id = phys_pkg_id(c->initial_apicid, index_msb);
-
-                printk(KERN_INFO  "CPU: Physical Processor ID: %d\n",
-                       c->phys_proc_id);
-
-                smp_num_siblings = smp_num_siblings / c->x86_max_cores;
-
-                index_msb = get_count_order(smp_num_siblings) ;
-
-                core_bits = get_count_order(c->x86_max_cores);
+static int show_msr __cpuinitdata;
+static __init int setup_show_msr(char *arg)
+{
+        int num;
 
-                c->cpu_core_id = phys_pkg_id(c->initial_apicid, index_msb) &
-                                               ((1 << core_bits) - 1);
+        get_option(&arg, &num);
 
-                if (c->x86_max_cores > 1)
-                        printk(KERN_INFO  "CPU: Processor Core ID: %d\n",
-                               c->cpu_core_id);
-        }
+        if (num > 0)
+                show_msr = num;
+        return 1;
 }
-#endif
+__setup("show_msr=", setup_show_msr);
 
 static __init int setup_noclflush(char *arg)
 {
@@ -590,18 +816,26 @@ void __cpuinit print_cpu_info(struct cpuinfo_x86 *c)
         else if (c->cpuid_level >= 0)
                 vendor = c->x86_vendor_id;
 
-        if (vendor && strncmp(c->x86_model_id, vendor, strlen(vendor)))
-                printk("%s ", vendor);
+        if (vendor && !strstr(c->x86_model_id, vendor))
+                printk(KERN_CONT "%s ", vendor);
 
-        if (!c->x86_model_id[0])
-                printk("%d86", c->x86);
+        if (c->x86_model_id[0])
+                printk(KERN_CONT "%s", c->x86_model_id);
         else
-                printk("%s", c->x86_model_id);
+                printk(KERN_CONT "%d86", c->x86);
 
         if (c->x86_mask || c->cpuid_level >= 0)
-                printk(" stepping %02x\n", c->x86_mask);
+                printk(KERN_CONT " stepping %02x\n", c->x86_mask);
         else
-                printk("\n");
+                printk(KERN_CONT "\n");
+
+#ifdef CONFIG_SMP
+        if (c->cpu_index < show_msr)
+                print_cpu_msr();
+#else
+        if (show_msr)
+                print_cpu_msr();
+#endif
 }
 
 static __init int setup_disablecpuid(char *arg)
@@ -617,19 +851,89 @@ __setup("clearcpuid=", setup_disablecpuid);
 
 cpumask_t cpu_initialized __cpuinitdata = CPU_MASK_NONE;
 
-void __init early_cpu_init(void)
+#ifdef CONFIG_X86_64
+struct x8664_pda **_cpu_pda __read_mostly;
+EXPORT_SYMBOL(_cpu_pda);
+
+struct desc_ptr idt_descr = { 256 * 16 - 1, (unsigned long) idt_table };
+
+char boot_cpu_stack[IRQSTACKSIZE] __page_aligned_bss;
+
+void __cpuinit pda_init(int cpu)
 {
-        struct cpu_vendor_dev *cvdev;
+        struct x8664_pda *pda = cpu_pda(cpu);
+
+        /* Setup up data that may be needed in __get_free_pages early */
+        loadsegment(fs, 0);
+        loadsegment(gs, 0);
+        /* Memory clobbers used to order PDA accessed */
+        mb();
+        wrmsrl(MSR_GS_BASE, pda);
+        mb();
+
+        pda->cpunumber = cpu;
+        pda->irqcount = -1;
+        pda->kernelstack = (unsigned long)stack_thread_info() -
+                                 PDA_STACKOFFSET + THREAD_SIZE;
+        pda->active_mm = &init_mm;
+        pda->mmu_state = 0;
+
+        if (cpu == 0) {
+                /* others are initialized in smpboot.c */
+                pda->pcurrent = &init_task;
+                pda->irqstackptr = boot_cpu_stack;
+                pda->irqstackptr += IRQSTACKSIZE - 64;
+        } else {
+                if (!pda->irqstackptr) {
+                        pda->irqstackptr = (char *)
+                                __get_free_pages(GFP_ATOMIC, IRQSTACK_ORDER);
+                        if (!pda->irqstackptr)
+                                panic("cannot allocate irqstack for cpu %d",
+                                      cpu);
+                        pda->irqstackptr += IRQSTACKSIZE - 64;
+                }
+
+                if (pda->nodenumber == 0 && cpu_to_node(cpu) != NUMA_NO_NODE)
+                        pda->nodenumber = cpu_to_node(cpu);
+        }
+}
+
+char boot_exception_stacks[(N_EXCEPTION_STACKS - 1) * EXCEPTION_STKSZ +
+                           DEBUG_STKSZ] __page_aligned_bss;
 
-        for (cvdev = __x86cpuvendor_start ;
-             cvdev < __x86cpuvendor_end   ;
-             cvdev++)
-                cpu_devs[cvdev->vendor] = cvdev->cpu_dev;
+extern asmlinkage void ignore_sysret(void);
 
-        early_cpu_detect();
-        validate_pat_support(&boot_cpu_data);
+/* May not be marked __init: used by software suspend */
+void syscall_init(void)
+{
+        /*
+         * LSTAR and STAR live in a bit strange symbiosis.
+         * They both write to the same internal register. STAR allows to
+         * set CS/DS but only a 32bit target. LSTAR sets the 64bit rip.
+         */
+        wrmsrl(MSR_STAR,  ((u64)__USER32_CS)<<48  | ((u64)__KERNEL_CS)<<32);
+        wrmsrl(MSR_LSTAR, system_call);
+        wrmsrl(MSR_CSTAR, ignore_sysret);
+
+#ifdef CONFIG_IA32_EMULATION
+        syscall32_cpu_init();
+#endif
+
+        /* Flags to clear on syscall */
+        wrmsrl(MSR_SYSCALL_MASK,
+               X86_EFLAGS_TF|X86_EFLAGS_DF|X86_EFLAGS_IF|X86_EFLAGS_IOPL);
 }
 
+unsigned long kernel_eflags;
+
+/*
+ * Copies of the original ist values from the tss are only accessed during
+ * debugging, no special alignment required.
+ */
+DEFINE_PER_CPU(struct orig_ist, orig_ist);
+
+#else
+
 /* Make sure %fs is initialized properly in idle threads */
 struct pt_regs * __cpuinit idle_regs(struct pt_regs *regs)
 {
@@ -637,25 +941,136 @@ struct pt_regs * __cpuinit idle_regs(struct pt_regs *regs)
         regs->fs = __KERNEL_PERCPU;
         return regs;
 }
-
-/* Current gdt points %fs at the "master" per-cpu area: after this,
- * it's on the real one. */
-void switch_to_new_gdt(void)
-{
-        struct desc_ptr gdt_descr;
-
-        gdt_descr.address = (long)get_cpu_gdt_table(smp_processor_id());
-        gdt_descr.size = GDT_SIZE - 1;
-        load_gdt(&gdt_descr);
-        asm("mov %0, %%fs" : : "r" (__KERNEL_PERCPU) : "memory");
-}
+#endif
 
 /*
  * cpu_init() initializes state that is per-CPU. Some data is already
  * initialized (naturally) in the bootstrap process, such as the GDT
  * and IDT. We reload them nevertheless, this function acts as a
  * 'CPU state barrier', nothing should get across.
+ * A lot of state is already set up in PDA init for 64 bit
  */
+#ifdef CONFIG_X86_64
+void __cpuinit cpu_init(void)
+{
+        int cpu = stack_smp_processor_id();
+        struct tss_struct *t = &per_cpu(init_tss, cpu);
+        struct orig_ist *orig_ist = &per_cpu(orig_ist, cpu);
+        unsigned long v;
+        char *estacks = NULL;
+        struct task_struct *me;
+        int i;
+
+        /* CPU 0 is initialised in head64.c */
+        if (cpu != 0)
+                pda_init(cpu);
+        else
+                estacks = boot_exception_stacks;
+
+        me = current;
+
+        if (cpu_test_and_set(cpu, cpu_initialized))
+                panic("CPU#%d already initialized!\n", cpu);
+
+        printk(KERN_INFO "Initializing CPU#%d\n", cpu);
+
+        clear_in_cr4(X86_CR4_VME|X86_CR4_PVI|X86_CR4_TSD|X86_CR4_DE);
+
+        /*
+         * Initialize the per-CPU GDT with the boot GDT,
+         * and set up the GDT descriptor:
+         */
+
+        switch_to_new_gdt();
+        load_idt((const struct desc_ptr *)&idt_descr);
+
+        memset(me->thread.tls_array, 0, GDT_ENTRY_TLS_ENTRIES * 8);
+        syscall_init();
+
+        wrmsrl(MSR_FS_BASE, 0);
+        wrmsrl(MSR_KERNEL_GS_BASE, 0);
+        barrier();
+
+        check_efer();
+        if (cpu != 0 && x2apic)
+                enable_x2apic();
+
+        /*
+         * set up and load the per-CPU TSS
+         */
+        if (!orig_ist->ist[0]) {
+                static const unsigned int order[N_EXCEPTION_STACKS] = {
+                  [0 ... N_EXCEPTION_STACKS - 1] = EXCEPTION_STACK_ORDER,
+                  [DEBUG_STACK - 1] = DEBUG_STACK_ORDER
+                };
+                for (v = 0; v < N_EXCEPTION_STACKS; v++) {
+                        if (cpu) {
+                                estacks = (char *)__get_free_pages(GFP_ATOMIC, order[v]);
+                                if (!estacks)
+                                        panic("Cannot allocate exception "
+                                              "stack %ld %d\n", v, cpu);
+                        }
+                        estacks += PAGE_SIZE << order[v];
+                        orig_ist->ist[v] = t->x86_tss.ist[v] =
+                                        (unsigned long)estacks;
+                }
+        }
+
+        t->x86_tss.io_bitmap_base = offsetof(struct tss_struct, io_bitmap);
+        /*
+         * <= is required because the CPU will access up to
+         * 8 bits beyond the end of the IO permission bitmap.
+         */
+        for (i = 0; i <= IO_BITMAP_LONGS; i++)
+                t->io_bitmap[i] = ~0UL;
+
+        atomic_inc(&init_mm.mm_count);
+        me->active_mm = &init_mm;
+        if (me->mm)
+                BUG();
+        enter_lazy_tlb(&init_mm, me);
+
+        load_sp0(t, &current->thread);
+        set_tss_desc(cpu, t);
+        load_TR_desc();
+        load_LDT(&init_mm.context);
+
+#ifdef CONFIG_KGDB
+        /*
+         * If the kgdb is connected no debug regs should be altered.  This
+         * is only applicable when KGDB and a KGDB I/O module are built
+         * into the kernel and you are using early debugging with
+         * kgdbwait. KGDB will control the kernel HW breakpoint registers.
+         */
+        if (kgdb_connected && arch_kgdb_ops.correct_hw_break)
+                arch_kgdb_ops.correct_hw_break();
+        else {
+#endif
+        /*
+         * Clear all 6 debug registers:
+         */
+
+        set_debugreg(0UL, 0);
+        set_debugreg(0UL, 1);
+        set_debugreg(0UL, 2);
+        set_debugreg(0UL, 3);
+        set_debugreg(0UL, 6);
+        set_debugreg(0UL, 7);
+#ifdef CONFIG_KGDB
+        /* If the kgdb is connected no debug regs should be altered. */
+        }
+#endif
+
+        fpu_init();
+
+        raw_local_save_flags(kernel_eflags);
+
+        if (is_uv_system())
+                uv_cpu_init();
+}
+
+#else
+
 void __cpuinit cpu_init(void)
 {
         int cpu = smp_processor_id();
@@ -709,19 +1124,21 @@ void __cpuinit cpu_init(void)
         /*
          * Force FPU initialization:
          */
-        current_thread_info()->status = 0;
+        if (cpu_has_xsave)
+                current_thread_info()->status = TS_XSAVE;
+        else
+                current_thread_info()->status = 0;
         clear_used_math();
         mxcsr_feature_mask_init();
-}
 
-#ifdef CONFIG_HOTPLUG_CPU
-void __cpuinit cpu_uninit(void)
-{
-        int cpu = raw_smp_processor_id();
-        cpu_clear(cpu, cpu_initialized);
+        /*
+         * Boot processor to setup the FP and extended state context info.
+         */
+        if (!smp_processor_id())
+                init_thread_xstate();
 
-        /* lazy TLB state */
-        per_cpu(cpu_tlbstate, cpu).state = 0;
-        per_cpu(cpu_tlbstate, cpu).active_mm = &init_mm;
+        xsave_init();
 }
+
+
 #endif
diff --git a/arch/x86/kernel/cpu/common_64.c b/arch/x86/kernel/cpu/common_64.c
deleted file mode 100644
index dd6e3f15017e..000000000000
--- a/arch/x86/kernel/cpu/common_64.c
+++ /dev/null
@@ -1,670 +0,0 @@
-#include <linux/init.h>
-#include <linux/kernel.h>
-#include <linux/sched.h>
-#include <linux/string.h>
-#include <linux/bootmem.h>
-#include <linux/bitops.h>
-#include <linux/module.h>
-#include <linux/kgdb.h>
-#include <linux/topology.h>
-#include <linux/delay.h>
-#include <linux/smp.h>
-#include <linux/percpu.h>
-#include <asm/i387.h>
-#include <asm/msr.h>
-#include <asm/io.h>
-#include <asm/linkage.h>
-#include <asm/mmu_context.h>
-#include <asm/mtrr.h>
-#include <asm/mce.h>
-#include <asm/pat.h>
-#include <asm/numa.h>
-#ifdef CONFIG_X86_LOCAL_APIC
-#include <asm/mpspec.h>
-#include <asm/apic.h>
-#include <mach_apic.h>
-#endif
-#include <asm/pda.h>
-#include <asm/pgtable.h>
-#include <asm/processor.h>
-#include <asm/desc.h>
-#include <asm/atomic.h>
-#include <asm/proto.h>
-#include <asm/sections.h>
-#include <asm/setup.h>
-#include <asm/genapic.h>
-
-#include "cpu.h"
-
-/* We need valid kernel segments for data and code in long mode too
- * IRET will check the segment types  kkeil 2000/10/28
- * Also sysret mandates a special GDT layout
- */
-/* The TLS descriptors are currently at a different place compared to i386.
-   Hopefully nobody expects them at a fixed place (Wine?) */
-DEFINE_PER_CPU(struct gdt_page, gdt_page) = { .gdt = {
-        [GDT_ENTRY_KERNEL32_CS] = { { { 0x0000ffff, 0x00cf9b00 } } },
-        [GDT_ENTRY_KERNEL_CS] = { { { 0x0000ffff, 0x00af9b00 } } },
-        [GDT_ENTRY_KERNEL_DS] = { { { 0x0000ffff, 0x00cf9300 } } },
-        [GDT_ENTRY_DEFAULT_USER32_CS] = { { { 0x0000ffff, 0x00cffb00 } } },
-        [GDT_ENTRY_DEFAULT_USER_DS] = { { { 0x0000ffff, 0x00cff300 } } },
-        [GDT_ENTRY_DEFAULT_USER_CS] = { { { 0x0000ffff, 0x00affb00 } } },
-} };
-EXPORT_PER_CPU_SYMBOL_GPL(gdt_page);
-
-__u32 cleared_cpu_caps[NCAPINTS] __cpuinitdata;
-
-/* Current gdt points %fs at the "master" per-cpu area: after this,
- * it's on the real one. */
-void switch_to_new_gdt(void)
-{
-        struct desc_ptr gdt_descr;
-
-        gdt_descr.address = (long)get_cpu_gdt_table(smp_processor_id());
-        gdt_descr.size = GDT_SIZE - 1;
-        load_gdt(&gdt_descr);
-}
-
-struct cpu_dev *cpu_devs[X86_VENDOR_NUM] = {};
-
-static void __cpuinit default_init(struct cpuinfo_x86 *c)
-{
-        display_cacheinfo(c);
-}
-
-static struct cpu_dev __cpuinitdata default_cpu = {
-        .c_init = default_init,
-        .c_vendor = "Unknown",
-};
-static struct cpu_dev *this_cpu __cpuinitdata = &default_cpu;
-
-int __cpuinit get_model_name(struct cpuinfo_x86 *c)
-{
-        unsigned int *v;
-
-        if (c->extended_cpuid_level < 0x80000004)
-                return 0;
-
-        v = (unsigned int *) c->x86_model_id;
-        cpuid(0x80000002, &v[0], &v[1], &v[2], &v[3]);
-        cpuid(0x80000003, &v[4], &v[5], &v[6], &v[7]);
-        cpuid(0x80000004, &v[8], &v[9], &v[10], &v[11]);
-        c->x86_model_id[48] = 0;
-        return 1;
-}
-
-
-void __cpuinit display_cacheinfo(struct cpuinfo_x86 *c)
-{
-        unsigned int n, dummy, ebx, ecx, edx;
-
-        n = c->extended_cpuid_level;
-
-        if (n >= 0x80000005) {
-                cpuid(0x80000005, &dummy, &ebx, &ecx, &edx);
-                printk(KERN_INFO "CPU: L1 I Cache: %dK (%d bytes/line), "
-                       "D cache %dK (%d bytes/line)\n",
-                       edx>>24, edx&0xFF, ecx>>24, ecx&0xFF);
-                c->x86_cache_size = (ecx>>24) + (edx>>24);
-                /* On K8 L1 TLB is inclusive, so don't count it */
-                c->x86_tlbsize = 0;
-        }
-
-        if (n >= 0x80000006) {
-                cpuid(0x80000006, &dummy, &ebx, &ecx, &edx);
-                ecx = cpuid_ecx(0x80000006);
-                c->x86_cache_size = ecx >> 16;
-                c->x86_tlbsize += ((ebx >> 16) & 0xfff) + (ebx & 0xfff);
-
-                printk(KERN_INFO "CPU: L2 Cache: %dK (%d bytes/line)\n",
-                c->x86_cache_size, ecx & 0xFF);
-        }
-}
-
-void __cpuinit detect_ht(struct cpuinfo_x86 *c)
-{
-#ifdef CONFIG_SMP
-        u32 eax, ebx, ecx, edx;
-        int index_msb, core_bits;
-
-        cpuid(1, &eax, &ebx, &ecx, &edx);
-
-
-        if (!cpu_has(c, X86_FEATURE_HT))
-                return;
-        if (cpu_has(c, X86_FEATURE_CMP_LEGACY))
-                goto out;
-
-        smp_num_siblings = (ebx & 0xff0000) >> 16;
-
-        if (smp_num_siblings == 1) {
-                printk(KERN_INFO  "CPU: Hyper-Threading is disabled\n");
-        } else if (smp_num_siblings > 1) {
-
-                if (smp_num_siblings > NR_CPUS) {
-                        printk(KERN_WARNING "CPU: Unsupported number of "
-                               "siblings %d", smp_num_siblings);
-                        smp_num_siblings = 1;
-                        return;
-                }
-
-                index_msb = get_count_order(smp_num_siblings);
-                c->phys_proc_id = phys_pkg_id(index_msb);
-
-                smp_num_siblings = smp_num_siblings / c->x86_max_cores;
-
-                index_msb = get_count_order(smp_num_siblings);
-
-                core_bits = get_count_order(c->x86_max_cores);
-
-                c->cpu_core_id = phys_pkg_id(index_msb) &
-                                               ((1 << core_bits) - 1);
-        }
-out:
-        if ((c->x86_max_cores * smp_num_siblings) > 1) {
-                printk(KERN_INFO  "CPU: Physical Processor ID: %d\n",
-                       c->phys_proc_id);
-                printk(KERN_INFO  "CPU: Processor Core ID: %d\n",
-                       c->cpu_core_id);
-        }
-
-#endif
-}
-
-static void __cpuinit get_cpu_vendor(struct cpuinfo_x86 *c)
-{
-        char *v = c->x86_vendor_id;
-        int i;
-        static int printed;
-
-        for (i = 0; i < X86_VENDOR_NUM; i++) {
-                if (cpu_devs[i]) {
-                        if (!strcmp(v, cpu_devs[i]->c_ident[0]) ||
-                            (cpu_devs[i]->c_ident[1] &&
-                            !strcmp(v, cpu_devs[i]->c_ident[1]))) {
-                                c->x86_vendor = i;
-                                this_cpu = cpu_devs[i];
-                                return;
-                        }
-                }
-        }
-        if (!printed) {
-                printed++;
-                printk(KERN_ERR "CPU: Vendor unknown, using generic init.\n");
-                printk(KERN_ERR "CPU: Your system may be unstable.\n");
-        }
-        c->x86_vendor = X86_VENDOR_UNKNOWN;
-}
-
-static void __init early_cpu_support_print(void)
-{
-        int i,j;
-        struct cpu_dev *cpu_devx;
-
-        printk("KERNEL supported cpus:\n");
-        for (i = 0; i < X86_VENDOR_NUM; i++) {
-                cpu_devx = cpu_devs[i];
-                if (!cpu_devx)
-                        continue;
-                for (j = 0; j < 2; j++) {
-                        if (!cpu_devx->c_ident[j])
-                                continue;
-                        printk("  %s %s\n", cpu_devx->c_vendor,
-                                cpu_devx->c_ident[j]);
-                }
-        }
-}
-
-static void __cpuinit early_identify_cpu(struct cpuinfo_x86 *c);
-
-void __init early_cpu_init(void)
-{
-        struct cpu_vendor_dev *cvdev;
-
-        for (cvdev = __x86cpuvendor_start ;
-             cvdev < __x86cpuvendor_end   ;
-             cvdev++)
-                cpu_devs[cvdev->vendor] = cvdev->cpu_dev;
-        early_cpu_support_print();
-        early_identify_cpu(&boot_cpu_data);
-}
-
-/* Do some early cpuid on the boot CPU to get some parameter that are
-   needed before check_bugs. Everything advanced is in identify_cpu
-   below. */
-static void __cpuinit early_identify_cpu(struct cpuinfo_x86 *c)
-{
-        u32 tfms, xlvl;
-
-        c->loops_per_jiffy = loops_per_jiffy;
-        c->x86_cache_size = -1;
-        c->x86_vendor = X86_VENDOR_UNKNOWN;
-        c->x86_model = c->x86_mask = 0; /* So far unknown... */
-        c->x86_vendor_id[0] = '\0'; /* Unset */
-        c->x86_model_id[0] = '\0';  /* Unset */
-        c->x86_clflush_size = 64;
-        c->x86_cache_alignment = c->x86_clflush_size;
-        c->x86_max_cores = 1;
-        c->x86_coreid_bits = 0;
-        c->extended_cpuid_level = 0;
-        memset(&c->x86_capability, 0, sizeof c->x86_capability);
-
-        /* Get vendor name */
-        cpuid(0x00000000, (unsigned int *)&c->cpuid_level,
-              (unsigned int *)&c->x86_vendor_id[0],
-              (unsigned int *)&c->x86_vendor_id[8],
-              (unsigned int *)&c->x86_vendor_id[4]);
-
-        get_cpu_vendor(c);
-
-        /* Initialize the standard set of capabilities */
-        /* Note that the vendor-specific code below might override */
-
-        /* Intel-defined flags: level 0x00000001 */
-        if (c->cpuid_level >= 0x00000001) {
-                __u32 misc;
-                cpuid(0x00000001, &tfms, &misc, &c->x86_capability[4],
-                      &c->x86_capability[0]);
-                c->x86 = (tfms >> 8) & 0xf;
-                c->x86_model = (tfms >> 4) & 0xf;
-                c->x86_mask = tfms & 0xf;
-                if (c->x86 == 0xf)
-                        c->x86 += (tfms >> 20) & 0xff;
-                if (c->x86 >= 0x6)
-                        c->x86_model += ((tfms >> 16) & 0xF) << 4;
-                if (test_cpu_cap(c, X86_FEATURE_CLFLSH))
-                        c->x86_clflush_size = ((misc >> 8) & 0xff) * 8;
-        } else {
-                /* Have CPUID level 0 only - unheard of */
-                c->x86 = 4;
-        }
-
-        c->initial_apicid = (cpuid_ebx(1) >> 24) & 0xff;
-#ifdef CONFIG_SMP
-        c->phys_proc_id = c->initial_apicid;
-#endif
-        /* AMD-defined flags: level 0x80000001 */
-        xlvl = cpuid_eax(0x80000000);
-        c->extended_cpuid_level = xlvl;
-        if ((xlvl & 0xffff0000) == 0x80000000) {
-                if (xlvl >= 0x80000001) {
-                        c->x86_capability[1] = cpuid_edx(0x80000001);
-                        c->x86_capability[6] = cpuid_ecx(0x80000001);
-                }
-                if (xlvl >= 0x80000004)
-                        get_model_name(c); /* Default name */
-        }
-
-        /* Transmeta-defined flags: level 0x80860001 */
-        xlvl = cpuid_eax(0x80860000);
-        if ((xlvl & 0xffff0000) == 0x80860000) {
-                /* Don't set x86_cpuid_level here for now to not confuse. */
-                if (xlvl >= 0x80860001)
-                        c->x86_capability[2] = cpuid_edx(0x80860001);
-        }
-
-        if (c->extended_cpuid_level >= 0x80000007)
-                c->x86_power = cpuid_edx(0x80000007);
-
-        if (c->extended_cpuid_level >= 0x80000008) {
-                u32 eax = cpuid_eax(0x80000008);
-
-                c->x86_virt_bits = (eax >> 8) & 0xff;
-                c->x86_phys_bits = eax & 0xff;
-        }
-
-        if (c->x86_vendor != X86_VENDOR_UNKNOWN &&
-            cpu_devs[c->x86_vendor]->c_early_init)
-                cpu_devs[c->x86_vendor]->c_early_init(c);
-
-        validate_pat_support(c);
-}
-
-/*
- * This does the hard work of actually picking apart the CPU stuff...
- */
-static void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
-{
-        int i;
-
-        early_identify_cpu(c);
-
-        init_scattered_cpuid_features(c);
-
-        c->apicid = phys_pkg_id(0);
-
-        /*
-         * Vendor-specific initialization.  In this section we
-         * canonicalize the feature flags, meaning if there are
-         * features a certain CPU supports which CPUID doesn't
-         * tell us, CPUID claiming incorrect flags, or other bugs,
-         * we handle them here.
-         *
-         * At the end of this section, c->x86_capability better
-         * indicate the features this CPU genuinely supports!
-         */
-        if (this_cpu->c_init)
-                this_cpu->c_init(c);
-
-        detect_ht(c);
-
-        /*
-         * On SMP, boot_cpu_data holds the common feature set between
-         * all CPUs; so make sure that we indicate which features are
-         * common between the CPUs.  The first time this routine gets
-         * executed, c == &boot_cpu_data.
-         */
-        if (c != &boot_cpu_data) {
-                /* AND the already accumulated flags with these */
-                for (i = 0; i < NCAPINTS; i++)
-                        boot_cpu_data.x86_capability[i] &= c->x86_capability[i];
-        }
-
-        /* Clear all flags overriden by options */
-        for (i = 0; i < NCAPINTS; i++)
-                c->x86_capability[i] &= ~cleared_cpu_caps[i];
-
-#ifdef CONFIG_X86_MCE
-        mcheck_init(c);
-#endif
-        select_idle_routine(c);
-
-#ifdef CONFIG_NUMA
-        numa_add_cpu(smp_processor_id());
-#endif
-
-}
-
-void __cpuinit identify_boot_cpu(void)
-{
-        identify_cpu(&boot_cpu_data);
-}
-
-void __cpuinit identify_secondary_cpu(struct cpuinfo_x86 *c)
-{
-        BUG_ON(c == &boot_cpu_data);
-        identify_cpu(c);
-        mtrr_ap_init();
-}
-
-static __init int setup_noclflush(char *arg)
-{
-        setup_clear_cpu_cap(X86_FEATURE_CLFLSH);
-        return 1;
-}
-__setup("noclflush", setup_noclflush);
-
-void __cpuinit print_cpu_info(struct cpuinfo_x86 *c)
-{
-        if (c->x86_model_id[0])
-                printk(KERN_CONT "%s", c->x86_model_id);
-
-        if (c->x86_mask || c->cpuid_level >= 0)
-                printk(KERN_CONT " stepping %02x\n", c->x86_mask);
-        else
-                printk(KERN_CONT "\n");
-}
-
-static __init int setup_disablecpuid(char *arg)
-{
-        int bit;
-        if (get_option(&arg, &bit) && bit < NCAPINTS*32)
-                setup_clear_cpu_cap(bit);
-        else
-                return 0;
-        return 1;
-}
-__setup("clearcpuid=", setup_disablecpuid);
-
-cpumask_t cpu_initialized __cpuinitdata = CPU_MASK_NONE;
-
-struct x8664_pda **_cpu_pda __read_mostly;
-EXPORT_SYMBOL(_cpu_pda);
-
-struct desc_ptr idt_descr = { 256 * 16 - 1, (unsigned long) idt_table };
-
-char boot_cpu_stack[IRQSTACKSIZE] __page_aligned_bss;
-
-unsigned long __supported_pte_mask __read_mostly = ~0UL;
-EXPORT_SYMBOL_GPL(__supported_pte_mask);
-
-static int do_not_nx __cpuinitdata;
-
-/* noexec=on|off
-Control non executable mappings for 64bit processes.
-
-on      Enable(default)
-off     Disable
-*/
-static int __init nonx_setup(char *str)
-{
-        if (!str)
-                return -EINVAL;
-        if (!strncmp(str, "on", 2)) {
-                __supported_pte_mask |= _PAGE_NX;
-                do_not_nx = 0;
-        } else if (!strncmp(str, "off", 3)) {
-                do_not_nx = 1;
-                __supported_pte_mask &= ~_PAGE_NX;
-        }
-        return 0;
-}
-early_param("noexec", nonx_setup);
-
-int force_personality32;
-
-/* noexec32=on|off
-Control non executable heap for 32bit processes.
-To control the stack too use noexec=off
-
-on      PROT_READ does not imply PROT_EXEC for 32bit processes (default)
-off     PROT_READ implies PROT_EXEC
-*/
-static int __init nonx32_setup(char *str)
-{
-        if (!strcmp(str, "on"))
-                force_personality32 &= ~READ_IMPLIES_EXEC;
-        else if (!strcmp(str, "off"))
-                force_personality32 |= READ_IMPLIES_EXEC;
-        return 1;
-}
-__setup("noexec32=", nonx32_setup);
-
-void pda_init(int cpu)
-{
-        struct x8664_pda *pda = cpu_pda(cpu);
-
-        /* Setup up data that may be needed in __get_free_pages early */
-        loadsegment(fs, 0);
-        loadsegment(gs, 0);
-        /* Memory clobbers used to order PDA accessed */
-        mb();
-        wrmsrl(MSR_GS_BASE, pda);
-        mb();
-
-        pda->cpunumber = cpu;
-        pda->irqcount = -1;
-        pda->kernelstack = (unsigned long)stack_thread_info() -
-                                 PDA_STACKOFFSET + THREAD_SIZE;
-        pda->active_mm = &init_mm;
-        pda->mmu_state = 0;
-
-        if (cpu == 0) {
-                /* others are initialized in smpboot.c */
-                pda->pcurrent = &init_task;
-                pda->irqstackptr = boot_cpu_stack;
-        } else {
-                pda->irqstackptr = (char *)
-                        __get_free_pages(GFP_ATOMIC, IRQSTACK_ORDER);
-                if (!pda->irqstackptr)
-                        panic("cannot allocate irqstack for cpu %d", cpu);
-
-                if (pda->nodenumber == 0 && cpu_to_node(cpu) != NUMA_NO_NODE)
-                        pda->nodenumber = cpu_to_node(cpu);
-        }
-
-        pda->irqstackptr += IRQSTACKSIZE-64;
-}
-
-char boot_exception_stacks[(N_EXCEPTION_STACKS - 1) * EXCEPTION_STKSZ +
-                           DEBUG_STKSZ] __page_aligned_bss;
-
-extern asmlinkage void ignore_sysret(void);
-
-/* May not be marked __init: used by software suspend */
-void syscall_init(void)
-{
-        /*
-         * LSTAR and STAR live in a bit strange symbiosis.
-         * They both write to the same internal register. STAR allows to
-         * set CS/DS but only a 32bit target. LSTAR sets the 64bit rip.
-         */
-        wrmsrl(MSR_STAR,  ((u64)__USER32_CS)<<48  | ((u64)__KERNEL_CS)<<32);
-        wrmsrl(MSR_LSTAR, system_call);
-        wrmsrl(MSR_CSTAR, ignore_sysret);
-
-#ifdef CONFIG_IA32_EMULATION
-        syscall32_cpu_init();
-#endif
-
-        /* Flags to clear on syscall */
-        wrmsrl(MSR_SYSCALL_MASK,
-               X86_EFLAGS_TF|X86_EFLAGS_DF|X86_EFLAGS_IF|X86_EFLAGS_IOPL);
-}
-
-void __cpuinit check_efer(void)
-{
-        unsigned long efer;
-
-        rdmsrl(MSR_EFER, efer);
-        if (!(efer & EFER_NX) || do_not_nx)
-                __supported_pte_mask &= ~_PAGE_NX;
-}
-
-unsigned long kernel_eflags;
-
-/*
- * Copies of the original ist values from the tss are only accessed during
- * debugging, no special alignment required.
- */
-DEFINE_PER_CPU(struct orig_ist, orig_ist);
-
-/*
- * cpu_init() initializes state that is per-CPU. Some data is already
- * initialized (naturally) in the bootstrap process, such as the GDT
- * and IDT. We reload them nevertheless, this function acts as a
- * 'CPU state barrier', nothing should get across.
- * A lot of state is already set up in PDA init.
- */
-void __cpuinit cpu_init(void)
-{
-        int cpu = stack_smp_processor_id();
-        struct tss_struct *t = &per_cpu(init_tss, cpu);
-        struct orig_ist *orig_ist = &per_cpu(orig_ist, cpu);
-        unsigned long v;
-        char *estacks = NULL;
-        struct task_struct *me;
-        int i;
-
-        /* CPU 0 is initialised in head64.c */
-        if (cpu != 0)
-                pda_init(cpu);
-        else
-                estacks = boot_exception_stacks;
-
-        me = current;
-
-        if (cpu_test_and_set(cpu, cpu_initialized))
-                panic("CPU#%d already initialized!\n", cpu);
-
-        printk(KERN_INFO "Initializing CPU#%d\n", cpu);
-
-        clear_in_cr4(X86_CR4_VME|X86_CR4_PVI|X86_CR4_TSD|X86_CR4_DE);
-
-        /*
-         * Initialize the per-CPU GDT with the boot GDT,
-         * and set up the GDT descriptor:
-         */
-
-        switch_to_new_gdt();
-        load_idt((const struct desc_ptr *)&idt_descr);
-
-        memset(me->thread.tls_array, 0, GDT_ENTRY_TLS_ENTRIES * 8);
-        syscall_init();
-
-        wrmsrl(MSR_FS_BASE, 0);
-        wrmsrl(MSR_KERNEL_GS_BASE, 0);
-        barrier();
-
-        check_efer();
-
-        /*
-         * set up and load the per-CPU TSS
-         */
-        for (v = 0; v < N_EXCEPTION_STACKS; v++) {
-                static const unsigned int order[N_EXCEPTION_STACKS] = {
-                        [0 ... N_EXCEPTION_STACKS - 1] = EXCEPTION_STACK_ORDER,
-                        [DEBUG_STACK - 1] = DEBUG_STACK_ORDER
-                };
-                if (cpu) {
-                        estacks = (char *)__get_free_pages(GFP_ATOMIC, order[v]);
-                        if (!estacks)
-                                panic("Cannot allocate exception stack %ld %d\n",
-                                      v, cpu);
-                }
-                estacks += PAGE_SIZE << order[v];
-                orig_ist->ist[v] = t->x86_tss.ist[v] = (unsigned long)estacks;
-        }
-
-        t->x86_tss.io_bitmap_base = offsetof(struct tss_struct, io_bitmap);
-        /*
-         * <= is required because the CPU will access up to
-         * 8 bits beyond the end of the IO permission bitmap.
-         */
-        for (i = 0; i <= IO_BITMAP_LONGS; i++)
-                t->io_bitmap[i] = ~0UL;
-
-        atomic_inc(&init_mm.mm_count);
-        me->active_mm = &init_mm;
-        if (me->mm)
-                BUG();
-        enter_lazy_tlb(&init_mm, me);
-
-        load_sp0(t, &current->thread);
-        set_tss_desc(cpu, t);
-        load_TR_desc();
-        load_LDT(&init_mm.context);
-
-#ifdef CONFIG_KGDB
-        /*
-         * If the kgdb is connected no debug regs should be altered.  This
-         * is only applicable when KGDB and a KGDB I/O module are built
-         * into the kernel and you are using early debugging with
-         * kgdbwait. KGDB will control the kernel HW breakpoint registers.
-         */
-        if (kgdb_connected && arch_kgdb_ops.correct_hw_break)
-                arch_kgdb_ops.correct_hw_break();
-        else {
-#endif
-        /*
-         * Clear all 6 debug registers:
-         */
-
-        set_debugreg(0UL, 0);
-        set_debugreg(0UL, 1);
-        set_debugreg(0UL, 2);
-        set_debugreg(0UL, 3);
-        set_debugreg(0UL, 6);
-        set_debugreg(0UL, 7);
-#ifdef CONFIG_KGDB
-        /* If the kgdb is connected no debug regs should be altered. */
-        }
-#endif
-
-        fpu_init();
-
-        raw_local_save_flags(kernel_eflags);
-
-        if (is_uv_system())
-                uv_cpu_init();
-}
diff --git a/arch/x86/kernel/cpu/cpu.h b/arch/x86/kernel/cpu/cpu.h
index 4d894e8565fe..de4094a39210 100644
--- a/arch/x86/kernel/cpu/cpu.h
+++ b/arch/x86/kernel/cpu/cpu.h
@@ -21,23 +21,16 @@ struct cpu_dev {
         void            (*c_init)(struct cpuinfo_x86 * c);
         void            (*c_identify)(struct cpuinfo_x86 * c);
         unsigned int    (*c_size_cache)(struct cpuinfo_x86 * c, unsigned int size);
+        int     c_x86_vendor;
 };
 
-extern struct cpu_dev * cpu_devs [X86_VENDOR_NUM];
+#define cpu_dev_register(cpu_devX) \
+        static struct cpu_dev *__cpu_dev_##cpu_devX __used \
+        __attribute__((__section__(".x86_cpu_dev.init"))) = \
+        &cpu_devX;
 
-struct cpu_vendor_dev {
-        int vendor;
-        struct cpu_dev *cpu_dev;
-};
-
-#define cpu_vendor_dev_register(cpu_vendor_id, cpu_dev) \
-        static struct cpu_vendor_dev __cpu_vendor_dev_##cpu_vendor_id __used \
-        __attribute__((__section__(".x86cpuvendor.init"))) = \
-        { cpu_vendor_id, cpu_dev }
-
-extern struct cpu_vendor_dev __x86cpuvendor_start[], __x86cpuvendor_end[];
+extern struct cpu_dev *__x86_cpu_dev_start[], *__x86_cpu_dev_end[];
 
-extern int get_model_name(struct cpuinfo_x86 *c);
 extern void display_cacheinfo(struct cpuinfo_x86 *c);
 
 #endif
diff --git a/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c b/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c
index dd097b835839..c24c4a487b7c 100644
--- a/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c
+++ b/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c
@@ -256,7 +256,8 @@ static u32 get_cur_val(const cpumask_t *mask)
  * Only IA32_APERF/IA32_MPERF ratio is architecturally defined and
  * no meaning should be associated with absolute values of these MSRs.
  */
-static unsigned int get_measured_perf(unsigned int cpu)
+static unsigned int get_measured_perf(struct cpufreq_policy *policy,
+                                      unsigned int cpu)
 {
         union {
                 struct {
@@ -326,7 +327,7 @@ static unsigned int get_measured_perf(unsigned int cpu)
 
 #endif
 
-        retval = per_cpu(drv_data, cpu)->max_freq * perf_percent / 100;
+        retval = per_cpu(drv_data, policy->cpu)->max_freq * perf_percent / 100;
 
         put_cpu();
         set_cpus_allowed_ptr(current, &saved_mask);
@@ -785,7 +786,11 @@ static int __init acpi_cpufreq_init(void)
         if (ret)
                 return ret;
 
-        return cpufreq_register_driver(&acpi_cpufreq_driver);
+        ret = cpufreq_register_driver(&acpi_cpufreq_driver);
+        if (ret)
+                free_percpu(acpi_perf_data);
+
+        return ret;
 }
 
 static void __exit acpi_cpufreq_exit(void)
@@ -795,8 +800,6 @@ static void __exit acpi_cpufreq_exit(void)
         cpufreq_unregister_driver(&acpi_cpufreq_driver);
 
         free_percpu(acpi_perf_data);
-
-        return;
 }
 
 module_param(acpi_pstate_strict, uint, 0644);
diff --git a/arch/x86/kernel/cpu/cpufreq/elanfreq.c b/arch/x86/kernel/cpu/cpufreq/elanfreq.c
index e4a4bf870e94..fe613c93b366 100644
--- a/arch/x86/kernel/cpu/cpufreq/elanfreq.c
+++ b/arch/x86/kernel/cpu/cpufreq/elanfreq.c
@@ -25,8 +25,8 @@
 #include <linux/cpufreq.h>
 
 #include <asm/msr.h>
-#include <asm/timex.h>
-#include <asm/io.h>
+#include <linux/timex.h>
+#include <linux/io.h>
 
 #define REG_CSCIR 0x22          /* Chip Setup and Control Index Register    */
 #define REG_CSCDR 0x23          /* Chip Setup and Control Data  Register    */
@@ -82,7 +82,7 @@ static unsigned int elanfreq_get_cpu_frequency(unsigned int cpu)
         u8 clockspeed_reg;    /* Clock Speed Register */
 
         local_irq_disable();
-        outb_p(0x80,REG_CSCIR);
+        outb_p(0x80, REG_CSCIR);
         clockspeed_reg = inb_p(REG_CSCDR);
         local_irq_enable();
 
@@ -98,10 +98,10 @@ static unsigned int elanfreq_get_cpu_frequency(unsigned int cpu)
         }
 
         /* 33 MHz is not 32 MHz... */
-        if ((clockspeed_reg & 0xE0)==0xA0)
+        if ((clockspeed_reg & 0xE0) == 0xA0)
                 return 33000;
 
-        return ((1<<((clockspeed_reg & 0xE0) >> 5)) * 1000);
+        return (1<<((clockspeed_reg & 0xE0) >> 5)) * 1000;
 }
 
 
@@ -117,7 +117,7 @@ static unsigned int elanfreq_get_cpu_frequency(unsigned int cpu)
  *      There is no return value.
  */
 
-static void elanfreq_set_cpu_state (unsigned int state)
+static void elanfreq_set_cpu_state(unsigned int state)
 {
         struct cpufreq_freqs    freqs;
 
@@ -144,20 +144,20 @@ static void elanfreq_set_cpu_state (unsigned int state)
          */
 
         local_irq_disable();
-        outb_p(0x40,REG_CSCIR);         /* Disable hyperspeed mode */
-        outb_p(0x00,REG_CSCDR);
+        outb_p(0x40, REG_CSCIR);                /* Disable hyperspeed mode */
+        outb_p(0x00, REG_CSCDR);
         local_irq_enable();             /* wait till internal pipelines and */
         udelay(1000);                   /* buffers have cleaned up          */
 
         local_irq_disable();
 
         /* now, set the CPU clock speed register (0x80) */
-        outb_p(0x80,REG_CSCIR);
-        outb_p(elan_multiplier[state].val80h,REG_CSCDR);
+        outb_p(0x80, REG_CSCIR);
+        outb_p(elan_multiplier[state].val80h, REG_CSCDR);
 
         /* now, the hyperspeed bit in PMU Force Mode Register (0x40) */
-        outb_p(0x40,REG_CSCIR);
-        outb_p(elan_multiplier[state].val40h,REG_CSCDR);
+        outb_p(0x40, REG_CSCIR);
+        outb_p(elan_multiplier[state].val40h, REG_CSCDR);
         udelay(10000);
         local_irq_enable();
 
@@ -173,12 +173,12 @@ static void elanfreq_set_cpu_state (unsigned int state)
  *      for the hardware supported by the driver.
  */
 
-static int elanfreq_verify (struct cpufreq_policy *policy)
+static int elanfreq_verify(struct cpufreq_policy *policy)
 {
         return cpufreq_frequency_table_verify(policy, &elanfreq_table[0]);
 }
 
-static int elanfreq_target (struct cpufreq_policy *policy,
+static int elanfreq_target(struct cpufreq_policy *policy,
                             unsigned int target_freq,
                             unsigned int relation)
 {
@@ -205,7 +205,7 @@ static int elanfreq_cpu_init(struct cpufreq_policy *policy)
 
         /* capability check */
         if ((c->x86_vendor != X86_VENDOR_AMD) ||
-            (c->x86 != 4) || (c->x86_model!=10))
+            (c->x86 != 4) || (c->x86_model != 10))
                 return -ENODEV;
 
         /* max freq */
@@ -213,7 +213,7 @@ static int elanfreq_cpu_init(struct cpufreq_policy *policy)
                 max_freq = elanfreq_get_cpu_frequency(0);
 
         /* table init */
-        for (i=0; (elanfreq_table[i].frequency != CPUFREQ_TABLE_END); i++) {
+        for (i = 0; (elanfreq_table[i].frequency != CPUFREQ_TABLE_END); i++) {
                 if (elanfreq_table[i].frequency > max_freq)
                         elanfreq_table[i].frequency = CPUFREQ_ENTRY_INVALID;
         }
@@ -224,7 +224,7 @@ static int elanfreq_cpu_init(struct cpufreq_policy *policy)
 
         result = cpufreq_frequency_table_cpuinfo(policy, elanfreq_table);
         if (result)
-                return (result);
+                return result;
 
         cpufreq_frequency_table_get_attr(elanfreq_table, policy->cpu);
         return 0;
@@ -260,7 +260,7 @@ __setup("elanfreq=", elanfreq_setup);
 #endif
 
 
-static struct freq_attr* elanfreq_attr[] = {
+static struct freq_attr *elanfreq_attr[] = {
         &cpufreq_freq_attr_scaling_available_freqs,
         NULL,
 };
@@ -284,9 +284,9 @@ static int __init elanfreq_init(void)
 
         /* Test if we have the right hardware */
         if ((c->x86_vendor != X86_VENDOR_AMD) ||
-                (c->x86 != 4) || (c->x86_model!=10)) {
+                (c->x86 != 4) || (c->x86_model != 10)) {
                 printk(KERN_INFO "elanfreq: error: no Elan processor found!\n");
-                return -ENODEV;
+                return -ENODEV;
         }
         return cpufreq_register_driver(&elanfreq_driver);
 }
@@ -298,7 +298,7 @@ static void __exit elanfreq_exit(void)
 }
 
 
-module_param (max_freq, int, 0444);
+module_param(max_freq, int, 0444);
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Robert Schwebel <r.schwebel@pengutronix.de>, Sven Geggus <sven@geggus.net>");
diff --git a/arch/x86/kernel/cpu/cpufreq/p4-clockmod.c b/arch/x86/kernel/cpu/cpufreq/p4-clockmod.c
index f1685fb91fbd..b8e05ee4f736 100644
--- a/arch/x86/kernel/cpu/cpufreq/p4-clockmod.c
+++ b/arch/x86/kernel/cpu/cpufreq/p4-clockmod.c
@@ -171,7 +171,7 @@ static unsigned int cpufreq_p4_get_frequency(struct cpuinfo_x86 *c)
         }
 
         if (c->x86 != 0xF) {
-                printk(KERN_WARNING PFX "Unknown p4-clockmod-capable CPU. Please send an e-mail to <cpufreq@lists.linux.org.uk>\n");
+                printk(KERN_WARNING PFX "Unknown p4-clockmod-capable CPU. Please send an e-mail to <cpufreq@vger.kernel.org>\n");
                 return 0;
         }
 
diff --git a/arch/x86/kernel/cpu/cpufreq/powernow-k6.c b/arch/x86/kernel/cpu/cpufreq/powernow-k6.c
index eb9b62b0830c..b5ced806a316 100644
--- a/arch/x86/kernel/cpu/cpufreq/powernow-k6.c
+++ b/arch/x86/kernel/cpu/cpufreq/powernow-k6.c
@@ -15,12 +15,11 @@
 #include <linux/slab.h>
 
 #include <asm/msr.h>
-#include <asm/timex.h>
-#include <asm/io.h>
+#include <linux/timex.h>
+#include <linux/io.h>
 
-
-#define POWERNOW_IOPORT 0xfff0         /* it doesn't matter where, as long
-                                          as it is unused */
+#define POWERNOW_IOPORT 0xfff0          /* it doesn't matter where, as long
+                                           as it is unused */
 
 static unsigned int                     busfreq;   /* FSB, in 10 kHz */
 static unsigned int                     max_multiplier;
@@ -53,7 +52,7 @@ static int powernow_k6_get_cpu_multiplier(void)
 
         msrval = POWERNOW_IOPORT + 0x1;
         wrmsr(MSR_K6_EPMR, msrval, 0); /* enable the PowerNow port */
-        invalue=inl(POWERNOW_IOPORT + 0x8);
+        invalue = inl(POWERNOW_IOPORT + 0x8);
         msrval = POWERNOW_IOPORT + 0x0;
         wrmsr(MSR_K6_EPMR, msrval, 0); /* disable it again */
 
@@ -67,9 +66,9 @@ static int powernow_k6_get_cpu_multiplier(void)
  *
  *   Tries to change the PowerNow! multiplier
  */
-static void powernow_k6_set_state (unsigned int best_i)
+static void powernow_k6_set_state(unsigned int best_i)
 {
-        unsigned long           outvalue=0, invalue=0;
+        unsigned long           outvalue = 0, invalue = 0;
         unsigned long           msrval;
         struct cpufreq_freqs    freqs;
 
@@ -90,10 +89,10 @@ static void powernow_k6_set_state (unsigned int best_i)
 
         msrval = POWERNOW_IOPORT + 0x1;
         wrmsr(MSR_K6_EPMR, msrval, 0); /* enable the PowerNow port */
-        invalue=inl(POWERNOW_IOPORT + 0x8);
+        invalue = inl(POWERNOW_IOPORT + 0x8);
         invalue = invalue & 0xf;
         outvalue = outvalue | invalue;
-        outl(outvalue ,(POWERNOW_IOPORT + 0x8));
+        outl(outvalue , (POWERNOW_IOPORT + 0x8));
         msrval = POWERNOW_IOPORT + 0x0;
         wrmsr(MSR_K6_EPMR, msrval, 0); /* disable it again */
 
@@ -124,7 +123,7 @@ static int powernow_k6_verify(struct cpufreq_policy *policy)
  *
  * sets a new CPUFreq policy
  */
-static int powernow_k6_target (struct cpufreq_policy *policy,
+static int powernow_k6_target(struct cpufreq_policy *policy,
                                unsigned int target_freq,
                                unsigned int relation)
 {
@@ -152,7 +151,7 @@ static int powernow_k6_cpu_init(struct cpufreq_policy *policy)
         busfreq = cpu_khz / max_multiplier;
 
         /* table init */
-        for (i=0; (clock_ratio[i].frequency != CPUFREQ_TABLE_END); i++) {
+        for (i = 0; (clock_ratio[i].frequency != CPUFREQ_TABLE_END); i++) {
                 if (clock_ratio[i].index > max_multiplier)
                         clock_ratio[i].frequency = CPUFREQ_ENTRY_INVALID;
                 else
@@ -165,7 +164,7 @@ static int powernow_k6_cpu_init(struct cpufreq_policy *policy)
 
         result = cpufreq_frequency_table_cpuinfo(policy, clock_ratio);
         if (result)
-                return (result);
+                return result;
 
         cpufreq_frequency_table_get_attr(clock_ratio, policy->cpu);
 
@@ -176,8 +175,8 @@ static int powernow_k6_cpu_init(struct cpufreq_policy *policy)
 static int powernow_k6_cpu_exit(struct cpufreq_policy *policy)
 {
         unsigned int i;
-        for (i=0; i<8; i++) {
-                if (i==max_multiplier)
+        for (i = 0; i < 8; i++) {
+                if (i == max_multiplier)
                         powernow_k6_set_state(i);
         }
         cpufreq_frequency_table_put_attr(policy->cpu);
@@ -189,7 +188,7 @@ static unsigned int powernow_k6_get(unsigned int cpu)
         return busfreq * powernow_k6_get_cpu_multiplier();
 }
 
-static struct freq_attr* powernow_k6_attr[] = {
+static struct freq_attr *powernow_k6_attr[] = {
         &cpufreq_freq_attr_scaling_available_freqs,
         NULL,
 };
@@ -227,7 +226,7 @@ static int __init powernow_k6_init(void)
         }
 
         if (cpufreq_register_driver(&powernow_k6_driver)) {
-                release_region (POWERNOW_IOPORT, 16);
+                release_region(POWERNOW_IOPORT, 16);
                 return -EINVAL;
         }
 
@@ -243,13 +242,13 @@ static int __init powernow_k6_init(void)
 static void __exit powernow_k6_exit(void)
 {
         cpufreq_unregister_driver(&powernow_k6_driver);
-        release_region (POWERNOW_IOPORT, 16);
+        release_region(POWERNOW_IOPORT, 16);
 }
 
 
-MODULE_AUTHOR ("Arjan van de Ven <arjanv@redhat.com>, Dave Jones <davej@codemonkey.org.uk>, Dominik Brodowski <linux@brodo.de>");
-MODULE_DESCRIPTION ("PowerNow! driver for AMD K6-2+ / K6-3+ processors.");
-MODULE_LICENSE ("GPL");
+MODULE_AUTHOR("Arjan van de Ven <arjanv@redhat.com>, Dave Jones <davej@codemonkey.org.uk>, Dominik Brodowski <linux@brodo.de>");
+MODULE_DESCRIPTION("PowerNow! driver for AMD K6-2+ / K6-3+ processors.");
+MODULE_LICENSE("GPL");
 
 module_init(powernow_k6_init);
 module_exit(powernow_k6_exit);
diff --git a/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c b/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c
index 15e13c01cc36..3b5f06423e77 100644
--- a/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c
+++ b/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c
@@ -26,7 +26,7 @@
 #include <asm/cpufeature.h>
 
 #define PFX             "speedstep-centrino: "
-#define MAINTAINER      "cpufreq@lists.linux.org.uk"
+#define MAINTAINER      "cpufreq@vger.kernel.org"
 
 #define dprintk(msg...) \
         cpufreq_debug_printk(CPUFREQ_DEBUG_DRIVER, "speedstep-centrino", msg)
diff --git a/arch/x86/kernel/cpu/cyrix.c b/arch/x86/kernel/cpu/cyrix.c
index e710a21bb6e8..ffd0f5ed071a 100644
--- a/arch/x86/kernel/cpu/cyrix.c
+++ b/arch/x86/kernel/cpu/cyrix.c
@@ -15,13 +15,11 @@
 /*
  * Read NSC/Cyrix DEVID registers (DIR) to get more detailed info. about the CPU
  */
-static void __cpuinit do_cyrix_devid(unsigned char *dir0, unsigned char *dir1)
+static void __cpuinit __do_cyrix_devid(unsigned char *dir0, unsigned char *dir1)
 {
         unsigned char ccr2, ccr3;
-        unsigned long flags;
 
         /* we test for DEVID by checking whether CCR3 is writable */
-        local_irq_save(flags);
         ccr3 = getCx86(CX86_CCR3);
         setCx86(CX86_CCR3, ccr3 ^ 0x80);
         getCx86(0xc0);   /* dummy to change bus */
@@ -44,9 +42,16 @@ static void __cpuinit do_cyrix_devid(unsigned char *dir0, unsigned char *dir1)
                 *dir0 = getCx86(CX86_DIR0);
                 *dir1 = getCx86(CX86_DIR1);
         }
-        local_irq_restore(flags);
 }
 
+static void __cpuinit do_cyrix_devid(unsigned char *dir0, unsigned char *dir1)
+{
+        unsigned long flags;
+
+        local_irq_save(flags);
+        __do_cyrix_devid(dir0, dir1);
+        local_irq_restore(flags);
+}
 /*
  * Cx86_dir0_msb is a HACK needed by check_cx686_cpuid/slop in bugs.h in
  * order to identify the Cyrix CPU model after we're out of setup.c
@@ -116,7 +121,7 @@ static void __cpuinit set_cx86_reorder(void)
         setCx86(CX86_CCR3, (ccr3 & 0x0f) | 0x10); /* enable MAPEN */
 
         /* Load/Store Serialize to mem access disable (=reorder it) */
-        setCx86(CX86_PCR0, getCx86(CX86_PCR0) & ~0x80);
+        setCx86_old(CX86_PCR0, getCx86_old(CX86_PCR0) & ~0x80);
         /* set load/store serialize from 1GB to 4GB */
         ccr3 |= 0xe0;
         setCx86(CX86_CCR3, ccr3);
@@ -127,11 +132,11 @@ static void __cpuinit set_cx86_memwb(void)
         printk(KERN_INFO "Enable Memory-Write-back mode on Cyrix/NSC processor.\n");
 
         /* CCR2 bit 2: unlock NW bit */
-        setCx86(CX86_CCR2, getCx86(CX86_CCR2) & ~0x04);
+        setCx86_old(CX86_CCR2, getCx86_old(CX86_CCR2) & ~0x04);
         /* set 'Not Write-through' */
         write_cr0(read_cr0() | X86_CR0_NW);
         /* CCR2 bit 2: lock NW bit and set WT1 */
-        setCx86(CX86_CCR2, getCx86(CX86_CCR2) | 0x14);
+        setCx86_old(CX86_CCR2, getCx86_old(CX86_CCR2) | 0x14);
 }
 
 /*
@@ -145,14 +150,14 @@ static void __cpuinit geode_configure(void)
         local_irq_save(flags);
 
         /* Suspend on halt power saving and enable #SUSP pin */
-        setCx86(CX86_CCR2, getCx86(CX86_CCR2) | 0x88);
+        setCx86_old(CX86_CCR2, getCx86_old(CX86_CCR2) | 0x88);
 
         ccr3 = getCx86(CX86_CCR3);
         setCx86(CX86_CCR3, (ccr3 & 0x0f) | 0x10);       /* enable MAPEN */
 
 
         /* FPU fast, DTE cache, Mem bypass */
-        setCx86(CX86_CCR4, getCx86(CX86_CCR4) | 0x38);
+        setCx86_old(CX86_CCR4, getCx86_old(CX86_CCR4) | 0x38);
         setCx86(CX86_CCR3, ccr3);                       /* disable MAPEN */
 
         set_cx86_memwb();
@@ -161,6 +166,24 @@ static void __cpuinit geode_configure(void)
         local_irq_restore(flags);
 }
 
+static void __cpuinit early_init_cyrix(struct cpuinfo_x86 *c)
+{
+        unsigned char dir0, dir0_msn, dir1 = 0;
+
+        __do_cyrix_devid(&dir0, &dir1);
+        dir0_msn = dir0 >> 4; /* identifies CPU "family"   */
+
+        switch (dir0_msn) {
+        case 3: /* 6x86/6x86L */
+                /* Emulate MTRRs using Cyrix's ARRs. */
+                set_cpu_cap(c, X86_FEATURE_CYRIX_ARR);
+                break;
+        case 5: /* 6x86MX/M II */
+                /* Emulate MTRRs using Cyrix's ARRs. */
+                set_cpu_cap(c, X86_FEATURE_CYRIX_ARR);
+                break;
+        }
+}
 
 static void __cpuinit init_cyrix(struct cpuinfo_x86 *c)
 {
@@ -268,7 +291,7 @@ static void __cpuinit init_cyrix(struct cpuinfo_x86 *c)
                 /* GXm supports extended cpuid levels 'ala' AMD */
                 if (c->cpuid_level == 2) {
                         /* Enable cxMMX extensions (GX1 Datasheet 54) */
-                        setCx86(CX86_CCR7, getCx86(CX86_CCR7) | 1);
+                        setCx86_old(CX86_CCR7, getCx86_old(CX86_CCR7) | 1);
 
                         /*
                          * GXm : 0x30 ... 0x5f GXm  datasheet 51
@@ -278,7 +301,6 @@ static void __cpuinit init_cyrix(struct cpuinfo_x86 *c)
                          */
                         if ((0x30 <= dir1 && dir1 <= 0x6f) || (0x80 <= dir1 && dir1 <= 0x8f))
                                 geode_configure();
-                        get_model_name(c);  /* get CPU marketing name */
                         return;
                 } else { /* MediaGX */
                         Cx86_cb[2] = (dir0_lsn & 1) ? '3' : '4';
@@ -291,7 +313,7 @@ static void __cpuinit init_cyrix(struct cpuinfo_x86 *c)
                 if (dir1 > 7) {
                         dir0_msn++;  /* M II */
                         /* Enable MMX extensions (App note 108) */
-                        setCx86(CX86_CCR7, getCx86(CX86_CCR7)|1);
+                        setCx86_old(CX86_CCR7, getCx86_old(CX86_CCR7)|1);
                 } else {
                         c->coma_bug = 1;      /* 6x86MX, it has the bug. */
                 }
@@ -406,7 +428,7 @@ static void __cpuinit cyrix_identify(struct cpuinfo_x86 *c)
                         local_irq_save(flags);
                         ccr3 = getCx86(CX86_CCR3);
                         setCx86(CX86_CCR3, (ccr3 & 0x0f) | 0x10);       /* enable MAPEN  */
-                        setCx86(CX86_CCR4, getCx86(CX86_CCR4) | 0x80);  /* enable cpuid  */
+                        setCx86_old(CX86_CCR4, getCx86_old(CX86_CCR4) | 0x80);  /* enable cpuid  */
                         setCx86(CX86_CCR3, ccr3);                       /* disable MAPEN */
                         local_irq_restore(flags);
                 }
@@ -416,16 +438,19 @@ static void __cpuinit cyrix_identify(struct cpuinfo_x86 *c)
 static struct cpu_dev cyrix_cpu_dev __cpuinitdata = {
         .c_vendor       = "Cyrix",
         .c_ident        = { "CyrixInstead" },
+        .c_early_init   = early_init_cyrix,
         .c_init         = init_cyrix,
         .c_identify     = cyrix_identify,
+        .c_x86_vendor   = X86_VENDOR_CYRIX,
 };
 
-cpu_vendor_dev_register(X86_VENDOR_CYRIX, &cyrix_cpu_dev);
+cpu_dev_register(cyrix_cpu_dev);
 
 static struct cpu_dev nsc_cpu_dev __cpuinitdata = {
         .c_vendor       = "NSC",
         .c_ident        = { "Geode by NSC" },
         .c_init         = init_nsc,
+        .c_x86_vendor   = X86_VENDOR_NSC,
 };
 
-cpu_vendor_dev_register(X86_VENDOR_NSC, &nsc_cpu_dev);
+cpu_dev_register(nsc_cpu_dev);
diff --git a/arch/x86/kernel/cpu/feature_names.c b/arch/x86/kernel/cpu/feature_names.c
deleted file mode 100644
index e43ad4ad4cba..000000000000
--- a/arch/x86/kernel/cpu/feature_names.c
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Strings for the various x86 capability flags.
- *
- * This file must not contain any executable code.
- */
-
-#include <asm/cpufeature.h>
-
-/*
- * These flag bits must match the definitions in <asm/cpufeature.h>.
- * NULL means this bit is undefined or reserved; either way it doesn't
- * have meaning as far as Linux is concerned.  Note that it's important
- * to realize there is a difference between this table and CPUID -- if
- * applications want to get the raw CPUID data, they should access
- * /dev/cpu/<cpu_nr>/cpuid instead.
- */
-const char * const x86_cap_flags[NCAPINTS*32] = {
-        /* Intel-defined */
-        "fpu", "vme", "de", "pse", "tsc", "msr", "pae", "mce",
-        "cx8", "apic", NULL, "sep", "mtrr", "pge", "mca", "cmov",
-        "pat", "pse36", "pn", "clflush", NULL, "dts", "acpi", "mmx",
-        "fxsr", "sse", "sse2", "ss", "ht", "tm", "ia64", "pbe",
-
-        /* AMD-defined */
-        NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
-        NULL, NULL, NULL, "syscall", NULL, NULL, NULL, NULL,
-        NULL, NULL, NULL, "mp", "nx", NULL, "mmxext", NULL,
-        NULL, "fxsr_opt", "pdpe1gb", "rdtscp", NULL, "lm",
-        "3dnowext", "3dnow",
-
-        /* Transmeta-defined */
-        "recovery", "longrun", NULL, "lrti", NULL, NULL, NULL, NULL,
-        NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
-        NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
-        NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
-
-        /* Other (Linux-defined) */
-        "cxmmx", "k6_mtrr", "cyrix_arr", "centaur_mcr",
-        NULL, NULL, NULL, NULL,
-        "constant_tsc", "up", NULL, "arch_perfmon",
-        "pebs", "bts", NULL, NULL,
-        "rep_good", NULL, NULL, NULL, NULL, NULL, NULL, NULL,
-        NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
-
-        /* Intel-defined (#2) */
-        "pni", NULL, NULL, "monitor", "ds_cpl", "vmx", "smx", "est",
-        "tm2", "ssse3", "cid", NULL, NULL, "cx16", "xtpr", NULL,
-        NULL, NULL, "dca", "sse4_1", "sse4_2", NULL, NULL, "popcnt",
-        NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
-
-        /* VIA/Cyrix/Centaur-defined */
-        NULL, NULL, "rng", "rng_en", NULL, NULL, "ace", "ace_en",
-        "ace2", "ace2_en", "phe", "phe_en", "pmm", "pmm_en", NULL, NULL,
-        NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
-        NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
-
-        /* AMD-defined (#2) */
-        "lahf_lm", "cmp_legacy", "svm", "extapic",
-        "cr8_legacy", "abm", "sse4a", "misalignsse",
-        "3dnowprefetch", "osvw", "ibs", "sse5",
-        "skinit", "wdt", NULL, NULL,
-        NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
-        NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
-
-        /* Auxiliary (Linux-defined) */
-        "ida", NULL, NULL, NULL, NULL, NULL, NULL, NULL,
-        NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
-        NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
-        NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
-};
-
-const char *const x86_power_flags[32] = {
-        "ts",   /* temperature sensor */
-        "fid",  /* frequency id control */
-        "vid",  /* voltage id control */
-        "ttp",  /* thermal trip */
-        "tm",
-        "stc",
-        "100mhzsteps",
-        "hwpstate",
-        "",     /* tsc invariant mapped to constant_tsc */
-                /* nothing */
-};
diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index b75f2569b8f8..99468dbd08da 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -15,6 +15,11 @@
 #include <asm/ds.h>
 #include <asm/bugs.h>
 
+#ifdef CONFIG_X86_64
+#include <asm/topology.h>
+#include <asm/numa_64.h>
+#endif
+
 #include "cpu.h"
 
 #ifdef CONFIG_X86_LOCAL_APIC
@@ -23,23 +28,22 @@
 #include <mach_apic.h>
 #endif
 
-#ifdef CONFIG_X86_INTEL_USERCOPY
-/*
- * Alignment at which movsl is preferred for bulk memory copies.
- */
-struct movsl_mask movsl_mask __read_mostly;
-#endif
-
 static void __cpuinit early_init_intel(struct cpuinfo_x86 *c)
 {
-        /* Netburst reports 64 bytes clflush size, but does IO in 128 bytes */
-        if (c->x86 == 15 && c->x86_cache_alignment == 64)
-                c->x86_cache_alignment = 128;
         if ((c->x86 == 0xf && c->x86_model >= 0x03) ||
                 (c->x86 == 0x6 && c->x86_model >= 0x0e))
                 set_cpu_cap(c, X86_FEATURE_CONSTANT_TSC);
+
+#ifdef CONFIG_X86_64
+        set_cpu_cap(c, X86_FEATURE_SYSENTER32);
+#else
+        /* Netburst reports 64 bytes clflush size, but does IO in 128 bytes */
+        if (c->x86 == 15 && c->x86_cache_alignment == 64)
+                c->x86_cache_alignment = 128;
+#endif
 }
 
+#ifdef CONFIG_X86_32
 /*
  *      Early probe support logic for ppro memory erratum #50
  *
@@ -59,15 +63,54 @@ int __cpuinit ppro_with_ram_bug(void)
         return 0;
 }
 
+#ifdef CONFIG_X86_F00F_BUG
+static void __cpuinit trap_init_f00f_bug(void)
+{
+        __set_fixmap(FIX_F00F_IDT, __pa(&idt_table), PAGE_KERNEL_RO);
 
-/*
- * P4 Xeon errata 037 workaround.
- * Hardware prefetcher may cause stale data to be loaded into the cache.
- */
-static void __cpuinit Intel_errata_workarounds(struct cpuinfo_x86 *c)
+        /*
+         * Update the IDT descriptor and reload the IDT so that
+         * it uses the read-only mapped virtual address.
+         */
+        idt_descr.address = fix_to_virt(FIX_F00F_IDT);
+        load_idt(&idt_descr);
+}
+#endif
+
+static void __cpuinit intel_workarounds(struct cpuinfo_x86 *c)
 {
         unsigned long lo, hi;
 
+#ifdef CONFIG_X86_F00F_BUG
+        /*
+         * All current models of Pentium and Pentium with MMX technology CPUs
+         * have the F0 0F bug, which lets nonprivileged users lock up the system.
+         * Note that the workaround only should be initialized once...
+         */
+        c->f00f_bug = 0;
+        if (!paravirt_enabled() && c->x86 == 5) {
+                static int f00f_workaround_enabled;
+
+                c->f00f_bug = 1;
+                if (!f00f_workaround_enabled) {
+                        trap_init_f00f_bug();
+                        printk(KERN_NOTICE "Intel Pentium with F0 0F bug - workaround enabled.\n");
+                        f00f_workaround_enabled = 1;
+                }
+        }
+#endif
+
+        /*
+         * SEP CPUID bug: Pentium Pro reports SEP but doesn't have it until
+         * model 3 mask 3
+         */
+        if ((c->x86<<8 | c->x86_model<<4 | c->x86_mask) < 0x633)
+                clear_cpu_cap(c, X86_FEATURE_SEP);
+
+        /*
+         * P4 Xeon errata 037 workaround.
+         * Hardware prefetcher may cause stale data to be loaded into the cache.
+         */
         if ((c->x86 == 15) && (c->x86_model == 1) && (c->x86_mask == 1)) {
                 rdmsr(MSR_IA32_MISC_ENABLE, lo, hi);
                 if ((lo & (1<<9)) == 0) {
@@ -77,13 +120,68 @@ static void __cpuinit Intel_errata_workarounds(struct cpuinfo_x86 *c)
                         wrmsr (MSR_IA32_MISC_ENABLE, lo, hi);
                 }
         }
+
+        /*
+         * See if we have a good local APIC by checking for buggy Pentia,
+         * i.e. all B steppings and the C2 stepping of P54C when using their
+         * integrated APIC (see 11AP erratum in "Pentium Processor
+         * Specification Update").
+         */
+        if (cpu_has_apic && (c->x86<<8 | c->x86_model<<4) == 0x520 &&
+            (c->x86_mask < 0x6 || c->x86_mask == 0xb))
+                set_cpu_cap(c, X86_FEATURE_11AP);
+
+
+#ifdef CONFIG_X86_INTEL_USERCOPY
+        /*
+         * Set up the preferred alignment for movsl bulk memory moves
+         */
+        switch (c->x86) {
+        case 4:         /* 486: untested */
+                break;
+        case 5:         /* Old Pentia: untested */
+                break;
+        case 6:         /* PII/PIII only like movsl with 8-byte alignment */
+                movsl_mask.mask = 7;
+                break;
+        case 15:        /* P4 is OK down to 8-byte alignment */
+                movsl_mask.mask = 7;
+                break;
+        }
+#endif
+
+#ifdef CONFIG_X86_NUMAQ
+        numaq_tsc_disable();
+#endif
 }
+#else
+static void __cpuinit intel_workarounds(struct cpuinfo_x86 *c)
+{
+}
+#endif
 
+static void __cpuinit srat_detect_node(void)
+{
+#if defined(CONFIG_NUMA) && defined(CONFIG_X86_64)
+        unsigned node;
+        int cpu = smp_processor_id();
+        int apicid = hard_smp_processor_id();
+
+        /* Don't do the funky fallback heuristics the AMD version employs
+           for now. */
+        node = apicid_to_node[apicid];
+        if (node == NUMA_NO_NODE || !node_online(node))
+                node = first_node(node_online_map);
+        numa_set_node(cpu, node);
+
+        printk(KERN_INFO "CPU %d/%x -> Node %d\n", cpu, apicid, node);
+#endif
+}
 
 /*
  * find out the number of processor cores on the die
  */
-static int __cpuinit num_cpu_cores(struct cpuinfo_x86 *c)
+static int __cpuinit intel_num_cpu_cores(struct cpuinfo_x86 *c)
 {
         unsigned int eax, ebx, ecx, edx;
 
@@ -98,45 +196,51 @@ static int __cpuinit num_cpu_cores(struct cpuinfo_x86 *c)
                 return 1;
 }
 
-#ifdef CONFIG_X86_F00F_BUG
-static void __cpuinit trap_init_f00f_bug(void)
+static void __cpuinit detect_vmx_virtcap(struct cpuinfo_x86 *c)
 {
-        __set_fixmap(FIX_F00F_IDT, __pa(&idt_table), PAGE_KERNEL_RO);
-
-        /*
-         * Update the IDT descriptor and reload the IDT so that
-         * it uses the read-only mapped virtual address.
-         */
-        idt_descr.address = fix_to_virt(FIX_F00F_IDT);
-        load_idt(&idt_descr);
+        /* Intel VMX MSR indicated features */
+#define X86_VMX_FEATURE_PROC_CTLS_TPR_SHADOW    0x00200000
+#define X86_VMX_FEATURE_PROC_CTLS_VNMI          0x00400000
+#define X86_VMX_FEATURE_PROC_CTLS_2ND_CTLS      0x80000000
+#define X86_VMX_FEATURE_PROC_CTLS2_VIRT_APIC    0x00000001
+#define X86_VMX_FEATURE_PROC_CTLS2_EPT          0x00000002
+#define X86_VMX_FEATURE_PROC_CTLS2_VPID         0x00000020
+
+        u32 vmx_msr_low, vmx_msr_high, msr_ctl, msr_ctl2;
+
+        clear_cpu_cap(c, X86_FEATURE_TPR_SHADOW);
+        clear_cpu_cap(c, X86_FEATURE_VNMI);
+        clear_cpu_cap(c, X86_FEATURE_FLEXPRIORITY);
+        clear_cpu_cap(c, X86_FEATURE_EPT);
+        clear_cpu_cap(c, X86_FEATURE_VPID);
+
+        rdmsr(MSR_IA32_VMX_PROCBASED_CTLS, vmx_msr_low, vmx_msr_high);
+        msr_ctl = vmx_msr_high | vmx_msr_low;
+        if (msr_ctl & X86_VMX_FEATURE_PROC_CTLS_TPR_SHADOW)
+                set_cpu_cap(c, X86_FEATURE_TPR_SHADOW);
+        if (msr_ctl & X86_VMX_FEATURE_PROC_CTLS_VNMI)
+                set_cpu_cap(c, X86_FEATURE_VNMI);
+        if (msr_ctl & X86_VMX_FEATURE_PROC_CTLS_2ND_CTLS) {
+                rdmsr(MSR_IA32_VMX_PROCBASED_CTLS2,
+                      vmx_msr_low, vmx_msr_high);
+                msr_ctl2 = vmx_msr_high | vmx_msr_low;
+                if ((msr_ctl2 & X86_VMX_FEATURE_PROC_CTLS2_VIRT_APIC) &&
+                    (msr_ctl & X86_VMX_FEATURE_PROC_CTLS_TPR_SHADOW))
+                        set_cpu_cap(c, X86_FEATURE_FLEXPRIORITY);
+                if (msr_ctl2 & X86_VMX_FEATURE_PROC_CTLS2_EPT)
+                        set_cpu_cap(c, X86_FEATURE_EPT);
+                if (msr_ctl2 & X86_VMX_FEATURE_PROC_CTLS2_VPID)
+                        set_cpu_cap(c, X86_FEATURE_VPID);
+        }
 }
-#endif
 
 static void __cpuinit init_intel(struct cpuinfo_x86 *c)
 {
         unsigned int l2 = 0;
-        char *p = NULL;
 
         early_init_intel(c);
 
-#ifdef CONFIG_X86_F00F_BUG
-        /*
-         * All current models of Pentium and Pentium with MMX technology CPUs
-         * have the F0 0F bug, which lets nonprivileged users lock up the system.
-         * Note that the workaround only should be initialized once...
-         */
-        c->f00f_bug = 0;
-        if (!paravirt_enabled() && c->x86 == 5) {
-                static int f00f_workaround_enabled;
-
-                c->f00f_bug = 1;
-                if (!f00f_workaround_enabled) {
-                        trap_init_f00f_bug();
-                        printk(KERN_NOTICE "Intel Pentium with F0 0F bug - workaround enabled.\n");
-                        f00f_workaround_enabled = 1;
-                }
-        }
-#endif
+        intel_workarounds(c);
 
         l2 = init_intel_cacheinfo(c);
         if (c->cpuid_level > 9) {
@@ -146,16 +250,32 @@ static void __cpuinit init_intel(struct cpuinfo_x86 *c)
                         set_cpu_cap(c, X86_FEATURE_ARCH_PERFMON);
         }
 
-        /* SEP CPUID bug: Pentium Pro reports SEP but doesn't have it until model 3 mask 3 */
-        if ((c->x86<<8 | c->x86_model<<4 | c->x86_mask) < 0x633)
-                clear_cpu_cap(c, X86_FEATURE_SEP);
+        if (cpu_has_xmm2)
+                set_cpu_cap(c, X86_FEATURE_LFENCE_RDTSC);
+        if (cpu_has_ds) {
+                unsigned int l1;
+                rdmsr(MSR_IA32_MISC_ENABLE, l1, l2);
+                if (!(l1 & (1<<11)))
+                        set_cpu_cap(c, X86_FEATURE_BTS);
+                if (!(l1 & (1<<12)))
+                        set_cpu_cap(c, X86_FEATURE_PEBS);
+                ds_init_intel(c);
+        }
 
+#ifdef CONFIG_X86_64
+        if (c->x86 == 15)
+                c->x86_cache_alignment = c->x86_clflush_size * 2;
+        if (c->x86 == 6)
+                set_cpu_cap(c, X86_FEATURE_REP_GOOD);
+#else
         /*
          * Names for the Pentium II/Celeron processors
          * detectable only by also checking the cache size.
          * Dixon is NOT a Celeron.
          */
         if (c->x86 == 6) {
+                char *p = NULL;
+
                 switch (c->x86_model) {
                 case 5:
                         if (c->x86_mask == 0) {
@@ -178,70 +298,41 @@ static void __cpuinit init_intel(struct cpuinfo_x86 *c)
                                 p = "Celeron (Coppermine)";
                         break;
                 }
-        }
-
-        if (p)
-                strcpy(c->x86_model_id, p);
-
-        c->x86_max_cores = num_cpu_cores(c);
-
-        detect_ht(c);
 
-        /* Work around errata */
-        Intel_errata_workarounds(c);
-
-#ifdef CONFIG_X86_INTEL_USERCOPY
-        /*
-         * Set up the preferred alignment for movsl bulk memory moves
-         */
-        switch (c->x86) {
-        case 4:         /* 486: untested */
-                break;
-        case 5:         /* Old Pentia: untested */
-                break;
-        case 6:         /* PII/PIII only like movsl with 8-byte alignment */
-                movsl_mask.mask = 7;
-                break;
-        case 15:        /* P4 is OK down to 8-byte alignment */
-                movsl_mask.mask = 7;
-                break;
+                if (p)
+                        strcpy(c->x86_model_id, p);
         }
-#endif
 
-        if (cpu_has_xmm2)
-                set_cpu_cap(c, X86_FEATURE_LFENCE_RDTSC);
-        if (c->x86 == 15) {
+        if (c->x86 == 15)
                 set_cpu_cap(c, X86_FEATURE_P4);
-        }
         if (c->x86 == 6)
                 set_cpu_cap(c, X86_FEATURE_P3);
-        if (cpu_has_ds) {
-                unsigned int l1;
-                rdmsr(MSR_IA32_MISC_ENABLE, l1, l2);
-                if (!(l1 & (1<<11)))
-                        set_cpu_cap(c, X86_FEATURE_BTS);
-                if (!(l1 & (1<<12)))
-                        set_cpu_cap(c, X86_FEATURE_PEBS);
-        }
 
         if (cpu_has_bts)
-                ds_init_intel(c);
+                ptrace_bts_init_intel(c);
 
-        /*
-         * See if we have a good local APIC by checking for buggy Pentia,
-         * i.e. all B steppings and the C2 stepping of P54C when using their
-         * integrated APIC (see 11AP erratum in "Pentium Processor
-         * Specification Update").
-         */
-        if (cpu_has_apic && (c->x86<<8 | c->x86_model<<4) == 0x520 &&
-            (c->x86_mask < 0x6 || c->x86_mask == 0xb))
-                set_cpu_cap(c, X86_FEATURE_11AP);
+#endif
 
-#ifdef CONFIG_X86_NUMAQ
-        numaq_tsc_disable();
+        detect_extended_topology(c);
+        if (!cpu_has(c, X86_FEATURE_XTOPOLOGY)) {
+                /*
+                 * let's use the legacy cpuid vector 0x1 and 0x4 for topology
+                 * detection.
+                 */
+                c->x86_max_cores = intel_num_cpu_cores(c);
+#ifdef CONFIG_X86_32
+                detect_ht(c);
 #endif
+        }
+
+        /* Work around errata */
+        srat_detect_node();
+
+        if (cpu_has(c, X86_FEATURE_VMX))
+                detect_vmx_virtcap(c);
 }
 
+#ifdef CONFIG_X86_32
 static unsigned int __cpuinit intel_size_cache(struct cpuinfo_x86 *c, unsigned int size)
 {
         /*
@@ -254,10 +345,12 @@ static unsigned int __cpuinit intel_size_cache(struct cpuinfo_x86 *c, unsigned i
                 size = 256;
         return size;
 }
+#endif
 
 static struct cpu_dev intel_cpu_dev __cpuinitdata = {
         .c_vendor       = "Intel",
         .c_ident        = { "GenuineIntel" },
+#ifdef CONFIG_X86_32
         .c_models = {
                 { .vendor = X86_VENDOR_INTEL, .family = 4, .model_names =
                   {
@@ -307,76 +400,12 @@ static struct cpu_dev intel_cpu_dev __cpuinitdata = {
                   }
                 },
         },
+        .c_size_cache   = intel_size_cache,
+#endif
         .c_early_init   = early_init_intel,
         .c_init         = init_intel,
-        .c_size_cache   = intel_size_cache,
+        .c_x86_vendor   = X86_VENDOR_INTEL,
 };
 
-cpu_vendor_dev_register(X86_VENDOR_INTEL, &intel_cpu_dev);
-
-#ifndef CONFIG_X86_CMPXCHG
-unsigned long cmpxchg_386_u8(volatile void *ptr, u8 old, u8 new)
-{
-        u8 prev;
-        unsigned long flags;
-
-        /* Poor man's cmpxchg for 386. Unsuitable for SMP */
-        local_irq_save(flags);
-        prev = *(u8 *)ptr;
-        if (prev == old)
-                *(u8 *)ptr = new;
-        local_irq_restore(flags);
-        return prev;
-}
-EXPORT_SYMBOL(cmpxchg_386_u8);
-
-unsigned long cmpxchg_386_u16(volatile void *ptr, u16 old, u16 new)
-{
-        u16 prev;
-        unsigned long flags;
-
-        /* Poor man's cmpxchg for 386. Unsuitable for SMP */
-        local_irq_save(flags);
-        prev = *(u16 *)ptr;
-        if (prev == old)
-                *(u16 *)ptr = new;
-        local_irq_restore(flags);
-        return prev;
-}
-EXPORT_SYMBOL(cmpxchg_386_u16);
-
-unsigned long cmpxchg_386_u32(volatile void *ptr, u32 old, u32 new)
-{
-        u32 prev;
-        unsigned long flags;
-
-        /* Poor man's cmpxchg for 386. Unsuitable for SMP */
-        local_irq_save(flags);
-        prev = *(u32 *)ptr;
-        if (prev == old)
-                *(u32 *)ptr = new;
-        local_irq_restore(flags);
-        return prev;
-}
-EXPORT_SYMBOL(cmpxchg_386_u32);
-#endif
-
-#ifndef CONFIG_X86_CMPXCHG64
-unsigned long long cmpxchg_486_u64(volatile void *ptr, u64 old, u64 new)
-{
-        u64 prev;
-        unsigned long flags;
-
-        /* Poor man's cmpxchg8b for 386 and 486. Unsuitable for SMP */
-        local_irq_save(flags);
-        prev = *(u64 *)ptr;
-        if (prev == old)
-                *(u64 *)ptr = new;
-        local_irq_restore(flags);
-        return prev;
-}
-EXPORT_SYMBOL(cmpxchg_486_u64);
-#endif
-
-/* arch_initcall(intel_cpu_init); */
+cpu_dev_register(intel_cpu_dev);
 
diff --git a/arch/x86/kernel/cpu/intel_64.c b/arch/x86/kernel/cpu/intel_64.c
deleted file mode 100644
index 1019c58d39f0..000000000000
--- a/arch/x86/kernel/cpu/intel_64.c
+++ /dev/null
@@ -1,95 +0,0 @@
-#include <linux/init.h>
-#include <linux/smp.h>
-#include <asm/processor.h>
-#include <asm/ptrace.h>
-#include <asm/topology.h>
-#include <asm/numa_64.h>
-
-#include "cpu.h"
-
-static void __cpuinit early_init_intel(struct cpuinfo_x86 *c)
-{
-        if ((c->x86 == 0xf && c->x86_model >= 0x03) ||
-            (c->x86 == 0x6 && c->x86_model >= 0x0e))
-                set_cpu_cap(c, X86_FEATURE_CONSTANT_TSC);
-
-        set_cpu_cap(c, X86_FEATURE_SYSENTER32);
-}
-
-/*
- * find out the number of processor cores on the die
- */
-static int __cpuinit intel_num_cpu_cores(struct cpuinfo_x86 *c)
-{
-        unsigned int eax, t;
-
-        if (c->cpuid_level < 4)
-                return 1;
-
-        cpuid_count(4, 0, &eax, &t, &t, &t);
-
-        if (eax & 0x1f)
-                return ((eax >> 26) + 1);
-        else
-                return 1;
-}
-
-static void __cpuinit srat_detect_node(void)
-{
-#ifdef CONFIG_NUMA
-        unsigned node;
-        int cpu = smp_processor_id();
-        int apicid = hard_smp_processor_id();
-
-        /* Don't do the funky fallback heuristics the AMD version employs
-           for now. */
-        node = apicid_to_node[apicid];
-        if (node == NUMA_NO_NODE || !node_online(node))
-                node = first_node(node_online_map);
-        numa_set_node(cpu, node);
-
-        printk(KERN_INFO "CPU %d/%x -> Node %d\n", cpu, apicid, node);
-#endif
-}
-
-static void __cpuinit init_intel(struct cpuinfo_x86 *c)
-{
-        init_intel_cacheinfo(c);
-        if (c->cpuid_level > 9) {
-                unsigned eax = cpuid_eax(10);
-                /* Check for version and the number of counters */
-                if ((eax & 0xff) && (((eax>>8) & 0xff) > 1))
-                        set_cpu_cap(c, X86_FEATURE_ARCH_PERFMON);
-        }
-
-        if (cpu_has_ds) {
-                unsigned int l1, l2;
-                rdmsr(MSR_IA32_MISC_ENABLE, l1, l2);
-                if (!(l1 & (1<<11)))
-                        set_cpu_cap(c, X86_FEATURE_BTS);
-                if (!(l1 & (1<<12)))
-                        set_cpu_cap(c, X86_FEATURE_PEBS);
-        }
-
-
-        if (cpu_has_bts)
-                ds_init_intel(c);
-
-        if (c->x86 == 15)
-                c->x86_cache_alignment = c->x86_clflush_size * 2;
-        if (c->x86 == 6)
-                set_cpu_cap(c, X86_FEATURE_REP_GOOD);
-        set_cpu_cap(c, X86_FEATURE_LFENCE_RDTSC);
-        c->x86_max_cores = intel_num_cpu_cores(c);
-
-        srat_detect_node();
-}
-
-static struct cpu_dev intel_cpu_dev __cpuinitdata = {
-        .c_vendor       = "Intel",
-        .c_ident        = { "GenuineIntel" },
-        .c_early_init   = early_init_intel,
-        .c_init         = init_intel,
-};
-cpu_vendor_dev_register(X86_VENDOR_INTEL, &intel_cpu_dev);
-
diff --git a/arch/x86/kernel/cpu/intel_cacheinfo.c b/arch/x86/kernel/cpu/intel_cacheinfo.c
index 6b0a10b002f1..3f46afbb1cf1 100644
--- a/arch/x86/kernel/cpu/intel_cacheinfo.c
+++ b/arch/x86/kernel/cpu/intel_cacheinfo.c
@@ -1,8 +1,8 @@
 /*
- *      Routines to indentify caches on Intel CPU.
+ *      Routines to indentify caches on Intel CPU.
  *
- *      Changes:
- *      Venkatesh Pallipadi     : Adding cache identification through cpuid(4)
+ *      Changes:
+ *      Venkatesh Pallipadi     : Adding cache identification through cpuid(4)
  *              Ashok Raj <ashok.raj@intel.com>: Work with CPU hotplug infrastructure.
  *      Andi Kleen / Andreas Herrmann   : CPUID4 emulation on AMD.
  */
@@ -13,6 +13,7 @@
 #include <linux/compiler.h>
 #include <linux/cpu.h>
 #include <linux/sched.h>
+#include <linux/pci.h>
 
 #include <asm/processor.h>
 #include <asm/smp.h>
@@ -130,9 +131,18 @@ struct _cpuid4_info {
         union _cpuid4_leaf_ebx ebx;
         union _cpuid4_leaf_ecx ecx;
         unsigned long size;
+        unsigned long can_disable;
         cpumask_t shared_cpu_map;       /* future?: only cpus/node is needed */
 };
 
+#ifdef CONFIG_PCI
+static struct pci_device_id k8_nb_id[] = {
+        { PCI_DEVICE(PCI_VENDOR_ID_AMD, 0x1103) },
+        { PCI_DEVICE(PCI_VENDOR_ID_AMD, 0x1203) },
+        {}
+};
+#endif
+
 unsigned short                  num_cache_leaves;
 
 /* AMD doesn't have CPUID4. Emulate it here to report the same
@@ -182,9 +192,10 @@ static unsigned short assocs[] __cpuinitdata = {
 static unsigned char levels[] __cpuinitdata = { 1, 1, 2, 3 };
 static unsigned char types[] __cpuinitdata = { 1, 2, 3, 3 };
 
-static void __cpuinit amd_cpuid4(int leaf, union _cpuid4_leaf_eax *eax,
-                       union _cpuid4_leaf_ebx *ebx,
-                       union _cpuid4_leaf_ecx *ecx)
+static void __cpuinit
+amd_cpuid4(int leaf, union _cpuid4_leaf_eax *eax,
+                     union _cpuid4_leaf_ebx *ebx,
+                     union _cpuid4_leaf_ecx *ecx)
 {
         unsigned dummy;
         unsigned line_size, lines_per_tag, assoc, size_in_kb;
@@ -251,27 +262,40 @@ static void __cpuinit amd_cpuid4(int leaf, union _cpuid4_leaf_eax *eax,
                 (ebx->split.ways_of_associativity + 1) - 1;
 }
 
-static int __cpuinit cpuid4_cache_lookup(int index, struct _cpuid4_info *this_leaf)
+static void __cpuinit
+amd_check_l3_disable(int index, struct _cpuid4_info *this_leaf)
+{
+        if (index < 3)
+                return;
+        this_leaf->can_disable = 1;
+}
+
+static int
+__cpuinit cpuid4_cache_lookup(int index, struct _cpuid4_info *this_leaf)
 {
         union _cpuid4_leaf_eax  eax;
         union _cpuid4_leaf_ebx  ebx;
         union _cpuid4_leaf_ecx  ecx;
         unsigned                edx;
 
-        if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD)
+        if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD) {
                 amd_cpuid4(index, &eax, &ebx, &ecx);
-        else
-                cpuid_count(4, index, &eax.full, &ebx.full, &ecx.full,  &edx);
+                if (boot_cpu_data.x86 >= 0x10)
+                        amd_check_l3_disable(index, this_leaf);
+        } else {
+                cpuid_count(4, index, &eax.full, &ebx.full, &ecx.full, &edx);
+        }
+
         if (eax.split.type == CACHE_TYPE_NULL)
                 return -EIO; /* better error ? */
 
         this_leaf->eax = eax;
         this_leaf->ebx = ebx;
         this_leaf->ecx = ecx;
-        this_leaf->size = (ecx.split.number_of_sets + 1) *
-                (ebx.split.coherency_line_size + 1) *
-                (ebx.split.physical_line_partition + 1) *
-                (ebx.split.ways_of_associativity + 1);
+        this_leaf->size = (ecx.split.number_of_sets          + 1) *
+                          (ebx.split.coherency_line_size     + 1) *
+                          (ebx.split.physical_line_partition + 1) *
+                          (ebx.split.ways_of_associativity   + 1);
         return 0;
 }
 
@@ -453,7 +477,7 @@ unsigned int __cpuinit init_intel_cacheinfo(struct cpuinfo_x86 *c)
 
 /* pointer to _cpuid4_info array (for each cache leaf) */
 static DEFINE_PER_CPU(struct _cpuid4_info *, cpuid4_info);
-#define CPUID4_INFO_IDX(x, y)    (&((per_cpu(cpuid4_info, x))[y]))
+#define CPUID4_INFO_IDX(x, y)   (&((per_cpu(cpuid4_info, x))[y]))
 
 #ifdef CONFIG_SMP
 static void __cpuinit cache_shared_cpu_map_setup(unsigned int cpu, int index)
@@ -490,7 +514,7 @@ static void __cpuinit cache_remove_shared_cpu_map(unsigned int cpu, int index)
 
         this_leaf = CPUID4_INFO_IDX(cpu, index);
         for_each_cpu_mask_nr(sibling, this_leaf->shared_cpu_map) {
-                sibling_leaf = CPUID4_INFO_IDX(sibling, index); 
+                sibling_leaf = CPUID4_INFO_IDX(sibling, index);
                 cpu_clear(cpu, sibling_leaf->shared_cpu_map);
         }
 }
@@ -572,7 +596,7 @@ struct _index_kobject {
 
 /* pointer to array of kobjects for cpuX/cache/indexY */
 static DEFINE_PER_CPU(struct _index_kobject *, index_kobject);
-#define INDEX_KOBJECT_PTR(x, y)    (&((per_cpu(index_kobject, x))[y]))
+#define INDEX_KOBJECT_PTR(x, y)         (&((per_cpu(index_kobject, x))[y]))
 
 #define show_one_plus(file_name, object, val)                           \
 static ssize_t show_##file_name                                         \
@@ -637,6 +661,99 @@ static ssize_t show_type(struct _cpuid4_info *this_leaf, char *buf) {
         }
 }
 
+#define to_object(k)    container_of(k, struct _index_kobject, kobj)
+#define to_attr(a)      container_of(a, struct _cache_attr, attr)
+
+#ifdef CONFIG_PCI
+static struct pci_dev *get_k8_northbridge(int node)
+{
+        struct pci_dev *dev = NULL;
+        int i;
+
+        for (i = 0; i <= node; i++) {
+                do {
+                        dev = pci_get_device(PCI_ANY_ID, PCI_ANY_ID, dev);
+                        if (!dev)
+                                break;
+                } while (!pci_match_id(&k8_nb_id[0], dev));
+                if (!dev)
+                        break;
+        }
+        return dev;
+}
+#else
+static struct pci_dev *get_k8_northbridge(int node)
+{
+        return NULL;
+}
+#endif
+
+static ssize_t show_cache_disable(struct _cpuid4_info *this_leaf, char *buf)
+{
+        int node = cpu_to_node(first_cpu(this_leaf->shared_cpu_map));
+        struct pci_dev *dev = NULL;
+        ssize_t ret = 0;
+        int i;
+
+        if (!this_leaf->can_disable)
+                return sprintf(buf, "Feature not enabled\n");
+
+        dev = get_k8_northbridge(node);
+        if (!dev) {
+                printk(KERN_ERR "Attempting AMD northbridge operation on a system with no northbridge\n");
+                return -EINVAL;
+        }
+
+        for (i = 0; i < 2; i++) {
+                unsigned int reg;
+
+                pci_read_config_dword(dev, 0x1BC + i * 4, &reg);
+
+                ret += sprintf(buf, "%sEntry: %d\n", buf, i);
+                ret += sprintf(buf, "%sReads:  %s\tNew Entries: %s\n",  
+                        buf,
+                        reg & 0x80000000 ? "Disabled" : "Allowed",
+                        reg & 0x40000000 ? "Disabled" : "Allowed");
+                ret += sprintf(buf, "%sSubCache: %x\tIndex: %x\n",
+                        buf, (reg & 0x30000) >> 16, reg & 0xfff);
+        }
+        return ret;
+}
+
+static ssize_t
+store_cache_disable(struct _cpuid4_info *this_leaf, const char *buf,
+                    size_t count)
+{
+        int node = cpu_to_node(first_cpu(this_leaf->shared_cpu_map));
+        struct pci_dev *dev = NULL;
+        unsigned int ret, index, val;
+
+        if (!this_leaf->can_disable)
+                return 0;
+
+        if (strlen(buf) > 15)
+                return -EINVAL;
+
+        ret = sscanf(buf, "%x %x", &index, &val);
+        if (ret != 2)
+                return -EINVAL;
+        if (index > 1)
+                return -EINVAL;
+
+        val |= 0xc0000000;
+        dev = get_k8_northbridge(node);
+        if (!dev) {
+                printk(KERN_ERR "Attempting AMD northbridge operation on a system with no northbridge\n");
+                return -EINVAL;
+        }
+
+        pci_write_config_dword(dev, 0x1BC + index * 4, val & ~0x40000000);
+        wbinvd();
+        pci_write_config_dword(dev, 0x1BC + index * 4, val);
+
+        return 1;
+}
+
 struct _cache_attr {
         struct attribute attr;
         ssize_t (*show)(struct _cpuid4_info *, char *);
@@ -657,6 +774,8 @@ define_one_ro(size);
 define_one_ro(shared_cpu_map);
 define_one_ro(shared_cpu_list);
 
+static struct _cache_attr cache_disable = __ATTR(cache_disable, 0644, show_cache_disable, store_cache_disable);
+
 static struct attribute * default_attrs[] = {
         &type.attr,
         &level.attr,
@@ -667,12 +786,10 @@ static struct attribute * default_attrs[] = {
         &size.attr,
         &shared_cpu_map.attr,
         &shared_cpu_list.attr,
+        &cache_disable.attr,
         NULL
 };
 
-#define to_object(k) container_of(k, struct _index_kobject, kobj)
-#define to_attr(a) container_of(a, struct _cache_attr, attr)
-
 static ssize_t show(struct kobject * kobj, struct attribute * attr, char * buf)
 {
         struct _cache_attr *fattr = to_attr(attr);
@@ -682,14 +799,22 @@ static ssize_t show(struct kobject * kobj, struct attribute * attr, char * buf)
         ret = fattr->show ?
                 fattr->show(CPUID4_INFO_IDX(this_leaf->cpu, this_leaf->index),
                         buf) :
-                0;
+                0;
         return ret;
 }
 
 static ssize_t store(struct kobject * kobj, struct attribute * attr,
                      const char * buf, size_t count)
 {
-        return 0;
+        struct _cache_attr *fattr = to_attr(attr);
+        struct _index_kobject *this_leaf = to_object(kobj);
+        ssize_t ret;
+
+        ret = fattr->store ?
+                fattr->store(CPUID4_INFO_IDX(this_leaf->cpu, this_leaf->index),
+                        buf, count) :
+                0;
+        return ret;
 }
 
 static struct sysfs_ops sysfs_ops = {
diff --git a/arch/x86/kernel/cpu/mcheck/mce_64.c b/arch/x86/kernel/cpu/mcheck/mce_64.c
index 726a5fcdf341..4b031a4ac856 100644
--- a/arch/x86/kernel/cpu/mcheck/mce_64.c
+++ b/arch/x86/kernel/cpu/mcheck/mce_64.c
@@ -860,7 +860,7 @@ error:
         return err;
 }
 
-static void mce_remove_device(unsigned int cpu)
+static __cpuinit void mce_remove_device(unsigned int cpu)
 {
         int i;
 
diff --git a/arch/x86/kernel/cpu/mkcapflags.pl b/arch/x86/kernel/cpu/mkcapflags.pl
new file mode 100644
index 000000000000..dfea390e1608
--- /dev/null
+++ b/arch/x86/kernel/cpu/mkcapflags.pl
@@ -0,0 +1,32 @@
+#!/usr/bin/perl
+#
+# Generate the x86_cap_flags[] array from include/asm-x86/cpufeature.h
+#
+
+($in, $out) = @ARGV;
+
+open(IN, "< $in\0")   or die "$0: cannot open: $in: $!\n";
+open(OUT, "> $out\0") or die "$0: cannot create: $out: $!\n";
+
+print OUT "#include <asm/cpufeature.h>\n\n";
+print OUT "const char * const x86_cap_flags[NCAPINTS*32] = {\n";
+
+while (defined($line = <IN>)) {
+        if ($line =~ /^\s*\#\s*define\s+(X86_FEATURE_(\S+))\s+(.*)$/) {
+                $macro = $1;
+                $feature = $2;
+                $tail = $3;
+                if ($tail =~ /\/\*\s*\"([^"]*)\".*\*\//) {
+                        $feature = $1;
+                }
+
+                if ($feature ne '') {
+                        printf OUT "\t%-32s = \"%s\",\n",
+                                "[$macro]", "\L$feature";
+                }
+        }
+}
+print OUT "};\n";
+
+close(IN);
+close(OUT);
diff --git a/arch/x86/kernel/cpu/mtrr/generic.c b/arch/x86/kernel/cpu/mtrr/generic.c
index cb7d3b6a80eb..4e8d77f01eeb 100644
--- a/arch/x86/kernel/cpu/mtrr/generic.c
+++ b/arch/x86/kernel/cpu/mtrr/generic.c
@@ -401,12 +401,7 @@ static void generic_get_mtrr(unsigned int reg, unsigned long *base,
                 tmp |= ~((1<<(hi - 1)) - 1);
 
                 if (tmp != mask_lo) {
-                        static int once = 1;
-
-                        if (once) {
-                                printk(KERN_INFO "mtrr: your BIOS has set up an incorrect mask, fixing it up.\n");
-                                once = 0;
-                        }
+                        WARN_ONCE(1, KERN_INFO "mtrr: your BIOS has set up an incorrect mask, fixing it up.\n");
                         mask_lo = tmp;
                 }
         }
diff --git a/arch/x86/kernel/cpu/mtrr/if.c b/arch/x86/kernel/cpu/mtrr/if.c
index 84c480bb3715..4c4214690dd1 100644
--- a/arch/x86/kernel/cpu/mtrr/if.c
+++ b/arch/x86/kernel/cpu/mtrr/if.c
@@ -405,9 +405,9 @@ static int mtrr_seq_show(struct seq_file *seq, void *offset)
                         }
                         /* RED-PEN: base can be > 32bit */ 
                         len += seq_printf(seq, 
-                                   "reg%02i: base=0x%05lx000 (%4luMB), size=%4lu%cB: %s, count=%d\n",
+                                   "reg%02i: base=0x%06lx000 (%5luMB), size=%5lu%cB, count=%d: %s\n",
                              i, base, base >> (20 - PAGE_SHIFT), size, factor,
-                             mtrr_attrib_to_str(type), mtrr_usage_table[i]);
+                             mtrr_usage_table[i], mtrr_attrib_to_str(type));
                 }
         }
         return 0;
diff --git a/arch/x86/kernel/cpu/mtrr/main.c b/arch/x86/kernel/cpu/mtrr/main.c
index b117d7f8a564..c78c04821ea1 100644
--- a/arch/x86/kernel/cpu/mtrr/main.c
+++ b/arch/x86/kernel/cpu/mtrr/main.c
@@ -729,7 +729,7 @@ struct var_mtrr_range_state {
         mtrr_type type;
 };
 
-struct var_mtrr_range_state __initdata range_state[RANGE_NUM];
+static struct var_mtrr_range_state __initdata range_state[RANGE_NUM];
 static int __initdata debug_print;
 
 static int __init
@@ -759,7 +759,8 @@ x86_get_mtrr_mem_range(struct res_range *range, int nr_range,
         /* take out UC ranges */
         for (i = 0; i < num_var_ranges; i++) {
                 type = range_state[i].type;
-                if (type != MTRR_TYPE_UNCACHABLE)
+                if (type != MTRR_TYPE_UNCACHABLE &&
+                    type != MTRR_TYPE_WRPROT)
                         continue;
                 size = range_state[i].size_pfn;
                 if (!size)
@@ -834,7 +835,14 @@ static int __init enable_mtrr_cleanup_setup(char *str)
                 enable_mtrr_cleanup = 1;
         return 0;
 }
-early_param("enble_mtrr_cleanup", enable_mtrr_cleanup_setup);
+early_param("enable_mtrr_cleanup", enable_mtrr_cleanup_setup);
+
+static int __init mtrr_cleanup_debug_setup(char *str)
+{
+        debug_print = 1;
+        return 0;
+}
+early_param("mtrr_cleanup_debug", mtrr_cleanup_debug_setup);
 
 struct var_mtrr_state {
         unsigned long   range_startk;
@@ -898,6 +906,27 @@ set_var_mtrr_all(unsigned int address_bits)
         }
 }
 
+static unsigned long to_size_factor(unsigned long sizek, char *factorp)
+{
+        char factor;
+        unsigned long base = sizek;
+
+        if (base & ((1<<10) - 1)) {
+                /* not MB alignment */
+                factor = 'K';
+        } else if (base & ((1<<20) - 1)){
+                factor = 'M';
+                base >>= 10;
+        } else {
+                factor = 'G';
+                base >>= 20;
+        }
+
+        *factorp = factor;
+
+        return base;
+}
+
 static unsigned int __init
 range_to_mtrr(unsigned int reg, unsigned long range_startk,
               unsigned long range_sizek, unsigned char type)
@@ -919,13 +948,21 @@ range_to_mtrr(unsigned int reg, unsigned long range_startk,
                         align = max_align;
 
                 sizek = 1 << align;
-                if (debug_print)
+                if (debug_print) {
+                        char start_factor = 'K', size_factor = 'K';
+                        unsigned long start_base, size_base;
+
+                        start_base = to_size_factor(range_startk, &start_factor),
+                        size_base = to_size_factor(sizek, &size_factor),
+
                         printk(KERN_DEBUG "Setting variable MTRR %d, "
-                                "base: %ldMB, range: %ldMB, type %s\n",
-                                reg, range_startk >> 10, sizek >> 10,
+                                "base: %ld%cB, range: %ld%cB, type %s\n",
+                                reg, start_base, start_factor,
+                                size_base, size_factor,
                                 (type == MTRR_TYPE_UNCACHABLE)?"UC":
                                     ((type == MTRR_TYPE_WRBACK)?"WB":"Other")
                                 );
+                }
                 save_var_mtrr(reg++, range_startk, sizek, type);
                 range_startk += sizek;
                 range_sizek -= sizek;
@@ -970,6 +1007,8 @@ range_to_mtrr_with_hole(struct var_mtrr_state *state, unsigned long basek,
         /* try to append some small hole */
         range0_basek = state->range_startk;
         range0_sizek = ALIGN(state->range_sizek, chunk_sizek);
+
+        /* no increase */
         if (range0_sizek == state->range_sizek) {
                 if (debug_print)
                         printk(KERN_DEBUG "rangeX: %016lx - %016lx\n",
@@ -980,13 +1019,40 @@ range_to_mtrr_with_hole(struct var_mtrr_state *state, unsigned long basek,
                 return 0;
         }
 
-        range0_sizek -= chunk_sizek;
-        if (range0_sizek && sizek) {
-            while (range0_basek + range0_sizek > (basek + sizek)) {
-                range0_sizek -= chunk_sizek;
-                if (!range0_sizek)
-                        break;
-            }
+        /* only cut back, when it is not the last */
+        if (sizek) {
+                while (range0_basek + range0_sizek > (basek + sizek)) {
+                        if (range0_sizek >= chunk_sizek)
+                                range0_sizek -= chunk_sizek;
+                        else
+                                range0_sizek = 0;
+
+                        if (!range0_sizek)
+                                break;
+                }
+        }
+
+second_try:
+        range_basek = range0_basek + range0_sizek;
+
+        /* one hole in the middle */
+        if (range_basek > basek && range_basek <= (basek + sizek))
+                second_sizek = range_basek - basek;
+
+        if (range0_sizek > state->range_sizek) {
+
+                /* one hole in middle or at end */
+                hole_sizek = range0_sizek - state->range_sizek - second_sizek;
+
+                /* hole size should be less than half of range0 size */
+                if (hole_sizek >= (range0_sizek >> 1) &&
+                    range0_sizek >= chunk_sizek) {
+                        range0_sizek -= chunk_sizek;
+                        second_sizek = 0;
+                        hole_sizek = 0;
+
+                        goto second_try;
+                }
         }
 
         if (range0_sizek) {
@@ -996,50 +1062,28 @@ range_to_mtrr_with_hole(struct var_mtrr_state *state, unsigned long basek,
                                 (range0_basek + range0_sizek)<<10);
                 state->reg = range_to_mtrr(state->reg, range0_basek,
                                 range0_sizek, MTRR_TYPE_WRBACK);
-
-        }
-
-        range_basek = range0_basek + range0_sizek;
-        range_sizek = chunk_sizek;
-
-        if (range_basek + range_sizek > basek &&
-            range_basek + range_sizek <= (basek + sizek)) {
-                /* one hole */
-                second_basek = basek;
-                second_sizek = range_basek + range_sizek - basek;
         }
 
-        /* if last piece, only could one hole near end */
-        if ((second_basek || !basek) &&
-            range_sizek - (state->range_sizek - range0_sizek) - second_sizek <
-            (chunk_sizek >> 1)) {
-                /*
-                 * one hole in middle (second_sizek is 0) or at end
-                 * (second_sizek is 0 )
-                 */
-                hole_sizek = range_sizek - (state->range_sizek - range0_sizek)
-                                 - second_sizek;
-                hole_basek = range_basek + range_sizek - hole_sizek
-                                 - second_sizek;
-        } else {
-                /* fallback for big hole, or several holes */
+        if (range0_sizek < state->range_sizek) {
+                /* need to handle left over */
                 range_sizek = state->range_sizek - range0_sizek;
-                second_basek = 0;
-                second_sizek = 0;
+
+                if (debug_print)
+                        printk(KERN_DEBUG "range: %016lx - %016lx\n",
+                                 range_basek<<10,
+                                 (range_basek + range_sizek)<<10);
+                state->reg = range_to_mtrr(state->reg, range_basek,
+                                 range_sizek, MTRR_TYPE_WRBACK);
         }
 
-        if (debug_print)
-                printk(KERN_DEBUG "range: %016lx - %016lx\n", range_basek<<10,
-                         (range_basek + range_sizek)<<10);
-        state->reg = range_to_mtrr(state->reg, range_basek, range_sizek,
-                                         MTRR_TYPE_WRBACK);
         if (hole_sizek) {
+                hole_basek = range_basek - hole_sizek - second_sizek;
                 if (debug_print)
                         printk(KERN_DEBUG "hole: %016lx - %016lx\n",
-                                 hole_basek<<10, (hole_basek + hole_sizek)<<10);
-                state->reg = range_to_mtrr(state->reg, hole_basek, hole_sizek,
-                                                 MTRR_TYPE_UNCACHABLE);
-
+                                 hole_basek<<10,
+                                 (hole_basek + hole_sizek)<<10);
+                state->reg = range_to_mtrr(state->reg, hole_basek,
+                                 hole_sizek, MTRR_TYPE_UNCACHABLE);
         }
 
         return second_sizek;
@@ -1154,11 +1198,11 @@ struct mtrr_cleanup_result {
 };
 
 /*
- * gran_size: 1M, 2M, ..., 2G
- * chunk size: gran_size, ..., 4G
- * so we need (2+13)*6
+ * gran_size: 64K, 128K, 256K, 512K, 1M, 2M, ..., 2G
+ * chunk size: gran_size, ..., 2G
+ * so we need (1+16)*8
  */
-#define NUM_RESULT      90
+#define NUM_RESULT      136
 #define PSHIFT          (PAGE_SHIFT - 10)
 
 static struct mtrr_cleanup_result __initdata result[NUM_RESULT];
@@ -1168,13 +1212,14 @@ static unsigned long __initdata min_loss_pfn[RANGE_NUM];
 static int __init mtrr_cleanup(unsigned address_bits)
 {
         unsigned long extra_remove_base, extra_remove_size;
-        unsigned long i, base, size, def, dummy;
+        unsigned long base, size, def, dummy;
         mtrr_type type;
         int nr_range, nr_range_new;
         u64 chunk_size, gran_size;
         unsigned long range_sums, range_sums_new;
         int index_good;
         int num_reg_good;
+        int i;
 
         /* extra one for all 0 */
         int num[MTRR_NUM_TYPES + 1];
@@ -1204,6 +1249,8 @@ static int __init mtrr_cleanup(unsigned address_bits)
                         continue;
                 if (!size)
                         type = MTRR_NUM_TYPES;
+                if (type == MTRR_TYPE_WRPROT)
+                        type = MTRR_TYPE_UNCACHABLE;
                 num[type]++;
         }
 
@@ -1216,23 +1263,57 @@ static int __init mtrr_cleanup(unsigned address_bits)
                 num_var_ranges - num[MTRR_NUM_TYPES])
                 return 0;
 
+        /* print original var MTRRs at first, for debugging: */
+        printk(KERN_DEBUG "original variable MTRRs\n");
+        for (i = 0; i < num_var_ranges; i++) {
+                char start_factor = 'K', size_factor = 'K';
+                unsigned long start_base, size_base;
+
+                size_base = range_state[i].size_pfn << (PAGE_SHIFT - 10);
+                if (!size_base)
+                        continue;
+
+                size_base = to_size_factor(size_base, &size_factor),
+                start_base = range_state[i].base_pfn << (PAGE_SHIFT - 10);
+                start_base = to_size_factor(start_base, &start_factor),
+                type = range_state[i].type;
+
+                printk(KERN_DEBUG "reg %d, base: %ld%cB, range: %ld%cB, type %s\n",
+                        i, start_base, start_factor,
+                        size_base, size_factor,
+                        (type == MTRR_TYPE_UNCACHABLE) ? "UC" :
+                            ((type == MTRR_TYPE_WRPROT) ? "WP" :
+                             ((type == MTRR_TYPE_WRBACK) ? "WB" : "Other"))
+                        );
+        }
+
         memset(range, 0, sizeof(range));
         extra_remove_size = 0;
-        if (mtrr_tom2) {
-                extra_remove_base = 1 << (32 - PAGE_SHIFT);
+        extra_remove_base = 1 << (32 - PAGE_SHIFT);
+        if (mtrr_tom2)
                 extra_remove_size =
                         (mtrr_tom2 >> PAGE_SHIFT) - extra_remove_base;
-        }
         nr_range = x86_get_mtrr_mem_range(range, 0, extra_remove_base,
                                           extra_remove_size);
+        /*
+         * [0, 1M) should always be coverred by var mtrr with WB
+         * and fixed mtrrs should take effective before var mtrr for it
+         */
+        nr_range = add_range_with_merge(range, nr_range, 0,
+                                        (1ULL<<(20 - PAGE_SHIFT)) - 1);
+        /* sort the ranges */
+        sort(range, nr_range, sizeof(struct res_range), cmp_range, NULL);
+
         range_sums = sum_ranges(range, nr_range);
         printk(KERN_INFO "total RAM coverred: %ldM\n",
                range_sums >> (20 - PAGE_SHIFT));
 
         if (mtrr_chunk_size && mtrr_gran_size) {
                 int num_reg;
+                char gran_factor, chunk_factor, lose_factor;
+                unsigned long gran_base, chunk_base, lose_base;
 
-                debug_print = 1;
+                debug_print++;
                 /* convert ranges to var ranges state */
                 num_reg = x86_setup_var_mtrrs(range, nr_range, mtrr_chunk_size,
                                               mtrr_gran_size);
@@ -1256,34 +1337,48 @@ static int __init mtrr_cleanup(unsigned address_bits)
                         result[i].lose_cover_sizek =
                                 (range_sums - range_sums_new) << PSHIFT;
 
-                printk(KERN_INFO "%sgran_size: %ldM \tchunk_size: %ldM \t",
-                         result[i].bad?"*BAD*":" ", result[i].gran_sizek >> 10,
-                         result[i].chunk_sizek >> 10);
-                printk(KERN_CONT "num_reg: %d  \tlose cover RAM: %s%ldM \n",
+                gran_base = to_size_factor(result[i].gran_sizek, &gran_factor),
+                chunk_base = to_size_factor(result[i].chunk_sizek, &chunk_factor),
+                lose_base = to_size_factor(result[i].lose_cover_sizek, &lose_factor),
+                printk(KERN_INFO "%sgran_size: %ld%c \tchunk_size: %ld%c \t",
+                         result[i].bad?"*BAD*":" ",
+                         gran_base, gran_factor, chunk_base, chunk_factor);
+                printk(KERN_CONT "num_reg: %d  \tlose cover RAM: %s%ld%c\n",
                          result[i].num_reg, result[i].bad?"-":"",
-                         result[i].lose_cover_sizek >> 10);
+                         lose_base, lose_factor);
                 if (!result[i].bad) {
                         set_var_mtrr_all(address_bits);
                         return 1;
                 }
                 printk(KERN_INFO "invalid mtrr_gran_size or mtrr_chunk_size, "
                        "will find optimal one\n");
-                debug_print = 0;
+                debug_print--;
                 memset(result, 0, sizeof(result[0]));
         }
 
         i = 0;
         memset(min_loss_pfn, 0xff, sizeof(min_loss_pfn));
         memset(result, 0, sizeof(result));
-        for (gran_size = (1ULL<<20); gran_size < (1ULL<<32); gran_size <<= 1) {
-                for (chunk_size = gran_size; chunk_size < (1ULL<<33);
+        for (gran_size = (1ULL<<16); gran_size < (1ULL<<32); gran_size <<= 1) {
+                char gran_factor;
+                unsigned long gran_base;
+
+                if (debug_print)
+                        gran_base = to_size_factor(gran_size >> 10, &gran_factor);
+
+                for (chunk_size = gran_size; chunk_size < (1ULL<<32);
                      chunk_size <<= 1) {
                         int num_reg;
 
-                        if (debug_print)
-                                printk(KERN_INFO
-                               "\ngran_size: %lldM   chunk_size_size: %lldM\n",
-                                       gran_size >> 20, chunk_size >> 20);
+                        if (debug_print) {
+                                char chunk_factor;
+                                unsigned long chunk_base;
+
+                                chunk_base = to_size_factor(chunk_size>>10, &chunk_factor),
+                                printk(KERN_INFO "\n");
+                                printk(KERN_INFO "gran_size: %ld%c   chunk_size: %ld%c \n",
+                                       gran_base, gran_factor, chunk_base, chunk_factor);
+                        }
                         if (i >= NUM_RESULT)
                                 continue;
 
@@ -1326,12 +1421,18 @@ static int __init mtrr_cleanup(unsigned address_bits)
 
         /* print out all */
         for (i = 0; i < NUM_RESULT; i++) {
-                printk(KERN_INFO "%sgran_size: %ldM \tchunk_size: %ldM \t",
-                       result[i].bad?"*BAD* ":" ", result[i].gran_sizek >> 10,
-                       result[i].chunk_sizek >> 10);
-                printk(KERN_CONT "num_reg: %d \tlose RAM: %s%ldM\n",
-                       result[i].num_reg, result[i].bad?"-":"",
-                       result[i].lose_cover_sizek >> 10);
+                char gran_factor, chunk_factor, lose_factor;
+                unsigned long gran_base, chunk_base, lose_base;
+
+                gran_base = to_size_factor(result[i].gran_sizek, &gran_factor),
+                chunk_base = to_size_factor(result[i].chunk_sizek, &chunk_factor),
+                lose_base = to_size_factor(result[i].lose_cover_sizek, &lose_factor),
+                printk(KERN_INFO "%sgran_size: %ld%c \tchunk_size: %ld%c \t",
+                         result[i].bad?"*BAD*":" ",
+                         gran_base, gran_factor, chunk_base, chunk_factor);
+                printk(KERN_CONT "num_reg: %d  \tlose cover RAM: %s%ld%c\n",
+                         result[i].num_reg, result[i].bad?"-":"",
+                         lose_base, lose_factor);
         }
 
         /* try to find the optimal index */
@@ -1339,10 +1440,8 @@ static int __init mtrr_cleanup(unsigned address_bits)
                 nr_mtrr_spare_reg = num_var_ranges - 1;
         num_reg_good = -1;
         for (i = num_var_ranges - nr_mtrr_spare_reg; i > 0; i--) {
-                if (!min_loss_pfn[i]) {
+                if (!min_loss_pfn[i])
                         num_reg_good = i;
-                        break;
-                }
         }
 
         index_good = -1;
@@ -1358,21 +1457,26 @@ static int __init mtrr_cleanup(unsigned address_bits)
         }
 
         if (index_good != -1) {
+                char gran_factor, chunk_factor, lose_factor;
+                unsigned long gran_base, chunk_base, lose_base;
+
                 printk(KERN_INFO "Found optimal setting for mtrr clean up\n");
                 i = index_good;
-                printk(KERN_INFO "gran_size: %ldM \tchunk_size: %ldM \t",
-                                result[i].gran_sizek >> 10,
-                                result[i].chunk_sizek >> 10);
-                printk(KERN_CONT "num_reg: %d \tlose RAM: %ldM\n",
-                                result[i].num_reg,
-                                result[i].lose_cover_sizek >> 10);
+                gran_base = to_size_factor(result[i].gran_sizek, &gran_factor),
+                chunk_base = to_size_factor(result[i].chunk_sizek, &chunk_factor),
+                lose_base = to_size_factor(result[i].lose_cover_sizek, &lose_factor),
+                printk(KERN_INFO "gran_size: %ld%c \tchunk_size: %ld%c \t",
+                         gran_base, gran_factor, chunk_base, chunk_factor);
+                printk(KERN_CONT "num_reg: %d  \tlose RAM: %ld%c\n",
+                         result[i].num_reg, lose_base, lose_factor);
                 /* convert ranges to var ranges state */
                 chunk_size = result[i].chunk_sizek;
                 chunk_size <<= 10;
                 gran_size = result[i].gran_sizek;
                 gran_size <<= 10;
-                debug_print = 1;
+                debug_print++;
                 x86_setup_var_mtrrs(range, nr_range, chunk_size, gran_size);
+                debug_print--;
                 set_var_mtrr_all(address_bits);
                 return 1;
         }
diff --git a/arch/x86/kernel/cpu/perfctr-watchdog.c b/arch/x86/kernel/cpu/perfctr-watchdog.c
index 05cc22dbd4ff..6bff382094f5 100644
--- a/arch/x86/kernel/cpu/perfctr-watchdog.c
+++ b/arch/x86/kernel/cpu/perfctr-watchdog.c
@@ -295,13 +295,19 @@ static int setup_k7_watchdog(unsigned nmi_hz)
         /* setup the timer */
         wrmsr(evntsel_msr, evntsel, 0);
         write_watchdog_counter(perfctr_msr, "K7_PERFCTR0",nmi_hz);
-        apic_write(APIC_LVTPC, APIC_DM_NMI);
-        evntsel |= K7_EVNTSEL_ENABLE;
-        wrmsr(evntsel_msr, evntsel, 0);
 
+        /* initialize the wd struct before enabling */
         wd->perfctr_msr = perfctr_msr;
         wd->evntsel_msr = evntsel_msr;
         wd->cccr_msr = 0;  /* unused */
+
+        /* ok, everything is initialized, announce that we're set */
+        cpu_nmi_set_wd_enabled();
+
+        apic_write(APIC_LVTPC, APIC_DM_NMI);
+        evntsel |= K7_EVNTSEL_ENABLE;
+        wrmsr(evntsel_msr, evntsel, 0);
+
         return 1;
 }
 
@@ -379,13 +385,19 @@ static int setup_p6_watchdog(unsigned nmi_hz)
         wrmsr(evntsel_msr, evntsel, 0);
         nmi_hz = adjust_for_32bit_ctr(nmi_hz);
         write_watchdog_counter32(perfctr_msr, "P6_PERFCTR0",nmi_hz);
-        apic_write(APIC_LVTPC, APIC_DM_NMI);
-        evntsel |= P6_EVNTSEL0_ENABLE;
-        wrmsr(evntsel_msr, evntsel, 0);
 
+        /* initialize the wd struct before enabling */
         wd->perfctr_msr = perfctr_msr;
         wd->evntsel_msr = evntsel_msr;
         wd->cccr_msr = 0;  /* unused */
+
+        /* ok, everything is initialized, announce that we're set */
+        cpu_nmi_set_wd_enabled();
+
+        apic_write(APIC_LVTPC, APIC_DM_NMI);
+        evntsel |= P6_EVNTSEL0_ENABLE;
+        wrmsr(evntsel_msr, evntsel, 0);
+
         return 1;
 }
 
@@ -432,6 +444,27 @@ static const struct wd_ops p6_wd_ops = {
 #define P4_CCCR_ENABLE          (1 << 12)
 #define P4_CCCR_OVF             (1 << 31)
 
+#define P4_CONTROLS 18
+static unsigned int p4_controls[18] = {
+        MSR_P4_BPU_CCCR0,
+        MSR_P4_BPU_CCCR1,
+        MSR_P4_BPU_CCCR2,
+        MSR_P4_BPU_CCCR3,
+        MSR_P4_MS_CCCR0,
+        MSR_P4_MS_CCCR1,
+        MSR_P4_MS_CCCR2,
+        MSR_P4_MS_CCCR3,
+        MSR_P4_FLAME_CCCR0,
+        MSR_P4_FLAME_CCCR1,
+        MSR_P4_FLAME_CCCR2,
+        MSR_P4_FLAME_CCCR3,
+        MSR_P4_IQ_CCCR0,
+        MSR_P4_IQ_CCCR1,
+        MSR_P4_IQ_CCCR2,
+        MSR_P4_IQ_CCCR3,
+        MSR_P4_IQ_CCCR4,
+        MSR_P4_IQ_CCCR5,
+};
 /*
  * Set up IQ_COUNTER0 to behave like a clock, by having IQ_CCCR0 filter
  * CRU_ESCR0 (with any non-null event selector) through a complemented
@@ -473,6 +506,26 @@ static int setup_p4_watchdog(unsigned nmi_hz)
                 evntsel_msr = MSR_P4_CRU_ESCR0;
                 cccr_msr = MSR_P4_IQ_CCCR0;
                 cccr_val = P4_CCCR_OVF_PMI0 | P4_CCCR_ESCR_SELECT(4);
+
+                /*
+                 * If we're on the kdump kernel or other situation, we may
+                 * still have other performance counter registers set to
+                 * interrupt and they'll keep interrupting forever because
+                 * of the P4_CCCR_OVF quirk. So we need to ACK all the
+                 * pending interrupts and disable all the registers here,
+                 * before reenabling the NMI delivery. Refer to p4_rearm()
+                 * about the P4_CCCR_OVF quirk.
+                 */
+                if (reset_devices) {
+                        unsigned int low, high;
+                        int i;
+
+                        for (i = 0; i < P4_CONTROLS; i++) {
+                                rdmsr(p4_controls[i], low, high);
+                                low &= ~(P4_CCCR_ENABLE | P4_CCCR_OVF);
+                                wrmsr(p4_controls[i], low, high);
+                        }
+                }
         } else {
                 /* logical cpu 1 */
                 perfctr_msr = MSR_P4_IQ_PERFCTR1;
@@ -499,12 +552,17 @@ static int setup_p4_watchdog(unsigned nmi_hz)
         wrmsr(evntsel_msr, evntsel, 0);
         wrmsr(cccr_msr, cccr_val, 0);
         write_watchdog_counter(perfctr_msr, "P4_IQ_COUNTER0", nmi_hz);
-        apic_write(APIC_LVTPC, APIC_DM_NMI);
-        cccr_val |= P4_CCCR_ENABLE;
-        wrmsr(cccr_msr, cccr_val, 0);
+
         wd->perfctr_msr = perfctr_msr;
         wd->evntsel_msr = evntsel_msr;
         wd->cccr_msr = cccr_msr;
+
+        /* ok, everything is initialized, announce that we're set */
+        cpu_nmi_set_wd_enabled();
+
+        apic_write(APIC_LVTPC, APIC_DM_NMI);
+        cccr_val |= P4_CCCR_ENABLE;
+        wrmsr(cccr_msr, cccr_val, 0);
         return 1;
 }
 
@@ -620,13 +678,17 @@ static int setup_intel_arch_watchdog(unsigned nmi_hz)
         wrmsr(evntsel_msr, evntsel, 0);
         nmi_hz = adjust_for_32bit_ctr(nmi_hz);
         write_watchdog_counter32(perfctr_msr, "INTEL_ARCH_PERFCTR0", nmi_hz);
-        apic_write(APIC_LVTPC, APIC_DM_NMI);
-        evntsel |= ARCH_PERFMON_EVENTSEL0_ENABLE;
-        wrmsr(evntsel_msr, evntsel, 0);
 
         wd->perfctr_msr = perfctr_msr;
         wd->evntsel_msr = evntsel_msr;
         wd->cccr_msr = 0;  /* unused */
+
+        /* ok, everything is initialized, announce that we're set */
+        cpu_nmi_set_wd_enabled();
+
+        apic_write(APIC_LVTPC, APIC_DM_NMI);
+        evntsel |= ARCH_PERFMON_EVENTSEL0_ENABLE;
+        wrmsr(evntsel_msr, evntsel, 0);
         intel_arch_wd_ops.checkbit = 1ULL << (eax.split.bit_width - 1);
         return 1;
 }
diff --git a/arch/x86/kernel/cpu/powerflags.c b/arch/x86/kernel/cpu/powerflags.c
new file mode 100644
index 000000000000..5abbea297e0c
--- /dev/null
+++ b/arch/x86/kernel/cpu/powerflags.c
@@ -0,0 +1,20 @@
+/*
+ * Strings for the various x86 power flags
+ *
+ * This file must not contain any executable code.
+ */
+
+#include <asm/cpufeature.h>
+
+const char *const x86_power_flags[32] = {
+        "ts",   /* temperature sensor */
+        "fid",  /* frequency id control */
+        "vid",  /* voltage id control */
+        "ttp",  /* thermal trip */
+        "tm",
+        "stc",
+        "100mhzsteps",
+        "hwpstate",
+        "",     /* tsc invariant mapped to constant_tsc */
+                /* nothing */
+};
diff --git a/arch/x86/kernel/cpu/transmeta.c b/arch/x86/kernel/cpu/transmeta.c
index b911a2c61b8f..52b3fefbd5af 100644
--- a/arch/x86/kernel/cpu/transmeta.c
+++ b/arch/x86/kernel/cpu/transmeta.c
@@ -5,6 +5,18 @@
 #include <asm/msr.h>
 #include "cpu.h"
 
+static void __cpuinit early_init_transmeta(struct cpuinfo_x86 *c)
+{
+        u32 xlvl;
+
+        /* Transmeta-defined flags: level 0x80860001 */
+        xlvl = cpuid_eax(0x80860000);
+        if ((xlvl & 0xffff0000) == 0x80860000) {
+                if (xlvl >= 0x80860001)
+                        c->x86_capability[2] = cpuid_edx(0x80860001);
+        }
+}
+
 static void __cpuinit init_transmeta(struct cpuinfo_x86 *c)
 {
         unsigned int cap_mask, uk, max, dummy;
@@ -12,7 +24,8 @@ static void __cpuinit init_transmeta(struct cpuinfo_x86 *c)
         unsigned int cpu_rev, cpu_freq = 0, cpu_flags, new_cpu_rev;
         char cpu_info[65];
 
-        get_model_name(c);      /* Same as AMD/Cyrix */
+        early_init_transmeta(c);
+
         display_cacheinfo(c);
 
         /* Print CMS and CPU revision */
@@ -85,23 +98,12 @@ static void __cpuinit init_transmeta(struct cpuinfo_x86 *c)
 #endif
 }
 
-static void __cpuinit transmeta_identify(struct cpuinfo_x86 *c)
-{
-        u32 xlvl;
-
-        /* Transmeta-defined flags: level 0x80860001 */
-        xlvl = cpuid_eax(0x80860000);
-        if ((xlvl & 0xffff0000) == 0x80860000) {
-                if (xlvl >= 0x80860001)
-                        c->x86_capability[2] = cpuid_edx(0x80860001);
-        }
-}
-
 static struct cpu_dev transmeta_cpu_dev __cpuinitdata = {
         .c_vendor       = "Transmeta",
         .c_ident        = { "GenuineTMx86", "TransmetaCPU" },
+        .c_early_init   = early_init_transmeta,
         .c_init         = init_transmeta,
-        .c_identify     = transmeta_identify,
+        .c_x86_vendor   = X86_VENDOR_TRANSMETA,
 };
 
-cpu_vendor_dev_register(X86_VENDOR_TRANSMETA, &transmeta_cpu_dev);
+cpu_dev_register(transmeta_cpu_dev);
diff --git a/arch/x86/kernel/cpu/umc.c b/arch/x86/kernel/cpu/umc.c
index b1fc90989d75..e777f79e0960 100644
--- a/arch/x86/kernel/cpu/umc.c
+++ b/arch/x86/kernel/cpu/umc.c
@@ -19,7 +19,8 @@ static struct cpu_dev umc_cpu_dev __cpuinitdata = {
                   }
                 },
         },
+        .c_x86_vendor   = X86_VENDOR_UMC,
 };
 
-cpu_vendor_dev_register(X86_VENDOR_UMC, &umc_cpu_dev);
+cpu_dev_register(umc_cpu_dev);
 
diff --git a/arch/x86/kernel/cpuid.c b/arch/x86/kernel/cpuid.c
index 8e9cd6a8ec12..72cefd1e649b 100644
--- a/arch/x86/kernel/cpuid.c
+++ b/arch/x86/kernel/cpuid.c
@@ -36,7 +36,6 @@
 #include <linux/smp_lock.h>
 #include <linux/major.h>
 #include <linux/fs.h>
-#include <linux/smp_lock.h>
 #include <linux/device.h>
 #include <linux/cpu.h>
 #include <linux/notifier.h>
@@ -148,8 +147,8 @@ static __cpuinit int cpuid_device_create(int cpu)
 {
         struct device *dev;
 
-        dev = device_create_drvdata(cpuid_class, NULL, MKDEV(CPUID_MAJOR, cpu),
-                                    NULL, "cpu%d", cpu);
+        dev = device_create(cpuid_class, NULL, MKDEV(CPUID_MAJOR, cpu), NULL,
+                            "cpu%d", cpu);
         return IS_ERR(dev) ? PTR_ERR(dev) : 0;
 }
 
diff --git a/arch/x86/kernel/crash_dump_64.c b/arch/x86/kernel/crash_dump_64.c
index 15e6c6bc4a46..e90a60ef10c2 100644
--- a/arch/x86/kernel/crash_dump_64.c
+++ b/arch/x86/kernel/crash_dump_64.c
@@ -7,9 +7,8 @@
 
 #include <linux/errno.h>
 #include <linux/crash_dump.h>
-
-#include <asm/uaccess.h>
-#include <asm/io.h>
+#include <linux/uaccess.h>
+#include <linux/io.h>
 
 /**
  * copy_oldmem_page - copy one page from "oldmem"
@@ -25,7 +24,7 @@
  * in the current kernel. We stitch up a pte, similar to kmap_atomic.
  */
 ssize_t copy_oldmem_page(unsigned long pfn, char *buf,
-                               size_t csize, unsigned long offset, int userbuf)
+                size_t csize, unsigned long offset, int userbuf)
 {
         void  *vaddr;
 
@@ -33,14 +32,16 @@ ssize_t copy_oldmem_page(unsigned long pfn, char *buf,
                 return 0;
 
         vaddr = ioremap(pfn << PAGE_SHIFT, PAGE_SIZE);
+        if (!vaddr)
+                return -ENOMEM;
 
         if (userbuf) {
-                if (copy_to_user(buf, (vaddr + offset), csize)) {
+                if (copy_to_user(buf, vaddr + offset, csize)) {
                         iounmap(vaddr);
                         return -EFAULT;
                 }
         } else
-        memcpy(buf, (vaddr + offset), csize);
+                memcpy(buf, vaddr + offset, csize);
 
         iounmap(vaddr);
         return csize;
diff --git a/arch/x86/kernel/doublefault_32.c b/arch/x86/kernel/doublefault_32.c
index a47798b59f07..b4f14c6c09d9 100644
--- a/arch/x86/kernel/doublefault_32.c
+++ b/arch/x86/kernel/doublefault_32.c
@@ -66,6 +66,6 @@ struct tss_struct doublefault_tss __cacheline_aligned = {
                 .ds             = __USER_DS,
                 .fs             = __KERNEL_PERCPU,
 
-                .__cr3          = __pa(swapper_pg_dir)
+                .__cr3          = __pa_nodebug(swapper_pg_dir),
         }
 };
diff --git a/arch/x86/kernel/ds.c b/arch/x86/kernel/ds.c
index 11c11b8ec48d..2b69994fd3a8 100644
--- a/arch/x86/kernel/ds.c
+++ b/arch/x86/kernel/ds.c
@@ -2,26 +2,49 @@
  * Debug Store support
  *
  * This provides a low-level interface to the hardware's Debug Store
- * feature that is used for last branch recording (LBR) and
+ * feature that is used for branch trace store (BTS) and
  * precise-event based sampling (PEBS).
  *
- * Different architectures use a different DS layout/pointer size.
- * The below functions therefore work on a void*.
+ * It manages:
+ * - per-thread and per-cpu allocation of BTS and PEBS
+ * - buffer memory allocation (optional)
+ * - buffer overflow handling
+ * - buffer access
  *
+ * It assumes:
+ * - get_task_struct on all parameter tasks
+ * - current is allowed to trace parameter tasks
  *
- * Since there is no user for PEBS, yet, only LBR (or branch
- * trace store, BTS) is supported.
  *
- *
- * Copyright (C) 2007 Intel Corporation.
- * Markus Metzger <markus.t.metzger@intel.com>, Dec 2007
+ * Copyright (C) 2007-2008 Intel Corporation.
+ * Markus Metzger <markus.t.metzger@intel.com>, 2007-2008
  */
 
+
+#ifdef CONFIG_X86_DS
+
 #include <asm/ds.h>
 
 #include <linux/errno.h>
 #include <linux/string.h>
 #include <linux/slab.h>
+#include <linux/sched.h>
+#include <linux/mm.h>
+
+
+/*
+ * The configuration for a particular DS hardware implementation.
+ */
+struct ds_configuration {
+        /* the size of the DS structure in bytes */
+        unsigned char  sizeof_ds;
+        /* the size of one pointer-typed field in the DS structure in bytes;
+           this covers the first 8 fields related to buffer management. */
+        unsigned char  sizeof_field;
+        /* the size of a BTS/PEBS record in bytes */
+        unsigned char  sizeof_rec[2];
+};
+static struct ds_configuration ds_cfg;
 
 
 /*
@@ -44,378 +67,747 @@
  *   (interrupt occurs when write pointer passes interrupt pointer)
  * - value to which counter is reset following counter overflow
  *
- * On later architectures, the last branch recording hardware uses
- * 64bit pointers even in 32bit mode.
- *
- *
- * Branch Trace Store (BTS) records store information about control
- * flow changes. They at least provide the following information:
- * - source linear address
- * - destination linear address
+ * Later architectures use 64bit pointers throughout, whereas earlier
+ * architectures use 32bit pointers in 32bit mode.
  *
- * Netburst supported a predicated bit that had been dropped in later
- * architectures. We do not suppor it.
  *
+ * We compute the base address for the first 8 fields based on:
+ * - the field size stored in the DS configuration
+ * - the relative field position
+ * - an offset giving the start of the respective region
  *
- * In order to abstract from the actual DS and BTS layout, we describe
- * the access to the relevant fields.
- * Thanks to Andi Kleen for proposing this design.
+ * This offset is further used to index various arrays holding
+ * information for BTS and PEBS at the respective index.
  *
- * The implementation, however, is not as general as it might seem. In
- * order to stay somewhat simple and efficient, we assume an
- * underlying unsigned type (mostly a pointer type) and we expect the
- * field to be at least as big as that type.
+ * On later 32bit processors, we only access the lower 32bit of the
+ * 64bit pointer fields. The upper halves will be zeroed out.
  */
 
-/*
- * A special from_ip address to indicate that the BTS record is an
- * info record that needs to be interpreted or skipped.
- */
-#define BTS_ESCAPE_ADDRESS (-1)
+enum ds_field {
+        ds_buffer_base = 0,
+        ds_index,
+        ds_absolute_maximum,
+        ds_interrupt_threshold,
+};
 
-/*
- * A field access descriptor
- */
-struct access_desc {
-        unsigned char offset;
-        unsigned char size;
+enum ds_qualifier {
+        ds_bts  = 0,
+        ds_pebs
 };
 
+static inline unsigned long ds_get(const unsigned char *base,
+                                   enum ds_qualifier qual, enum ds_field field)
+{
+        base += (ds_cfg.sizeof_field * (field + (4 * qual)));
+        return *(unsigned long *)base;
+}
+
+static inline void ds_set(unsigned char *base, enum ds_qualifier qual,
+                          enum ds_field field, unsigned long value)
+{
+        base += (ds_cfg.sizeof_field * (field + (4 * qual)));
+        (*(unsigned long *)base) = value;
+}
+
+
 /*
- * The configuration for a particular DS/BTS hardware implementation.
+ * Locking is done only for allocating BTS or PEBS resources and for
+ * guarding context and buffer memory allocation.
+ *
+ * Most functions require the current task to own the ds context part
+ * they are going to access. All the locking is done when validating
+ * access to the context.
  */
-struct ds_configuration {
-        /* the DS configuration */
-        unsigned char  sizeof_ds;
-        struct access_desc bts_buffer_base;
-        struct access_desc bts_index;
-        struct access_desc bts_absolute_maximum;
-        struct access_desc bts_interrupt_threshold;
-        /* the BTS configuration */
-        unsigned char  sizeof_bts;
-        struct access_desc from_ip;
-        struct access_desc to_ip;
-        /* BTS variants used to store additional information like
-           timestamps */
-        struct access_desc info_type;
-        struct access_desc info_data;
-        unsigned long debugctl_mask;
-};
+static spinlock_t ds_lock = __SPIN_LOCK_UNLOCKED(ds_lock);
 
 /*
- * The global configuration used by the below accessor functions
+ * Validate that the current task is allowed to access the BTS/PEBS
+ * buffer of the parameter task.
+ *
+ * Returns 0, if access is granted; -Eerrno, otherwise.
  */
-static struct ds_configuration ds_cfg;
+static inline int ds_validate_access(struct ds_context *context,
+                                     enum ds_qualifier qual)
+{
+        if (!context)
+                return -EPERM;
+
+        if (context->owner[qual] == current)
+                return 0;
+
+        return -EPERM;
+}
+
 
 /*
- * Accessor functions for some DS and BTS fields using the above
- * global ptrace_bts_cfg.
+ * We either support (system-wide) per-cpu or per-thread allocation.
+ * We distinguish the two based on the task_struct pointer, where a
+ * NULL pointer indicates per-cpu allocation for the current cpu.
+ *
+ * Allocations are use-counted. As soon as resources are allocated,
+ * further allocations must be of the same type (per-cpu or
+ * per-thread). We model this by counting allocations (i.e. the number
+ * of tracers of a certain type) for one type negatively:
+ *   =0  no tracers
+ *   >0  number of per-thread tracers
+ *   <0  number of per-cpu tracers
+ *
+ * The below functions to get and put tracers and to check the
+ * allocation type require the ds_lock to be held by the caller.
+ *
+ * Tracers essentially gives the number of ds contexts for a certain
+ * type of allocation.
  */
-static inline unsigned long get_bts_buffer_base(char *base)
+static long tracers;
+
+static inline void get_tracer(struct task_struct *task)
 {
-        return *(unsigned long *)(base + ds_cfg.bts_buffer_base.offset);
+        tracers += (task ? 1 : -1);
 }
-static inline void set_bts_buffer_base(char *base, unsigned long value)
+
+static inline void put_tracer(struct task_struct *task)
 {
-        (*(unsigned long *)(base + ds_cfg.bts_buffer_base.offset)) = value;
+        tracers -= (task ? 1 : -1);
 }
-static inline unsigned long get_bts_index(char *base)
+
+static inline int check_tracer(struct task_struct *task)
 {
-        return *(unsigned long *)(base + ds_cfg.bts_index.offset);
+        return (task ? (tracers >= 0) : (tracers <= 0));
 }
-static inline void set_bts_index(char *base, unsigned long value)
+
+
+/*
+ * The DS context is either attached to a thread or to a cpu:
+ * - in the former case, the thread_struct contains a pointer to the
+ *   attached context.
+ * - in the latter case, we use a static array of per-cpu context
+ *   pointers.
+ *
+ * Contexts are use-counted. They are allocated on first access and
+ * deallocated when the last user puts the context.
+ *
+ * We distinguish between an allocating and a non-allocating get of a
+ * context:
+ * - the allocating get is used for requesting BTS/PEBS resources. It
+ *   requires the caller to hold the global ds_lock.
+ * - the non-allocating get is used for all other cases. A
+ *   non-existing context indicates an error. It acquires and releases
+ *   the ds_lock itself for obtaining the context.
+ *
+ * A context and its DS configuration are allocated and deallocated
+ * together. A context always has a DS configuration of the
+ * appropriate size.
+ */
+static DEFINE_PER_CPU(struct ds_context *, system_context);
+
+#define this_system_context per_cpu(system_context, smp_processor_id())
+
+/*
+ * Returns the pointer to the parameter task's context or to the
+ * system-wide context, if task is NULL.
+ *
+ * Increases the use count of the returned context, if not NULL.
+ */
+static inline struct ds_context *ds_get_context(struct task_struct *task)
 {
-        (*(unsigned long *)(base + ds_cfg.bts_index.offset)) = value;
+        struct ds_context *context;
+
+        spin_lock(&ds_lock);
+
+        context = (task ? task->thread.ds_ctx : this_system_context);
+        if (context)
+                context->count++;
+
+        spin_unlock(&ds_lock);
+
+        return context;
 }
-static inline unsigned long get_bts_absolute_maximum(char *base)
+
+/*
+ * Same as ds_get_context, but allocates the context and it's DS
+ * structure, if necessary; returns NULL; if out of memory.
+ *
+ * pre: requires ds_lock to be held
+ */
+static inline struct ds_context *ds_alloc_context(struct task_struct *task)
 {
-        return *(unsigned long *)(base + ds_cfg.bts_absolute_maximum.offset);
+        struct ds_context **p_context =
+                (task ? &task->thread.ds_ctx : &this_system_context);
+        struct ds_context *context = *p_context;
+
+        if (!context) {
+                context = kzalloc(sizeof(*context), GFP_KERNEL);
+
+                if (!context)
+                        return NULL;
+
+                context->ds = kzalloc(ds_cfg.sizeof_ds, GFP_KERNEL);
+                if (!context->ds) {
+                        kfree(context);
+                        return NULL;
+                }
+
+                *p_context = context;
+
+                context->this = p_context;
+                context->task = task;
+
+                if (task)
+                        set_tsk_thread_flag(task, TIF_DS_AREA_MSR);
+
+                if (!task || (task == current))
+                        wrmsr(MSR_IA32_DS_AREA, (unsigned long)context->ds, 0);
+
+                get_tracer(task);
+        }
+
+        context->count++;
+
+        return context;
 }
-static inline void set_bts_absolute_maximum(char *base, unsigned long value)
+
+/*
+ * Decreases the use count of the parameter context, if not NULL.
+ * Deallocates the context, if the use count reaches zero.
+ */
+static inline void ds_put_context(struct ds_context *context)
 {
-        (*(unsigned long *)(base + ds_cfg.bts_absolute_maximum.offset)) = value;
+        if (!context)
+                return;
+
+        spin_lock(&ds_lock);
+
+        if (--context->count)
+                goto out;
+
+        *(context->this) = NULL;
+
+        if (context->task)
+                clear_tsk_thread_flag(context->task, TIF_DS_AREA_MSR);
+
+        if (!context->task || (context->task == current))
+                wrmsrl(MSR_IA32_DS_AREA, 0);
+
+        put_tracer(context->task);
+
+        /* free any leftover buffers from tracers that did not
+         * deallocate them properly. */
+        kfree(context->buffer[ds_bts]);
+        kfree(context->buffer[ds_pebs]);
+        kfree(context->ds);
+        kfree(context);
+ out:
+        spin_unlock(&ds_lock);
 }
-static inline unsigned long get_bts_interrupt_threshold(char *base)
+
+
+/*
+ * Handle a buffer overflow
+ *
+ * task: the task whose buffers are overflowing;
+ *       NULL for a buffer overflow on the current cpu
+ * context: the ds context
+ * qual: the buffer type
+ */
+static void ds_overflow(struct task_struct *task, struct ds_context *context,
+                        enum ds_qualifier qual)
 {
-        return *(unsigned long *)(base + ds_cfg.bts_interrupt_threshold.offset);
+        if (!context)
+                return;
+
+        if (context->callback[qual])
+                (*context->callback[qual])(task);
+
+        /* todo: do some more overflow handling */
 }
-static inline void set_bts_interrupt_threshold(char *base, unsigned long value)
+
+
+/*
+ * Allocate a non-pageable buffer of the parameter size.
+ * Checks the memory and the locked memory rlimit.
+ *
+ * Returns the buffer, if successful;
+ *         NULL, if out of memory or rlimit exceeded.
+ *
+ * size: the requested buffer size in bytes
+ * pages (out): if not NULL, contains the number of pages reserved
+ */
+static inline void *ds_allocate_buffer(size_t size, unsigned int *pages)
 {
-        (*(unsigned long *)(base + ds_cfg.bts_interrupt_threshold.offset)) = value;
+        unsigned long rlim, vm, pgsz;
+        void *buffer;
+
+        pgsz = PAGE_ALIGN(size) >> PAGE_SHIFT;
+
+        rlim = current->signal->rlim[RLIMIT_AS].rlim_cur >> PAGE_SHIFT;
+        vm   = current->mm->total_vm  + pgsz;
+        if (rlim < vm)
+                return NULL;
+
+        rlim = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur >> PAGE_SHIFT;
+        vm   = current->mm->locked_vm  + pgsz;
+        if (rlim < vm)
+                return NULL;
+
+        buffer = kzalloc(size, GFP_KERNEL);
+        if (!buffer)
+                return NULL;
+
+        current->mm->total_vm  += pgsz;
+        current->mm->locked_vm += pgsz;
+
+        if (pages)
+                *pages = pgsz;
+
+        return buffer;
 }
-static inline unsigned long get_from_ip(char *base)
+
+static int ds_request(struct task_struct *task, void *base, size_t size,
+                      ds_ovfl_callback_t ovfl, enum ds_qualifier qual)
 {
-        return *(unsigned long *)(base + ds_cfg.from_ip.offset);
+        struct ds_context *context;
+        unsigned long buffer, adj;
+        const unsigned long alignment = (1 << 3);
+        int error = 0;
+
+        if (!ds_cfg.sizeof_ds)
+                return -EOPNOTSUPP;
+
+        /* we require some space to do alignment adjustments below */
+        if (size < (alignment + ds_cfg.sizeof_rec[qual]))
+                return -EINVAL;
+
+        /* buffer overflow notification is not yet implemented */
+        if (ovfl)
+                return -EOPNOTSUPP;
+
+
+        spin_lock(&ds_lock);
+
+        if (!check_tracer(task))
+                return -EPERM;
+
+        error = -ENOMEM;
+        context = ds_alloc_context(task);
+        if (!context)
+                goto out_unlock;
+
+        error = -EALREADY;
+        if (context->owner[qual] == current)
+                goto out_unlock;
+        error = -EPERM;
+        if (context->owner[qual] != NULL)
+                goto out_unlock;
+        context->owner[qual] = current;
+
+        spin_unlock(&ds_lock);
+
+
+        error = -ENOMEM;
+        if (!base) {
+                base = ds_allocate_buffer(size, &context->pages[qual]);
+                if (!base)
+                        goto out_release;
+
+                context->buffer[qual]   = base;
+        }
+        error = 0;
+
+        context->callback[qual] = ovfl;
+
+        /* adjust the buffer address and size to meet alignment
+         * constraints:
+         * - buffer is double-word aligned
+         * - size is multiple of record size
+         *
+         * We checked the size at the very beginning; we have enough
+         * space to do the adjustment.
+         */
+        buffer = (unsigned long)base;
+
+        adj = ALIGN(buffer, alignment) - buffer;
+        buffer += adj;
+        size   -= adj;
+
+        size /= ds_cfg.sizeof_rec[qual];
+        size *= ds_cfg.sizeof_rec[qual];
+
+        ds_set(context->ds, qual, ds_buffer_base, buffer);
+        ds_set(context->ds, qual, ds_index, buffer);
+        ds_set(context->ds, qual, ds_absolute_maximum, buffer + size);
+
+        if (ovfl) {
+                /* todo: select a suitable interrupt threshold */
+        } else
+                ds_set(context->ds, qual,
+                       ds_interrupt_threshold, buffer + size + 1);
+
+        /* we keep the context until ds_release */
+        return error;
+
+ out_release:
+        context->owner[qual] = NULL;
+        ds_put_context(context);
+        return error;
+
+ out_unlock:
+        spin_unlock(&ds_lock);
+        ds_put_context(context);
+        return error;
 }
-static inline void set_from_ip(char *base, unsigned long value)
+
+int ds_request_bts(struct task_struct *task, void *base, size_t size,
+                   ds_ovfl_callback_t ovfl)
 {
-        (*(unsigned long *)(base + ds_cfg.from_ip.offset)) = value;
+        return ds_request(task, base, size, ovfl, ds_bts);
 }
-static inline unsigned long get_to_ip(char *base)
+
+int ds_request_pebs(struct task_struct *task, void *base, size_t size,
+                    ds_ovfl_callback_t ovfl)
 {
-        return *(unsigned long *)(base + ds_cfg.to_ip.offset);
+        return ds_request(task, base, size, ovfl, ds_pebs);
 }
-static inline void set_to_ip(char *base, unsigned long value)
+
+static int ds_release(struct task_struct *task, enum ds_qualifier qual)
 {
-        (*(unsigned long *)(base + ds_cfg.to_ip.offset)) = value;
+        struct ds_context *context;
+        int error;
+
+        context = ds_get_context(task);
+        error = ds_validate_access(context, qual);
+        if (error < 0)
+                goto out;
+
+        kfree(context->buffer[qual]);
+        context->buffer[qual] = NULL;
+
+        current->mm->total_vm  -= context->pages[qual];
+        current->mm->locked_vm -= context->pages[qual];
+        context->pages[qual] = 0;
+        context->owner[qual] = NULL;
+
+        /*
+         * we put the context twice:
+         *   once for the ds_get_context
+         *   once for the corresponding ds_request
+         */
+        ds_put_context(context);
+ out:
+        ds_put_context(context);
+        return error;
 }
-static inline unsigned char get_info_type(char *base)
+
+int ds_release_bts(struct task_struct *task)
 {
-        return *(unsigned char *)(base + ds_cfg.info_type.offset);
+        return ds_release(task, ds_bts);
 }
-static inline void set_info_type(char *base, unsigned char value)
+
+int ds_release_pebs(struct task_struct *task)
 {
-        (*(unsigned char *)(base + ds_cfg.info_type.offset)) = value;
+        return ds_release(task, ds_pebs);
 }
-static inline unsigned long get_info_data(char *base)
+
+static int ds_get_index(struct task_struct *task, size_t *pos,
+                        enum ds_qualifier qual)
 {
-        return *(unsigned long *)(base + ds_cfg.info_data.offset);
+        struct ds_context *context;
+        unsigned long base, index;
+        int error;
+
+        context = ds_get_context(task);
+        error = ds_validate_access(context, qual);
+        if (error < 0)
+                goto out;
+
+        base  = ds_get(context->ds, qual, ds_buffer_base);
+        index = ds_get(context->ds, qual, ds_index);
+
+        error = ((index - base) / ds_cfg.sizeof_rec[qual]);
+        if (pos)
+                *pos = error;
+ out:
+        ds_put_context(context);
+        return error;
 }
-static inline void set_info_data(char *base, unsigned long value)
+
+int ds_get_bts_index(struct task_struct *task, size_t *pos)
 {
-        (*(unsigned long *)(base + ds_cfg.info_data.offset)) = value;
+        return ds_get_index(task, pos, ds_bts);
 }
 
+int ds_get_pebs_index(struct task_struct *task, size_t *pos)
+{
+        return ds_get_index(task, pos, ds_pebs);
+}
 
-int ds_allocate(void **dsp, size_t bts_size_in_bytes)
+static int ds_get_end(struct task_struct *task, size_t *pos,
+                      enum ds_qualifier qual)
 {
-        size_t bts_size_in_records;
-        unsigned long bts;
-        void *ds;
+        struct ds_context *context;
+        unsigned long base, end;
+        int error;
+
+        context = ds_get_context(task);
+        error = ds_validate_access(context, qual);
+        if (error < 0)
+                goto out;
+
+        base = ds_get(context->ds, qual, ds_buffer_base);
+        end  = ds_get(context->ds, qual, ds_absolute_maximum);
+
+        error = ((end - base) / ds_cfg.sizeof_rec[qual]);
+        if (pos)
+                *pos = error;
+ out:
+        ds_put_context(context);
+        return error;
+}
 
-        if (!ds_cfg.sizeof_ds || !ds_cfg.sizeof_bts)
-                return -EOPNOTSUPP;
+int ds_get_bts_end(struct task_struct *task, size_t *pos)
+{
+        return ds_get_end(task, pos, ds_bts);
+}
 
-        if (bts_size_in_bytes < 0)
-                return -EINVAL;
+int ds_get_pebs_end(struct task_struct *task, size_t *pos)
+{
+        return ds_get_end(task, pos, ds_pebs);
+}
 
-        bts_size_in_records =
-                bts_size_in_bytes / ds_cfg.sizeof_bts;
-        bts_size_in_bytes =
-                bts_size_in_records * ds_cfg.sizeof_bts;
+static int ds_access(struct task_struct *task, size_t index,
+                     const void **record, enum ds_qualifier qual)
+{
+        struct ds_context *context;
+        unsigned long base, idx;
+        int error;
 
-        if (bts_size_in_bytes <= 0)
+        if (!record)
                 return -EINVAL;
 
-        bts = (unsigned long)kzalloc(bts_size_in_bytes, GFP_KERNEL);
-
-        if (!bts)
-                return -ENOMEM;
+        context = ds_get_context(task);
+        error = ds_validate_access(context, qual);
+        if (error < 0)
+                goto out;
 
-        ds = kzalloc(ds_cfg.sizeof_ds, GFP_KERNEL);
+        base = ds_get(context->ds, qual, ds_buffer_base);
+        idx = base + (index * ds_cfg.sizeof_rec[qual]);
 
-        if (!ds) {
-                kfree((void *)bts);
-                return -ENOMEM;
-        }
-
-        set_bts_buffer_base(ds, bts);
-        set_bts_index(ds, bts);
-        set_bts_absolute_maximum(ds, bts + bts_size_in_bytes);
-        set_bts_interrupt_threshold(ds, bts + bts_size_in_bytes + 1);
+        error = -EINVAL;
+        if (idx > ds_get(context->ds, qual, ds_absolute_maximum))
+                goto out;
 
-        *dsp = ds;
-        return 0;
+        *record = (const void *)idx;
+        error = ds_cfg.sizeof_rec[qual];
+ out:
+        ds_put_context(context);
+        return error;
 }
 
-int ds_free(void **dsp)
+int ds_access_bts(struct task_struct *task, size_t index, const void **record)
 {
-        if (*dsp) {
-                kfree((void *)get_bts_buffer_base(*dsp));
-                kfree(*dsp);
-                *dsp = NULL;
-        }
-        return 0;
+        return ds_access(task, index, record, ds_bts);
 }
 
-int ds_get_bts_size(void *ds)
+int ds_access_pebs(struct task_struct *task, size_t index, const void **record)
 {
-        int size_in_bytes;
-
-        if (!ds_cfg.sizeof_ds || !ds_cfg.sizeof_bts)
-                return -EOPNOTSUPP;
-
-        if (!ds)
-                return 0;
-
-        size_in_bytes =
-                get_bts_absolute_maximum(ds) -
-                get_bts_buffer_base(ds);
-        return size_in_bytes;
+        return ds_access(task, index, record, ds_pebs);
 }
 
-int ds_get_bts_end(void *ds)
+static int ds_write(struct task_struct *task, const void *record, size_t size,
+                    enum ds_qualifier qual, int force)
 {
-        int size_in_bytes = ds_get_bts_size(ds);
-
-        if (size_in_bytes <= 0)
-                return size_in_bytes;
+        struct ds_context *context;
+        int error;
 
-        return size_in_bytes / ds_cfg.sizeof_bts;
-}
+        if (!record)
+                return -EINVAL;
 
-int ds_get_bts_index(void *ds)
-{
-        int index_offset_in_bytes;
+        error = -EPERM;
+        context = ds_get_context(task);
+        if (!context)
+                goto out;
 
-        if (!ds_cfg.sizeof_ds || !ds_cfg.sizeof_bts)
-                return -EOPNOTSUPP;
+        if (!force) {
+                error = ds_validate_access(context, qual);
+                if (error < 0)
+                        goto out;
+        }
 
-        index_offset_in_bytes =
-                get_bts_index(ds) -
-                get_bts_buffer_base(ds);
+        error = 0;
+        while (size) {
+                unsigned long base, index, end, write_end, int_th;
+                unsigned long write_size, adj_write_size;
+
+                /*
+                 * write as much as possible without producing an
+                 * overflow interrupt.
+                 *
+                 * interrupt_threshold must either be
+                 * - bigger than absolute_maximum or
+                 * - point to a record between buffer_base and absolute_maximum
+                 *
+                 * index points to a valid record.
+                 */
+                base   = ds_get(context->ds, qual, ds_buffer_base);
+                index  = ds_get(context->ds, qual, ds_index);
+                end    = ds_get(context->ds, qual, ds_absolute_maximum);
+                int_th = ds_get(context->ds, qual, ds_interrupt_threshold);
+
+                write_end = min(end, int_th);
+
+                /* if we are already beyond the interrupt threshold,
+                 * we fill the entire buffer */
+                if (write_end <= index)
+                        write_end = end;
+
+                if (write_end <= index)
+                        goto out;
+
+                write_size = min((unsigned long) size, write_end - index);
+                memcpy((void *)index, record, write_size);
+
+                record = (const char *)record + write_size;
+                size  -= write_size;
+                error += write_size;
+
+                adj_write_size = write_size / ds_cfg.sizeof_rec[qual];
+                adj_write_size *= ds_cfg.sizeof_rec[qual];
+
+                /* zero out trailing bytes */
+                memset((char *)index + write_size, 0,
+                       adj_write_size - write_size);
+                index += adj_write_size;
+
+                if (index >= end)
+                        index = base;
+                ds_set(context->ds, qual, ds_index, index);
+
+                if (index >= int_th)
+                        ds_overflow(task, context, qual);
+        }
 
-        return index_offset_in_bytes / ds_cfg.sizeof_bts;
+ out:
+        ds_put_context(context);
+        return error;
 }
 
-int ds_set_overflow(void *ds, int method)
+int ds_write_bts(struct task_struct *task, const void *record, size_t size)
 {
-        switch (method) {
-        case DS_O_SIGNAL:
-                return -EOPNOTSUPP;
-        case DS_O_WRAP:
-                return 0;
-        default:
-                return -EINVAL;
-        }
+        return ds_write(task, record, size, ds_bts, /* force = */ 0);
 }
 
-int ds_get_overflow(void *ds)
+int ds_write_pebs(struct task_struct *task, const void *record, size_t size)
 {
-        return DS_O_WRAP;
+        return ds_write(task, record, size, ds_pebs, /* force = */ 0);
 }
 
-int ds_clear(void *ds)
+int ds_unchecked_write_bts(struct task_struct *task,
+                           const void *record, size_t size)
 {
-        int bts_size = ds_get_bts_size(ds);
-        unsigned long bts_base;
-
-        if (bts_size <= 0)
-                return bts_size;
-
-        bts_base = get_bts_buffer_base(ds);
-        memset((void *)bts_base, 0, bts_size);
-
-        set_bts_index(ds, bts_base);
-        return 0;
+        return ds_write(task, record, size, ds_bts, /* force = */ 1);
 }
 
-int ds_read_bts(void *ds, int index, struct bts_struct *out)
+int ds_unchecked_write_pebs(struct task_struct *task,
+                            const void *record, size_t size)
 {
-        void *bts;
+        return ds_write(task, record, size, ds_pebs, /* force = */ 1);
+}
 
-        if (!ds_cfg.sizeof_ds || !ds_cfg.sizeof_bts)
-                return -EOPNOTSUPP;
+static int ds_reset_or_clear(struct task_struct *task,
+                             enum ds_qualifier qual, int clear)
+{
+        struct ds_context *context;
+        unsigned long base, end;
+        int error;
 
-        if (index < 0)
-                return -EINVAL;
+        context = ds_get_context(task);
+        error = ds_validate_access(context, qual);
+        if (error < 0)
+                goto out;
 
-        if (index >= ds_get_bts_size(ds))
-                return -EINVAL;
+        base = ds_get(context->ds, qual, ds_buffer_base);
+        end  = ds_get(context->ds, qual, ds_absolute_maximum);
 
-        bts = (void *)(get_bts_buffer_base(ds) + (index * ds_cfg.sizeof_bts));
+        if (clear)
+                memset((void *)base, 0, end - base);
 
-        memset(out, 0, sizeof(*out));
-        if (get_from_ip(bts) == BTS_ESCAPE_ADDRESS) {
-                out->qualifier       = get_info_type(bts);
-                out->variant.jiffies = get_info_data(bts);
-        } else {
-                out->qualifier = BTS_BRANCH;
-                out->variant.lbr.from_ip = get_from_ip(bts);
-                out->variant.lbr.to_ip   = get_to_ip(bts);
-        }
+        ds_set(context->ds, qual, ds_index, base);
 
-        return sizeof(*out);;
+        error = 0;
+ out:
+        ds_put_context(context);
+        return error;
 }
 
-int ds_write_bts(void *ds, const struct bts_struct *in)
+int ds_reset_bts(struct task_struct *task)
 {
-        unsigned long bts;
-
-        if (!ds_cfg.sizeof_ds || !ds_cfg.sizeof_bts)
-                return -EOPNOTSUPP;
-
-        if (ds_get_bts_size(ds) <= 0)
-                return -ENXIO;
+        return ds_reset_or_clear(task, ds_bts, /* clear = */ 0);
+}
 
-        bts = get_bts_index(ds);
+int ds_reset_pebs(struct task_struct *task)
+{
+        return ds_reset_or_clear(task, ds_pebs, /* clear = */ 0);
+}
 
-        memset((void *)bts, 0, ds_cfg.sizeof_bts);
-        switch (in->qualifier) {
-        case BTS_INVALID:
-                break;
+int ds_clear_bts(struct task_struct *task)
+{
+        return ds_reset_or_clear(task, ds_bts, /* clear = */ 1);
+}
 
-        case BTS_BRANCH:
-                set_from_ip((void *)bts, in->variant.lbr.from_ip);
-                set_to_ip((void *)bts, in->variant.lbr.to_ip);
-                break;
+int ds_clear_pebs(struct task_struct *task)
+{
+        return ds_reset_or_clear(task, ds_pebs, /* clear = */ 1);
+}
 
-        case BTS_TASK_ARRIVES:
-        case BTS_TASK_DEPARTS:
-                set_from_ip((void *)bts, BTS_ESCAPE_ADDRESS);
-                set_info_type((void *)bts, in->qualifier);
-                set_info_data((void *)bts, in->variant.jiffies);
-                break;
+int ds_get_pebs_reset(struct task_struct *task, u64 *value)
+{
+        struct ds_context *context;
+        int error;
 
-        default:
+        if (!value)
                 return -EINVAL;
-        }
 
-        bts = bts + ds_cfg.sizeof_bts;
-        if (bts >= get_bts_absolute_maximum(ds))
-                bts = get_bts_buffer_base(ds);
-        set_bts_index(ds, bts);
+        context = ds_get_context(task);
+        error = ds_validate_access(context, ds_pebs);
+        if (error < 0)
+                goto out;
 
-        return ds_cfg.sizeof_bts;
+        *value = *(u64 *)(context->ds + (ds_cfg.sizeof_field * 8));
+
+        error = 0;
+ out:
+        ds_put_context(context);
+        return error;
 }
 
-unsigned long ds_debugctl_mask(void)
+int ds_set_pebs_reset(struct task_struct *task, u64 value)
 {
-        return ds_cfg.debugctl_mask;
-}
+        struct ds_context *context;
+        int error;
 
-#ifdef __i386__
-static const struct ds_configuration ds_cfg_netburst = {
-        .sizeof_ds = 9 * 4,
-        .bts_buffer_base = { 0, 4 },
-        .bts_index = { 4, 4 },
-        .bts_absolute_maximum = { 8, 4 },
-        .bts_interrupt_threshold = { 12, 4 },
-        .sizeof_bts = 3 * 4,
-        .from_ip = { 0, 4 },
-        .to_ip = { 4, 4 },
-        .info_type = { 4, 1 },
-        .info_data = { 8, 4 },
-        .debugctl_mask = (1<<2)|(1<<3)
-};
+        context = ds_get_context(task);
+        error = ds_validate_access(context, ds_pebs);
+        if (error < 0)
+                goto out;
 
-static const struct ds_configuration ds_cfg_pentium_m = {
-        .sizeof_ds = 9 * 4,
-        .bts_buffer_base = { 0, 4 },
-        .bts_index = { 4, 4 },
-        .bts_absolute_maximum = { 8, 4 },
-        .bts_interrupt_threshold = { 12, 4 },
-        .sizeof_bts = 3 * 4,
-        .from_ip = { 0, 4 },
-        .to_ip = { 4, 4 },
-        .info_type = { 4, 1 },
-        .info_data = { 8, 4 },
-        .debugctl_mask = (1<<6)|(1<<7)
+        *(u64 *)(context->ds + (ds_cfg.sizeof_field * 8)) = value;
+
+        error = 0;
+ out:
+        ds_put_context(context);
+        return error;
+}
+
+static const struct ds_configuration ds_cfg_var = {
+        .sizeof_ds    = sizeof(long) * 12,
+        .sizeof_field = sizeof(long),
+        .sizeof_rec[ds_bts]   = sizeof(long) * 3,
+        .sizeof_rec[ds_pebs]  = sizeof(long) * 10
 };
-#endif /* _i386_ */
-
-static const struct ds_configuration ds_cfg_core2 = {
-        .sizeof_ds = 9 * 8,
-        .bts_buffer_base = { 0, 8 },
-        .bts_index = { 8, 8 },
-        .bts_absolute_maximum = { 16, 8 },
-        .bts_interrupt_threshold = { 24, 8 },
-        .sizeof_bts = 3 * 8,
-        .from_ip = { 0, 8 },
-        .to_ip = { 8, 8 },
-        .info_type = { 8, 1 },
-        .info_data = { 16, 8 },
-        .debugctl_mask = (1<<6)|(1<<7)|(1<<9)
+static const struct ds_configuration ds_cfg_64 = {
+        .sizeof_ds    = 8 * 12,
+        .sizeof_field = 8,
+        .sizeof_rec[ds_bts]   = 8 * 3,
+        .sizeof_rec[ds_pebs]  = 8 * 10
 };
 
 static inline void
@@ -429,14 +821,13 @@ void __cpuinit ds_init_intel(struct cpuinfo_x86 *c)
         switch (c->x86) {
         case 0x6:
                 switch (c->x86_model) {
-#ifdef __i386__
                 case 0xD:
                 case 0xE: /* Pentium M */
-                        ds_configure(&ds_cfg_pentium_m);
+                        ds_configure(&ds_cfg_var);
                         break;
-#endif /* _i386_ */
                 case 0xF: /* Core2 */
-                        ds_configure(&ds_cfg_core2);
+                case 0x1C: /* Atom */
+                        ds_configure(&ds_cfg_64);
                         break;
                 default:
                         /* sorry, don't know about them */
@@ -445,13 +836,11 @@ void __cpuinit ds_init_intel(struct cpuinfo_x86 *c)
                 break;
         case 0xF:
                 switch (c->x86_model) {
-#ifdef __i386__
                 case 0x0:
                 case 0x1:
                 case 0x2: /* Netburst */
-                        ds_configure(&ds_cfg_netburst);
+                        ds_configure(&ds_cfg_var);
                         break;
-#endif /* _i386_ */
                 default:
                         /* sorry, don't know about them */
                         break;
@@ -462,3 +851,14 @@ void __cpuinit ds_init_intel(struct cpuinfo_x86 *c)
                 break;
         }
 }
+
+void ds_free(struct ds_context *context)
+{
+        /* This is called when the task owning the parameter context
+         * is dying. There should not be any user of that context left
+         * to disturb us, anymore. */
+        unsigned long leftovers = context->count;
+        while (leftovers--)
+                ds_put_context(context);
+}
+#endif /* CONFIG_X86_DS */
diff --git a/arch/x86/kernel/dumpstack_32.c b/arch/x86/kernel/dumpstack_32.c
new file mode 100644
index 000000000000..1a78180f08d3
--- /dev/null
+++ b/arch/x86/kernel/dumpstack_32.c
@@ -0,0 +1,449 @@
+/*
+ *  Copyright (C) 1991, 1992  Linus Torvalds
+ *  Copyright (C) 2000, 2001, 2002 Andi Kleen, SuSE Labs
+ */
+#include <linux/kallsyms.h>
+#include <linux/kprobes.h>
+#include <linux/uaccess.h>
+#include <linux/utsname.h>
+#include <linux/hardirq.h>
+#include <linux/kdebug.h>
+#include <linux/module.h>
+#include <linux/ptrace.h>
+#include <linux/kexec.h>
+#include <linux/bug.h>
+#include <linux/nmi.h>
+#include <linux/sysfs.h>
+
+#include <asm/stacktrace.h>
+
+#define STACKSLOTS_PER_LINE 8
+#define get_bp(bp) asm("movl %%ebp, %0" : "=r" (bp) :)
+
+int panic_on_unrecovered_nmi;
+int kstack_depth_to_print = 3 * STACKSLOTS_PER_LINE;
+static unsigned int code_bytes = 64;
+static int die_counter;
+
+void printk_address(unsigned long address, int reliable)
+{
+        printk(" [<%p>] %s%pS\n", (void *) address,
+                        reliable ? "" : "? ", (void *) address);
+}
+
+static inline int valid_stack_ptr(struct thread_info *tinfo,
+                        void *p, unsigned int size, void *end)
+{
+        void *t = tinfo;
+        if (end) {
+                if (p < end && p >= (end-THREAD_SIZE))
+                        return 1;
+                else
+                        return 0;
+        }
+        return p > t && p < t + THREAD_SIZE - size;
+}
+
+/* The form of the top of the frame on the stack */
+struct stack_frame {
+        struct stack_frame *next_frame;
+        unsigned long return_address;
+};
+
+static inline unsigned long
+print_context_stack(struct thread_info *tinfo,
+                unsigned long *stack, unsigned long bp,
+                const struct stacktrace_ops *ops, void *data,
+                unsigned long *end)
+{
+        struct stack_frame *frame = (struct stack_frame *)bp;
+
+        while (valid_stack_ptr(tinfo, stack, sizeof(*stack), end)) {
+                unsigned long addr;
+
+                addr = *stack;
+                if (__kernel_text_address(addr)) {
+                        if ((unsigned long) stack == bp + sizeof(long)) {
+                                ops->address(data, addr, 1);
+                                frame = frame->next_frame;
+                                bp = (unsigned long) frame;
+                        } else {
+                                ops->address(data, addr, bp == 0);
+                        }
+                }
+                stack++;
+        }
+        return bp;
+}
+
+void dump_trace(struct task_struct *task, struct pt_regs *regs,
+                unsigned long *stack, unsigned long bp,
+                const struct stacktrace_ops *ops, void *data)
+{
+        if (!task)
+                task = current;
+
+        if (!stack) {
+                unsigned long dummy;
+                stack = &dummy;
+                if (task && task != current)
+                        stack = (unsigned long *)task->thread.sp;
+        }
+
+#ifdef CONFIG_FRAME_POINTER
+        if (!bp) {
+                if (task == current) {
+                        /* Grab bp right from our regs */
+                        get_bp(bp);
+                } else {
+                        /* bp is the last reg pushed by switch_to */
+                        bp = *(unsigned long *) task->thread.sp;
+                }
+        }
+#endif
+
+        for (;;) {
+                struct thread_info *context;
+
+                context = (struct thread_info *)
+                        ((unsigned long)stack & (~(THREAD_SIZE - 1)));
+                bp = print_context_stack(context, stack, bp, ops, data, NULL);
+
+                stack = (unsigned long *)context->previous_esp;
+                if (!stack)
+                        break;
+                if (ops->stack(data, "IRQ") < 0)
+                        break;
+                touch_nmi_watchdog();
+        }
+}
+EXPORT_SYMBOL(dump_trace);
+
+static void
+print_trace_warning_symbol(void *data, char *msg, unsigned long symbol)
+{
+        printk(data);
+        print_symbol(msg, symbol);
+        printk("\n");
+}
+
+static void print_trace_warning(void *data, char *msg)
+{
+        printk("%s%s\n", (char *)data, msg);
+}
+
+static int print_trace_stack(void *data, char *name)
+{
+        printk("%s <%s> ", (char *)data, name);
+        return 0;
+}
+
+/*
+ * Print one address/symbol entries per line.
+ */
+static void print_trace_address(void *data, unsigned long addr, int reliable)
+{
+        touch_nmi_watchdog();
+        printk(data);
+        printk_address(addr, reliable);
+}
+
+static const struct stacktrace_ops print_trace_ops = {
+        .warning = print_trace_warning,
+        .warning_symbol = print_trace_warning_symbol,
+        .stack = print_trace_stack,
+        .address = print_trace_address,
+};
+
+static void
+show_trace_log_lvl(struct task_struct *task, struct pt_regs *regs,
+                unsigned long *stack, unsigned long bp, char *log_lvl)
+{
+        printk("%sCall Trace:\n", log_lvl);
+        dump_trace(task, regs, stack, bp, &print_trace_ops, log_lvl);
+}
+
+void show_trace(struct task_struct *task, struct pt_regs *regs,
+                unsigned long *stack, unsigned long bp)
+{
+        show_trace_log_lvl(task, regs, stack, bp, "");
+}
+
+static void
+show_stack_log_lvl(struct task_struct *task, struct pt_regs *regs,
+                unsigned long *sp, unsigned long bp, char *log_lvl)
+{
+        unsigned long *stack;
+        int i;
+
+        if (sp == NULL) {
+                if (task)
+                        sp = (unsigned long *)task->thread.sp;
+                else
+                        sp = (unsigned long *)&sp;
+        }
+
+        stack = sp;
+        for (i = 0; i < kstack_depth_to_print; i++) {
+                if (kstack_end(stack))
+                        break;
+                if (i && ((i % STACKSLOTS_PER_LINE) == 0))
+                        printk("\n%s", log_lvl);
+                printk(" %08lx", *stack++);
+                touch_nmi_watchdog();
+        }
+        printk("\n");
+        show_trace_log_lvl(task, regs, sp, bp, log_lvl);
+}
+
+void show_stack(struct task_struct *task, unsigned long *sp)
+{
+        show_stack_log_lvl(task, NULL, sp, 0, "");
+}
+
+/*
+ * The architecture-independent dump_stack generator
+ */
+void dump_stack(void)
+{
+        unsigned long bp = 0;
+        unsigned long stack;
+
+#ifdef CONFIG_FRAME_POINTER
+        if (!bp)
+                get_bp(bp);
+#endif
+
+        printk("Pid: %d, comm: %.20s %s %s %.*s\n",
+                current->pid, current->comm, print_tainted(),
+                init_utsname()->release,
+                (int)strcspn(init_utsname()->version, " "),
+                init_utsname()->version);
+        show_trace(NULL, NULL, &stack, bp);
+}
+
+EXPORT_SYMBOL(dump_stack);
+
+void show_registers(struct pt_regs *regs)
+{
+        int i;
+
+        print_modules();
+        __show_regs(regs, 0);
+
+        printk(KERN_EMERG "Process %.*s (pid: %d, ti=%p task=%p task.ti=%p)\n",
+                TASK_COMM_LEN, current->comm, task_pid_nr(current),
+                current_thread_info(), current, task_thread_info(current));
+        /*
+         * When in-kernel, we also print out the stack and code at the
+         * time of the fault..
+         */
+        if (!user_mode_vm(regs)) {
+                unsigned int code_prologue = code_bytes * 43 / 64;
+                unsigned int code_len = code_bytes;
+                unsigned char c;
+                u8 *ip;
+
+                printk(KERN_EMERG "Stack:\n");
+                show_stack_log_lvl(NULL, regs, &regs->sp,
+                                0, KERN_EMERG);
+
+                printk(KERN_EMERG "Code: ");
+
+                ip = (u8 *)regs->ip - code_prologue;
+                if (ip < (u8 *)PAGE_OFFSET || probe_kernel_address(ip, c)) {
+                        /* try starting at IP */
+                        ip = (u8 *)regs->ip;
+                        code_len = code_len - code_prologue + 1;
+                }
+                for (i = 0; i < code_len; i++, ip++) {
+                        if (ip < (u8 *)PAGE_OFFSET ||
+                                        probe_kernel_address(ip, c)) {
+                                printk(" Bad EIP value.");
+                                break;
+                        }
+                        if (ip == (u8 *)regs->ip)
+                                printk("<%02x> ", c);
+                        else
+                                printk("%02x ", c);
+                }
+        }
+        printk("\n");
+}
+
+int is_valid_bugaddr(unsigned long ip)
+{
+        unsigned short ud2;
+
+        if (ip < PAGE_OFFSET)
+                return 0;
+        if (probe_kernel_address((unsigned short *)ip, ud2))
+                return 0;
+
+        return ud2 == 0x0b0f;
+}
+
+static raw_spinlock_t die_lock = __RAW_SPIN_LOCK_UNLOCKED;
+static int die_owner = -1;
+static unsigned int die_nest_count;
+
+unsigned __kprobes long oops_begin(void)
+{
+        unsigned long flags;
+
+        oops_enter();
+
+        if (die_owner != raw_smp_processor_id()) {
+                console_verbose();
+                raw_local_irq_save(flags);
+                __raw_spin_lock(&die_lock);
+                die_owner = smp_processor_id();
+                die_nest_count = 0;
+                bust_spinlocks(1);
+        } else {
+                raw_local_irq_save(flags);
+        }
+        die_nest_count++;
+        return flags;
+}
+
+void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, int signr)
+{
+        bust_spinlocks(0);
+        die_owner = -1;
+        add_taint(TAINT_DIE);
+        __raw_spin_unlock(&die_lock);
+        raw_local_irq_restore(flags);
+
+        if (!regs)
+                return;
+
+        if (kexec_should_crash(current))
+                crash_kexec(regs);
+        if (in_interrupt())
+                panic("Fatal exception in interrupt");
+        if (panic_on_oops)
+                panic("Fatal exception");
+        oops_exit();
+        do_exit(signr);
+}
+
+int __kprobes __die(const char *str, struct pt_regs *regs, long err)
+{
+        unsigned short ss;
+        unsigned long sp;
+
+        printk(KERN_EMERG "%s: %04lx [#%d] ", str, err & 0xffff, ++die_counter);
+#ifdef CONFIG_PREEMPT
+        printk("PREEMPT ");
+#endif
+#ifdef CONFIG_SMP
+        printk("SMP ");
+#endif
+#ifdef CONFIG_DEBUG_PAGEALLOC
+        printk("DEBUG_PAGEALLOC");
+#endif
+        printk("\n");
+        sysfs_printk_last_file();
+        if (notify_die(DIE_OOPS, str, regs, err,
+                        current->thread.trap_no, SIGSEGV) == NOTIFY_STOP)
+                return 1;
+
+        show_registers(regs);
+        /* Executive summary in case the oops scrolled away */
+        sp = (unsigned long) (&regs->sp);
+        savesegment(ss, ss);
+        if (user_mode(regs)) {
+                sp = regs->sp;
+                ss = regs->ss & 0xffff;
+        }
+        printk(KERN_EMERG "EIP: [<%08lx>] ", regs->ip);
+        print_symbol("%s", regs->ip);
+        printk(" SS:ESP %04x:%08lx\n", ss, sp);
+        return 0;
+}
+
+/*
+ * This is gone through when something in the kernel has done something bad
+ * and is about to be terminated:
+ */
+void die(const char *str, struct pt_regs *regs, long err)
+{
+        unsigned long flags = oops_begin();
+
+        if (die_nest_count < 3) {
+                report_bug(regs->ip, regs);
+
+                if (__die(str, regs, err))
+                        regs = NULL;
+        } else {
+                printk(KERN_EMERG "Recursive die() failure, output suppressed\n");
+        }
+
+        oops_end(flags, regs, SIGSEGV);
+}
+
+static DEFINE_SPINLOCK(nmi_print_lock);
+
+void notrace __kprobes
+die_nmi(char *str, struct pt_regs *regs, int do_panic)
+{
+        if (notify_die(DIE_NMIWATCHDOG, str, regs, 0, 2, SIGINT) == NOTIFY_STOP)
+                return;
+
+        spin_lock(&nmi_print_lock);
+        /*
+        * We are in trouble anyway, lets at least try
+        * to get a message out:
+        */
+        bust_spinlocks(1);
+        printk(KERN_EMERG "%s", str);
+        printk(" on CPU%d, ip %08lx, registers:\n",
+                smp_processor_id(), regs->ip);
+        show_registers(regs);
+        if (do_panic)
+                panic("Non maskable interrupt");
+        console_silent();
+        spin_unlock(&nmi_print_lock);
+        bust_spinlocks(0);
+
+        /*
+         * If we are in kernel we are probably nested up pretty bad
+         * and might aswell get out now while we still can:
+         */
+        if (!user_mode_vm(regs)) {
+                current->thread.trap_no = 2;
+                crash_kexec(regs);
+        }
+
+        do_exit(SIGSEGV);
+}
+
+static int __init oops_setup(char *s)
+{
+        if (!s)
+                return -EINVAL;
+        if (!strcmp(s, "panic"))
+                panic_on_oops = 1;
+        return 0;
+}
+early_param("oops", oops_setup);
+
+static int __init kstack_setup(char *s)
+{
+        if (!s)
+                return -EINVAL;
+        kstack_depth_to_print = simple_strtoul(s, NULL, 0);
+        return 0;
+}
+early_param("kstack", kstack_setup);
+
+static int __init code_bytes_setup(char *s)
+{
+        code_bytes = simple_strtoul(s, NULL, 0);
+        if (code_bytes > 8192)
+                code_bytes = 8192;
+
+        return 1;
+}
+__setup("code_bytes=", code_bytes_setup);
diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c
new file mode 100644
index 000000000000..96a5db7da8a7
--- /dev/null
+++ b/arch/x86/kernel/dumpstack_64.c
@@ -0,0 +1,575 @@
+/*
+ *  Copyright (C) 1991, 1992  Linus Torvalds
+ *  Copyright (C) 2000, 2001, 2002 Andi Kleen, SuSE Labs
+ */
+#include <linux/kallsyms.h>
+#include <linux/kprobes.h>
+#include <linux/uaccess.h>
+#include <linux/utsname.h>
+#include <linux/hardirq.h>
+#include <linux/kdebug.h>
+#include <linux/module.h>
+#include <linux/ptrace.h>
+#include <linux/kexec.h>
+#include <linux/bug.h>
+#include <linux/nmi.h>
+#include <linux/sysfs.h>
+
+#include <asm/stacktrace.h>
+
+#define STACKSLOTS_PER_LINE 4
+#define get_bp(bp) asm("movq %%rbp, %0" : "=r" (bp) :)
+
+int panic_on_unrecovered_nmi;
+int kstack_depth_to_print = 3 * STACKSLOTS_PER_LINE;
+static unsigned int code_bytes = 64;
+static int die_counter;
+
+void printk_address(unsigned long address, int reliable)
+{
+        printk(" [<%p>] %s%pS\n", (void *) address,
+                        reliable ? "" : "? ", (void *) address);
+}
+
+static unsigned long *in_exception_stack(unsigned cpu, unsigned long stack,
+                                        unsigned *usedp, char **idp)
+{
+        static char ids[][8] = {
+                [DEBUG_STACK - 1] = "#DB",
+                [NMI_STACK - 1] = "NMI",
+                [DOUBLEFAULT_STACK - 1] = "#DF",
+                [STACKFAULT_STACK - 1] = "#SS",
+                [MCE_STACK - 1] = "#MC",
+#if DEBUG_STKSZ > EXCEPTION_STKSZ
+                [N_EXCEPTION_STACKS ...
+                        N_EXCEPTION_STACKS + DEBUG_STKSZ / EXCEPTION_STKSZ - 2] = "#DB[?]"
+#endif
+        };
+        unsigned k;
+
+        /*
+         * Iterate over all exception stacks, and figure out whether
+         * 'stack' is in one of them:
+         */
+        for (k = 0; k < N_EXCEPTION_STACKS; k++) {
+                unsigned long end = per_cpu(orig_ist, cpu).ist[k];
+                /*
+                 * Is 'stack' above this exception frame's end?
+                 * If yes then skip to the next frame.
+                 */
+                if (stack >= end)
+                        continue;
+                /*
+                 * Is 'stack' above this exception frame's start address?
+                 * If yes then we found the right frame.
+                 */
+                if (stack >= end - EXCEPTION_STKSZ) {
+                        /*
+                         * Make sure we only iterate through an exception
+                         * stack once. If it comes up for the second time
+                         * then there's something wrong going on - just
+                         * break out and return NULL:
+                         */
+                        if (*usedp & (1U << k))
+                                break;
+                        *usedp |= 1U << k;
+                        *idp = ids[k];
+                        return (unsigned long *)end;
+                }
+                /*
+                 * If this is a debug stack, and if it has a larger size than
+                 * the usual exception stacks, then 'stack' might still
+                 * be within the lower portion of the debug stack:
+                 */
+#if DEBUG_STKSZ > EXCEPTION_STKSZ
+                if (k == DEBUG_STACK - 1 && stack >= end - DEBUG_STKSZ) {
+                        unsigned j = N_EXCEPTION_STACKS - 1;
+
+                        /*
+                         * Black magic. A large debug stack is composed of
+                         * multiple exception stack entries, which we
+                         * iterate through now. Dont look:
+                         */
+                        do {
+                                ++j;
+                                end -= EXCEPTION_STKSZ;
+                                ids[j][4] = '1' + (j - N_EXCEPTION_STACKS);
+                        } while (stack < end - EXCEPTION_STKSZ);
+                        if (*usedp & (1U << j))
+                                break;
+                        *usedp |= 1U << j;
+                        *idp = ids[j];
+                        return (unsigned long *)end;
+                }
+#endif
+        }
+        return NULL;
+}
+
+/*
+ * x86-64 can have up to three kernel stacks:
+ * process stack
+ * interrupt stack
+ * severe exception (double fault, nmi, stack fault, debug, mce) hardware stack
+ */
+
+static inline int valid_stack_ptr(struct thread_info *tinfo,
+                        void *p, unsigned int size, void *end)
+{
+        void *t = tinfo;
+        if (end) {
+                if (p < end && p >= (end-THREAD_SIZE))
+                        return 1;
+                else
+                        return 0;
+        }
+        return p > t && p < t + THREAD_SIZE - size;
+}
+
+/* The form of the top of the frame on the stack */
+struct stack_frame {
+        struct stack_frame *next_frame;
+        unsigned long return_address;
+};
+
+static inline unsigned long
+print_context_stack(struct thread_info *tinfo,
+                unsigned long *stack, unsigned long bp,
+                const struct stacktrace_ops *ops, void *data,
+                unsigned long *end)
+{
+        struct stack_frame *frame = (struct stack_frame *)bp;
+
+        while (valid_stack_ptr(tinfo, stack, sizeof(*stack), end)) {
+                unsigned long addr;
+
+                addr = *stack;
+                if (__kernel_text_address(addr)) {
+                        if ((unsigned long) stack == bp + sizeof(long)) {
+                                ops->address(data, addr, 1);
+                                frame = frame->next_frame;
+                                bp = (unsigned long) frame;
+                        } else {
+                                ops->address(data, addr, bp == 0);
+                        }
+                }
+                stack++;
+        }
+        return bp;
+}
+
+void dump_trace(struct task_struct *task, struct pt_regs *regs,
+                unsigned long *stack, unsigned long bp,
+                const struct stacktrace_ops *ops, void *data)
+{
+        const unsigned cpu = get_cpu();
+        unsigned long *irqstack_end = (unsigned long *)cpu_pda(cpu)->irqstackptr;
+        unsigned used = 0;
+        struct thread_info *tinfo;
+
+        if (!task)
+                task = current;
+
+        if (!stack) {
+                unsigned long dummy;
+                stack = &dummy;
+                if (task && task != current)
+                        stack = (unsigned long *)task->thread.sp;
+        }
+
+#ifdef CONFIG_FRAME_POINTER
+        if (!bp) {
+                if (task == current) {
+                        /* Grab bp right from our regs */
+                        get_bp(bp);
+                } else {
+                        /* bp is the last reg pushed by switch_to */
+                        bp = *(unsigned long *) task->thread.sp;
+                }
+        }
+#endif
+
+        /*
+         * Print function call entries in all stacks, starting at the
+         * current stack address. If the stacks consist of nested
+         * exceptions
+         */
+        tinfo = task_thread_info(task);
+        for (;;) {
+                char *id;
+                unsigned long *estack_end;
+                estack_end = in_exception_stack(cpu, (unsigned long)stack,
+                                                &used, &id);
+
+                if (estack_end) {
+                        if (ops->stack(data, id) < 0)
+                                break;
+
+                        bp = print_context_stack(tinfo, stack, bp, ops,
+                                                        data, estack_end);
+                        ops->stack(data, "<EOE>");
+                        /*
+                         * We link to the next stack via the
+                         * second-to-last pointer (index -2 to end) in the
+                         * exception stack:
+                         */
+                        stack = (unsigned long *) estack_end[-2];
+                        continue;
+                }
+                if (irqstack_end) {
+                        unsigned long *irqstack;
+                        irqstack = irqstack_end -
+                                (IRQSTACKSIZE - 64) / sizeof(*irqstack);
+
+                        if (stack >= irqstack && stack < irqstack_end) {
+                                if (ops->stack(data, "IRQ") < 0)
+                                        break;
+                                bp = print_context_stack(tinfo, stack, bp,
+                                                ops, data, irqstack_end);
+                                /*
+                                 * We link to the next stack (which would be
+                                 * the process stack normally) the last
+                                 * pointer (index -1 to end) in the IRQ stack:
+                                 */
+                                stack = (unsigned long *) (irqstack_end[-1]);
+                                irqstack_end = NULL;
+                                ops->stack(data, "EOI");
+                                continue;
+                        }
+                }
+                break;
+        }
+
+        /*
+         * This handles the process stack:
+         */
+        bp = print_context_stack(tinfo, stack, bp, ops, data, NULL);
+        put_cpu();
+}
+EXPORT_SYMBOL(dump_trace);
+
+static void
+print_trace_warning_symbol(void *data, char *msg, unsigned long symbol)
+{
+        printk(data);
+        print_symbol(msg, symbol);
+        printk("\n");
+}
+
+static void print_trace_warning(void *data, char *msg)
+{
+        printk("%s%s\n", (char *)data, msg);
+}
+
+static int print_trace_stack(void *data, char *name)
+{
+        printk("%s <%s> ", (char *)data, name);
+        return 0;
+}
+
+/*
+ * Print one address/symbol entries per line.
+ */
+static void print_trace_address(void *data, unsigned long addr, int reliable)
+{
+        touch_nmi_watchdog();
+        printk(data);
+        printk_address(addr, reliable);
+}
+
+static const struct stacktrace_ops print_trace_ops = {
+        .warning = print_trace_warning,
+        .warning_symbol = print_trace_warning_symbol,
+        .stack = print_trace_stack,
+        .address = print_trace_address,
+};
+
+static void
+show_trace_log_lvl(struct task_struct *task, struct pt_regs *regs,
+                unsigned long *stack, unsigned long bp, char *log_lvl)
+{
+        printk("%sCall Trace:\n", log_lvl);
+        dump_trace(task, regs, stack, bp, &print_trace_ops, log_lvl);
+}
+
+void show_trace(struct task_struct *task, struct pt_regs *regs,
+                unsigned long *stack, unsigned long bp)
+{
+        show_trace_log_lvl(task, regs, stack, bp, "");
+}
+
+static void
+show_stack_log_lvl(struct task_struct *task, struct pt_regs *regs,
+                unsigned long *sp, unsigned long bp, char *log_lvl)
+{
+        unsigned long *stack;
+        int i;
+        const int cpu = smp_processor_id();
+        unsigned long *irqstack_end =
+                (unsigned long *) (cpu_pda(cpu)->irqstackptr);
+        unsigned long *irqstack =
+                (unsigned long *) (cpu_pda(cpu)->irqstackptr - IRQSTACKSIZE);
+
+        /*
+         * debugging aid: "show_stack(NULL, NULL);" prints the
+         * back trace for this cpu.
+         */
+
+        if (sp == NULL) {
+                if (task)
+                        sp = (unsigned long *)task->thread.sp;
+                else
+                        sp = (unsigned long *)&sp;
+        }
+
+        stack = sp;
+        for (i = 0; i < kstack_depth_to_print; i++) {
+                if (stack >= irqstack && stack <= irqstack_end) {
+                        if (stack == irqstack_end) {
+                                stack = (unsigned long *) (irqstack_end[-1]);
+                                printk(" <EOI> ");
+                        }
+                } else {
+                if (((long) stack & (THREAD_SIZE-1)) == 0)
+                        break;
+                }
+                if (i && ((i % STACKSLOTS_PER_LINE) == 0))
+                        printk("\n%s", log_lvl);
+                printk(" %016lx", *stack++);
+                touch_nmi_watchdog();
+        }
+        printk("\n");
+        show_trace_log_lvl(task, regs, sp, bp, log_lvl);
+}
+
+void show_stack(struct task_struct *task, unsigned long *sp)
+{
+        show_stack_log_lvl(task, NULL, sp, 0, "");
+}
+
+/*
+ * The architecture-independent dump_stack generator
+ */
+void dump_stack(void)
+{
+        unsigned long bp = 0;
+        unsigned long stack;
+
+#ifdef CONFIG_FRAME_POINTER
+        if (!bp)
+                get_bp(bp);
+#endif
+
+        printk("Pid: %d, comm: %.20s %s %s %.*s\n",
+                current->pid, current->comm, print_tainted(),
+                init_utsname()->release,
+                (int)strcspn(init_utsname()->version, " "),
+                init_utsname()->version);
+        show_trace(NULL, NULL, &stack, bp);
+}
+EXPORT_SYMBOL(dump_stack);
+
+void show_registers(struct pt_regs *regs)
+{
+        int i;
+        unsigned long sp;
+        const int cpu = smp_processor_id();
+        struct task_struct *cur = cpu_pda(cpu)->pcurrent;
+
+        sp = regs->sp;
+        printk("CPU %d ", cpu);
+        __show_regs(regs, 1);
+        printk("Process %s (pid: %d, threadinfo %p, task %p)\n",
+                cur->comm, cur->pid, task_thread_info(cur), cur);
+
+        /*
+         * When in-kernel, we also print out the stack and code at the
+         * time of the fault..
+         */
+        if (!user_mode(regs)) {
+                unsigned int code_prologue = code_bytes * 43 / 64;
+                unsigned int code_len = code_bytes;
+                unsigned char c;
+                u8 *ip;
+
+                printk(KERN_EMERG "Stack:\n");
+                show_stack_log_lvl(NULL, regs, (unsigned long *)sp,
+                                regs->bp, KERN_EMERG);
+
+                printk(KERN_EMERG "Code: ");
+
+                ip = (u8 *)regs->ip - code_prologue;
+                if (ip < (u8 *)PAGE_OFFSET || probe_kernel_address(ip, c)) {
+                        /* try starting at IP */
+                        ip = (u8 *)regs->ip;
+                        code_len = code_len - code_prologue + 1;
+                }
+                for (i = 0; i < code_len; i++, ip++) {
+                        if (ip < (u8 *)PAGE_OFFSET ||
+                                        probe_kernel_address(ip, c)) {
+                                printk(" Bad RIP value.");
+                                break;
+                        }
+                        if (ip == (u8 *)regs->ip)
+                                printk("<%02x> ", c);
+                        else
+                                printk("%02x ", c);
+                }
+        }
+        printk("\n");
+}
+
+int is_valid_bugaddr(unsigned long ip)
+{
+        unsigned short ud2;
+
+        if (__copy_from_user(&ud2, (const void __user *) ip, sizeof(ud2)))
+                return 0;
+
+        return ud2 == 0x0b0f;
+}
+
+static raw_spinlock_t die_lock = __RAW_SPIN_LOCK_UNLOCKED;
+static int die_owner = -1;
+static unsigned int die_nest_count;
+
+unsigned __kprobes long oops_begin(void)
+{
+        int cpu;
+        unsigned long flags;
+
+        oops_enter();
+
+        /* racy, but better than risking deadlock. */
+        raw_local_irq_save(flags);
+        cpu = smp_processor_id();
+        if (!__raw_spin_trylock(&die_lock)) {
+                if (cpu == die_owner)
+                        /* nested oops. should stop eventually */;
+                else
+                        __raw_spin_lock(&die_lock);
+        }
+        die_nest_count++;
+        die_owner = cpu;
+        console_verbose();
+        bust_spinlocks(1);
+        return flags;
+}
+
+void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, int signr)
+{
+        die_owner = -1;
+        bust_spinlocks(0);
+        die_nest_count--;
+        if (!die_nest_count)
+                /* Nest count reaches zero, release the lock. */
+                __raw_spin_unlock(&die_lock);
+        raw_local_irq_restore(flags);
+        if (!regs) {
+                oops_exit();
+                return;
+        }
+        if (in_interrupt())
+                panic("Fatal exception in interrupt");
+        if (panic_on_oops)
+                panic("Fatal exception");
+        oops_exit();
+        do_exit(signr);
+}
+
+int __kprobes __die(const char *str, struct pt_regs *regs, long err)
+{
+        printk(KERN_EMERG "%s: %04lx [#%d] ", str, err & 0xffff, ++die_counter);
+#ifdef CONFIG_PREEMPT
+        printk("PREEMPT ");
+#endif
+#ifdef CONFIG_SMP
+        printk("SMP ");
+#endif
+#ifdef CONFIG_DEBUG_PAGEALLOC
+        printk("DEBUG_PAGEALLOC");
+#endif
+        printk("\n");
+        sysfs_printk_last_file();
+        if (notify_die(DIE_OOPS, str, regs, err,
+                        current->thread.trap_no, SIGSEGV) == NOTIFY_STOP)
+                return 1;
+
+        show_registers(regs);
+        add_taint(TAINT_DIE);
+        /* Executive summary in case the oops scrolled away */
+        printk(KERN_ALERT "RIP ");
+        printk_address(regs->ip, 1);
+        printk(" RSP <%016lx>\n", regs->sp);
+        if (kexec_should_crash(current))
+                crash_kexec(regs);
+        return 0;
+}
+
+void die(const char *str, struct pt_regs *regs, long err)
+{
+        unsigned long flags = oops_begin();
+
+        if (!user_mode(regs))
+                report_bug(regs->ip, regs);
+
+        if (__die(str, regs, err))
+                regs = NULL;
+        oops_end(flags, regs, SIGSEGV);
+}
+
+notrace __kprobes void
+die_nmi(char *str, struct pt_regs *regs, int do_panic)
+{
+        unsigned long flags;
+
+        if (notify_die(DIE_NMIWATCHDOG, str, regs, 0, 2, SIGINT) == NOTIFY_STOP)
+                return;
+
+        flags = oops_begin();
+        /*
+         * We are in trouble anyway, lets at least try
+         * to get a message out.
+         */
+        printk(KERN_EMERG "%s", str);
+        printk(" on CPU%d, ip %08lx, registers:\n",
+                smp_processor_id(), regs->ip);
+        show_registers(regs);
+        if (kexec_should_crash(current))
+                crash_kexec(regs);
+        if (do_panic || panic_on_oops)
+                panic("Non maskable interrupt");
+        oops_end(flags, NULL, SIGBUS);
+        nmi_exit();
+        local_irq_enable();
+        do_exit(SIGBUS);
+}
+
+static int __init oops_setup(char *s)
+{
+        if (!s)
+                return -EINVAL;
+        if (!strcmp(s, "panic"))
+                panic_on_oops = 1;
+        return 0;
+}
+early_param("oops", oops_setup);
+
+static int __init kstack_setup(char *s)
+{
+        if (!s)
+                return -EINVAL;
+        kstack_depth_to_print = simple_strtoul(s, NULL, 0);
+        return 0;
+}
+early_param("kstack", kstack_setup);
+
+static int __init code_bytes_setup(char *s)
+{
+        code_bytes = simple_strtoul(s, NULL, 0);
+        if (code_bytes > 8192)
+                code_bytes = 8192;
+
+        return 1;
+}
+__setup("code_bytes=", code_bytes_setup);
diff --git a/arch/x86/kernel/e820.c b/arch/x86/kernel/e820.c
index 9af89078f7bb..ce97bf3bed12 100644
--- a/arch/x86/kernel/e820.c
+++ b/arch/x86/kernel/e820.c
@@ -148,6 +148,9 @@ void __init e820_print_map(char *who)
                 case E820_NVS:
                         printk(KERN_CONT "(ACPI NVS)\n");
                         break;
+                case E820_UNUSABLE:
+                        printk("(unusable)\n");
+                        break;
                 default:
                         printk(KERN_CONT "type %u\n", e820.map[i].type);
                         break;
@@ -1203,7 +1206,7 @@ static int __init parse_memmap_opt(char *p)
         if (!p)
                 return -EINVAL;
 
-        if (!strcmp(p, "exactmap")) {
+        if (!strncmp(p, "exactmap", 8)) {
 #ifdef CONFIG_CRASH_DUMP
                 /*
                  * If we are doing a crash dump, we still need to know
@@ -1260,6 +1263,7 @@ static inline const char *e820_type_to_string(int e820_type)
         case E820_RAM:  return "System RAM";
         case E820_ACPI: return "ACPI Tables";
         case E820_NVS:  return "ACPI Non-volatile Storage";
+        case E820_UNUSABLE:     return "Unusable memory";
         default:        return "reserved";
         }
 }
@@ -1267,6 +1271,7 @@ static inline const char *e820_type_to_string(int e820_type)
 /*
  * Mark e820 reserved areas as busy for the resource manager.
  */
+static struct resource __initdata *e820_res;
 void __init e820_reserve_resources(void)
 {
         int i;
@@ -1274,20 +1279,26 @@ void __init e820_reserve_resources(void)
         u64 end;
 
         res = alloc_bootmem_low(sizeof(struct resource) * e820.nr_map);
+        e820_res = res;
         for (i = 0; i < e820.nr_map; i++) {
                 end = e820.map[i].addr + e820.map[i].size - 1;
-#ifndef CONFIG_RESOURCES_64BIT
-                if (end > 0x100000000ULL) {
+                if (end != (resource_size_t)end) {
                         res++;
                         continue;
                 }
-#endif
                 res->name = e820_type_to_string(e820.map[i].type);
                 res->start = e820.map[i].addr;
                 res->end = end;
 
                 res->flags = IORESOURCE_MEM | IORESOURCE_BUSY;
-                insert_resource(&iomem_resource, res);
+
+                /*
+                 * don't register the region that could be conflicted with
+                 * pci device BAR resource and insert them later in
+                 * pcibios_resource_survey()
+                 */
+                if (e820.map[i].type != E820_RESERVED || res->start < (1ULL<<20))
+                        insert_resource(&iomem_resource, res);
                 res++;
         }
 
@@ -1299,6 +1310,19 @@ void __init e820_reserve_resources(void)
         }
 }
 
+void __init e820_reserve_resources_late(void)
+{
+        int i;
+        struct resource *res;
+
+        res = e820_res;
+        for (i = 0; i < e820.nr_map; i++) {
+                if (!res->parent && res->end)
+                        reserve_region_with_split(&iomem_resource, res->start, res->end, res->name);
+                res++;
+        }
+}
+
 char *__init default_machine_specific_memory_setup(void)
 {
         char *who = "BIOS-e820";
diff --git a/arch/x86/kernel/early-quirks.c b/arch/x86/kernel/early-quirks.c
index 4353cf5e6fac..733c4f8d42ea 100644
--- a/arch/x86/kernel/early-quirks.c
+++ b/arch/x86/kernel/early-quirks.c
@@ -95,6 +95,66 @@ static void __init nvidia_bugs(int num, int slot, int func)
 
 }
 
+static u32 ati_ixp4x0_rev(int num, int slot, int func)
+{
+        u32 d;
+        u8  b;
+
+        b = read_pci_config_byte(num, slot, func, 0xac);
+        b &= ~(1<<5);
+        write_pci_config_byte(num, slot, func, 0xac, b);
+
+        d = read_pci_config(num, slot, func, 0x70);
+        d |= 1<<8;
+        write_pci_config(num, slot, func, 0x70, d);
+
+        d = read_pci_config(num, slot, func, 0x8);
+        d &= 0xff;
+        return d;
+}
+
+static void __init ati_bugs(int num, int slot, int func)
+{
+#if defined(CONFIG_ACPI) && defined (CONFIG_X86_IO_APIC)
+        u32 d;
+        u8  b;
+
+        if (acpi_use_timer_override)
+                return;
+
+        d = ati_ixp4x0_rev(num, slot, func);
+        if (d  < 0x82)
+                acpi_skip_timer_override = 1;
+        else {
+                /* check for IRQ0 interrupt swap */
+                outb(0x72, 0xcd6); b = inb(0xcd7);
+                if (!(b & 0x2))
+                        acpi_skip_timer_override = 1;
+        }
+
+        if (acpi_skip_timer_override) {
+                printk(KERN_INFO "SB4X0 revision 0x%x\n", d);
+                printk(KERN_INFO "Ignoring ACPI timer override.\n");
+                printk(KERN_INFO "If you got timer trouble "
+                       "try acpi_use_timer_override\n");
+        }
+#endif
+}
+
+#ifdef CONFIG_DMAR
+static void __init intel_g33_dmar(int num, int slot, int func)
+{
+        struct acpi_table_header *dmar_tbl;
+        acpi_status status;
+
+        status = acpi_get_table(ACPI_SIG_DMAR, 0, &dmar_tbl);
+        if (ACPI_SUCCESS(status)) {
+                printk(KERN_INFO "BIOS BUG: DMAR advertised on Intel G31/G33 chipset -- ignoring\n");
+                dmar_disabled = 1;
+        }
+}
+#endif
+
 #define QFLAG_APPLY_ONCE        0x1
 #define QFLAG_APPLIED           0x2
 #define QFLAG_DONE              (QFLAG_APPLY_ONCE|QFLAG_APPLIED)
@@ -114,6 +174,12 @@ static struct chipset early_qrk[] __initdata = {
           PCI_CLASS_BRIDGE_PCI, PCI_ANY_ID, QFLAG_APPLY_ONCE, via_bugs },
         { PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_K8_NB,
           PCI_CLASS_BRIDGE_HOST, PCI_ANY_ID, 0, fix_hypertransport_config },
+        { PCI_VENDOR_ID_ATI, PCI_DEVICE_ID_ATI_IXP400_SMBUS,
+          PCI_CLASS_SERIAL_SMBUS, PCI_ANY_ID, 0, ati_bugs },
+#ifdef CONFIG_DMAR
+        { PCI_VENDOR_ID_INTEL, 0x29c0,
+          PCI_CLASS_BRIDGE_HOST, PCI_ANY_ID, 0, intel_g33_dmar },
+#endif
         {}
 };
 
diff --git a/arch/x86/kernel/early_printk.c b/arch/x86/kernel/early_printk.c
index ff9e7350da54..34ad997d3834 100644
--- a/arch/x86/kernel/early_printk.c
+++ b/arch/x86/kernel/early_printk.c
@@ -3,11 +3,19 @@
 #include <linux/init.h>
 #include <linux/string.h>
 #include <linux/screen_info.h>
+#include <linux/usb/ch9.h>
+#include <linux/pci_regs.h>
+#include <linux/pci_ids.h>
+#include <linux/errno.h>
 #include <asm/io.h>
 #include <asm/processor.h>
 #include <asm/fcntl.h>
 #include <asm/setup.h>
 #include <xen/hvc-console.h>
+#include <asm/pci-direct.h>
+#include <asm/pgtable.h>
+#include <asm/fixmap.h>
+#include <linux/usb/ehci_def.h>
 
 /* Simple VGA output */
 #define VGABASE         (__ISA_IO_base + 0xb8000)
@@ -78,6 +86,7 @@ static int early_serial_base = 0x3f8;  /* ttyS0 */
 static int early_serial_putc(unsigned char ch)
 {
         unsigned timeout = 0xffff;
+
         while ((inb(early_serial_base + LSR) & XMTRDY) == 0 && --timeout)
                 cpu_relax();
         outb(ch, early_serial_base + TXR);
@@ -111,7 +120,7 @@ static __init void early_serial_init(char *s)
                 if (!strncmp(s, "0x", 2)) {
                         early_serial_base = simple_strtoul(s, &e, 16);
                 } else {
-                        static int bases[] = { 0x3f8, 0x2f8 };
+                        static const int __initconst bases[] = { 0x3f8, 0x2f8 };
 
                         if (!strncmp(s, "ttyS", 4))
                                 s += 4;
@@ -151,6 +160,721 @@ static struct console early_serial_console = {
         .index =        -1,
 };
 
+#ifdef CONFIG_EARLY_PRINTK_DBGP
+
+static struct ehci_caps __iomem *ehci_caps;
+static struct ehci_regs __iomem *ehci_regs;
+static struct ehci_dbg_port __iomem *ehci_debug;
+static unsigned int dbgp_endpoint_out;
+
+struct ehci_dev {
+        u32 bus;
+        u32 slot;
+        u32 func;
+};
+
+static struct ehci_dev ehci_dev;
+
+#define USB_DEBUG_DEVNUM 127
+
+#define DBGP_DATA_TOGGLE        0x8800
+
+static inline u32 dbgp_pid_update(u32 x, u32 tok)
+{
+        return ((x ^ DBGP_DATA_TOGGLE) & 0xffff00) | (tok & 0xff);
+}
+
+static inline u32 dbgp_len_update(u32 x, u32 len)
+{
+        return (x & ~0x0f) | (len & 0x0f);
+}
+
+/*
+ * USB Packet IDs (PIDs)
+ */
+
+/* token */
+#define USB_PID_OUT             0xe1
+#define USB_PID_IN              0x69
+#define USB_PID_SOF             0xa5
+#define USB_PID_SETUP           0x2d
+/* handshake */
+#define USB_PID_ACK             0xd2
+#define USB_PID_NAK             0x5a
+#define USB_PID_STALL           0x1e
+#define USB_PID_NYET            0x96
+/* data */
+#define USB_PID_DATA0           0xc3
+#define USB_PID_DATA1           0x4b
+#define USB_PID_DATA2           0x87
+#define USB_PID_MDATA           0x0f
+/* Special */
+#define USB_PID_PREAMBLE        0x3c
+#define USB_PID_ERR             0x3c
+#define USB_PID_SPLIT           0x78
+#define USB_PID_PING            0xb4
+#define USB_PID_UNDEF_0         0xf0
+
+#define USB_PID_DATA_TOGGLE     0x88
+#define DBGP_CLAIM (DBGP_OWNER | DBGP_ENABLED | DBGP_INUSE)
+
+#define PCI_CAP_ID_EHCI_DEBUG   0xa
+
+#define HUB_ROOT_RESET_TIME     50      /* times are in msec */
+#define HUB_SHORT_RESET_TIME    10
+#define HUB_LONG_RESET_TIME     200
+#define HUB_RESET_TIMEOUT       500
+
+#define DBGP_MAX_PACKET         8
+
+static int dbgp_wait_until_complete(void)
+{
+        u32 ctrl;
+        int loop = 0x100000;
+
+        do {
+                ctrl = readl(&ehci_debug->control);
+                /* Stop when the transaction is finished */
+                if (ctrl & DBGP_DONE)
+                        break;
+        } while (--loop > 0);
+
+        if (!loop)
+                return -1;
+
+        /*
+         * Now that we have observed the completed transaction,
+         * clear the done bit.
+         */
+        writel(ctrl | DBGP_DONE, &ehci_debug->control);
+        return (ctrl & DBGP_ERROR) ? -DBGP_ERRCODE(ctrl) : DBGP_LEN(ctrl);
+}
+
+static void dbgp_mdelay(int ms)
+{
+        int i;
+
+        while (ms--) {
+                for (i = 0; i < 1000; i++)
+                        outb(0x1, 0x80);
+        }
+}
+
+static void dbgp_breath(void)
+{
+        /* Sleep to give the debug port a chance to breathe */
+}
+
+static int dbgp_wait_until_done(unsigned ctrl)
+{
+        u32 pids, lpid;
+        int ret;
+        int loop = 3;
+
+retry:
+        writel(ctrl | DBGP_GO, &ehci_debug->control);
+        ret = dbgp_wait_until_complete();
+        pids = readl(&ehci_debug->pids);
+        lpid = DBGP_PID_GET(pids);
+
+        if (ret < 0)
+                return ret;
+
+        /*
+         * If the port is getting full or it has dropped data
+         * start pacing ourselves, not necessary but it's friendly.
+         */
+        if ((lpid == USB_PID_NAK) || (lpid == USB_PID_NYET))
+                dbgp_breath();
+
+        /* If I get a NACK reissue the transmission */
+        if (lpid == USB_PID_NAK) {
+                if (--loop > 0)
+                        goto retry;
+        }
+
+        return ret;
+}
+
+static void dbgp_set_data(const void *buf, int size)
+{
+        const unsigned char *bytes = buf;
+        u32 lo, hi;
+        int i;
+
+        lo = hi = 0;
+        for (i = 0; i < 4 && i < size; i++)
+                lo |= bytes[i] << (8*i);
+        for (; i < 8 && i < size; i++)
+                hi |= bytes[i] << (8*(i - 4));
+        writel(lo, &ehci_debug->data03);
+        writel(hi, &ehci_debug->data47);
+}
+
+static void dbgp_get_data(void *buf, int size)
+{
+        unsigned char *bytes = buf;
+        u32 lo, hi;
+        int i;
+
+        lo = readl(&ehci_debug->data03);
+        hi = readl(&ehci_debug->data47);
+        for (i = 0; i < 4 && i < size; i++)
+                bytes[i] = (lo >> (8*i)) & 0xff;
+        for (; i < 8 && i < size; i++)
+                bytes[i] = (hi >> (8*(i - 4))) & 0xff;
+}
+
+static int dbgp_bulk_write(unsigned devnum, unsigned endpoint,
+                         const char *bytes, int size)
+{
+        u32 pids, addr, ctrl;
+        int ret;
+
+        if (size > DBGP_MAX_PACKET)
+                return -1;
+
+        addr = DBGP_EPADDR(devnum, endpoint);
+
+        pids = readl(&ehci_debug->pids);
+        pids = dbgp_pid_update(pids, USB_PID_OUT);
+
+        ctrl = readl(&ehci_debug->control);
+        ctrl = dbgp_len_update(ctrl, size);
+        ctrl |= DBGP_OUT;
+        ctrl |= DBGP_GO;
+
+        dbgp_set_data(bytes, size);
+        writel(addr, &ehci_debug->address);
+        writel(pids, &ehci_debug->pids);
+
+        ret = dbgp_wait_until_done(ctrl);
+        if (ret < 0)
+                return ret;
+
+        return ret;
+}
+
+static int dbgp_bulk_read(unsigned devnum, unsigned endpoint, void *data,
+                                 int size)
+{
+        u32 pids, addr, ctrl;
+        int ret;
+
+        if (size > DBGP_MAX_PACKET)
+                return -1;
+
+        addr = DBGP_EPADDR(devnum, endpoint);
+
+        pids = readl(&ehci_debug->pids);
+        pids = dbgp_pid_update(pids, USB_PID_IN);
+
+        ctrl = readl(&ehci_debug->control);
+        ctrl = dbgp_len_update(ctrl, size);
+        ctrl &= ~DBGP_OUT;
+        ctrl |= DBGP_GO;
+
+        writel(addr, &ehci_debug->address);
+        writel(pids, &ehci_debug->pids);
+        ret = dbgp_wait_until_done(ctrl);
+        if (ret < 0)
+                return ret;
+
+        if (size > ret)
+                size = ret;
+        dbgp_get_data(data, size);
+        return ret;
+}
+
+static int dbgp_control_msg(unsigned devnum, int requesttype, int request,
+        int value, int index, void *data, int size)
+{
+        u32 pids, addr, ctrl;
+        struct usb_ctrlrequest req;
+        int read;
+        int ret;
+
+        read = (requesttype & USB_DIR_IN) != 0;
+        if (size > (read ? DBGP_MAX_PACKET:0))
+                return -1;
+
+        /* Compute the control message */
+        req.bRequestType = requesttype;
+        req.bRequest = request;
+        req.wValue = cpu_to_le16(value);
+        req.wIndex = cpu_to_le16(index);
+        req.wLength = cpu_to_le16(size);
+
+        pids = DBGP_PID_SET(USB_PID_DATA0, USB_PID_SETUP);
+        addr = DBGP_EPADDR(devnum, 0);
+
+        ctrl = readl(&ehci_debug->control);
+        ctrl = dbgp_len_update(ctrl, sizeof(req));
+        ctrl |= DBGP_OUT;
+        ctrl |= DBGP_GO;
+
+        /* Send the setup message */
+        dbgp_set_data(&req, sizeof(req));
+        writel(addr, &ehci_debug->address);
+        writel(pids, &ehci_debug->pids);
+        ret = dbgp_wait_until_done(ctrl);
+        if (ret < 0)
+                return ret;
+
+        /* Read the result */
+        return dbgp_bulk_read(devnum, 0, data, size);
+}
+
+
+/* Find a PCI capability */
+static u32 __init find_cap(u32 num, u32 slot, u32 func, int cap)
+{
+        u8 pos;
+        int bytes;
+
+        if (!(read_pci_config_16(num, slot, func, PCI_STATUS) &
+                PCI_STATUS_CAP_LIST))
+                return 0;
+
+        pos = read_pci_config_byte(num, slot, func, PCI_CAPABILITY_LIST);
+        for (bytes = 0; bytes < 48 && pos >= 0x40; bytes++) {
+                u8 id;
+
+                pos &= ~3;
+                id = read_pci_config_byte(num, slot, func, pos+PCI_CAP_LIST_ID);
+                if (id == 0xff)
+                        break;
+                if (id == cap)
+                        return pos;
+
+                pos = read_pci_config_byte(num, slot, func,
+                                                 pos+PCI_CAP_LIST_NEXT);
+        }
+        return 0;
+}
+
+static u32 __init __find_dbgp(u32 bus, u32 slot, u32 func)
+{
+        u32 class;
+
+        class = read_pci_config(bus, slot, func, PCI_CLASS_REVISION);
+        if ((class >> 8) != PCI_CLASS_SERIAL_USB_EHCI)
+                return 0;
+
+        return find_cap(bus, slot, func, PCI_CAP_ID_EHCI_DEBUG);
+}
+
+static u32 __init find_dbgp(int ehci_num, u32 *rbus, u32 *rslot, u32 *rfunc)
+{
+        u32 bus, slot, func;
+
+        for (bus = 0; bus < 256; bus++) {
+                for (slot = 0; slot < 32; slot++) {
+                        for (func = 0; func < 8; func++) {
+                                unsigned cap;
+
+                                cap = __find_dbgp(bus, slot, func);
+
+                                if (!cap)
+                                        continue;
+                                if (ehci_num-- != 0)
+                                        continue;
+                                *rbus = bus;
+                                *rslot = slot;
+                                *rfunc = func;
+                                return cap;
+                        }
+                }
+        }
+        return 0;
+}
+
+static int ehci_reset_port(int port)
+{
+        u32 portsc;
+        u32 delay_time, delay;
+        int loop;
+
+        /* Reset the usb debug port */
+        portsc = readl(&ehci_regs->port_status[port - 1]);
+        portsc &= ~PORT_PE;
+        portsc |= PORT_RESET;
+        writel(portsc, &ehci_regs->port_status[port - 1]);
+
+        delay = HUB_ROOT_RESET_TIME;
+        for (delay_time = 0; delay_time < HUB_RESET_TIMEOUT;
+             delay_time += delay) {
+                dbgp_mdelay(delay);
+
+                portsc = readl(&ehci_regs->port_status[port - 1]);
+                if (portsc & PORT_RESET) {
+                        /* force reset to complete */
+                        loop = 2;
+                        writel(portsc & ~(PORT_RWC_BITS | PORT_RESET),
+                                &ehci_regs->port_status[port - 1]);
+                        do {
+                                portsc = readl(&ehci_regs->port_status[port-1]);
+                        } while ((portsc & PORT_RESET) && (--loop > 0));
+                }
+
+                /* Device went away? */
+                if (!(portsc & PORT_CONNECT))
+                        return -ENOTCONN;
+
+                /* bomb out completely if something weird happend */
+                if ((portsc & PORT_CSC))
+                        return -EINVAL;
+
+                /* If we've finished resetting, then break out of the loop */
+                if (!(portsc & PORT_RESET) && (portsc & PORT_PE))
+                        return 0;
+        }
+        return -EBUSY;
+}
+
+static int ehci_wait_for_port(int port)
+{
+        u32 status;
+        int ret, reps;
+
+        for (reps = 0; reps < 3; reps++) {
+                dbgp_mdelay(100);
+                status = readl(&ehci_regs->status);
+                if (status & STS_PCD) {
+                        ret = ehci_reset_port(port);
+                        if (ret == 0)
+                                return 0;
+                }
+        }
+        return -ENOTCONN;
+}
+
+#ifdef DBGP_DEBUG
+# define dbgp_printk early_printk
+#else
+static inline void dbgp_printk(const char *fmt, ...) { }
+#endif
+
+typedef void (*set_debug_port_t)(int port);
+
+static void default_set_debug_port(int port)
+{
+}
+
+static set_debug_port_t set_debug_port = default_set_debug_port;
+
+static void nvidia_set_debug_port(int port)
+{
+        u32 dword;
+        dword = read_pci_config(ehci_dev.bus, ehci_dev.slot, ehci_dev.func,
+                                 0x74);
+        dword &= ~(0x0f<<12);
+        dword |= ((port & 0x0f)<<12);
+        write_pci_config(ehci_dev.bus, ehci_dev.slot, ehci_dev.func, 0x74,
+                                 dword);
+        dbgp_printk("set debug port to %d\n", port);
+}
+
+static void __init detect_set_debug_port(void)
+{
+        u32 vendorid;
+
+        vendorid = read_pci_config(ehci_dev.bus, ehci_dev.slot, ehci_dev.func,
+                 0x00);
+
+        if ((vendorid & 0xffff) == 0x10de) {
+                dbgp_printk("using nvidia set_debug_port\n");
+                set_debug_port = nvidia_set_debug_port;
+        }
+}
+
+static int __init ehci_setup(void)
+{
+        struct usb_debug_descriptor dbgp_desc;
+        u32 cmd, ctrl, status, portsc, hcs_params;
+        u32 debug_port, new_debug_port = 0, n_ports;
+        u32  devnum;
+        int ret, i;
+        int loop;
+        int port_map_tried;
+        int playtimes = 3;
+
+try_next_time:
+        port_map_tried = 0;
+
+try_next_port:
+
+        hcs_params = readl(&ehci_caps->hcs_params);
+        debug_port = HCS_DEBUG_PORT(hcs_params);
+        n_ports    = HCS_N_PORTS(hcs_params);
+
+        dbgp_printk("debug_port: %d\n", debug_port);
+        dbgp_printk("n_ports:    %d\n", n_ports);
+
+        for (i = 1; i <= n_ports; i++) {
+                portsc = readl(&ehci_regs->port_status[i-1]);
+                dbgp_printk("portstatus%d: %08x\n", i, portsc);
+        }
+
+        if (port_map_tried && (new_debug_port != debug_port)) {
+                if (--playtimes) {
+                        set_debug_port(new_debug_port);
+                        goto try_next_time;
+                }
+                return -1;
+        }
+
+        loop = 10;
+        /* Reset the EHCI controller */
+        cmd = readl(&ehci_regs->command);
+        cmd |= CMD_RESET;
+        writel(cmd, &ehci_regs->command);
+        do {
+                cmd = readl(&ehci_regs->command);
+        } while ((cmd & CMD_RESET) && (--loop > 0));
+
+        if (!loop) {
+                dbgp_printk("can not reset ehci\n");
+                return -1;
+        }
+        dbgp_printk("ehci reset done\n");
+
+        /* Claim ownership, but do not enable yet */
+        ctrl = readl(&ehci_debug->control);
+        ctrl |= DBGP_OWNER;
+        ctrl &= ~(DBGP_ENABLED | DBGP_INUSE);
+        writel(ctrl, &ehci_debug->control);
+
+        /* Start the ehci running */
+        cmd = readl(&ehci_regs->command);
+        cmd &= ~(CMD_LRESET | CMD_IAAD | CMD_PSE | CMD_ASE | CMD_RESET);
+        cmd |= CMD_RUN;
+        writel(cmd, &ehci_regs->command);
+
+        /* Ensure everything is routed to the EHCI */
+        writel(FLAG_CF, &ehci_regs->configured_flag);
+
+        /* Wait until the controller is no longer halted */
+        loop = 10;
+        do {
+                status = readl(&ehci_regs->status);
+        } while ((status & STS_HALT) && (--loop > 0));
+
+        if (!loop) {
+                dbgp_printk("ehci can be started\n");
+                return -1;
+        }
+        dbgp_printk("ehci started\n");
+
+        /* Wait for a device to show up in the debug port */
+        ret = ehci_wait_for_port(debug_port);
+        if (ret < 0) {
+                dbgp_printk("No device found in debug port\n");
+                goto next_debug_port;
+        }
+        dbgp_printk("ehci wait for port done\n");
+
+        /* Enable the debug port */
+        ctrl = readl(&ehci_debug->control);
+        ctrl |= DBGP_CLAIM;
+        writel(ctrl, &ehci_debug->control);
+        ctrl = readl(&ehci_debug->control);
+        if ((ctrl & DBGP_CLAIM) != DBGP_CLAIM) {
+                dbgp_printk("No device in debug port\n");
+                writel(ctrl & ~DBGP_CLAIM, &ehci_debug->control);
+                goto err;
+        }
+        dbgp_printk("debug ported enabled\n");
+
+        /* Completely transfer the debug device to the debug controller */
+        portsc = readl(&ehci_regs->port_status[debug_port - 1]);
+        portsc &= ~PORT_PE;
+        writel(portsc, &ehci_regs->port_status[debug_port - 1]);
+
+        dbgp_mdelay(100);
+
+        /* Find the debug device and make it device number 127 */
+        for (devnum = 0; devnum <= 127; devnum++) {
+                ret = dbgp_control_msg(devnum,
+                        USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_DEVICE,
+                        USB_REQ_GET_DESCRIPTOR, (USB_DT_DEBUG << 8), 0,
+                        &dbgp_desc, sizeof(dbgp_desc));
+                if (ret > 0)
+                        break;
+        }
+        if (devnum > 127) {
+                dbgp_printk("Could not find attached debug device\n");
+                goto err;
+        }
+        if (ret < 0) {
+                dbgp_printk("Attached device is not a debug device\n");
+                goto err;
+        }
+        dbgp_endpoint_out = dbgp_desc.bDebugOutEndpoint;
+
+        /* Move the device to 127 if it isn't already there */
+        if (devnum != USB_DEBUG_DEVNUM) {
+                ret = dbgp_control_msg(devnum,
+                        USB_DIR_OUT | USB_TYPE_STANDARD | USB_RECIP_DEVICE,
+                        USB_REQ_SET_ADDRESS, USB_DEBUG_DEVNUM, 0, NULL, 0);
+                if (ret < 0) {
+                        dbgp_printk("Could not move attached device to %d\n",
+                                USB_DEBUG_DEVNUM);
+                        goto err;
+                }
+                devnum = USB_DEBUG_DEVNUM;
+                dbgp_printk("debug device renamed to 127\n");
+        }
+
+        /* Enable the debug interface */
+        ret = dbgp_control_msg(USB_DEBUG_DEVNUM,
+                USB_DIR_OUT | USB_TYPE_STANDARD | USB_RECIP_DEVICE,
+                USB_REQ_SET_FEATURE, USB_DEVICE_DEBUG_MODE, 0, NULL, 0);
+        if (ret < 0) {
+                dbgp_printk(" Could not enable the debug device\n");
+                goto err;
+        }
+        dbgp_printk("debug interface enabled\n");
+
+        /* Perform a small write to get the even/odd data state in sync
+         */
+        ret = dbgp_bulk_write(USB_DEBUG_DEVNUM, dbgp_endpoint_out, " ", 1);
+        if (ret < 0) {
+                dbgp_printk("dbgp_bulk_write failed: %d\n", ret);
+                goto err;
+        }
+        dbgp_printk("small write doned\n");
+
+        return 0;
+err:
+        /* Things didn't work so remove my claim */
+        ctrl = readl(&ehci_debug->control);
+        ctrl &= ~(DBGP_CLAIM | DBGP_OUT);
+        writel(ctrl, &ehci_debug->control);
+        return -1;
+
+next_debug_port:
+        port_map_tried |= (1<<(debug_port - 1));
+        new_debug_port = ((debug_port-1+1)%n_ports) + 1;
+        if (port_map_tried != ((1<<n_ports) - 1)) {
+                set_debug_port(new_debug_port);
+                goto try_next_port;
+        }
+        if (--playtimes) {
+                set_debug_port(new_debug_port);
+                goto try_next_time;
+        }
+
+        return -1;
+}
+
+static int __init early_dbgp_init(char *s)
+{
+        u32 debug_port, bar, offset;
+        u32 bus, slot, func, cap;
+        void __iomem *ehci_bar;
+        u32 dbgp_num;
+        u32 bar_val;
+        char *e;
+        int ret;
+        u8 byte;
+
+        if (!early_pci_allowed())
+                return -1;
+
+        dbgp_num = 0;
+        if (*s)
+                dbgp_num = simple_strtoul(s, &e, 10);
+        dbgp_printk("dbgp_num: %d\n", dbgp_num);
+
+        cap = find_dbgp(dbgp_num, &bus, &slot, &func);
+        if (!cap)
+                return -1;
+
+        dbgp_printk("Found EHCI debug port on %02x:%02x.%1x\n", bus, slot,
+                         func);
+
+        debug_port = read_pci_config(bus, slot, func, cap);
+        bar = (debug_port >> 29) & 0x7;
+        bar = (bar * 4) + 0xc;
+        offset = (debug_port >> 16) & 0xfff;
+        dbgp_printk("bar: %02x offset: %03x\n", bar, offset);
+        if (bar != PCI_BASE_ADDRESS_0) {
+                dbgp_printk("only debug ports on bar 1 handled.\n");
+
+                return -1;
+        }
+
+        bar_val = read_pci_config(bus, slot, func, PCI_BASE_ADDRESS_0);
+        dbgp_printk("bar_val: %02x offset: %03x\n", bar_val, offset);
+        if (bar_val & ~PCI_BASE_ADDRESS_MEM_MASK) {
+                dbgp_printk("only simple 32bit mmio bars supported\n");
+
+                return -1;
+        }
+
+        /* double check if the mem space is enabled */
+        byte = read_pci_config_byte(bus, slot, func, 0x04);
+        if (!(byte & 0x2)) {
+                byte  |= 0x02;
+                write_pci_config_byte(bus, slot, func, 0x04, byte);
+                dbgp_printk("mmio for ehci enabled\n");
+        }
+
+        /*
+         * FIXME I don't have the bar size so just guess PAGE_SIZE is more
+         * than enough.  1K is the biggest I have seen.
+         */
+        set_fixmap_nocache(FIX_DBGP_BASE, bar_val & PAGE_MASK);
+        ehci_bar = (void __iomem *)__fix_to_virt(FIX_DBGP_BASE);
+        ehci_bar += bar_val & ~PAGE_MASK;
+        dbgp_printk("ehci_bar: %p\n", ehci_bar);
+
+        ehci_caps  = ehci_bar;
+        ehci_regs  = ehci_bar + HC_LENGTH(readl(&ehci_caps->hc_capbase));
+        ehci_debug = ehci_bar + offset;
+        ehci_dev.bus = bus;
+        ehci_dev.slot = slot;
+        ehci_dev.func = func;
+
+        detect_set_debug_port();
+
+        ret = ehci_setup();
+        if (ret < 0) {
+                dbgp_printk("ehci_setup failed\n");
+                ehci_debug = NULL;
+
+                return -1;
+        }
+
+        return 0;
+}
+
+static void early_dbgp_write(struct console *con, const char *str, u32 n)
+{
+        int chunk, ret;
+
+        if (!ehci_debug)
+                return;
+        while (n > 0) {
+                chunk = n;
+                if (chunk > DBGP_MAX_PACKET)
+                        chunk = DBGP_MAX_PACKET;
+                ret = dbgp_bulk_write(USB_DEBUG_DEVNUM,
+                        dbgp_endpoint_out, str, chunk);
+                str += chunk;
+                n -= chunk;
+        }
+}
+
+static struct console early_dbgp_console = {
+        .name =         "earlydbg",
+        .write =        early_dbgp_write,
+        .flags =        CON_PRINTBUFFER,
+        .index =        -1,
+};
+#endif
+
 /* Console interface to a host file on AMD's SimNow! */
 
 static int simnow_fd;
@@ -165,6 +889,7 @@ enum {
 static noinline long simnow(long cmd, long a, long b, long c)
 {
         long ret;
+
         asm volatile("cpuid" :
                      "=a" (ret) :
                      "b" (a), "c" (b), "d" (c), "0" (MAGIC1), "D" (cmd + MAGIC2));
@@ -174,6 +899,7 @@ static noinline long simnow(long cmd, long a, long b, long c)
 static void __init simnow_init(char *str)
 {
         char *fn = "klog";
+
         if (*str == '=')
                 fn = ++str;
         /* error ignored */
@@ -194,7 +920,7 @@ static struct console simnow_console = {
 
 /* Direct interface for emergencies */
 static struct console *early_console = &early_vga_console;
-static int early_console_initialized;
+static int __initdata early_console_initialized;
 
 asmlinkage void early_printk(const char *fmt, ...)
 {
@@ -208,10 +934,11 @@ asmlinkage void early_printk(const char *fmt, ...)
         va_end(ap);
 }
 
-static int __initdata keep_early;
 
 static int __init setup_early_printk(char *buf)
 {
+        int keep_early;
+
         if (!buf)
                 return 0;
 
@@ -219,8 +946,7 @@ static int __init setup_early_printk(char *buf)
                 return 0;
         early_console_initialized = 1;
 
-        if (strstr(buf, "keep"))
-                keep_early = 1;
+        keep_early = (strstr(buf, "keep") != NULL);
 
         if (!strncmp(buf, "serial", 6)) {
                 early_serial_init(buf + 6);
@@ -238,6 +964,17 @@ static int __init setup_early_printk(char *buf)
                 simnow_init(buf + 6);
                 early_console = &simnow_console;
                 keep_early = 1;
+#ifdef CONFIG_EARLY_PRINTK_DBGP
+        } else if (!strncmp(buf, "dbgp", 4)) {
+                if (early_dbgp_init(buf+4) < 0)
+                        return 0;
+                early_console = &early_dbgp_console;
+                /*
+                 * usb subsys will reset ehci controller, so don't keep
+                 * that early console
+                 */
+                keep_early = 0;
+#endif
 #ifdef CONFIG_HVC_XEN
         } else if (!strncmp(buf, "xen", 3)) {
                 early_console = &xenboot_console;
@@ -251,4 +988,5 @@ static int __init setup_early_printk(char *buf)
         register_console(early_console);
         return 0;
 }
+
 early_param("earlyprintk", setup_early_printk);
diff --git a/arch/x86/kernel/efi.c b/arch/x86/kernel/efi.c
index 06cc8d4254b1..945a31cdd81f 100644
--- a/arch/x86/kernel/efi.c
+++ b/arch/x86/kernel/efi.c
@@ -414,9 +414,11 @@ void __init efi_init(void)
         if (memmap.map == NULL)
                 printk(KERN_ERR "Could not map the EFI memory map!\n");
         memmap.map_end = memmap.map + (memmap.nr_map * memmap.desc_size);
+
         if (memmap.desc_size != sizeof(efi_memory_desc_t))
-                printk(KERN_WARNING "Kernel-defined memdesc"
-                       "doesn't match the one from EFI!\n");
+                printk(KERN_WARNING
+                  "Kernel-defined memdesc doesn't match the one from EFI!\n");
+
         if (add_efi_memmap)
                 do_add_efi_memmap();
 
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
index 109792bc7cfa..b21fbfaffe39 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
@@ -730,6 +730,7 @@ error_code:
         movl $(__USER_DS), %ecx
         movl %ecx, %ds
         movl %ecx, %es
+        TRACE_IRQS_OFF
         movl %esp,%eax                  # pt_regs pointer
         call *%edi
         jmp ret_from_exception
@@ -760,20 +761,9 @@ ENTRY(device_not_available)
         RING0_INT_FRAME
         pushl $-1                       # mark this as an int
         CFI_ADJUST_CFA_OFFSET 4
-        SAVE_ALL
-        GET_CR0_INTO_EAX
-        testl $0x4, %eax                # EM (math emulation bit)
-        jne device_not_available_emulate
-        preempt_stop(CLBR_ANY)
-        call math_state_restore
-        jmp ret_from_exception
-device_not_available_emulate:
-        pushl $0                        # temporary storage for ORIG_EIP
+        pushl $do_device_not_available
         CFI_ADJUST_CFA_OFFSET 4
-        call math_emulate
-        addl $4, %esp
-        CFI_ADJUST_CFA_OFFSET -4
-        jmp ret_from_exception
+        jmp error_code
         CFI_ENDPROC
 END(device_not_available)
 
@@ -814,6 +804,7 @@ debug_stack_correct:
         pushl $-1                       # mark this as an int
         CFI_ADJUST_CFA_OFFSET 4
         SAVE_ALL
+        TRACE_IRQS_OFF
         xorl %edx,%edx                  # error code 0
         movl %esp,%eax                  # pt_regs pointer
         call do_debug
@@ -858,6 +849,7 @@ nmi_stack_correct:
         pushl %eax
         CFI_ADJUST_CFA_OFFSET 4
         SAVE_ALL
+        TRACE_IRQS_OFF
         xorl %edx,%edx          # zero error code
         movl %esp,%eax          # pt_regs pointer
         call do_nmi
@@ -898,6 +890,7 @@ nmi_espfix_stack:
         pushl %eax
         CFI_ADJUST_CFA_OFFSET 4
         SAVE_ALL
+        TRACE_IRQS_OFF
         FIXUP_ESPFIX_STACK              # %eax == %esp
         xorl %edx,%edx                  # zero error code
         call do_nmi
@@ -928,6 +921,7 @@ KPROBE_ENTRY(int3)
         pushl $-1                       # mark this as an int
         CFI_ADJUST_CFA_OFFSET 4
         SAVE_ALL
+        TRACE_IRQS_OFF
         xorl %edx,%edx          # zero error code
         movl %esp,%eax          # pt_regs pointer
         call do_int3
@@ -1030,7 +1024,7 @@ ENTRY(machine_check)
         RING0_INT_FRAME
         pushl $0
         CFI_ADJUST_CFA_OFFSET 4
-        pushl machine_check_vector
+        pushl $do_machine_check
         CFI_ADJUST_CFA_OFFSET 4
         jmp error_code
         CFI_ENDPROC
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
index 89434d439605..1db6ce4314e1 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -275,9 +275,9 @@ ENTRY(native_usergs_sysret64)
 ENTRY(ret_from_fork)
         CFI_DEFAULT_STACK
         push kernel_eflags(%rip)
-        CFI_ADJUST_CFA_OFFSET 4
+        CFI_ADJUST_CFA_OFFSET 8
         popf                            # reset kernel eflags
-        CFI_ADJUST_CFA_OFFSET -4
+        CFI_ADJUST_CFA_OFFSET -8
         call schedule_tail
         GET_THREAD_INFO(%rcx)
         testl $(_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT),TI_flags(%rcx)
@@ -667,6 +667,13 @@ END(stub_rt_sigreturn)
         SAVE_ARGS
         leaq -ARGOFFSET(%rsp),%rdi      # arg1 for handler
         pushq %rbp
+        /*
+         * Save rbp twice: One is for marking the stack frame, as usual, and the
+         * other, to fill pt_regs properly. This is because bx comes right
+         * before the last saved register in that structure, and not bp. If the
+         * base pointer were in the place bx is today, this would not be needed.
+         */
+        movq %rbp, -8(%rsp)
         CFI_ADJUST_CFA_OFFSET   8
         CFI_REL_OFFSET          rbp, 0
         movq %rsp,%rbp
@@ -932,6 +939,9 @@ END(spurious_interrupt)
         .if \ist
         movq    %gs:pda_data_offset, %rbp
         .endif
+        .if \irqtrace
+        TRACE_IRQS_OFF
+        .endif
         movq %rsp,%rdi
         movq ORIG_RAX(%rsp),%rsi
         movq $-1,ORIG_RAX(%rsp)
@@ -1058,7 +1068,8 @@ KPROBE_ENTRY(error_entry)
         je  error_kernelspace
 error_swapgs:   
         SWAPGS
-error_sti:      
+error_sti:
+        TRACE_IRQS_OFF
         movq %rdi,RDI(%rsp)     
         CFI_REL_OFFSET  rdi,RDI
         movq %rsp,%rdi
@@ -1232,7 +1243,7 @@ ENTRY(simd_coprocessor_error)
 END(simd_coprocessor_error)
 
 ENTRY(device_not_available)
-        zeroentry math_state_restore
+        zeroentry do_device_not_available
 END(device_not_available)
 
         /* runs on exception stack */
diff --git a/arch/x86/mach-es7000/es7000plat.c b/arch/x86/kernel/es7000_32.c
index 50189af14b85..f454c78fcef6 100644
--- a/arch/x86/mach-es7000/es7000plat.c
+++ b/arch/x86/kernel/es7000_32.c
@@ -39,10 +39,94 @@
 #include <asm/nmi.h>
 #include <asm/smp.h>
 #include <asm/apicdef.h>
-#include "es7000.h"
 #include <mach_mpparse.h>
 
 /*
+ * ES7000 chipsets
+ */
+
+#define NON_UNISYS              0
+#define ES7000_CLASSIC          1
+#define ES7000_ZORRO            2
+
+
+#define MIP_REG                 1
+#define MIP_PSAI_REG            4
+
+#define MIP_BUSY                1
+#define MIP_SPIN                0xf0000
+#define MIP_VALID               0x0100000000000000ULL
+#define MIP_PORT(VALUE) ((VALUE >> 32) & 0xffff)
+
+#define MIP_RD_LO(VALUE)        (VALUE & 0xffffffff)
+
+struct mip_reg_info {
+        unsigned long long mip_info;
+        unsigned long long delivery_info;
+        unsigned long long host_reg;
+        unsigned long long mip_reg;
+};
+
+struct part_info {
+        unsigned char type;
+        unsigned char length;
+        unsigned char part_id;
+        unsigned char apic_mode;
+        unsigned long snum;
+        char ptype[16];
+        char sname[64];
+        char pname[64];
+};
+
+struct psai {
+        unsigned long long entry_type;
+        unsigned long long addr;
+        unsigned long long bep_addr;
+};
+
+struct es7000_mem_info {
+        unsigned char type;
+        unsigned char length;
+        unsigned char resv[6];
+        unsigned long long  start;
+        unsigned long long  size;
+};
+
+struct es7000_oem_table {
+        unsigned long long hdr;
+        struct mip_reg_info mip;
+        struct part_info pif;
+        struct es7000_mem_info shm;
+        struct psai psai;
+};
+
+#ifdef CONFIG_ACPI
+
+struct oem_table {
+        struct acpi_table_header Header;
+        u32 OEMTableAddr;
+        u32 OEMTableSize;
+};
+
+extern int find_unisys_acpi_oem_table(unsigned long *oem_addr);
+extern void unmap_unisys_acpi_oem_table(unsigned long oem_addr);
+#endif
+
+struct mip_reg {
+        unsigned long long off_0;
+        unsigned long long off_8;
+        unsigned long long off_10;
+        unsigned long long off_18;
+        unsigned long long off_20;
+        unsigned long long off_28;
+        unsigned long long off_30;
+        unsigned long long off_38;
+};
+
+#define MIP_SW_APIC             0x1020b
+#define MIP_FUNC(VALUE)         (VALUE & 0xff)
+
+/*
  * ES7000 Globals
  */
 
@@ -72,7 +156,7 @@ es7000_rename_gsi(int ioapic, int gsi)
                         base += nr_ioapic_registers[i];
         }
 
-        if (!ioapic && (gsi < 16)) 
+        if (!ioapic && (gsi < 16))
                 gsi += base;
         return gsi;
 }
@@ -160,21 +244,38 @@ parse_unisys_oem (char *oemptr)
 }
 
 #ifdef CONFIG_ACPI
-int __init
-find_unisys_acpi_oem_table(unsigned long *oem_addr)
+static unsigned long oem_addrX;
+static unsigned long oem_size;
+int __init find_unisys_acpi_oem_table(unsigned long *oem_addr)
 {
         struct acpi_table_header *header = NULL;
         int i = 0;
-        while (ACPI_SUCCESS(acpi_get_table("OEM1", i++, &header))) {
+        acpi_size tbl_size;
+
+        while (ACPI_SUCCESS(acpi_get_table_with_size("OEM1", i++, &header, &tbl_size))) {
                 if (!memcmp((char *) &header->oem_id, "UNISYS", 6)) {
                         struct oem_table *t = (struct oem_table *)header;
-                        *oem_addr = (unsigned long)__acpi_map_table(t->OEMTableAddr,
-                                                                    t->OEMTableSize);
+
+                        oem_addrX = t->OEMTableAddr;
+                        oem_size = t->OEMTableSize;
+                        early_acpi_os_unmap_memory(header, tbl_size);
+
+                        *oem_addr = (unsigned long)__acpi_map_table(oem_addrX,
+                                                                    oem_size);
                         return 0;
                 }
+                early_acpi_os_unmap_memory(header, tbl_size);
         }
         return -1;
 }
+
+void __init unmap_unisys_acpi_oem_table(unsigned long oem_addr)
+{
+        if (!oem_addr)
+                return;
+
+        __acpi_unmap_table((char *)oem_addr, oem_size);
+}
 #endif
 
 static void
diff --git a/arch/x86/kernel/genapic_64.c b/arch/x86/kernel/genapic_64.c
index eaff0bbb1444..6c9bfc9e1e95 100644
--- a/arch/x86/kernel/genapic_64.c
+++ b/arch/x86/kernel/genapic_64.c
@@ -16,87 +16,63 @@
 #include <linux/ctype.h>
 #include <linux/init.h>
 #include <linux/hardirq.h>
+#include <linux/dmar.h>
 
 #include <asm/smp.h>
 #include <asm/ipi.h>
 #include <asm/genapic.h>
 
-#ifdef CONFIG_ACPI
-#include <acpi/acpi_bus.h>
-#endif
-
-DEFINE_PER_CPU(int, x2apic_extra_bits);
+extern struct genapic apic_flat;
+extern struct genapic apic_physflat;
+extern struct genapic apic_x2xpic_uv_x;
+extern struct genapic apic_x2apic_phys;
+extern struct genapic apic_x2apic_cluster;
 
 struct genapic __read_mostly *genapic = &apic_flat;
 
-static enum uv_system_type uv_system_type;
+static struct genapic *apic_probe[] __initdata = {
+        &apic_x2apic_uv_x,
+        &apic_x2apic_phys,
+        &apic_x2apic_cluster,
+        &apic_physflat,
+        NULL,
+};
 
 /*
  * Check the APIC IDs in bios_cpu_apicid and choose the APIC mode.
  */
 void __init setup_apic_routing(void)
 {
-        if (uv_system_type == UV_NON_UNIQUE_APIC)
-                genapic = &apic_x2apic_uv_x;
-        else
-#ifdef CONFIG_ACPI
-        /*
-         * Quirk: some x86_64 machines can only use physical APIC mode
-         * regardless of how many processors are present (x86_64 ES7000
-         * is an example).
-         */
-        if (acpi_gbl_FADT.header.revision > FADT2_REVISION_ID &&
-                        (acpi_gbl_FADT.flags & ACPI_FADT_APIC_PHYSICAL))
-                genapic = &apic_physflat;
-        else
-#endif
-
-        if (max_physical_apicid < 8)
-                genapic = &apic_flat;
-        else
-                genapic = &apic_physflat;
+        if (genapic == &apic_x2apic_phys || genapic == &apic_x2apic_cluster) {
+                if (!intr_remapping_enabled)
+                        genapic = &apic_flat;
+        }
 
-        printk(KERN_INFO "Setting APIC routing to %s\n", genapic->name);
+        if (genapic == &apic_flat) {
+                if (max_physical_apicid >= 8)
+                        genapic = &apic_physflat;
+                printk(KERN_INFO "Setting APIC routing to %s\n", genapic->name);
+        }
 }
 
 /* Same for both flat and physical. */
 
-void send_IPI_self(int vector)
+void apic_send_IPI_self(int vector)
 {
         __send_IPI_shortcut(APIC_DEST_SELF, vector, APIC_DEST_PHYSICAL);
 }
 
 int __init acpi_madt_oem_check(char *oem_id, char *oem_table_id)
 {
-        if (!strcmp(oem_id, "SGI")) {
-                if (!strcmp(oem_table_id, "UVL"))
-                        uv_system_type = UV_LEGACY_APIC;
-                else if (!strcmp(oem_table_id, "UVX"))
-                        uv_system_type = UV_X2APIC;
-                else if (!strcmp(oem_table_id, "UVH"))
-                        uv_system_type = UV_NON_UNIQUE_APIC;
+        int i;
+
+        for (i = 0; apic_probe[i]; ++i) {
+                if (apic_probe[i]->acpi_madt_oem_check(oem_id, oem_table_id)) {
+                        genapic = apic_probe[i];
+                        printk(KERN_INFO "Setting APIC routing to %s.\n",
+                                genapic->name);
+                        return 1;
+                }
         }
         return 0;
 }
-
-unsigned int read_apic_id(void)
-{
-        unsigned int id;
-
-        WARN_ON(preemptible() && num_online_cpus() > 1);
-        id = apic_read(APIC_ID);
-        if (uv_system_type >= UV_X2APIC)
-                id  |= __get_cpu_var(x2apic_extra_bits);
-        return id;
-}
-
-enum uv_system_type get_uv_system_type(void)
-{
-        return uv_system_type;
-}
-
-int is_uv_system(void)
-{
-        return uv_system_type != UV_NONE;
-}
-EXPORT_SYMBOL_GPL(is_uv_system);
diff --git a/arch/x86/kernel/genapic_flat_64.c b/arch/x86/kernel/genapic_flat_64.c
index 786548a62d38..9eca5ba7a6b1 100644
--- a/arch/x86/kernel/genapic_flat_64.c
+++ b/arch/x86/kernel/genapic_flat_64.c
@@ -15,9 +15,20 @@
 #include <linux/kernel.h>
 #include <linux/ctype.h>
 #include <linux/init.h>
+#include <linux/hardirq.h>
 #include <asm/smp.h>
 #include <asm/ipi.h>
 #include <asm/genapic.h>
+#include <mach_apicdef.h>
+
+#ifdef CONFIG_ACPI
+#include <acpi/acpi_bus.h>
+#endif
+
+static int __init flat_acpi_madt_oem_check(char *oem_id, char *oem_table_id)
+{
+        return 1;
+}
 
 static cpumask_t flat_target_cpus(void)
 {
@@ -95,9 +106,33 @@ static void flat_send_IPI_all(int vector)
                 __send_IPI_shortcut(APIC_DEST_ALLINC, vector, APIC_DEST_LOGICAL);
 }
 
+static unsigned int get_apic_id(unsigned long x)
+{
+        unsigned int id;
+
+        id = (((x)>>24) & 0xFFu);
+        return id;
+}
+
+static unsigned long set_apic_id(unsigned int id)
+{
+        unsigned long x;
+
+        x = ((id & 0xFFu)<<24);
+        return x;
+}
+
+static unsigned int read_xapic_id(void)
+{
+        unsigned int id;
+
+        id = get_apic_id(apic_read(APIC_ID));
+        return id;
+}
+
 static int flat_apic_id_registered(void)
 {
-        return physid_isset(GET_APIC_ID(read_apic_id()), phys_cpu_present_map);
+        return physid_isset(read_xapic_id(), phys_cpu_present_map);
 }
 
 static unsigned int flat_cpu_mask_to_apicid(cpumask_t cpumask)
@@ -112,6 +147,7 @@ static unsigned int phys_pkg_id(int index_msb)
 
 struct genapic apic_flat =  {
         .name = "flat",
+        .acpi_madt_oem_check = flat_acpi_madt_oem_check,
         .int_delivery_mode = dest_LowestPrio,
         .int_dest_mode = (APIC_DEST_LOGICAL != 0),
         .target_cpus = flat_target_cpus,
@@ -121,8 +157,12 @@ struct genapic apic_flat =  {
         .send_IPI_all = flat_send_IPI_all,
         .send_IPI_allbutself = flat_send_IPI_allbutself,
         .send_IPI_mask = flat_send_IPI_mask,
+        .send_IPI_self = apic_send_IPI_self,
         .cpu_mask_to_apicid = flat_cpu_mask_to_apicid,
         .phys_pkg_id = phys_pkg_id,
+        .get_apic_id = get_apic_id,
+        .set_apic_id = set_apic_id,
+        .apic_id_mask = (0xFFu<<24),
 };
 
 /*
@@ -130,6 +170,21 @@ struct genapic apic_flat =  {
  * We cannot use logical delivery in this case because the mask
  * overflows, so use physical mode.
  */
+static int __init physflat_acpi_madt_oem_check(char *oem_id, char *oem_table_id)
+{
+#ifdef CONFIG_ACPI
+        /*
+         * Quirk: some x86_64 machines can only use physical APIC mode
+         * regardless of how many processors are present (x86_64 ES7000
+         * is an example).
+         */
+        if (acpi_gbl_FADT.header.revision > FADT2_REVISION_ID &&
+                (acpi_gbl_FADT.flags & ACPI_FADT_APIC_PHYSICAL))
+                return 1;
+#endif
+
+        return 0;
+}
 
 static cpumask_t physflat_target_cpus(void)
 {
@@ -176,6 +231,7 @@ static unsigned int physflat_cpu_mask_to_apicid(cpumask_t cpumask)
 
 struct genapic apic_physflat =  {
         .name = "physical flat",
+        .acpi_madt_oem_check = physflat_acpi_madt_oem_check,
         .int_delivery_mode = dest_Fixed,
         .int_dest_mode = (APIC_DEST_PHYSICAL != 0),
         .target_cpus = physflat_target_cpus,
@@ -185,6 +241,10 @@ struct genapic apic_physflat =  {
         .send_IPI_all = physflat_send_IPI_all,
         .send_IPI_allbutself = physflat_send_IPI_allbutself,
         .send_IPI_mask = physflat_send_IPI_mask,
+        .send_IPI_self = apic_send_IPI_self,
         .cpu_mask_to_apicid = physflat_cpu_mask_to_apicid,
         .phys_pkg_id = phys_pkg_id,
+        .get_apic_id = get_apic_id,
+        .set_apic_id = set_apic_id,
+        .apic_id_mask = (0xFFu<<24),
 };
diff --git a/arch/x86/kernel/genx2apic_cluster.c b/arch/x86/kernel/genx2apic_cluster.c
new file mode 100644
index 000000000000..e4bf2cc0d743
--- /dev/null
+++ b/arch/x86/kernel/genx2apic_cluster.c
@@ -0,0 +1,159 @@
+#include <linux/threads.h>
+#include <linux/cpumask.h>
+#include <linux/string.h>
+#include <linux/kernel.h>
+#include <linux/ctype.h>
+#include <linux/init.h>
+#include <linux/dmar.h>
+
+#include <asm/smp.h>
+#include <asm/ipi.h>
+#include <asm/genapic.h>
+
+DEFINE_PER_CPU(u32, x86_cpu_to_logical_apicid);
+
+static int __init x2apic_acpi_madt_oem_check(char *oem_id, char *oem_table_id)
+{
+        if (cpu_has_x2apic)
+                return 1;
+
+        return 0;
+}
+
+/* Start with all IRQs pointing to boot CPU.  IRQ balancing will shift them. */
+
+static cpumask_t x2apic_target_cpus(void)
+{
+        return cpumask_of_cpu(0);
+}
+
+/*
+ * for now each logical cpu is in its own vector allocation domain.
+ */
+static cpumask_t x2apic_vector_allocation_domain(int cpu)
+{
+        cpumask_t domain = CPU_MASK_NONE;
+        cpu_set(cpu, domain);
+        return domain;
+}
+
+static void __x2apic_send_IPI_dest(unsigned int apicid, int vector,
+                                   unsigned int dest)
+{
+        unsigned long cfg;
+
+        cfg = __prepare_ICR(0, vector, dest);
+
+        /*
+         * send the IPI.
+         */
+        x2apic_icr_write(cfg, apicid);
+}
+
+/*
+ * for now, we send the IPI's one by one in the cpumask.
+ * TBD: Based on the cpu mask, we can send the IPI's to the cluster group
+ * at once. We have 16 cpu's in a cluster. This will minimize IPI register
+ * writes.
+ */
+static void x2apic_send_IPI_mask(cpumask_t mask, int vector)
+{
+        unsigned long flags;
+        unsigned long query_cpu;
+
+        local_irq_save(flags);
+        for_each_cpu_mask(query_cpu, mask) {
+                __x2apic_send_IPI_dest(per_cpu(x86_cpu_to_logical_apicid, query_cpu),
+                                       vector, APIC_DEST_LOGICAL);
+        }
+        local_irq_restore(flags);
+}
+
+static void x2apic_send_IPI_allbutself(int vector)
+{
+        cpumask_t mask = cpu_online_map;
+
+        cpu_clear(smp_processor_id(), mask);
+
+        if (!cpus_empty(mask))
+                x2apic_send_IPI_mask(mask, vector);
+}
+
+static void x2apic_send_IPI_all(int vector)
+{
+        x2apic_send_IPI_mask(cpu_online_map, vector);
+}
+
+static int x2apic_apic_id_registered(void)
+{
+        return 1;
+}
+
+static unsigned int x2apic_cpu_mask_to_apicid(cpumask_t cpumask)
+{
+        int cpu;
+
+        /*
+         * We're using fixed IRQ delivery, can only return one phys APIC ID.
+         * May as well be the first.
+         */
+        cpu = first_cpu(cpumask);
+        if ((unsigned)cpu < NR_CPUS)
+                return per_cpu(x86_cpu_to_logical_apicid, cpu);
+        else
+                return BAD_APICID;
+}
+
+static unsigned int get_apic_id(unsigned long x)
+{
+        unsigned int id;
+
+        id = x;
+        return id;
+}
+
+static unsigned long set_apic_id(unsigned int id)
+{
+        unsigned long x;
+
+        x = id;
+        return x;
+}
+
+static unsigned int phys_pkg_id(int index_msb)
+{
+        return current_cpu_data.initial_apicid >> index_msb;
+}
+
+static void x2apic_send_IPI_self(int vector)
+{
+        apic_write(APIC_SELF_IPI, vector);
+}
+
+static void init_x2apic_ldr(void)
+{
+        int cpu = smp_processor_id();
+
+        per_cpu(x86_cpu_to_logical_apicid, cpu) = apic_read(APIC_LDR);
+        return;
+}
+
+struct genapic apic_x2apic_cluster = {
+        .name = "cluster x2apic",
+        .acpi_madt_oem_check = x2apic_acpi_madt_oem_check,
+        .int_delivery_mode = dest_LowestPrio,
+        .int_dest_mode = (APIC_DEST_LOGICAL != 0),
+        .target_cpus = x2apic_target_cpus,
+        .vector_allocation_domain = x2apic_vector_allocation_domain,
+        .apic_id_registered = x2apic_apic_id_registered,
+        .init_apic_ldr = init_x2apic_ldr,
+        .send_IPI_all = x2apic_send_IPI_all,
+        .send_IPI_allbutself = x2apic_send_IPI_allbutself,
+        .send_IPI_mask = x2apic_send_IPI_mask,
+        .send_IPI_self = x2apic_send_IPI_self,
+        .cpu_mask_to_apicid = x2apic_cpu_mask_to_apicid,
+        .phys_pkg_id = phys_pkg_id,
+        .get_apic_id = get_apic_id,
+        .set_apic_id = set_apic_id,
+        .apic_id_mask = (0xFFFFFFFFu),
+};
diff --git a/arch/x86/kernel/genx2apic_phys.c b/arch/x86/kernel/genx2apic_phys.c
new file mode 100644
index 000000000000..8f1343df2627
--- /dev/null
+++ b/arch/x86/kernel/genx2apic_phys.c
@@ -0,0 +1,154 @@
+#include <linux/threads.h>
+#include <linux/cpumask.h>
+#include <linux/string.h>
+#include <linux/kernel.h>
+#include <linux/ctype.h>
+#include <linux/init.h>
+#include <linux/dmar.h>
+
+#include <asm/smp.h>
+#include <asm/ipi.h>
+#include <asm/genapic.h>
+
+static int x2apic_phys;
+
+static int set_x2apic_phys_mode(char *arg)
+{
+        x2apic_phys = 1;
+        return 0;
+}
+early_param("x2apic_phys", set_x2apic_phys_mode);
+
+static int __init x2apic_acpi_madt_oem_check(char *oem_id, char *oem_table_id)
+{
+        if (cpu_has_x2apic && x2apic_phys)
+                return 1;
+
+        return 0;
+}
+
+/* Start with all IRQs pointing to boot CPU.  IRQ balancing will shift them. */
+
+static cpumask_t x2apic_target_cpus(void)
+{
+        return cpumask_of_cpu(0);
+}
+
+static cpumask_t x2apic_vector_allocation_domain(int cpu)
+{
+        cpumask_t domain = CPU_MASK_NONE;
+        cpu_set(cpu, domain);
+        return domain;
+}
+
+static void __x2apic_send_IPI_dest(unsigned int apicid, int vector,
+                                   unsigned int dest)
+{
+        unsigned long cfg;
+
+        cfg = __prepare_ICR(0, vector, dest);
+
+        /*
+         * send the IPI.
+         */
+        x2apic_icr_write(cfg, apicid);
+}
+
+static void x2apic_send_IPI_mask(cpumask_t mask, int vector)
+{
+        unsigned long flags;
+        unsigned long query_cpu;
+
+        local_irq_save(flags);
+        for_each_cpu_mask(query_cpu, mask) {
+                __x2apic_send_IPI_dest(per_cpu(x86_cpu_to_apicid, query_cpu),
+                                       vector, APIC_DEST_PHYSICAL);
+        }
+        local_irq_restore(flags);
+}
+
+static void x2apic_send_IPI_allbutself(int vector)
+{
+        cpumask_t mask = cpu_online_map;
+
+        cpu_clear(smp_processor_id(), mask);
+
+        if (!cpus_empty(mask))
+                x2apic_send_IPI_mask(mask, vector);
+}
+
+static void x2apic_send_IPI_all(int vector)
+{
+        x2apic_send_IPI_mask(cpu_online_map, vector);
+}
+
+static int x2apic_apic_id_registered(void)
+{
+        return 1;
+}
+
+static unsigned int x2apic_cpu_mask_to_apicid(cpumask_t cpumask)
+{
+        int cpu;
+
+        /*
+         * We're using fixed IRQ delivery, can only return one phys APIC ID.
+         * May as well be the first.
+         */
+        cpu = first_cpu(cpumask);
+        if ((unsigned)cpu < NR_CPUS)
+                return per_cpu(x86_cpu_to_apicid, cpu);
+        else
+                return BAD_APICID;
+}
+
+static unsigned int get_apic_id(unsigned long x)
+{
+        unsigned int id;
+
+        id = x;
+        return id;
+}
+
+static unsigned long set_apic_id(unsigned int id)
+{
+        unsigned long x;
+
+        x = id;
+        return x;
+}
+
+static unsigned int phys_pkg_id(int index_msb)
+{
+        return current_cpu_data.initial_apicid >> index_msb;
+}
+
+void x2apic_send_IPI_self(int vector)
+{
+        apic_write(APIC_SELF_IPI, vector);
+}
+
+void init_x2apic_ldr(void)
+{
+        return;
+}
+
+struct genapic apic_x2apic_phys = {
+        .name = "physical x2apic",
+        .acpi_madt_oem_check = x2apic_acpi_madt_oem_check,
+        .int_delivery_mode = dest_Fixed,
+        .int_dest_mode = (APIC_DEST_PHYSICAL != 0),
+        .target_cpus = x2apic_target_cpus,
+        .vector_allocation_domain = x2apic_vector_allocation_domain,
+        .apic_id_registered = x2apic_apic_id_registered,
+        .init_apic_ldr = init_x2apic_ldr,
+        .send_IPI_all = x2apic_send_IPI_all,
+        .send_IPI_allbutself = x2apic_send_IPI_allbutself,
+        .send_IPI_mask = x2apic_send_IPI_mask,
+        .send_IPI_self = x2apic_send_IPI_self,
+        .cpu_mask_to_apicid = x2apic_cpu_mask_to_apicid,
+        .phys_pkg_id = phys_pkg_id,
+        .get_apic_id = get_apic_id,
+        .set_apic_id = set_apic_id,
+        .apic_id_mask = (0xFFFFFFFFu),
+};
diff --git a/arch/x86/kernel/genx2apic_uv_x.c b/arch/x86/kernel/genx2apic_uv_x.c
index bfa837cb16be..33581d94a90e 100644
--- a/arch/x86/kernel/genx2apic_uv_x.c
+++ b/arch/x86/kernel/genx2apic_uv_x.c
@@ -12,12 +12,12 @@
 #include <linux/threads.h>
 #include <linux/cpumask.h>
 #include <linux/string.h>
-#include <linux/kernel.h>
 #include <linux/ctype.h>
 #include <linux/init.h>
 #include <linux/sched.h>
 #include <linux/bootmem.h>
 #include <linux/module.h>
+#include <linux/hardirq.h>
 #include <asm/smp.h>
 #include <asm/ipi.h>
 #include <asm/genapic.h>
@@ -26,6 +26,36 @@
 #include <asm/uv/uv_hub.h>
 #include <asm/uv/bios.h>
 
+DEFINE_PER_CPU(int, x2apic_extra_bits);
+
+static enum uv_system_type uv_system_type;
+
+static int __init uv_acpi_madt_oem_check(char *oem_id, char *oem_table_id)
+{
+        if (!strcmp(oem_id, "SGI")) {
+                if (!strcmp(oem_table_id, "UVL"))
+                        uv_system_type = UV_LEGACY_APIC;
+                else if (!strcmp(oem_table_id, "UVX"))
+                        uv_system_type = UV_X2APIC;
+                else if (!strcmp(oem_table_id, "UVH")) {
+                        uv_system_type = UV_NON_UNIQUE_APIC;
+                        return 1;
+                }
+        }
+        return 0;
+}
+
+enum uv_system_type get_uv_system_type(void)
+{
+        return uv_system_type;
+}
+
+int is_uv_system(void)
+{
+        return uv_system_type != UV_NONE;
+}
+EXPORT_SYMBOL_GPL(is_uv_system);
+
 DEFINE_PER_CPU(struct uv_hub_info_s, __uv_hub_info);
 EXPORT_PER_CPU_SYMBOL_GPL(__uv_hub_info);
 
@@ -84,7 +114,7 @@ static void uv_send_IPI_one(int cpu, int vector)
         unsigned long val, apicid, lapicid;
         int pnode;
 
-        apicid = per_cpu(x86_cpu_to_apicid, cpu); /* ZZZ - cache node-local ? */
+        apicid = per_cpu(x86_cpu_to_apicid, cpu);
         lapicid = apicid & 0x3f;                /* ZZZ macro needed */
         pnode = uv_apicid_to_pnode(apicid);
         val =
@@ -123,6 +153,10 @@ static int uv_apic_id_registered(void)
         return 1;
 }
 
+static void uv_init_apic_ldr(void)
+{
+}
+
 static unsigned int uv_cpu_mask_to_apicid(cpumask_t cpumask)
 {
         int cpu;
@@ -138,31 +172,59 @@ static unsigned int uv_cpu_mask_to_apicid(cpumask_t cpumask)
                 return BAD_APICID;
 }
 
+static unsigned int get_apic_id(unsigned long x)
+{
+        unsigned int id;
+
+        WARN_ON(preemptible() && num_online_cpus() > 1);
+        id = x | __get_cpu_var(x2apic_extra_bits);
+
+        return id;
+}
+
+static unsigned long set_apic_id(unsigned int id)
+{
+        unsigned long x;
+
+        /* maskout x2apic_extra_bits ? */
+        x = id;
+        return x;
+}
+
+static unsigned int uv_read_apic_id(void)
+{
+
+        return get_apic_id(apic_read(APIC_ID));
+}
+
 static unsigned int phys_pkg_id(int index_msb)
 {
-        return GET_APIC_ID(read_apic_id()) >> index_msb;
+        return uv_read_apic_id() >> index_msb;
 }
 
-#ifdef ZZZ              /* Needs x2apic patch */
 static void uv_send_IPI_self(int vector)
 {
         apic_write(APIC_SELF_IPI, vector);
 }
-#endif
 
 struct genapic apic_x2apic_uv_x = {
         .name = "UV large system",
+        .acpi_madt_oem_check = uv_acpi_madt_oem_check,
         .int_delivery_mode = dest_Fixed,
         .int_dest_mode = (APIC_DEST_PHYSICAL != 0),
         .target_cpus = uv_target_cpus,
-        .vector_allocation_domain = uv_vector_allocation_domain,/* Fixme ZZZ */
+        .vector_allocation_domain = uv_vector_allocation_domain,
         .apic_id_registered = uv_apic_id_registered,
+        .init_apic_ldr = uv_init_apic_ldr,
         .send_IPI_all = uv_send_IPI_all,
         .send_IPI_allbutself = uv_send_IPI_allbutself,
         .send_IPI_mask = uv_send_IPI_mask,
-        /* ZZZ.send_IPI_self = uv_send_IPI_self, */
+        .send_IPI_self = uv_send_IPI_self,
         .cpu_mask_to_apicid = uv_cpu_mask_to_apicid,
-        .phys_pkg_id = phys_pkg_id,     /* Fixme ZZZ */
+        .phys_pkg_id = phys_pkg_id,
+        .get_apic_id = get_apic_id,
+        .set_apic_id = set_apic_id,
+        .apic_id_mask = (0xFFFFFFFFu),
 };
 
 static __cpuinit void set_x2apic_extra_bits(int pnode)
@@ -222,12 +284,13 @@ static __init void map_low_mmrs(void)
 
 enum map_type {map_wb, map_uc};
 
-static __init void map_high(char *id, unsigned long base, int shift, enum map_type map_type)
+static __init void map_high(char *id, unsigned long base, int shift,
+                            int max_pnode, enum map_type map_type)
 {
         unsigned long bytes, paddr;
 
         paddr = base << shift;
-        bytes = (1UL << shift);
+        bytes = (1UL << shift) * (max_pnode + 1);
         printk(KERN_INFO "UV: Map %s_HI 0x%lx - 0x%lx\n", id, paddr,
                                                 paddr + bytes);
         if (map_type == map_uc)
@@ -243,7 +306,7 @@ static __init void map_gru_high(int max_pnode)
 
         gru.v = uv_read_local_mmr(UVH_RH_GAM_GRU_OVERLAY_CONFIG_MMR);
         if (gru.s.enable)
-                map_high("GRU", gru.s.base, shift, map_wb);
+                map_high("GRU", gru.s.base, shift, max_pnode, map_wb);
 }
 
 static __init void map_config_high(int max_pnode)
@@ -253,7 +316,7 @@ static __init void map_config_high(int max_pnode)
 
         cfg.v = uv_read_local_mmr(UVH_RH_GAM_CFG_OVERLAY_CONFIG_MMR);
         if (cfg.s.enable)
-                map_high("CONFIG", cfg.s.base, shift, map_uc);
+                map_high("CONFIG", cfg.s.base, shift, max_pnode, map_uc);
 }
 
 static __init void map_mmr_high(int max_pnode)
@@ -263,7 +326,7 @@ static __init void map_mmr_high(int max_pnode)
 
         mmr.v = uv_read_local_mmr(UVH_RH_GAM_MMR_OVERLAY_CONFIG_MMR);
         if (mmr.s.enable)
-                map_high("MMR", mmr.s.base, shift, map_uc);
+                map_high("MMR", mmr.s.base, shift, max_pnode, map_uc);
 }
 
 static __init void map_mmioh_high(int max_pnode)
@@ -273,7 +336,7 @@ static __init void map_mmioh_high(int max_pnode)
 
         mmioh.v = uv_read_local_mmr(UVH_RH_GAM_MMIOH_OVERLAY_CONFIG_MMR);
         if (mmioh.s.enable)
-                map_high("MMIOH", mmioh.s.base, shift, map_uc);
+                map_high("MMIOH", mmioh.s.base, shift, max_pnode, map_uc);
 }
 
 static __init void uv_rtc_init(void)
@@ -401,3 +464,5 @@ void __cpuinit uv_cpu_init(void)
         if (get_uv_system_type() == UV_NON_UNIQUE_APIC)
                 set_x2apic_extra_bits(uv_hub_info->pnode);
 }
+
+
diff --git a/arch/x86/kernel/head.c b/arch/x86/kernel/head.c
index 3e66bd364a9d..1dcb0f13897e 100644
--- a/arch/x86/kernel/head.c
+++ b/arch/x86/kernel/head.c
@@ -35,6 +35,7 @@ void __init reserve_ebda_region(void)
 
         /* start of EBDA area */
         ebda_addr = get_bios_ebda();
+        printk(KERN_INFO "BIOS EBDA/lowmem at: %08x/%08x\n", ebda_addr, lowmem);
 
         /* Fixup: bios puts an EBDA in the top 64K segment */
         /* of conventional memory, but does not adjust lowmem. */
diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
index 9bfc4d72fb2e..d16084f90649 100644
--- a/arch/x86/kernel/head64.c
+++ b/arch/x86/kernel/head64.c
@@ -108,12 +108,11 @@ void __init x86_64_start_kernel(char * real_mode_data)
         }
         load_idt((const struct desc_ptr *)&idt_descr);
 
-        early_printk("Kernel alive\n");
+        if (console_loglevel == 10)
+                early_printk("Kernel alive\n");
 
         x86_64_init_pda();
 
-        early_printk("Kernel really alive\n");
-
         x86_64_start_reservations(real_mode_data);
 }
 
diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
index a7010c3a377a..e835b4eea70b 100644
--- a/arch/x86/kernel/head_32.S
+++ b/arch/x86/kernel/head_32.S
@@ -172,10 +172,6 @@ num_subarch_entries = (. - subarch_entries) / 4
  *
  * Note that the stack is not yet set up!
  */
-#define PTE_ATTR        0x007           /* PRESENT+RW+USER */
-#define PDE_ATTR        0x067           /* PRESENT+RW+USER+DIRTY+ACCESSED */
-#define PGD_ATTR        0x001           /* PRESENT (no other attributes) */
-
 default_entry:
 #ifdef CONFIG_X86_PAE
 
@@ -196,9 +192,9 @@ default_entry:
         movl $pa(pg0), %edi
         movl %edi, pa(init_pg_tables_start)
         movl $pa(swapper_pg_pmd), %edx
-        movl $PTE_ATTR, %eax
+        movl $PTE_IDENT_ATTR, %eax
 10:
-        leal PDE_ATTR(%edi),%ecx                /* Create PMD entry */
+        leal PDE_IDENT_ATTR(%edi),%ecx          /* Create PMD entry */
         movl %ecx,(%edx)                        /* Store PMD entry */
                                                 /* Upper half already zero */
         addl $8,%edx
@@ -215,7 +211,7 @@ default_entry:
          * End condition: we must map up to and including INIT_MAP_BEYOND_END
          * bytes beyond the end of our own page tables.
          */
-        leal (INIT_MAP_BEYOND_END+PTE_ATTR)(%edi),%ebp
+        leal (INIT_MAP_BEYOND_END+PTE_IDENT_ATTR)(%edi),%ebp
         cmpl %ebp,%eax
         jb 10b
 1:
@@ -224,7 +220,7 @@ default_entry:
         movl %eax, pa(max_pfn_mapped)
 
         /* Do early initialization of the fixmap area */
-        movl $pa(swapper_pg_fixmap)+PDE_ATTR,%eax
+        movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR,%eax
         movl %eax,pa(swapper_pg_pmd+0x1000*KPMDS-8)
 #else   /* Not PAE */
 
@@ -233,9 +229,9 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
         movl $pa(pg0), %edi
         movl %edi, pa(init_pg_tables_start)
         movl $pa(swapper_pg_dir), %edx
-        movl $PTE_ATTR, %eax
+        movl $PTE_IDENT_ATTR, %eax
 10:
-        leal PDE_ATTR(%edi),%ecx                /* Create PDE entry */
+        leal PDE_IDENT_ATTR(%edi),%ecx          /* Create PDE entry */
         movl %ecx,(%edx)                        /* Store identity PDE entry */
         movl %ecx,page_pde_offset(%edx)         /* Store kernel PDE entry */
         addl $4,%edx
@@ -249,7 +245,7 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
          * bytes beyond the end of our own page tables; the +0x007 is
          * the attribute bits
          */
-        leal (INIT_MAP_BEYOND_END+PTE_ATTR)(%edi),%ebp
+        leal (INIT_MAP_BEYOND_END+PTE_IDENT_ATTR)(%edi),%ebp
         cmpl %ebp,%eax
         jb 10b
         movl %edi,pa(init_pg_tables_end)
@@ -257,7 +253,7 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
         movl %eax, pa(max_pfn_mapped)
 
         /* Do early initialization of the fixmap area */
-        movl $pa(swapper_pg_fixmap)+PDE_ATTR,%eax
+        movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR,%eax
         movl %eax,pa(swapper_pg_dir+0xffc)
 #endif
         jmp 3f
@@ -634,19 +630,19 @@ ENTRY(empty_zero_page)
         /* Page-aligned for the benefit of paravirt? */
         .align PAGE_SIZE_asm
 ENTRY(swapper_pg_dir)
-        .long   pa(swapper_pg_pmd+PGD_ATTR),0           /* low identity map */
+        .long   pa(swapper_pg_pmd+PGD_IDENT_ATTR),0     /* low identity map */
 # if KPMDS == 3
-        .long   pa(swapper_pg_pmd+PGD_ATTR),0
-        .long   pa(swapper_pg_pmd+PGD_ATTR+0x1000),0
-        .long   pa(swapper_pg_pmd+PGD_ATTR+0x2000),0
+        .long   pa(swapper_pg_pmd+PGD_IDENT_ATTR),0
+        .long   pa(swapper_pg_pmd+PGD_IDENT_ATTR+0x1000),0
+        .long   pa(swapper_pg_pmd+PGD_IDENT_ATTR+0x2000),0
 # elif KPMDS == 2
         .long   0,0
-        .long   pa(swapper_pg_pmd+PGD_ATTR),0
-        .long   pa(swapper_pg_pmd+PGD_ATTR+0x1000),0
+        .long   pa(swapper_pg_pmd+PGD_IDENT_ATTR),0
+        .long   pa(swapper_pg_pmd+PGD_IDENT_ATTR+0x1000),0
 # elif KPMDS == 1
         .long   0,0
         .long   0,0
-        .long   pa(swapper_pg_pmd+PGD_ATTR),0
+        .long   pa(swapper_pg_pmd+PGD_IDENT_ATTR),0
 # else
 #  error "Kernel PMDs should be 1, 2 or 3"
 # endif
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
index db3280afe886..26cfdc1d7c7f 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -110,7 +110,7 @@ startup_64:
         movq    %rdi, %rax
         shrq    $PMD_SHIFT, %rax
         andq    $(PTRS_PER_PMD - 1), %rax
-        leaq    __PAGE_KERNEL_LARGE_EXEC(%rdi), %rdx
+        leaq    __PAGE_KERNEL_IDENT_LARGE_EXEC(%rdi), %rdx
         leaq    level2_spare_pgt(%rip), %rbx
         movq    %rdx, 0(%rbx, %rax, 8)
 ident_complete:
@@ -374,7 +374,7 @@ NEXT_PAGE(level2_ident_pgt)
         /* Since I easily can, map the first 1G.
          * Don't set NX because code runs from these pages.
          */
-        PMDS(0, __PAGE_KERNEL_LARGE_EXEC, PTRS_PER_PMD)
+        PMDS(0, __PAGE_KERNEL_IDENT_LARGE_EXEC, PTRS_PER_PMD)
 
 NEXT_PAGE(level2_kernel_pgt)
         /*
diff --git a/arch/x86/kernel/hpet.c b/arch/x86/kernel/hpet.c
index 59fd3b6b1303..acf62fc233da 100644
--- a/arch/x86/kernel/hpet.c
+++ b/arch/x86/kernel/hpet.c
@@ -115,13 +115,17 @@ static void hpet_reserve_platform_timers(unsigned long id)
         hd.hd_phys_address = hpet_address;
         hd.hd_address = hpet;
         hd.hd_nirqs = nrtimers;
-        hd.hd_flags = HPET_DATA_PLATFORM;
         hpet_reserve_timer(&hd, 0);
 
 #ifdef CONFIG_HPET_EMULATE_RTC
         hpet_reserve_timer(&hd, 1);
 #endif
 
+        /*
+         * NOTE that hd_irq[] reflects IOAPIC input pins (LEGACY_8254
+         * is wrong for i8259!) not the output IRQ.  Many BIOS writers
+         * don't bother configuring *any* comparator interrupts.
+         */
         hd.hd_irq[0] = HPET_LEGACY_8254;
         hd.hd_irq[1] = HPET_LEGACY_RTC;
 
@@ -210,8 +214,8 @@ static void hpet_legacy_clockevent_register(void)
         /* Calculate the min / max delta */
         hpet_clockevent.max_delta_ns = clockevent_delta2ns(0x7FFFFFFF,
                                                            &hpet_clockevent);
-        hpet_clockevent.min_delta_ns = clockevent_delta2ns(0x30,
-                                                           &hpet_clockevent);
+        /* 5 usec minimum reprogramming delta. */
+        hpet_clockevent.min_delta_ns = 5000;
 
         /*
          * Start hpet with the boot cpu mask and make it
@@ -270,15 +274,22 @@ static void hpet_legacy_set_mode(enum clock_event_mode mode,
 }
 
 static int hpet_legacy_next_event(unsigned long delta,
-                           struct clock_event_device *evt)
+                                  struct clock_event_device *evt)
 {
-        unsigned long cnt;
+        u32 cnt;
 
         cnt = hpet_readl(HPET_COUNTER);
-        cnt += delta;
+        cnt += (u32) delta;
         hpet_writel(cnt, HPET_T0_CMP);
 
-        return ((long)(hpet_readl(HPET_COUNTER) - cnt ) > 0) ? -ETIME : 0;
+        /*
+         * We need to read back the CMP register to make sure that
+         * what we wrote hit the chip before we compare it to the
+         * counter.
+         */
+        WARN_ON((u32)hpet_readl(HPET_T0_CMP) != cnt);
+
+        return (s32)((u32)hpet_readl(HPET_COUNTER) - cnt) >= 0 ? -ETIME : 0;
 }
 
 /*
diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c
index eb9ddd8efb82..1f20608d4ca8 100644
--- a/arch/x86/kernel/i387.c
+++ b/arch/x86/kernel/i387.c
@@ -21,9 +21,12 @@
 # include <asm/sigcontext32.h>
 # include <asm/user32.h>
 #else
-# define save_i387_ia32         save_i387
-# define restore_i387_ia32      restore_i387
+# define save_i387_xstate_ia32          save_i387_xstate
+# define restore_i387_xstate_ia32       restore_i387_xstate
 # define _fpstate_ia32          _fpstate
+# define _xstate_ia32           _xstate
+# define sig_xstate_ia32_size   sig_xstate_size
+# define fx_sw_reserved_ia32    fx_sw_reserved
 # define user_i387_ia32_struct  user_i387_struct
 # define user32_fxsr_struct     user_fxsr_struct
 #endif
@@ -36,6 +39,7 @@
 
 static unsigned int             mxcsr_feature_mask __read_mostly = 0xffffffffu;
 unsigned int xstate_size;
+unsigned int sig_xstate_ia32_size = sizeof(struct _fpstate_ia32);
 static struct i387_fxsave_struct fx_scratch __cpuinitdata;
 
 void __cpuinit mxcsr_feature_mask_init(void)
@@ -61,6 +65,11 @@ void __init init_thread_xstate(void)
                 return;
         }
 
+        if (cpu_has_xsave) {
+                xsave_cntxt_init();
+                return;
+        }
+
         if (cpu_has_fxsr)
                 xstate_size = sizeof(struct i387_fxsave_struct);
 #ifdef CONFIG_X86_32
@@ -83,9 +92,19 @@ void __cpuinit fpu_init(void)
 
         write_cr0(oldcr0 & ~(X86_CR0_TS|X86_CR0_EM)); /* clear TS and EM */
 
+        /*
+         * Boot processor to setup the FP and extended state context info.
+         */
+        if (!smp_processor_id())
+                init_thread_xstate();
+        xsave_init();
+
         mxcsr_feature_mask_init();
         /* clean state in init */
-        current_thread_info()->status = 0;
+        if (cpu_has_xsave)
+                current_thread_info()->status = TS_XSAVE;
+        else
+                current_thread_info()->status = 0;
         clear_used_math();
 }
 #endif  /* CONFIG_X86_64 */
@@ -195,6 +214,13 @@ int xfpregs_set(struct task_struct *target, const struct user_regset *regset,
          */
         target->thread.xstate->fxsave.mxcsr &= mxcsr_feature_mask;
 
+        /*
+         * update the header bits in the xsave header, indicating the
+         * presence of FP and SSE state.
+         */
+        if (cpu_has_xsave)
+                target->thread.xstate->xsave.xsave_hdr.xstate_bv |= XSTATE_FPSSE;
+
         return ret;
 }
 
@@ -395,6 +421,12 @@ int fpregs_set(struct task_struct *target, const struct user_regset *regset,
         if (!ret)
                 convert_to_fxsr(target, &env);
 
+        /*
+         * update the header bit in the xsave header, indicating the
+         * presence of FP.
+         */
+        if (cpu_has_xsave)
+                target->thread.xstate->xsave.xsave_hdr.xstate_bv |= XSTATE_FP;
         return ret;
 }
 
@@ -407,7 +439,6 @@ static inline int save_i387_fsave(struct _fpstate_ia32 __user *buf)
         struct task_struct *tsk = current;
         struct i387_fsave_struct *fp = &tsk->thread.xstate->fsave;
 
-        unlazy_fpu(tsk);
         fp->status = fp->swd;
         if (__copy_to_user(buf, fp, sizeof(struct i387_fsave_struct)))
                 return -1;
@@ -421,8 +452,6 @@ static int save_i387_fxsave(struct _fpstate_ia32 __user *buf)
         struct user_i387_ia32_struct env;
         int err = 0;
 
-        unlazy_fpu(tsk);
-
         convert_from_fxsr(&env, tsk);
         if (__copy_to_user(buf, &env, sizeof(env)))
                 return -1;
@@ -432,16 +461,54 @@ static int save_i387_fxsave(struct _fpstate_ia32 __user *buf)
         if (err)
                 return -1;
 
-        if (__copy_to_user(&buf->_fxsr_env[0], fx,
-                           sizeof(struct i387_fxsave_struct)))
+        if (__copy_to_user(&buf->_fxsr_env[0], fx, xstate_size))
+                return -1;
+        return 1;
+}
+
+static int save_i387_xsave(void __user *buf)
+{
+        struct task_struct *tsk = current;
+        struct _fpstate_ia32 __user *fx = buf;
+        int err = 0;
+
+        /*
+         * For legacy compatible, we always set FP/SSE bits in the bit
+         * vector while saving the state to the user context.
+         * This will enable us capturing any changes(during sigreturn) to
+         * the FP/SSE bits by the legacy applications which don't touch
+         * xstate_bv in the xsave header.
+         *
+         * xsave aware applications can change the xstate_bv in the xsave
+         * header as well as change any contents in the memory layout.
+         * xrestore as part of sigreturn will capture all the changes.
+         */
+        tsk->thread.xstate->xsave.xsave_hdr.xstate_bv |= XSTATE_FPSSE;
+
+        if (save_i387_fxsave(fx) < 0)
+                return -1;
+
+        err = __copy_to_user(&fx->sw_reserved, &fx_sw_reserved_ia32,
+                             sizeof(struct _fpx_sw_bytes));
+        err |= __put_user(FP_XSTATE_MAGIC2,
+                          (__u32 __user *) (buf + sig_xstate_ia32_size
+                                            - FP_XSTATE_MAGIC2_SIZE));
+        if (err)
                 return -1;
+
         return 1;
 }
 
-int save_i387_ia32(struct _fpstate_ia32 __user *buf)
+int save_i387_xstate_ia32(void __user *buf)
 {
+        struct _fpstate_ia32 __user *fp = (struct _fpstate_ia32 __user *) buf;
+        struct task_struct *tsk = current;
+
         if (!used_math())
                 return 0;
+
+        if (!access_ok(VERIFY_WRITE, buf, sig_xstate_ia32_size))
+                return -EACCES;
         /*
          * This will cause a "finit" to be triggered by the next
          * attempted FPU operation by the 'current' process.
@@ -451,13 +518,17 @@ int save_i387_ia32(struct _fpstate_ia32 __user *buf)
         if (!HAVE_HWFP) {
                 return fpregs_soft_get(current, NULL,
                                        0, sizeof(struct user_i387_ia32_struct),
-                                       NULL, buf) ? -1 : 1;
+                                       NULL, fp) ? -1 : 1;
         }
 
+        unlazy_fpu(tsk);
+
+        if (cpu_has_xsave)
+                return save_i387_xsave(fp);
         if (cpu_has_fxsr)
-                return save_i387_fxsave(buf);
+                return save_i387_fxsave(fp);
         else
-                return save_i387_fsave(buf);
+                return save_i387_fsave(fp);
 }
 
 static inline int restore_i387_fsave(struct _fpstate_ia32 __user *buf)
@@ -468,14 +539,15 @@ static inline int restore_i387_fsave(struct _fpstate_ia32 __user *buf)
                                 sizeof(struct i387_fsave_struct));
 }
 
-static int restore_i387_fxsave(struct _fpstate_ia32 __user *buf)
+static int restore_i387_fxsave(struct _fpstate_ia32 __user *buf,
+                               unsigned int size)
 {
         struct task_struct *tsk = current;
         struct user_i387_ia32_struct env;
         int err;
 
         err = __copy_from_user(&tsk->thread.xstate->fxsave, &buf->_fxsr_env[0],
-                               sizeof(struct i387_fxsave_struct));
+                               size);
         /* mxcsr reserved bits must be masked to zero for security reasons */
         tsk->thread.xstate->fxsave.mxcsr &= mxcsr_feature_mask;
         if (err || __copy_from_user(&env, buf, sizeof(env)))
@@ -485,14 +557,69 @@ static int restore_i387_fxsave(struct _fpstate_ia32 __user *buf)
         return 0;
 }
 
-int restore_i387_ia32(struct _fpstate_ia32 __user *buf)
+static int restore_i387_xsave(void __user *buf)
+{
+        struct _fpx_sw_bytes fx_sw_user;
+        struct _fpstate_ia32 __user *fx_user =
+                        ((struct _fpstate_ia32 __user *) buf);
+        struct i387_fxsave_struct __user *fx =
+                (struct i387_fxsave_struct __user *) &fx_user->_fxsr_env[0];
+        struct xsave_hdr_struct *xsave_hdr =
+                                &current->thread.xstate->xsave.xsave_hdr;
+        u64 mask;
+        int err;
+
+        if (check_for_xstate(fx, buf, &fx_sw_user))
+                goto fx_only;
+
+        mask = fx_sw_user.xstate_bv;
+
+        err = restore_i387_fxsave(buf, fx_sw_user.xstate_size);
+
+        xsave_hdr->xstate_bv &= pcntxt_mask;
+        /*
+         * These bits must be zero.
+         */
+        xsave_hdr->reserved1[0] = xsave_hdr->reserved1[1] = 0;
+
+        /*
+         * Init the state that is not present in the memory layout
+         * and enabled by the OS.
+         */
+        mask = ~(pcntxt_mask & ~mask);
+        xsave_hdr->xstate_bv &= mask;
+
+        return err;
+fx_only:
+        /*
+         * Couldn't find the extended state information in the memory
+         * layout. Restore the FP/SSE and init the other extended state
+         * enabled by the OS.
+         */
+        xsave_hdr->xstate_bv = XSTATE_FPSSE;
+        return restore_i387_fxsave(buf, sizeof(struct i387_fxsave_struct));
+}
+
+int restore_i387_xstate_ia32(void __user *buf)
 {
         int err;
         struct task_struct *tsk = current;
+        struct _fpstate_ia32 __user *fp = (struct _fpstate_ia32 __user *) buf;
 
         if (HAVE_HWFP)
                 clear_fpu(tsk);
 
+        if (!buf) {
+                if (used_math()) {
+                        clear_fpu(tsk);
+                        clear_used_math();
+                }
+
+                return 0;
+        } else
+                if (!access_ok(VERIFY_READ, buf, sig_xstate_ia32_size))
+                        return -EACCES;
+
         if (!used_math()) {
                 err = init_fpu(tsk);
                 if (err)
@@ -500,14 +627,17 @@ int restore_i387_ia32(struct _fpstate_ia32 __user *buf)
         }
 
         if (HAVE_HWFP) {
-                if (cpu_has_fxsr)
-                        err = restore_i387_fxsave(buf);
+                if (cpu_has_xsave)
+                        err = restore_i387_xsave(buf);
+                else if (cpu_has_fxsr)
+                        err = restore_i387_fxsave(fp, sizeof(struct
+                                                           i387_fxsave_struct));
                 else
-                        err = restore_i387_fsave(buf);
+                        err = restore_i387_fsave(fp);
         } else {
                 err = fpregs_soft_set(current, NULL,
                                       0, sizeof(struct user_i387_ia32_struct),
-                                      NULL, buf) != 0;
+                                      NULL, fp) != 0;
         }
         set_used_math();
 
diff --git a/arch/x86/kernel/i8259.c b/arch/x86/kernel/i8259.c
index dc92b49d9204..4b8a53d841f7 100644
--- a/arch/x86/kernel/i8259.c
+++ b/arch/x86/kernel/i8259.c
@@ -282,6 +282,30 @@ static int __init i8259A_init_sysfs(void)
 
 device_initcall(i8259A_init_sysfs);
 
+void mask_8259A(void)
+{
+        unsigned long flags;
+
+        spin_lock_irqsave(&i8259A_lock, flags);
+
+        outb(0xff, PIC_MASTER_IMR);     /* mask all of 8259A-1 */
+        outb(0xff, PIC_SLAVE_IMR);      /* mask all of 8259A-2 */
+
+        spin_unlock_irqrestore(&i8259A_lock, flags);
+}
+
+void unmask_8259A(void)
+{
+        unsigned long flags;
+
+        spin_lock_irqsave(&i8259A_lock, flags);
+
+        outb(cached_master_mask, PIC_MASTER_IMR); /* restore master IRQ mask */
+        outb(cached_slave_mask, PIC_SLAVE_IMR);   /* restore slave IRQ mask */
+
+        spin_unlock_irqrestore(&i8259A_lock, flags);
+}
+
 void init_8259A(int auto_eoi)
 {
         unsigned long flags;
diff --git a/arch/x86/kernel/io_apic_32.c b/arch/x86/kernel/io_apic_32.c
index 09cddb57bec4..e710289f673e 100644
--- a/arch/x86/kernel/io_apic_32.c
+++ b/arch/x86/kernel/io_apic_32.c
@@ -46,10 +46,13 @@
 #include <asm/nmi.h>
 #include <asm/msidef.h>
 #include <asm/hypertransport.h>
+#include <asm/setup.h>
 
 #include <mach_apic.h>
 #include <mach_apicdef.h>
 
+#define __apicdebuginit(type) static type __init
+
 int (*ioapic_renumber_irq)(int ioapic, int irq);
 atomic_t irq_mis_count;
 
@@ -1341,7 +1344,8 @@ static void __init setup_timer_IRQ0_pin(unsigned int apic, unsigned int pin,
         ioapic_write_entry(apic, pin, entry);
 }
 
-void __init print_IO_APIC(void)
+
+__apicdebuginit(void) print_IO_APIC(void)
 {
         int apic, i;
         union IO_APIC_reg_00 reg_00;
@@ -1456,9 +1460,7 @@ void __init print_IO_APIC(void)
         return;
 }
 
-#if 0
-
-static void print_APIC_bitfield(int base)
+__apicdebuginit(void) print_APIC_bitfield(int base)
 {
         unsigned int v;
         int i, j;
@@ -1479,9 +1481,10 @@ static void print_APIC_bitfield(int base)
         }
 }
 
-void /*__init*/ print_local_APIC(void *dummy)
+__apicdebuginit(void) print_local_APIC(void *dummy)
 {
         unsigned int v, ver, maxlvt;
+        u64 icr;
 
         if (apic_verbosity == APIC_QUIET)
                 return;
@@ -1490,7 +1493,7 @@ void /*__init*/ print_local_APIC(void *dummy)
                 smp_processor_id(), hard_smp_processor_id());
         v = apic_read(APIC_ID);
         printk(KERN_INFO "... APIC ID:      %08x (%01x)\n", v,
-                        GET_APIC_ID(read_apic_id()));
+                        GET_APIC_ID(v));
         v = apic_read(APIC_LVR);
         printk(KERN_INFO "... APIC VERSION: %08x\n", v);
         ver = GET_APIC_VERSION(v);
@@ -1532,10 +1535,9 @@ void /*__init*/ print_local_APIC(void *dummy)
                 printk(KERN_DEBUG "... APIC ESR: %08x\n", v);
         }
 
-        v = apic_read(APIC_ICR);
-        printk(KERN_DEBUG "... APIC ICR: %08x\n", v);
-        v = apic_read(APIC_ICR2);
-        printk(KERN_DEBUG "... APIC ICR2: %08x\n", v);
+        icr = apic_icr_read();
+        printk(KERN_DEBUG "... APIC ICR: %08x\n", icr);
+        printk(KERN_DEBUG "... APIC ICR2: %08x\n", icr >> 32);
 
         v = apic_read(APIC_LVTT);
         printk(KERN_DEBUG "... APIC LVTT: %08x\n", v);
@@ -1563,12 +1565,12 @@ void /*__init*/ print_local_APIC(void *dummy)
         printk("\n");
 }
 
-void print_all_local_APICs(void)
+__apicdebuginit(void) print_all_local_APICs(void)
 {
         on_each_cpu(print_local_APIC, NULL, 1);
 }
 
-void /*__init*/ print_PIC(void)
+__apicdebuginit(void) print_PIC(void)
 {
         unsigned int v;
         unsigned long flags;
@@ -1600,7 +1602,17 @@ void /*__init*/ print_PIC(void)
         printk(KERN_DEBUG "... PIC ELCR: %04x\n", v);
 }
 
-#endif  /*  0  */
+__apicdebuginit(int) print_all_ICs(void)
+{
+        print_PIC();
+        print_all_local_APICs();
+        print_IO_APIC();
+
+        return 0;
+}
+
+fs_initcall(print_all_ICs);
+
 
 static void __init enable_IO_APIC(void)
 {
@@ -1698,8 +1710,7 @@ void disable_IO_APIC(void)
                 entry.dest_mode       = 0; /* Physical */
                 entry.delivery_mode   = dest_ExtINT; /* ExtInt */
                 entry.vector          = 0;
-                entry.dest.physical.physical_dest =
-                                        GET_APIC_ID(read_apic_id());
+                entry.dest.physical.physical_dest = read_apic_id();
 
                 /*
                  * Add it to the IO-APIC irq-routing table:
@@ -1725,10 +1736,8 @@ static void __init setup_ioapic_ids_from_mpc(void)
         unsigned char old_id;
         unsigned long flags;
 
-#ifdef CONFIG_X86_NUMAQ
-        if (found_numaq)
+        if (x86_quirks->setup_ioapic_ids && x86_quirks->setup_ioapic_ids())
                 return;
-#endif
 
         /*
          * Don't check I/O APIC IDs for xAPIC systems.  They have
@@ -2329,8 +2338,6 @@ void __init setup_IO_APIC(void)
         setup_IO_APIC_irqs();
         init_IO_APIC_traps();
         check_timer();
-        if (!acpi_ioapic)
-                print_IO_APIC();
 }
 
 /*
diff --git a/arch/x86/kernel/io_apic_64.c b/arch/x86/kernel/io_apic_64.c
index 61a83b70c18f..02063ae042f7 100644
--- a/arch/x86/kernel/io_apic_64.c
+++ b/arch/x86/kernel/io_apic_64.c
@@ -37,6 +37,7 @@
 #include <acpi/acpi_bus.h>
 #endif
 #include <linux/bootmem.h>
+#include <linux/dmar.h>
 
 #include <asm/idle.h>
 #include <asm/io.h>
@@ -49,10 +50,13 @@
 #include <asm/nmi.h>
 #include <asm/msidef.h>
 #include <asm/hypertransport.h>
+#include <asm/irq_remapping.h>
 
 #include <mach_ipi.h>
 #include <mach_apic.h>
 
+#define __apicdebuginit(type) static type __init
+
 struct irq_cfg {
         cpumask_t domain;
         cpumask_t old_domain;
@@ -87,8 +91,6 @@ int first_system_vector = 0xfe;
 
 char system_vectors[NR_VECTORS] = { [0 ... NR_VECTORS-1] = SYS_VECTOR_FREE};
 
-#define __apicdebuginit  __init
-
 int sis_apic_bug; /* not actually supported, dummy for compile */
 
 static int no_timer_check;
@@ -108,6 +110,9 @@ static DEFINE_SPINLOCK(vector_lock);
  */
 int nr_ioapic_registers[MAX_IO_APICS];
 
+/* I/O APIC RTE contents at the OS boot up */
+struct IO_APIC_route_entry *early_ioapic_entries[MAX_IO_APICS];
+
 /* I/O APIC entries */
 struct mp_config_ioapic mp_ioapics[MAX_IO_APICS];
 int nr_ioapics;
@@ -303,7 +308,12 @@ static void __target_IO_APIC_irq(unsigned int irq, unsigned int dest, u8 vector)
                 pin = entry->pin;
                 if (pin == -1)
                         break;
-                io_apic_write(apic, 0x11 + pin*2, dest);
+                /*
+                 * With interrupt-remapping, destination information comes
+                 * from interrupt-remapping table entry.
+                 */
+                if (!irq_remapped(irq))
+                        io_apic_write(apic, 0x11 + pin*2, dest);
                 reg = io_apic_read(apic, 0x10 + pin*2);
                 reg &= ~IO_APIC_REDIR_VECTOR_MASK;
                 reg |= vector;
@@ -440,6 +450,69 @@ static void clear_IO_APIC (void)
                         clear_IO_APIC_pin(apic, pin);
 }
 
+/*
+ * Saves and masks all the unmasked IO-APIC RTE's
+ */
+int save_mask_IO_APIC_setup(void)
+{
+        union IO_APIC_reg_01 reg_01;
+        unsigned long flags;
+        int apic, pin;
+
+        /*
+         * The number of IO-APIC IRQ registers (== #pins):
+         */
+        for (apic = 0; apic < nr_ioapics; apic++) {
+                spin_lock_irqsave(&ioapic_lock, flags);
+                reg_01.raw = io_apic_read(apic, 1);
+                spin_unlock_irqrestore(&ioapic_lock, flags);
+                nr_ioapic_registers[apic] = reg_01.bits.entries+1;
+        }
+
+        for (apic = 0; apic < nr_ioapics; apic++) {
+                early_ioapic_entries[apic] =
+                        kzalloc(sizeof(struct IO_APIC_route_entry) *
+                                nr_ioapic_registers[apic], GFP_KERNEL);
+                if (!early_ioapic_entries[apic])
+                        return -ENOMEM;
+        }
+
+        for (apic = 0; apic < nr_ioapics; apic++)
+                for (pin = 0; pin < nr_ioapic_registers[apic]; pin++) {
+                        struct IO_APIC_route_entry entry;
+
+                        entry = early_ioapic_entries[apic][pin] =
+                                ioapic_read_entry(apic, pin);
+                        if (!entry.mask) {
+                                entry.mask = 1;
+                                ioapic_write_entry(apic, pin, entry);
+                        }
+                }
+        return 0;
+}
+
+void restore_IO_APIC_setup(void)
+{
+        int apic, pin;
+
+        for (apic = 0; apic < nr_ioapics; apic++)
+                for (pin = 0; pin < nr_ioapic_registers[apic]; pin++)
+                        ioapic_write_entry(apic, pin,
+                                           early_ioapic_entries[apic][pin]);
+}
+
+void reinit_intr_remapped_IO_APIC(int intr_remapping)
+{
+        /*
+         * for now plain restore of previous settings.
+         * TBD: In the case of OS enabling interrupt-remapping,
+         * IO-APIC RTE's need to be setup to point to interrupt-remapping
+         * table entries. for now, do a plain restore, and wait for
+         * the setup_IO_APIC_irqs() to do proper initialization.
+         */
+        restore_IO_APIC_setup();
+}
+
 int skip_ioapic_setup;
 int ioapic_force;
 
@@ -839,18 +912,98 @@ void __setup_vector_irq(int cpu)
 }
 
 static struct irq_chip ioapic_chip;
+#ifdef CONFIG_INTR_REMAP
+static struct irq_chip ir_ioapic_chip;
+#endif
 
 static void ioapic_register_intr(int irq, unsigned long trigger)
 {
-        if (trigger) {
+        if (trigger)
                 irq_desc[irq].status |= IRQ_LEVEL;
-                set_irq_chip_and_handler_name(irq, &ioapic_chip,
-                                              handle_fasteoi_irq, "fasteoi");
-        } else {
+        else
                 irq_desc[irq].status &= ~IRQ_LEVEL;
+
+#ifdef CONFIG_INTR_REMAP
+        if (irq_remapped(irq)) {
+                irq_desc[irq].status |= IRQ_MOVE_PCNTXT;
+                if (trigger)
+                        set_irq_chip_and_handler_name(irq, &ir_ioapic_chip,
+                                                      handle_fasteoi_irq,
+                                                     "fasteoi");
+                else
+                        set_irq_chip_and_handler_name(irq, &ir_ioapic_chip,
+                                                      handle_edge_irq, "edge");
+                return;
+        }
+#endif
+        if (trigger)
+                set_irq_chip_and_handler_name(irq, &ioapic_chip,
+                                              handle_fasteoi_irq,
+                                              "fasteoi");
+        else
                 set_irq_chip_and_handler_name(irq, &ioapic_chip,
                                               handle_edge_irq, "edge");
+}
+
+static int setup_ioapic_entry(int apic, int irq,
+                              struct IO_APIC_route_entry *entry,
+                              unsigned int destination, int trigger,
+                              int polarity, int vector)
+{
+        /*
+         * add it to the IO-APIC irq-routing table:
+         */
+        memset(entry,0,sizeof(*entry));
+
+#ifdef CONFIG_INTR_REMAP
+        if (intr_remapping_enabled) {
+                struct intel_iommu *iommu = map_ioapic_to_ir(apic);
+                struct irte irte;
+                struct IR_IO_APIC_route_entry *ir_entry =
+                        (struct IR_IO_APIC_route_entry *) entry;
+                int index;
+
+                if (!iommu)
+                        panic("No mapping iommu for ioapic %d\n", apic);
+
+                index = alloc_irte(iommu, irq, 1);
+                if (index < 0)
+                        panic("Failed to allocate IRTE for ioapic %d\n", apic);
+
+                memset(&irte, 0, sizeof(irte));
+
+                irte.present = 1;
+                irte.dst_mode = INT_DEST_MODE;
+                irte.trigger_mode = trigger;
+                irte.dlvry_mode = INT_DELIVERY_MODE;
+                irte.vector = vector;
+                irte.dest_id = IRTE_DEST(destination);
+
+                modify_irte(irq, &irte);
+
+                ir_entry->index2 = (index >> 15) & 0x1;
+                ir_entry->zero = 0;
+                ir_entry->format = 1;
+                ir_entry->index = (index & 0x7fff);
+        } else
+#endif
+        {
+                entry->delivery_mode = INT_DELIVERY_MODE;
+                entry->dest_mode = INT_DEST_MODE;
+                entry->dest = destination;
         }
+
+        entry->mask = 0;                                /* enable IRQ */
+        entry->trigger = trigger;
+        entry->polarity = polarity;
+        entry->vector = vector;
+
+        /* Mask level triggered irqs.
+         * Use IRQ_DELAYED_DISABLE for edge triggered irqs.
+         */
+        if (trigger)
+                entry->mask = 1;
+        return 0;
 }
 
 static void setup_IO_APIC_irq(int apic, int pin, unsigned int irq,
@@ -875,24 +1028,15 @@ static void setup_IO_APIC_irq(int apic, int pin, unsigned int irq,
                     apic, mp_ioapics[apic].mp_apicid, pin, cfg->vector,
                     irq, trigger, polarity);
 
-        /*
-         * add it to the IO-APIC irq-routing table:
-         */
-        memset(&entry,0,sizeof(entry));
-
-        entry.delivery_mode = INT_DELIVERY_MODE;
-        entry.dest_mode = INT_DEST_MODE;
-        entry.dest = cpu_mask_to_apicid(mask);
-        entry.mask = 0;                         /* enable IRQ */
-        entry.trigger = trigger;
-        entry.polarity = polarity;
-        entry.vector = cfg->vector;
 
-        /* Mask level triggered irqs.
-         * Use IRQ_DELAYED_DISABLE for edge triggered irqs.
-         */
-        if (trigger)
-                entry.mask = 1;
+        if (setup_ioapic_entry(mp_ioapics[apic].mp_apicid, irq, &entry,
+                               cpu_mask_to_apicid(mask), trigger, polarity,
+                               cfg->vector)) {
+                printk("Failed to setup ioapic entry for ioapic  %d, pin %d\n",
+                       mp_ioapics[apic].mp_apicid, pin);
+                __clear_irq_vector(irq);
+                return;
+        }
 
         ioapic_register_intr(irq, trigger);
         if (irq < 16)
@@ -944,6 +1088,9 @@ static void __init setup_timer_IRQ0_pin(unsigned int apic, unsigned int pin,
 {
         struct IO_APIC_route_entry entry;
 
+        if (intr_remapping_enabled)
+                return;
+
         memset(&entry, 0, sizeof(entry));
 
         /*
@@ -970,7 +1117,8 @@ static void __init setup_timer_IRQ0_pin(unsigned int apic, unsigned int pin,
         ioapic_write_entry(apic, pin, entry);
 }
 
-void __apicdebuginit print_IO_APIC(void)
+
+__apicdebuginit(void) print_IO_APIC(void)
 {
         int apic, i;
         union IO_APIC_reg_00 reg_00;
@@ -1064,9 +1212,7 @@ void __apicdebuginit print_IO_APIC(void)
         return;
 }
 
-#if 0
-
-static __apicdebuginit void print_APIC_bitfield (int base)
+__apicdebuginit(void) print_APIC_bitfield(int base)
 {
         unsigned int v;
         int i, j;
@@ -1087,9 +1233,10 @@ static __apicdebuginit void print_APIC_bitfield (int base)
         }
 }
 
-void __apicdebuginit print_local_APIC(void * dummy)
+__apicdebuginit(void) print_local_APIC(void *dummy)
 {
         unsigned int v, ver, maxlvt;
+        unsigned long icr;
 
         if (apic_verbosity == APIC_QUIET)
                 return;
@@ -1097,7 +1244,7 @@ void __apicdebuginit print_local_APIC(void * dummy)
         printk("\n" KERN_DEBUG "printing local APIC contents on CPU#%d/%d:\n",
                 smp_processor_id(), hard_smp_processor_id());
         v = apic_read(APIC_ID);
-        printk(KERN_INFO "... APIC ID:      %08x (%01x)\n", v, GET_APIC_ID(read_apic_id()));
+        printk(KERN_INFO "... APIC ID:      %08x (%01x)\n", v, read_apic_id());
         v = apic_read(APIC_LVR);
         printk(KERN_INFO "... APIC VERSION: %08x\n", v);
         ver = GET_APIC_VERSION(v);
@@ -1133,10 +1280,9 @@ void __apicdebuginit print_local_APIC(void * dummy)
         v = apic_read(APIC_ESR);
         printk(KERN_DEBUG "... APIC ESR: %08x\n", v);
 
-        v = apic_read(APIC_ICR);
-        printk(KERN_DEBUG "... APIC ICR: %08x\n", v);
-        v = apic_read(APIC_ICR2);
-        printk(KERN_DEBUG "... APIC ICR2: %08x\n", v);
+        icr = apic_icr_read();
+        printk(KERN_DEBUG "... APIC ICR: %08x\n", (u32)icr);
+        printk(KERN_DEBUG "... APIC ICR2: %08x\n", (u32)(icr >> 32));
 
         v = apic_read(APIC_LVTT);
         printk(KERN_DEBUG "... APIC LVTT: %08x\n", v);
@@ -1164,12 +1310,12 @@ void __apicdebuginit print_local_APIC(void * dummy)
         printk("\n");
 }
 
-void print_all_local_APICs (void)
+__apicdebuginit(void) print_all_local_APICs(void)
 {
         on_each_cpu(print_local_APIC, NULL, 1);
 }
 
-void __apicdebuginit print_PIC(void)
+__apicdebuginit(void) print_PIC(void)
 {
         unsigned int v;
         unsigned long flags;
@@ -1201,7 +1347,17 @@ void __apicdebuginit print_PIC(void)
         printk(KERN_DEBUG "... PIC ELCR: %04x\n", v);
 }
 
-#endif  /*  0  */
+__apicdebuginit(int) print_all_ICs(void)
+{
+        print_PIC();
+        print_all_local_APICs();
+        print_IO_APIC();
+
+        return 0;
+}
+
+fs_initcall(print_all_ICs);
+
 
 void __init enable_IO_APIC(void)
 {
@@ -1291,7 +1447,7 @@ void disable_IO_APIC(void)
                 entry.dest_mode       = 0; /* Physical */
                 entry.delivery_mode   = dest_ExtINT; /* ExtInt */
                 entry.vector          = 0;
-                entry.dest          = GET_APIC_ID(read_apic_id());
+                entry.dest            = read_apic_id();
 
                 /*
                  * Add it to the IO-APIC irq-routing table:
@@ -1397,6 +1553,147 @@ static int ioapic_retrigger_irq(unsigned int irq)
  */
 
 #ifdef CONFIG_SMP
+
+#ifdef CONFIG_INTR_REMAP
+static void ir_irq_migration(struct work_struct *work);
+
+static DECLARE_DELAYED_WORK(ir_migration_work, ir_irq_migration);
+
+/*
+ * Migrate the IO-APIC irq in the presence of intr-remapping.
+ *
+ * For edge triggered, irq migration is a simple atomic update(of vector
+ * and cpu destination) of IRTE and flush the hardware cache.
+ *
+ * For level triggered, we need to modify the io-apic RTE aswell with the update
+ * vector information, along with modifying IRTE with vector and destination.
+ * So irq migration for level triggered is little  bit more complex compared to
+ * edge triggered migration. But the good news is, we use the same algorithm
+ * for level triggered migration as we have today, only difference being,
+ * we now initiate the irq migration from process context instead of the
+ * interrupt context.
+ *
+ * In future, when we do a directed EOI (combined with cpu EOI broadcast
+ * suppression) to the IO-APIC, level triggered irq migration will also be
+ * as simple as edge triggered migration and we can do the irq migration
+ * with a simple atomic update to IO-APIC RTE.
+ */
+static void migrate_ioapic_irq(int irq, cpumask_t mask)
+{
+        struct irq_cfg *cfg = irq_cfg + irq;
+        struct irq_desc *desc = irq_desc + irq;
+        cpumask_t tmp, cleanup_mask;
+        struct irte irte;
+        int modify_ioapic_rte = desc->status & IRQ_LEVEL;
+        unsigned int dest;
+        unsigned long flags;
+
+        cpus_and(tmp, mask, cpu_online_map);
+        if (cpus_empty(tmp))
+                return;
+
+        if (get_irte(irq, &irte))
+                return;
+
+        if (assign_irq_vector(irq, mask))
+                return;
+
+        cpus_and(tmp, cfg->domain, mask);
+        dest = cpu_mask_to_apicid(tmp);
+
+        if (modify_ioapic_rte) {
+                spin_lock_irqsave(&ioapic_lock, flags);
+                __target_IO_APIC_irq(irq, dest, cfg->vector);
+                spin_unlock_irqrestore(&ioapic_lock, flags);
+        }
+
+        irte.vector = cfg->vector;
+        irte.dest_id = IRTE_DEST(dest);
+
+        /*
+         * Modified the IRTE and flushes the Interrupt entry cache.
+         */
+        modify_irte(irq, &irte);
+
+        if (cfg->move_in_progress) {
+                cpus_and(cleanup_mask, cfg->old_domain, cpu_online_map);
+                cfg->move_cleanup_count = cpus_weight(cleanup_mask);
+                send_IPI_mask(cleanup_mask, IRQ_MOVE_CLEANUP_VECTOR);
+                cfg->move_in_progress = 0;
+        }
+
+        irq_desc[irq].affinity = mask;
+}
+
+static int migrate_irq_remapped_level(int irq)
+{
+        int ret = -1;
+
+        mask_IO_APIC_irq(irq);
+
+        if (io_apic_level_ack_pending(irq)) {
+                /*
+                 * Interrupt in progress. Migrating irq now will change the
+                 * vector information in the IO-APIC RTE and that will confuse
+                 * the EOI broadcast performed by cpu.
+                 * So, delay the irq migration to the next instance.
+                 */
+                schedule_delayed_work(&ir_migration_work, 1);
+                goto unmask;
+        }
+
+        /* everthing is clear. we have right of way */
+        migrate_ioapic_irq(irq, irq_desc[irq].pending_mask);
+
+        ret = 0;
+        irq_desc[irq].status &= ~IRQ_MOVE_PENDING;
+        cpus_clear(irq_desc[irq].pending_mask);
+
+unmask:
+        unmask_IO_APIC_irq(irq);
+        return ret;
+}
+
+static void ir_irq_migration(struct work_struct *work)
+{
+        int irq;
+
+        for (irq = 0; irq < NR_IRQS; irq++) {
+                struct irq_desc *desc = irq_desc + irq;
+                if (desc->status & IRQ_MOVE_PENDING) {
+                        unsigned long flags;
+
+                        spin_lock_irqsave(&desc->lock, flags);
+                        if (!desc->chip->set_affinity ||
+                            !(desc->status & IRQ_MOVE_PENDING)) {
+                                desc->status &= ~IRQ_MOVE_PENDING;
+                                spin_unlock_irqrestore(&desc->lock, flags);
+                                continue;
+                        }
+
+                        desc->chip->set_affinity(irq,
+                                                 irq_desc[irq].pending_mask);
+                        spin_unlock_irqrestore(&desc->lock, flags);
+                }
+        }
+}
+
+/*
+ * Migrates the IRQ destination in the process context.
+ */
+static void set_ir_ioapic_affinity_irq(unsigned int irq, cpumask_t mask)
+{
+        if (irq_desc[irq].status & IRQ_LEVEL) {
+                irq_desc[irq].status |= IRQ_MOVE_PENDING;
+                irq_desc[irq].pending_mask = mask;
+                migrate_irq_remapped_level(irq);
+                return;
+        }
+
+        migrate_ioapic_irq(irq, mask);
+}
+#endif
+
 asmlinkage void smp_irq_move_cleanup_interrupt(void)
 {
         unsigned vector, me;
@@ -1453,6 +1750,17 @@ static void irq_complete_move(unsigned int irq)
 #else
 static inline void irq_complete_move(unsigned int irq) {}
 #endif
+#ifdef CONFIG_INTR_REMAP
+static void ack_x2apic_level(unsigned int irq)
+{
+        ack_x2APIC_irq();
+}
+
+static void ack_x2apic_edge(unsigned int irq)
+{
+        ack_x2APIC_irq();
+}
+#endif
 
 static void ack_apic_edge(unsigned int irq)
 {
@@ -1527,6 +1835,21 @@ static struct irq_chip ioapic_chip __read_mostly = {
         .retrigger      = ioapic_retrigger_irq,
 };
 
+#ifdef CONFIG_INTR_REMAP
+static struct irq_chip ir_ioapic_chip __read_mostly = {
+        .name           = "IR-IO-APIC",
+        .startup        = startup_ioapic_irq,
+        .mask           = mask_IO_APIC_irq,
+        .unmask         = unmask_IO_APIC_irq,
+        .ack            = ack_x2apic_edge,
+        .eoi            = ack_x2apic_level,
+#ifdef CONFIG_SMP
+        .set_affinity   = set_ir_ioapic_affinity_irq,
+#endif
+        .retrigger      = ioapic_retrigger_irq,
+};
+#endif
+
 static inline void init_IO_APIC_traps(void)
 {
         int irq;
@@ -1712,6 +2035,8 @@ static inline void __init check_timer(void)
          * 8259A.
          */
         if (pin1 == -1) {
+                if (intr_remapping_enabled)
+                        panic("BIOS bug: timer not connected to IO-APIC");
                 pin1 = pin2;
                 apic1 = apic2;
                 no_pin1 = 1;
@@ -1738,6 +2063,8 @@ static inline void __init check_timer(void)
                                 clear_IO_APIC_pin(0, pin1);
                         goto out;
                 }
+                if (intr_remapping_enabled)
+                        panic("timer doesn't work through Interrupt-remapped IO-APIC");
                 clear_IO_APIC_pin(apic1, pin1);
                 if (!no_pin1)
                         apic_printk(APIC_QUIET, KERN_ERR "..MP-BIOS bug: "
@@ -1854,8 +2181,6 @@ void __init setup_IO_APIC(void)
         setup_IO_APIC_irqs();
         init_IO_APIC_traps();
         check_timer();
-        if (!acpi_ioapic)
-                print_IO_APIC();
 }
 
 struct sysfs_ioapic_data {
@@ -1977,6 +2302,9 @@ void destroy_irq(unsigned int irq)
 
         dynamic_irq_cleanup(irq);
 
+#ifdef CONFIG_INTR_REMAP
+        free_irte(irq);
+#endif
         spin_lock_irqsave(&vector_lock, flags);
         __clear_irq_vector(irq);
         spin_unlock_irqrestore(&vector_lock, flags);
@@ -1995,11 +2323,42 @@ static int msi_compose_msg(struct pci_dev *pdev, unsigned int irq, struct msi_ms
 
         tmp = TARGET_CPUS;
         err = assign_irq_vector(irq, tmp);
-        if (!err) {
-                cpus_and(tmp, cfg->domain, tmp);
-                dest = cpu_mask_to_apicid(tmp);
+        if (err)
+                return err;
+
+        cpus_and(tmp, cfg->domain, tmp);
+        dest = cpu_mask_to_apicid(tmp);
+
+#ifdef CONFIG_INTR_REMAP
+        if (irq_remapped(irq)) {
+                struct irte irte;
+                int ir_index;
+                u16 sub_handle;
+
+                ir_index = map_irq_to_irte_handle(irq, &sub_handle);
+                BUG_ON(ir_index == -1);
+
+                memset (&irte, 0, sizeof(irte));
+
+                irte.present = 1;
+                irte.dst_mode = INT_DEST_MODE;
+                irte.trigger_mode = 0; /* edge */
+                irte.dlvry_mode = INT_DELIVERY_MODE;
+                irte.vector = cfg->vector;
+                irte.dest_id = IRTE_DEST(dest);
+
+                modify_irte(irq, &irte);
 
                 msg->address_hi = MSI_ADDR_BASE_HI;
+                msg->data = sub_handle;
+                msg->address_lo = MSI_ADDR_BASE_LO | MSI_ADDR_IR_EXT_INT |
+                                  MSI_ADDR_IR_SHV |
+                                  MSI_ADDR_IR_INDEX1(ir_index) |
+                                  MSI_ADDR_IR_INDEX2(ir_index);
+        } else
+#endif
+        {
+                msg->address_hi = MSI_ADDR_BASE_HI;
                 msg->address_lo =
                         MSI_ADDR_BASE_LO |
                         ((INT_DEST_MODE == 0) ?
@@ -2049,6 +2408,55 @@ static void set_msi_irq_affinity(unsigned int irq, cpumask_t mask)
         write_msi_msg(irq, &msg);
         irq_desc[irq].affinity = mask;
 }
+
+#ifdef CONFIG_INTR_REMAP
+/*
+ * Migrate the MSI irq to another cpumask. This migration is
+ * done in the process context using interrupt-remapping hardware.
+ */
+static void ir_set_msi_irq_affinity(unsigned int irq, cpumask_t mask)
+{
+        struct irq_cfg *cfg = irq_cfg + irq;
+        unsigned int dest;
+        cpumask_t tmp, cleanup_mask;
+        struct irte irte;
+
+        cpus_and(tmp, mask, cpu_online_map);
+        if (cpus_empty(tmp))
+                return;
+
+        if (get_irte(irq, &irte))
+                return;
+
+        if (assign_irq_vector(irq, mask))
+                return;
+
+        cpus_and(tmp, cfg->domain, mask);
+        dest = cpu_mask_to_apicid(tmp);
+
+        irte.vector = cfg->vector;
+        irte.dest_id = IRTE_DEST(dest);
+
+        /*
+         * atomically update the IRTE with the new destination and vector.
+         */
+        modify_irte(irq, &irte);
+
+        /*
+         * After this point, all the interrupts will start arriving
+         * at the new destination. So, time to cleanup the previous
+         * vector allocation.
+         */
+        if (cfg->move_in_progress) {
+                cpus_and(cleanup_mask, cfg->old_domain, cpu_online_map);
+                cfg->move_cleanup_count = cpus_weight(cleanup_mask);
+                send_IPI_mask(cleanup_mask, IRQ_MOVE_CLEANUP_VECTOR);
+                cfg->move_in_progress = 0;
+        }
+
+        irq_desc[irq].affinity = mask;
+}
+#endif
 #endif /* CONFIG_SMP */
 
 /*
@@ -2066,26 +2474,157 @@ static struct irq_chip msi_chip = {
         .retrigger      = ioapic_retrigger_irq,
 };
 
-int arch_setup_msi_irq(struct pci_dev *dev, struct msi_desc *desc)
+#ifdef CONFIG_INTR_REMAP
+static struct irq_chip msi_ir_chip = {
+        .name           = "IR-PCI-MSI",
+        .unmask         = unmask_msi_irq,
+        .mask           = mask_msi_irq,
+        .ack            = ack_x2apic_edge,
+#ifdef CONFIG_SMP
+        .set_affinity   = ir_set_msi_irq_affinity,
+#endif
+        .retrigger      = ioapic_retrigger_irq,
+};
+
+/*
+ * Map the PCI dev to the corresponding remapping hardware unit
+ * and allocate 'nvec' consecutive interrupt-remapping table entries
+ * in it.
+ */
+static int msi_alloc_irte(struct pci_dev *dev, int irq, int nvec)
 {
+        struct intel_iommu *iommu;
+        int index;
+
+        iommu = map_dev_to_ir(dev);
+        if (!iommu) {
+                printk(KERN_ERR
+                       "Unable to map PCI %s to iommu\n", pci_name(dev));
+                return -ENOENT;
+        }
+
+        index = alloc_irte(iommu, irq, nvec);
+        if (index < 0) {
+                printk(KERN_ERR
+                       "Unable to allocate %d IRTE for PCI %s\n", nvec,
+                        pci_name(dev));
+                return -ENOSPC;
+        }
+        return index;
+}
+#endif
+
+static int setup_msi_irq(struct pci_dev *dev, struct msi_desc *desc, int irq)
+{
+        int ret;
         struct msi_msg msg;
+
+        ret = msi_compose_msg(dev, irq, &msg);
+        if (ret < 0)
+                return ret;
+
+        set_irq_msi(irq, desc);
+        write_msi_msg(irq, &msg);
+
+#ifdef CONFIG_INTR_REMAP
+        if (irq_remapped(irq)) {
+                struct irq_desc *desc = irq_desc + irq;
+                /*
+                 * irq migration in process context
+                 */
+                desc->status |= IRQ_MOVE_PCNTXT;
+                set_irq_chip_and_handler_name(irq, &msi_ir_chip, handle_edge_irq, "edge");
+        } else
+#endif
+                set_irq_chip_and_handler_name(irq, &msi_chip, handle_edge_irq, "edge");
+
+        return 0;
+}
+
+int arch_setup_msi_irq(struct pci_dev *dev, struct msi_desc *desc)
+{
         int irq, ret;
+
         irq = create_irq();
         if (irq < 0)
                 return irq;
 
-        ret = msi_compose_msg(dev, irq, &msg);
+#ifdef CONFIG_INTR_REMAP
+        if (!intr_remapping_enabled)
+                goto no_ir;
+
+        ret = msi_alloc_irte(dev, irq, 1);
+        if (ret < 0)
+                goto error;
+no_ir:
+#endif
+        ret = setup_msi_irq(dev, desc, irq);
         if (ret < 0) {
                 destroy_irq(irq);
                 return ret;
         }
+        return 0;
 
-        set_irq_msi(irq, desc);
-        write_msi_msg(irq, &msg);
+#ifdef CONFIG_INTR_REMAP
+error:
+        destroy_irq(irq);
+        return ret;
+#endif
+}
 
-        set_irq_chip_and_handler_name(irq, &msi_chip, handle_edge_irq, "edge");
+int arch_setup_msi_irqs(struct pci_dev *dev, int nvec, int type)
+{
+        int irq, ret, sub_handle;
+        struct msi_desc *desc;
+#ifdef CONFIG_INTR_REMAP
+        struct intel_iommu *iommu = 0;
+        int index = 0;
+#endif
+
+        sub_handle = 0;
+        list_for_each_entry(desc, &dev->msi_list, list) {
+                irq = create_irq();
+                if (irq < 0)
+                        return irq;
+#ifdef CONFIG_INTR_REMAP
+                if (!intr_remapping_enabled)
+                        goto no_ir;
 
+                if (!sub_handle) {
+                        /*
+                         * allocate the consecutive block of IRTE's
+                         * for 'nvec'
+                         */
+                        index = msi_alloc_irte(dev, irq, nvec);
+                        if (index < 0) {
+                                ret = index;
+                                goto error;
+                        }
+                } else {
+                        iommu = map_dev_to_ir(dev);
+                        if (!iommu) {
+                                ret = -ENOENT;
+                                goto error;
+                        }
+                        /*
+                         * setup the mapping between the irq and the IRTE
+                         * base index, the sub_handle pointing to the
+                         * appropriate interrupt remap table entry.
+                         */
+                        set_irte_irq(irq, iommu, index, sub_handle);
+                }
+no_ir:
+#endif
+                ret = setup_msi_irq(dev, desc, irq);
+                if (ret < 0)
+                        goto error;
+                sub_handle++;
+        }
         return 0;
+
+error:
+        destroy_irq(irq);
+        return ret;
 }
 
 void arch_teardown_msi_irq(unsigned int irq)
@@ -2333,6 +2872,10 @@ void __init setup_ioapic_dest(void)
                                 setup_IO_APIC_irq(ioapic, pin, irq,
                                                   irq_trigger(irq_entry),
                                                   irq_polarity(irq_entry));
+#ifdef CONFIG_INTR_REMAP
+                        else if (intr_remapping_enabled)
+                                set_ir_ioapic_affinity_irq(irq, TARGET_CPUS);
+#endif
                         else
                                 set_ioapic_affinity_irq(irq, TARGET_CPUS);
                 }
diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c
index 50e5e4a31c85..191914302744 100644
--- a/arch/x86/kernel/ioport.c
+++ b/arch/x86/kernel/ioport.c
@@ -14,6 +14,7 @@
 #include <linux/slab.h>
 #include <linux/thread_info.h>
 #include <linux/syscalls.h>
+#include <asm/syscalls.h>
 
 /* Set EXTENT bits starting at BASE in BITMAP to value TURN_ON. */
 static void set_bitmap(unsigned long *bitmap, unsigned int base,
diff --git a/arch/x86/kernel/ipi.c b/arch/x86/kernel/ipi.c
index 3f7537b669d3..f1c688e46f35 100644
--- a/arch/x86/kernel/ipi.c
+++ b/arch/x86/kernel/ipi.c
@@ -20,6 +20,8 @@
 
 #ifdef CONFIG_X86_32
 #include <mach_apic.h>
+#include <mach_ipi.h>
+
 /*
  * the following functions deal with sending IPIs between CPUs.
  *
@@ -147,7 +149,6 @@ void send_IPI_mask_sequence(cpumask_t mask, int vector)
 }
 
 /* must come after the send_IPI functions above for inlining */
-#include <mach_ipi.h>
 static int convert_apicid_to_cpu(int apic_id)
 {
         int i;
diff --git a/arch/x86/kernel/irq_32.c b/arch/x86/kernel/irq_32.c
index 1cf8c1fcc088..b71e02d42f4f 100644
--- a/arch/x86/kernel/irq_32.c
+++ b/arch/x86/kernel/irq_32.c
@@ -325,7 +325,7 @@ skip:
                 for_each_online_cpu(j)
                         seq_printf(p, "%10u ",
                                 per_cpu(irq_stat,j).irq_call_count);
-                seq_printf(p, "  function call interrupts\n");
+                seq_printf(p, "  Function call interrupts\n");
                 seq_printf(p, "TLB: ");
                 for_each_online_cpu(j)
                         seq_printf(p, "%10u ",
diff --git a/arch/x86/kernel/irq_64.c b/arch/x86/kernel/irq_64.c
index 1f78b238d8d2..f065fe9071b9 100644
--- a/arch/x86/kernel/irq_64.c
+++ b/arch/x86/kernel/irq_64.c
@@ -129,7 +129,7 @@ skip:
                 seq_printf(p, "CAL: ");
                 for_each_online_cpu(j)
                         seq_printf(p, "%10u ", cpu_pda(j)->irq_call_count);
-                seq_printf(p, "  function call interrupts\n");
+                seq_printf(p, "  Function call interrupts\n");
                 seq_printf(p, "TLB: ");
                 for_each_online_cpu(j)
                         seq_printf(p, "%10u ", cpu_pda(j)->irq_tlb_count);
diff --git a/arch/x86/kernel/irqinit_32.c b/arch/x86/kernel/irqinit_32.c
index d66914287ee1..9200a1e2752d 100644
--- a/arch/x86/kernel/irqinit_32.c
+++ b/arch/x86/kernel/irqinit_32.c
@@ -74,6 +74,15 @@ void __init init_ISA_irqs (void)
         }
 }
 
+/*
+ * IRQ2 is cascade interrupt to second interrupt controller
+ */
+static struct irqaction irq2 = {
+        .handler = no_action,
+        .mask = CPU_MASK_NONE,
+        .name = "cascade",
+};
+
 /* Overridden in paravirt.c */
 void init_IRQ(void) __attribute__((weak, alias("native_init_IRQ")));
 
@@ -98,6 +107,46 @@ void __init native_init_IRQ(void)
                         set_intr_gate(vector, interrupt[i]);
         }
 
+#if defined(CONFIG_X86_LOCAL_APIC) && defined(CONFIG_SMP)
+        /*
+         * IRQ0 must be given a fixed assignment and initialized,
+         * because it's used before the IO-APIC is set up.
+         */
+        set_intr_gate(FIRST_DEVICE_VECTOR, interrupt[0]);
+
+        /*
+         * The reschedule interrupt is a CPU-to-CPU reschedule-helper
+         * IPI, driven by wakeup.
+         */
+        alloc_intr_gate(RESCHEDULE_VECTOR, reschedule_interrupt);
+
+        /* IPI for invalidation */
+        alloc_intr_gate(INVALIDATE_TLB_VECTOR, invalidate_interrupt);
+
+        /* IPI for generic function call */
+        alloc_intr_gate(CALL_FUNCTION_VECTOR, call_function_interrupt);
+
+        /* IPI for single call function */
+        set_intr_gate(CALL_FUNCTION_SINGLE_VECTOR, call_function_single_interrupt);
+#endif
+
+#ifdef CONFIG_X86_LOCAL_APIC
+        /* self generated IPI for local APIC timer */
+        alloc_intr_gate(LOCAL_TIMER_VECTOR, apic_timer_interrupt);
+
+        /* IPI vectors for APIC spurious and error interrupts */
+        alloc_intr_gate(SPURIOUS_APIC_VECTOR, spurious_interrupt);
+        alloc_intr_gate(ERROR_APIC_VECTOR, error_interrupt);
+#endif
+
+#if defined(CONFIG_X86_LOCAL_APIC) && defined(CONFIG_X86_MCE_P4THERMAL)
+        /* thermal monitor LVT interrupt */
+        alloc_intr_gate(THERMAL_APIC_VECTOR, thermal_interrupt);
+#endif
+
+        if (!acpi_ioapic)
+                setup_irq(2, &irq2);
+
         /* setup after call gates are initialised (usually add in
          * the architecture specific gates)
          */
diff --git a/arch/x86/kernel/irqinit_64.c b/arch/x86/kernel/irqinit_64.c
index 1f26fd9ec4f4..5b5be9d43c2a 100644
--- a/arch/x86/kernel/irqinit_64.c
+++ b/arch/x86/kernel/irqinit_64.c
@@ -135,7 +135,7 @@ DEFINE_PER_CPU(vector_irq_t, vector_irq) = {
         [IRQ15_VECTOR + 1 ... NR_VECTORS - 1] = -1
 };
 
-static void __init init_ISA_irqs (void)
+void __init init_ISA_irqs(void)
 {
         int i;
 
@@ -164,22 +164,8 @@ static void __init init_ISA_irqs (void)
 
 void init_IRQ(void) __attribute__((weak, alias("native_init_IRQ")));
 
-void __init native_init_IRQ(void)
+static void __init smp_intr_init(void)
 {
-        int i;
-
-        init_ISA_irqs();
-        /*
-         * Cover the whole vector space, no vector can escape
-         * us. (some of these will be overridden and become
-         * 'special' SMP interrupts)
-         */
-        for (i = 0; i < (NR_VECTORS - FIRST_EXTERNAL_VECTOR); i++) {
-                int vector = FIRST_EXTERNAL_VECTOR + i;
-                if (vector != IA32_SYSCALL_VECTOR)
-                        set_intr_gate(vector, interrupt[i]);
-        }
-
 #ifdef CONFIG_SMP
         /*
          * The reschedule interrupt is a CPU-to-CPU reschedule-helper
@@ -207,6 +193,12 @@ void __init native_init_IRQ(void)
         /* Low priority IPI to cleanup after moving an irq */
         set_intr_gate(IRQ_MOVE_CLEANUP_VECTOR, irq_move_cleanup_interrupt);
 #endif
+}
+
+static void __init apic_intr_init(void)
+{
+        smp_intr_init();
+
         alloc_intr_gate(THERMAL_APIC_VECTOR, thermal_interrupt);
         alloc_intr_gate(THRESHOLD_APIC_VECTOR, threshold_interrupt);
 
@@ -216,6 +208,25 @@ void __init native_init_IRQ(void)
         /* IPI vectors for APIC spurious and error interrupts */
         alloc_intr_gate(SPURIOUS_APIC_VECTOR, spurious_interrupt);
         alloc_intr_gate(ERROR_APIC_VECTOR, error_interrupt);
+}
+
+void __init native_init_IRQ(void)
+{
+        int i;
+
+        init_ISA_irqs();
+        /*
+         * Cover the whole vector space, no vector can escape
+         * us. (some of these will be overridden and become
+         * 'special' SMP interrupts)
+         */
+        for (i = 0; i < (NR_VECTORS - FIRST_EXTERNAL_VECTOR); i++) {
+                int vector = FIRST_EXTERNAL_VECTOR + i;
+                if (vector != IA32_SYSCALL_VECTOR)
+                        set_intr_gate(vector, interrupt[i]);
+        }
+
+        apic_intr_init();
 
         if (!acpi_ioapic)
                 setup_irq(2, &irq2);
diff --git a/arch/x86/kernel/k8.c b/arch/x86/kernel/k8.c
index 7377ccb21335..304d8bad6559 100644
--- a/arch/x86/kernel/k8.c
+++ b/arch/x86/kernel/k8.c
@@ -16,8 +16,9 @@ EXPORT_SYMBOL(num_k8_northbridges);
 static u32 *flush_words;
 
 struct pci_device_id k8_nb_ids[] = {
-        { PCI_DEVICE(PCI_VENDOR_ID_AMD, 0x1103) },
-        { PCI_DEVICE(PCI_VENDOR_ID_AMD, 0x1203) },
+        { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_K8_NB_MISC) },
+        { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_10H_NB_MISC) },
+        { PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_11H_NB_MISC) },
         {}
 };
 EXPORT_SYMBOL(k8_nb_ids);
diff --git a/arch/x86/kernel/kdebugfs.c b/arch/x86/kernel/kdebugfs.c
index f2d43bc75514..ff7d3b0124f1 100644
--- a/arch/x86/kernel/kdebugfs.c
+++ b/arch/x86/kernel/kdebugfs.c
@@ -139,6 +139,7 @@ static int __init create_setup_data_nodes(struct dentry *parent)
                 if (PageHighMem(pg)) {
                         data = ioremap_cache(pa_data, sizeof(*data));
                         if (!data) {
+                                kfree(node);
                                 error = -ENXIO;
                                 goto err_dir;
                         }
diff --git a/arch/x86/kernel/kgdb.c b/arch/x86/kernel/kgdb.c
index f47f0eb886b8..10435a120d22 100644
--- a/arch/x86/kernel/kgdb.c
+++ b/arch/x86/kernel/kgdb.c
@@ -69,6 +69,9 @@ static int gdb_x86vector = -1;
  */
 void pt_regs_to_gdb_regs(unsigned long *gdb_regs, struct pt_regs *regs)
 {
+#ifndef CONFIG_X86_32
+        u32 *gdb_regs32 = (u32 *)gdb_regs;
+#endif
         gdb_regs[GDB_AX]        = regs->ax;
         gdb_regs[GDB_BX]        = regs->bx;
         gdb_regs[GDB_CX]        = regs->cx;
@@ -76,9 +79,9 @@ void pt_regs_to_gdb_regs(unsigned long *gdb_regs, struct pt_regs *regs)
         gdb_regs[GDB_SI]        = regs->si;
         gdb_regs[GDB_DI]        = regs->di;
         gdb_regs[GDB_BP]        = regs->bp;
-        gdb_regs[GDB_PS]        = regs->flags;
         gdb_regs[GDB_PC]        = regs->ip;
 #ifdef CONFIG_X86_32
+        gdb_regs[GDB_PS]        = regs->flags;
         gdb_regs[GDB_DS]        = regs->ds;
         gdb_regs[GDB_ES]        = regs->es;
         gdb_regs[GDB_CS]        = regs->cs;
@@ -94,6 +97,9 @@ void pt_regs_to_gdb_regs(unsigned long *gdb_regs, struct pt_regs *regs)
         gdb_regs[GDB_R13]       = regs->r13;
         gdb_regs[GDB_R14]       = regs->r14;
         gdb_regs[GDB_R15]       = regs->r15;
+        gdb_regs32[GDB_PS]      = regs->flags;
+        gdb_regs32[GDB_CS]      = regs->cs;
+        gdb_regs32[GDB_SS]      = regs->ss;
 #endif
         gdb_regs[GDB_SP]        = regs->sp;
 }
@@ -112,6 +118,9 @@ void pt_regs_to_gdb_regs(unsigned long *gdb_regs, struct pt_regs *regs)
  */
 void sleeping_thread_to_gdb_regs(unsigned long *gdb_regs, struct task_struct *p)
 {
+#ifndef CONFIG_X86_32
+        u32 *gdb_regs32 = (u32 *)gdb_regs;
+#endif
         gdb_regs[GDB_AX]        = 0;
         gdb_regs[GDB_BX]        = 0;
         gdb_regs[GDB_CX]        = 0;
@@ -129,8 +138,10 @@ void sleeping_thread_to_gdb_regs(unsigned long *gdb_regs, struct task_struct *p)
         gdb_regs[GDB_FS]        = 0xFFFF;
         gdb_regs[GDB_GS]        = 0xFFFF;
 #else
-        gdb_regs[GDB_PS]        = *(unsigned long *)(p->thread.sp + 8);
-        gdb_regs[GDB_PC]        = 0;
+        gdb_regs32[GDB_PS]      = *(unsigned long *)(p->thread.sp + 8);
+        gdb_regs32[GDB_CS]      = __KERNEL_CS;
+        gdb_regs32[GDB_SS]      = __KERNEL_DS;
+        gdb_regs[GDB_PC]        = p->thread.ip;
         gdb_regs[GDB_R8]        = 0;
         gdb_regs[GDB_R9]        = 0;
         gdb_regs[GDB_R10]       = 0;
@@ -153,6 +164,9 @@ void sleeping_thread_to_gdb_regs(unsigned long *gdb_regs, struct task_struct *p)
  */
 void gdb_regs_to_pt_regs(unsigned long *gdb_regs, struct pt_regs *regs)
 {
+#ifndef CONFIG_X86_32
+        u32 *gdb_regs32 = (u32 *)gdb_regs;
+#endif
         regs->ax                = gdb_regs[GDB_AX];
         regs->bx                = gdb_regs[GDB_BX];
         regs->cx                = gdb_regs[GDB_CX];
@@ -160,9 +174,9 @@ void gdb_regs_to_pt_regs(unsigned long *gdb_regs, struct pt_regs *regs)
         regs->si                = gdb_regs[GDB_SI];
         regs->di                = gdb_regs[GDB_DI];
         regs->bp                = gdb_regs[GDB_BP];
-        regs->flags             = gdb_regs[GDB_PS];
         regs->ip                = gdb_regs[GDB_PC];
 #ifdef CONFIG_X86_32
+        regs->flags             = gdb_regs[GDB_PS];
         regs->ds                = gdb_regs[GDB_DS];
         regs->es                = gdb_regs[GDB_ES];
         regs->cs                = gdb_regs[GDB_CS];
@@ -175,6 +189,9 @@ void gdb_regs_to_pt_regs(unsigned long *gdb_regs, struct pt_regs *regs)
         regs->r13               = gdb_regs[GDB_R13];
         regs->r14               = gdb_regs[GDB_R14];
         regs->r15               = gdb_regs[GDB_R15];
+        regs->flags             = gdb_regs32[GDB_PS];
+        regs->cs                = gdb_regs32[GDB_CS];
+        regs->ss                = gdb_regs32[GDB_SS];
 #endif
 }
 
@@ -378,10 +395,8 @@ int kgdb_arch_handle_exception(int e_vector, int signo, int err_code,
                 if (remcomInBuffer[0] == 's') {
                         linux_regs->flags |= X86_EFLAGS_TF;
                         kgdb_single_step = 1;
-                        if (kgdb_contthread) {
-                                atomic_set(&kgdb_cpu_doing_single_step,
-                                           raw_smp_processor_id());
-                        }
+                        atomic_set(&kgdb_cpu_doing_single_step,
+                                   raw_smp_processor_id());
                 }
 
                 get_debugreg(dr6, 6);
@@ -440,12 +455,7 @@ static int __kgdb_notify(struct die_args *args, unsigned long cmd)
                 return NOTIFY_DONE;
 
         case DIE_NMI_IPI:
-                if (atomic_read(&kgdb_active) != -1) {
-                        /* KGDB CPU roundup */
-                        kgdb_nmicallback(raw_smp_processor_id(), regs);
-                        was_in_debug_nmi[raw_smp_processor_id()] = 1;
-                        touch_nmi_watchdog();
-                }
+                /* Just ignore, we will handle the roundup on DIE_NMI. */
                 return NOTIFY_DONE;
 
         case DIE_NMIUNKNOWN:
@@ -466,9 +476,15 @@ static int __kgdb_notify(struct die_args *args, unsigned long cmd)
 
         case DIE_DEBUG:
                 if (atomic_read(&kgdb_cpu_doing_single_step) ==
-                        raw_smp_processor_id() &&
-                        user_mode(regs))
-                        return single_step_cont(regs, args);
+                    raw_smp_processor_id()) {
+                        if (user_mode(regs))
+                                return single_step_cont(regs, args);
+                        break;
+                } else if (test_thread_flag(TIF_SINGLESTEP))
+                        /* This means a user thread is single stepping
+                         * a system call which should be ignored
+                         */
+                        return NOTIFY_DONE;
                 /* fall through */
         default:
                 if (user_mode(regs))
diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c
index 8b7a3cf37d2b..478bca986eca 100644
--- a/arch/x86/kernel/kvm.c
+++ b/arch/x86/kernel/kvm.c
@@ -178,7 +178,7 @@ static void kvm_flush_tlb(void)
         kvm_deferred_mmu_op(&ftlb, sizeof ftlb);
 }
 
-static void kvm_release_pt(u32 pfn)
+static void kvm_release_pt(unsigned long pfn)
 {
         struct kvm_mmu_op_release_pt rpt = {
                 .header.op = KVM_MMU_OP_RELEASE_PT,
diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c
index d02def06ca91..774ac4991568 100644
--- a/arch/x86/kernel/kvmclock.c
+++ b/arch/x86/kernel/kvmclock.c
@@ -78,6 +78,34 @@ static cycle_t kvm_clock_read(void)
         return ret;
 }
 
+/*
+ * If we don't do that, there is the possibility that the guest
+ * will calibrate under heavy load - thus, getting a lower lpj -
+ * and execute the delays themselves without load. This is wrong,
+ * because no delay loop can finish beforehand.
+ * Any heuristics is subject to fail, because ultimately, a large
+ * poll of guests can be running and trouble each other. So we preset
+ * lpj here
+ */
+static unsigned long kvm_get_tsc_khz(void)
+{
+        return preset_lpj;
+}
+
+static void kvm_get_preset_lpj(void)
+{
+        struct pvclock_vcpu_time_info *src;
+        unsigned long khz;
+        u64 lpj;
+
+        src = &per_cpu(hv_clock, 0);
+        khz = pvclock_tsc_khz(src);
+
+        lpj = ((u64)khz * 1000);
+        do_div(lpj, HZ);
+        preset_lpj = lpj;
+}
+
 static struct clocksource kvm_clock = {
         .name = "kvm-clock",
         .read = kvm_clock_read,
@@ -153,6 +181,7 @@ void __init kvmclock_init(void)
                 pv_time_ops.get_wallclock = kvm_get_wallclock;
                 pv_time_ops.set_wallclock = kvm_set_wallclock;
                 pv_time_ops.sched_clock = kvm_clock_read;
+                pv_time_ops.get_tsc_khz = kvm_get_tsc_khz;
 #ifdef CONFIG_X86_LOCAL_APIC
                 pv_apic_ops.setup_secondary_clock = kvm_setup_secondary_clock;
 #endif
@@ -163,6 +192,7 @@ void __init kvmclock_init(void)
 #ifdef CONFIG_KEXEC
                 machine_ops.crash_shutdown  = kvm_crash_shutdown;
 #endif
+                kvm_get_preset_lpj();
                 clocksource_register(&kvm_clock);
         }
 }
diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c
index b68e21f06f4f..eee32b43fee3 100644
--- a/arch/x86/kernel/ldt.c
+++ b/arch/x86/kernel/ldt.c
@@ -18,6 +18,7 @@
 #include <asm/ldt.h>
 #include <asm/desc.h>
 #include <asm/mmu_context.h>
+#include <asm/syscalls.h>
 
 #ifdef CONFIG_SMP
 static void flush_ldt(void *current_mm)
@@ -51,6 +52,8 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload)
         memset(newldt + oldsize * LDT_ENTRY_SIZE, 0,
                (mincount - oldsize) * LDT_ENTRY_SIZE);
 
+        paravirt_alloc_ldt(newldt, mincount);
+
 #ifdef CONFIG_X86_64
         /* CHECKME: Do we really need this ? */
         wmb();
@@ -73,6 +76,7 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload)
 #endif
         }
         if (oldsize) {
+                paravirt_free_ldt(oldldt, oldsize);
                 if (oldsize * LDT_ENTRY_SIZE > PAGE_SIZE)
                         vfree(oldldt);
                 else
@@ -84,10 +88,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload)
 static inline int copy_ldt(mm_context_t *new, mm_context_t *old)
 {
         int err = alloc_ldt(new, old->size, 0);
+        int i;
 
         if (err < 0)
                 return err;
-        memcpy(new->ldt, old->ldt, old->size * LDT_ENTRY_SIZE);
+
+        for(i = 0; i < old->size; i++)
+                write_ldt_entry(new->ldt, i, old->ldt + i * LDT_ENTRY_SIZE);
         return 0;
 }
 
@@ -124,6 +131,7 @@ void destroy_context(struct mm_struct *mm)
                 if (mm == current->active_mm)
                         clear_LDT();
 #endif
+                paravirt_free_ldt(mm->context.ldt, mm->context.size);
                 if (mm->context.size * LDT_ENTRY_SIZE > PAGE_SIZE)
                         vfree(mm->context.ldt);
                 else
diff --git a/arch/x86/kernel/microcode.c b/arch/x86/kernel/microcode.c
deleted file mode 100644
index 652fa5c38ebe..000000000000
--- a/arch/x86/kernel/microcode.c
+++ /dev/null
@@ -1,853 +0,0 @@
-/*
- *      Intel CPU Microcode Update Driver for Linux
- *
- *      Copyright (C) 2000-2006 Tigran Aivazian <tigran@aivazian.fsnet.co.uk>
- *                    2006      Shaohua Li <shaohua.li@intel.com>
- *
- *      This driver allows to upgrade microcode on Intel processors
- *      belonging to IA-32 family - PentiumPro, Pentium II,
- *      Pentium III, Xeon, Pentium 4, etc.
- *
- *      Reference: Section 8.11 of Volume 3a, IA-32 Intel? Architecture
- *      Software Developer's Manual
- *      Order Number 253668 or free download from:
- *
- *      http://developer.intel.com/design/pentium4/manuals/253668.htm
- *
- *      For more information, go to http://www.urbanmyth.org/microcode
- *
- *      This program is free software; you can redistribute it and/or
- *      modify it under the terms of the GNU General Public License
- *      as published by the Free Software Foundation; either version
- *      2 of the License, or (at your option) any later version.
- *
- *      1.0     16 Feb 2000, Tigran Aivazian <tigran@sco.com>
- *              Initial release.
- *      1.01    18 Feb 2000, Tigran Aivazian <tigran@sco.com>
- *              Added read() support + cleanups.
- *      1.02    21 Feb 2000, Tigran Aivazian <tigran@sco.com>
- *              Added 'device trimming' support. open(O_WRONLY) zeroes
- *              and frees the saved copy of applied microcode.
- *      1.03    29 Feb 2000, Tigran Aivazian <tigran@sco.com>
- *              Made to use devfs (/dev/cpu/microcode) + cleanups.
- *      1.04    06 Jun 2000, Simon Trimmer <simon@veritas.com>
- *              Added misc device support (now uses both devfs and misc).
- *              Added MICROCODE_IOCFREE ioctl to clear memory.
- *      1.05    09 Jun 2000, Simon Trimmer <simon@veritas.com>
- *              Messages for error cases (non Intel & no suitable microcode).
- *      1.06    03 Aug 2000, Tigran Aivazian <tigran@veritas.com>
- *              Removed ->release(). Removed exclusive open and status bitmap.
- *              Added microcode_rwsem to serialize read()/write()/ioctl().
- *              Removed global kernel lock usage.
- *      1.07    07 Sep 2000, Tigran Aivazian <tigran@veritas.com>
- *              Write 0 to 0x8B msr and then cpuid before reading revision,
- *              so that it works even if there were no update done by the
- *              BIOS. Otherwise, reading from 0x8B gives junk (which happened
- *              to be 0 on my machine which is why it worked even when I
- *              disabled update by the BIOS)
- *              Thanks to Eric W. Biederman <ebiederman@lnxi.com> for the fix.
- *      1.08    11 Dec 2000, Richard Schaal <richard.schaal@intel.com> and
- *                           Tigran Aivazian <tigran@veritas.com>
- *              Intel Pentium 4 processor support and bugfixes.
- *      1.09    30 Oct 2001, Tigran Aivazian <tigran@veritas.com>
- *              Bugfix for HT (Hyper-Threading) enabled processors
- *              whereby processor resources are shared by all logical processors
- *              in a single CPU package.
- *      1.10    28 Feb 2002 Asit K Mallick <asit.k.mallick@intel.com> and
- *              Tigran Aivazian <tigran@veritas.com>,
- *              Serialize updates as required on HT processors due to speculative
- *              nature of implementation.
- *      1.11    22 Mar 2002 Tigran Aivazian <tigran@veritas.com>
- *              Fix the panic when writing zero-length microcode chunk.
- *      1.12    29 Sep 2003 Nitin Kamble <nitin.a.kamble@intel.com>,
- *              Jun Nakajima <jun.nakajima@intel.com>
- *              Support for the microcode updates in the new format.
- *      1.13    10 Oct 2003 Tigran Aivazian <tigran@veritas.com>
- *              Removed ->read() method and obsoleted MICROCODE_IOCFREE ioctl
- *              because we no longer hold a copy of applied microcode
- *              in kernel memory.
- *      1.14    25 Jun 2004 Tigran Aivazian <tigran@veritas.com>
- *              Fix sigmatch() macro to handle old CPUs with pf == 0.
- *              Thanks to Stuart Swales for pointing out this bug.
- */
-
-//#define DEBUG /* pr_debug */
-#include <linux/capability.h>
-#include <linux/kernel.h>
-#include <linux/init.h>
-#include <linux/sched.h>
-#include <linux/smp_lock.h>
-#include <linux/cpumask.h>
-#include <linux/module.h>
-#include <linux/slab.h>
-#include <linux/vmalloc.h>
-#include <linux/miscdevice.h>
-#include <linux/spinlock.h>
-#include <linux/mm.h>
-#include <linux/fs.h>
-#include <linux/mutex.h>
-#include <linux/cpu.h>
-#include <linux/firmware.h>
-#include <linux/platform_device.h>
-
-#include <asm/msr.h>
-#include <asm/uaccess.h>
-#include <asm/processor.h>
-
-MODULE_DESCRIPTION("Intel CPU (IA-32) Microcode Update Driver");
-MODULE_AUTHOR("Tigran Aivazian <tigran@aivazian.fsnet.co.uk>");
-MODULE_LICENSE("GPL");
-
-#define MICROCODE_VERSION       "1.14a"
-
-#define DEFAULT_UCODE_DATASIZE  (2000)    /* 2000 bytes */
-#define MC_HEADER_SIZE          (sizeof (microcode_header_t))     /* 48 bytes */
-#define DEFAULT_UCODE_TOTALSIZE (DEFAULT_UCODE_DATASIZE + MC_HEADER_SIZE) /* 2048 bytes */
-#define EXT_HEADER_SIZE         (sizeof (struct extended_sigtable)) /* 20 bytes */
-#define EXT_SIGNATURE_SIZE      (sizeof (struct extended_signature)) /* 12 bytes */
-#define DWSIZE                  (sizeof (u32))
-#define get_totalsize(mc) \
-        (((microcode_t *)mc)->hdr.totalsize ? \
-         ((microcode_t *)mc)->hdr.totalsize : DEFAULT_UCODE_TOTALSIZE)
-#define get_datasize(mc) \
-        (((microcode_t *)mc)->hdr.datasize ? \
-         ((microcode_t *)mc)->hdr.datasize : DEFAULT_UCODE_DATASIZE)
-
-#define sigmatch(s1, s2, p1, p2) \
-        (((s1) == (s2)) && (((p1) & (p2)) || (((p1) == 0) && ((p2) == 0))))
-
-#define exttable_size(et) ((et)->count * EXT_SIGNATURE_SIZE + EXT_HEADER_SIZE)
-
-/* serialize access to the physical write to MSR 0x79 */
-static DEFINE_SPINLOCK(microcode_update_lock);
-
-/* no concurrent ->write()s are allowed on /dev/cpu/microcode */
-static DEFINE_MUTEX(microcode_mutex);
-
-static struct ucode_cpu_info {
-        int valid;
-        unsigned int sig;
-        unsigned int pf;
-        unsigned int rev;
-        microcode_t *mc;
-} ucode_cpu_info[NR_CPUS];
-
-static void collect_cpu_info(int cpu_num)
-{
-        struct cpuinfo_x86 *c = &cpu_data(cpu_num);
-        struct ucode_cpu_info *uci = ucode_cpu_info + cpu_num;
-        unsigned int val[2];
-
-        /* We should bind the task to the CPU */
-        BUG_ON(raw_smp_processor_id() != cpu_num);
-        uci->pf = uci->rev = 0;
-        uci->mc = NULL;
-        uci->valid = 1;
-
-        if (c->x86_vendor != X86_VENDOR_INTEL || c->x86 < 6 ||
-                cpu_has(c, X86_FEATURE_IA64)) {
-                printk(KERN_ERR "microcode: CPU%d not a capable Intel "
-                        "processor\n", cpu_num);
-                uci->valid = 0;
-                return;
-        }
-
-        uci->sig = cpuid_eax(0x00000001);
-
-        if ((c->x86_model >= 5) || (c->x86 > 6)) {
-                /* get processor flags from MSR 0x17 */
-                rdmsr(MSR_IA32_PLATFORM_ID, val[0], val[1]);
-                uci->pf = 1 << ((val[1] >> 18) & 7);
-        }
-
-        wrmsr(MSR_IA32_UCODE_REV, 0, 0);
-        /* see notes above for revision 1.07.  Apparent chip bug */
-        sync_core();
-        /* get the current revision from MSR 0x8B */
-        rdmsr(MSR_IA32_UCODE_REV, val[0], uci->rev);
-        pr_debug("microcode: collect_cpu_info : sig=0x%x, pf=0x%x, rev=0x%x\n",
-                        uci->sig, uci->pf, uci->rev);
-}
-
-static inline int microcode_update_match(int cpu_num,
-        microcode_header_t *mc_header, int sig, int pf)
-{
-        struct ucode_cpu_info *uci = ucode_cpu_info + cpu_num;
-
-        if (!sigmatch(sig, uci->sig, pf, uci->pf)
-                || mc_header->rev <= uci->rev)
-                return 0;
-        return 1;
-}
-
-static int microcode_sanity_check(void *mc)
-{
-        microcode_header_t *mc_header = mc;
-        struct extended_sigtable *ext_header = NULL;
-        struct extended_signature *ext_sig;
-        unsigned long total_size, data_size, ext_table_size;
-        int sum, orig_sum, ext_sigcount = 0, i;
-
-        total_size = get_totalsize(mc_header);
-        data_size = get_datasize(mc_header);
-        if (data_size + MC_HEADER_SIZE > total_size) {
-                printk(KERN_ERR "microcode: error! "
-                        "Bad data size in microcode data file\n");
-                return -EINVAL;
-        }
-
-        if (mc_header->ldrver != 1 || mc_header->hdrver != 1) {
-                printk(KERN_ERR "microcode: error! "
-                        "Unknown microcode update format\n");
-                return -EINVAL;
-        }
-        ext_table_size = total_size - (MC_HEADER_SIZE + data_size);
-        if (ext_table_size) {
-                if ((ext_table_size < EXT_HEADER_SIZE)
-                 || ((ext_table_size - EXT_HEADER_SIZE) % EXT_SIGNATURE_SIZE)) {
-                        printk(KERN_ERR "microcode: error! "
-                                "Small exttable size in microcode data file\n");
-                        return -EINVAL;
-                }
-                ext_header = mc + MC_HEADER_SIZE + data_size;
-                if (ext_table_size != exttable_size(ext_header)) {
-                        printk(KERN_ERR "microcode: error! "
-                                "Bad exttable size in microcode data file\n");
-                        return -EFAULT;
-                }
-                ext_sigcount = ext_header->count;
-        }
-
-        /* check extended table checksum */
-        if (ext_table_size) {
-                int ext_table_sum = 0;
-                int *ext_tablep = (int *)ext_header;
-
-                i = ext_table_size / DWSIZE;
-                while (i--)
-                        ext_table_sum += ext_tablep[i];
-                if (ext_table_sum) {
-                        printk(KERN_WARNING "microcode: aborting, "
-                                "bad extended signature table checksum\n");
-                        return -EINVAL;
-                }
-        }
-
-        /* calculate the checksum */
-        orig_sum = 0;
-        i = (MC_HEADER_SIZE + data_size) / DWSIZE;
-        while (i--)
-                orig_sum += ((int *)mc)[i];
-        if (orig_sum) {
-                printk(KERN_ERR "microcode: aborting, bad checksum\n");
-                return -EINVAL;
-        }
-        if (!ext_table_size)
-                return 0;
-        /* check extended signature checksum */
-        for (i = 0; i < ext_sigcount; i++) {
-                ext_sig = (void *)ext_header + EXT_HEADER_SIZE +
-                          EXT_SIGNATURE_SIZE * i;
-                sum = orig_sum
-                        - (mc_header->sig + mc_header->pf + mc_header->cksum)
-                        + (ext_sig->sig + ext_sig->pf + ext_sig->cksum);
-                if (sum) {
-                        printk(KERN_ERR "microcode: aborting, bad checksum\n");
-                        return -EINVAL;
-                }
-        }
-        return 0;
-}
-
-/*
- * return 0 - no update found
- * return 1 - found update
- * return < 0 - error
- */
-static int get_maching_microcode(void *mc, int cpu)
-{
-        struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
-        microcode_header_t *mc_header = mc;
-        struct extended_sigtable *ext_header;
-        unsigned long total_size = get_totalsize(mc_header);
-        int ext_sigcount, i;
-        struct extended_signature *ext_sig;
-        void *new_mc;
-
-        if (microcode_update_match(cpu, mc_header,
-                        mc_header->sig, mc_header->pf))
-                goto find;
-
-        if (total_size <= get_datasize(mc_header) + MC_HEADER_SIZE)
-                return 0;
-
-        ext_header = mc + get_datasize(mc_header) + MC_HEADER_SIZE;
-        ext_sigcount = ext_header->count;
-        ext_sig = (void *)ext_header + EXT_HEADER_SIZE;
-        for (i = 0; i < ext_sigcount; i++) {
-                if (microcode_update_match(cpu, mc_header,
-                                ext_sig->sig, ext_sig->pf))
-                        goto find;
-                ext_sig++;
-        }
-        return 0;
-find:
-        pr_debug("microcode: CPU%d found a matching microcode update with"
-                " version 0x%x (current=0x%x)\n", cpu, mc_header->rev,uci->rev);
-        new_mc = vmalloc(total_size);
-        if (!new_mc) {
-                printk(KERN_ERR "microcode: error! Can not allocate memory\n");
-                return -ENOMEM;
-        }
-
-        /* free previous update file */
-        vfree(uci->mc);
-
-        memcpy(new_mc, mc, total_size);
-        uci->mc = new_mc;
-        return 1;
-}
-
-static void apply_microcode(int cpu)
-{
-        unsigned long flags;
-        unsigned int val[2];
-        int cpu_num = raw_smp_processor_id();
-        struct ucode_cpu_info *uci = ucode_cpu_info + cpu_num;
-
-        /* We should bind the task to the CPU */
-        BUG_ON(cpu_num != cpu);
-
-        if (uci->mc == NULL)
-                return;
-
-        /* serialize access to the physical write to MSR 0x79 */
-        spin_lock_irqsave(&microcode_update_lock, flags);
-
-        /* write microcode via MSR 0x79 */
-        wrmsr(MSR_IA32_UCODE_WRITE,
-                (unsigned long) uci->mc->bits,
-                (unsigned long) uci->mc->bits >> 16 >> 16);
-        wrmsr(MSR_IA32_UCODE_REV, 0, 0);
-
-        /* see notes above for revision 1.07.  Apparent chip bug */
-        sync_core();
-
-        /* get the current revision from MSR 0x8B */
-        rdmsr(MSR_IA32_UCODE_REV, val[0], val[1]);
-
-        spin_unlock_irqrestore(&microcode_update_lock, flags);
-        if (val[1] != uci->mc->hdr.rev) {
-                printk(KERN_ERR "microcode: CPU%d update from revision "
-                        "0x%x to 0x%x failed\n", cpu_num, uci->rev, val[1]);
-                return;
-        }
-        printk(KERN_INFO "microcode: CPU%d updated from revision "
-               "0x%x to 0x%x, date = %08x \n",
-               cpu_num, uci->rev, val[1], uci->mc->hdr.date);
-        uci->rev = val[1];
-}
-
-#ifdef CONFIG_MICROCODE_OLD_INTERFACE
-static void __user *user_buffer;        /* user area microcode data buffer */
-static unsigned int user_buffer_size;   /* it's size */
-
-static long get_next_ucode(void **mc, long offset)
-{
-        microcode_header_t mc_header;
-        unsigned long total_size;
-
-        /* No more data */
-        if (offset >= user_buffer_size)
-                return 0;
-        if (copy_from_user(&mc_header, user_buffer + offset, MC_HEADER_SIZE)) {
-                printk(KERN_ERR "microcode: error! Can not read user data\n");
-                return -EFAULT;
-        }
-        total_size = get_totalsize(&mc_header);
-        if (offset + total_size > user_buffer_size) {
-                printk(KERN_ERR "microcode: error! Bad total size in microcode "
-                                "data file\n");
-                return -EINVAL;
-        }
-        *mc = vmalloc(total_size);
-        if (!*mc)
-                return -ENOMEM;
-        if (copy_from_user(*mc, user_buffer + offset, total_size)) {
-                printk(KERN_ERR "microcode: error! Can not read user data\n");
-                vfree(*mc);
-                return -EFAULT;
-        }
-        return offset + total_size;
-}
-
-static int do_microcode_update (void)
-{
-        long cursor = 0;
-        int error = 0;
-        void *new_mc = NULL;
-        int cpu;
-        cpumask_t old;
-
-        old = current->cpus_allowed;
-
-        while ((cursor = get_next_ucode(&new_mc, cursor)) > 0) {
-                error = microcode_sanity_check(new_mc);
-                if (error)
-                        goto out;
-                /*
-                 * It's possible the data file has multiple matching ucode,
-                 * lets keep searching till the latest version
-                 */
-                for_each_online_cpu(cpu) {
-                        struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
-
-                        if (!uci->valid)
-                                continue;
-                        set_cpus_allowed_ptr(current, &cpumask_of_cpu(cpu));
-                        error = get_maching_microcode(new_mc, cpu);
-                        if (error < 0)
-                                goto out;
-                        if (error == 1)
-                                apply_microcode(cpu);
-                }
-                vfree(new_mc);
-        }
-out:
-        if (cursor > 0)
-                vfree(new_mc);
-        if (cursor < 0)
-                error = cursor;
-        set_cpus_allowed_ptr(current, &old);
-        return error;
-}
-
-static int microcode_open (struct inode *unused1, struct file *unused2)
-{
-        cycle_kernel_lock();
-        return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
-}
-
-static ssize_t microcode_write (struct file *file, const char __user *buf, size_t len, loff_t *ppos)
-{
-        ssize_t ret;
-
-        if ((len >> PAGE_SHIFT) > num_physpages) {
-                printk(KERN_ERR "microcode: too much data (max %ld pages)\n", num_physpages);
-                return -EINVAL;
-        }
-
-        get_online_cpus();
-        mutex_lock(&microcode_mutex);
-
-        user_buffer = (void __user *) buf;
-        user_buffer_size = (int) len;
-
-        ret = do_microcode_update();
-        if (!ret)
-                ret = (ssize_t)len;
-
-        mutex_unlock(&microcode_mutex);
-        put_online_cpus();
-
-        return ret;
-}
-
-static const struct file_operations microcode_fops = {
-        .owner          = THIS_MODULE,
-        .write          = microcode_write,
-        .open           = microcode_open,
-};
-
-static struct miscdevice microcode_dev = {
-        .minor          = MICROCODE_MINOR,
-        .name           = "microcode",
-        .fops           = &microcode_fops,
-};
-
-static int __init microcode_dev_init (void)
-{
-        int error;
-
-        error = misc_register(&microcode_dev);
-        if (error) {
-                printk(KERN_ERR
-                        "microcode: can't misc_register on minor=%d\n",
-                        MICROCODE_MINOR);
-                return error;
-        }
-
-        return 0;
-}
-
-static void microcode_dev_exit (void)
-{
-        misc_deregister(&microcode_dev);
-}
-
-MODULE_ALIAS_MISCDEV(MICROCODE_MINOR);
-#else
-#define microcode_dev_init() 0
-#define microcode_dev_exit() do { } while(0)
-#endif
-
-static long get_next_ucode_from_buffer(void **mc, const u8 *buf,
-        unsigned long size, long offset)
-{
-        microcode_header_t *mc_header;
-        unsigned long total_size;
-
-        /* No more data */
-        if (offset >= size)
-                return 0;
-        mc_header = (microcode_header_t *)(buf + offset);
-        total_size = get_totalsize(mc_header);
-
-        if (offset + total_size > size) {
-                printk(KERN_ERR "microcode: error! Bad data in microcode data file\n");
-                return -EINVAL;
-        }
-
-        *mc = vmalloc(total_size);
-        if (!*mc) {
-                printk(KERN_ERR "microcode: error! Can not allocate memory\n");
-                return -ENOMEM;
-        }
-        memcpy(*mc, buf + offset, total_size);
-        return offset + total_size;
-}
-
-/* fake device for request_firmware */
-static struct platform_device *microcode_pdev;
-
-static int cpu_request_microcode(int cpu)
-{
-        char name[30];
-        struct cpuinfo_x86 *c = &cpu_data(cpu);
-        const struct firmware *firmware;
-        const u8 *buf;
-        unsigned long size;
-        long offset = 0;
-        int error;
-        void *mc;
-
-        /* We should bind the task to the CPU */
-        BUG_ON(cpu != raw_smp_processor_id());
-        sprintf(name,"intel-ucode/%02x-%02x-%02x",
-                c->x86, c->x86_model, c->x86_mask);
-        error = request_firmware(&firmware, name, &microcode_pdev->dev);
-        if (error) {
-                pr_debug("microcode: data file %s load failed\n", name);
-                return error;
-        }
-        buf = firmware->data;
-        size = firmware->size;
-        while ((offset = get_next_ucode_from_buffer(&mc, buf, size, offset))
-                        > 0) {
-                error = microcode_sanity_check(mc);
-                if (error)
-                        break;
-                error = get_maching_microcode(mc, cpu);
-                if (error < 0)
-                        break;
-                /*
-                 * It's possible the data file has multiple matching ucode,
-                 * lets keep searching till the latest version
-                 */
-                if (error == 1) {
-                        apply_microcode(cpu);
-                        error = 0;
-                }
-                vfree(mc);
-        }
-        if (offset > 0)
-                vfree(mc);
-        if (offset < 0)
-                error = offset;
-        release_firmware(firmware);
-
-        return error;
-}
-
-static int apply_microcode_check_cpu(int cpu)
-{
-        struct cpuinfo_x86 *c = &cpu_data(cpu);
-        struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
-        cpumask_t old;
-        unsigned int val[2];
-        int err = 0;
-
-        /* Check if the microcode is available */
-        if (!uci->mc)
-                return 0;
-
-        old = current->cpus_allowed;
-        set_cpus_allowed_ptr(current, &cpumask_of_cpu(cpu));
-
-        /* Check if the microcode we have in memory matches the CPU */
-        if (c->x86_vendor != X86_VENDOR_INTEL || c->x86 < 6 ||
-            cpu_has(c, X86_FEATURE_IA64) || uci->sig != cpuid_eax(0x00000001))
-                err = -EINVAL;
-
-        if (!err && ((c->x86_model >= 5) || (c->x86 > 6))) {
-                /* get processor flags from MSR 0x17 */
-                rdmsr(MSR_IA32_PLATFORM_ID, val[0], val[1]);
-                if (uci->pf != (1 << ((val[1] >> 18) & 7)))
-                        err = -EINVAL;
-        }
-
-        if (!err) {
-                wrmsr(MSR_IA32_UCODE_REV, 0, 0);
-                /* see notes above for revision 1.07.  Apparent chip bug */
-                sync_core();
-                /* get the current revision from MSR 0x8B */
-                rdmsr(MSR_IA32_UCODE_REV, val[0], val[1]);
-                if (uci->rev != val[1])
-                        err = -EINVAL;
-        }
-
-        if (!err)
-                apply_microcode(cpu);
-        else
-                printk(KERN_ERR "microcode: Could not apply microcode to CPU%d:"
-                        " sig=0x%x, pf=0x%x, rev=0x%x\n",
-                        cpu, uci->sig, uci->pf, uci->rev);
-
-        set_cpus_allowed_ptr(current, &old);
-        return err;
-}
-
-static void microcode_init_cpu(int cpu, int resume)
-{
-        cpumask_t old;
-        struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
-
-        old = current->cpus_allowed;
-
-        set_cpus_allowed_ptr(current, &cpumask_of_cpu(cpu));
-        mutex_lock(&microcode_mutex);
-        collect_cpu_info(cpu);
-        if (uci->valid && system_state == SYSTEM_RUNNING && !resume)
-                cpu_request_microcode(cpu);
-        mutex_unlock(&microcode_mutex);
-        set_cpus_allowed_ptr(current, &old);
-}
-
-static void microcode_fini_cpu(int cpu)
-{
-        struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
-
-        mutex_lock(&microcode_mutex);
-        uci->valid = 0;
-        vfree(uci->mc);
-        uci->mc = NULL;
-        mutex_unlock(&microcode_mutex);
-}
-
-static ssize_t reload_store(struct sys_device *dev,
-                            struct sysdev_attribute *attr,
-                            const char *buf, size_t sz)
-{
-        struct ucode_cpu_info *uci = ucode_cpu_info + dev->id;
-        char *end;
-        unsigned long val = simple_strtoul(buf, &end, 0);
-        int err = 0;
-        int cpu = dev->id;
-
-        if (end == buf)
-                return -EINVAL;
-        if (val == 1) {
-                cpumask_t old = current->cpus_allowed;
-
-                get_online_cpus();
-                set_cpus_allowed_ptr(current, &cpumask_of_cpu(cpu));
-
-                mutex_lock(&microcode_mutex);
-                if (uci->valid)
-                        err = cpu_request_microcode(cpu);
-                mutex_unlock(&microcode_mutex);
-                put_online_cpus();
-                set_cpus_allowed_ptr(current, &old);
-        }
-        if (err)
-                return err;
-        return sz;
-}
-
-static ssize_t version_show(struct sys_device *dev,
-                        struct sysdev_attribute *attr, char *buf)
-{
-        struct ucode_cpu_info *uci = ucode_cpu_info + dev->id;
-
-        return sprintf(buf, "0x%x\n", uci->rev);
-}
-
-static ssize_t pf_show(struct sys_device *dev,
-                        struct sysdev_attribute *attr, char *buf)
-{
-        struct ucode_cpu_info *uci = ucode_cpu_info + dev->id;
-
-        return sprintf(buf, "0x%x\n", uci->pf);
-}
-
-static SYSDEV_ATTR(reload, 0200, NULL, reload_store);
-static SYSDEV_ATTR(version, 0400, version_show, NULL);
-static SYSDEV_ATTR(processor_flags, 0400, pf_show, NULL);
-
-static struct attribute *mc_default_attrs[] = {
-        &attr_reload.attr,
-        &attr_version.attr,
-        &attr_processor_flags.attr,
-        NULL
-};
-
-static struct attribute_group mc_attr_group = {
-        .attrs = mc_default_attrs,
-        .name = "microcode",
-};
-
-static int __mc_sysdev_add(struct sys_device *sys_dev, int resume)
-{
-        int err, cpu = sys_dev->id;
-        struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
-
-        if (!cpu_online(cpu))
-                return 0;
-
-        pr_debug("microcode: CPU%d added\n", cpu);
-        memset(uci, 0, sizeof(*uci));
-
-        err = sysfs_create_group(&sys_dev->kobj, &mc_attr_group);
-        if (err)
-                return err;
-
-        microcode_init_cpu(cpu, resume);
-
-        return 0;
-}
-
-static int mc_sysdev_add(struct sys_device *sys_dev)
-{
-        return __mc_sysdev_add(sys_dev, 0);
-}
-
-static int mc_sysdev_remove(struct sys_device *sys_dev)
-{
-        int cpu = sys_dev->id;
-
-        if (!cpu_online(cpu))
-                return 0;
-
-        pr_debug("microcode: CPU%d removed\n", cpu);
-        microcode_fini_cpu(cpu);
-        sysfs_remove_group(&sys_dev->kobj, &mc_attr_group);
-        return 0;
-}
-
-static int mc_sysdev_resume(struct sys_device *dev)
-{
-        int cpu = dev->id;
-
-        if (!cpu_online(cpu))
-                return 0;
-        pr_debug("microcode: CPU%d resumed\n", cpu);
-        /* only CPU 0 will apply ucode here */
-        apply_microcode(0);
-        return 0;
-}
-
-static struct sysdev_driver mc_sysdev_driver = {
-        .add = mc_sysdev_add,
-        .remove = mc_sysdev_remove,
-        .resume = mc_sysdev_resume,
-};
-
-static __cpuinit int
-mc_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu)
-{
-        unsigned int cpu = (unsigned long)hcpu;
-        struct sys_device *sys_dev;
-
-        sys_dev = get_cpu_sysdev(cpu);
-        switch (action) {
-        case CPU_UP_CANCELED_FROZEN:
-                /* The CPU refused to come up during a system resume */
-                microcode_fini_cpu(cpu);
-                break;
-        case CPU_ONLINE:
-        case CPU_DOWN_FAILED:
-                mc_sysdev_add(sys_dev);
-                break;
-        case CPU_ONLINE_FROZEN:
-                /* System-wide resume is in progress, try to apply microcode */
-                if (apply_microcode_check_cpu(cpu)) {
-                        /* The application of microcode failed */
-                        microcode_fini_cpu(cpu);
-                        __mc_sysdev_add(sys_dev, 1);
-                        break;
-                }
-        case CPU_DOWN_FAILED_FROZEN:
-                if (sysfs_create_group(&sys_dev->kobj, &mc_attr_group))
-                        printk(KERN_ERR "microcode: Failed to create the sysfs "
-                                "group for CPU%d\n", cpu);
-                break;
-        case CPU_DOWN_PREPARE:
-                mc_sysdev_remove(sys_dev);
-                break;
-        case CPU_DOWN_PREPARE_FROZEN:
-                /* Suspend is in progress, only remove the interface */
-                sysfs_remove_group(&sys_dev->kobj, &mc_attr_group);
-                break;
-        }
-        return NOTIFY_OK;
-}
-
-static struct notifier_block __refdata mc_cpu_notifier = {
-        .notifier_call = mc_cpu_callback,
-};
-
-static int __init microcode_init (void)
-{
-        int error;
-
-        printk(KERN_INFO
-                "IA-32 Microcode Update Driver: v" MICROCODE_VERSION " <tigran@aivazian.fsnet.co.uk>\n");
-
-        error = microcode_dev_init();
-        if (error)
-                return error;
-        microcode_pdev = platform_device_register_simple("microcode", -1,
-                                                         NULL, 0);
-        if (IS_ERR(microcode_pdev)) {
-                microcode_dev_exit();
-                return PTR_ERR(microcode_pdev);
-        }
-
-        get_online_cpus();
-        error = sysdev_driver_register(&cpu_sysdev_class, &mc_sysdev_driver);
-        put_online_cpus();
-        if (error) {
-                microcode_dev_exit();
-                platform_device_unregister(microcode_pdev);
-                return error;
-        }
-
-        register_hotcpu_notifier(&mc_cpu_notifier);
-        return 0;
-}
-
-static void __exit microcode_exit (void)
-{
-        microcode_dev_exit();
-
-        unregister_hotcpu_notifier(&mc_cpu_notifier);
-
-        get_online_cpus();
-        sysdev_driver_unregister(&cpu_sysdev_class, &mc_sysdev_driver);
-        put_online_cpus();
-
-        platform_device_unregister(microcode_pdev);
-}
-
-module_init(microcode_init)
-module_exit(microcode_exit)
diff --git a/arch/x86/kernel/microcode_amd.c b/arch/x86/kernel/microcode_amd.c
new file mode 100644
index 000000000000..7a1f8eeac2c7
--- /dev/null
+++ b/arch/x86/kernel/microcode_amd.c
@@ -0,0 +1,435 @@
+/*
+ *  AMD CPU Microcode Update Driver for Linux
+ *  Copyright (C) 2008 Advanced Micro Devices Inc.
+ *
+ *  Author: Peter Oruba <peter.oruba@amd.com>
+ *
+ *  Based on work by:
+ *  Tigran Aivazian <tigran@aivazian.fsnet.co.uk>
+ *
+ *  This driver allows to upgrade microcode on AMD
+ *  family 0x10 and 0x11 processors.
+ *
+ *  Licensed unter the terms of the GNU General Public
+ *  License version 2. See file COPYING for details.
+*/
+
+#include <linux/capability.h>
+#include <linux/kernel.h>
+#include <linux/init.h>
+#include <linux/sched.h>
+#include <linux/cpumask.h>
+#include <linux/module.h>
+#include <linux/slab.h>
+#include <linux/vmalloc.h>
+#include <linux/miscdevice.h>
+#include <linux/spinlock.h>
+#include <linux/mm.h>
+#include <linux/fs.h>
+#include <linux/mutex.h>
+#include <linux/cpu.h>
+#include <linux/firmware.h>
+#include <linux/platform_device.h>
+#include <linux/pci.h>
+#include <linux/pci_ids.h>
+
+#include <asm/msr.h>
+#include <asm/uaccess.h>
+#include <asm/processor.h>
+#include <asm/microcode.h>
+
+MODULE_DESCRIPTION("AMD Microcode Update Driver");
+MODULE_AUTHOR("Peter Oruba <peter.oruba@amd.com>");
+MODULE_LICENSE("GPL v2");
+
+#define UCODE_MAGIC                0x00414d44
+#define UCODE_EQUIV_CPU_TABLE_TYPE 0x00000000
+#define UCODE_UCODE_TYPE           0x00000001
+
+struct equiv_cpu_entry {
+        unsigned int installed_cpu;
+        unsigned int fixed_errata_mask;
+        unsigned int fixed_errata_compare;
+        unsigned int equiv_cpu;
+};
+
+struct microcode_header_amd {
+        unsigned int  data_code;
+        unsigned int  patch_id;
+        unsigned char mc_patch_data_id[2];
+        unsigned char mc_patch_data_len;
+        unsigned char init_flag;
+        unsigned int  mc_patch_data_checksum;
+        unsigned int  nb_dev_id;
+        unsigned int  sb_dev_id;
+        unsigned char processor_rev_id[2];
+        unsigned char nb_rev_id;
+        unsigned char sb_rev_id;
+        unsigned char bios_api_rev;
+        unsigned char reserved1[3];
+        unsigned int  match_reg[8];
+};
+
+struct microcode_amd {
+        struct microcode_header_amd hdr;
+        unsigned int mpb[0];
+};
+
+#define UCODE_MAX_SIZE          (2048)
+#define DEFAULT_UCODE_DATASIZE  (896)
+#define MC_HEADER_SIZE          (sizeof(struct microcode_header_amd))
+#define DEFAULT_UCODE_TOTALSIZE (DEFAULT_UCODE_DATASIZE + MC_HEADER_SIZE)
+#define DWSIZE                  (sizeof(u32))
+/* For now we support a fixed ucode total size only */
+#define get_totalsize(mc) \
+        ((((struct microcode_amd *)mc)->hdr.mc_patch_data_len * 28) \
+         + MC_HEADER_SIZE)
+
+/* serialize access to the physical write */
+static DEFINE_SPINLOCK(microcode_update_lock);
+
+static struct equiv_cpu_entry *equiv_cpu_table;
+
+static int collect_cpu_info_amd(int cpu, struct cpu_signature *csig)
+{
+        struct cpuinfo_x86 *c = &cpu_data(cpu);
+
+        memset(csig, 0, sizeof(*csig));
+
+        if (c->x86_vendor != X86_VENDOR_AMD || c->x86 < 0x10) {
+                printk(KERN_ERR "microcode: CPU%d not a capable AMD processor\n",
+                       cpu);
+                return -1;
+        }
+
+        asm volatile("movl %1, %%ecx; rdmsr"
+                     : "=a" (csig->rev)
+                     : "i" (0x0000008B) : "ecx");
+
+        printk(KERN_INFO "microcode: collect_cpu_info_amd : patch_id=0x%x\n",
+                csig->rev);
+
+        return 0;
+}
+
+static int get_matching_microcode(int cpu, void *mc, int rev)
+{
+        struct microcode_header_amd *mc_header = mc;
+        struct pci_dev *nb_pci_dev, *sb_pci_dev;
+        unsigned int current_cpu_id;
+        unsigned int equiv_cpu_id = 0x00;
+        unsigned int i = 0;
+
+        BUG_ON(equiv_cpu_table == NULL);
+        current_cpu_id = cpuid_eax(0x00000001);
+
+        while (equiv_cpu_table[i].installed_cpu != 0) {
+                if (current_cpu_id == equiv_cpu_table[i].installed_cpu) {
+                        equiv_cpu_id = equiv_cpu_table[i].equiv_cpu;
+                        break;
+                }
+                i++;
+        }
+
+        if (!equiv_cpu_id) {
+                printk(KERN_ERR "microcode: CPU%d cpu_id "
+                       "not found in equivalent cpu table \n", cpu);
+                return 0;
+        }
+
+        if ((mc_header->processor_rev_id[0]) != (equiv_cpu_id & 0xff)) {
+                printk(KERN_ERR
+                        "microcode: CPU%d patch does not match "
+                        "(patch is %x, cpu extended is %x) \n",
+                        cpu, mc_header->processor_rev_id[0],
+                        (equiv_cpu_id & 0xff));
+                return 0;
+        }
+
+        if ((mc_header->processor_rev_id[1]) != ((equiv_cpu_id >> 16) & 0xff)) {
+                printk(KERN_ERR "microcode: CPU%d patch does not match "
+                        "(patch is %x, cpu base id is %x) \n",
+                        cpu, mc_header->processor_rev_id[1],
+                        ((equiv_cpu_id >> 16) & 0xff));
+
+                return 0;
+        }
+
+        /* ucode may be northbridge specific */
+        if (mc_header->nb_dev_id) {
+                nb_pci_dev = pci_get_device(PCI_VENDOR_ID_AMD,
+                                            (mc_header->nb_dev_id & 0xff),
+                                            NULL);
+                if ((!nb_pci_dev) ||
+                    (mc_header->nb_rev_id != nb_pci_dev->revision)) {
+                        printk(KERN_ERR "microcode: CPU%d NB mismatch \n", cpu);
+                        pci_dev_put(nb_pci_dev);
+                        return 0;
+                }
+                pci_dev_put(nb_pci_dev);
+        }
+
+        /* ucode may be southbridge specific */
+        if (mc_header->sb_dev_id) {
+                sb_pci_dev = pci_get_device(PCI_VENDOR_ID_AMD,
+                                            (mc_header->sb_dev_id & 0xff),
+                                            NULL);
+                if ((!sb_pci_dev) ||
+                    (mc_header->sb_rev_id != sb_pci_dev->revision)) {
+                        printk(KERN_ERR "microcode: CPU%d SB mismatch \n", cpu);
+                        pci_dev_put(sb_pci_dev);
+                        return 0;
+                }
+                pci_dev_put(sb_pci_dev);
+        }
+
+        if (mc_header->patch_id <= rev)
+                return 0;
+
+        return 1;
+}
+
+static void apply_microcode_amd(int cpu)
+{
+        unsigned long flags;
+        unsigned int eax, edx;
+        unsigned int rev;
+        int cpu_num = raw_smp_processor_id();
+        struct ucode_cpu_info *uci = ucode_cpu_info + cpu_num;
+        struct microcode_amd *mc_amd = uci->mc;
+        unsigned long addr;
+
+        /* We should bind the task to the CPU */
+        BUG_ON(cpu_num != cpu);
+
+        if (mc_amd == NULL)
+                return;
+
+        spin_lock_irqsave(&microcode_update_lock, flags);
+
+        addr = (unsigned long)&mc_amd->hdr.data_code;
+        edx = (unsigned int)(((unsigned long)upper_32_bits(addr)));
+        eax = (unsigned int)(((unsigned long)lower_32_bits(addr)));
+
+        asm volatile("movl %0, %%ecx; wrmsr" :
+                     : "i" (0xc0010020), "a" (eax), "d" (edx) : "ecx");
+
+        /* get patch id after patching */
+        asm volatile("movl %1, %%ecx; rdmsr"
+                     : "=a" (rev)
+                     : "i" (0x0000008B) : "ecx");
+
+        spin_unlock_irqrestore(&microcode_update_lock, flags);
+
+        /* check current patch id and patch's id for match */
+        if (rev != mc_amd->hdr.patch_id) {
+                printk(KERN_ERR "microcode: CPU%d update from revision "
+                       "0x%x to 0x%x failed\n", cpu_num,
+                       mc_amd->hdr.patch_id, rev);
+                return;
+        }
+
+        printk(KERN_INFO "microcode: CPU%d updated from revision "
+               "0x%x to 0x%x \n",
+               cpu_num, uci->cpu_sig.rev, mc_amd->hdr.patch_id);
+
+        uci->cpu_sig.rev = rev;
+}
+
+static void * get_next_ucode(u8 *buf, unsigned int size,
+                        int (*get_ucode_data)(void *, const void *, size_t),
+                        unsigned int *mc_size)
+{
+        unsigned int total_size;
+#define UCODE_CONTAINER_SECTION_HDR     8
+        u8 section_hdr[UCODE_CONTAINER_SECTION_HDR];
+        void *mc;
+
+        if (get_ucode_data(section_hdr, buf, UCODE_CONTAINER_SECTION_HDR))
+                return NULL;
+
+        if (section_hdr[0] != UCODE_UCODE_TYPE) {
+                printk(KERN_ERR "microcode: error! "
+                       "Wrong microcode payload type field\n");
+                return NULL;
+        }
+
+        total_size = (unsigned long) (section_hdr[4] + (section_hdr[5] << 8));
+
+        printk(KERN_INFO "microcode: size %u, total_size %u\n",
+                size, total_size);
+
+        if (total_size > size || total_size > UCODE_MAX_SIZE) {
+                printk(KERN_ERR "microcode: error! Bad data in microcode data file\n");
+                return NULL;
+        }
+
+        mc = vmalloc(UCODE_MAX_SIZE);
+        if (mc) {
+                memset(mc, 0, UCODE_MAX_SIZE);
+                if (get_ucode_data(mc, buf + UCODE_CONTAINER_SECTION_HDR, total_size)) {
+                        vfree(mc);
+                        mc = NULL;
+                } else
+                        *mc_size = total_size + UCODE_CONTAINER_SECTION_HDR;
+        }
+#undef UCODE_CONTAINER_SECTION_HDR
+        return mc;
+}
+
+
+static int install_equiv_cpu_table(u8 *buf,
+                int (*get_ucode_data)(void *, const void *, size_t))
+{
+#define UCODE_CONTAINER_HEADER_SIZE     12
+        u8 *container_hdr[UCODE_CONTAINER_HEADER_SIZE];
+        unsigned int *buf_pos = (unsigned int *)container_hdr;
+        unsigned long size;
+
+        if (get_ucode_data(&container_hdr, buf, UCODE_CONTAINER_HEADER_SIZE))
+                return 0;
+
+        size = buf_pos[2];
+
+        if (buf_pos[1] != UCODE_EQUIV_CPU_TABLE_TYPE || !size) {
+                printk(KERN_ERR "microcode: error! "
+                       "Wrong microcode equivalnet cpu table\n");
+                return 0;
+        }
+
+        equiv_cpu_table = (struct equiv_cpu_entry *) vmalloc(size);
+        if (!equiv_cpu_table) {
+                printk(KERN_ERR "microcode: error, can't allocate memory for equiv CPU table\n");
+                return 0;
+        }
+
+        buf += UCODE_CONTAINER_HEADER_SIZE;
+        if (get_ucode_data(equiv_cpu_table, buf, size)) {
+                vfree(equiv_cpu_table);
+                return 0;
+        }
+
+        return size + UCODE_CONTAINER_HEADER_SIZE; /* add header length */
+#undef UCODE_CONTAINER_HEADER_SIZE
+}
+
+static void free_equiv_cpu_table(void)
+{
+        if (equiv_cpu_table) {
+                vfree(equiv_cpu_table);
+                equiv_cpu_table = NULL;
+        }
+}
+
+static int generic_load_microcode(int cpu, void *data, size_t size,
+                int (*get_ucode_data)(void *, const void *, size_t))
+{
+        struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
+        u8 *ucode_ptr = data, *new_mc = NULL, *mc;
+        int new_rev = uci->cpu_sig.rev;
+        unsigned int leftover;
+        unsigned long offset;
+
+        offset = install_equiv_cpu_table(ucode_ptr, get_ucode_data);
+        if (!offset) {
+                printk(KERN_ERR "microcode: installing equivalent cpu table failed\n");
+                return -EINVAL;
+        }
+
+        ucode_ptr += offset;
+        leftover = size - offset;
+
+        while (leftover) {
+                unsigned int uninitialized_var(mc_size);
+                struct microcode_header_amd *mc_header;
+
+                mc = get_next_ucode(ucode_ptr, leftover, get_ucode_data, &mc_size);
+                if (!mc)
+                        break;
+
+                mc_header = (struct microcode_header_amd *)mc;
+                if (get_matching_microcode(cpu, mc, new_rev)) {
+                        if (new_mc)
+                                vfree(new_mc);
+                        new_rev = mc_header->patch_id;
+                        new_mc  = mc;
+                } else 
+                        vfree(mc);
+
+                ucode_ptr += mc_size;
+                leftover  -= mc_size;
+        }
+
+        if (new_mc) {
+                if (!leftover) {
+                        if (uci->mc)
+                                vfree(uci->mc);
+                        uci->mc = new_mc;
+                        pr_debug("microcode: CPU%d found a matching microcode update with"
+                                " version 0x%x (current=0x%x)\n",
+                                cpu, new_rev, uci->cpu_sig.rev);
+                } else
+                        vfree(new_mc);
+        }
+
+        free_equiv_cpu_table();
+
+        return (int)leftover;
+}
+
+static int get_ucode_fw(void *to, const void *from, size_t n)
+{
+        memcpy(to, from, n);
+        return 0;
+}
+
+static int request_microcode_fw(int cpu, struct device *device)
+{
+        const char *fw_name = "amd-ucode/microcode_amd.bin";
+        const struct firmware *firmware;
+        int ret;
+
+        /* We should bind the task to the CPU */
+        BUG_ON(cpu != raw_smp_processor_id());
+
+        ret = request_firmware(&firmware, fw_name, device);
+        if (ret) {
+                printk(KERN_ERR "microcode: ucode data file %s load failed\n", fw_name);
+                return ret;
+        }
+
+        ret = generic_load_microcode(cpu, (void*)firmware->data, firmware->size,
+                        &get_ucode_fw);
+
+        release_firmware(firmware);
+
+        return ret;
+}
+
+static int request_microcode_user(int cpu, const void __user *buf, size_t size)
+{
+        printk(KERN_WARNING "microcode: AMD microcode update via /dev/cpu/microcode"
+                        "is not supported\n");
+        return -1;
+}
+
+static void microcode_fini_cpu_amd(int cpu)
+{
+        struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
+
+        vfree(uci->mc);
+        uci->mc = NULL;
+}
+
+static struct microcode_ops microcode_amd_ops = {
+        .request_microcode_user           = request_microcode_user,
+        .request_microcode_fw             = request_microcode_fw,
+        .collect_cpu_info                 = collect_cpu_info_amd,
+        .apply_microcode                  = apply_microcode_amd,
+        .microcode_fini_cpu               = microcode_fini_cpu_amd,
+};
+
+struct microcode_ops * __init init_amd_microcode(void)
+{
+        return &microcode_amd_ops;
+}
diff --git a/arch/x86/kernel/microcode_core.c b/arch/x86/kernel/microcode_core.c
new file mode 100644
index 000000000000..936d8d55f230
--- /dev/null
+++ b/arch/x86/kernel/microcode_core.c
@@ -0,0 +1,508 @@
+/*
+ *      Intel CPU Microcode Update Driver for Linux
+ *
+ *      Copyright (C) 2000-2006 Tigran Aivazian <tigran@aivazian.fsnet.co.uk>
+ *                    2006      Shaohua Li <shaohua.li@intel.com>
+ *
+ *      This driver allows to upgrade microcode on Intel processors
+ *      belonging to IA-32 family - PentiumPro, Pentium II,
+ *      Pentium III, Xeon, Pentium 4, etc.
+ *
+ *      Reference: Section 8.11 of Volume 3a, IA-32 Intel? Architecture
+ *      Software Developer's Manual
+ *      Order Number 253668 or free download from:
+ *
+ *      http://developer.intel.com/design/pentium4/manuals/253668.htm
+ *
+ *      For more information, go to http://www.urbanmyth.org/microcode
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ *
+ *      1.0     16 Feb 2000, Tigran Aivazian <tigran@sco.com>
+ *              Initial release.
+ *      1.01    18 Feb 2000, Tigran Aivazian <tigran@sco.com>
+ *              Added read() support + cleanups.
+ *      1.02    21 Feb 2000, Tigran Aivazian <tigran@sco.com>
+ *              Added 'device trimming' support. open(O_WRONLY) zeroes
+ *              and frees the saved copy of applied microcode.
+ *      1.03    29 Feb 2000, Tigran Aivazian <tigran@sco.com>
+ *              Made to use devfs (/dev/cpu/microcode) + cleanups.
+ *      1.04    06 Jun 2000, Simon Trimmer <simon@veritas.com>
+ *              Added misc device support (now uses both devfs and misc).
+ *              Added MICROCODE_IOCFREE ioctl to clear memory.
+ *      1.05    09 Jun 2000, Simon Trimmer <simon@veritas.com>
+ *              Messages for error cases (non Intel & no suitable microcode).
+ *      1.06    03 Aug 2000, Tigran Aivazian <tigran@veritas.com>
+ *              Removed ->release(). Removed exclusive open and status bitmap.
+ *              Added microcode_rwsem to serialize read()/write()/ioctl().
+ *              Removed global kernel lock usage.
+ *      1.07    07 Sep 2000, Tigran Aivazian <tigran@veritas.com>
+ *              Write 0 to 0x8B msr and then cpuid before reading revision,
+ *              so that it works even if there were no update done by the
+ *              BIOS. Otherwise, reading from 0x8B gives junk (which happened
+ *              to be 0 on my machine which is why it worked even when I
+ *              disabled update by the BIOS)
+ *              Thanks to Eric W. Biederman <ebiederman@lnxi.com> for the fix.
+ *      1.08    11 Dec 2000, Richard Schaal <richard.schaal@intel.com> and
+ *                           Tigran Aivazian <tigran@veritas.com>
+ *              Intel Pentium 4 processor support and bugfixes.
+ *      1.09    30 Oct 2001, Tigran Aivazian <tigran@veritas.com>
+ *              Bugfix for HT (Hyper-Threading) enabled processors
+ *              whereby processor resources are shared by all logical processors
+ *              in a single CPU package.
+ *      1.10    28 Feb 2002 Asit K Mallick <asit.k.mallick@intel.com> and
+ *              Tigran Aivazian <tigran@veritas.com>,
+ *              Serialize updates as required on HT processors due to
+ *              speculative nature of implementation.
+ *      1.11    22 Mar 2002 Tigran Aivazian <tigran@veritas.com>
+ *              Fix the panic when writing zero-length microcode chunk.
+ *      1.12    29 Sep 2003 Nitin Kamble <nitin.a.kamble@intel.com>,
+ *              Jun Nakajima <jun.nakajima@intel.com>
+ *              Support for the microcode updates in the new format.
+ *      1.13    10 Oct 2003 Tigran Aivazian <tigran@veritas.com>
+ *              Removed ->read() method and obsoleted MICROCODE_IOCFREE ioctl
+ *              because we no longer hold a copy of applied microcode
+ *              in kernel memory.
+ *      1.14    25 Jun 2004 Tigran Aivazian <tigran@veritas.com>
+ *              Fix sigmatch() macro to handle old CPUs with pf == 0.
+ *              Thanks to Stuart Swales for pointing out this bug.
+ */
+#include <linux/capability.h>
+#include <linux/kernel.h>
+#include <linux/init.h>
+#include <linux/sched.h>
+#include <linux/smp_lock.h>
+#include <linux/cpumask.h>
+#include <linux/module.h>
+#include <linux/slab.h>
+#include <linux/vmalloc.h>
+#include <linux/miscdevice.h>
+#include <linux/spinlock.h>
+#include <linux/mm.h>
+#include <linux/fs.h>
+#include <linux/mutex.h>
+#include <linux/cpu.h>
+#include <linux/firmware.h>
+#include <linux/platform_device.h>
+
+#include <asm/msr.h>
+#include <asm/uaccess.h>
+#include <asm/processor.h>
+#include <asm/microcode.h>
+
+MODULE_DESCRIPTION("Microcode Update Driver");
+MODULE_AUTHOR("Tigran Aivazian <tigran@aivazian.fsnet.co.uk>");
+MODULE_LICENSE("GPL");
+
+#define MICROCODE_VERSION       "2.00"
+
+struct microcode_ops *microcode_ops;
+
+/* no concurrent ->write()s are allowed on /dev/cpu/microcode */
+static DEFINE_MUTEX(microcode_mutex);
+
+struct ucode_cpu_info ucode_cpu_info[NR_CPUS];
+EXPORT_SYMBOL_GPL(ucode_cpu_info);
+
+#ifdef CONFIG_MICROCODE_OLD_INTERFACE
+static int do_microcode_update(const void __user *buf, size_t size)
+{
+        cpumask_t old;
+        int error = 0;
+        int cpu;
+
+        old = current->cpus_allowed;
+
+        for_each_online_cpu(cpu) {
+                struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
+
+                if (!uci->valid)
+                        continue;
+
+                set_cpus_allowed_ptr(current, &cpumask_of_cpu(cpu));
+                error = microcode_ops->request_microcode_user(cpu, buf, size);
+                if (error < 0)
+                        goto out;
+                if (!error)
+                        microcode_ops->apply_microcode(cpu);
+        }
+out:
+        set_cpus_allowed_ptr(current, &old);
+        return error;
+}
+
+static int microcode_open(struct inode *unused1, struct file *unused2)
+{
+        cycle_kernel_lock();
+        return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
+}
+
+static ssize_t microcode_write(struct file *file, const char __user *buf,
+                               size_t len, loff_t *ppos)
+{
+        ssize_t ret;
+
+        if ((len >> PAGE_SHIFT) > num_physpages) {
+                printk(KERN_ERR "microcode: too much data (max %ld pages)\n",
+                       num_physpages);
+                return -EINVAL;
+        }
+
+        get_online_cpus();
+        mutex_lock(&microcode_mutex);
+
+        ret = do_microcode_update(buf, len);
+        if (!ret)
+                ret = (ssize_t)len;
+
+        mutex_unlock(&microcode_mutex);
+        put_online_cpus();
+
+        return ret;
+}
+
+static const struct file_operations microcode_fops = {
+        .owner          = THIS_MODULE,
+        .write          = microcode_write,
+        .open           = microcode_open,
+};
+
+static struct miscdevice microcode_dev = {
+        .minor          = MICROCODE_MINOR,
+        .name           = "microcode",
+        .fops           = &microcode_fops,
+};
+
+static int __init microcode_dev_init(void)
+{
+        int error;
+
+        error = misc_register(&microcode_dev);
+        if (error) {
+                printk(KERN_ERR
+                        "microcode: can't misc_register on minor=%d\n",
+                        MICROCODE_MINOR);
+                return error;
+        }
+
+        return 0;
+}
+
+static void microcode_dev_exit(void)
+{
+        misc_deregister(&microcode_dev);
+}
+
+MODULE_ALIAS_MISCDEV(MICROCODE_MINOR);
+#else
+#define microcode_dev_init() 0
+#define microcode_dev_exit() do { } while (0)
+#endif
+
+/* fake device for request_firmware */
+struct platform_device *microcode_pdev;
+
+static ssize_t reload_store(struct sys_device *dev,
+                            struct sysdev_attribute *attr,
+                            const char *buf, size_t sz)
+{
+        struct ucode_cpu_info *uci = ucode_cpu_info + dev->id;
+        char *end;
+        unsigned long val = simple_strtoul(buf, &end, 0);
+        int err = 0;
+        int cpu = dev->id;
+
+        if (end == buf)
+                return -EINVAL;
+        if (val == 1) {
+                cpumask_t old = current->cpus_allowed;
+
+                get_online_cpus();
+                if (cpu_online(cpu)) {
+                        set_cpus_allowed_ptr(current, &cpumask_of_cpu(cpu));
+                        mutex_lock(&microcode_mutex);
+                        if (uci->valid) {
+                                err = microcode_ops->request_microcode_fw(cpu,
+                                                &microcode_pdev->dev);
+                                if (!err)
+                                        microcode_ops->apply_microcode(cpu);
+                        }
+                        mutex_unlock(&microcode_mutex);
+                        set_cpus_allowed_ptr(current, &old);
+                }
+                put_online_cpus();
+        }
+        if (err)
+                return err;
+        return sz;
+}
+
+static ssize_t version_show(struct sys_device *dev,
+                        struct sysdev_attribute *attr, char *buf)
+{
+        struct ucode_cpu_info *uci = ucode_cpu_info + dev->id;
+
+        return sprintf(buf, "0x%x\n", uci->cpu_sig.rev);
+}
+
+static ssize_t pf_show(struct sys_device *dev,
+                        struct sysdev_attribute *attr, char *buf)
+{
+        struct ucode_cpu_info *uci = ucode_cpu_info + dev->id;
+
+        return sprintf(buf, "0x%x\n", uci->cpu_sig.pf);
+}
+
+static SYSDEV_ATTR(reload, 0200, NULL, reload_store);
+static SYSDEV_ATTR(version, 0400, version_show, NULL);
+static SYSDEV_ATTR(processor_flags, 0400, pf_show, NULL);
+
+static struct attribute *mc_default_attrs[] = {
+        &attr_reload.attr,
+        &attr_version.attr,
+        &attr_processor_flags.attr,
+        NULL
+};
+
+static struct attribute_group mc_attr_group = {
+        .attrs = mc_default_attrs,
+        .name = "microcode",
+};
+
+static void microcode_fini_cpu(int cpu)
+{
+        struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
+
+        mutex_lock(&microcode_mutex);
+        microcode_ops->microcode_fini_cpu(cpu);
+        uci->valid = 0;
+        mutex_unlock(&microcode_mutex);
+}
+
+static void collect_cpu_info(int cpu)
+{
+        struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
+
+        memset(uci, 0, sizeof(*uci));
+        if (!microcode_ops->collect_cpu_info(cpu, &uci->cpu_sig))
+                uci->valid = 1;
+}
+
+static int microcode_resume_cpu(int cpu)
+{
+        struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
+        struct cpu_signature nsig;
+
+        pr_debug("microcode: CPU%d resumed\n", cpu);
+
+        if (!uci->mc)
+                return 1;
+
+        /*
+         * Let's verify that the 'cached' ucode does belong
+         * to this cpu (a bit of paranoia):
+         */
+        if (microcode_ops->collect_cpu_info(cpu, &nsig)) {
+                microcode_fini_cpu(cpu);
+                return -1;
+        }
+
+        if (memcmp(&nsig, &uci->cpu_sig, sizeof(nsig))) {
+                microcode_fini_cpu(cpu);
+                /* Should we look for a new ucode here? */
+                return 1;
+        }
+
+        return 0;
+}
+
+void microcode_update_cpu(int cpu)
+{
+        struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
+        int err = 0;
+
+        /*
+         * Check if the system resume is in progress (uci->valid != NULL),
+         * otherwise just request a firmware:
+         */
+        if (uci->valid) {
+                err = microcode_resume_cpu(cpu);
+        } else {        
+                collect_cpu_info(cpu);
+                if (uci->valid && system_state == SYSTEM_RUNNING)
+                        err = microcode_ops->request_microcode_fw(cpu,
+                                        &microcode_pdev->dev);
+        }
+        if (!err)
+                microcode_ops->apply_microcode(cpu);
+}
+
+static void microcode_init_cpu(int cpu)
+{
+        cpumask_t old = current->cpus_allowed;
+
+        set_cpus_allowed_ptr(current, &cpumask_of_cpu(cpu));
+        /* We should bind the task to the CPU */
+        BUG_ON(raw_smp_processor_id() != cpu);
+
+        mutex_lock(&microcode_mutex);
+        microcode_update_cpu(cpu);
+        mutex_unlock(&microcode_mutex);
+
+        set_cpus_allowed_ptr(current, &old);
+}
+
+static int mc_sysdev_add(struct sys_device *sys_dev)
+{
+        int err, cpu = sys_dev->id;
+        struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
+
+        if (!cpu_online(cpu))
+                return 0;
+
+        pr_debug("microcode: CPU%d added\n", cpu);
+        memset(uci, 0, sizeof(*uci));
+
+        err = sysfs_create_group(&sys_dev->kobj, &mc_attr_group);
+        if (err)
+                return err;
+
+        microcode_init_cpu(cpu);
+        return 0;
+}
+
+static int mc_sysdev_remove(struct sys_device *sys_dev)
+{
+        int cpu = sys_dev->id;
+
+        if (!cpu_online(cpu))
+                return 0;
+
+        pr_debug("microcode: CPU%d removed\n", cpu);
+        microcode_fini_cpu(cpu);
+        sysfs_remove_group(&sys_dev->kobj, &mc_attr_group);
+        return 0;
+}
+
+static int mc_sysdev_resume(struct sys_device *dev)
+{
+        int cpu = dev->id;
+
+        if (!cpu_online(cpu))
+                return 0;
+
+        /* only CPU 0 will apply ucode here */
+        microcode_update_cpu(0);
+        return 0;
+}
+
+static struct sysdev_driver mc_sysdev_driver = {
+        .add = mc_sysdev_add,
+        .remove = mc_sysdev_remove,
+        .resume = mc_sysdev_resume,
+};
+
+static __cpuinit int
+mc_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu)
+{
+        unsigned int cpu = (unsigned long)hcpu;
+        struct sys_device *sys_dev;
+
+        sys_dev = get_cpu_sysdev(cpu);
+        switch (action) {
+        case CPU_ONLINE:
+        case CPU_ONLINE_FROZEN:
+                microcode_init_cpu(cpu);
+        case CPU_DOWN_FAILED:
+        case CPU_DOWN_FAILED_FROZEN:
+                pr_debug("microcode: CPU%d added\n", cpu);
+                if (sysfs_create_group(&sys_dev->kobj, &mc_attr_group))
+                        printk(KERN_ERR "microcode: Failed to create the sysfs "
+                                "group for CPU%d\n", cpu);
+                break;
+        case CPU_DOWN_PREPARE:
+        case CPU_DOWN_PREPARE_FROZEN:
+                /* Suspend is in progress, only remove the interface */
+                sysfs_remove_group(&sys_dev->kobj, &mc_attr_group);
+                pr_debug("microcode: CPU%d removed\n", cpu);
+                break;
+        case CPU_DEAD:
+        case CPU_UP_CANCELED_FROZEN:
+                /* The CPU refused to come up during a system resume */
+                microcode_fini_cpu(cpu);
+                break;
+        }
+        return NOTIFY_OK;
+}
+
+static struct notifier_block __refdata mc_cpu_notifier = {
+        .notifier_call = mc_cpu_callback,
+};
+
+static int __init microcode_init(void)
+{
+        struct cpuinfo_x86 *c = &cpu_data(0);
+        int error;
+
+        if (c->x86_vendor == X86_VENDOR_INTEL)
+                microcode_ops = init_intel_microcode();
+        else if (c->x86_vendor == X86_VENDOR_AMD)
+                microcode_ops = init_amd_microcode();
+
+        if (!microcode_ops) {
+                printk(KERN_ERR "microcode: no support for this CPU vendor\n");
+                return -ENODEV;
+        }
+
+        error = microcode_dev_init();
+        if (error)
+                return error;
+        microcode_pdev = platform_device_register_simple("microcode", -1,
+                                                         NULL, 0);
+        if (IS_ERR(microcode_pdev)) {
+                microcode_dev_exit();
+                return PTR_ERR(microcode_pdev);
+        }
+
+        get_online_cpus();
+        error = sysdev_driver_register(&cpu_sysdev_class, &mc_sysdev_driver);
+        put_online_cpus();
+        if (error) {
+                microcode_dev_exit();
+                platform_device_unregister(microcode_pdev);
+                return error;
+        }
+
+        register_hotcpu_notifier(&mc_cpu_notifier);
+
+        printk(KERN_INFO
+               "Microcode Update Driver: v" MICROCODE_VERSION
+               " <tigran@aivazian.fsnet.co.uk>"
+               " <peter.oruba@amd.com>\n");
+
+        return 0;
+}
+
+static void __exit microcode_exit(void)
+{
+        microcode_dev_exit();
+
+        unregister_hotcpu_notifier(&mc_cpu_notifier);
+
+        get_online_cpus();
+        sysdev_driver_unregister(&cpu_sysdev_class, &mc_sysdev_driver);
+        put_online_cpus();
+
+        platform_device_unregister(microcode_pdev);
+
+        microcode_ops = NULL;
+
+        printk(KERN_INFO
+               "Microcode Update Driver: v" MICROCODE_VERSION " removed.\n");
+}
+
+module_init(microcode_init);
+module_exit(microcode_exit);
diff --git a/arch/x86/kernel/microcode_intel.c b/arch/x86/kernel/microcode_intel.c
new file mode 100644
index 000000000000..622dc4a21784
--- /dev/null
+++ b/arch/x86/kernel/microcode_intel.c
@@ -0,0 +1,480 @@
+/*
+ *      Intel CPU Microcode Update Driver for Linux
+ *
+ *      Copyright (C) 2000-2006 Tigran Aivazian <tigran@aivazian.fsnet.co.uk>
+ *                    2006      Shaohua Li <shaohua.li@intel.com>
+ *
+ *      This driver allows to upgrade microcode on Intel processors
+ *      belonging to IA-32 family - PentiumPro, Pentium II,
+ *      Pentium III, Xeon, Pentium 4, etc.
+ *
+ *      Reference: Section 8.11 of Volume 3a, IA-32 Intel? Architecture
+ *      Software Developer's Manual
+ *      Order Number 253668 or free download from:
+ *
+ *      http://developer.intel.com/design/pentium4/manuals/253668.htm
+ *
+ *      For more information, go to http://www.urbanmyth.org/microcode
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ *
+ *      1.0     16 Feb 2000, Tigran Aivazian <tigran@sco.com>
+ *              Initial release.
+ *      1.01    18 Feb 2000, Tigran Aivazian <tigran@sco.com>
+ *              Added read() support + cleanups.
+ *      1.02    21 Feb 2000, Tigran Aivazian <tigran@sco.com>
+ *              Added 'device trimming' support. open(O_WRONLY) zeroes
+ *              and frees the saved copy of applied microcode.
+ *      1.03    29 Feb 2000, Tigran Aivazian <tigran@sco.com>
+ *              Made to use devfs (/dev/cpu/microcode) + cleanups.
+ *      1.04    06 Jun 2000, Simon Trimmer <simon@veritas.com>
+ *              Added misc device support (now uses both devfs and misc).
+ *              Added MICROCODE_IOCFREE ioctl to clear memory.
+ *      1.05    09 Jun 2000, Simon Trimmer <simon@veritas.com>
+ *              Messages for error cases (non Intel & no suitable microcode).
+ *      1.06    03 Aug 2000, Tigran Aivazian <tigran@veritas.com>
+ *              Removed ->release(). Removed exclusive open and status bitmap.
+ *              Added microcode_rwsem to serialize read()/write()/ioctl().
+ *              Removed global kernel lock usage.
+ *      1.07    07 Sep 2000, Tigran Aivazian <tigran@veritas.com>
+ *              Write 0 to 0x8B msr and then cpuid before reading revision,
+ *              so that it works even if there were no update done by the
+ *              BIOS. Otherwise, reading from 0x8B gives junk (which happened
+ *              to be 0 on my machine which is why it worked even when I
+ *              disabled update by the BIOS)
+ *              Thanks to Eric W. Biederman <ebiederman@lnxi.com> for the fix.
+ *      1.08    11 Dec 2000, Richard Schaal <richard.schaal@intel.com> and
+ *                           Tigran Aivazian <tigran@veritas.com>
+ *              Intel Pentium 4 processor support and bugfixes.
+ *      1.09    30 Oct 2001, Tigran Aivazian <tigran@veritas.com>
+ *              Bugfix for HT (Hyper-Threading) enabled processors
+ *              whereby processor resources are shared by all logical processors
+ *              in a single CPU package.
+ *      1.10    28 Feb 2002 Asit K Mallick <asit.k.mallick@intel.com> and
+ *              Tigran Aivazian <tigran@veritas.com>,
+ *              Serialize updates as required on HT processors due to
+ *              speculative nature of implementation.
+ *      1.11    22 Mar 2002 Tigran Aivazian <tigran@veritas.com>
+ *              Fix the panic when writing zero-length microcode chunk.
+ *      1.12    29 Sep 2003 Nitin Kamble <nitin.a.kamble@intel.com>,
+ *              Jun Nakajima <jun.nakajima@intel.com>
+ *              Support for the microcode updates in the new format.
+ *      1.13    10 Oct 2003 Tigran Aivazian <tigran@veritas.com>
+ *              Removed ->read() method and obsoleted MICROCODE_IOCFREE ioctl
+ *              because we no longer hold a copy of applied microcode
+ *              in kernel memory.
+ *      1.14    25 Jun 2004 Tigran Aivazian <tigran@veritas.com>
+ *              Fix sigmatch() macro to handle old CPUs with pf == 0.
+ *              Thanks to Stuart Swales for pointing out this bug.
+ */
+#include <linux/capability.h>
+#include <linux/kernel.h>
+#include <linux/init.h>
+#include <linux/sched.h>
+#include <linux/smp_lock.h>
+#include <linux/cpumask.h>
+#include <linux/module.h>
+#include <linux/slab.h>
+#include <linux/vmalloc.h>
+#include <linux/miscdevice.h>
+#include <linux/spinlock.h>
+#include <linux/mm.h>
+#include <linux/fs.h>
+#include <linux/mutex.h>
+#include <linux/cpu.h>
+#include <linux/firmware.h>
+#include <linux/platform_device.h>
+
+#include <asm/msr.h>
+#include <asm/uaccess.h>
+#include <asm/processor.h>
+#include <asm/microcode.h>
+
+MODULE_DESCRIPTION("Microcode Update Driver");
+MODULE_AUTHOR("Tigran Aivazian <tigran@aivazian.fsnet.co.uk>");
+MODULE_LICENSE("GPL");
+
+struct microcode_header_intel {
+        unsigned int            hdrver;
+        unsigned int            rev;
+        unsigned int            date;
+        unsigned int            sig;
+        unsigned int            cksum;
+        unsigned int            ldrver;
+        unsigned int            pf;
+        unsigned int            datasize;
+        unsigned int            totalsize;
+        unsigned int            reserved[3];
+};
+
+struct microcode_intel {
+        struct microcode_header_intel hdr;
+        unsigned int            bits[0];
+};
+
+/* microcode format is extended from prescott processors */
+struct extended_signature {
+        unsigned int            sig;
+        unsigned int            pf;
+        unsigned int            cksum;
+};
+
+struct extended_sigtable {
+        unsigned int            count;
+        unsigned int            cksum;
+        unsigned int            reserved[3];
+        struct extended_signature sigs[0];
+};
+
+#define DEFAULT_UCODE_DATASIZE  (2000)
+#define MC_HEADER_SIZE          (sizeof(struct microcode_header_intel))
+#define DEFAULT_UCODE_TOTALSIZE (DEFAULT_UCODE_DATASIZE + MC_HEADER_SIZE)
+#define EXT_HEADER_SIZE         (sizeof(struct extended_sigtable))
+#define EXT_SIGNATURE_SIZE      (sizeof(struct extended_signature))
+#define DWSIZE                  (sizeof(u32))
+#define get_totalsize(mc) \
+        (((struct microcode_intel *)mc)->hdr.totalsize ? \
+         ((struct microcode_intel *)mc)->hdr.totalsize : \
+         DEFAULT_UCODE_TOTALSIZE)
+
+#define get_datasize(mc) \
+        (((struct microcode_intel *)mc)->hdr.datasize ? \
+         ((struct microcode_intel *)mc)->hdr.datasize : DEFAULT_UCODE_DATASIZE)
+
+#define sigmatch(s1, s2, p1, p2) \
+        (((s1) == (s2)) && (((p1) & (p2)) || (((p1) == 0) && ((p2) == 0))))
+
+#define exttable_size(et) ((et)->count * EXT_SIGNATURE_SIZE + EXT_HEADER_SIZE)
+
+/* serialize access to the physical write to MSR 0x79 */
+static DEFINE_SPINLOCK(microcode_update_lock);
+
+static int collect_cpu_info(int cpu_num, struct cpu_signature *csig)
+{
+        struct cpuinfo_x86 *c = &cpu_data(cpu_num);
+        unsigned int val[2];
+
+        memset(csig, 0, sizeof(*csig));
+
+        if (c->x86_vendor != X86_VENDOR_INTEL || c->x86 < 6 ||
+            cpu_has(c, X86_FEATURE_IA64)) {
+                printk(KERN_ERR "microcode: CPU%d not a capable Intel "
+                        "processor\n", cpu_num);
+                return -1;
+        }
+
+        csig->sig = cpuid_eax(0x00000001);
+
+        if ((c->x86_model >= 5) || (c->x86 > 6)) {
+                /* get processor flags from MSR 0x17 */
+                rdmsr(MSR_IA32_PLATFORM_ID, val[0], val[1]);
+                csig->pf = 1 << ((val[1] >> 18) & 7);
+        }
+
+        wrmsr(MSR_IA32_UCODE_REV, 0, 0);
+        /* see notes above for revision 1.07.  Apparent chip bug */
+        sync_core();
+        /* get the current revision from MSR 0x8B */
+        rdmsr(MSR_IA32_UCODE_REV, val[0], csig->rev);
+        pr_debug("microcode: collect_cpu_info : sig=0x%x, pf=0x%x, rev=0x%x\n",
+                        csig->sig, csig->pf, csig->rev);
+
+        return 0;
+}
+
+static inline int update_match_cpu(struct cpu_signature *csig, int sig, int pf)
+{
+        return (!sigmatch(sig, csig->sig, pf, csig->pf)) ? 0 : 1;
+}
+
+static inline int 
+update_match_revision(struct microcode_header_intel *mc_header, int rev)
+{
+        return (mc_header->rev <= rev) ? 0 : 1;
+}
+
+static int microcode_sanity_check(void *mc)
+{
+        struct microcode_header_intel *mc_header = mc;
+        struct extended_sigtable *ext_header = NULL;
+        struct extended_signature *ext_sig;
+        unsigned long total_size, data_size, ext_table_size;
+        int sum, orig_sum, ext_sigcount = 0, i;
+
+        total_size = get_totalsize(mc_header);
+        data_size = get_datasize(mc_header);
+        if (data_size + MC_HEADER_SIZE > total_size) {
+                printk(KERN_ERR "microcode: error! "
+                        "Bad data size in microcode data file\n");
+                return -EINVAL;
+        }
+
+        if (mc_header->ldrver != 1 || mc_header->hdrver != 1) {
+                printk(KERN_ERR "microcode: error! "
+                        "Unknown microcode update format\n");
+                return -EINVAL;
+        }
+        ext_table_size = total_size - (MC_HEADER_SIZE + data_size);
+        if (ext_table_size) {
+                if ((ext_table_size < EXT_HEADER_SIZE)
+                 || ((ext_table_size - EXT_HEADER_SIZE) % EXT_SIGNATURE_SIZE)) {
+                        printk(KERN_ERR "microcode: error! "
+                                "Small exttable size in microcode data file\n");
+                        return -EINVAL;
+                }
+                ext_header = mc + MC_HEADER_SIZE + data_size;
+                if (ext_table_size != exttable_size(ext_header)) {
+                        printk(KERN_ERR "microcode: error! "
+                                "Bad exttable size in microcode data file\n");
+                        return -EFAULT;
+                }
+                ext_sigcount = ext_header->count;
+        }
+
+        /* check extended table checksum */
+        if (ext_table_size) {
+                int ext_table_sum = 0;
+                int *ext_tablep = (int *)ext_header;
+
+                i = ext_table_size / DWSIZE;
+                while (i--)
+                        ext_table_sum += ext_tablep[i];
+                if (ext_table_sum) {
+                        printk(KERN_WARNING "microcode: aborting, "
+                                "bad extended signature table checksum\n");
+                        return -EINVAL;
+                }
+        }
+
+        /* calculate the checksum */
+        orig_sum = 0;
+        i = (MC_HEADER_SIZE + data_size) / DWSIZE;
+        while (i--)
+                orig_sum += ((int *)mc)[i];
+        if (orig_sum) {
+                printk(KERN_ERR "microcode: aborting, bad checksum\n");
+                return -EINVAL;
+        }
+        if (!ext_table_size)
+                return 0;
+        /* check extended signature checksum */
+        for (i = 0; i < ext_sigcount; i++) {
+                ext_sig = (void *)ext_header + EXT_HEADER_SIZE +
+                          EXT_SIGNATURE_SIZE * i;
+                sum = orig_sum
+                        - (mc_header->sig + mc_header->pf + mc_header->cksum)
+                        + (ext_sig->sig + ext_sig->pf + ext_sig->cksum);
+                if (sum) {
+                        printk(KERN_ERR "microcode: aborting, bad checksum\n");
+                        return -EINVAL;
+                }
+        }
+        return 0;
+}
+
+/*
+ * return 0 - no update found
+ * return 1 - found update
+ */
+static int
+get_matching_microcode(struct cpu_signature *cpu_sig, void *mc, int rev)
+{
+        struct microcode_header_intel *mc_header = mc;
+        struct extended_sigtable *ext_header;
+        unsigned long total_size = get_totalsize(mc_header);
+        int ext_sigcount, i;
+        struct extended_signature *ext_sig;
+
+        if (!update_match_revision(mc_header, rev))
+                return 0;
+
+        if (update_match_cpu(cpu_sig, mc_header->sig, mc_header->pf))
+                return 1;
+
+        /* Look for ext. headers: */
+        if (total_size <= get_datasize(mc_header) + MC_HEADER_SIZE)
+                return 0;
+
+        ext_header = mc + get_datasize(mc_header) + MC_HEADER_SIZE;
+        ext_sigcount = ext_header->count;
+        ext_sig = (void *)ext_header + EXT_HEADER_SIZE;
+
+        for (i = 0; i < ext_sigcount; i++) {
+                if (update_match_cpu(cpu_sig, ext_sig->sig, ext_sig->pf))
+                        return 1;
+                ext_sig++;
+        }
+        return 0;
+}
+
+static void apply_microcode(int cpu)
+{
+        unsigned long flags;
+        unsigned int val[2];
+        int cpu_num = raw_smp_processor_id();
+        struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
+        struct microcode_intel *mc_intel = uci->mc;
+
+        /* We should bind the task to the CPU */
+        BUG_ON(cpu_num != cpu);
+
+        if (mc_intel == NULL)
+                return;
+
+        /* serialize access to the physical write to MSR 0x79 */
+        spin_lock_irqsave(&microcode_update_lock, flags);
+
+        /* write microcode via MSR 0x79 */
+        wrmsr(MSR_IA32_UCODE_WRITE,
+              (unsigned long) mc_intel->bits,
+              (unsigned long) mc_intel->bits >> 16 >> 16);
+        wrmsr(MSR_IA32_UCODE_REV, 0, 0);
+
+        /* see notes above for revision 1.07.  Apparent chip bug */
+        sync_core();
+
+        /* get the current revision from MSR 0x8B */
+        rdmsr(MSR_IA32_UCODE_REV, val[0], val[1]);
+
+        spin_unlock_irqrestore(&microcode_update_lock, flags);
+        if (val[1] != mc_intel->hdr.rev) {
+                printk(KERN_ERR "microcode: CPU%d update from revision "
+                        "0x%x to 0x%x failed\n", cpu_num, uci->cpu_sig.rev, val[1]);
+                return;
+        }
+        printk(KERN_INFO "microcode: CPU%d updated from revision "
+               "0x%x to 0x%x, date = %04x-%02x-%02x \n",
+                cpu_num, uci->cpu_sig.rev, val[1],
+                mc_intel->hdr.date & 0xffff,
+                mc_intel->hdr.date >> 24,
+                (mc_intel->hdr.date >> 16) & 0xff);
+        uci->cpu_sig.rev = val[1];
+}
+
+static int generic_load_microcode(int cpu, void *data, size_t size,
+                int (*get_ucode_data)(void *, const void *, size_t))
+{
+        struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
+        u8 *ucode_ptr = data, *new_mc = NULL, *mc;
+        int new_rev = uci->cpu_sig.rev;
+        unsigned int leftover = size;
+
+        while (leftover) {
+                struct microcode_header_intel mc_header;
+                unsigned int mc_size;
+
+                if (get_ucode_data(&mc_header, ucode_ptr, sizeof(mc_header)))
+                        break;
+
+                mc_size = get_totalsize(&mc_header);
+                if (!mc_size || mc_size > leftover) {
+                        printk(KERN_ERR "microcode: error!"
+                                        "Bad data in microcode data file\n");
+                        break;
+                }
+
+                mc = vmalloc(mc_size);
+                if (!mc)
+                        break;
+
+                if (get_ucode_data(mc, ucode_ptr, mc_size) ||
+                    microcode_sanity_check(mc) < 0) {
+                        vfree(mc);
+                        break;
+                }
+
+                if (get_matching_microcode(&uci->cpu_sig, mc, new_rev)) {
+                        if (new_mc)
+                                vfree(new_mc);
+                        new_rev = mc_header.rev;
+                        new_mc  = mc;
+                } else
+                        vfree(mc);
+
+                ucode_ptr += mc_size;
+                leftover  -= mc_size;
+        }
+
+        if (new_mc) {
+                if (!leftover) {
+                        if (uci->mc)
+                                vfree(uci->mc);
+                        uci->mc = (struct microcode_intel *)new_mc;
+                        pr_debug("microcode: CPU%d found a matching microcode update with"
+                                 " version 0x%x (current=0x%x)\n",
+                                cpu, new_rev, uci->cpu_sig.rev);
+                } else
+                        vfree(new_mc);
+        }
+
+        return (int)leftover;
+}
+
+static int get_ucode_fw(void *to, const void *from, size_t n)
+{
+        memcpy(to, from, n);
+        return 0;
+}
+
+static int request_microcode_fw(int cpu, struct device *device)
+{
+        char name[30];
+        struct cpuinfo_x86 *c = &cpu_data(cpu);
+        const struct firmware *firmware;
+        int ret;
+
+        /* We should bind the task to the CPU */
+        BUG_ON(cpu != raw_smp_processor_id());
+        sprintf(name, "intel-ucode/%02x-%02x-%02x",
+                c->x86, c->x86_model, c->x86_mask);
+        ret = request_firmware(&firmware, name, device);
+        if (ret) {
+                pr_debug("microcode: data file %s load failed\n", name);
+                return ret;
+        }
+
+        ret = generic_load_microcode(cpu, (void*)firmware->data, firmware->size,
+                        &get_ucode_fw);
+
+        release_firmware(firmware);
+
+        return ret;
+}
+
+static int get_ucode_user(void *to, const void *from, size_t n)
+{
+        return copy_from_user(to, from, n);
+}
+
+static int request_microcode_user(int cpu, const void __user *buf, size_t size)
+{
+        /* We should bind the task to the CPU */
+        BUG_ON(cpu != raw_smp_processor_id());
+
+        return generic_load_microcode(cpu, (void*)buf, size, &get_ucode_user);
+}
+
+static void microcode_fini_cpu(int cpu)
+{
+        struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
+
+        vfree(uci->mc);
+        uci->mc = NULL;
+}
+
+struct microcode_ops microcode_intel_ops = {
+        .request_microcode_user           = request_microcode_user,
+        .request_microcode_fw             = request_microcode_fw,
+        .collect_cpu_info                 = collect_cpu_info,
+        .apply_microcode                  = apply_microcode,
+        .microcode_fini_cpu               = microcode_fini_cpu,
+};
+
+struct microcode_ops * __init init_intel_microcode(void)
+{
+        return &microcode_intel_ops;
+}
+
diff --git a/arch/x86/kernel/mpparse.c b/arch/x86/kernel/mpparse.c
index b3fb430725cb..f98f4e1dba09 100644
--- a/arch/x86/kernel/mpparse.c
+++ b/arch/x86/kernel/mpparse.c
@@ -397,7 +397,9 @@ static int __init smp_read_mpc(struct mp_config_table *mpc, unsigned early)
        generic_bigsmp_probe();
 #endif
 
+#ifdef CONFIG_X86_32
         setup_apic_routing();
+#endif
         if (!num_processors)
                 printk(KERN_ERR "MPTABLE: no processors registered!\n");
         return num_processors;
diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
index 2e2af5d18191..82a7c7ed6d45 100644
--- a/arch/x86/kernel/msr.c
+++ b/arch/x86/kernel/msr.c
@@ -163,8 +163,8 @@ static int __cpuinit msr_device_create(int cpu)
 {
         struct device *dev;
 
-        dev = device_create_drvdata(msr_class, NULL, MKDEV(MSR_MAJOR, cpu),
-                                    NULL, "msr%d", cpu);
+        dev = device_create(msr_class, NULL, MKDEV(MSR_MAJOR, cpu), NULL,
+                            "msr%d", cpu);
         return IS_ERR(dev) ? PTR_ERR(dev) : 0;
 }
 
diff --git a/arch/x86/kernel/nmi.c b/arch/x86/kernel/nmi.c
index abb78a2cc4ad..2c97f07f1c2c 100644
--- a/arch/x86/kernel/nmi.c
+++ b/arch/x86/kernel/nmi.c
@@ -299,6 +299,15 @@ void acpi_nmi_disable(void)
                 on_each_cpu(__acpi_nmi_disable, NULL, 1);
 }
 
+/*
+ * This function is called as soon the LAPIC NMI watchdog driver has everything
+ * in place and it's ready to check if the NMIs belong to the NMI watchdog
+ */
+void cpu_nmi_set_wd_enabled(void)
+{
+        __get_cpu_var(wd_enabled) = 1;
+}
+
 void setup_apic_nmi_watchdog(void *unused)
 {
         if (__get_cpu_var(wd_enabled))
@@ -311,8 +320,6 @@ void setup_apic_nmi_watchdog(void *unused)
 
         switch (nmi_watchdog) {
         case NMI_LOCAL_APIC:
-                 /* enable it before to avoid race with handler */
-                __get_cpu_var(wd_enabled) = 1;
                 if (lapic_watchdog_init(nmi_hz) < 0) {
                         __get_cpu_var(wd_enabled) = 0;
                         return;
diff --git a/arch/x86/kernel/numaq_32.c b/arch/x86/kernel/numaq_32.c
index eecc8c18f010..4caff39078e0 100644
--- a/arch/x86/kernel/numaq_32.c
+++ b/arch/x86/kernel/numaq_32.c
@@ -229,6 +229,12 @@ static void __init smp_read_mpc_oem(struct mp_config_oemtable *oemtable,
         }
 }
 
+static int __init numaq_setup_ioapic_ids(void)
+{
+        /* so can skip it */
+        return 1;
+}
+
 static struct x86_quirks numaq_x86_quirks __initdata = {
         .arch_pre_time_init     = numaq_pre_time_init,
         .arch_time_init         = NULL,
@@ -243,6 +249,7 @@ static struct x86_quirks numaq_x86_quirks __initdata = {
         .mpc_oem_bus_info       = mpc_oem_bus_info,
         .mpc_oem_pci_bus        = mpc_oem_pci_bus,
         .smp_read_mpc_oem       = smp_read_mpc_oem,
+        .setup_ioapic_ids       = numaq_setup_ioapic_ids,
 };
 
 void numaq_mps_oem_check(struct mp_config_table *mpc, char *oem,
diff --git a/arch/x86/kernel/olpc.c b/arch/x86/kernel/olpc.c
index 3e6672274807..7a13fac63a1f 100644
--- a/arch/x86/kernel/olpc.c
+++ b/arch/x86/kernel/olpc.c
@@ -190,12 +190,12 @@ EXPORT_SYMBOL_GPL(olpc_ec_cmd);
 static void __init platform_detect(void)
 {
         size_t propsize;
-        u32 rev;
+        __be32 rev;
 
         if (ofw("getprop", 4, 1, NULL, "board-revision-int", &rev, 4,
                         &propsize) || propsize != 4) {
                 printk(KERN_ERR "ofw: getprop call failed!\n");
-                rev = 0;
+                rev = cpu_to_be32(0);
         }
         olpc_platform_info.boardrev = be32_to_cpu(rev);
 }
@@ -203,7 +203,7 @@ static void __init platform_detect(void)
 static void __init platform_detect(void)
 {
         /* stopgap until OFW support is added to the kernel */
-        olpc_platform_info.boardrev = be32_to_cpu(0xc2);
+        olpc_platform_info.boardrev = 0xc2;
 }
 #endif
 
diff --git a/arch/x86/kernel/paravirt-spinlocks.c b/arch/x86/kernel/paravirt-spinlocks.c
new file mode 100644
index 000000000000..0e9f1982b1dd
--- /dev/null
+++ b/arch/x86/kernel/paravirt-spinlocks.c
@@ -0,0 +1,37 @@
+/*
+ * Split spinlock implementation out into its own file, so it can be
+ * compiled in a FTRACE-compatible way.
+ */
+#include <linux/spinlock.h>
+#include <linux/module.h>
+
+#include <asm/paravirt.h>
+
+static void default_spin_lock_flags(struct raw_spinlock *lock, unsigned long flags)
+{
+        __raw_spin_lock(lock);
+}
+
+struct pv_lock_ops pv_lock_ops = {
+#ifdef CONFIG_SMP
+        .spin_is_locked = __ticket_spin_is_locked,
+        .spin_is_contended = __ticket_spin_is_contended,
+
+        .spin_lock = __ticket_spin_lock,
+        .spin_lock_flags = default_spin_lock_flags,
+        .spin_trylock = __ticket_spin_trylock,
+        .spin_unlock = __ticket_spin_unlock,
+#endif
+};
+EXPORT_SYMBOL(pv_lock_ops);
+
+void __init paravirt_use_bytelocks(void)
+{
+#ifdef CONFIG_SMP
+        pv_lock_ops.spin_is_locked = __byte_spin_is_locked;
+        pv_lock_ops.spin_is_contended = __byte_spin_is_contended;
+        pv_lock_ops.spin_lock = __byte_spin_lock;
+        pv_lock_ops.spin_trylock = __byte_spin_trylock;
+        pv_lock_ops.spin_unlock = __byte_spin_unlock;
+#endif
+}
diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c
index 300da17e61cb..e4c8fb608873 100644
--- a/arch/x86/kernel/paravirt.c
+++ b/arch/x86/kernel/paravirt.c
@@ -268,17 +268,6 @@ enum paravirt_lazy_mode paravirt_get_lazy_mode(void)
         return __get_cpu_var(paravirt_lazy_mode);
 }
 
-void __init paravirt_use_bytelocks(void)
-{
-#ifdef CONFIG_SMP
-        pv_lock_ops.spin_is_locked = __byte_spin_is_locked;
-        pv_lock_ops.spin_is_contended = __byte_spin_is_contended;
-        pv_lock_ops.spin_lock = __byte_spin_lock;
-        pv_lock_ops.spin_trylock = __byte_spin_trylock;
-        pv_lock_ops.spin_unlock = __byte_spin_unlock;
-#endif
-}
-
 struct pv_info pv_info = {
         .name = "bare hardware",
         .paravirt_enabled = 0,
@@ -330,6 +319,7 @@ struct pv_cpu_ops pv_cpu_ops = {
 #endif
         .wbinvd = native_wbinvd,
         .read_msr = native_read_msr_safe,
+        .read_msr_amd = native_read_msr_amd_safe,
         .write_msr = native_write_msr_safe,
         .read_tsc = native_read_tsc,
         .read_pmc = native_read_pmc,
@@ -348,6 +338,10 @@ struct pv_cpu_ops pv_cpu_ops = {
         .write_ldt_entry = native_write_ldt_entry,
         .write_gdt_entry = native_write_gdt_entry,
         .write_idt_entry = native_write_idt_entry,
+
+        .alloc_ldt = paravirt_nop,
+        .free_ldt = paravirt_nop,
+
         .load_sp0 = native_load_sp0,
 
 #if defined(CONFIG_X86_32) || defined(CONFIG_IA32_EMULATION)
@@ -373,8 +367,6 @@ struct pv_cpu_ops pv_cpu_ops = {
 
 struct pv_apic_ops pv_apic_ops = {
 #ifdef CONFIG_X86_LOCAL_APIC
-        .apic_write = native_apic_write,
-        .apic_read = native_apic_read,
         .setup_boot_clock = setup_boot_APIC_clock,
         .setup_secondary_clock = setup_secondary_APIC_clock,
         .startup_ipi_hook = paravirt_nop,
@@ -461,18 +453,6 @@ struct pv_mmu_ops pv_mmu_ops = {
         .set_fixmap = native_set_fixmap,
 };
 
-struct pv_lock_ops pv_lock_ops = {
-#ifdef CONFIG_SMP
-        .spin_is_locked = __ticket_spin_is_locked,
-        .spin_is_contended = __ticket_spin_is_contended,
-
-        .spin_lock = __ticket_spin_lock,
-        .spin_trylock = __ticket_spin_trylock,
-        .spin_unlock = __ticket_spin_unlock,
-#endif
-};
-EXPORT_SYMBOL(pv_lock_ops);
-
 EXPORT_SYMBOL_GPL(pv_time_ops);
 EXPORT_SYMBOL    (pv_cpu_ops);
 EXPORT_SYMBOL    (pv_mmu_ops);
diff --git a/arch/x86/kernel/paravirt_patch_32.c b/arch/x86/kernel/paravirt_patch_32.c
index 58262218781b..9fe644f4861d 100644
--- a/arch/x86/kernel/paravirt_patch_32.c
+++ b/arch/x86/kernel/paravirt_patch_32.c
@@ -23,7 +23,7 @@ unsigned native_patch(u8 type, u16 clobbers, void *ibuf,
                         start = start_##ops##_##x;              \
                         end = end_##ops##_##x;                  \
                         goto patch_site
-        switch(type) {
+        switch (type) {
                 PATCH_SITE(pv_irq_ops, irq_disable);
                 PATCH_SITE(pv_irq_ops, irq_enable);
                 PATCH_SITE(pv_irq_ops, restore_fl);
diff --git a/arch/x86/kernel/pci-calgary_64.c b/arch/x86/kernel/pci-calgary_64.c
index dcdac6c826e9..e1e731d78f38 100644
--- a/arch/x86/kernel/pci-calgary_64.c
+++ b/arch/x86/kernel/pci-calgary_64.c
@@ -217,16 +217,6 @@ static inline unsigned long verify_bit_range(unsigned long* bitmap,
 
 #endif /* CONFIG_IOMMU_DEBUG */
 
-static inline unsigned int num_dma_pages(unsigned long dma, unsigned int dmalen)
-{
-        unsigned int npages;
-
-        npages = PAGE_ALIGN(dma + dmalen) - (dma & PAGE_MASK);
-        npages >>= PAGE_SHIFT;
-
-        return npages;
-}
-
 static inline int translation_enabled(struct iommu_table *tbl)
 {
         /* only PHBs with translation enabled have an IOMMU table */
@@ -261,7 +251,7 @@ static void iommu_range_reserve(struct iommu_table *tbl,
                                badbit, tbl, start_addr, npages);
         }
 
-        set_bit_string(tbl->it_map, index, npages);
+        iommu_area_reserve(tbl->it_map, index, npages);
 
         spin_unlock_irqrestore(&tbl->it_lock, flags);
 }
@@ -408,7 +398,7 @@ static void calgary_unmap_sg(struct device *dev,
                 if (dmalen == 0)
                         break;
 
-                npages = num_dma_pages(dma, dmalen);
+                npages = iommu_num_pages(dma, dmalen, PAGE_SIZE);
                 iommu_free(tbl, dma, npages);
         }
 }
@@ -427,7 +417,7 @@ static int calgary_map_sg(struct device *dev, struct scatterlist *sg,
                 BUG_ON(!sg_page(s));
 
                 vaddr = (unsigned long) sg_virt(s);
-                npages = num_dma_pages(vaddr, s->length);
+                npages = iommu_num_pages(vaddr, s->length, PAGE_SIZE);
 
                 entry = iommu_range_alloc(dev, tbl, npages);
                 if (entry == bad_dma_address) {
@@ -464,7 +454,7 @@ static dma_addr_t calgary_map_single(struct device *dev, phys_addr_t paddr,
         struct iommu_table *tbl = find_iommu_table(dev);
 
         uaddr = (unsigned long)vaddr;
-        npages = num_dma_pages(uaddr, size);
+        npages = iommu_num_pages(uaddr, size, PAGE_SIZE);
 
         return iommu_alloc(dev, tbl, vaddr, npages, direction);
 }
@@ -475,7 +465,7 @@ static void calgary_unmap_single(struct device *dev, dma_addr_t dma_handle,
         struct iommu_table *tbl = find_iommu_table(dev);
         unsigned int npages;
 
-        npages = num_dma_pages(dma_handle, size);
+        npages = iommu_num_pages(dma_handle, size, PAGE_SIZE);
         iommu_free(tbl, dma_handle, npages);
 }
 
@@ -491,6 +481,8 @@ static void* calgary_alloc_coherent(struct device *dev, size_t size,
         npages = size >> PAGE_SHIFT;
         order = get_order(size);
 
+        flag &= ~(__GFP_DMA | __GFP_HIGHMEM | __GFP_DMA32);
+
         /* alloc enough pages (and possibly more) */
         ret = (void *)__get_free_pages(flag, order);
         if (!ret)
@@ -510,8 +502,22 @@ error:
         return ret;
 }
 
+static void calgary_free_coherent(struct device *dev, size_t size,
+                                  void *vaddr, dma_addr_t dma_handle)
+{
+        unsigned int npages;
+        struct iommu_table *tbl = find_iommu_table(dev);
+
+        size = PAGE_ALIGN(size);
+        npages = size >> PAGE_SHIFT;
+
+        iommu_free(tbl, dma_handle, npages);
+        free_pages((unsigned long)vaddr, get_order(size));
+}
+
 static struct dma_mapping_ops calgary_dma_ops = {
         .alloc_coherent = calgary_alloc_coherent,
+        .free_coherent = calgary_free_coherent,
         .map_single = calgary_map_single,
         .unmap_single = calgary_unmap_single,
         .map_sg = calgary_map_sg,
diff --git a/arch/x86/kernel/pci-dma.c b/arch/x86/kernel/pci-dma.c
index 87d4d6964ec2..192624820217 100644
--- a/arch/x86/kernel/pci-dma.c
+++ b/arch/x86/kernel/pci-dma.c
@@ -41,11 +41,12 @@ EXPORT_SYMBOL(bad_dma_address);
 /* Dummy device used for NULL arguments (normally ISA). Better would
    be probably a smaller DMA mask, but this is bug-to-bug compatible
    to older i386. */
-struct device fallback_dev = {
+struct device x86_dma_fallback_dev = {
         .bus_id = "fallback device",
         .coherent_dma_mask = DMA_32BIT_MASK,
-        .dma_mask = &fallback_dev.coherent_dma_mask,
+        .dma_mask = &x86_dma_fallback_dev.coherent_dma_mask,
 };
+EXPORT_SYMBOL(x86_dma_fallback_dev);
 
 int dma_set_mask(struct device *dev, u64 mask)
 {
@@ -82,7 +83,7 @@ void __init dma32_reserve_bootmem(void)
          * using 512M as goal
          */
         align = 64ULL<<20;
-        size = round_up(dma32_bootmem_size, align);
+        size = roundup(dma32_bootmem_size, align);
         dma32_bootmem_ptr = __alloc_bootmem_nopanic(size, align,
                                  512ULL<<20);
         if (dma32_bootmem_ptr)
@@ -124,15 +125,46 @@ void __init pci_iommu_alloc(void)
         pci_swiotlb_init();
 }
 
-unsigned long iommu_num_pages(unsigned long addr, unsigned long len)
+unsigned long iommu_nr_pages(unsigned long addr, unsigned long len)
 {
         unsigned long size = roundup((addr & ~PAGE_MASK) + len, PAGE_SIZE);
 
         return size >> PAGE_SHIFT;
 }
-EXPORT_SYMBOL(iommu_num_pages);
+EXPORT_SYMBOL(iommu_nr_pages);
 #endif
 
+void *dma_generic_alloc_coherent(struct device *dev, size_t size,
+                                 dma_addr_t *dma_addr, gfp_t flag)
+{
+        unsigned long dma_mask;
+        struct page *page;
+        dma_addr_t addr;
+
+        dma_mask = dma_alloc_coherent_mask(dev, flag);
+
+        flag |= __GFP_ZERO;
+again:
+        page = alloc_pages_node(dev_to_node(dev), flag, get_order(size));
+        if (!page)
+                return NULL;
+
+        addr = page_to_phys(page);
+        if (!is_buffer_dma_capable(dma_mask, addr, size)) {
+                __free_pages(page, get_order(size));
+
+                if (dma_mask < DMA_32BIT_MASK && !(flag & GFP_DMA)) {
+                        flag = (flag & ~GFP_DMA32) | GFP_DMA;
+                        goto again;
+                }
+
+                return NULL;
+        }
+
+        *dma_addr = addr;
+        return page_address(page);
+}
+
 /*
  * See <Documentation/x86_64/boot-options.txt> for the iommu kernel parameter
  * documentation.
@@ -241,147 +273,6 @@ int dma_supported(struct device *dev, u64 mask)
 }
 EXPORT_SYMBOL(dma_supported);
 
-/* Allocate DMA memory on node near device */
-static noinline struct page *
-dma_alloc_pages(struct device *dev, gfp_t gfp, unsigned order)
-{
-        int node;
-
-        node = dev_to_node(dev);
-
-        return alloc_pages_node(node, gfp, order);
-}
-
-/*
- * Allocate memory for a coherent mapping.
- */
-void *
-dma_alloc_coherent(struct device *dev, size_t size, dma_addr_t *dma_handle,
-                   gfp_t gfp)
-{
-        struct dma_mapping_ops *ops = get_dma_ops(dev);
-        void *memory = NULL;
-        struct page *page;
-        unsigned long dma_mask = 0;
-        dma_addr_t bus;
-        int noretry = 0;
-
-        /* ignore region specifiers */
-        gfp &= ~(__GFP_DMA | __GFP_HIGHMEM | __GFP_DMA32);
-
-        if (dma_alloc_from_coherent(dev, size, dma_handle, &memory))
-                return memory;
-
-        if (!dev) {
-                dev = &fallback_dev;
-                gfp |= GFP_DMA;
-        }
-        dma_mask = dev->coherent_dma_mask;
-        if (dma_mask == 0)
-                dma_mask = (gfp & GFP_DMA) ? DMA_24BIT_MASK : DMA_32BIT_MASK;
-
-        /* Device not DMA able */
-        if (dev->dma_mask == NULL)
-                return NULL;
-
-        /* Don't invoke OOM killer or retry in lower 16MB DMA zone */
-        if (gfp & __GFP_DMA)
-                noretry = 1;
-
-#ifdef CONFIG_X86_64
-        /* Why <=? Even when the mask is smaller than 4GB it is often
-           larger than 16MB and in this case we have a chance of
-           finding fitting memory in the next higher zone first. If
-           not retry with true GFP_DMA. -AK */
-        if (dma_mask <= DMA_32BIT_MASK && !(gfp & GFP_DMA)) {
-                gfp |= GFP_DMA32;
-                if (dma_mask < DMA_32BIT_MASK)
-                        noretry = 1;
-        }
-#endif
-
- again:
-        page = dma_alloc_pages(dev,
-                noretry ? gfp | __GFP_NORETRY : gfp, get_order(size));
-        if (page == NULL)
-                return NULL;
-
-        {
-                int high, mmu;
-                bus = page_to_phys(page);
-                memory = page_address(page);
-                high = (bus + size) >= dma_mask;
-                mmu = high;
-                if (force_iommu && !(gfp & GFP_DMA))
-                        mmu = 1;
-                else if (high) {
-                        free_pages((unsigned long)memory,
-                                   get_order(size));
-
-                        /* Don't use the 16MB ZONE_DMA unless absolutely
-                           needed. It's better to use remapping first. */
-                        if (dma_mask < DMA_32BIT_MASK && !(gfp & GFP_DMA)) {
-                                gfp = (gfp & ~GFP_DMA32) | GFP_DMA;
-                                goto again;
-                        }
-
-                        /* Let low level make its own zone decisions */
-                        gfp &= ~(GFP_DMA32|GFP_DMA);
-
-                        if (ops->alloc_coherent)
-                                return ops->alloc_coherent(dev, size,
-                                                           dma_handle, gfp);
-                        return NULL;
-                }
-
-                memset(memory, 0, size);
-                if (!mmu) {
-                        *dma_handle = bus;
-                        return memory;
-                }
-        }
-
-        if (ops->alloc_coherent) {
-                free_pages((unsigned long)memory, get_order(size));
-                gfp &= ~(GFP_DMA|GFP_DMA32);
-                return ops->alloc_coherent(dev, size, dma_handle, gfp);
-        }
-
-        if (ops->map_simple) {
-                *dma_handle = ops->map_simple(dev, virt_to_phys(memory),
-                                              size,
-                                              PCI_DMA_BIDIRECTIONAL);
-                if (*dma_handle != bad_dma_address)
-                        return memory;
-        }
-
-        if (panic_on_overflow)
-                panic("dma_alloc_coherent: IOMMU overflow by %lu bytes\n",
-                      (unsigned long)size);
-        free_pages((unsigned long)memory, get_order(size));
-        return NULL;
-}
-EXPORT_SYMBOL(dma_alloc_coherent);
-
-/*
- * Unmap coherent memory.
- * The caller must ensure that the device has finished accessing the mapping.
- */
-void dma_free_coherent(struct device *dev, size_t size,
-                         void *vaddr, dma_addr_t bus)
-{
-        struct dma_mapping_ops *ops = get_dma_ops(dev);
-
-        int order = get_order(size);
-        WARN_ON(irqs_disabled());       /* for portability */
-        if (dma_release_from_coherent(dev, order, vaddr))
-                return;
-        if (ops->unmap_single)
-                ops->unmap_single(dev, bus, size, 0);
-        free_pages((unsigned long)vaddr, order);
-}
-EXPORT_SYMBOL(dma_free_coherent);
-
 static int __init pci_iommu_init(void)
 {
         calgary_iommu_init();
diff --git a/arch/x86/kernel/pci-gart_64.c b/arch/x86/kernel/pci-gart_64.c
index 49285f8fd4d5..e3f75bbcedea 100644
--- a/arch/x86/kernel/pci-gart_64.c
+++ b/arch/x86/kernel/pci-gart_64.c
@@ -27,8 +27,8 @@
 #include <linux/scatterlist.h>
 #include <linux/iommu-helper.h>
 #include <linux/sysdev.h>
+#include <linux/io.h>
 #include <asm/atomic.h>
-#include <asm/io.h>
 #include <asm/mtrr.h>
 #include <asm/pgtable.h>
 #include <asm/proto.h>
@@ -80,9 +80,10 @@ AGPEXTERN int agp_memory_reserved;
 AGPEXTERN __u32 *agp_gatt_table;
 
 static unsigned long next_bit;  /* protected by iommu_bitmap_lock */
-static int need_flush;          /* global flush state. set for each gart wrap */
+static bool need_flush;         /* global flush state. set for each gart wrap */
 
-static unsigned long alloc_iommu(struct device *dev, int size)
+static unsigned long alloc_iommu(struct device *dev, int size,
+                                 unsigned long align_mask)
 {
         unsigned long offset, flags;
         unsigned long boundary_size;
@@ -90,26 +91,27 @@ static unsigned long alloc_iommu(struct device *dev, int size)
 
         base_index = ALIGN(iommu_bus_base & dma_get_seg_boundary(dev),
                            PAGE_SIZE) >> PAGE_SHIFT;
-        boundary_size = ALIGN(dma_get_seg_boundary(dev) + 1,
+        boundary_size = ALIGN((unsigned long long)dma_get_seg_boundary(dev) + 1,
                               PAGE_SIZE) >> PAGE_SHIFT;
 
         spin_lock_irqsave(&iommu_bitmap_lock, flags);
         offset = iommu_area_alloc(iommu_gart_bitmap, iommu_pages, next_bit,
-                                  size, base_index, boundary_size, 0);
+                                  size, base_index, boundary_size, align_mask);
         if (offset == -1) {
-                need_flush = 1;
+                need_flush = true;
                 offset = iommu_area_alloc(iommu_gart_bitmap, iommu_pages, 0,
-                                          size, base_index, boundary_size, 0);
+                                          size, base_index, boundary_size,
+                                          align_mask);
         }
         if (offset != -1) {
                 next_bit = offset+size;
                 if (next_bit >= iommu_pages) {
                         next_bit = 0;
-                        need_flush = 1;
+                        need_flush = true;
                 }
         }
         if (iommu_fullflush)
-                need_flush = 1;
+                need_flush = true;
         spin_unlock_irqrestore(&iommu_bitmap_lock, flags);
 
         return offset;
@@ -134,7 +136,7 @@ static void flush_gart(void)
         spin_lock_irqsave(&iommu_bitmap_lock, flags);
         if (need_flush) {
                 k8_flush_garts();
-                need_flush = 0;
+                need_flush = false;
         }
         spin_unlock_irqrestore(&iommu_bitmap_lock, flags);
 }
@@ -173,7 +175,8 @@ static void dump_leak(void)
                iommu_leak_pages);
         for (i = 0; i < iommu_leak_pages; i += 2) {
                 printk(KERN_DEBUG "%lu: ", iommu_pages-i);
-                printk_address((unsigned long) iommu_leak_tab[iommu_pages-i], 0);
+                printk_address((unsigned long) iommu_leak_tab[iommu_pages-i],
+                                0);
                 printk(KERN_CONT "%c", (i+1)%2 == 0 ? '\n' : ' ');
         }
         printk(KERN_DEBUG "\n");
@@ -212,34 +215,24 @@ static void iommu_full(struct device *dev, size_t size, int dir)
 static inline int
 need_iommu(struct device *dev, unsigned long addr, size_t size)
 {
-        u64 mask = *dev->dma_mask;
-        int high = addr + size > mask;
-        int mmu = high;
-
-        if (force_iommu)
-                mmu = 1;
-
-        return mmu;
+        return force_iommu ||
+                !is_buffer_dma_capable(*dev->dma_mask, addr, size);
 }
 
 static inline int
 nonforced_iommu(struct device *dev, unsigned long addr, size_t size)
 {
-        u64 mask = *dev->dma_mask;
-        int high = addr + size > mask;
-        int mmu = high;
-
-        return mmu;
+        return !is_buffer_dma_capable(*dev->dma_mask, addr, size);
 }
 
 /* Map a single continuous physical area into the IOMMU.
  * Caller needs to check if the iommu is needed and flush.
  */
 static dma_addr_t dma_map_area(struct device *dev, dma_addr_t phys_mem,
-                                size_t size, int dir)
+                                size_t size, int dir, unsigned long align_mask)
 {
-        unsigned long npages = iommu_num_pages(phys_mem, size);
-        unsigned long iommu_page = alloc_iommu(dev, npages);
+        unsigned long npages = iommu_num_pages(phys_mem, size, PAGE_SIZE);
+        unsigned long iommu_page = alloc_iommu(dev, npages, align_mask);
         int i;
 
         if (iommu_page == -1) {
@@ -259,16 +252,6 @@ static dma_addr_t dma_map_area(struct device *dev, dma_addr_t phys_mem,
         return iommu_bus_base + iommu_page*PAGE_SIZE + (phys_mem & ~PAGE_MASK);
 }
 
-static dma_addr_t
-gart_map_simple(struct device *dev, phys_addr_t paddr, size_t size, int dir)
-{
-        dma_addr_t map = dma_map_area(dev, paddr, size, dir);
-
-        flush_gart();
-
-        return map;
-}
-
 /* Map a single area into the IOMMU */
 static dma_addr_t
 gart_map_single(struct device *dev, phys_addr_t paddr, size_t size, int dir)
@@ -276,12 +259,13 @@ gart_map_single(struct device *dev, phys_addr_t paddr, size_t size, int dir)
         unsigned long bus;
 
         if (!dev)
-                dev = &fallback_dev;
+                dev = &x86_dma_fallback_dev;
 
         if (!need_iommu(dev, paddr, size))
                 return paddr;
 
-        bus = gart_map_simple(dev, paddr, size, dir);
+        bus = dma_map_area(dev, paddr, size, dir, 0);
+        flush_gart();
 
         return bus;
 }
@@ -301,7 +285,7 @@ static void gart_unmap_single(struct device *dev, dma_addr_t dma_addr,
                 return;
 
         iommu_page = (dma_addr - iommu_bus_base)>>PAGE_SHIFT;
-        npages = iommu_num_pages(dma_addr, size);
+        npages = iommu_num_pages(dma_addr, size, PAGE_SIZE);
         for (i = 0; i < npages; i++) {
                 iommu_gatt_base[iommu_page + i] = gart_unmapped_entry;
                 CLEAR_LEAK(iommu_page + i);
@@ -340,7 +324,7 @@ static int dma_map_sg_nonforce(struct device *dev, struct scatterlist *sg,
                 unsigned long addr = sg_phys(s);
 
                 if (nonforced_iommu(dev, addr, s->length)) {
-                        addr = dma_map_area(dev, addr, s->length, dir);
+                        addr = dma_map_area(dev, addr, s->length, dir, 0);
                         if (addr == bad_dma_address) {
                                 if (i > 0)
                                         gart_unmap_sg(dev, sg, i, dir);
@@ -362,7 +346,7 @@ static int __dma_map_cont(struct device *dev, struct scatterlist *start,
                           int nelems, struct scatterlist *sout,
                           unsigned long pages)
 {
-        unsigned long iommu_start = alloc_iommu(dev, pages);
+        unsigned long iommu_start = alloc_iommu(dev, pages, 0);
         unsigned long iommu_page = iommu_start;
         struct scatterlist *s;
         int i;
@@ -384,7 +368,7 @@ static int __dma_map_cont(struct device *dev, struct scatterlist *start,
                 }
 
                 addr = phys_addr;
-                pages = iommu_num_pages(s->offset, s->length);
+                pages = iommu_num_pages(s->offset, s->length, PAGE_SIZE);
                 while (pages--) {
                         iommu_gatt_base[iommu_page] = GPTE_ENCODE(addr);
                         SET_LEAK(iommu_page);
@@ -427,7 +411,7 @@ gart_map_sg(struct device *dev, struct scatterlist *sg, int nents, int dir)
                 return 0;
 
         if (!dev)
-                dev = &fallback_dev;
+                dev = &x86_dma_fallback_dev;
 
         out = 0;
         start = 0;
@@ -467,7 +451,7 @@ gart_map_sg(struct device *dev, struct scatterlist *sg, int nents, int dir)
 
                 seg_size += s->length;
                 need = nextneed;
-                pages += iommu_num_pages(s->offset, s->length);
+                pages += iommu_num_pages(s->offset, s->length, PAGE_SIZE);
                 ps = s;
         }
         if (dma_map_cont(dev, start_sg, i - start, sgmap, pages, need) < 0)
@@ -499,6 +483,46 @@ error:
         return 0;
 }
 
+/* allocate and map a coherent mapping */
+static void *
+gart_alloc_coherent(struct device *dev, size_t size, dma_addr_t *dma_addr,
+                    gfp_t flag)
+{
+        dma_addr_t paddr;
+        unsigned long align_mask;
+        struct page *page;
+
+        if (force_iommu && !(flag & GFP_DMA)) {
+                flag &= ~(__GFP_DMA | __GFP_HIGHMEM | __GFP_DMA32);
+                page = alloc_pages(flag | __GFP_ZERO, get_order(size));
+                if (!page)
+                        return NULL;
+
+                align_mask = (1UL << get_order(size)) - 1;
+                paddr = dma_map_area(dev, page_to_phys(page), size,
+                                     DMA_BIDIRECTIONAL, align_mask);
+
+                flush_gart();
+                if (paddr != bad_dma_address) {
+                        *dma_addr = paddr;
+                        return page_address(page);
+                }
+                __free_pages(page, get_order(size));
+        } else
+                return dma_generic_alloc_coherent(dev, size, dma_addr, flag);
+
+        return NULL;
+}
+
+/* free a coherent mapping */
+static void
+gart_free_coherent(struct device *dev, size_t size, void *vaddr,
+                   dma_addr_t dma_addr)
+{
+        gart_unmap_single(dev, dma_addr, size, DMA_BIDIRECTIONAL);
+        free_pages((unsigned long)vaddr, get_order(size));
+}
+
 static int no_agp;
 
 static __init unsigned long check_iommu_size(unsigned long aper, u64 aper_size)
@@ -626,7 +650,6 @@ static __init int init_k8_gatt(struct agp_kern_info *info)
         struct pci_dev *dev;
         void *gatt;
         int i, error;
-        unsigned long start_pfn, end_pfn;
 
         printk(KERN_INFO "PCI-DMA: Disabling AGP.\n");
         aper_size = aper_base = info->aper_size = 0;
@@ -650,13 +673,13 @@ static __init int init_k8_gatt(struct agp_kern_info *info)
         info->aper_size = aper_size >> 20;
 
         gatt_size = (aper_size >> PAGE_SHIFT) * sizeof(u32);
-        gatt = (void *)__get_free_pages(GFP_KERNEL, get_order(gatt_size));
+        gatt = (void *)__get_free_pages(GFP_KERNEL | __GFP_ZERO,
+                                        get_order(gatt_size));
         if (!gatt)
                 panic("Cannot allocate GATT table");
         if (set_memory_uc((unsigned long)gatt, gatt_size >> PAGE_SHIFT))
                 panic("Could not set GART PTEs to uncacheable pages");
 
-        memset(gatt, 0, gatt_size);
         agp_gatt_table = gatt;
 
         enable_gart_translations();
@@ -665,19 +688,14 @@ static __init int init_k8_gatt(struct agp_kern_info *info)
         if (!error)
                 error = sysdev_register(&device_gart);
         if (error)
-                panic("Could not register gart_sysdev -- would corrupt data on next suspend");
+                panic("Could not register gart_sysdev -- "
+                      "would corrupt data on next suspend");
 
         flush_gart();
 
         printk(KERN_INFO "PCI-DMA: aperture base @ %x size %u KB\n",
                aper_base, aper_size>>10);
 
-        /* need to map that range */
-        end_pfn = (aper_base>>PAGE_SHIFT) + (aper_size>>PAGE_SHIFT);
-        if (end_pfn > max_low_pfn_mapped) {
-                start_pfn = (aper_base>>PAGE_SHIFT);
-                init_memory_mapping(start_pfn<<PAGE_SHIFT, end_pfn<<PAGE_SHIFT);
-        }
         return 0;
 
  nommu:
@@ -687,20 +705,13 @@ static __init int init_k8_gatt(struct agp_kern_info *info)
         return -1;
 }
 
-extern int agp_amd64_init(void);
-
 static struct dma_mapping_ops gart_dma_ops = {
         .map_single                     = gart_map_single,
-        .map_simple                     = gart_map_simple,
         .unmap_single                   = gart_unmap_single,
-        .sync_single_for_cpu            = NULL,
-        .sync_single_for_device         = NULL,
-        .sync_single_range_for_cpu      = NULL,
-        .sync_single_range_for_device   = NULL,
-        .sync_sg_for_cpu                = NULL,
-        .sync_sg_for_device             = NULL,
         .map_sg                         = gart_map_sg,
         .unmap_sg                       = gart_unmap_sg,
+        .alloc_coherent                 = gart_alloc_coherent,
+        .free_coherent                  = gart_free_coherent,
 };
 
 void gart_iommu_shutdown(void)
@@ -727,7 +738,8 @@ void __init gart_iommu_init(void)
 {
         struct agp_kern_info info;
         unsigned long iommu_start;
-        unsigned long aper_size;
+        unsigned long aper_base, aper_size;
+        unsigned long start_pfn, end_pfn;
         unsigned long scratch;
         long i;
 
@@ -759,30 +771,35 @@ void __init gart_iommu_init(void)
             (no_agp && init_k8_gatt(&info) < 0)) {
                 if (max_pfn > MAX_DMA32_PFN) {
                         printk(KERN_WARNING "More than 4GB of memory "
-                                          "but GART IOMMU not available.\n"
-                               KERN_WARNING "falling back to iommu=soft.\n");
+                               "but GART IOMMU not available.\n");
+                        printk(KERN_WARNING "falling back to iommu=soft.\n");
                 }
                 return;
         }
 
+        /* need to map that range */
+        aper_size = info.aper_size << 20;
+        aper_base = info.aper_base;
+        end_pfn = (aper_base>>PAGE_SHIFT) + (aper_size>>PAGE_SHIFT);
+        if (end_pfn > max_low_pfn_mapped) {
+                start_pfn = (aper_base>>PAGE_SHIFT);
+                init_memory_mapping(start_pfn<<PAGE_SHIFT, end_pfn<<PAGE_SHIFT);
+        }
+
         printk(KERN_INFO "PCI-DMA: using GART IOMMU.\n");
-        aper_size = info.aper_size * 1024 * 1024;
         iommu_size = check_iommu_size(info.aper_base, aper_size);
         iommu_pages = iommu_size >> PAGE_SHIFT;
 
-        iommu_gart_bitmap = (void *) __get_free_pages(GFP_KERNEL,
+        iommu_gart_bitmap = (void *) __get_free_pages(GFP_KERNEL | __GFP_ZERO,
                                                       get_order(iommu_pages/8));
         if (!iommu_gart_bitmap)
                 panic("Cannot allocate iommu bitmap\n");
-        memset(iommu_gart_bitmap, 0, iommu_pages/8);
 
 #ifdef CONFIG_IOMMU_LEAK
         if (leak_trace) {
-                iommu_leak_tab = (void *)__get_free_pages(GFP_KERNEL,
+                iommu_leak_tab = (void *)__get_free_pages(GFP_KERNEL|__GFP_ZERO,
                                   get_order(iommu_pages*sizeof(void *)));
-                if (iommu_leak_tab)
-                        memset(iommu_leak_tab, 0, iommu_pages * 8);
-                else
+                if (!iommu_leak_tab)
                         printk(KERN_DEBUG
                                "PCI-DMA: Cannot allocate leak trace area\n");
         }
@@ -792,7 +809,7 @@ void __init gart_iommu_init(void)
          * Out of IOMMU space handling.
          * Reserve some invalid pages at the beginning of the GART.
          */
-        set_bit_string(iommu_gart_bitmap, 0, EMERGENCY_PAGES);
+        iommu_area_reserve(iommu_gart_bitmap, 0, EMERGENCY_PAGES);
 
         agp_memory_reserved = iommu_size;
         printk(KERN_INFO
@@ -850,7 +867,8 @@ void __init gart_parse_options(char *p)
         if (!strncmp(p, "leak", 4)) {
                 leak_trace = 1;
                 p += 4;
-                if (*p == '=') ++p;
+                if (*p == '=')
+                        ++p;
                 if (isdigit(*p) && get_option(&p, &arg))
                         iommu_leak_pages = arg;
         }
diff --git a/arch/x86/kernel/pci-nommu.c b/arch/x86/kernel/pci-nommu.c
index 3f91f71cdc3e..c70ab5a5d4c8 100644
--- a/arch/x86/kernel/pci-nommu.c
+++ b/arch/x86/kernel/pci-nommu.c
@@ -14,7 +14,7 @@
 static int
 check_addr(char *name, struct device *hwdev, dma_addr_t bus, size_t size)
 {
-        if (hwdev && bus + size > *hwdev->dma_mask) {
+        if (hwdev && !is_buffer_dma_capable(*hwdev->dma_mask, bus, size)) {
                 if (*hwdev->dma_mask >= DMA_32BIT_MASK)
                         printk(KERN_ERR
                             "nommu_%s: overflow %Lx+%zu of device mask %Lx\n",
@@ -72,7 +72,15 @@ static int nommu_map_sg(struct device *hwdev, struct scatterlist *sg,
         return nents;
 }
 
+static void nommu_free_coherent(struct device *dev, size_t size, void *vaddr,
+                                dma_addr_t dma_addr)
+{
+        free_pages((unsigned long)vaddr, get_order(size));
+}
+
 struct dma_mapping_ops nommu_dma_ops = {
+        .alloc_coherent = dma_generic_alloc_coherent,
+        .free_coherent = nommu_free_coherent,
         .map_single = nommu_map_single,
         .map_sg = nommu_map_sg,
         .is_phys = 1,
diff --git a/arch/x86/kernel/pcspeaker.c b/arch/x86/kernel/pcspeaker.c
index bc1f2d3ea277..a311ffcaad16 100644
--- a/arch/x86/kernel/pcspeaker.c
+++ b/arch/x86/kernel/pcspeaker.c
@@ -1,20 +1,13 @@
 #include <linux/platform_device.h>
-#include <linux/errno.h>
+#include <linux/err.h>
 #include <linux/init.h>
 
 static __init int add_pcspkr(void)
 {
         struct platform_device *pd;
-        int ret;
 
-        pd = platform_device_alloc("pcspkr", -1);
-        if (!pd)
-                return -ENOMEM;
+        pd = platform_device_register_simple("pcspkr", -1, NULL, 0);
 
-        ret = platform_device_add(pd);
-        if (ret)
-                platform_device_put(pd);
-
-        return ret;
+        return IS_ERR(pd) ? PTR_ERR(pd) : 0;
 }
 device_initcall(add_pcspkr);
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
index 7fc4d5b0a6a0..c622772744d8 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -15,7 +15,6 @@ unsigned long idle_nomwait;
 EXPORT_SYMBOL(idle_nomwait);
 
 struct kmem_cache *task_xstate_cachep;
-static int force_mwait __cpuinitdata;
 
 int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src)
 {
@@ -185,7 +184,8 @@ static void mwait_idle(void)
 static void poll_idle(void)
 {
         local_irq_enable();
-        cpu_relax();
+        while (!need_resched())
+                cpu_relax();
 }
 
 /*
@@ -246,6 +246,14 @@ static int __cpuinit check_c1e_idle(const struct cpuinfo_x86 *c)
         return 1;
 }
 
+static cpumask_t c1e_mask = CPU_MASK_NONE;
+static int c1e_detected;
+
+void c1e_remove_cpu(int cpu)
+{
+        cpu_clear(cpu, c1e_mask);
+}
+
 /*
  * C1E aware idle routine. We check for C1E active in the interrupt
  * pending message MSR. If we detect C1E, then we handle it the same
@@ -253,9 +261,6 @@ static int __cpuinit check_c1e_idle(const struct cpuinfo_x86 *c)
  */
 static void c1e_idle(void)
 {
-        static cpumask_t c1e_mask = CPU_MASK_NONE;
-        static int c1e_detected;
-
         if (need_resched())
                 return;
 
@@ -265,8 +270,10 @@ static void c1e_idle(void)
                 rdmsr(MSR_K8_INT_PENDING_MSG, lo, hi);
                 if (lo & K8_INTP_C1E_ACTIVE_MASK) {
                         c1e_detected = 1;
-                        mark_tsc_unstable("TSC halt in C1E");
-                        printk(KERN_INFO "System has C1E enabled\n");
+                        if (!boot_cpu_has(X86_FEATURE_CONSTANT_TSC))
+                                mark_tsc_unstable("TSC halt in AMD C1E");
+                        printk(KERN_INFO "System has AMD C1E enabled\n");
+                        set_cpu_cap(&boot_cpu_data, X86_FEATURE_AMDC1E);
                 }
         }
 
diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c
index 3b7a1ddcc0bc..0a1302fe6d45 100644
--- a/arch/x86/kernel/process_32.c
+++ b/arch/x86/kernel/process_32.c
@@ -37,6 +37,7 @@
 #include <linux/tick.h>
 #include <linux/percpu.h>
 #include <linux/prctl.h>
+#include <linux/dmi.h>
 
 #include <asm/uaccess.h>
 #include <asm/pgtable.h>
@@ -55,6 +56,9 @@
 #include <asm/tlbflush.h>
 #include <asm/cpu.h>
 #include <asm/kdebug.h>
+#include <asm/idle.h>
+#include <asm/syscalls.h>
+#include <asm/smp.h>
 
 asmlinkage void ret_from_fork(void) __asm__("ret_from_fork");
 
@@ -72,46 +76,12 @@ unsigned long thread_saved_pc(struct task_struct *tsk)
         return ((unsigned long *)tsk->thread.sp)[3];
 }
 
-#ifdef CONFIG_HOTPLUG_CPU
-#include <asm/nmi.h>
-
-static void cpu_exit_clear(void)
-{
-        int cpu = raw_smp_processor_id();
-
-        idle_task_exit();
-
-        cpu_uninit();
-        irq_ctx_exit(cpu);
-
-        cpu_clear(cpu, cpu_callout_map);
-        cpu_clear(cpu, cpu_callin_map);
-
-        numa_remove_cpu(cpu);
-}
-
-/* We don't actually take CPU down, just spin without interrupts. */
-static inline void play_dead(void)
-{
-        /* This must be done before dead CPU ack */
-        cpu_exit_clear();
-        mb();
-        /* Ack it */
-        __get_cpu_var(cpu_state) = CPU_DEAD;
-
-        /*
-         * With physical CPU hotplug, we should halt the cpu
-         */
-        local_irq_disable();
-        /* mask all interrupts, flush any and all caches, and halt */
-        wbinvd_halt();
-}
-#else
+#ifndef CONFIG_SMP
 static inline void play_dead(void)
 {
         BUG();
 }
-#endif /* CONFIG_HOTPLUG_CPU */
+#endif
 
 /*
  * The idle thread. There's no useful work to be
@@ -153,12 +123,13 @@ void cpu_idle(void)
         }
 }
 
-void __show_registers(struct pt_regs *regs, int all)
+void __show_regs(struct pt_regs *regs, int all)
 {
         unsigned long cr0 = 0L, cr2 = 0L, cr3 = 0L, cr4 = 0L;
         unsigned long d0, d1, d2, d3, d6, d7;
         unsigned long sp;
         unsigned short ss, gs;
+        const char *board;
 
         if (user_mode_vm(regs)) {
                 sp = regs->sp;
@@ -171,11 +142,15 @@ void __show_registers(struct pt_regs *regs, int all)
         }
 
         printk("\n");
-        printk("Pid: %d, comm: %s %s (%s %.*s)\n",
+
+        board = dmi_get_system_info(DMI_PRODUCT_NAME);
+        if (!board)
+                board = "";
+        printk("Pid: %d, comm: %s %s (%s %.*s) %s\n",
                         task_pid_nr(current), current->comm,
                         print_tainted(), init_utsname()->release,
                         (int)strcspn(init_utsname()->version, " "),
-                        init_utsname()->version);
+                        init_utsname()->version, board);
 
         printk("EIP: %04x:[<%08lx>] EFLAGS: %08lx CPU: %d\n",
                         (u16)regs->cs, regs->ip, regs->flags,
@@ -214,7 +189,7 @@ void __show_registers(struct pt_regs *regs, int all)
 
 void show_regs(struct pt_regs *regs)
 {
-        __show_registers(regs, 1);
+        __show_regs(regs, 1);
         show_trace(NULL, regs, &regs->sp, regs->bp);
 }
 
@@ -275,6 +250,14 @@ void exit_thread(void)
                 tss->x86_tss.io_bitmap_base = INVALID_IO_BITMAP_OFFSET;
                 put_cpu();
         }
+#ifdef CONFIG_X86_DS
+        /* Free any DS contexts that have not been properly released. */
+        if (unlikely(current->thread.ds_ctx)) {
+                /* we clear debugctl to make sure DS is not used. */
+                update_debugctlmsr(0);
+                ds_free(current->thread.ds_ctx);
+        }
+#endif /* CONFIG_X86_DS */
 }
 
 void flush_thread(void)
@@ -436,6 +419,35 @@ int set_tsc_mode(unsigned int val)
         return 0;
 }
 
+#ifdef CONFIG_X86_DS
+static int update_debugctl(struct thread_struct *prev,
+                        struct thread_struct *next, unsigned long debugctl)
+{
+        unsigned long ds_prev = 0;
+        unsigned long ds_next = 0;
+
+        if (prev->ds_ctx)
+                ds_prev = (unsigned long)prev->ds_ctx->ds;
+        if (next->ds_ctx)
+                ds_next = (unsigned long)next->ds_ctx->ds;
+
+        if (ds_next != ds_prev) {
+                /* we clear debugctl to make sure DS
+                 * is not in use when we change it */
+                debugctl = 0;
+                update_debugctlmsr(0);
+                wrmsr(MSR_IA32_DS_AREA, ds_next, 0);
+        }
+        return debugctl;
+}
+#else
+static int update_debugctl(struct thread_struct *prev,
+                        struct thread_struct *next, unsigned long debugctl)
+{
+        return debugctl;
+}
+#endif /* CONFIG_X86_DS */
+
 static noinline void
 __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p,
                  struct tss_struct *tss)
@@ -446,14 +458,7 @@ __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p,
         prev = &prev_p->thread;
         next = &next_p->thread;
 
-        debugctl = prev->debugctlmsr;
-        if (next->ds_area_msr != prev->ds_area_msr) {
-                /* we clear debugctl to make sure DS
-                 * is not in use when we change it */
-                debugctl = 0;
-                update_debugctlmsr(0);
-                wrmsr(MSR_IA32_DS_AREA, next->ds_area_msr, 0);
-        }
+        debugctl = update_debugctl(prev, next, prev->debugctlmsr);
 
         if (next->debugctlmsr != debugctl)
                 update_debugctlmsr(next->debugctlmsr);
@@ -477,13 +482,13 @@ __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p,
                         hard_enable_TSC();
         }
 
-#ifdef X86_BTS
+#ifdef CONFIG_X86_PTRACE_BTS
         if (test_tsk_thread_flag(prev_p, TIF_BTS_TRACE_TS))
                 ptrace_bts_take_timestamp(prev_p, BTS_TASK_DEPARTS);
 
         if (test_tsk_thread_flag(next_p, TIF_BTS_TRACE_TS))
                 ptrace_bts_take_timestamp(next_p, BTS_TASK_ARRIVES);
-#endif
+#endif /* CONFIG_X86_PTRACE_BTS */
 
 
         if (!test_tsk_thread_flag(next_p, TIF_IO_BITMAP)) {
diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
index 71553b664e2a..cd8c0ed02b7e 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
@@ -37,11 +37,11 @@
 #include <linux/kdebug.h>
 #include <linux/tick.h>
 #include <linux/prctl.h>
+#include <linux/uaccess.h>
+#include <linux/io.h>
 
-#include <asm/uaccess.h>
 #include <asm/pgtable.h>
 #include <asm/system.h>
-#include <asm/io.h>
 #include <asm/processor.h>
 #include <asm/i387.h>
 #include <asm/mmu_context.h>
@@ -51,6 +51,7 @@
 #include <asm/proto.h>
 #include <asm/ia32.h>
 #include <asm/idle.h>
+#include <asm/syscalls.h>
 
 asmlinkage extern void ret_from_fork(void);
 
@@ -85,28 +86,12 @@ void exit_idle(void)
         __exit_idle();
 }
 
-#ifdef CONFIG_HOTPLUG_CPU
-DECLARE_PER_CPU(int, cpu_state);
-
-#include <asm/nmi.h>
-/* We halt the CPU with physical CPU hotplug */
-static inline void play_dead(void)
-{
-        idle_task_exit();
-        mb();
-        /* Ack it */
-        __get_cpu_var(cpu_state) = CPU_DEAD;
-
-        local_irq_disable();
-        /* mask all interrupts, flush any and all caches, and halt */
-        wbinvd_halt();
-}
-#else
+#ifndef CONFIG_SMP
 static inline void play_dead(void)
 {
         BUG();
 }
-#endif /* CONFIG_HOTPLUG_CPU */
+#endif
 
 /*
  * The idle thread. There's no useful work to be
@@ -151,7 +136,7 @@ void cpu_idle(void)
 }
 
 /* Prints also some state that isn't saved in the pt_regs */
-void __show_regs(struct pt_regs * regs)
+void __show_regs(struct pt_regs *regs, int all)
 {
         unsigned long cr0 = 0L, cr2 = 0L, cr3 = 0L, cr4 = 0L, fs, gs, shadowgs;
         unsigned long d0, d1, d2, d3, d6, d7;
@@ -160,60 +145,65 @@ void __show_regs(struct pt_regs * regs)
 
         printk("\n");
         print_modules();
-        printk("Pid: %d, comm: %.20s %s %s %.*s\n",
+        printk(KERN_INFO "Pid: %d, comm: %.20s %s %s %.*s\n",
                 current->pid, current->comm, print_tainted(),
                 init_utsname()->release,
                 (int)strcspn(init_utsname()->version, " "),
                 init_utsname()->version);
-        printk("RIP: %04lx:[<%016lx>] ", regs->cs & 0xffff, regs->ip);
+        printk(KERN_INFO "RIP: %04lx:[<%016lx>] ", regs->cs & 0xffff, regs->ip);
         printk_address(regs->ip, 1);
-        printk("RSP: %04lx:%016lx  EFLAGS: %08lx\n", regs->ss, regs->sp,
-                regs->flags);
-        printk("RAX: %016lx RBX: %016lx RCX: %016lx\n",
+        printk(KERN_INFO "RSP: %04lx:%016lx  EFLAGS: %08lx\n", regs->ss,
+                        regs->sp, regs->flags);
+        printk(KERN_INFO "RAX: %016lx RBX: %016lx RCX: %016lx\n",
                regs->ax, regs->bx, regs->cx);
-        printk("RDX: %016lx RSI: %016lx RDI: %016lx\n",
+        printk(KERN_INFO "RDX: %016lx RSI: %016lx RDI: %016lx\n",
                regs->dx, regs->si, regs->di);
-        printk("RBP: %016lx R08: %016lx R09: %016lx\n",
+        printk(KERN_INFO "RBP: %016lx R08: %016lx R09: %016lx\n",
                regs->bp, regs->r8, regs->r9);
-        printk("R10: %016lx R11: %016lx R12: %016lx\n",
-               regs->r10, regs->r11, regs->r12); 
-        printk("R13: %016lx R14: %016lx R15: %016lx\n",
-               regs->r13, regs->r14, regs->r15); 
-
-        asm("movl %%ds,%0" : "=r" (ds)); 
-        asm("movl %%cs,%0" : "=r" (cs)); 
-        asm("movl %%es,%0" : "=r" (es)); 
+        printk(KERN_INFO "R10: %016lx R11: %016lx R12: %016lx\n",
+               regs->r10, regs->r11, regs->r12);
+        printk(KERN_INFO "R13: %016lx R14: %016lx R15: %016lx\n",
+               regs->r13, regs->r14, regs->r15);
+
+        asm("movl %%ds,%0" : "=r" (ds));
+        asm("movl %%cs,%0" : "=r" (cs));
+        asm("movl %%es,%0" : "=r" (es));
         asm("movl %%fs,%0" : "=r" (fsindex));
         asm("movl %%gs,%0" : "=r" (gsindex));
 
         rdmsrl(MSR_FS_BASE, fs);
-        rdmsrl(MSR_GS_BASE, gs); 
-        rdmsrl(MSR_KERNEL_GS_BASE, shadowgs); 
+        rdmsrl(MSR_GS_BASE, gs);
+        rdmsrl(MSR_KERNEL_GS_BASE, shadowgs);
+
+        if (!all)
+                return;
 
         cr0 = read_cr0();
         cr2 = read_cr2();
         cr3 = read_cr3();
         cr4 = read_cr4();
 
-        printk("FS:  %016lx(%04x) GS:%016lx(%04x) knlGS:%016lx\n", 
-               fs,fsindex,gs,gsindex,shadowgs); 
-        printk("CS:  %04x DS: %04x ES: %04x CR0: %016lx\n", cs, ds, es, cr0); 
-        printk("CR2: %016lx CR3: %016lx CR4: %016lx\n", cr2, cr3, cr4);
+        printk(KERN_INFO "FS:  %016lx(%04x) GS:%016lx(%04x) knlGS:%016lx\n",
+               fs, fsindex, gs, gsindex, shadowgs);
+        printk(KERN_INFO "CS:  %04x DS: %04x ES: %04x CR0: %016lx\n", cs, ds,
+                        es, cr0);
+        printk(KERN_INFO "CR2: %016lx CR3: %016lx CR4: %016lx\n", cr2, cr3,
+                        cr4);
 
         get_debugreg(d0, 0);
         get_debugreg(d1, 1);
         get_debugreg(d2, 2);
-        printk("DR0: %016lx DR1: %016lx DR2: %016lx\n", d0, d1, d2);
+        printk(KERN_INFO "DR0: %016lx DR1: %016lx DR2: %016lx\n", d0, d1, d2);
         get_debugreg(d3, 3);
         get_debugreg(d6, 6);
         get_debugreg(d7, 7);
-        printk("DR3: %016lx DR6: %016lx DR7: %016lx\n", d3, d6, d7);
+        printk(KERN_INFO "DR3: %016lx DR6: %016lx DR7: %016lx\n", d3, d6, d7);
 }
 
 void show_regs(struct pt_regs *regs)
 {
-        printk("CPU %d:", smp_processor_id());
-        __show_regs(regs);
+        printk(KERN_INFO "CPU %d:", smp_processor_id());
+        __show_regs(regs, 1);
         show_trace(NULL, regs, (void *)(regs + 1), regs->bp);
 }
 
@@ -238,6 +228,14 @@ void exit_thread(void)
                 t->io_bitmap_max = 0;
                 put_cpu();
         }
+#ifdef CONFIG_X86_DS
+        /* Free any DS contexts that have not been properly released. */
+        if (unlikely(t->ds_ctx)) {
+                /* we clear debugctl to make sure DS is not used. */
+                update_debugctlmsr(0);
+                ds_free(t->ds_ctx);
+        }
+#endif /* CONFIG_X86_DS */
 }
 
 void flush_thread(void)
@@ -313,10 +311,10 @@ void prepare_to_copy(struct task_struct *tsk)
 
 int copy_thread(int nr, unsigned long clone_flags, unsigned long sp,
                 unsigned long unused,
-        struct task_struct * p, struct pt_regs * regs)
+        struct task_struct *p, struct pt_regs *regs)
 {
         int err;
-        struct pt_regs * childregs;
+        struct pt_regs *childregs;
         struct task_struct *me = current;
 
         childregs = ((struct pt_regs *)
@@ -361,10 +359,10 @@ int copy_thread(int nr, unsigned long clone_flags, unsigned long sp,
                 if (test_thread_flag(TIF_IA32))
                         err = do_set_thread_area(p, -1,
                                 (struct user_desc __user *)childregs->si, 0);
-                else                    
-#endif   
-                        err = do_arch_prctl(p, ARCH_SET_FS, childregs->r8); 
-                if (err) 
+                else
+#endif
+                        err = do_arch_prctl(p, ARCH_SET_FS, childregs->r8);
+                if (err)
                         goto out;
         }
         err = 0;
@@ -471,13 +469,27 @@ static inline void __switch_to_xtra(struct task_struct *prev_p,
         next = &next_p->thread;
 
         debugctl = prev->debugctlmsr;
-        if (next->ds_area_msr != prev->ds_area_msr) {
-                /* we clear debugctl to make sure DS
-                 * is not in use when we change it */
-                debugctl = 0;
-                update_debugctlmsr(0);
-                wrmsrl(MSR_IA32_DS_AREA, next->ds_area_msr);
+
+#ifdef CONFIG_X86_DS
+        {
+                unsigned long ds_prev = 0, ds_next = 0;
+
+                if (prev->ds_ctx)
+                        ds_prev = (unsigned long)prev->ds_ctx->ds;
+                if (next->ds_ctx)
+                        ds_next = (unsigned long)next->ds_ctx->ds;
+
+                if (ds_next != ds_prev) {
+                        /*
+                         * We clear debugctl to make sure DS
+                         * is not in use when we change it:
+                         */
+                        debugctl = 0;
+                        update_debugctlmsr(0);
+                        wrmsrl(MSR_IA32_DS_AREA, ds_next);
+                }
         }
+#endif /* CONFIG_X86_DS */
 
         if (next->debugctlmsr != debugctl)
                 update_debugctlmsr(next->debugctlmsr);
@@ -515,13 +527,13 @@ static inline void __switch_to_xtra(struct task_struct *prev_p,
                 memset(tss->io_bitmap, 0xff, prev->io_bitmap_max);
         }
 
-#ifdef X86_BTS
+#ifdef CONFIG_X86_PTRACE_BTS
         if (test_tsk_thread_flag(prev_p, TIF_BTS_TRACE_TS))
                 ptrace_bts_take_timestamp(prev_p, BTS_TASK_DEPARTS);
 
         if (test_tsk_thread_flag(next_p, TIF_BTS_TRACE_TS))
                 ptrace_bts_take_timestamp(next_p, BTS_TASK_ARRIVES);
-#endif
+#endif /* CONFIG_X86_PTRACE_BTS */
 }
 
 /*
@@ -543,7 +555,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
         unsigned fsindex, gsindex;
 
         /* we're going to use this soon, after a few expensive things */
-        if (next_p->fpu_counter>5)
+        if (next_p->fpu_counter > 5)
                 prefetch(next->xstate);
 
         /*
@@ -551,13 +563,13 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
          */
         load_sp0(tss, next);
 
-        /* 
+        /*
          * Switch DS and ES.
          * This won't pick up thread selector changes, but I guess that is ok.
          */
         savesegment(es, prev->es);
         if (unlikely(next->es | prev->es))
-                loadsegment(es, next->es); 
+                loadsegment(es, next->es);
 
         savesegment(ds, prev->ds);
         if (unlikely(next->ds | prev->ds))
@@ -583,7 +595,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
          */
         arch_leave_lazy_cpu_mode();
 
-        /* 
+        /*
          * Switch FS and GS.
          *
          * Segment register != 0 always requires a reload.  Also
@@ -592,13 +604,13 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
          */
         if (unlikely(fsindex | next->fsindex | prev->fs)) {
                 loadsegment(fs, next->fsindex);
-                /* 
+                /*
                  * Check if the user used a selector != 0; if yes
                  *  clear 64bit base, since overloaded base is always
                  *  mapped to the Null selector
                  */
                 if (fsindex)
-                        prev->fs = 0;                           
+                        prev->fs = 0;
         }
         /* when next process has a 64bit base use it */
         if (next->fs)
@@ -608,7 +620,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
         if (unlikely(gsindex | next->gsindex | prev->gs)) {
                 load_gs_index(next->gsindex);
                 if (gsindex)
-                        prev->gs = 0;                           
+                        prev->gs = 0;
         }
         if (next->gs)
                 wrmsrl(MSR_KERNEL_GS_BASE, next->gs);
@@ -617,12 +629,12 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
         /* Must be after DS reload */
         unlazy_fpu(prev_p);
 
-        /* 
+        /*
          * Switch the PDA and FPU contexts.
          */
         prev->usersp = read_pda(oldrsp);
         write_pda(oldrsp, next->usersp);
-        write_pda(pcurrent, next_p); 
+        write_pda(pcurrent, next_p);
 
         write_pda(kernelstack,
                   (unsigned long)task_stack_page(next_p) +
@@ -663,7 +675,7 @@ long sys_execve(char __user *name, char __user * __user *argv,
                 char __user * __user *envp, struct pt_regs *regs)
 {
         long error;
-        char * filename;
+        char *filename;
 
         filename = getname(name);
         error = PTR_ERR(filename);
@@ -721,55 +733,55 @@ asmlinkage long sys_vfork(struct pt_regs *regs)
 unsigned long get_wchan(struct task_struct *p)
 {
         unsigned long stack;
-        u64 fp,ip;
+        u64 fp, ip;
         int count = 0;
 
-        if (!p || p == current || p->state==TASK_RUNNING)
-                return 0; 
+        if (!p || p == current || p->state == TASK_RUNNING)
+                return 0;
         stack = (unsigned long)task_stack_page(p);
-        if (p->thread.sp < stack || p->thread.sp > stack+THREAD_SIZE)
+        if (p->thread.sp < stack || p->thread.sp >= stack+THREAD_SIZE)
                 return 0;
         fp = *(u64 *)(p->thread.sp);
-        do { 
+        do {
                 if (fp < (unsigned long)stack ||
-                    fp > (unsigned long)stack+THREAD_SIZE)
-                        return 0; 
+                    fp >= (unsigned long)stack+THREAD_SIZE)
+                        return 0;
                 ip = *(u64 *)(fp+8);
                 if (!in_sched_functions(ip))
                         return ip;
-                fp = *(u64 *)fp; 
-        } while (count++ < 16); 
+                fp = *(u64 *)fp;
+        } while (count++ < 16);
         return 0;
 }
 
 long do_arch_prctl(struct task_struct *task, int code, unsigned long addr)
-{ 
-        int ret = 0; 
+{
+        int ret = 0;
         int doit = task == current;
         int cpu;
 
-        switch (code) { 
+        switch (code) {
         case ARCH_SET_GS:
                 if (addr >= TASK_SIZE_OF(task))
-                        return -EPERM; 
+                        return -EPERM;
                 cpu = get_cpu();
-                /* handle small bases via the GDT because that's faster to 
+                /* handle small bases via the GDT because that's faster to
                    switch. */
-                if (addr <= 0xffffffff) {  
-                        set_32bit_tls(task, GS_TLS, addr); 
-                        if (doit) { 
+                if (addr <= 0xffffffff) {
+                        set_32bit_tls(task, GS_TLS, addr);
+                        if (doit) {
                                 load_TLS(&task->thread, cpu);
-                                load_gs_index(GS_TLS_SEL); 
+                                load_gs_index(GS_TLS_SEL);
                         }
-                        task->thread.gsindex = GS_TLS_SEL; 
+                        task->thread.gsindex = GS_TLS_SEL;
                         task->thread.gs = 0;
-                } else { 
+                } else {
                         task->thread.gsindex = 0;
                         task->thread.gs = addr;
                         if (doit) {
                                 load_gs_index(0);
                                 ret = checking_wrmsrl(MSR_KERNEL_GS_BASE, addr);
-                        } 
+                        }
                 }
                 put_cpu();
                 break;
@@ -823,8 +835,7 @@ long do_arch_prctl(struct task_struct *task, int code, unsigned long addr)
                                 rdmsrl(MSR_KERNEL_GS_BASE, base);
                         else
                                 base = task->thread.gs;
-                }
-                else
+                } else
                         base = task->thread.gs;
                 ret = put_user(base, (unsigned long __user *)addr);
                 break;
diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
index e37dccce85db..0a6d8c12e10d 100644
--- a/arch/x86/kernel/ptrace.c
+++ b/arch/x86/kernel/ptrace.c
@@ -14,6 +14,7 @@
 #include <linux/errno.h>
 #include <linux/ptrace.h>
 #include <linux/regset.h>
+#include <linux/tracehook.h>
 #include <linux/user.h>
 #include <linux/elf.h>
 #include <linux/security.h>
@@ -39,7 +40,9 @@ enum x86_regset {
         REGSET_GENERAL,
         REGSET_FP,
         REGSET_XFP,
+        REGSET_IOPERM64 = REGSET_XFP,
         REGSET_TLS,
+        REGSET_IOPERM32,
 };
 
 /*
@@ -69,7 +72,7 @@ static inline bool invalid_selector(u16 value)
 
 #define FLAG_MASK               FLAG_MASK_32
 
-static long *pt_regs_access(struct pt_regs *regs, unsigned long regno)
+static unsigned long *pt_regs_access(struct pt_regs *regs, unsigned long regno)
 {
         BUILD_BUG_ON(offsetof(struct pt_regs, bx) != 0);
         regno >>= 2;
@@ -554,45 +557,138 @@ static int ptrace_set_debugreg(struct task_struct *child,
         return 0;
 }
 
-#ifdef X86_BTS
+/*
+ * These access the current or another (stopped) task's io permission
+ * bitmap for debugging or core dump.
+ */
+static int ioperm_active(struct task_struct *target,
+                         const struct user_regset *regset)
+{
+        return target->thread.io_bitmap_max / regset->size;
+}
 
-static int ptrace_bts_get_size(struct task_struct *child)
+static int ioperm_get(struct task_struct *target,
+                      const struct user_regset *regset,
+                      unsigned int pos, unsigned int count,
+                      void *kbuf, void __user *ubuf)
 {
-        if (!child->thread.ds_area_msr)
+        if (!target->thread.io_bitmap_ptr)
                 return -ENXIO;
 
-        return ds_get_bts_index((void *)child->thread.ds_area_msr);
+        return user_regset_copyout(&pos, &count, &kbuf, &ubuf,
+                                   target->thread.io_bitmap_ptr,
+                                   0, IO_BITMAP_BYTES);
+}
+
+#ifdef CONFIG_X86_PTRACE_BTS
+/*
+ * The configuration for a particular BTS hardware implementation.
+ */
+struct bts_configuration {
+        /* the size of a BTS record in bytes; at most BTS_MAX_RECORD_SIZE */
+        unsigned char  sizeof_bts;
+        /* the size of a field in the BTS record in bytes */
+        unsigned char  sizeof_field;
+        /* a bitmask to enable/disable BTS in DEBUGCTL MSR */
+        unsigned long debugctl_mask;
+};
+static struct bts_configuration bts_cfg;
+
+#define BTS_MAX_RECORD_SIZE (8 * 3)
+
+
+/*
+ * Branch Trace Store (BTS) uses the following format. Different
+ * architectures vary in the size of those fields.
+ * - source linear address
+ * - destination linear address
+ * - flags
+ *
+ * Later architectures use 64bit pointers throughout, whereas earlier
+ * architectures use 32bit pointers in 32bit mode.
+ *
+ * We compute the base address for the first 8 fields based on:
+ * - the field size stored in the DS configuration
+ * - the relative field position
+ *
+ * In order to store additional information in the BTS buffer, we use
+ * a special source address to indicate that the record requires
+ * special interpretation.
+ *
+ * Netburst indicated via a bit in the flags field whether the branch
+ * was predicted; this is ignored.
+ */
+
+enum bts_field {
+        bts_from = 0,
+        bts_to,
+        bts_flags,
+
+        bts_escape = (unsigned long)-1,
+        bts_qual = bts_to,
+        bts_jiffies = bts_flags
+};
+
+static inline unsigned long bts_get(const char *base, enum bts_field field)
+{
+        base += (bts_cfg.sizeof_field * field);
+        return *(unsigned long *)base;
+}
+
+static inline void bts_set(char *base, enum bts_field field, unsigned long val)
+{
+        base += (bts_cfg.sizeof_field * field);;
+        (*(unsigned long *)base) = val;
+}
+
+/*
+ * Translate a BTS record from the raw format into the bts_struct format
+ *
+ * out (out): bts_struct interpretation
+ * raw: raw BTS record
+ */
+static void ptrace_bts_translate_record(struct bts_struct *out, const void *raw)
+{
+        memset(out, 0, sizeof(*out));
+        if (bts_get(raw, bts_from) == bts_escape) {
+                out->qualifier       = bts_get(raw, bts_qual);
+                out->variant.jiffies = bts_get(raw, bts_jiffies);
+        } else {
+                out->qualifier = BTS_BRANCH;
+                out->variant.lbr.from_ip = bts_get(raw, bts_from);
+                out->variant.lbr.to_ip   = bts_get(raw, bts_to);
+        }
 }
 
-static int ptrace_bts_read_record(struct task_struct *child,
-                                  long index,
+static int ptrace_bts_read_record(struct task_struct *child, size_t index,
                                   struct bts_struct __user *out)
 {
         struct bts_struct ret;
-        int retval;
-        int bts_end;
-        int bts_index;
-
-        if (!child->thread.ds_area_msr)
-                return -ENXIO;
+        const void *bts_record;
+        size_t bts_index, bts_end;
+        int error;
 
-        if (index < 0)
-                return -EINVAL;
+        error = ds_get_bts_end(child, &bts_end);
+        if (error < 0)
+                return error;
 
-        bts_end = ds_get_bts_end((void *)child->thread.ds_area_msr);
         if (bts_end <= index)
                 return -EINVAL;
 
+        error = ds_get_bts_index(child, &bts_index);
+        if (error < 0)
+                return error;
+
         /* translate the ptrace bts index into the ds bts index */
-        bts_index = ds_get_bts_index((void *)child->thread.ds_area_msr);
-        bts_index -= (index + 1);
-        if (bts_index < 0)
-                bts_index += bts_end;
+        bts_index += bts_end - (index + 1);
+        if (bts_end <= bts_index)
+                bts_index -= bts_end;
+
+        error = ds_access_bts(child, bts_index, &bts_record);
+        if (error < 0)
+                return error;
 
-        retval = ds_read_bts((void *)child->thread.ds_area_msr,
-                             bts_index, &ret);
-        if (retval < 0)
-                return retval;
+        ptrace_bts_translate_record(&ret, bts_record);
 
         if (copy_to_user(out, &ret, sizeof(ret)))
                 return -EFAULT;
@@ -600,101 +696,106 @@ static int ptrace_bts_read_record(struct task_struct *child,
         return sizeof(ret);
 }
 
-static int ptrace_bts_clear(struct task_struct *child)
-{
-        if (!child->thread.ds_area_msr)
-                return -ENXIO;
-
-        return ds_clear((void *)child->thread.ds_area_msr);
-}
-
 static int ptrace_bts_drain(struct task_struct *child,
                             long size,
                             struct bts_struct __user *out)
 {
-        int end, i;
-        void *ds = (void *)child->thread.ds_area_msr;
-
-        if (!ds)
-                return -ENXIO;
+        struct bts_struct ret;
+        const unsigned char *raw;
+        size_t end, i;
+        int error;
 
-        end = ds_get_bts_index(ds);
-        if (end <= 0)
-                return end;
+        error = ds_get_bts_index(child, &end);
+        if (error < 0)
+                return error;
 
         if (size < (end * sizeof(struct bts_struct)))
                 return -EIO;
 
-        for (i = 0; i < end; i++, out++) {
-                struct bts_struct ret;
-                int retval;
+        error = ds_access_bts(child, 0, (const void **)&raw);
+        if (error < 0)
+                return error;
 
-                retval = ds_read_bts(ds, i, &ret);
-                if (retval < 0)
-                        return retval;
+        for (i = 0; i < end; i++, out++, raw += bts_cfg.sizeof_bts) {
+                ptrace_bts_translate_record(&ret, raw);
 
                 if (copy_to_user(out, &ret, sizeof(ret)))
                         return -EFAULT;
         }
 
-        ds_clear(ds);
+        error = ds_clear_bts(child);
+        if (error < 0)
+                return error;
 
         return end;
 }
 
+static void ptrace_bts_ovfl(struct task_struct *child)
+{
+        send_sig(child->thread.bts_ovfl_signal, child, 0);
+}
+
 static int ptrace_bts_config(struct task_struct *child,
                              long cfg_size,
                              const struct ptrace_bts_config __user *ucfg)
 {
         struct ptrace_bts_config cfg;
-        int bts_size, ret = 0;
-        void *ds;
+        int error = 0;
 
+        error = -EOPNOTSUPP;
+        if (!bts_cfg.sizeof_bts)
+                goto errout;
+
+        error = -EIO;
         if (cfg_size < sizeof(cfg))
-                return -EIO;
+                goto errout;
 
+        error = -EFAULT;
         if (copy_from_user(&cfg, ucfg, sizeof(cfg)))
-                return -EFAULT;
+                goto errout;
 
-        if ((int)cfg.size < 0)
-                return -EINVAL;
+        error = -EINVAL;
+        if ((cfg.flags & PTRACE_BTS_O_SIGNAL) &&
+            !(cfg.flags & PTRACE_BTS_O_ALLOC))
+                goto errout;
 
-        bts_size = 0;
-        ds = (void *)child->thread.ds_area_msr;
-        if (ds) {
-                bts_size = ds_get_bts_size(ds);
-                if (bts_size < 0)
-                        return bts_size;
-        }
-        cfg.size = PAGE_ALIGN(cfg.size);
+        if (cfg.flags & PTRACE_BTS_O_ALLOC) {
+                ds_ovfl_callback_t ovfl = NULL;
+                unsigned int sig = 0;
+
+                /* we ignore the error in case we were not tracing child */
+                (void)ds_release_bts(child);
+
+                if (cfg.flags & PTRACE_BTS_O_SIGNAL) {
+                        if (!cfg.signal)
+                                goto errout;
+
+                        sig  = cfg.signal;
+                        ovfl = ptrace_bts_ovfl;
+                }
 
-        if (bts_size != cfg.size) {
-                ret = ptrace_bts_realloc(child, cfg.size,
-                                         cfg.flags & PTRACE_BTS_O_CUT_SIZE);
-                if (ret < 0)
+                error = ds_request_bts(child, /* base = */ NULL, cfg.size, ovfl);
+                if (error < 0)
                         goto errout;
 
-                ds = (void *)child->thread.ds_area_msr;
+                child->thread.bts_ovfl_signal = sig;
         }
 
-        if (cfg.flags & PTRACE_BTS_O_SIGNAL)
-                ret = ds_set_overflow(ds, DS_O_SIGNAL);
-        else
-                ret = ds_set_overflow(ds, DS_O_WRAP);
-        if (ret < 0)
+        error = -EINVAL;
+        if (!child->thread.ds_ctx && cfg.flags)
                 goto errout;
 
         if (cfg.flags & PTRACE_BTS_O_TRACE)
-                child->thread.debugctlmsr |= ds_debugctl_mask();
+                child->thread.debugctlmsr |= bts_cfg.debugctl_mask;
         else
-                child->thread.debugctlmsr &= ~ds_debugctl_mask();
+                child->thread.debugctlmsr &= ~bts_cfg.debugctl_mask;
 
         if (cfg.flags & PTRACE_BTS_O_SCHED)
                 set_tsk_thread_flag(child, TIF_BTS_TRACE_TS);
         else
                 clear_tsk_thread_flag(child, TIF_BTS_TRACE_TS);
 
-        ret = sizeof(cfg);
+        error = sizeof(cfg);
 
 out:
         if (child->thread.debugctlmsr)
@@ -702,10 +803,10 @@ out:
         else
                 clear_tsk_thread_flag(child, TIF_DEBUGCTLMSR);
 
-        return ret;
+        return error;
 
 errout:
-        child->thread.debugctlmsr &= ~ds_debugctl_mask();
+        child->thread.debugctlmsr &= ~bts_cfg.debugctl_mask;
         clear_tsk_thread_flag(child, TIF_BTS_TRACE_TS);
         goto out;
 }
@@ -714,29 +815,40 @@ static int ptrace_bts_status(struct task_struct *child,
                              long cfg_size,
                              struct ptrace_bts_config __user *ucfg)
 {
-        void *ds = (void *)child->thread.ds_area_msr;
         struct ptrace_bts_config cfg;
+        size_t end;
+        const void *base, *max;
+        int error;
 
         if (cfg_size < sizeof(cfg))
                 return -EIO;
 
-        memset(&cfg, 0, sizeof(cfg));
+        error = ds_get_bts_end(child, &end);
+        if (error < 0)
+                return error;
 
-        if (ds) {
-                cfg.size = ds_get_bts_size(ds);
+        error = ds_access_bts(child, /* index = */ 0, &base);
+        if (error < 0)
+                return error;
 
-                if (ds_get_overflow(ds) == DS_O_SIGNAL)
-                        cfg.flags |= PTRACE_BTS_O_SIGNAL;
+        error = ds_access_bts(child, /* index = */ end, &max);
+        if (error < 0)
+                return error;
 
-                if (test_tsk_thread_flag(child, TIF_DEBUGCTLMSR) &&
-                    child->thread.debugctlmsr & ds_debugctl_mask())
-                        cfg.flags |= PTRACE_BTS_O_TRACE;
+        memset(&cfg, 0, sizeof(cfg));
+        cfg.size = (max - base);
+        cfg.signal = child->thread.bts_ovfl_signal;
+        cfg.bts_size = sizeof(struct bts_struct);
 
-                if (test_tsk_thread_flag(child, TIF_BTS_TRACE_TS))
-                        cfg.flags |= PTRACE_BTS_O_SCHED;
-        }
+        if (cfg.signal)
+                cfg.flags |= PTRACE_BTS_O_SIGNAL;
 
-        cfg.bts_size = sizeof(struct bts_struct);
+        if (test_tsk_thread_flag(child, TIF_DEBUGCTLMSR) &&
+            child->thread.debugctlmsr & bts_cfg.debugctl_mask)
+                cfg.flags |= PTRACE_BTS_O_TRACE;
+
+        if (test_tsk_thread_flag(child, TIF_BTS_TRACE_TS))
+                cfg.flags |= PTRACE_BTS_O_SCHED;
 
         if (copy_to_user(ucfg, &cfg, sizeof(cfg)))
                 return -EFAULT;
@@ -744,89 +856,38 @@ static int ptrace_bts_status(struct task_struct *child,
         return sizeof(cfg);
 }
 
-
 static int ptrace_bts_write_record(struct task_struct *child,
                                    const struct bts_struct *in)
 {
-        int retval;
+        unsigned char bts_record[BTS_MAX_RECORD_SIZE];
 
-        if (!child->thread.ds_area_msr)
-                return -ENXIO;
+        BUG_ON(BTS_MAX_RECORD_SIZE < bts_cfg.sizeof_bts);
 
-        retval = ds_write_bts((void *)child->thread.ds_area_msr, in);
-        if (retval)
-                return retval;
+        memset(bts_record, 0, bts_cfg.sizeof_bts);
+        switch (in->qualifier) {
+        case BTS_INVALID:
+                break;
 
-        return sizeof(*in);
-}
+        case BTS_BRANCH:
+                bts_set(bts_record, bts_from, in->variant.lbr.from_ip);
+                bts_set(bts_record, bts_to,   in->variant.lbr.to_ip);
+                break;
 
-static int ptrace_bts_realloc(struct task_struct *child,
-                              int size, int reduce_size)
-{
-        unsigned long rlim, vm;
-        int ret, old_size;
+        case BTS_TASK_ARRIVES:
+        case BTS_TASK_DEPARTS:
+                bts_set(bts_record, bts_from,    bts_escape);
+                bts_set(bts_record, bts_qual,    in->qualifier);
+                bts_set(bts_record, bts_jiffies, in->variant.jiffies);
+                break;
 
-        if (size < 0)
+        default:
                 return -EINVAL;
-
-        old_size = ds_get_bts_size((void *)child->thread.ds_area_msr);
-        if (old_size < 0)
-                return old_size;
-
-        ret = ds_free((void **)&child->thread.ds_area_msr);
-        if (ret < 0)
-                goto out;
-
-        size >>= PAGE_SHIFT;
-        old_size >>= PAGE_SHIFT;
-
-        current->mm->total_vm  -= old_size;
-        current->mm->locked_vm -= old_size;
-
-        if (size == 0)
-                goto out;
-
-        rlim = current->signal->rlim[RLIMIT_AS].rlim_cur >> PAGE_SHIFT;
-        vm = current->mm->total_vm  + size;
-        if (rlim < vm) {
-                ret = -ENOMEM;
-
-                if (!reduce_size)
-                        goto out;
-
-                size = rlim - current->mm->total_vm;
-                if (size <= 0)
-                        goto out;
-        }
-
-        rlim = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur >> PAGE_SHIFT;
-        vm = current->mm->locked_vm  + size;
-        if (rlim < vm) {
-                ret = -ENOMEM;
-
-                if (!reduce_size)
-                        goto out;
-
-                size = rlim - current->mm->locked_vm;
-                if (size <= 0)
-                        goto out;
         }
 
-        ret = ds_allocate((void **)&child->thread.ds_area_msr,
-                          size << PAGE_SHIFT);
-        if (ret < 0)
-                goto out;
-
-        current->mm->total_vm  += size;
-        current->mm->locked_vm += size;
-
-out:
-        if (child->thread.ds_area_msr)
-                set_tsk_thread_flag(child, TIF_DS_AREA_MSR);
-        else
-                clear_tsk_thread_flag(child, TIF_DS_AREA_MSR);
-
-        return ret;
+        /* The writing task will be the switched-to task on a context
+         * switch. It needs to write into the switched-from task's BTS
+         * buffer. */
+        return ds_unchecked_write_bts(child, bts_record, bts_cfg.sizeof_bts);
 }
 
 void ptrace_bts_take_timestamp(struct task_struct *tsk,
@@ -839,7 +900,66 @@ void ptrace_bts_take_timestamp(struct task_struct *tsk,
 
         ptrace_bts_write_record(tsk, &rec);
 }
-#endif /* X86_BTS */
+
+static const struct bts_configuration bts_cfg_netburst = {
+        .sizeof_bts    = sizeof(long) * 3,
+        .sizeof_field  = sizeof(long),
+        .debugctl_mask = (1<<2)|(1<<3)|(1<<5)
+};
+
+static const struct bts_configuration bts_cfg_pentium_m = {
+        .sizeof_bts    = sizeof(long) * 3,
+        .sizeof_field  = sizeof(long),
+        .debugctl_mask = (1<<6)|(1<<7)
+};
+
+static const struct bts_configuration bts_cfg_core2 = {
+        .sizeof_bts    = 8 * 3,
+        .sizeof_field  = 8,
+        .debugctl_mask = (1<<6)|(1<<7)|(1<<9)
+};
+
+static inline void bts_configure(const struct bts_configuration *cfg)
+{
+        bts_cfg = *cfg;
+}
+
+void __cpuinit ptrace_bts_init_intel(struct cpuinfo_x86 *c)
+{
+        switch (c->x86) {
+        case 0x6:
+                switch (c->x86_model) {
+                case 0xD:
+                case 0xE: /* Pentium M */
+                        bts_configure(&bts_cfg_pentium_m);
+                        break;
+                case 0xF: /* Core2 */
+        case 0x1C: /* Atom */
+                        bts_configure(&bts_cfg_core2);
+                        break;
+                default:
+                        /* sorry, don't know about them */
+                        break;
+                }
+                break;
+        case 0xF:
+                switch (c->x86_model) {
+                case 0x0:
+                case 0x1:
+                case 0x2: /* Netburst */
+                        bts_configure(&bts_cfg_netburst);
+                        break;
+                default:
+                        /* sorry, don't know about them */
+                        break;
+                }
+                break;
+        default:
+                /* sorry, don't know about them */
+                break;
+        }
+}
+#endif /* CONFIG_X86_PTRACE_BTS */
 
 /*
  * Called by kernel/ptrace.c when detaching..
@@ -852,15 +972,15 @@ void ptrace_disable(struct task_struct *child)
 #ifdef TIF_SYSCALL_EMU
         clear_tsk_thread_flag(child, TIF_SYSCALL_EMU);
 #endif
-        if (child->thread.ds_area_msr) {
-#ifdef X86_BTS
-                ptrace_bts_realloc(child, 0, 0);
-#endif
-                child->thread.debugctlmsr &= ~ds_debugctl_mask();
-                if (!child->thread.debugctlmsr)
-                        clear_tsk_thread_flag(child, TIF_DEBUGCTLMSR);
-                clear_tsk_thread_flag(child, TIF_BTS_TRACE_TS);
-        }
+#ifdef CONFIG_X86_PTRACE_BTS
+        (void)ds_release_bts(child);
+
+        child->thread.debugctlmsr &= ~bts_cfg.debugctl_mask;
+        if (!child->thread.debugctlmsr)
+                clear_tsk_thread_flag(child, TIF_DEBUGCTLMSR);
+
+        clear_tsk_thread_flag(child, TIF_BTS_TRACE_TS);
+#endif /* CONFIG_X86_PTRACE_BTS */
 }
 
 #if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION
@@ -980,7 +1100,7 @@ long arch_ptrace(struct task_struct *child, long request, long addr, long data)
         /*
          * These bits need more cooking - not enabled yet:
          */
-#ifdef X86_BTS
+#ifdef CONFIG_X86_PTRACE_BTS
         case PTRACE_BTS_CONFIG:
                 ret = ptrace_bts_config
                         (child, data, (struct ptrace_bts_config __user *)addr);
@@ -992,7 +1112,7 @@ long arch_ptrace(struct task_struct *child, long request, long addr, long data)
                 break;
 
         case PTRACE_BTS_SIZE:
-                ret = ptrace_bts_get_size(child);
+                ret = ds_get_bts_index(child, /* pos = */ NULL);
                 break;
 
         case PTRACE_BTS_GET:
@@ -1001,14 +1121,14 @@ long arch_ptrace(struct task_struct *child, long request, long addr, long data)
                 break;
 
         case PTRACE_BTS_CLEAR:
-                ret = ptrace_bts_clear(child);
+                ret = ds_clear_bts(child);
                 break;
 
         case PTRACE_BTS_DRAIN:
                 ret = ptrace_bts_drain
                         (child, data, (struct bts_struct __user *) addr);
                 break;
-#endif
+#endif /* CONFIG_X86_PTRACE_BTS */
 
         default:
                 ret = ptrace_request(child, request, addr, data);
@@ -1290,6 +1410,12 @@ static const struct user_regset x86_64_regsets[] = {
                 .size = sizeof(long), .align = sizeof(long),
                 .active = xfpregs_active, .get = xfpregs_get, .set = xfpregs_set
         },
+        [REGSET_IOPERM64] = {
+                .core_note_type = NT_386_IOPERM,
+                .n = IO_BITMAP_LONGS,
+                .size = sizeof(long), .align = sizeof(long),
+                .active = ioperm_active, .get = ioperm_get
+        },
 };
 
 static const struct user_regset_view user_x86_64_view = {
@@ -1336,6 +1462,12 @@ static const struct user_regset x86_32_regsets[] = {
                 .active = regset_tls_active,
                 .get = regset_tls_get, .set = regset_tls_set
         },
+        [REGSET_IOPERM32] = {
+                .core_note_type = NT_386_IOPERM,
+                .n = IO_BITMAP_BYTES / sizeof(u32),
+                .size = sizeof(u32), .align = sizeof(u32),
+                .active = ioperm_active, .get = ioperm_get
+        },
 };
 
 static const struct user_regset_view user_x86_32_view = {
@@ -1357,7 +1489,8 @@ const struct user_regset_view *task_user_regset_view(struct task_struct *task)
 #endif
 }
 
-void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs, int error_code)
+void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs,
+                                         int error_code, int si_code)
 {
         struct siginfo info;
 
@@ -1366,7 +1499,7 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs, int error_code)
 
         memset(&info, 0, sizeof(info));
         info.si_signo = SIGTRAP;
-        info.si_code = TRAP_BRKPT;
+        info.si_code = si_code;
 
         /* User-mode ip? */
         info.si_addr = user_mode_vm(regs) ? (void __user *) regs->ip : NULL;
@@ -1375,30 +1508,6 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs, int error_code)
         force_sig_info(SIGTRAP, &info, tsk);
 }
 
-static void syscall_trace(struct pt_regs *regs)
-{
-        if (!(current->ptrace & PT_PTRACED))
-                return;
-
-#if 0
-        printk("trace %s ip %lx sp %lx ax %d origrax %d caller %lx tiflags %x ptrace %x\n",
-               current->comm,
-               regs->ip, regs->sp, regs->ax, regs->orig_ax, __builtin_return_address(0),
-               current_thread_info()->flags, current->ptrace);
-#endif
-
-        ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD)
-                                ? 0x80 : 0));
-        /*
-         * this isn't the same as continuing with a signal, but it will do
-         * for normal use.  strace only continues with a signal if the
-         * stopping signal is not SIGTRAP.  -brl
-         */
-        if (current->exit_code) {
-                send_sig(current->exit_code, current, 1);
-                current->exit_code = 0;
-        }
-}
 
 #ifdef CONFIG_X86_32
 # define IS_IA32        1
@@ -1432,8 +1541,9 @@ asmregparm long syscall_trace_enter(struct pt_regs *regs)
         if (unlikely(test_thread_flag(TIF_SYSCALL_EMU)))
                 ret = -1L;
 
-        if (ret || test_thread_flag(TIF_SYSCALL_TRACE))
-                syscall_trace(regs);
+        if ((ret || test_thread_flag(TIF_SYSCALL_TRACE)) &&
+            tracehook_report_syscall_entry(regs))
+                ret = -1L;
 
         if (unlikely(current->audit_context)) {
                 if (IS_IA32)
@@ -1459,7 +1569,7 @@ asmregparm void syscall_trace_leave(struct pt_regs *regs)
                 audit_syscall_exit(AUDITSC_RESULT(regs->ax), regs->ax);
 
         if (test_thread_flag(TIF_SYSCALL_TRACE))
-                syscall_trace(regs);
+                tracehook_report_syscall_exit(regs, 0);
 
         /*
          * If TIF_SYSCALL_EMU is set, we only get here because of
@@ -1475,6 +1585,6 @@ asmregparm void syscall_trace_leave(struct pt_regs *regs)
          * system call instruction.
          */
         if (test_thread_flag(TIF_SINGLESTEP) &&
-            (current->ptrace & PT_PTRACED))
-                send_sigtrap(current, regs, 0);
+            tracehook_consider_fatal_signal(current, SIGTRAP, SIG_DFL))
+                send_sigtrap(current, regs, 0, TRAP_BRKPT);
 }
diff --git a/arch/x86/kernel/pvclock.c b/arch/x86/kernel/pvclock.c
index 05fbe9a0325a..4f9c55f3a7c0 100644
--- a/arch/x86/kernel/pvclock.c
+++ b/arch/x86/kernel/pvclock.c
@@ -97,6 +97,18 @@ static unsigned pvclock_get_time_values(struct pvclock_shadow_time *dst,
         return dst->version;
 }
 
+unsigned long pvclock_tsc_khz(struct pvclock_vcpu_time_info *src)
+{
+        u64 pv_tsc_khz = 1000000ULL << 32;
+
+        do_div(pv_tsc_khz, src->tsc_to_system_mul);
+        if (src->tsc_shift < 0)
+                pv_tsc_khz <<= -src->tsc_shift;
+        else
+                pv_tsc_khz >>= src->tsc_shift;
+        return pv_tsc_khz;
+}
+
 cycle_t pvclock_clocksource_read(struct pvclock_vcpu_time_info *src)
 {
         struct pvclock_shadow_time shadow;
diff --git a/arch/x86/kernel/quirks.c b/arch/x86/kernel/quirks.c
index d13858818100..f6a11b9b1f98 100644
--- a/arch/x86/kernel/quirks.c
+++ b/arch/x86/kernel/quirks.c
@@ -354,9 +354,27 @@ static void ati_force_hpet_resume(void)
         printk(KERN_DEBUG "Force enabled HPET at resume\n");
 }
 
+static u32 ati_ixp4x0_rev(struct pci_dev *dev)
+{
+        u32 d;
+        u8  b;
+
+        pci_read_config_byte(dev, 0xac, &b);
+        b &= ~(1<<5);
+        pci_write_config_byte(dev, 0xac, b);
+        pci_read_config_dword(dev, 0x70, &d);
+        d |= 1<<8;
+        pci_write_config_dword(dev, 0x70, d);
+        pci_read_config_dword(dev, 0x8, &d);
+        d &= 0xff;
+        dev_printk(KERN_DEBUG, &dev->dev, "SB4X0 revision 0x%x\n", d);
+        return d;
+}
+
 static void ati_force_enable_hpet(struct pci_dev *dev)
 {
-        u32 uninitialized_var(val);
+        u32 d, val;
+        u8  b;
 
         if (hpet_address || force_hpet_address)
                 return;
@@ -366,14 +384,33 @@ static void ati_force_enable_hpet(struct pci_dev *dev)
                 return;
         }
 
+        d = ati_ixp4x0_rev(dev);
+        if (d  < 0x82)
+                return;
+
+        /* base address */
         pci_write_config_dword(dev, 0x14, 0xfed00000);
         pci_read_config_dword(dev, 0x14, &val);
+
+        /* enable interrupt */
+        outb(0x72, 0xcd6); b = inb(0xcd7);
+        b |= 0x1;
+        outb(0x72, 0xcd6); outb(b, 0xcd7);
+        outb(0x72, 0xcd6); b = inb(0xcd7);
+        if (!(b & 0x1))
+                return;
+        pci_read_config_dword(dev, 0x64, &d);
+        d |= (1<<10);
+        pci_write_config_dword(dev, 0x64, d);
+        pci_read_config_dword(dev, 0x64, &d);
+        if (!(d & (1<<10)))
+                return;
+
         force_hpet_address = val;
         force_hpet_resume_type = ATI_FORCE_HPET_RESUME;
         dev_printk(KERN_DEBUG, &dev->dev, "Force enabled HPET at 0x%lx\n",
                    force_hpet_address);
         cached_dev = dev;
-        return;
 }
 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_ATI, PCI_DEVICE_ID_ATI_IXP400_SMBUS,
                          ati_force_enable_hpet);
diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c
index 724adfc63cb9..f4c93f1cfc19 100644
--- a/arch/x86/kernel/reboot.c
+++ b/arch/x86/kernel/reboot.c
@@ -29,7 +29,11 @@ EXPORT_SYMBOL(pm_power_off);
 
 static const struct desc_ptr no_idt = {};
 static int reboot_mode;
-enum reboot_type reboot_type = BOOT_KBD;
+/*
+ * Keyboard reset and triple fault may result in INIT, not RESET, which
+ * doesn't work when we're in vmx root mode.  Try ACPI first.
+ */
+enum reboot_type reboot_type = BOOT_ACPI;
 int reboot_force;
 
 #if defined(CONFIG_X86_32) && defined(CONFIG_SMP)
diff --git a/arch/x86/kernel/rtc.c b/arch/x86/kernel/rtc.c
index 05191bbc68b8..0a23b5795b25 100644
--- a/arch/x86/kernel/rtc.c
+++ b/arch/x86/kernel/rtc.c
@@ -223,11 +223,25 @@ static struct platform_device rtc_device = {
 static __init int add_rtc_cmos(void)
 {
 #ifdef CONFIG_PNP
-        if (!pnp_platform_devices)
-                platform_device_register(&rtc_device);
-#else
+        static const char *ids[] __initconst =
+            { "PNP0b00", "PNP0b01", "PNP0b02", };
+        struct pnp_dev *dev;
+        struct pnp_id *id;
+        int i;
+
+        pnp_for_each_dev(dev) {
+                for (id = dev->id; id; id = id->next) {
+                        for (i = 0; i < ARRAY_SIZE(ids); i++) {
+                                if (compare_pnp_id(id, ids[i]) != 0)
+                                        return 0;
+                        }
+                }
+        }
+#endif
+
         platform_device_register(&rtc_device);
-#endif /* CONFIG_PNP */
+        dev_info(&rtc_device.dev,
+                 "registered platform RTC device (no PNP device found)\n");
         return 0;
 }
 device_initcall(add_rtc_cmos);
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 362d4e7f2d38..2255782e8d4b 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -223,6 +223,9 @@ unsigned long saved_video_mode;
 #define RAMDISK_LOAD_FLAG               0x4000
 
 static char __initdata command_line[COMMAND_LINE_SIZE];
+#ifdef CONFIG_CMDLINE_BOOL
+static char __initdata builtin_cmdline[COMMAND_LINE_SIZE] = CONFIG_CMDLINE;
+#endif
 
 #if defined(CONFIG_EDD) || defined(CONFIG_EDD_MODULE)
 struct edd edd;
@@ -299,7 +302,7 @@ static void __init relocate_initrd(void)
                 if (clen > MAX_MAP_CHUNK-slop)
                         clen = MAX_MAP_CHUNK-slop;
                 mapaddr = ramdisk_image & PAGE_MASK;
-                p = early_ioremap(mapaddr, clen+slop);
+                p = early_memremap(mapaddr, clen+slop);
                 memcpy(q, p+slop, clen);
                 early_iounmap(p, clen+slop);
                 q += clen;
@@ -376,7 +379,7 @@ static void __init parse_setup_data(void)
                 return;
         pa_data = boot_params.hdr.setup_data;
         while (pa_data) {
-                data = early_ioremap(pa_data, PAGE_SIZE);
+                data = early_memremap(pa_data, PAGE_SIZE);
                 switch (data->type) {
                 case SETUP_E820_EXT:
                         parse_e820_ext(data, pa_data);
@@ -399,7 +402,7 @@ static void __init e820_reserve_setup_data(void)
                 return;
         pa_data = boot_params.hdr.setup_data;
         while (pa_data) {
-                data = early_ioremap(pa_data, sizeof(*data));
+                data = early_memremap(pa_data, sizeof(*data));
                 e820_update_range(pa_data, sizeof(*data)+data->len,
                          E820_RAM, E820_RESERVED_KERN);
                 found = 1;
@@ -425,7 +428,7 @@ static void __init reserve_early_setup_data(void)
                 return;
         pa_data = boot_params.hdr.setup_data;
         while (pa_data) {
-                data = early_ioremap(pa_data, sizeof(*data));
+                data = early_memremap(pa_data, sizeof(*data));
                 sprintf(buf, "setup data %x", data->type);
                 reserve_early(pa_data, pa_data+sizeof(*data)+data->len, buf);
                 pa_data = data->next;
@@ -579,6 +582,190 @@ static struct x86_quirks default_x86_quirks __initdata;
 struct x86_quirks *x86_quirks __initdata = &default_x86_quirks;
 
 /*
+ * Some BIOSes seem to corrupt the low 64k of memory during events
+ * like suspend/resume and unplugging an HDMI cable.  Reserve all
+ * remaining free memory in that area and fill it with a distinct
+ * pattern.
+ */
+#ifdef CONFIG_X86_CHECK_BIOS_CORRUPTION
+#define MAX_SCAN_AREAS  8
+
+static int __read_mostly memory_corruption_check = -1;
+
+static unsigned __read_mostly corruption_check_size = 64*1024;
+static unsigned __read_mostly corruption_check_period = 60; /* seconds */
+
+static struct e820entry scan_areas[MAX_SCAN_AREAS];
+static int num_scan_areas;
+
+
+static int set_corruption_check(char *arg)
+{
+        char *end;
+
+        memory_corruption_check = simple_strtol(arg, &end, 10);
+
+        return (*end == 0) ? 0 : -EINVAL;
+}
+early_param("memory_corruption_check", set_corruption_check);
+
+static int set_corruption_check_period(char *arg)
+{
+        char *end;
+
+        corruption_check_period = simple_strtoul(arg, &end, 10);
+
+        return (*end == 0) ? 0 : -EINVAL;
+}
+early_param("memory_corruption_check_period", set_corruption_check_period);
+
+static int set_corruption_check_size(char *arg)
+{
+        char *end;
+        unsigned size;
+
+        size = memparse(arg, &end);
+
+        if (*end == '\0')
+                corruption_check_size = size;
+
+        return (size == corruption_check_size) ? 0 : -EINVAL;
+}
+early_param("memory_corruption_check_size", set_corruption_check_size);
+
+
+static void __init setup_bios_corruption_check(void)
+{
+        u64 addr = PAGE_SIZE;   /* assume first page is reserved anyway */
+
+        if (memory_corruption_check == -1) {
+                memory_corruption_check =
+#ifdef CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK
+                        1
+#else
+                        0
+#endif
+                        ;
+        }
+
+        if (corruption_check_size == 0)
+                memory_corruption_check = 0;
+
+        if (!memory_corruption_check)
+                return;
+
+        corruption_check_size = round_up(corruption_check_size, PAGE_SIZE);
+
+        while(addr < corruption_check_size && num_scan_areas < MAX_SCAN_AREAS) {
+                u64 size;
+                addr = find_e820_area_size(addr, &size, PAGE_SIZE);
+
+                if (addr == 0)
+                        break;
+
+                if ((addr + size) > corruption_check_size)
+                        size = corruption_check_size - addr;
+
+                if (size == 0)
+                        break;
+
+                e820_update_range(addr, size, E820_RAM, E820_RESERVED);
+                scan_areas[num_scan_areas].addr = addr;
+                scan_areas[num_scan_areas].size = size;
+                num_scan_areas++;
+
+                /* Assume we've already mapped this early memory */
+                memset(__va(addr), 0, size);
+
+                addr += size;
+        }
+
+        printk(KERN_INFO "Scanning %d areas for low memory corruption\n",
+               num_scan_areas);
+        update_e820();
+}
+
+static struct timer_list periodic_check_timer;
+
+void check_for_bios_corruption(void)
+{
+        int i;
+        int corruption = 0;
+
+        if (!memory_corruption_check)
+                return;
+
+        for(i = 0; i < num_scan_areas; i++) {
+                unsigned long *addr = __va(scan_areas[i].addr);
+                unsigned long size = scan_areas[i].size;
+
+                for(; size; addr++, size -= sizeof(unsigned long)) {
+                        if (!*addr)
+                                continue;
+                        printk(KERN_ERR "Corrupted low memory at %p (%lx phys) = %08lx\n",
+                               addr, __pa(addr), *addr);
+                        corruption = 1;
+                        *addr = 0;
+                }
+        }
+
+        WARN(corruption, KERN_ERR "Memory corruption detected in low memory\n");
+}
+
+static void periodic_check_for_corruption(unsigned long data)
+{
+        check_for_bios_corruption();
+        mod_timer(&periodic_check_timer, round_jiffies(jiffies + corruption_check_period*HZ));
+}
+
+void start_periodic_check_for_corruption(void)
+{
+        if (!memory_corruption_check || corruption_check_period == 0)
+                return;
+
+        printk(KERN_INFO "Scanning for low memory corruption every %d seconds\n",
+               corruption_check_period);
+
+        init_timer(&periodic_check_timer);
+        periodic_check_timer.function = &periodic_check_for_corruption;
+        periodic_check_for_corruption(0);
+}
+#endif
+
+static int __init dmi_low_memory_corruption(const struct dmi_system_id *d)
+{
+        printk(KERN_NOTICE
+                "%s detected: BIOS may corrupt low RAM, working it around.\n",
+                d->ident);
+
+        e820_update_range(0, 0x10000, E820_RAM, E820_RESERVED);
+        sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &e820.nr_map);
+
+        return 0;
+}
+
+/* List of systems that have known low memory corruption BIOS problems */
+static struct dmi_system_id __initdata bad_bios_dmi_table[] = {
+#ifdef CONFIG_X86_RESERVE_LOW_64K
+        {
+                .callback = dmi_low_memory_corruption,
+                .ident = "AMI BIOS",
+                .matches = {
+                        DMI_MATCH(DMI_BIOS_VENDOR, "American Megatrends Inc."),
+                },
+        },
+        {
+                .callback = dmi_low_memory_corruption,
+                .ident = "Phoenix BIOS",
+                .matches = {
+                        DMI_MATCH(DMI_BIOS_VENDOR, "Phoenix Technologies, LTD"),
+                },
+        },
+#endif
+        {}
+};
+
+/*
  * Determine if we were loaded by an EFI loader.  If so, then we have also been
  * passed the efi memmap, systab, etc., so we should use these data structures
  * for initialization.  Note, the efi init code path is determined by the
@@ -665,11 +852,28 @@ void __init setup_arch(char **cmdline_p)
         bss_resource.start = virt_to_phys(&__bss_start);
         bss_resource.end = virt_to_phys(&__bss_stop)-1;
 
+#ifdef CONFIG_CMDLINE_BOOL
+#ifdef CONFIG_CMDLINE_OVERRIDE
+        strlcpy(boot_command_line, builtin_cmdline, COMMAND_LINE_SIZE);
+#else
+        if (builtin_cmdline[0]) {
+                /* append boot loader cmdline to builtin */
+                strlcat(builtin_cmdline, " ", COMMAND_LINE_SIZE);
+                strlcat(builtin_cmdline, boot_command_line, COMMAND_LINE_SIZE);
+                strlcpy(boot_command_line, builtin_cmdline, COMMAND_LINE_SIZE);
+        }
+#endif
+#endif
+
         strlcpy(command_line, boot_command_line, COMMAND_LINE_SIZE);
         *cmdline_p = command_line;
 
         parse_early_param();
 
+#ifdef CONFIG_X86_64
+        check_efer();
+#endif
+
 #if defined(CONFIG_VMI) && defined(CONFIG_X86_32)
         /*
          * Must be before kernel pagetables are setup
@@ -695,6 +899,10 @@ void __init setup_arch(char **cmdline_p)
 
         finish_e820_parsing();
 
+        dmi_scan_machine();
+
+        dmi_check_system(bad_bios_dmi_table);
+
 #ifdef CONFIG_X86_32
         probe_roms();
 #endif
@@ -738,7 +946,8 @@ void __init setup_arch(char **cmdline_p)
 #else
         num_physpages = max_pfn;
 
-        check_efer();
+        if (cpu_has_x2apic)
+                check_x2apic();
 
         /* How many end-of-memory variables you have, grandma! */
         /* need this before calling reserve_initrd */
@@ -750,6 +959,10 @@ void __init setup_arch(char **cmdline_p)
         high_memory = (void *)__va(max_pfn * PAGE_SIZE - 1) + 1;
 #endif
 
+#ifdef CONFIG_X86_CHECK_BIOS_CORRUPTION
+        setup_bios_corruption_check();
+#endif
+
         /* max_pfn_mapped is updated here */
         max_low_pfn_mapped = init_memory_mapping(0, max_low_pfn<<PAGE_SHIFT);
         max_pfn_mapped = max_low_pfn_mapped;
@@ -778,8 +991,6 @@ void __init setup_arch(char **cmdline_p)
         vsmp_init();
 #endif
 
-        dmi_scan_machine();
-
         io_delay_init();
 
         /*
@@ -787,6 +998,8 @@ void __init setup_arch(char **cmdline_p)
          */
         acpi_boot_table_init();
 
+        early_acpi_boot_init();
+
 #ifdef CONFIG_ACPI_NUMA
         /*
          * Parse SRAT to discover nodes.
@@ -882,3 +1095,5 @@ void __init setup_arch(char **cmdline_p)
 #endif
 #endif
 }
+
+
diff --git a/arch/x86/kernel/setup_percpu.c b/arch/x86/kernel/setup_percpu.c
index 76e305e064f9..0e67f72d9316 100644
--- a/arch/x86/kernel/setup_percpu.c
+++ b/arch/x86/kernel/setup_percpu.c
@@ -162,9 +162,16 @@ void __init setup_per_cpu_areas(void)
                         printk(KERN_INFO
                                "cpu %d has no node %d or node-local memory\n",
                                 cpu, node);
+                        if (ptr)
+                                printk(KERN_DEBUG "per cpu data for cpu%d at %016lx\n",
+                                         cpu, __pa(ptr));
                 }
-                else
+                else {
                         ptr = alloc_bootmem_pages_node(NODE_DATA(node), size);
+                        if (ptr)
+                                printk(KERN_DEBUG "per cpu data for cpu%d on node%d at %016lx\n",
+                                         cpu, node, __pa(ptr));
+                }
 #endif
                 per_cpu_offset(cpu) = ptr - __per_cpu_start;
                 memcpy(ptr, __per_cpu_start, __per_cpu_end - __per_cpu_start);
diff --git a/arch/x86/kernel/sigframe.h b/arch/x86/kernel/sigframe.h
index 72bbb519d2dc..cc673aa55ce4 100644
--- a/arch/x86/kernel/sigframe.h
+++ b/arch/x86/kernel/sigframe.h
@@ -3,9 +3,18 @@ struct sigframe {
         char __user *pretcode;
         int sig;
         struct sigcontext sc;
-        struct _fpstate fpstate;
+        /*
+         * fpstate is unused. fpstate is moved/allocated after
+         * retcode[] below. This movement allows to have the FP state and the
+         * future state extensions (xsave) stay together.
+         * And at the same time retaining the unused fpstate, prevents changing
+         * the offset of extramask[] in the sigframe and thus prevent any
+         * legacy application accessing/modifying it.
+         */
+        struct _fpstate fpstate_unused;
         unsigned long extramask[_NSIG_WORDS-1];
         char retcode[8];
+        /* fp state follows here */
 };
 
 struct rt_sigframe {
@@ -15,13 +24,19 @@ struct rt_sigframe {
         void __user *puc;
         struct siginfo info;
         struct ucontext uc;
-        struct _fpstate fpstate;
         char retcode[8];
+        /* fp state follows here */
 };
 #else
 struct rt_sigframe {
         char __user *pretcode;
         struct ucontext uc;
         struct siginfo info;
+        /* fp state follows here */
 };
+
+int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
+                sigset_t *set, struct pt_regs *regs);
+int ia32_setup_frame(int sig, struct k_sigaction *ka,
+                sigset_t *set, struct pt_regs *regs);
 #endif
diff --git a/arch/x86/kernel/signal_32.c b/arch/x86/kernel/signal_32.c
index 6fb5bcdd8933..d6dd057d0f22 100644
--- a/arch/x86/kernel/signal_32.c
+++ b/arch/x86/kernel/signal_32.c
@@ -17,6 +17,7 @@
 #include <linux/errno.h>
 #include <linux/sched.h>
 #include <linux/wait.h>
+#include <linux/tracehook.h>
 #include <linux/elf.h>
 #include <linux/smp.h>
 #include <linux/mm.h>
@@ -26,6 +27,8 @@
 #include <asm/uaccess.h>
 #include <asm/i387.h>
 #include <asm/vdso.h>
+#include <asm/syscall.h>
+#include <asm/syscalls.h>
 
 #include "sigframe.h"
 
@@ -110,6 +113,27 @@ asmlinkage int sys_sigaltstack(unsigned long bx)
         return do_sigaltstack(uss, uoss, regs->sp);
 }
 
+#define COPY(x)                 {               \
+        err |= __get_user(regs->x, &sc->x);     \
+}
+
+#define COPY_SEG(seg)           {                       \
+                unsigned short tmp;                     \
+                err |= __get_user(tmp, &sc->seg);       \
+                regs->seg = tmp;                        \
+}
+
+#define COPY_SEG_STRICT(seg)    {                       \
+                unsigned short tmp;                     \
+                err |= __get_user(tmp, &sc->seg);       \
+                regs->seg = tmp | 3;                    \
+}
+
+#define GET_SEG(seg)            {                       \
+                unsigned short tmp;                     \
+                err |= __get_user(tmp, &sc->seg);       \
+                loadsegment(seg, tmp);                  \
+}
 
 /*
  * Do a signal return; undo the signal stack.
@@ -118,28 +142,13 @@ static int
 restore_sigcontext(struct pt_regs *regs, struct sigcontext __user *sc,
                    unsigned long *pax)
 {
+        void __user *buf;
+        unsigned int tmpflags;
         unsigned int err = 0;
 
         /* Always make any pending restarted system calls return -EINTR */
         current_thread_info()->restart_block.fn = do_no_restart_syscall;
 
-#define COPY(x)         err |= __get_user(regs->x, &sc->x)
-
-#define COPY_SEG(seg)                                                   \
-        { unsigned short tmp;                                           \
-          err |= __get_user(tmp, &sc->seg);                             \
-          regs->seg = tmp; }
-
-#define COPY_SEG_STRICT(seg)                                            \
-        { unsigned short tmp;                                           \
-          err |= __get_user(tmp, &sc->seg);                             \
-          regs->seg = tmp|3; }
-
-#define GET_SEG(seg)                                                    \
-        { unsigned short tmp;                                           \
-          err |= __get_user(tmp, &sc->seg);                             \
-          loadsegment(seg, tmp); }
-
         GET_SEG(gs);
         COPY_SEG(fs);
         COPY_SEG(es);
@@ -149,38 +158,15 @@ restore_sigcontext(struct pt_regs *regs, struct sigcontext __user *sc,
         COPY_SEG_STRICT(cs);
         COPY_SEG_STRICT(ss);
 
-        {
-                unsigned int tmpflags;
-
-                err |= __get_user(tmpflags, &sc->flags);
-                regs->flags = (regs->flags & ~FIX_EFLAGS) |
-                                                (tmpflags & FIX_EFLAGS);
-                regs->orig_ax = -1;             /* disable syscall checks */
-        }
+        err |= __get_user(tmpflags, &sc->flags);
+        regs->flags = (regs->flags & ~FIX_EFLAGS) | (tmpflags & FIX_EFLAGS);
+        regs->orig_ax = -1;             /* disable syscall checks */
 
-        {
-                struct _fpstate __user *buf;
-
-                err |= __get_user(buf, &sc->fpstate);
-                if (buf) {
-                        if (!access_ok(VERIFY_READ, buf, sizeof(*buf)))
-                                goto badframe;
-                        err |= restore_i387(buf);
-                } else {
-                        struct task_struct *me = current;
-
-                        if (used_math()) {
-                                clear_fpu(me);
-                                clear_used_math();
-                        }
-                }
-        }
+        err |= __get_user(buf, &sc->fpstate);
+        err |= restore_i387_xstate(buf);
 
         err |= __get_user(*pax, &sc->ax);
         return err;
-
-badframe:
-        return 1;
 }
 
 asmlinkage unsigned long sys_sigreturn(unsigned long __unused)
@@ -226,9 +212,8 @@ badframe:
         return 0;
 }
 
-asmlinkage int sys_rt_sigreturn(unsigned long __unused)
+static long do_rt_sigreturn(struct pt_regs *regs)
 {
-        struct pt_regs *regs = (struct pt_regs *)&__unused;
         struct rt_sigframe __user *frame;
         unsigned long ax;
         sigset_t set;
@@ -254,15 +239,22 @@ asmlinkage int sys_rt_sigreturn(unsigned long __unused)
         return ax;
 
 badframe:
-        force_sig(SIGSEGV, current);
+        signal_fault(regs, frame, "rt_sigreturn");
         return 0;
 }
 
+asmlinkage int sys_rt_sigreturn(unsigned long __unused)
+{
+        struct pt_regs *regs = (struct pt_regs *)&__unused;
+
+        return do_rt_sigreturn(regs);
+}
+
 /*
  * Set up a signal frame.
  */
 static int
-setup_sigcontext(struct sigcontext __user *sc, struct _fpstate __user *fpstate,
+setup_sigcontext(struct sigcontext __user *sc, void __user *fpstate,
                  struct pt_regs *regs, unsigned long mask)
 {
         int tmp, err = 0;
@@ -289,7 +281,7 @@ setup_sigcontext(struct sigcontext __user *sc, struct _fpstate __user *fpstate,
         err |= __put_user(regs->sp, &sc->sp_at_signal);
         err |= __put_user(regs->ss, (unsigned int __user *)&sc->ss);
 
-        tmp = save_i387(fpstate);
+        tmp = save_i387_xstate(fpstate);
         if (tmp < 0)
                 err = 1;
         else
@@ -306,7 +298,8 @@ setup_sigcontext(struct sigcontext __user *sc, struct _fpstate __user *fpstate,
  * Determine which stack to use..
  */
 static inline void __user *
-get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, size_t frame_size)
+get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, size_t frame_size,
+             void **fpstate)
 {
         unsigned long sp;
 
@@ -332,6 +325,11 @@ get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, size_t frame_size)
                         sp = (unsigned long) ka->sa.sa_restorer;
         }
 
+        if (used_math()) {
+                sp = sp - sig_xstate_size;
+                *fpstate = (struct _fpstate *) sp;
+        }
+
         sp -= frame_size;
         /*
          * Align the stack pointer according to the i386 ABI,
@@ -343,38 +341,29 @@ get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, size_t frame_size)
 }
 
 static int
-setup_frame(int sig, struct k_sigaction *ka, sigset_t *set,
-            struct pt_regs *regs)
+__setup_frame(int sig, struct k_sigaction *ka, sigset_t *set,
+              struct pt_regs *regs)
 {
         struct sigframe __user *frame;
         void __user *restorer;
         int err = 0;
-        int usig;
+        void __user *fpstate = NULL;
 
-        frame = get_sigframe(ka, regs, sizeof(*frame));
+        frame = get_sigframe(ka, regs, sizeof(*frame), &fpstate);
 
         if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame)))
-                goto give_sigsegv;
+                return -EFAULT;
 
-        usig = current_thread_info()->exec_domain
-                && current_thread_info()->exec_domain->signal_invmap
-                && sig < 32
-                ? current_thread_info()->exec_domain->signal_invmap[sig]
-                : sig;
+        if (__put_user(sig, &frame->sig))
+                return -EFAULT;
 
-        err = __put_user(usig, &frame->sig);
-        if (err)
-                goto give_sigsegv;
-
-        err = setup_sigcontext(&frame->sc, &frame->fpstate, regs, set->sig[0]);
-        if (err)
-                goto give_sigsegv;
+        if (setup_sigcontext(&frame->sc, fpstate, regs, set->sig[0]))
+                return -EFAULT;
 
         if (_NSIG_WORDS > 1) {
-                err = __copy_to_user(&frame->extramask, &set->sig[1],
-                                      sizeof(frame->extramask));
-                if (err)
-                        goto give_sigsegv;
+                if (__copy_to_user(&frame->extramask, &set->sig[1],
+                                   sizeof(frame->extramask)))
+                        return -EFAULT;
         }
 
         if (current->mm->context.vdso)
@@ -399,7 +388,7 @@ setup_frame(int sig, struct k_sigaction *ka, sigset_t *set,
         err |= __put_user(0x80cd, (short __user *)(frame->retcode+6));
 
         if (err)
-                goto give_sigsegv;
+                return -EFAULT;
 
         /* Set up registers for signal handler */
         regs->sp = (unsigned long)frame;
@@ -414,50 +403,43 @@ setup_frame(int sig, struct k_sigaction *ka, sigset_t *set,
         regs->cs = __USER_CS;
 
         return 0;
-
-give_sigsegv:
-        force_sigsegv(sig, current);
-        return -EFAULT;
 }
 
-static int setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
-                          sigset_t *set, struct pt_regs *regs)
+static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
+                            sigset_t *set, struct pt_regs *regs)
 {
         struct rt_sigframe __user *frame;
         void __user *restorer;
         int err = 0;
-        int usig;
+        void __user *fpstate = NULL;
 
-        frame = get_sigframe(ka, regs, sizeof(*frame));
+        frame = get_sigframe(ka, regs, sizeof(*frame), &fpstate);
 
         if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame)))
-                goto give_sigsegv;
+                return -EFAULT;
 
-        usig = current_thread_info()->exec_domain
-                && current_thread_info()->exec_domain->signal_invmap
-                && sig < 32
-                ? current_thread_info()->exec_domain->signal_invmap[sig]
-                : sig;
-
-        err |= __put_user(usig, &frame->sig);
+        err |= __put_user(sig, &frame->sig);
         err |= __put_user(&frame->info, &frame->pinfo);
         err |= __put_user(&frame->uc, &frame->puc);
         err |= copy_siginfo_to_user(&frame->info, info);
         if (err)
-                goto give_sigsegv;
+                return -EFAULT;
 
         /* Create the ucontext.  */
-        err |= __put_user(0, &frame->uc.uc_flags);
+        if (cpu_has_xsave)
+                err |= __put_user(UC_FP_XSTATE, &frame->uc.uc_flags);
+        else
+                err |= __put_user(0, &frame->uc.uc_flags);
         err |= __put_user(0, &frame->uc.uc_link);
         err |= __put_user(current->sas_ss_sp, &frame->uc.uc_stack.ss_sp);
         err |= __put_user(sas_ss_flags(regs->sp),
                           &frame->uc.uc_stack.ss_flags);
         err |= __put_user(current->sas_ss_size, &frame->uc.uc_stack.ss_size);
-        err |= setup_sigcontext(&frame->uc.uc_mcontext, &frame->fpstate,
+        err |= setup_sigcontext(&frame->uc.uc_mcontext, fpstate,
                                 regs, set->sig[0]);
         err |= __copy_to_user(&frame->uc.uc_sigmask, set, sizeof(*set));
         if (err)
-                goto give_sigsegv;
+                return -EFAULT;
 
         /* Set up to return from userspace.  */
         restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn);
@@ -477,12 +459,12 @@ static int setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
         err |= __put_user(0x80cd, (short __user *)(frame->retcode+5));
 
         if (err)
-                goto give_sigsegv;
+                return -EFAULT;
 
         /* Set up registers for signal handler */
         regs->sp = (unsigned long)frame;
         regs->ip = (unsigned long)ka->sa.sa_handler;
-        regs->ax = (unsigned long)usig;
+        regs->ax = (unsigned long)sig;
         regs->dx = (unsigned long)&frame->info;
         regs->cx = (unsigned long)&frame->uc;
 
@@ -492,15 +474,48 @@ static int setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
         regs->cs = __USER_CS;
 
         return 0;
-
-give_sigsegv:
-        force_sigsegv(sig, current);
-        return -EFAULT;
 }
 
 /*
  * OK, we're invoking a handler:
  */
+static int signr_convert(int sig)
+{
+        struct thread_info *info = current_thread_info();
+
+        if (info->exec_domain && info->exec_domain->signal_invmap && sig < 32)
+                return info->exec_domain->signal_invmap[sig];
+        return sig;
+}
+
+#define is_ia32 1
+#define ia32_setup_frame        __setup_frame
+#define ia32_setup_rt_frame     __setup_rt_frame
+
+static int
+setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
+               sigset_t *set, struct pt_regs *regs)
+{
+        int usig = signr_convert(sig);
+        int ret;
+
+        /* Set up the stack frame */
+        if (is_ia32) {
+                if (ka->sa.sa_flags & SA_SIGINFO)
+                        ret = ia32_setup_rt_frame(usig, ka, info, set, regs);
+                else
+                        ret = ia32_setup_frame(usig, ka, set, regs);
+        } else
+                ret = __setup_rt_frame(sig, ka, info, set, regs);
+
+        if (ret) {
+                force_sigsegv(sig, current);
+                return -EFAULT;
+        }
+
+        return ret;
+}
+
 static int
 handle_signal(unsigned long sig, siginfo_t *info, struct k_sigaction *ka,
               sigset_t *oldset, struct pt_regs *regs)
@@ -508,9 +523,9 @@ handle_signal(unsigned long sig, siginfo_t *info, struct k_sigaction *ka,
         int ret;
 
         /* Are we from a system call? */
-        if ((long)regs->orig_ax >= 0) {
+        if (syscall_get_nr(current, regs) >= 0) {
                 /* If so, check system call restarting.. */
-                switch (regs->ax) {
+                switch (syscall_get_error(current, regs)) {
                 case -ERESTART_RESTARTBLOCK:
                 case -ERESTARTNOHAND:
                         regs->ax = -EINTR;
@@ -537,15 +552,20 @@ handle_signal(unsigned long sig, siginfo_t *info, struct k_sigaction *ka,
             likely(test_and_clear_thread_flag(TIF_FORCED_TF)))
                 regs->flags &= ~X86_EFLAGS_TF;
 
-        /* Set up the stack frame */
-        if (ka->sa.sa_flags & SA_SIGINFO)
-                ret = setup_rt_frame(sig, ka, info, oldset, regs);
-        else
-                ret = setup_frame(sig, ka, oldset, regs);
+        ret = setup_rt_frame(sig, ka, info, oldset, regs);
 
         if (ret)
                 return ret;
 
+#ifdef CONFIG_X86_64
+        /*
+         * This has nothing to do with segment registers,
+         * despite the name.  This magic affects uaccess.h
+         * macros' behavior.  Reset it to the normal setting.
+         */
+        set_fs(USER_DS);
+#endif
+
         /*
          * Clear the direction flag as per the ABI for function entry.
          */
@@ -558,8 +578,6 @@ handle_signal(unsigned long sig, siginfo_t *info, struct k_sigaction *ka,
          * handler too.
          */
         regs->flags &= ~X86_EFLAGS_TF;
-        if (test_thread_flag(TIF_SINGLESTEP))
-                ptrace_notify(SIGTRAP);
 
         spin_lock_irq(&current->sighand->siglock);
         sigorsets(&current->blocked, &current->blocked, &ka->sa.sa_mask);
@@ -568,9 +586,13 @@ handle_signal(unsigned long sig, siginfo_t *info, struct k_sigaction *ka,
         recalc_sigpending();
         spin_unlock_irq(&current->sighand->siglock);
 
+        tracehook_signal_handler(sig, info, ka, regs,
+                                 test_thread_flag(TIF_SINGLESTEP));
+
         return 0;
 }
 
+#define NR_restart_syscall      __NR_restart_syscall
 /*
  * Note that 'init' is a special process: it doesn't get signals it doesn't
  * want to handle. Thus you cannot kill init even with a SIGKILL even by
@@ -623,9 +645,9 @@ static void do_signal(struct pt_regs *regs)
         }
 
         /* Did we come from a system call? */
-        if ((long)regs->orig_ax >= 0) {
+        if (syscall_get_nr(current, regs) >= 0) {
                 /* Restart the system call - no handlers present */
-                switch (regs->ax) {
+                switch (syscall_get_error(current, regs)) {
                 case -ERESTARTNOHAND:
                 case -ERESTARTSYS:
                 case -ERESTARTNOINTR:
@@ -634,7 +656,7 @@ static void do_signal(struct pt_regs *regs)
                         break;
 
                 case -ERESTART_RESTARTBLOCK:
-                        regs->ax = __NR_restart_syscall;
+                        regs->ax = NR_restart_syscall;
                         regs->ip -= 2;
                         break;
                 }
@@ -657,9 +679,38 @@ static void do_signal(struct pt_regs *regs)
 void
 do_notify_resume(struct pt_regs *regs, void *unused, __u32 thread_info_flags)
 {
+#if defined(CONFIG_X86_64) && defined(CONFIG_X86_MCE)
+        /* notify userspace of pending MCEs */
+        if (thread_info_flags & _TIF_MCE_NOTIFY)
+                mce_notify_user();
+#endif /* CONFIG_X86_64 && CONFIG_X86_MCE */
+
         /* deal with pending signal delivery */
         if (thread_info_flags & _TIF_SIGPENDING)
                 do_signal(regs);
 
+        if (thread_info_flags & _TIF_NOTIFY_RESUME) {
+                clear_thread_flag(TIF_NOTIFY_RESUME);
+                tracehook_notify_resume(regs);
+        }
+
+#ifdef CONFIG_X86_32
         clear_thread_flag(TIF_IRET);
+#endif /* CONFIG_X86_32 */
+}
+
+void signal_fault(struct pt_regs *regs, void __user *frame, char *where)
+{
+        struct task_struct *me = current;
+
+        if (show_unhandled_signals && printk_ratelimit()) {
+                printk(KERN_INFO
+                       "%s[%d] bad frame in %s frame:%p ip:%lx sp:%lx orax:%lx",
+                       me->comm, me->pid, where, frame,
+                       regs->ip, regs->sp, regs->orig_ax);
+                print_vma_addr(" in ", regs->ip);
+                printk(KERN_CONT "\n");
+        }
+
+        force_sig(SIGSEGV, me);
 }
diff --git a/arch/x86/kernel/signal_64.c b/arch/x86/kernel/signal_64.c
index ca316b5b742c..a5c9627f4db9 100644
--- a/arch/x86/kernel/signal_64.c
+++ b/arch/x86/kernel/signal_64.c
@@ -15,17 +15,21 @@
 #include <linux/errno.h>
 #include <linux/wait.h>
 #include <linux/ptrace.h>
+#include <linux/tracehook.h>
 #include <linux/unistd.h>
 #include <linux/stddef.h>
 #include <linux/personality.h>
 #include <linux/compiler.h>
+#include <linux/uaccess.h>
+
 #include <asm/processor.h>
 #include <asm/ucontext.h>
-#include <asm/uaccess.h>
 #include <asm/i387.h>
 #include <asm/proto.h>
 #include <asm/ia32_unistd.h>
 #include <asm/mce.h>
+#include <asm/syscall.h>
+#include <asm/syscalls.h>
 #include "sigframe.h"
 
 #define _BLOCKABLE (~(sigmask(SIGKILL) | sigmask(SIGSTOP)))
@@ -41,11 +45,6 @@
 # define FIX_EFLAGS     __FIX_EFLAGS
 #endif
 
-int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
-               sigset_t *set, struct pt_regs * regs); 
-int ia32_setup_frame(int sig, struct k_sigaction *ka,
-            sigset_t *set, struct pt_regs * regs); 
-
 asmlinkage long
 sys_sigaltstack(const stack_t __user *uss, stack_t __user *uoss,
                 struct pt_regs *regs)
@@ -53,67 +52,14 @@ sys_sigaltstack(const stack_t __user *uss, stack_t __user *uoss,
         return do_sigaltstack(uss, uoss, regs->sp);
 }
 
-/*
- * Signal frame handlers.
- */
-
-static inline int save_i387(struct _fpstate __user *buf)
-{
-        struct task_struct *tsk = current;
-        int err = 0;
-
-        BUILD_BUG_ON(sizeof(struct user_i387_struct) !=
-                        sizeof(tsk->thread.xstate->fxsave));
-
-        if ((unsigned long)buf % 16)
-                printk("save_i387: bad fpstate %p\n", buf);
-
-        if (!used_math())
-                return 0;
-        clear_used_math(); /* trigger finit */
-        if (task_thread_info(tsk)->status & TS_USEDFPU) {
-                err = save_i387_checking((struct i387_fxsave_struct __user *)
-                                         buf);
-                if (err)
-                        return err;
-                task_thread_info(tsk)->status &= ~TS_USEDFPU;
-                stts();
-        } else {
-                if (__copy_to_user(buf, &tsk->thread.xstate->fxsave,
-                                   sizeof(struct i387_fxsave_struct)))
-                        return -1;
-        }
-        return 1;
+#define COPY(x)                 {               \
+        err |= __get_user(regs->x, &sc->x);     \
 }
 
-/*
- * This restores directly out of user space. Exceptions are handled.
- */
-static inline int restore_i387(struct _fpstate __user *buf)
-{
-        struct task_struct *tsk = current;
-        int err;
-
-        if (!used_math()) {
-                err = init_fpu(tsk);
-                if (err)
-                        return err;
-        }
-
-        if (!(task_thread_info(current)->status & TS_USEDFPU)) {
-                clts();
-                task_thread_info(current)->status |= TS_USEDFPU;
-        }
-        err = restore_fpu_checking((__force struct i387_fxsave_struct *)buf);
-        if (unlikely(err)) {
-                /*
-                 * Encountered an error while doing the restore from the
-                 * user buffer, clear the fpu state.
-                 */
-                clear_fpu(tsk);
-                clear_used_math();
-        }
-        return err;
+#define COPY_SEG_STRICT(seg)    {                       \
+                unsigned short tmp;                     \
+                err |= __get_user(tmp, &sc->seg);       \
+                regs->seg = tmp | 3;                    \
 }
 
 /*
@@ -123,13 +69,13 @@ static int
 restore_sigcontext(struct pt_regs *regs, struct sigcontext __user *sc,
                    unsigned long *pax)
 {
+        void __user *buf;
+        unsigned int tmpflags;
         unsigned int err = 0;
 
         /* Always make any pending restarted system calls return -EINTR */
         current_thread_info()->restart_block.fn = do_no_restart_syscall;
 
-#define COPY(x)         err |= __get_user(regs->x, &sc->x)
-
         COPY(di); COPY(si); COPY(bp); COPY(sp); COPY(bx);
         COPY(dx); COPY(cx); COPY(ip);
         COPY(r8);
@@ -144,48 +90,24 @@ restore_sigcontext(struct pt_regs *regs, struct sigcontext __user *sc,
         /* Kernel saves and restores only the CS segment register on signals,
          * which is the bare minimum needed to allow mixed 32/64-bit code.
          * App's signal handler can save/restore other segments if needed. */
-        {
-                unsigned cs;
-                err |= __get_user(cs, &sc->cs);
-                regs->cs = cs | 3;      /* Force into user mode */
-        }
+        COPY_SEG_STRICT(cs);
 
-        {
-                unsigned int tmpflags;
-                err |= __get_user(tmpflags, &sc->flags);
-                regs->flags = (regs->flags & ~FIX_EFLAGS) | (tmpflags & FIX_EFLAGS);
-                regs->orig_ax = -1;             /* disable syscall checks */
-        }
+        err |= __get_user(tmpflags, &sc->flags);
+        regs->flags = (regs->flags & ~FIX_EFLAGS) | (tmpflags & FIX_EFLAGS);
+        regs->orig_ax = -1;             /* disable syscall checks */
 
-        {
-                struct _fpstate __user * buf;
-                err |= __get_user(buf, &sc->fpstate);
-
-                if (buf) {
-                        if (!access_ok(VERIFY_READ, buf, sizeof(*buf)))
-                                goto badframe;
-                        err |= restore_i387(buf);
-                } else {
-                        struct task_struct *me = current;
-                        if (used_math()) {
-                                clear_fpu(me);
-                                clear_used_math();
-                        }
-                }
-        }
+        err |= __get_user(buf, &sc->fpstate);
+        err |= restore_i387_xstate(buf);
 
         err |= __get_user(*pax, &sc->ax);
         return err;
-
-badframe:
-        return 1;
 }
 
-asmlinkage long sys_rt_sigreturn(struct pt_regs *regs)
+static long do_rt_sigreturn(struct pt_regs *regs)
 {
         struct rt_sigframe __user *frame;
-        sigset_t set;
         unsigned long ax;
+        sigset_t set;
 
         frame = (struct rt_sigframe __user *)(regs->sp - sizeof(long));
         if (!access_ok(VERIFY_READ, frame, sizeof(*frame)))
@@ -198,7 +120,7 @@ asmlinkage long sys_rt_sigreturn(struct pt_regs *regs)
         current->blocked = set;
         recalc_sigpending();
         spin_unlock_irq(&current->sighand->siglock);
-        
+
         if (restore_sigcontext(regs, &frame->uc.uc_mcontext, &ax))
                 goto badframe;
 
@@ -208,16 +130,22 @@ asmlinkage long sys_rt_sigreturn(struct pt_regs *regs)
         return ax;
 
 badframe:
-        signal_fault(regs,frame,"sigreturn");
+        signal_fault(regs, frame, "rt_sigreturn");
         return 0;
-}       
+}
+
+asmlinkage long sys_rt_sigreturn(struct pt_regs *regs)
+{
+        return do_rt_sigreturn(regs);
+}
 
 /*
  * Set up a signal frame.
  */
 
 static inline int
-setup_sigcontext(struct sigcontext __user *sc, struct pt_regs *regs, unsigned long mask, struct task_struct *me)
+setup_sigcontext(struct sigcontext __user *sc, struct pt_regs *regs,
+                unsigned long mask, struct task_struct *me)
 {
         int err = 0;
 
@@ -269,41 +197,40 @@ get_stack(struct k_sigaction *ka, struct pt_regs *regs, unsigned long size)
                         sp = current->sas_ss_sp + current->sas_ss_size;
         }
 
-        return (void __user *)round_down(sp - size, 16);
+        return (void __user *)round_down(sp - size, 64);
 }
 
-static int setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
-                           sigset_t *set, struct pt_regs * regs)
+static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
+                            sigset_t *set, struct pt_regs *regs)
 {
         struct rt_sigframe __user *frame;
-        struct _fpstate __user *fp = NULL; 
+        void __user *fp = NULL;
         int err = 0;
         struct task_struct *me = current;
 
         if (used_math()) {
-                fp = get_stack(ka, regs, sizeof(struct _fpstate)); 
+                fp = get_stack(ka, regs, sig_xstate_size);
                 frame = (void __user *)round_down(
                         (unsigned long)fp - sizeof(struct rt_sigframe), 16) - 8;
 
-                if (!access_ok(VERIFY_WRITE, fp, sizeof(struct _fpstate)))
-                        goto give_sigsegv;
-
-                if (save_i387(fp) < 0) 
-                        err |= -1; 
+                if (save_i387_xstate(fp) < 0)
+                        return -EFAULT;
         } else
                 frame = get_stack(ka, regs, sizeof(struct rt_sigframe)) - 8;
 
         if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame)))
-                goto give_sigsegv;
+                return -EFAULT;
 
-        if (ka->sa.sa_flags & SA_SIGINFO) { 
-                err |= copy_siginfo_to_user(&frame->info, info);
-                if (err)
-                        goto give_sigsegv;
+        if (ka->sa.sa_flags & SA_SIGINFO) {
+                if (copy_siginfo_to_user(&frame->info, info))
+                        return -EFAULT;
         }
-                
+
         /* Create the ucontext.  */
-        err |= __put_user(0, &frame->uc.uc_flags);
+        if (cpu_has_xsave)
+                err |= __put_user(UC_FP_XSTATE, &frame->uc.uc_flags);
+        else
+                err |= __put_user(0, &frame->uc.uc_flags);
         err |= __put_user(0, &frame->uc.uc_link);
         err |= __put_user(me->sas_ss_sp, &frame->uc.uc_stack.ss_sp);
         err |= __put_user(sas_ss_flags(regs->sp),
@@ -311,9 +238,9 @@ static int setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
         err |= __put_user(me->sas_ss_size, &frame->uc.uc_stack.ss_size);
         err |= setup_sigcontext(&frame->uc.uc_mcontext, regs, set->sig[0], me);
         err |= __put_user(fp, &frame->uc.uc_mcontext.fpstate);
-        if (sizeof(*set) == 16) { 
+        if (sizeof(*set) == 16) {
                 __put_user(set->sig[0], &frame->uc.uc_sigmask.sig[0]);
-                __put_user(set->sig[1], &frame->uc.uc_sigmask.sig[1]); 
+                __put_user(set->sig[1], &frame->uc.uc_sigmask.sig[1]);
         } else
                 err |= __copy_to_user(&frame->uc.uc_sigmask, set, sizeof(*set));
 
@@ -324,15 +251,15 @@ static int setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
                 err |= __put_user(ka->sa.sa_restorer, &frame->pretcode);
         } else {
                 /* could use a vstub here */
-                goto give_sigsegv; 
+                return -EFAULT;
         }
 
         if (err)
-                goto give_sigsegv;
+                return -EFAULT;
 
         /* Set up registers for signal handler */
         regs->di = sig;
-        /* In case the signal handler was declared without prototypes */ 
+        /* In case the signal handler was declared without prototypes */
         regs->ax = 0;
 
         /* This also works for non SA_SIGINFO handlers because they expect the
@@ -348,44 +275,45 @@ static int setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
         regs->cs = __USER_CS;
 
         return 0;
-
-give_sigsegv:
-        force_sigsegv(sig, current);
-        return -EFAULT;
 }
 
 /*
- * Return -1L or the syscall number that @regs is executing.
+ * OK, we're invoking a handler
  */
-static long current_syscall(struct pt_regs *regs)
+static int signr_convert(int sig)
 {
-        /*
-         * We always sign-extend a -1 value being set here,
-         * so this is always either -1L or a syscall number.
-         */
-        return regs->orig_ax;
+        return sig;
 }
 
-/*
- * Return a value that is -EFOO if the system call in @regs->orig_ax
- * returned an error.  This only works for @regs from @current.
- */
-static long current_syscall_ret(struct pt_regs *regs)
-{
 #ifdef CONFIG_IA32_EMULATION
-        if (test_thread_flag(TIF_IA32))
-                /*
-                 * Sign-extend the value so (int)-EFOO becomes (long)-EFOO
-                 * and will match correctly in comparisons.
-                 */
-                return (int) regs->ax;
+#define is_ia32 test_thread_flag(TIF_IA32)
+#else
+#define is_ia32 0
 #endif
-        return regs->ax;
-}
 
-/*
- * OK, we're invoking a handler
- */     
+static int
+setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
+               sigset_t *set, struct pt_regs *regs)
+{
+        int usig = signr_convert(sig);
+        int ret;
+
+        /* Set up the stack frame */
+        if (is_ia32) {
+                if (ka->sa.sa_flags & SA_SIGINFO)
+                        ret = ia32_setup_rt_frame(usig, ka, info, set, regs);
+                else
+                        ret = ia32_setup_frame(usig, ka, set, regs);
+        } else
+                ret = __setup_rt_frame(sig, ka, info, set, regs);
+
+        if (ret) {
+                force_sigsegv(sig, current);
+                return -EFAULT;
+        }
+
+        return ret;
+}
 
 static int
 handle_signal(unsigned long sig, siginfo_t *info, struct k_sigaction *ka,
@@ -394,9 +322,9 @@ handle_signal(unsigned long sig, siginfo_t *info, struct k_sigaction *ka,
         int ret;
 
         /* Are we from a system call? */
-        if (current_syscall(regs) >= 0) {
+        if (syscall_get_nr(current, regs) >= 0) {
                 /* If so, check system call restarting.. */
-                switch (current_syscall_ret(regs)) {
+                switch (syscall_get_error(current, regs)) {
                 case -ERESTART_RESTARTBLOCK:
                 case -ERESTARTNOHAND:
                         regs->ax = -EINTR;
@@ -423,50 +351,48 @@ handle_signal(unsigned long sig, siginfo_t *info, struct k_sigaction *ka,
             likely(test_and_clear_thread_flag(TIF_FORCED_TF)))
                 regs->flags &= ~X86_EFLAGS_TF;
 
-#ifdef CONFIG_IA32_EMULATION
-        if (test_thread_flag(TIF_IA32)) {
-                if (ka->sa.sa_flags & SA_SIGINFO)
-                        ret = ia32_setup_rt_frame(sig, ka, info, oldset, regs);
-                else
-                        ret = ia32_setup_frame(sig, ka, oldset, regs);
-        } else 
-#endif
         ret = setup_rt_frame(sig, ka, info, oldset, regs);
 
-        if (ret == 0) {
-                /*
-                 * This has nothing to do with segment registers,
-                 * despite the name.  This magic affects uaccess.h
-                 * macros' behavior.  Reset it to the normal setting.
-                 */
-                set_fs(USER_DS);
+        if (ret)
+                return ret;
 
-                /*
-                 * Clear the direction flag as per the ABI for function entry.
-                 */
-                regs->flags &= ~X86_EFLAGS_DF;
+#ifdef CONFIG_X86_64
+        /*
+         * This has nothing to do with segment registers,
+         * despite the name.  This magic affects uaccess.h
+         * macros' behavior.  Reset it to the normal setting.
+         */
+        set_fs(USER_DS);
+#endif
 
-                /*
-                 * Clear TF when entering the signal handler, but
-                 * notify any tracer that was single-stepping it.
-                 * The tracer may want to single-step inside the
-                 * handler too.
-                 */
-                regs->flags &= ~X86_EFLAGS_TF;
-                if (test_thread_flag(TIF_SINGLESTEP))
-                        ptrace_notify(SIGTRAP);
-
-                spin_lock_irq(&current->sighand->siglock);
-                sigorsets(&current->blocked,&current->blocked,&ka->sa.sa_mask);
-                if (!(ka->sa.sa_flags & SA_NODEFER))
-                        sigaddset(&current->blocked,sig);
-                recalc_sigpending();
-                spin_unlock_irq(&current->sighand->siglock);
-        }
+        /*
+         * Clear the direction flag as per the ABI for function entry.
+         */
+        regs->flags &= ~X86_EFLAGS_DF;
 
-        return ret;
+        /*
+         * Clear TF when entering the signal handler, but
+         * notify any tracer that was single-stepping it.
+         * The tracer may want to single-step inside the
+         * handler too.
+         */
+        regs->flags &= ~X86_EFLAGS_TF;
+
+        spin_lock_irq(&current->sighand->siglock);
+        sigorsets(&current->blocked, &current->blocked, &ka->sa.sa_mask);
+        if (!(ka->sa.sa_flags & SA_NODEFER))
+                sigaddset(&current->blocked, sig);
+        recalc_sigpending();
+        spin_unlock_irq(&current->sighand->siglock);
+
+        tracehook_signal_handler(sig, info, ka, regs,
+                                 test_thread_flag(TIF_SINGLESTEP));
+
+        return 0;
 }
 
+#define NR_restart_syscall      \
+        test_thread_flag(TIF_IA32) ? __NR_ia32_restart_syscall : __NR_restart_syscall
 /*
  * Note that 'init' is a special process: it doesn't get signals it doesn't
  * want to handle. Thus you cannot kill init even with a SIGKILL even by
@@ -496,7 +422,8 @@ static void do_signal(struct pt_regs *regs)
 
         signr = get_signal_to_deliver(&info, &ka, regs, NULL);
         if (signr > 0) {
-                /* Re-enable any watchpoints before delivering the
+                /*
+                 * Re-enable any watchpoints before delivering the
                  * signal to user space. The processor register will
                  * have been cleared if the watchpoint triggered
                  * inside the kernel.
@@ -504,7 +431,7 @@ static void do_signal(struct pt_regs *regs)
                 if (current->thread.debugreg7)
                         set_debugreg(current->thread.debugreg7, 7);
 
-                /* Whee!  Actually deliver the signal.  */
+                /* Whee! Actually deliver the signal.  */
                 if (handle_signal(signr, &info, &ka, oldset, regs) == 0) {
                         /*
                          * A signal was successfully delivered; the saved
@@ -518,19 +445,18 @@ static void do_signal(struct pt_regs *regs)
         }
 
         /* Did we come from a system call? */
-        if (current_syscall(regs) >= 0) {
+        if (syscall_get_nr(current, regs) >= 0) {
                 /* Restart the system call - no handlers present */
-                switch (current_syscall_ret(regs)) {
+                switch (syscall_get_error(current, regs)) {
                 case -ERESTARTNOHAND:
                 case -ERESTARTSYS:
                 case -ERESTARTNOINTR:
                         regs->ax = regs->orig_ax;
                         regs->ip -= 2;
                         break;
+
                 case -ERESTART_RESTARTBLOCK:
-                        regs->ax = test_thread_flag(TIF_IA32) ?
-                                        __NR_ia32_restart_syscall :
-                                        __NR_restart_syscall;
+                        regs->ax = NR_restart_syscall;
                         regs->ip -= 2;
                         break;
                 }
@@ -546,29 +472,45 @@ static void do_signal(struct pt_regs *regs)
         }
 }
 
-void do_notify_resume(struct pt_regs *regs, void *unused,
-                      __u32 thread_info_flags)
+/*
+ * notification of userspace execution resumption
+ * - triggered by the TIF_WORK_MASK flags
+ */
+void
+do_notify_resume(struct pt_regs *regs, void *unused, __u32 thread_info_flags)
 {
-#ifdef CONFIG_X86_MCE
+#if defined(CONFIG_X86_64) && defined(CONFIG_X86_MCE)
         /* notify userspace of pending MCEs */
         if (thread_info_flags & _TIF_MCE_NOTIFY)
                 mce_notify_user();
-#endif /* CONFIG_X86_MCE */
+#endif /* CONFIG_X86_64 && CONFIG_X86_MCE */
 
         /* deal with pending signal delivery */
         if (thread_info_flags & _TIF_SIGPENDING)
                 do_signal(regs);
+
+        if (thread_info_flags & _TIF_NOTIFY_RESUME) {
+                clear_thread_flag(TIF_NOTIFY_RESUME);
+                tracehook_notify_resume(regs);
+        }
+
+#ifdef CONFIG_X86_32
+        clear_thread_flag(TIF_IRET);
+#endif /* CONFIG_X86_32 */
 }
 
 void signal_fault(struct pt_regs *regs, void __user *frame, char *where)
-{ 
-        struct task_struct *me = current; 
+{
+        struct task_struct *me = current;
+
         if (show_unhandled_signals && printk_ratelimit()) {
-                printk("%s[%d] bad frame in %s frame:%p ip:%lx sp:%lx orax:%lx",
-               me->comm,me->pid,where,frame,regs->ip,regs->sp,regs->orig_ax);
+                printk(KERN_INFO
+                       "%s[%d] bad frame in %s frame:%p ip:%lx sp:%lx orax:%lx",
+                       me->comm, me->pid, where, frame,
+                       regs->ip, regs->sp, regs->orig_ax);
                 print_vma_addr(" in ", regs->ip);
-                printk("\n");
+                printk(KERN_CONT "\n");
         }
 
-        force_sig(SIGSEGV, me); 
-} 
+        force_sig(SIGSEGV, me);
+}
diff --git a/arch/x86/kernel/smp.c b/arch/x86/kernel/smp.c
index 361b7a4c640c..18f9b19f5f8f 100644
--- a/arch/x86/kernel/smp.c
+++ b/arch/x86/kernel/smp.c
@@ -214,12 +214,16 @@ void smp_call_function_single_interrupt(struct pt_regs *regs)
 struct smp_ops smp_ops = {
         .smp_prepare_boot_cpu = native_smp_prepare_boot_cpu,
         .smp_prepare_cpus = native_smp_prepare_cpus,
-        .cpu_up = native_cpu_up,
         .smp_cpus_done = native_smp_cpus_done,
 
         .smp_send_stop = native_smp_send_stop,
         .smp_send_reschedule = native_smp_send_reschedule,
 
+        .cpu_up = native_cpu_up,
+        .cpu_die = native_cpu_die,
+        .cpu_disable = native_cpu_disable,
+        .play_dead = native_play_dead,
+
         .send_call_func_ipi = native_send_call_func_ipi,
         .send_call_func_single_ipi = native_send_call_func_single_ipi,
 };
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
index 7985c5b3f916..7ed9e070a6e9 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
@@ -52,6 +52,7 @@
 #include <asm/desc.h>
 #include <asm/nmi.h>
 #include <asm/irq.h>
+#include <asm/idle.h>
 #include <asm/smp.h>
 #include <asm/trampoline.h>
 #include <asm/cpu.h>
@@ -88,7 +89,7 @@ static DEFINE_PER_CPU(struct task_struct *, idle_thread_array);
 #define get_idle_for_cpu(x)      (per_cpu(idle_thread_array, x))
 #define set_idle_for_cpu(x, p)   (per_cpu(idle_thread_array, x) = (p))
 #else
-struct task_struct *idle_thread_array[NR_CPUS] __cpuinitdata ;
+static struct task_struct *idle_thread_array[NR_CPUS] __cpuinitdata ;
 #define get_idle_for_cpu(x)      (idle_thread_array[(x)])
 #define set_idle_for_cpu(x, p)   (idle_thread_array[(x)] = (p))
 #endif
@@ -123,13 +124,12 @@ EXPORT_PER_CPU_SYMBOL(cpu_info);
 
 static atomic_t init_deasserted;
 
-static int boot_cpu_logical_apicid;
 
 /* representing cpus for which sibling maps can be computed */
 static cpumask_t cpu_sibling_setup_map;
 
 /* Set if we find a B stepping CPU */
-int __cpuinitdata smp_b_stepping;
+static int __cpuinitdata smp_b_stepping;
 
 #if defined(CONFIG_NUMA) && defined(CONFIG_X86_32)
 
@@ -165,6 +165,8 @@ static void unmap_cpu_to_node(int cpu)
 #endif
 
 #ifdef CONFIG_X86_32
+static int boot_cpu_logical_apicid;
+
 u8 cpu_2_logical_apicid[NR_CPUS] __read_mostly =
                                         { [0 ... NR_CPUS-1] = BAD_APICID };
 
@@ -210,7 +212,7 @@ static void __cpuinit smp_callin(void)
         /*
          * (This works even if the APIC is not enabled.)
          */
-        phys_id = GET_APIC_ID(read_apic_id());
+        phys_id = read_apic_id();
         cpuid = smp_processor_id();
         if (cpu_isset(cpuid, cpu_callin_map)) {
                 panic("%s: phys CPU#%d, CPU#%d already present??\n", __func__,
@@ -257,6 +259,7 @@ static void __cpuinit smp_callin(void)
         end_local_APIC_setup();
         map_cpu_to_logical_apicid();
 
+        notify_cpu_starting(cpuid);
         /*
          * Get our bogomips.
          *
@@ -279,6 +282,8 @@ static void __cpuinit smp_callin(void)
         cpu_set(cpuid, cpu_callin_map);
 }
 
+static int __cpuinitdata unsafe_smp;
+
 /*
  * Activate a secondary processor.
  */
@@ -331,14 +336,17 @@ static void __cpuinit start_secondary(void *unused)
          * does not change while we are assigning vectors to cpus.  Holding
          * this lock ensures we don't half assign or remove an irq from a cpu.
          */
-        ipi_call_lock_irq();
+        ipi_call_lock();
         lock_vector_lock();
         __setup_vector_irq(smp_processor_id());
         cpu_set(smp_processor_id(), cpu_online_map);
         unlock_vector_lock();
-        ipi_call_unlock_irq();
+        ipi_call_unlock();
         per_cpu(cpu_state, smp_processor_id()) = CPU_ONLINE;
 
+        /* enable local interrupts */
+        local_irq_enable();
+
         setup_secondary_clock();
 
         wmb();
@@ -391,7 +399,7 @@ static void __cpuinit smp_apply_quirks(struct cpuinfo_x86 *c)
                                 goto valid_k7;
 
                 /* If we get here, not a certified SMP capable AMD system. */
-                add_taint(TAINT_UNSAFE_SMP);
+                unsafe_smp = 1;
         }
 
 valid_k7:
@@ -408,12 +416,10 @@ static void __cpuinit smp_checks(void)
          * Don't taint if we are running SMP kernel on a single non-MP
          * approved Athlon
          */
-        if (tainted & TAINT_UNSAFE_SMP) {
-                if (num_online_cpus())
-                        printk(KERN_INFO "WARNING: This combination of AMD"
-                                "processors is not suitable for SMP.\n");
-                else
-                        tainted &= ~TAINT_UNSAFE_SMP;
+        if (unsafe_smp && num_online_cpus() > 1) {
+                printk(KERN_INFO "WARNING: This combination of AMD"
+                        "processors is not suitable for SMP.\n");
+                add_taint(TAINT_UNSAFE_SMP);
         }
 }
 
@@ -550,8 +556,7 @@ static inline void __inquire_remote_apic(int apicid)
                         printk(KERN_CONT
                                "a previous APIC delivery may have failed\n");
 
-                apic_write(APIC_ICR2, SET_APIC_DEST_FIELD(apicid));
-                apic_write(APIC_ICR, APIC_DM_REMRD | regs[i]);
+                apic_icr_write(APIC_DM_REMRD | regs[i], apicid);
 
                 timeout = 0;
                 do {
@@ -583,11 +588,9 @@ wakeup_secondary_cpu(int logical_apicid, unsigned long start_eip)
         int maxlvt;
 
         /* Target chip */
-        apic_write(APIC_ICR2, SET_APIC_DEST_FIELD(logical_apicid));
-
         /* Boot on the stack */
         /* Kick the second */
-        apic_write(APIC_ICR, APIC_DM_NMI | APIC_DEST_LOGICAL);
+        apic_icr_write(APIC_DM_NMI | APIC_DEST_LOGICAL, logical_apicid);
 
         pr_debug("Waiting for send to finish...\n");
         send_status = safe_apic_wait_icr_idle();
@@ -596,10 +599,12 @@ wakeup_secondary_cpu(int logical_apicid, unsigned long start_eip)
          * Give the other CPU some time to accept the IPI.
          */
         udelay(200);
-        maxlvt = lapic_get_maxlvt();
-        if (maxlvt > 3)                 /* Due to the Pentium erratum 3AP.  */
-                apic_write(APIC_ESR, 0);
-        accept_status = (apic_read(APIC_ESR) & 0xEF);
+        if (APIC_INTEGRATED(apic_version[phys_apicid])) {
+                maxlvt = lapic_get_maxlvt();
+                if (maxlvt > 3)                 /* Due to the Pentium erratum 3AP.  */
+                        apic_write(APIC_ESR, 0);
+                accept_status = (apic_read(APIC_ESR) & 0xEF);
+        }
         pr_debug("NMI sent.\n");
 
         if (send_status)
@@ -640,13 +645,11 @@ wakeup_secondary_cpu(int phys_apicid, unsigned long start_eip)
         /*
          * Turn INIT on target chip
          */
-        apic_write(APIC_ICR2, SET_APIC_DEST_FIELD(phys_apicid));
-
         /*
          * Send IPI
          */
-        apic_write(APIC_ICR,
-                   APIC_INT_LEVELTRIG | APIC_INT_ASSERT | APIC_DM_INIT);
+        apic_icr_write(APIC_INT_LEVELTRIG | APIC_INT_ASSERT | APIC_DM_INIT,
+                       phys_apicid);
 
         pr_debug("Waiting for send to finish...\n");
         send_status = safe_apic_wait_icr_idle();
@@ -656,10 +659,8 @@ wakeup_secondary_cpu(int phys_apicid, unsigned long start_eip)
         pr_debug("Deasserting INIT.\n");
 
         /* Target chip */
-        apic_write(APIC_ICR2, SET_APIC_DEST_FIELD(phys_apicid));
-
         /* Send IPI */
-        apic_write(APIC_ICR, APIC_INT_LEVELTRIG | APIC_DM_INIT);
+        apic_icr_write(APIC_INT_LEVELTRIG | APIC_DM_INIT, phys_apicid);
 
         pr_debug("Waiting for send to finish...\n");
         send_status = safe_apic_wait_icr_idle();
@@ -702,11 +703,10 @@ wakeup_secondary_cpu(int phys_apicid, unsigned long start_eip)
                  */
 
                 /* Target chip */
-                apic_write(APIC_ICR2, SET_APIC_DEST_FIELD(phys_apicid));
-
                 /* Boot on the stack */
                 /* Kick the second */
-                apic_write(APIC_ICR, APIC_DM_STARTUP | (start_eip >> 12));
+                apic_icr_write(APIC_DM_STARTUP | (start_eip >> 12),
+                               phys_apicid);
 
                 /*
                  * Give the other CPU some time to accept the IPI.
@@ -1175,10 +1175,17 @@ void __init native_smp_prepare_cpus(unsigned int max_cpus)
          * Setup boot CPU information
          */
         smp_store_cpu_info(0); /* Final full version of the data */
+#ifdef CONFIG_X86_32
         boot_cpu_logical_apicid = logical_smp_processor_id();
+#endif
         current_thread_info()->cpu = 0;  /* needed? */
         set_cpu_sibling_map(0);
 
+#ifdef CONFIG_X86_64
+        enable_IR_x2apic();
+        setup_apic_routing();
+#endif
+
         if (smp_sanity_check(max_cpus) < 0) {
                 printk(KERN_INFO "SMP disabled\n");
                 disable_smp();
@@ -1186,9 +1193,9 @@ void __init native_smp_prepare_cpus(unsigned int max_cpus)
         }
 
         preempt_disable();
-        if (GET_APIC_ID(read_apic_id()) != boot_cpu_physical_apicid) {
+        if (read_apic_id() != boot_cpu_physical_apicid) {
                 panic("Boot APIC ID in local APIC unexpected (%d vs %d)",
-                     GET_APIC_ID(read_apic_id()), boot_cpu_physical_apicid);
+                     read_apic_id(), boot_cpu_physical_apicid);
                 /* Or can we switch back to PIC here? */
         }
         preempt_enable();
@@ -1254,39 +1261,6 @@ void __init native_smp_cpus_done(unsigned int max_cpus)
         check_nmi_watchdog();
 }
 
-#ifdef CONFIG_HOTPLUG_CPU
-
-static void remove_siblinginfo(int cpu)
-{
-        int sibling;
-        struct cpuinfo_x86 *c = &cpu_data(cpu);
-
-        for_each_cpu_mask_nr(sibling, per_cpu(cpu_core_map, cpu)) {
-                cpu_clear(cpu, per_cpu(cpu_core_map, sibling));
-                /*/
-                 * last thread sibling in this cpu core going down
-                 */
-                if (cpus_weight(per_cpu(cpu_sibling_map, cpu)) == 1)
-                        cpu_data(sibling).booted_cores--;
-        }
-
-        for_each_cpu_mask_nr(sibling, per_cpu(cpu_sibling_map, cpu))
-                cpu_clear(cpu, per_cpu(cpu_sibling_map, sibling));
-        cpus_clear(per_cpu(cpu_sibling_map, cpu));
-        cpus_clear(per_cpu(cpu_core_map, cpu));
-        c->phys_proc_id = 0;
-        c->cpu_core_id = 0;
-        cpu_clear(cpu, cpu_sibling_setup_map);
-}
-
-static int additional_cpus __initdata = -1;
-
-static __init int setup_additional_cpus(char *s)
-{
-        return s && get_option(&s, &additional_cpus) ? 0 : -EINVAL;
-}
-early_param("additional_cpus", setup_additional_cpus);
-
 /*
  * cpu_possible_map should be static, it cannot change as cpu's
  * are onlined, or offlined. The reason is per-cpu data-structures
@@ -1306,24 +1280,13 @@ early_param("additional_cpus", setup_additional_cpus);
  */
 __init void prefill_possible_map(void)
 {
-        int i;
-        int possible;
+        int i, possible;
 
         /* no processor from mptable or madt */
         if (!num_processors)
                 num_processors = 1;
 
-#ifdef CONFIG_HOTPLUG_CPU
-        if (additional_cpus == -1) {
-                if (disabled_cpus > 0)
-                        additional_cpus = disabled_cpus;
-                else
-                        additional_cpus = 0;
-        }
-#else
-        additional_cpus = 0;
-#endif
-        possible = num_processors + additional_cpus;
+        possible = num_processors + disabled_cpus;
         if (possible > NR_CPUS)
                 possible = NR_CPUS;
 
@@ -1336,6 +1299,31 @@ __init void prefill_possible_map(void)
         nr_cpu_ids = possible;
 }
 
+#ifdef CONFIG_HOTPLUG_CPU
+
+static void remove_siblinginfo(int cpu)
+{
+        int sibling;
+        struct cpuinfo_x86 *c = &cpu_data(cpu);
+
+        for_each_cpu_mask_nr(sibling, per_cpu(cpu_core_map, cpu)) {
+                cpu_clear(cpu, per_cpu(cpu_core_map, sibling));
+                /*/
+                 * last thread sibling in this cpu core going down
+                 */
+                if (cpus_weight(per_cpu(cpu_sibling_map, cpu)) == 1)
+                        cpu_data(sibling).booted_cores--;
+        }
+
+        for_each_cpu_mask_nr(sibling, per_cpu(cpu_sibling_map, cpu))
+                cpu_clear(cpu, per_cpu(cpu_sibling_map, sibling));
+        cpus_clear(per_cpu(cpu_sibling_map, cpu));
+        cpus_clear(per_cpu(cpu_core_map, cpu));
+        c->phys_proc_id = 0;
+        c->cpu_core_id = 0;
+        cpu_clear(cpu, cpu_sibling_setup_map);
+}
+
 static void __ref remove_cpu_from_maps(int cpu)
 {
         cpu_clear(cpu, cpu_online_map);
@@ -1346,25 +1334,9 @@ static void __ref remove_cpu_from_maps(int cpu)
         numa_remove_cpu(cpu);
 }
 
-int __cpu_disable(void)
+void cpu_disable_common(void)
 {
         int cpu = smp_processor_id();
-
-        /*
-         * Perhaps use cpufreq to drop frequency, but that could go
-         * into generic code.
-         *
-         * We won't take down the boot processor on i386 due to some
-         * interrupts only being able to be serviced by the BSP.
-         * Especially so if we're not using an IOAPIC   -zwane
-         */
-        if (cpu == 0)
-                return -EBUSY;
-
-        if (nmi_watchdog == NMI_LOCAL_APIC)
-                stop_apic_nmi_watchdog(NULL);
-        clear_local_APIC();
-
         /*
          * HACK:
          * Allow any queued timer interrupts to get serviced
@@ -1382,10 +1354,32 @@ int __cpu_disable(void)
         remove_cpu_from_maps(cpu);
         unlock_vector_lock();
         fixup_irqs(cpu_online_map);
+}
+
+int native_cpu_disable(void)
+{
+        int cpu = smp_processor_id();
+
+        /*
+         * Perhaps use cpufreq to drop frequency, but that could go
+         * into generic code.
+         *
+         * We won't take down the boot processor on i386 due to some
+         * interrupts only being able to be serviced by the BSP.
+         * Especially so if we're not using an IOAPIC   -zwane
+         */
+        if (cpu == 0)
+                return -EBUSY;
+
+        if (nmi_watchdog == NMI_LOCAL_APIC)
+                stop_apic_nmi_watchdog(NULL);
+        clear_local_APIC();
+
+        cpu_disable_common();
         return 0;
 }
 
-void __cpu_die(unsigned int cpu)
+void native_cpu_die(unsigned int cpu)
 {
         /* We don't do anything here: idle task is faking death itself. */
         unsigned int i;
@@ -1402,15 +1396,45 @@ void __cpu_die(unsigned int cpu)
         }
         printk(KERN_ERR "CPU %u didn't die...\n", cpu);
 }
+
+void play_dead_common(void)
+{
+        idle_task_exit();
+        reset_lazy_tlbstate();
+        irq_ctx_exit(raw_smp_processor_id());
+        c1e_remove_cpu(raw_smp_processor_id());
+
+        mb();
+        /* Ack it */
+        __get_cpu_var(cpu_state) = CPU_DEAD;
+
+        /*
+         * With physical CPU hotplug, we should halt the cpu
+         */
+        local_irq_disable();
+}
+
+void native_play_dead(void)
+{
+        play_dead_common();
+        wbinvd_halt();
+}
+
 #else /* ... !CONFIG_HOTPLUG_CPU */
-int __cpu_disable(void)
+int native_cpu_disable(void)
 {
         return -ENOSYS;
 }
 
-void __cpu_die(unsigned int cpu)
+void native_cpu_die(unsigned int cpu)
 {
         /* We said "no" in __cpu_disable */
         BUG();
 }
+
+void native_play_dead(void)
+{
+        BUG();
+}
+
 #endif
diff --git a/arch/x86/kernel/summit_32.c b/arch/x86/kernel/summit_32.c
index d67ce5f044ba..7b987852e876 100644
--- a/arch/x86/kernel/summit_32.c
+++ b/arch/x86/kernel/summit_32.c
@@ -30,7 +30,7 @@
 #include <linux/init.h>
 #include <asm/io.h>
 #include <asm/bios_ebda.h>
-#include <asm/mach-summit/mach_mpparse.h>
+#include <asm/summit/mpparse.h>
 
 static struct rio_table_hdr *rio_table_hdr __initdata;
 static struct scal_detail   *scal_devs[MAX_NUMNODES] __initdata;
diff --git a/arch/x86/kernel/sys_i386_32.c b/arch/x86/kernel/sys_i386_32.c
index 7066cb855a60..1884a8d12bfa 100644
--- a/arch/x86/kernel/sys_i386_32.c
+++ b/arch/x86/kernel/sys_i386_32.c
@@ -22,6 +22,8 @@
 #include <linux/uaccess.h>
 #include <linux/unistd.h>
 
+#include <asm/syscalls.h>
+
 asmlinkage long sys_mmap2(unsigned long addr, unsigned long len,
                           unsigned long prot, unsigned long flags,
                           unsigned long fd, unsigned long pgoff)
diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c
index 3b360ef33817..6bc211accf08 100644
--- a/arch/x86/kernel/sys_x86_64.c
+++ b/arch/x86/kernel/sys_x86_64.c
@@ -13,15 +13,17 @@
 #include <linux/utsname.h>
 #include <linux/personality.h>
 #include <linux/random.h>
+#include <linux/uaccess.h>
 
-#include <asm/uaccess.h>
 #include <asm/ia32.h>
+#include <asm/syscalls.h>
 
-asmlinkage long sys_mmap(unsigned long addr, unsigned long len, unsigned long prot, unsigned long flags,
-        unsigned long fd, unsigned long off)
+asmlinkage long sys_mmap(unsigned long addr, unsigned long len,
+                unsigned long prot, unsigned long flags,
+                unsigned long fd, unsigned long off)
 {
         long error;
-        struct file * file;
+        struct file *file;
 
         error = -EINVAL;
         if (off & ~PAGE_MASK)
@@ -56,9 +58,9 @@ static void find_start_end(unsigned long flags, unsigned long *begin,
                    unmapped base down for this case. This can give
                    conflicts with the heap, but we assume that glibc
                    malloc knows how to fall back to mmap. Give it 1GB
-                   of playground for now. -AK */ 
-                *begin = 0x40000000; 
-                *end = 0x80000000;              
+                   of playground for now. -AK */
+                *begin = 0x40000000;
+                *end = 0x80000000;
                 if (current->flags & PF_RANDOMIZE) {
                         new_begin = randomize_range(*begin, *begin + 0x02000000, 0);
                         if (new_begin)
@@ -66,9 +68,9 @@ static void find_start_end(unsigned long flags, unsigned long *begin,
                 }
         } else {
                 *begin = TASK_UNMAPPED_BASE;
-                *end = TASK_SIZE; 
+                *end = TASK_SIZE;
         }
-} 
+}
 
 unsigned long
 arch_get_unmapped_area(struct file *filp, unsigned long addr,
@@ -78,11 +80,11 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
         struct vm_area_struct *vma;
         unsigned long start_addr;
         unsigned long begin, end;
-        
+
         if (flags & MAP_FIXED)
                 return addr;
 
-        find_start_end(flags, &begin, &end); 
+        find_start_end(flags, &begin, &end);
 
         if (len > end)
                 return -ENOMEM;
@@ -96,12 +98,12 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
         }
         if (((flags & MAP_32BIT) || test_thread_flag(TIF_IA32))
             && len <= mm->cached_hole_size) {
-                mm->cached_hole_size = 0;
+                mm->cached_hole_size = 0;
                 mm->free_area_cache = begin;
         }
         addr = mm->free_area_cache;
-        if (addr < begin) 
-                addr = begin; 
+        if (addr < begin)
+                addr = begin;
         start_addr = addr;
 
 full_search:
@@ -127,7 +129,7 @@ full_search:
                         return addr;
                 }
                 if (addr + mm->cached_hole_size < vma->vm_start)
-                        mm->cached_hole_size = vma->vm_start - addr;
+                        mm->cached_hole_size = vma->vm_start - addr;
 
                 addr = vma->vm_end;
         }
@@ -177,7 +179,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
                 vma = find_vma(mm, addr-len);
                 if (!vma || addr <= vma->vm_start)
                         /* remember the address as a hint for next time */
-                        return (mm->free_area_cache = addr-len);
+                        return mm->free_area_cache = addr-len;
         }
 
         if (mm->mmap_base < len)
@@ -194,7 +196,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
                 vma = find_vma(mm, addr);
                 if (!vma || addr+len <= vma->vm_start)
                         /* remember the address as a hint for next time */
-                        return (mm->free_area_cache = addr);
+                        return mm->free_area_cache = addr;
 
                 /* remember the largest hole we saw so far */
                 if (addr + mm->cached_hole_size < vma->vm_start)
@@ -224,13 +226,13 @@ bottomup:
 }
 
 
-asmlinkage long sys_uname(struct new_utsname __user * name)
+asmlinkage long sys_uname(struct new_utsname __user *name)
 {
         int err;
         down_read(&uts_sem);
-        err = copy_to_user(name, utsname(), sizeof (*name));
+        err = copy_to_user(name, utsname(), sizeof(*name));
         up_read(&uts_sem);
-        if (personality(current->personality) == PER_LINUX32) 
-                err |= copy_to_user(&name->machine, "i686", 5);                 
+        if (personality(current->personality) == PER_LINUX32)
+                err |= copy_to_user(&name->machine, "i686", 5);
         return err ? -EFAULT : 0;
 }
diff --git a/arch/x86/kernel/syscall_64.c b/arch/x86/kernel/syscall_64.c
index 170d43c17487..3d1be4f0fac5 100644
--- a/arch/x86/kernel/syscall_64.c
+++ b/arch/x86/kernel/syscall_64.c
@@ -8,12 +8,12 @@
 #define __NO_STUBS
 
 #define __SYSCALL(nr, sym) extern asmlinkage void sym(void) ;
-#undef _ASM_X86_64_UNISTD_H_
+#undef ASM_X86__UNISTD_64_H
 #include <asm/unistd_64.h>
 
 #undef __SYSCALL
 #define __SYSCALL(nr, sym) [nr] = sym,
-#undef _ASM_X86_64_UNISTD_H_
+#undef ASM_X86__UNISTD_64_H
 
 typedef void (*sys_call_ptr_t)(void);
 
diff --git a/arch/x86/kernel/time_32.c b/arch/x86/kernel/time_32.c
index ffe3c664afc0..77b400f06ea2 100644
--- a/arch/x86/kernel/time_32.c
+++ b/arch/x86/kernel/time_32.c
@@ -36,6 +36,7 @@
 #include <asm/arch_hooks.h>
 #include <asm/hpet.h>
 #include <asm/time.h>
+#include <asm/timer.h>
 
 #include "do_timer.h"
 
@@ -46,10 +47,9 @@ unsigned long profile_pc(struct pt_regs *regs)
         unsigned long pc = instruction_pointer(regs);
 
 #ifdef CONFIG_SMP
-        if (!v8086_mode(regs) && SEGMENT_IS_KERNEL_CODE(regs->cs) &&
-            in_lock_functions(pc)) {
+        if (!user_mode_vm(regs) && in_lock_functions(pc)) {
 #ifdef CONFIG_FRAME_POINTER
-                return *(unsigned long *)(regs->bp + 4);
+                return *(unsigned long *)(regs->bp + sizeof(long));
 #else
                 unsigned long *sp = (unsigned long *)&regs->sp;
 
@@ -94,6 +94,7 @@ irqreturn_t timer_interrupt(int irq, void *dev_id)
 
         do_timer_interrupt_hook();
 
+#ifdef CONFIG_MCA
         if (MCA_bus) {
                 /* The PS/2 uses level-triggered interrupts.  You can't
                 turn them off, nor would you want to (any attempt to
@@ -107,6 +108,7 @@ irqreturn_t timer_interrupt(int irq, void *dev_id)
                 u8 irq_v = inb_p( 0x61 );       /* read the current state */
                 outb_p( irq_v|0x80, 0x61 );     /* reset the IRQ */
         }
+#endif
 
         return IRQ_HANDLED;
 }
diff --git a/arch/x86/kernel/time_64.c b/arch/x86/kernel/time_64.c
index e3d49c553af2..cb19d650c216 100644
--- a/arch/x86/kernel/time_64.c
+++ b/arch/x86/kernel/time_64.c
@@ -16,6 +16,7 @@
 #include <linux/interrupt.h>
 #include <linux/module.h>
 #include <linux/time.h>
+#include <linux/mca.h>
 
 #include <asm/i8253.h>
 #include <asm/hpet.h>
@@ -33,23 +34,34 @@ unsigned long profile_pc(struct pt_regs *regs)
         /* Assume the lock function has either no stack frame or a copy
            of flags from PUSHF
            Eflags always has bits 22 and up cleared unlike kernel addresses. */
-        if (!user_mode(regs) && in_lock_functions(pc)) {
+        if (!user_mode_vm(regs) && in_lock_functions(pc)) {
+#ifdef CONFIG_FRAME_POINTER
+                return *(unsigned long *)(regs->bp + sizeof(long));
+#else
                 unsigned long *sp = (unsigned long *)regs->sp;
                 if (sp[0] >> 22)
                         return sp[0];
                 if (sp[1] >> 22)
                         return sp[1];
+#endif
         }
         return pc;
 }
 EXPORT_SYMBOL(profile_pc);
 
-static irqreturn_t timer_event_interrupt(int irq, void *dev_id)
+irqreturn_t timer_interrupt(int irq, void *dev_id)
 {
         add_pda(irq0_irqs, 1);
 
         global_clock_event->event_handler(global_clock_event);
 
+#ifdef CONFIG_MCA
+        if (MCA_bus) {
+                u8 irq_v = inb_p(0x61);       /* read the current state */
+                outb_p(irq_v|0x80, 0x61);     /* reset the IRQ */
+        }
+#endif
+
         return IRQ_HANDLED;
 }
 
@@ -100,7 +112,7 @@ unsigned long __init calibrate_cpu(void)
 }
 
 static struct irqaction irq0 = {
-        .handler        = timer_event_interrupt,
+        .handler        = timer_interrupt,
         .flags          = IRQF_DISABLED | IRQF_IRQPOLL | IRQF_NOBALANCING,
         .mask           = CPU_MASK_NONE,
         .name           = "timer"
@@ -111,16 +123,13 @@ void __init hpet_time_init(void)
         if (!hpet_enable())
                 setup_pit_timer();
 
+        irq0.mask = cpumask_of_cpu(0);
         setup_irq(0, &irq0);
 }
 
 void __init time_init(void)
 {
         tsc_init();
-        if (cpu_has(&boot_cpu_data, X86_FEATURE_RDTSCP))
-                vgetcpu_mode = VGETCPU_RDTSCP;
-        else
-                vgetcpu_mode = VGETCPU_LSL;
 
         late_time_init = choose_time_init();
 }
diff --git a/arch/x86/kernel/tlb_32.c b/arch/x86/kernel/tlb_32.c
index fec1ecedc9b7..e00534b33534 100644
--- a/arch/x86/kernel/tlb_32.c
+++ b/arch/x86/kernel/tlb_32.c
@@ -241,3 +241,11 @@ void flush_tlb_all(void)
         on_each_cpu(do_flush_tlb_all, NULL, 1);
 }
 
+void reset_lazy_tlbstate(void)
+{
+        int cpu = raw_smp_processor_id();
+
+        per_cpu(cpu_tlbstate, cpu).state = 0;
+        per_cpu(cpu_tlbstate, cpu).active_mm = &init_mm;
+}
+
diff --git a/arch/x86/kernel/tls.c b/arch/x86/kernel/tls.c
index ab6bf375a307..6bb7b8579e70 100644
--- a/arch/x86/kernel/tls.c
+++ b/arch/x86/kernel/tls.c
@@ -10,6 +10,7 @@
 #include <asm/ldt.h>
 #include <asm/processor.h>
 #include <asm/proto.h>
+#include <asm/syscalls.h>
 
 #include "tls.h"
 
diff --git a/arch/x86/kernel/traps_32.c b/arch/x86/kernel/traps.c
index 03df8e45e5a1..e062974cce34 100644
--- a/arch/x86/kernel/traps_32.c
+++ b/arch/x86/kernel/traps.c
@@ -7,13 +7,11 @@
  */
 
 /*
- * 'Traps.c' handles hardware traps and faults after we have saved some
- * state in 'asm.s'.
+ * Handle hardware traps and faults.
  */
 #include <linux/interrupt.h>
 #include <linux/kallsyms.h>
 #include <linux/spinlock.h>
-#include <linux/highmem.h>
 #include <linux/kprobes.h>
 #include <linux/uaccess.h>
 #include <linux/utsname.h>
@@ -32,6 +30,8 @@
 #include <linux/bug.h>
 #include <linux/nmi.h>
 #include <linux/mm.h>
+#include <linux/smp.h>
+#include <linux/io.h>
 
 #ifdef CONFIG_EISA
 #include <linux/ioport.h>
@@ -46,21 +46,31 @@
 #include <linux/edac.h>
 #endif
 
-#include <asm/arch_hooks.h>
 #include <asm/stacktrace.h>
 #include <asm/processor.h>
 #include <asm/debugreg.h>
 #include <asm/atomic.h>
 #include <asm/system.h>
 #include <asm/unwind.h>
+#include <asm/traps.h>
 #include <asm/desc.h>
 #include <asm/i387.h>
+
+#include <mach_traps.h>
+
+#ifdef CONFIG_X86_64
+#include <asm/pgalloc.h>
+#include <asm/proto.h>
+#include <asm/pda.h>
+#else
+#include <asm/processor-flags.h>
+#include <asm/arch_hooks.h>
 #include <asm/nmi.h>
 #include <asm/smp.h>
 #include <asm/io.h>
 #include <asm/traps.h>
 
-#include "mach_traps.h"
+#include "cpu/mcheck/mce.h"
 
 DECLARE_BITMAP(used_vectors, NR_VECTORS);
 EXPORT_SYMBOL_GPL(used_vectors);
@@ -77,418 +87,104 @@ char ignore_fpu_irq;
  */
 gate_desc idt_table[256]
         __attribute__((__section__(".data.idt"))) = { { { { 0, 0 } } }, };
-
-int panic_on_unrecovered_nmi;
-int kstack_depth_to_print = 24;
-static unsigned int code_bytes = 64;
-static int ignore_nmis;
-static int die_counter;
-
-void printk_address(unsigned long address, int reliable)
-{
-#ifdef CONFIG_KALLSYMS
-        unsigned long offset = 0;
-        unsigned long symsize;
-        const char *symname;
-        char *modname;
-        char *delim = ":";
-        char namebuf[KSYM_NAME_LEN];
-        char reliab[4] = "";
-
-        symname = kallsyms_lookup(address, &symsize, &offset,
-                                        &modname, namebuf);
-        if (!symname) {
-                printk(" [<%08lx>]\n", address);
-                return;
-        }
-        if (!reliable)
-                strcpy(reliab, "? ");
-
-        if (!modname)
-                modname = delim = "";
-        printk(" [<%08lx>] %s%s%s%s%s+0x%lx/0x%lx\n",
-                address, reliab, delim, modname, delim, symname, offset, symsize);
-#else
-        printk(" [<%08lx>]\n", address);
 #endif
-}
-
-static inline int valid_stack_ptr(struct thread_info *tinfo,
-                        void *p, unsigned int size)
-{
-        void *t = tinfo;
-        return  p > t && p <= t + THREAD_SIZE - size;
-}
-
-/* The form of the top of the frame on the stack */
-struct stack_frame {
-        struct stack_frame *next_frame;
-        unsigned long return_address;
-};
-
-static inline unsigned long
-print_context_stack(struct thread_info *tinfo,
-                unsigned long *stack, unsigned long bp,
-                const struct stacktrace_ops *ops, void *data)
-{
-        struct stack_frame *frame = (struct stack_frame *)bp;
-
-        while (valid_stack_ptr(tinfo, stack, sizeof(*stack))) {
-                unsigned long addr;
-
-                addr = *stack;
-                if (__kernel_text_address(addr)) {
-                        if ((unsigned long) stack == bp + 4) {
-                                ops->address(data, addr, 1);
-                                frame = frame->next_frame;
-                                bp = (unsigned long) frame;
-                        } else {
-                                ops->address(data, addr, bp == 0);
-                        }
-                }
-                stack++;
-        }
-        return bp;
-}
-
-void dump_trace(struct task_struct *task, struct pt_regs *regs,
-                unsigned long *stack, unsigned long bp,
-                const struct stacktrace_ops *ops, void *data)
-{
-        if (!task)
-                task = current;
-
-        if (!stack) {
-                unsigned long dummy;
-                stack = &dummy;
-                if (task != current)
-                        stack = (unsigned long *)task->thread.sp;
-        }
-
-#ifdef CONFIG_FRAME_POINTER
-        if (!bp) {
-                if (task == current) {
-                        /* Grab bp right from our regs */
-                        asm("movl %%ebp, %0" : "=r" (bp) :);
-                } else {
-                        /* bp is the last reg pushed by switch_to */
-                        bp = *(unsigned long *) task->thread.sp;
-                }
-        }
-#endif
-
-        for (;;) {
-                struct thread_info *context;
-
-                context = (struct thread_info *)
-                        ((unsigned long)stack & (~(THREAD_SIZE - 1)));
-                bp = print_context_stack(context, stack, bp, ops, data);
-                /*
-                 * Should be after the line below, but somewhere
-                 * in early boot context comes out corrupted and we
-                 * can't reference it:
-                 */
-                if (ops->stack(data, "IRQ") < 0)
-                        break;
-                stack = (unsigned long *)context->previous_esp;
-                if (!stack)
-                        break;
-                touch_nmi_watchdog();
-        }
-}
-EXPORT_SYMBOL(dump_trace);
-
-static void
-print_trace_warning_symbol(void *data, char *msg, unsigned long symbol)
-{
-        printk(data);
-        print_symbol(msg, symbol);
-        printk("\n");
-}
-
-static void print_trace_warning(void *data, char *msg)
-{
-        printk("%s%s\n", (char *)data, msg);
-}
 
-static int print_trace_stack(void *data, char *name)
-{
-        return 0;
-}
-
-/*
- * Print one address/symbol entries per line.
- */
-static void print_trace_address(void *data, unsigned long addr, int reliable)
-{
-        printk("%s [<%08lx>] ", (char *)data, addr);
-        if (!reliable)
-                printk("? ");
-        print_symbol("%s\n", addr);
-        touch_nmi_watchdog();
-}
-
-static const struct stacktrace_ops print_trace_ops = {
-        .warning = print_trace_warning,
-        .warning_symbol = print_trace_warning_symbol,
-        .stack = print_trace_stack,
-        .address = print_trace_address,
-};
+static int ignore_nmis;
 
-static void
-show_trace_log_lvl(struct task_struct *task, struct pt_regs *regs,
-                unsigned long *stack, unsigned long bp, char *log_lvl)
+static inline void conditional_sti(struct pt_regs *regs)
 {
-        dump_trace(task, regs, stack, bp, &print_trace_ops, log_lvl);
-        printk("%s =======================\n", log_lvl);
+        if (regs->flags & X86_EFLAGS_IF)
+                local_irq_enable();
 }
 
-void show_trace(struct task_struct *task, struct pt_regs *regs,
-                unsigned long *stack, unsigned long bp)
+static inline void preempt_conditional_sti(struct pt_regs *regs)
 {
-        show_trace_log_lvl(task, regs, stack, bp, "");
+        inc_preempt_count();
+        if (regs->flags & X86_EFLAGS_IF)
+                local_irq_enable();
 }
 
-static void
-show_stack_log_lvl(struct task_struct *task, struct pt_regs *regs,
-                   unsigned long *sp, unsigned long bp, char *log_lvl)
+static inline void preempt_conditional_cli(struct pt_regs *regs)
 {
-        unsigned long *stack;
-        int i;
-
-        if (sp == NULL) {
-                if (task)
-                        sp = (unsigned long *)task->thread.sp;
-                else
-                        sp = (unsigned long *)&sp;
-        }
-
-        stack = sp;
-        for (i = 0; i < kstack_depth_to_print; i++) {
-                if (kstack_end(stack))
-                        break;
-                if (i && ((i % 8) == 0))
-                        printk("\n%s       ", log_lvl);
-                printk("%08lx ", *stack++);
-        }
-        printk("\n%sCall Trace:\n", log_lvl);
-
-        show_trace_log_lvl(task, regs, sp, bp, log_lvl);
+        if (regs->flags & X86_EFLAGS_IF)
+                local_irq_disable();
+        dec_preempt_count();
 }
 
-void show_stack(struct task_struct *task, unsigned long *sp)
+#ifdef CONFIG_X86_32
+static inline void
+die_if_kernel(const char *str, struct pt_regs *regs, long err)
 {
-        printk("       ");
-        show_stack_log_lvl(task, NULL, sp, 0, "");
+        if (!user_mode_vm(regs))
+                die(str, regs, err);
 }
 
 /*
- * The architecture-independent dump_stack generator
+ * Perform the lazy TSS's I/O bitmap copy. If the TSS has an
+ * invalid offset set (the LAZY one) and the faulting thread has
+ * a valid I/O bitmap pointer, we copy the I/O bitmap in the TSS,
+ * we set the offset field correctly and return 1.
  */
-void dump_stack(void)
+static int lazy_iobitmap_copy(void)
 {
-        unsigned long bp = 0;
-        unsigned long stack;
-
-#ifdef CONFIG_FRAME_POINTER
-        if (!bp)
-                asm("movl %%ebp, %0" : "=r" (bp):);
-#endif
-
-        printk("Pid: %d, comm: %.20s %s %s %.*s\n",
-                current->pid, current->comm, print_tainted(),
-                init_utsname()->release,
-                (int)strcspn(init_utsname()->version, " "),
-                init_utsname()->version);
-
-        show_trace(current, NULL, &stack, bp);
-}
-
-EXPORT_SYMBOL(dump_stack);
-
-void show_registers(struct pt_regs *regs)
-{
-        int i;
+        struct thread_struct *thread;
+        struct tss_struct *tss;
+        int cpu;
 
-        print_modules();
-        __show_registers(regs, 0);
+        cpu = get_cpu();
+        tss = &per_cpu(init_tss, cpu);
+        thread = &current->thread;
 
-        printk(KERN_EMERG "Process %.*s (pid: %d, ti=%p task=%p task.ti=%p)",
-                TASK_COMM_LEN, current->comm, task_pid_nr(current),
-                current_thread_info(), current, task_thread_info(current));
-        /*
-         * When in-kernel, we also print out the stack and code at the
-         * time of the fault..
-         */
-        if (!user_mode_vm(regs)) {
-                unsigned int code_prologue = code_bytes * 43 / 64;
-                unsigned int code_len = code_bytes;
-                unsigned char c;
-                u8 *ip;
-
-                printk("\n" KERN_EMERG "Stack: ");
-                show_stack_log_lvl(NULL, regs, &regs->sp, 0, KERN_EMERG);
-
-                printk(KERN_EMERG "Code: ");
-
-                ip = (u8 *)regs->ip - code_prologue;
-                if (ip < (u8 *)PAGE_OFFSET || probe_kernel_address(ip, c)) {
-                        /* try starting at EIP */
-                        ip = (u8 *)regs->ip;
-                        code_len = code_len - code_prologue + 1;
-                }
-                for (i = 0; i < code_len; i++, ip++) {
-                        if (ip < (u8 *)PAGE_OFFSET ||
-                                        probe_kernel_address(ip, c)) {
-                                printk(" Bad EIP value.");
-                                break;
-                        }
-                        if (ip == (u8 *)regs->ip)
-                                printk("<%02x> ", c);
-                        else
-                                printk("%02x ", c);
+        if (tss->x86_tss.io_bitmap_base == INVALID_IO_BITMAP_OFFSET_LAZY &&
+            thread->io_bitmap_ptr) {
+                memcpy(tss->io_bitmap, thread->io_bitmap_ptr,
+                       thread->io_bitmap_max);
+                /*
+                 * If the previously set map was extending to higher ports
+                 * than the current one, pad extra space with 0xff (no access).
+                 */
+                if (thread->io_bitmap_max < tss->io_bitmap_max) {
+                        memset((char *) tss->io_bitmap +
+                                thread->io_bitmap_max, 0xff,
+                                tss->io_bitmap_max - thread->io_bitmap_max);
                 }
-        }
-        printk("\n");
-}
-
-int is_valid_bugaddr(unsigned long ip)
-{
-        unsigned short ud2;
-
-        if (ip < PAGE_OFFSET)
-                return 0;
-        if (probe_kernel_address((unsigned short *)ip, ud2))
-                return 0;
-
-        return ud2 == 0x0b0f;
-}
-
-static raw_spinlock_t die_lock = __RAW_SPIN_LOCK_UNLOCKED;
-static int die_owner = -1;
-static unsigned int die_nest_count;
-
-unsigned __kprobes long oops_begin(void)
-{
-        unsigned long flags;
-
-        oops_enter();
-
-        if (die_owner != raw_smp_processor_id()) {
-                console_verbose();
-                raw_local_irq_save(flags);
-                __raw_spin_lock(&die_lock);
-                die_owner = smp_processor_id();
-                die_nest_count = 0;
-                bust_spinlocks(1);
-        } else {
-                raw_local_irq_save(flags);
-        }
-        die_nest_count++;
-        return flags;
-}
-
-void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, int signr)
-{
-        bust_spinlocks(0);
-        die_owner = -1;
-        add_taint(TAINT_DIE);
-        __raw_spin_unlock(&die_lock);
-        raw_local_irq_restore(flags);
-
-        if (!regs)
-                return;
-
-        if (kexec_should_crash(current))
-                crash_kexec(regs);
-
-        if (in_interrupt())
-                panic("Fatal exception in interrupt");
-
-        if (panic_on_oops)
-                panic("Fatal exception");
-
-        oops_exit();
-        do_exit(signr);
-}
-
-int __kprobes __die(const char *str, struct pt_regs *regs, long err)
-{
-        unsigned short ss;
-        unsigned long sp;
+                tss->io_bitmap_max = thread->io_bitmap_max;
+                tss->x86_tss.io_bitmap_base = IO_BITMAP_OFFSET;
+                tss->io_bitmap_owner = thread;
+                put_cpu();
 
-        printk(KERN_EMERG "%s: %04lx [#%d] ", str, err & 0xffff, ++die_counter);
-#ifdef CONFIG_PREEMPT
-        printk("PREEMPT ");
-#endif
-#ifdef CONFIG_SMP
-        printk("SMP ");
-#endif
-#ifdef CONFIG_DEBUG_PAGEALLOC
-        printk("DEBUG_PAGEALLOC");
-#endif
-        printk("\n");
-        if (notify_die(DIE_OOPS, str, regs, err,
-                        current->thread.trap_no, SIGSEGV) == NOTIFY_STOP)
                 return 1;
-
-        show_registers(regs);
-        /* Executive summary in case the oops scrolled away */
-        sp = (unsigned long) (&regs->sp);
-        savesegment(ss, ss);
-        if (user_mode(regs)) {
-                sp = regs->sp;
-                ss = regs->ss & 0xffff;
         }
-        printk(KERN_EMERG "EIP: [<%08lx>] ", regs->ip);
-        print_symbol("%s", regs->ip);
-        printk(" SS:ESP %04x:%08lx\n", ss, sp);
-        return 0;
-}
-
-/*
- * This is gone through when something in the kernel has done something bad
- * and is about to be terminated:
- */
-void die(const char *str, struct pt_regs *regs, long err)
-{
-        unsigned long flags = oops_begin();
-
-        if (die_nest_count < 3) {
-                report_bug(regs->ip, regs);
-
-                if (__die(str, regs, err))
-                        regs = NULL;
-        } else {
-                printk(KERN_EMERG "Recursive die() failure, output suppressed\n");
-        }
-
-        oops_end(flags, regs, SIGSEGV);
-}
+        put_cpu();
 
-static inline void
-die_if_kernel(const char *str, struct pt_regs *regs, long err)
-{
-        if (!user_mode_vm(regs))
-                die(str, regs, err);
+        return 0;
 }
+#endif
 
 static void __kprobes
-do_trap(int trapnr, int signr, char *str, int vm86, struct pt_regs *regs,
+do_trap(int trapnr, int signr, char *str, struct pt_regs *regs,
         long error_code, siginfo_t *info)
 {
         struct task_struct *tsk = current;
 
+#ifdef CONFIG_X86_32
         if (regs->flags & X86_VM_MASK) {
-                if (vm86)
+                /*
+                 * traps 0, 1, 3, 4, and 5 should be forwarded to vm86.
+                 * On nmi (interrupt 2), do_trap should not be called.
+                 */
+                if (trapnr < 6)
                         goto vm86_trap;
                 goto trap_signal;
         }
+#endif
 
         if (!user_mode(regs))
                 goto kernel_trap;
 
+#ifdef CONFIG_X86_32
 trap_signal:
+#endif
         /*
          * We want error_code and trap_no set for userspace faults and
          * kernelspace faults which result in die(), but not
@@ -501,6 +197,18 @@ trap_signal:
         tsk->thread.error_code = error_code;
         tsk->thread.trap_no = trapnr;
 
+#ifdef CONFIG_X86_64
+        if (show_unhandled_signals && unhandled_signal(tsk, signr) &&
+            printk_ratelimit()) {
+                printk(KERN_INFO
+                       "%s[%d] trap %s ip:%lx sp:%lx error:%lx",
+                       tsk->comm, tsk->pid, str,
+                       regs->ip, regs->sp, error_code);
+                print_vma_addr(" in ", regs->ip);
+                printk("\n");
+        }
+#endif
+
         if (info)
                 force_sig_info(signr, info, tsk);
         else
@@ -515,29 +223,29 @@ kernel_trap:
         }
         return;
 
+#ifdef CONFIG_X86_32
 vm86_trap:
         if (handle_vm86_trap((struct kernel_vm86_regs *) regs,
                                                 error_code, trapnr))
                 goto trap_signal;
         return;
+#endif
 }
 
 #define DO_ERROR(trapnr, signr, str, name)                              \
-void do_##name(struct pt_regs *regs, long error_code)                   \
+dotraplinkage void do_##name(struct pt_regs *regs, long error_code)     \
 {                                                                       \
-        trace_hardirqs_fixup();                                         \
         if (notify_die(DIE_TRAP, str, regs, error_code, trapnr, signr)  \
                                                         == NOTIFY_STOP) \
                 return;                                                 \
-        do_trap(trapnr, signr, str, 0, regs, error_code, NULL);         \
+        conditional_sti(regs);                                          \
+        do_trap(trapnr, signr, str, regs, error_code, NULL);            \
 }
 
-#define DO_ERROR_INFO(trapnr, signr, str, name, sicode, siaddr, irq)    \
-void do_##name(struct pt_regs *regs, long error_code)                   \
+#define DO_ERROR_INFO(trapnr, signr, str, name, sicode, siaddr)         \
+dotraplinkage void do_##name(struct pt_regs *regs, long error_code)     \
 {                                                                       \
         siginfo_t info;                                                 \
-        if (irq)                                                        \
-                local_irq_enable();                                     \
         info.si_signo = signr;                                          \
         info.si_errno = 0;                                              \
         info.si_code = sicode;                                          \
@@ -545,90 +253,68 @@ void do_##name(struct pt_regs *regs, long error_code)			\
         if (notify_die(DIE_TRAP, str, regs, error_code, trapnr, signr)  \
                                                         == NOTIFY_STOP) \
                 return;                                                 \
-        do_trap(trapnr, signr, str, 0, regs, error_code, &info);        \
+        conditional_sti(regs);                                          \
+        do_trap(trapnr, signr, str, regs, error_code, &info);           \
 }
 
-#define DO_VM86_ERROR(trapnr, signr, str, name)                         \
-void do_##name(struct pt_regs *regs, long error_code)                   \
-{                                                                       \
-        if (notify_die(DIE_TRAP, str, regs, error_code, trapnr, signr)  \
-                                                        == NOTIFY_STOP) \
-                return;                                                 \
-        do_trap(trapnr, signr, str, 1, regs, error_code, NULL);         \
-}
-
-#define DO_VM86_ERROR_INFO(trapnr, signr, str, name, sicode, siaddr)    \
-void do_##name(struct pt_regs *regs, long error_code)                   \
-{                                                                       \
-        siginfo_t info;                                                 \
-        info.si_signo = signr;                                          \
-        info.si_errno = 0;                                              \
-        info.si_code = sicode;                                          \
-        info.si_addr = (void __user *)siaddr;                           \
-        trace_hardirqs_fixup();                                         \
-        if (notify_die(DIE_TRAP, str, regs, error_code, trapnr, signr)  \
-                                                        == NOTIFY_STOP) \
-                return;                                                 \
-        do_trap(trapnr, signr, str, 1, regs, error_code, &info);        \
-}
-
-DO_VM86_ERROR_INFO(0, SIGFPE, "divide error", divide_error, FPE_INTDIV, regs->ip)
-#ifndef CONFIG_KPROBES
-DO_VM86_ERROR(3, SIGTRAP, "int3", int3)
-#endif
-DO_VM86_ERROR(4, SIGSEGV, "overflow", overflow)
-DO_VM86_ERROR(5, SIGSEGV, "bounds", bounds)
-DO_ERROR_INFO(6, SIGILL, "invalid opcode", invalid_op, ILL_ILLOPN, regs->ip, 0)
+DO_ERROR_INFO(0, SIGFPE, "divide error", divide_error, FPE_INTDIV, regs->ip)
+DO_ERROR(4, SIGSEGV, "overflow", overflow)
+DO_ERROR(5, SIGSEGV, "bounds", bounds)
+DO_ERROR_INFO(6, SIGILL, "invalid opcode", invalid_op, ILL_ILLOPN, regs->ip)
 DO_ERROR(9, SIGFPE, "coprocessor segment overrun", coprocessor_segment_overrun)
 DO_ERROR(10, SIGSEGV, "invalid TSS", invalid_TSS)
 DO_ERROR(11, SIGBUS, "segment not present", segment_not_present)
+#ifdef CONFIG_X86_32
 DO_ERROR(12, SIGBUS, "stack segment", stack_segment)
-DO_ERROR_INFO(17, SIGBUS, "alignment check", alignment_check, BUS_ADRALN, 0, 0)
-DO_ERROR_INFO(32, SIGILL, "iret exception", iret_error, ILL_BADSTK, 0, 1)
+#endif
+DO_ERROR_INFO(17, SIGBUS, "alignment check", alignment_check, BUS_ADRALN, 0)
+
+#ifdef CONFIG_X86_64
+/* Runs on IST stack */
+dotraplinkage void do_stack_segment(struct pt_regs *regs, long error_code)
+{
+        if (notify_die(DIE_TRAP, "stack segment", regs, error_code,
+                        12, SIGBUS) == NOTIFY_STOP)
+                return;
+        preempt_conditional_sti(regs);
+        do_trap(12, SIGBUS, "stack segment", regs, error_code, NULL);
+        preempt_conditional_cli(regs);
+}
+
+dotraplinkage void do_double_fault(struct pt_regs *regs, long error_code)
+{
+        static const char str[] = "double fault";
+        struct task_struct *tsk = current;
+
+        /* Return not checked because double check cannot be ignored */
+        notify_die(DIE_TRAP, str, regs, error_code, 8, SIGSEGV);
 
-void __kprobes
+        tsk->thread.error_code = error_code;
+        tsk->thread.trap_no = 8;
+
+        /* This is always a kernel trap and never fixable (and thus must
+           never return). */
+        for (;;)
+                die(str, regs, error_code);
+}
+#endif
+
+dotraplinkage void __kprobes
 do_general_protection(struct pt_regs *regs, long error_code)
 {
         struct task_struct *tsk;
-        struct thread_struct *thread;
-        struct tss_struct *tss;
-        int cpu;
 
-        cpu = get_cpu();
-        tss = &per_cpu(init_tss, cpu);
-        thread = &current->thread;
-
-        /*
-         * Perform the lazy TSS's I/O bitmap copy. If the TSS has an
-         * invalid offset set (the LAZY one) and the faulting thread has
-         * a valid I/O bitmap pointer, we copy the I/O bitmap in the TSS
-         * and we set the offset field correctly. Then we let the CPU to
-         * restart the faulting instruction.
-         */
-        if (tss->x86_tss.io_bitmap_base == INVALID_IO_BITMAP_OFFSET_LAZY &&
-            thread->io_bitmap_ptr) {
-                memcpy(tss->io_bitmap, thread->io_bitmap_ptr,
-                       thread->io_bitmap_max);
-                /*
-                 * If the previously set map was extending to higher ports
-                 * than the current one, pad extra space with 0xff (no access).
-                 */
-                if (thread->io_bitmap_max < tss->io_bitmap_max) {
-                        memset((char *) tss->io_bitmap +
-                                thread->io_bitmap_max, 0xff,
-                                tss->io_bitmap_max - thread->io_bitmap_max);
-                }
-                tss->io_bitmap_max = thread->io_bitmap_max;
-                tss->x86_tss.io_bitmap_base = IO_BITMAP_OFFSET;
-                tss->io_bitmap_owner = thread;
-                put_cpu();
+        conditional_sti(regs);
 
+#ifdef CONFIG_X86_32
+        if (lazy_iobitmap_copy()) {
+                /* restart the faulting instruction */
                 return;
         }
-        put_cpu();
 
         if (regs->flags & X86_VM_MASK)
                 goto gp_in_vm86;
+#endif
 
         tsk = current;
         if (!user_mode(regs))
@@ -650,10 +336,12 @@ do_general_protection(struct pt_regs *regs, long error_code)
         force_sig(SIGSEGV, tsk);
         return;
 
+#ifdef CONFIG_X86_32
 gp_in_vm86:
         local_irq_enable();
         handle_vm86_fault((struct kernel_vm86_regs *) regs, error_code);
         return;
+#endif
 
 gp_in_kernel:
         if (fixup_exception(regs))
@@ -690,7 +378,8 @@ mem_parity_error(unsigned char reason, struct pt_regs *regs)
         printk(KERN_EMERG "Dazed and confused, but trying to continue\n");
 
         /* Clear and disable the memory parity error line. */
-        clear_mem_error(reason);
+        reason = (reason & 0xf) | 4;
+        outb(reason, 0x61);
 }
 
 static notrace __kprobes void
@@ -716,7 +405,8 @@ io_check_error(unsigned char reason, struct pt_regs *regs)
 static notrace __kprobes void
 unknown_nmi_error(unsigned char reason, struct pt_regs *regs)
 {
-        if (notify_die(DIE_NMIUNKNOWN, "nmi", regs, reason, 2, SIGINT) == NOTIFY_STOP)
+        if (notify_die(DIE_NMIUNKNOWN, "nmi", regs, reason, 2, SIGINT) ==
+                        NOTIFY_STOP)
                 return;
 #ifdef CONFIG_MCA
         /*
@@ -739,41 +429,6 @@ unknown_nmi_error(unsigned char reason, struct pt_regs *regs)
         printk(KERN_EMERG "Dazed and confused, but trying to continue\n");
 }
 
-static DEFINE_SPINLOCK(nmi_print_lock);
-
-void notrace __kprobes die_nmi(char *str, struct pt_regs *regs, int do_panic)
-{
-        if (notify_die(DIE_NMIWATCHDOG, str, regs, 0, 2, SIGINT) == NOTIFY_STOP)
-                return;
-
-        spin_lock(&nmi_print_lock);
-        /*
-        * We are in trouble anyway, lets at least try
-        * to get a message out:
-        */
-        bust_spinlocks(1);
-        printk(KERN_EMERG "%s", str);
-        printk(" on CPU%d, ip %08lx, registers:\n",
-                smp_processor_id(), regs->ip);
-        show_registers(regs);
-        if (do_panic)
-                panic("Non maskable interrupt");
-        console_silent();
-        spin_unlock(&nmi_print_lock);
-        bust_spinlocks(0);
-
-        /*
-         * If we are in kernel we are probably nested up pretty bad
-         * and might aswell get out now while we still can:
-         */
-        if (!user_mode_vm(regs)) {
-                current->thread.trap_no = 2;
-                crash_kexec(regs);
-        }
-
-        do_exit(SIGSEGV);
-}
-
 static notrace __kprobes void default_do_nmi(struct pt_regs *regs)
 {
         unsigned char reason = 0;
@@ -812,22 +467,25 @@ static notrace __kprobes void default_do_nmi(struct pt_regs *regs)
                 mem_parity_error(reason, regs);
         if (reason & 0x40)
                 io_check_error(reason, regs);
+#ifdef CONFIG_X86_32
         /*
          * Reassert NMI in case it became active meanwhile
          * as it's edge-triggered:
          */
         reassert_nmi();
+#endif
 }
 
-notrace __kprobes void do_nmi(struct pt_regs *regs, long error_code)
+dotraplinkage notrace __kprobes void
+do_nmi(struct pt_regs *regs, long error_code)
 {
-        int cpu;
-
         nmi_enter();
 
-        cpu = smp_processor_id();
-
-        ++nmi_count(cpu);
+#ifdef CONFIG_X86_32
+        { int cpu; cpu = smp_processor_id(); ++nmi_count(cpu); }
+#else
+        add_pda(__nmi_count, 1);
+#endif
 
         if (!ignore_nmis)
                 default_do_nmi(regs);
@@ -847,21 +505,44 @@ void restart_nmi(void)
         acpi_nmi_enable();
 }
 
-#ifdef CONFIG_KPROBES
-void __kprobes do_int3(struct pt_regs *regs, long error_code)
+/* May run on IST stack. */
+dotraplinkage void __kprobes do_int3(struct pt_regs *regs, long error_code)
 {
-        trace_hardirqs_fixup();
-
+#ifdef CONFIG_KPROBES
         if (notify_die(DIE_INT3, "int3", regs, error_code, 3, SIGTRAP)
                         == NOTIFY_STOP)
                 return;
-        /*
-         * This is an interrupt gate, because kprobes wants interrupts
-         * disabled. Normal trap handlers don't.
-         */
-        restore_interrupts(regs);
+#else
+        if (notify_die(DIE_TRAP, "int3", regs, error_code, 3, SIGTRAP)
+                        == NOTIFY_STOP)
+                return;
+#endif
+
+        preempt_conditional_sti(regs);
+        do_trap(3, SIGTRAP, "int3", regs, error_code, NULL);
+        preempt_conditional_cli(regs);
+}
 
-        do_trap(3, SIGTRAP, "int3", 1, regs, error_code, NULL);
+#ifdef CONFIG_X86_64
+/* Help handler running on IST stack to switch back to user stack
+   for scheduling or signal handling. The actual stack switch is done in
+   entry.S */
+asmlinkage __kprobes struct pt_regs *sync_regs(struct pt_regs *eregs)
+{
+        struct pt_regs *regs = eregs;
+        /* Did already sync */
+        if (eregs == (struct pt_regs *)eregs->sp)
+                ;
+        /* Exception from user space */
+        else if (user_mode(eregs))
+                regs = task_pt_regs(current);
+        /* Exception from kernel and interrupts are enabled. Move to
+           kernel process stack. */
+        else if (eregs->flags & X86_EFLAGS_IF)
+                regs = (struct pt_regs *)(eregs->sp -= sizeof(struct pt_regs));
+        if (eregs != regs)
+                *regs = *eregs;
+        return regs;
 }
 #endif
 
@@ -886,13 +567,14 @@ void __kprobes do_int3(struct pt_regs *regs, long error_code)
  * about restoring all the debug state, and ptrace doesn't have to
  * find every occurrence of the TF bit that could be saved away even
  * by user code)
+ *
+ * May run on IST stack.
  */
-void __kprobes do_debug(struct pt_regs *regs, long error_code)
+dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
 {
         struct task_struct *tsk = current;
-        unsigned int condition;
-
-        trace_hardirqs_fixup();
+        unsigned long condition;
+        int si_code;
 
         get_debugreg(condition, 6);
 
@@ -905,9 +587,9 @@ void __kprobes do_debug(struct pt_regs *regs, long error_code)
         if (notify_die(DIE_DEBUG, "debug", regs, condition, error_code,
                                                 SIGTRAP) == NOTIFY_STOP)
                 return;
+
         /* It's safe to allow irq's after DR6 has been saved */
-        if (regs->flags & X86_EFLAGS_IF)
-                local_irq_enable();
+        preempt_conditional_sti(regs);
 
         /* Mask out spurious debug traps due to lazy DR7 setting */
         if (condition & (DR_TRAP0|DR_TRAP1|DR_TRAP2|DR_TRAP3)) {
@@ -915,8 +597,10 @@ void __kprobes do_debug(struct pt_regs *regs, long error_code)
                         goto clear_dr7;
         }
 
+#ifdef CONFIG_X86_32
         if (regs->flags & X86_VM_MASK)
                 goto debug_vm86;
+#endif
 
         /* Save debug status register where ptrace can see it */
         tsk->thread.debugreg6 = condition;
@@ -926,17 +610,13 @@ void __kprobes do_debug(struct pt_regs *regs, long error_code)
          * kernel space (but re-enable TF when returning to user mode).
          */
         if (condition & DR_STEP) {
-                /*
-                 * We already checked v86 mode above, so we can
-                 * check for kernel mode by just checking the CPL
-                 * of CS.
-                 */
                 if (!user_mode(regs))
                         goto clear_TF_reenable;
         }
 
+        si_code = get_si_code(condition);
         /* Ok, finally something we can handle */
-        send_sigtrap(tsk, regs, error_code);
+        send_sigtrap(tsk, regs, error_code, si_code);
 
         /*
          * Disable additional traps. They'll be re-enabled when
@@ -944,18 +624,37 @@ void __kprobes do_debug(struct pt_regs *regs, long error_code)
          */
 clear_dr7:
         set_debugreg(0, 7);
+        preempt_conditional_cli(regs);
         return;
 
+#ifdef CONFIG_X86_32
 debug_vm86:
         handle_vm86_trap((struct kernel_vm86_regs *) regs, error_code, 1);
+        preempt_conditional_cli(regs);
         return;
+#endif
 
 clear_TF_reenable:
         set_tsk_thread_flag(tsk, TIF_SINGLESTEP);
         regs->flags &= ~X86_EFLAGS_TF;
+        preempt_conditional_cli(regs);
         return;
 }
 
+#ifdef CONFIG_X86_64
+static int kernel_math_error(struct pt_regs *regs, const char *str, int trapnr)
+{
+        if (fixup_exception(regs))
+                return 1;
+
+        notify_die(DIE_GPF, str, regs, 0, trapnr, SIGFPE);
+        /* Illegal floating point operation in the kernel */
+        current->thread.trap_no = trapnr;
+        die(str, regs, 0);
+        return 0;
+}
+#endif
+
 /*
  * Note that we play around with the 'TS' bit in an attempt to get
  * the correct behaviour even in the presence of the asynchronous
@@ -992,7 +691,9 @@ void math_error(void __user *ip)
         swd = get_fpu_swd(task);
         switch (swd & ~cwd & 0x3f) {
         case 0x000: /* No unmasked exception */
+#ifdef CONFIG_X86_32
                 return;
+#endif
         default: /* Multiple exceptions */
                 break;
         case 0x001: /* Invalid Op */
@@ -1020,9 +721,18 @@ void math_error(void __user *ip)
         force_sig_info(SIGFPE, &info, task);
 }
 
-void do_coprocessor_error(struct pt_regs *regs, long error_code)
+dotraplinkage void do_coprocessor_error(struct pt_regs *regs, long error_code)
 {
+        conditional_sti(regs);
+
+#ifdef CONFIG_X86_32
         ignore_fpu_irq = 1;
+#else
+        if (!user_mode(regs) &&
+            kernel_math_error(regs, "kernel x87 math error", 16))
+                return;
+#endif
+
         math_error((void __user *)regs->ip);
 }
 
@@ -1074,8 +784,12 @@ static void simd_math_error(void __user *ip)
         force_sig_info(SIGFPE, &info, task);
 }
 
-void do_simd_coprocessor_error(struct pt_regs *regs, long error_code)
+dotraplinkage void
+do_simd_coprocessor_error(struct pt_regs *regs, long error_code)
 {
+        conditional_sti(regs);
+
+#ifdef CONFIG_X86_32
         if (cpu_has_xmm) {
                 /* Handle SIMD FPU exceptions on PIII+ processors. */
                 ignore_fpu_irq = 1;
@@ -1094,16 +808,25 @@ void do_simd_coprocessor_error(struct pt_regs *regs, long error_code)
         current->thread.error_code = error_code;
         die_if_kernel("cache flush denied", regs, error_code);
         force_sig(SIGSEGV, current);
+#else
+        if (!user_mode(regs) &&
+                        kernel_math_error(regs, "kernel simd math error", 19))
+                return;
+        simd_math_error((void __user *)regs->ip);
+#endif
 }
 
-void do_spurious_interrupt_bug(struct pt_regs *regs, long error_code)
+dotraplinkage void
+do_spurious_interrupt_bug(struct pt_regs *regs, long error_code)
 {
+        conditional_sti(regs);
 #if 0
         /* No need to warn about this any longer. */
         printk(KERN_INFO "Ignoring P6 Local APIC Spurious Interrupt Bug...\n");
 #endif
 }
 
+#ifdef CONFIG_X86_32
 unsigned long patch_espfix_desc(unsigned long uesp, unsigned long kesp)
 {
         struct desc_struct *gdt = get_cpu_gdt_table(smp_processor_id());
@@ -1122,6 +845,15 @@ unsigned long patch_espfix_desc(unsigned long uesp, unsigned long kesp)
 
         return new_kesp;
 }
+#else
+asmlinkage void __attribute__((weak)) smp_thermal_interrupt(void)
+{
+}
+
+asmlinkage void __attribute__((weak)) mce_threshold_interrupt(void)
+{
+}
+#endif
 
 /*
  * 'math_state_restore()' saves the current math information in the
@@ -1154,14 +886,24 @@ asmlinkage void math_state_restore(void)
         }
 
         clts();                         /* Allow maths ops (or we recurse) */
+#ifdef CONFIG_X86_32
         restore_fpu(tsk);
+#else
+        /*
+         * Paranoid restore. send a SIGSEGV if we fail to restore the state.
+         */
+        if (unlikely(restore_fpu_checking(tsk))) {
+                stts();
+                force_sig(SIGSEGV, tsk);
+                return;
+        }
+#endif
         thread->status |= TS_USEDFPU;   /* So we fnsave on switch_to() */
         tsk->fpu_counter++;
 }
 EXPORT_SYMBOL_GPL(math_state_restore);
 
 #ifndef CONFIG_MATH_EMULATION
-
 asmlinkage void math_emulate(long arg)
 {
         printk(KERN_EMERG
@@ -1170,12 +912,54 @@ asmlinkage void math_emulate(long arg)
         force_sig(SIGFPE, current);
         schedule();
 }
-
 #endif /* CONFIG_MATH_EMULATION */
 
+dotraplinkage void __kprobes
+do_device_not_available(struct pt_regs *regs, long error)
+{
+#ifdef CONFIG_X86_32
+        if (read_cr0() & X86_CR0_EM) {
+                conditional_sti(regs);
+                math_emulate(0);
+        } else {
+                math_state_restore(); /* interrupts still off */
+                conditional_sti(regs);
+        }
+#else
+        math_state_restore();
+#endif
+}
+
+#ifdef CONFIG_X86_32
+#ifdef CONFIG_X86_MCE
+dotraplinkage void __kprobes do_machine_check(struct pt_regs *regs, long error)
+{
+        conditional_sti(regs);
+        machine_check_vector(regs, error);
+}
+#endif
+
+dotraplinkage void do_iret_error(struct pt_regs *regs, long error_code)
+{
+        siginfo_t info;
+        local_irq_enable();
+
+        info.si_signo = SIGILL;
+        info.si_errno = 0;
+        info.si_code = ILL_BADSTK;
+        info.si_addr = 0;
+        if (notify_die(DIE_TRAP, "iret exception",
+                        regs, error_code, 32, SIGILL) == NOTIFY_STOP)
+                return;
+        do_trap(32, SIGILL, "iret exception", regs, error_code, &info);
+}
+#endif
+
 void __init trap_init(void)
 {
+#ifdef CONFIG_X86_32
         int i;
+#endif
 
 #ifdef CONFIG_EISA
         void __iomem *p = early_ioremap(0x0FFFD9, 4);
@@ -1185,29 +969,40 @@ void __init trap_init(void)
         early_iounmap(p, 4);
 #endif
 
-        set_trap_gate(0, &divide_error);
-        set_intr_gate(1, &debug);
-        set_intr_gate(2, &nmi);
-        set_system_intr_gate(3, &int3); /* int3 can be called from all */
-        set_system_gate(4, &overflow); /* int4 can be called from all */
-        set_trap_gate(5, &bounds);
-        set_trap_gate(6, &invalid_op);
-        set_trap_gate(7, &device_not_available);
+        set_intr_gate(0, &divide_error);
+        set_intr_gate_ist(1, &debug, DEBUG_STACK);
+        set_intr_gate_ist(2, &nmi, NMI_STACK);
+        /* int3 can be called from all */
+        set_system_intr_gate_ist(3, &int3, DEBUG_STACK);
+        /* int4 can be called from all */
+        set_system_intr_gate(4, &overflow);
+        set_intr_gate(5, &bounds);
+        set_intr_gate(6, &invalid_op);
+        set_intr_gate(7, &device_not_available);
+#ifdef CONFIG_X86_32
         set_task_gate(8, GDT_ENTRY_DOUBLEFAULT_TSS);
-        set_trap_gate(9, &coprocessor_segment_overrun);
-        set_trap_gate(10, &invalid_TSS);
-        set_trap_gate(11, &segment_not_present);
-        set_trap_gate(12, &stack_segment);
-        set_trap_gate(13, &general_protection);
+#else
+        set_intr_gate_ist(8, &double_fault, DOUBLEFAULT_STACK);
+#endif
+        set_intr_gate(9, &coprocessor_segment_overrun);
+        set_intr_gate(10, &invalid_TSS);
+        set_intr_gate(11, &segment_not_present);
+        set_intr_gate_ist(12, &stack_segment, STACKFAULT_STACK);
+        set_intr_gate(13, &general_protection);
         set_intr_gate(14, &page_fault);
-        set_trap_gate(15, &spurious_interrupt_bug);
-        set_trap_gate(16, &coprocessor_error);
-        set_trap_gate(17, &alignment_check);
+        set_intr_gate(15, &spurious_interrupt_bug);
+        set_intr_gate(16, &coprocessor_error);
+        set_intr_gate(17, &alignment_check);
 #ifdef CONFIG_X86_MCE
-        set_trap_gate(18, &machine_check);
+        set_intr_gate_ist(18, &machine_check, MCE_STACK);
 #endif
-        set_trap_gate(19, &simd_coprocessor_error);
+        set_intr_gate(19, &simd_coprocessor_error);
 
+#ifdef CONFIG_IA32_EMULATION
+        set_system_intr_gate(IA32_SYSCALL_VECTOR, ia32_syscall);
+#endif
+
+#ifdef CONFIG_X86_32
         if (cpu_has_fxsr) {
                 printk(KERN_INFO "Enabling fast FPU save and restore... ");
                 set_in_cr4(X86_CR4_OSFXSR);
@@ -1220,37 +1015,20 @@ void __init trap_init(void)
                 printk("done.\n");
         }
 
-        set_system_gate(SYSCALL_VECTOR, &system_call);
+        set_system_trap_gate(SYSCALL_VECTOR, &system_call);
 
         /* Reserve all the builtin and the syscall vector: */
         for (i = 0; i < FIRST_EXTERNAL_VECTOR; i++)
                 set_bit(i, used_vectors);
 
         set_bit(SYSCALL_VECTOR, used_vectors);
-
-        init_thread_xstate();
+#endif
         /*
          * Should be a barrier for any external CPU state:
          */
         cpu_init();
 
+#ifdef CONFIG_X86_32
         trap_init_hook();
+#endif
 }
-
-static int __init kstack_setup(char *s)
-{
-        kstack_depth_to_print = simple_strtoul(s, NULL, 0);
-
-        return 1;
-}
-__setup("kstack=", kstack_setup);
-
-static int __init code_bytes_setup(char *s)
-{
-        code_bytes = simple_strtoul(s, NULL, 0);
-        if (code_bytes > 8192)
-                code_bytes = 8192;
-
-        return 1;
-}
-__setup("code_bytes=", code_bytes_setup);
diff --git a/arch/x86/kernel/traps_64.c b/arch/x86/kernel/traps_64.c
deleted file mode 100644
index 513caaca7115..000000000000
--- a/arch/x86/kernel/traps_64.c
+++ /dev/null
@@ -1,1212 +0,0 @@
-/*
- *  Copyright (C) 1991, 1992  Linus Torvalds
- *  Copyright (C) 2000, 2001, 2002 Andi Kleen, SuSE Labs
- *
- *  Pentium III FXSR, SSE support
- *      Gareth Hughes <gareth@valinux.com>, May 2000
- */
-
-/*
- * 'Traps.c' handles hardware traps and faults after we have saved some
- * state in 'entry.S'.
- */
-#include <linux/moduleparam.h>
-#include <linux/interrupt.h>
-#include <linux/kallsyms.h>
-#include <linux/spinlock.h>
-#include <linux/kprobes.h>
-#include <linux/uaccess.h>
-#include <linux/utsname.h>
-#include <linux/kdebug.h>
-#include <linux/kernel.h>
-#include <linux/module.h>
-#include <linux/ptrace.h>
-#include <linux/string.h>
-#include <linux/unwind.h>
-#include <linux/delay.h>
-#include <linux/errno.h>
-#include <linux/kexec.h>
-#include <linux/sched.h>
-#include <linux/timer.h>
-#include <linux/init.h>
-#include <linux/bug.h>
-#include <linux/nmi.h>
-#include <linux/mm.h>
-
-#if defined(CONFIG_EDAC)
-#include <linux/edac.h>
-#endif
-
-#include <asm/stacktrace.h>
-#include <asm/processor.h>
-#include <asm/debugreg.h>
-#include <asm/atomic.h>
-#include <asm/system.h>
-#include <asm/unwind.h>
-#include <asm/desc.h>
-#include <asm/i387.h>
-#include <asm/nmi.h>
-#include <asm/smp.h>
-#include <asm/io.h>
-#include <asm/pgalloc.h>
-#include <asm/proto.h>
-#include <asm/pda.h>
-#include <asm/traps.h>
-
-#include <mach_traps.h>
-
-int panic_on_unrecovered_nmi;
-int kstack_depth_to_print = 12;
-static unsigned int code_bytes = 64;
-static int ignore_nmis;
-static int die_counter;
-
-static inline void conditional_sti(struct pt_regs *regs)
-{
-        if (regs->flags & X86_EFLAGS_IF)
-                local_irq_enable();
-}
-
-static inline void preempt_conditional_sti(struct pt_regs *regs)
-{
-        inc_preempt_count();
-        if (regs->flags & X86_EFLAGS_IF)
-                local_irq_enable();
-}
-
-static inline void preempt_conditional_cli(struct pt_regs *regs)
-{
-        if (regs->flags & X86_EFLAGS_IF)
-                local_irq_disable();
-        /* Make sure to not schedule here because we could be running
-           on an exception stack. */
-        dec_preempt_count();
-}
-
-void printk_address(unsigned long address, int reliable)
-{
-        printk(" [<%016lx>] %s%pS\n", address, reliable ? "": "? ", (void *) address);
-}
-
-static unsigned long *in_exception_stack(unsigned cpu, unsigned long stack,
-                                        unsigned *usedp, char **idp)
-{
-        static char ids[][8] = {
-                [DEBUG_STACK - 1] = "#DB",
-                [NMI_STACK - 1] = "NMI",
-                [DOUBLEFAULT_STACK - 1] = "#DF",
-                [STACKFAULT_STACK - 1] = "#SS",
-                [MCE_STACK - 1] = "#MC",
-#if DEBUG_STKSZ > EXCEPTION_STKSZ
-                [N_EXCEPTION_STACKS ... N_EXCEPTION_STACKS + DEBUG_STKSZ / EXCEPTION_STKSZ - 2] = "#DB[?]"
-#endif
-        };
-        unsigned k;
-
-        /*
-         * Iterate over all exception stacks, and figure out whether
-         * 'stack' is in one of them:
-         */
-        for (k = 0; k < N_EXCEPTION_STACKS; k++) {
-                unsigned long end = per_cpu(orig_ist, cpu).ist[k];
-                /*
-                 * Is 'stack' above this exception frame's end?
-                 * If yes then skip to the next frame.
-                 */
-                if (stack >= end)
-                        continue;
-                /*
-                 * Is 'stack' above this exception frame's start address?
-                 * If yes then we found the right frame.
-                 */
-                if (stack >= end - EXCEPTION_STKSZ) {
-                        /*
-                         * Make sure we only iterate through an exception
-                         * stack once. If it comes up for the second time
-                         * then there's something wrong going on - just
-                         * break out and return NULL:
-                         */
-                        if (*usedp & (1U << k))
-                                break;
-                        *usedp |= 1U << k;
-                        *idp = ids[k];
-                        return (unsigned long *)end;
-                }
-                /*
-                 * If this is a debug stack, and if it has a larger size than
-                 * the usual exception stacks, then 'stack' might still
-                 * be within the lower portion of the debug stack:
-                 */
-#if DEBUG_STKSZ > EXCEPTION_STKSZ
-                if (k == DEBUG_STACK - 1 && stack >= end - DEBUG_STKSZ) {
-                        unsigned j = N_EXCEPTION_STACKS - 1;
-
-                        /*
-                         * Black magic. A large debug stack is composed of
-                         * multiple exception stack entries, which we
-                         * iterate through now. Dont look:
-                         */
-                        do {
-                                ++j;
-                                end -= EXCEPTION_STKSZ;
-                                ids[j][4] = '1' + (j - N_EXCEPTION_STACKS);
-                        } while (stack < end - EXCEPTION_STKSZ);
-                        if (*usedp & (1U << j))
-                                break;
-                        *usedp |= 1U << j;
-                        *idp = ids[j];
-                        return (unsigned long *)end;
-                }
-#endif
-        }
-        return NULL;
-}
-
-/*
- * x86-64 can have up to three kernel stacks: 
- * process stack
- * interrupt stack
- * severe exception (double fault, nmi, stack fault, debug, mce) hardware stack
- */
-
-static inline int valid_stack_ptr(struct thread_info *tinfo,
-                        void *p, unsigned int size, void *end)
-{
-        void *t = tinfo;
-        if (end) {
-                if (p < end && p >= (end-THREAD_SIZE))
-                        return 1;
-                else
-                        return 0;
-        }
-        return p > t && p < t + THREAD_SIZE - size;
-}
-
-/* The form of the top of the frame on the stack */
-struct stack_frame {
-        struct stack_frame *next_frame;
-        unsigned long return_address;
-};
-
-static inline unsigned long
-print_context_stack(struct thread_info *tinfo,
-                unsigned long *stack, unsigned long bp,
-                const struct stacktrace_ops *ops, void *data,
-                unsigned long *end)
-{
-        struct stack_frame *frame = (struct stack_frame *)bp;
-
-        while (valid_stack_ptr(tinfo, stack, sizeof(*stack), end)) {
-                unsigned long addr;
-
-                addr = *stack;
-                if (__kernel_text_address(addr)) {
-                        if ((unsigned long) stack == bp + 8) {
-                                ops->address(data, addr, 1);
-                                frame = frame->next_frame;
-                                bp = (unsigned long) frame;
-                        } else {
-                                ops->address(data, addr, bp == 0);
-                        }
-                }
-                stack++;
-        }
-        return bp;
-}
-
-void dump_trace(struct task_struct *task, struct pt_regs *regs,
-                unsigned long *stack, unsigned long bp,
-                const struct stacktrace_ops *ops, void *data)
-{
-        const unsigned cpu = get_cpu();
-        unsigned long *irqstack_end = (unsigned long*)cpu_pda(cpu)->irqstackptr;
-        unsigned used = 0;
-        struct thread_info *tinfo;
-
-        if (!task)
-                task = current;
-
-        if (!stack) {
-                unsigned long dummy;
-                stack = &dummy;
-                if (task && task != current)
-                        stack = (unsigned long *)task->thread.sp;
-        }
-
-#ifdef CONFIG_FRAME_POINTER
-        if (!bp) {
-                if (task == current) {
-                        /* Grab bp right from our regs */
-                        asm("movq %%rbp, %0" : "=r" (bp) :);
-                } else {
-                        /* bp is the last reg pushed by switch_to */
-                        bp = *(unsigned long *) task->thread.sp;
-                }
-        }
-#endif
-
-        /*
-         * Print function call entries in all stacks, starting at the
-         * current stack address. If the stacks consist of nested
-         * exceptions
-         */
-        tinfo = task_thread_info(task);
-        for (;;) {
-                char *id;
-                unsigned long *estack_end;
-                estack_end = in_exception_stack(cpu, (unsigned long)stack,
-                                                &used, &id);
-
-                if (estack_end) {
-                        if (ops->stack(data, id) < 0)
-                                break;
-
-                        bp = print_context_stack(tinfo, stack, bp, ops,
-                                                        data, estack_end);
-                        ops->stack(data, "<EOE>");
-                        /*
-                         * We link to the next stack via the
-                         * second-to-last pointer (index -2 to end) in the
-                         * exception stack:
-                         */
-                        stack = (unsigned long *) estack_end[-2];
-                        continue;
-                }
-                if (irqstack_end) {
-                        unsigned long *irqstack;
-                        irqstack = irqstack_end -
-                                (IRQSTACKSIZE - 64) / sizeof(*irqstack);
-
-                        if (stack >= irqstack && stack < irqstack_end) {
-                                if (ops->stack(data, "IRQ") < 0)
-                                        break;
-                                bp = print_context_stack(tinfo, stack, bp,
-                                                ops, data, irqstack_end);
-                                /*
-                                 * We link to the next stack (which would be
-                                 * the process stack normally) the last
-                                 * pointer (index -1 to end) in the IRQ stack:
-                                 */
-                                stack = (unsigned long *) (irqstack_end[-1]);
-                                irqstack_end = NULL;
-                                ops->stack(data, "EOI");
-                                continue;
-                        }
-                }
-                break;
-        }
-
-        /*
-         * This handles the process stack:
-         */
-        bp = print_context_stack(tinfo, stack, bp, ops, data, NULL);
-        put_cpu();
-}
-EXPORT_SYMBOL(dump_trace);
-
-static void
-print_trace_warning_symbol(void *data, char *msg, unsigned long symbol)
-{
-        print_symbol(msg, symbol);
-        printk("\n");
-}
-
-static void print_trace_warning(void *data, char *msg)
-{
-        printk("%s\n", msg);
-}
-
-static int print_trace_stack(void *data, char *name)
-{
-        printk(" <%s> ", name);
-        return 0;
-}
-
-static void print_trace_address(void *data, unsigned long addr, int reliable)
-{
-        touch_nmi_watchdog();
-        printk_address(addr, reliable);
-}
-
-static const struct stacktrace_ops print_trace_ops = {
-        .warning = print_trace_warning,
-        .warning_symbol = print_trace_warning_symbol,
-        .stack = print_trace_stack,
-        .address = print_trace_address,
-};
-
-static void
-show_trace_log_lvl(struct task_struct *task, struct pt_regs *regs,
-                unsigned long *stack, unsigned long bp, char *log_lvl)
-{
-        printk("\nCall Trace:\n");
-        dump_trace(task, regs, stack, bp, &print_trace_ops, log_lvl);
-        printk("\n");
-}
-
-void show_trace(struct task_struct *task, struct pt_regs *regs,
-                unsigned long *stack, unsigned long bp)
-{
-        show_trace_log_lvl(task, regs, stack, bp, "");
-}
-
-static void
-show_stack_log_lvl(struct task_struct *task, struct pt_regs *regs,
-                unsigned long *sp, unsigned long bp, char *log_lvl)
-{
-        unsigned long *stack;
-        int i;
-        const int cpu = smp_processor_id();
-        unsigned long *irqstack_end = (unsigned long *) (cpu_pda(cpu)->irqstackptr);
-        unsigned long *irqstack = (unsigned long *) (cpu_pda(cpu)->irqstackptr - IRQSTACKSIZE);
-
-        // debugging aid: "show_stack(NULL, NULL);" prints the
-        // back trace for this cpu.
-
-        if (sp == NULL) {
-                if (task)
-                        sp = (unsigned long *)task->thread.sp;
-                else
-                        sp = (unsigned long *)&sp;
-        }
-
-        stack = sp;
-        for (i = 0; i < kstack_depth_to_print; i++) {
-                if (stack >= irqstack && stack <= irqstack_end) {
-                        if (stack == irqstack_end) {
-                                stack = (unsigned long *) (irqstack_end[-1]);
-                                printk(" <EOI> ");
-                        }
-                } else {
-                if (((long) stack & (THREAD_SIZE-1)) == 0)
-                        break;
-                }
-                if (i && ((i % 4) == 0))
-                        printk("\n");
-                printk(" %016lx", *stack++);
-                touch_nmi_watchdog();
-        }
-        show_trace_log_lvl(task, regs, sp, bp, log_lvl);
-}
-
-void show_stack(struct task_struct *task, unsigned long *sp)
-{
-        show_stack_log_lvl(task, NULL, sp, 0, "");
-}
-
-/*
- * The architecture-independent dump_stack generator
- */
-void dump_stack(void)
-{
-        unsigned long bp = 0;
-        unsigned long stack;
-
-#ifdef CONFIG_FRAME_POINTER
-        if (!bp)
-                asm("movq %%rbp, %0" : "=r" (bp):);
-#endif
-
-        printk("Pid: %d, comm: %.20s %s %s %.*s\n",
-                current->pid, current->comm, print_tainted(),
-                init_utsname()->release,
-                (int)strcspn(init_utsname()->version, " "),
-                init_utsname()->version);
-        show_trace(NULL, NULL, &stack, bp);
-}
-
-EXPORT_SYMBOL(dump_stack);
-
-void show_registers(struct pt_regs *regs)
-{
-        int i;
-        unsigned long sp;
-        const int cpu = smp_processor_id();
-        struct task_struct *cur = cpu_pda(cpu)->pcurrent;
-
-        sp = regs->sp;
-        printk("CPU %d ", cpu);
-        __show_regs(regs);
-        printk("Process %s (pid: %d, threadinfo %p, task %p)\n",
-                cur->comm, cur->pid, task_thread_info(cur), cur);
-
-        /*
-         * When in-kernel, we also print out the stack and code at the
-         * time of the fault..
-         */
-        if (!user_mode(regs)) {
-                unsigned int code_prologue = code_bytes * 43 / 64;
-                unsigned int code_len = code_bytes;
-                unsigned char c;
-                u8 *ip;
-
-                printk("Stack: ");
-                show_stack_log_lvl(NULL, regs, (unsigned long *)sp,
-                                regs->bp, "");
-                printk("\n");
-
-                printk(KERN_EMERG "Code: ");
-
-                ip = (u8 *)regs->ip - code_prologue;
-                if (ip < (u8 *)PAGE_OFFSET || probe_kernel_address(ip, c)) {
-                        /* try starting at RIP */
-                        ip = (u8 *)regs->ip;
-                        code_len = code_len - code_prologue + 1;
-                }
-                for (i = 0; i < code_len; i++, ip++) {
-                        if (ip < (u8 *)PAGE_OFFSET ||
-                                        probe_kernel_address(ip, c)) {
-                                printk(" Bad RIP value.");
-                                break;
-                        }
-                        if (ip == (u8 *)regs->ip)
-                                printk("<%02x> ", c);
-                        else
-                                printk("%02x ", c);
-                }
-        }
-        printk("\n");
-}
-
-int is_valid_bugaddr(unsigned long ip)
-{
-        unsigned short ud2;
-
-        if (__copy_from_user(&ud2, (const void __user *) ip, sizeof(ud2)))
-                return 0;
-
-        return ud2 == 0x0b0f;
-}
-
-static raw_spinlock_t die_lock = __RAW_SPIN_LOCK_UNLOCKED;
-static int die_owner = -1;
-static unsigned int die_nest_count;
-
-unsigned __kprobes long oops_begin(void)
-{
-        int cpu;
-        unsigned long flags;
-
-        oops_enter();
-
-        /* racy, but better than risking deadlock. */
-        raw_local_irq_save(flags);
-        cpu = smp_processor_id();
-        if (!__raw_spin_trylock(&die_lock)) {
-                if (cpu == die_owner) 
-                        /* nested oops. should stop eventually */;
-                else
-                        __raw_spin_lock(&die_lock);
-        }
-        die_nest_count++;
-        die_owner = cpu;
-        console_verbose();
-        bust_spinlocks(1);
-        return flags;
-}
-
-void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, int signr)
-{
-        die_owner = -1;
-        bust_spinlocks(0);
-        die_nest_count--;
-        if (!die_nest_count)
-                /* Nest count reaches zero, release the lock. */
-                __raw_spin_unlock(&die_lock);
-        raw_local_irq_restore(flags);
-        if (!regs) {
-                oops_exit();
-                return;
-        }
-        if (panic_on_oops)
-                panic("Fatal exception");
-        oops_exit();
-        do_exit(signr);
-}
-
-int __kprobes __die(const char *str, struct pt_regs *regs, long err)
-{
-        printk(KERN_EMERG "%s: %04lx [%u] ", str, err & 0xffff, ++die_counter);
-#ifdef CONFIG_PREEMPT
-        printk("PREEMPT ");
-#endif
-#ifdef CONFIG_SMP
-        printk("SMP ");
-#endif
-#ifdef CONFIG_DEBUG_PAGEALLOC
-        printk("DEBUG_PAGEALLOC");
-#endif
-        printk("\n");
-        if (notify_die(DIE_OOPS, str, regs, err,
-                        current->thread.trap_no, SIGSEGV) == NOTIFY_STOP)
-                return 1;
-
-        show_registers(regs);
-        add_taint(TAINT_DIE);
-        /* Executive summary in case the oops scrolled away */
-        printk(KERN_ALERT "RIP ");
-        printk_address(regs->ip, 1);
-        printk(" RSP <%016lx>\n", regs->sp);
-        if (kexec_should_crash(current))
-                crash_kexec(regs);
-        return 0;
-}
-
-void die(const char *str, struct pt_regs *regs, long err)
-{
-        unsigned long flags = oops_begin();
-
-        if (!user_mode(regs))
-                report_bug(regs->ip, regs);
-
-        if (__die(str, regs, err))
-                regs = NULL;
-        oops_end(flags, regs, SIGSEGV);
-}
-
-notrace __kprobes void
-die_nmi(char *str, struct pt_regs *regs, int do_panic)
-{
-        unsigned long flags;
-
-        if (notify_die(DIE_NMIWATCHDOG, str, regs, 0, 2, SIGINT) == NOTIFY_STOP)
-                return;
-
-        flags = oops_begin();
-        /*
-         * We are in trouble anyway, lets at least try
-         * to get a message out.
-         */
-        printk(KERN_EMERG "%s", str);
-        printk(" on CPU%d, ip %08lx, registers:\n",
-                smp_processor_id(), regs->ip);
-        show_registers(regs);
-        if (kexec_should_crash(current))
-                crash_kexec(regs);
-        if (do_panic || panic_on_oops)
-                panic("Non maskable interrupt");
-        oops_end(flags, NULL, SIGBUS);
-        nmi_exit();
-        local_irq_enable();
-        do_exit(SIGBUS);
-}
-
-static void __kprobes
-do_trap(int trapnr, int signr, char *str, struct pt_regs *regs,
-        long error_code, siginfo_t *info)
-{
-        struct task_struct *tsk = current;
-
-        if (!user_mode(regs))
-                goto kernel_trap;
-
-        /*
-         * We want error_code and trap_no set for userspace faults and
-         * kernelspace faults which result in die(), but not
-         * kernelspace faults which are fixed up.  die() gives the
-         * process no chance to handle the signal and notice the
-         * kernel fault information, so that won't result in polluting
-         * the information about previously queued, but not yet
-         * delivered, faults.  See also do_general_protection below.
-         */
-        tsk->thread.error_code = error_code;
-        tsk->thread.trap_no = trapnr;
-
-        if (show_unhandled_signals && unhandled_signal(tsk, signr) &&
-            printk_ratelimit()) {
-                printk(KERN_INFO
-                       "%s[%d] trap %s ip:%lx sp:%lx error:%lx",
-                       tsk->comm, tsk->pid, str,
-                       regs->ip, regs->sp, error_code);
-                print_vma_addr(" in ", regs->ip);
-                printk("\n");
-        }
-
-        if (info)
-                force_sig_info(signr, info, tsk);
-        else
-                force_sig(signr, tsk);
-        return;
-
-kernel_trap:
-        if (!fixup_exception(regs)) {
-                tsk->thread.error_code = error_code;
-                tsk->thread.trap_no = trapnr;
-                die(str, regs, error_code);
-        }
-        return;
-}
-
-#define DO_ERROR(trapnr, signr, str, name) \
-asmlinkage void do_##name(struct pt_regs * regs, long error_code)       \
-{                                                                       \
-        if (notify_die(DIE_TRAP, str, regs, error_code, trapnr, signr)  \
-                                                        == NOTIFY_STOP) \
-                return;                                                 \
-        conditional_sti(regs);                                          \
-        do_trap(trapnr, signr, str, regs, error_code, NULL);            \
-}
-
-#define DO_ERROR_INFO(trapnr, signr, str, name, sicode, siaddr)         \
-asmlinkage void do_##name(struct pt_regs * regs, long error_code)       \
-{                                                                       \
-        siginfo_t info;                                                 \
-        info.si_signo = signr;                                          \
-        info.si_errno = 0;                                              \
-        info.si_code = sicode;                                          \
-        info.si_addr = (void __user *)siaddr;                           \
-        trace_hardirqs_fixup();                                         \
-        if (notify_die(DIE_TRAP, str, regs, error_code, trapnr, signr)  \
-                                                        == NOTIFY_STOP) \
-                return;                                                 \
-        conditional_sti(regs);                                          \
-        do_trap(trapnr, signr, str, regs, error_code, &info);           \
-}
-
-DO_ERROR_INFO(0, SIGFPE, "divide error", divide_error, FPE_INTDIV, regs->ip)
-DO_ERROR(4, SIGSEGV, "overflow", overflow)
-DO_ERROR(5, SIGSEGV, "bounds", bounds)
-DO_ERROR_INFO(6, SIGILL, "invalid opcode", invalid_op, ILL_ILLOPN, regs->ip)
-DO_ERROR(9, SIGFPE, "coprocessor segment overrun", coprocessor_segment_overrun)
-DO_ERROR(10, SIGSEGV, "invalid TSS", invalid_TSS)
-DO_ERROR(11, SIGBUS, "segment not present", segment_not_present)
-DO_ERROR_INFO(17, SIGBUS, "alignment check", alignment_check, BUS_ADRALN, 0)
-
-/* Runs on IST stack */
-asmlinkage void do_stack_segment(struct pt_regs *regs, long error_code)
-{
-        if (notify_die(DIE_TRAP, "stack segment", regs, error_code,
-                        12, SIGBUS) == NOTIFY_STOP)
-                return;
-        preempt_conditional_sti(regs);
-        do_trap(12, SIGBUS, "stack segment", regs, error_code, NULL);
-        preempt_conditional_cli(regs);
-}
-
-asmlinkage void do_double_fault(struct pt_regs * regs, long error_code)
-{
-        static const char str[] = "double fault";
-        struct task_struct *tsk = current;
-
-        /* Return not checked because double check cannot be ignored */
-        notify_die(DIE_TRAP, str, regs, error_code, 8, SIGSEGV);
-
-        tsk->thread.error_code = error_code;
-        tsk->thread.trap_no = 8;
-
-        /* This is always a kernel trap and never fixable (and thus must
-           never return). */
-        for (;;)
-                die(str, regs, error_code);
-}
-
-asmlinkage void __kprobes
-do_general_protection(struct pt_regs *regs, long error_code)
-{
-        struct task_struct *tsk;
-
-        conditional_sti(regs);
-
-        tsk = current;
-        if (!user_mode(regs))
-                goto gp_in_kernel;
-
-        tsk->thread.error_code = error_code;
-        tsk->thread.trap_no = 13;
-
-        if (show_unhandled_signals && unhandled_signal(tsk, SIGSEGV) &&
-                        printk_ratelimit()) {
-                printk(KERN_INFO
-                        "%s[%d] general protection ip:%lx sp:%lx error:%lx",
-                        tsk->comm, tsk->pid,
-                        regs->ip, regs->sp, error_code);
-                print_vma_addr(" in ", regs->ip);
-                printk("\n");
-        }
-
-        force_sig(SIGSEGV, tsk);
-        return;
-
-gp_in_kernel:
-        if (fixup_exception(regs))
-                return;
-
-        tsk->thread.error_code = error_code;
-        tsk->thread.trap_no = 13;
-        if (notify_die(DIE_GPF, "general protection fault", regs,
-                                error_code, 13, SIGSEGV) == NOTIFY_STOP)
-                return;
-        die("general protection fault", regs, error_code);
-}
-
-static notrace __kprobes void
-mem_parity_error(unsigned char reason, struct pt_regs *regs)
-{
-        printk(KERN_EMERG "Uhhuh. NMI received for unknown reason %02x.\n",
-                reason);
-        printk(KERN_EMERG "You have some hardware problem, likely on the PCI bus.\n");
-
-#if defined(CONFIG_EDAC)
-        if (edac_handler_set()) {
-                edac_atomic_assert_error();
-                return;
-        }
-#endif
-
-        if (panic_on_unrecovered_nmi)
-                panic("NMI: Not continuing");
-
-        printk(KERN_EMERG "Dazed and confused, but trying to continue\n");
-
-        /* Clear and disable the memory parity error line. */
-        reason = (reason & 0xf) | 4;
-        outb(reason, 0x61);
-}
-
-static notrace __kprobes void
-io_check_error(unsigned char reason, struct pt_regs *regs)
-{
-        printk("NMI: IOCK error (debug interrupt?)\n");
-        show_registers(regs);
-
-        /* Re-enable the IOCK line, wait for a few seconds */
-        reason = (reason & 0xf) | 8;
-        outb(reason, 0x61);
-        mdelay(2000);
-        reason &= ~8;
-        outb(reason, 0x61);
-}
-
-static notrace __kprobes void
-unknown_nmi_error(unsigned char reason, struct pt_regs * regs)
-{
-        if (notify_die(DIE_NMIUNKNOWN, "nmi", regs, reason, 2, SIGINT) == NOTIFY_STOP)
-                return;
-        printk(KERN_EMERG "Uhhuh. NMI received for unknown reason %02x.\n",
-                reason);
-        printk(KERN_EMERG "Do you have a strange power saving mode enabled?\n");
-
-        if (panic_on_unrecovered_nmi)
-                panic("NMI: Not continuing");
-
-        printk(KERN_EMERG "Dazed and confused, but trying to continue\n");
-}
-
-/* Runs on IST stack. This code must keep interrupts off all the time.
-   Nested NMIs are prevented by the CPU. */
-asmlinkage notrace __kprobes void default_do_nmi(struct pt_regs *regs)
-{
-        unsigned char reason = 0;
-        int cpu;
-
-        cpu = smp_processor_id();
-
-        /* Only the BSP gets external NMIs from the system. */
-        if (!cpu)
-                reason = get_nmi_reason();
-
-        if (!(reason & 0xc0)) {
-                if (notify_die(DIE_NMI_IPI, "nmi_ipi", regs, reason, 2, SIGINT)
-                                                                == NOTIFY_STOP)
-                        return;
-                /*
-                 * Ok, so this is none of the documented NMI sources,
-                 * so it must be the NMI watchdog.
-                 */
-                if (nmi_watchdog_tick(regs, reason))
-                        return;
-                if (!do_nmi_callback(regs, cpu))
-                        unknown_nmi_error(reason, regs);
-
-                return;
-        }
-        if (notify_die(DIE_NMI, "nmi", regs, reason, 2, SIGINT) == NOTIFY_STOP)
-                return;
-
-        /* AK: following checks seem to be broken on modern chipsets. FIXME */
-        if (reason & 0x80)
-                mem_parity_error(reason, regs);
-        if (reason & 0x40)
-                io_check_error(reason, regs);
-}
-
-asmlinkage notrace __kprobes void
-do_nmi(struct pt_regs *regs, long error_code)
-{
-        nmi_enter();
-
-        add_pda(__nmi_count, 1);
-
-        if (!ignore_nmis)
-                default_do_nmi(regs);
-
-        nmi_exit();
-}
-
-void stop_nmi(void)
-{
-        acpi_nmi_disable();
-        ignore_nmis++;
-}
-
-void restart_nmi(void)
-{
-        ignore_nmis--;
-        acpi_nmi_enable();
-}
-
-/* runs on IST stack. */
-asmlinkage void __kprobes do_int3(struct pt_regs *regs, long error_code)
-{
-        trace_hardirqs_fixup();
-
-        if (notify_die(DIE_INT3, "int3", regs, error_code, 3, SIGTRAP)
-                        == NOTIFY_STOP)
-                return;
-
-        preempt_conditional_sti(regs);
-        do_trap(3, SIGTRAP, "int3", regs, error_code, NULL);
-        preempt_conditional_cli(regs);
-}
-
-/* Help handler running on IST stack to switch back to user stack
-   for scheduling or signal handling. The actual stack switch is done in
-   entry.S */
-asmlinkage __kprobes struct pt_regs *sync_regs(struct pt_regs *eregs)
-{
-        struct pt_regs *regs = eregs;
-        /* Did already sync */
-        if (eregs == (struct pt_regs *)eregs->sp)
-                ;
-        /* Exception from user space */
-        else if (user_mode(eregs))
-                regs = task_pt_regs(current);
-        /* Exception from kernel and interrupts are enabled. Move to
-           kernel process stack. */
-        else if (eregs->flags & X86_EFLAGS_IF)
-                regs = (struct pt_regs *)(eregs->sp -= sizeof(struct pt_regs));
-        if (eregs != regs)
-                *regs = *eregs;
-        return regs;
-}
-
-/* runs on IST stack. */
-asmlinkage void __kprobes do_debug(struct pt_regs * regs,
-                                   unsigned long error_code)
-{
-        struct task_struct *tsk = current;
-        unsigned long condition;
-        siginfo_t info;
-
-        trace_hardirqs_fixup();
-
-        get_debugreg(condition, 6);
-
-        /*
-         * The processor cleared BTF, so don't mark that we need it set.
-         */
-        clear_tsk_thread_flag(tsk, TIF_DEBUGCTLMSR);
-        tsk->thread.debugctlmsr = 0;
-
-        if (notify_die(DIE_DEBUG, "debug", regs, condition, error_code,
-                                                SIGTRAP) == NOTIFY_STOP)
-                return;
-
-        preempt_conditional_sti(regs);
-
-        /* Mask out spurious debug traps due to lazy DR7 setting */
-        if (condition & (DR_TRAP0|DR_TRAP1|DR_TRAP2|DR_TRAP3)) {
-                if (!tsk->thread.debugreg7)
-                        goto clear_dr7;
-        }
-
-        tsk->thread.debugreg6 = condition;
-
-        /*
-         * Single-stepping through TF: make sure we ignore any events in
-         * kernel space (but re-enable TF when returning to user mode).
-         */
-        if (condition & DR_STEP) {
-                if (!user_mode(regs))
-                        goto clear_TF_reenable;
-        }
-
-        /* Ok, finally something we can handle */
-        tsk->thread.trap_no = 1;
-        tsk->thread.error_code = error_code;
-        info.si_signo = SIGTRAP;
-        info.si_errno = 0;
-        info.si_code = TRAP_BRKPT;
-        info.si_addr = user_mode(regs) ? (void __user *)regs->ip : NULL;
-        force_sig_info(SIGTRAP, &info, tsk);
-
-clear_dr7:
-        set_debugreg(0, 7);
-        preempt_conditional_cli(regs);
-        return;
-
-clear_TF_reenable:
-        set_tsk_thread_flag(tsk, TIF_SINGLESTEP);
-        regs->flags &= ~X86_EFLAGS_TF;
-        preempt_conditional_cli(regs);
-        return;
-}
-
-static int kernel_math_error(struct pt_regs *regs, const char *str, int trapnr)
-{
-        if (fixup_exception(regs))
-                return 1;
-
-        notify_die(DIE_GPF, str, regs, 0, trapnr, SIGFPE);
-        /* Illegal floating point operation in the kernel */
-        current->thread.trap_no = trapnr;
-        die(str, regs, 0);
-        return 0;
-}
-
-/*
- * Note that we play around with the 'TS' bit in an attempt to get
- * the correct behaviour even in the presence of the asynchronous
- * IRQ13 behaviour
- */
-asmlinkage void do_coprocessor_error(struct pt_regs *regs)
-{
-        void __user *ip = (void __user *)(regs->ip);
-        struct task_struct *task;
-        siginfo_t info;
-        unsigned short cwd, swd;
-
-        conditional_sti(regs);
-        if (!user_mode(regs) &&
-            kernel_math_error(regs, "kernel x87 math error", 16))
-                return;
-
-        /*
-         * Save the info for the exception handler and clear the error.
-         */
-        task = current;
-        save_init_fpu(task);
-        task->thread.trap_no = 16;
-        task->thread.error_code = 0;
-        info.si_signo = SIGFPE;
-        info.si_errno = 0;
-        info.si_code = __SI_FAULT;
-        info.si_addr = ip;
-        /*
-         * (~cwd & swd) will mask out exceptions that are not set to unmasked
-         * status.  0x3f is the exception bits in these regs, 0x200 is the
-         * C1 reg you need in case of a stack fault, 0x040 is the stack
-         * fault bit.  We should only be taking one exception at a time,
-         * so if this combination doesn't produce any single exception,
-         * then we have a bad program that isn't synchronizing its FPU usage
-         * and it will suffer the consequences since we won't be able to
-         * fully reproduce the context of the exception
-         */
-        cwd = get_fpu_cwd(task);
-        swd = get_fpu_swd(task);
-        switch (swd & ~cwd & 0x3f) {
-        case 0x000: /* No unmasked exception */
-        default: /* Multiple exceptions */
-                break;
-        case 0x001: /* Invalid Op */
-                /*
-                 * swd & 0x240 == 0x040: Stack Underflow
-                 * swd & 0x240 == 0x240: Stack Overflow
-                 * User must clear the SF bit (0x40) if set
-                 */
-                info.si_code = FPE_FLTINV;
-                break;
-        case 0x002: /* Denormalize */
-        case 0x010: /* Underflow */
-                info.si_code = FPE_FLTUND;
-                break;
-        case 0x004: /* Zero Divide */
-                info.si_code = FPE_FLTDIV;
-                break;
-        case 0x008: /* Overflow */
-                info.si_code = FPE_FLTOVF;
-                break;
-        case 0x020: /* Precision */
-                info.si_code = FPE_FLTRES;
-                break;
-        }
-        force_sig_info(SIGFPE, &info, task);
-}
-
-asmlinkage void bad_intr(void)
-{
-        printk("bad interrupt"); 
-}
-
-asmlinkage void do_simd_coprocessor_error(struct pt_regs *regs)
-{
-        void __user *ip = (void __user *)(regs->ip);
-        struct task_struct *task;
-        siginfo_t info;
-        unsigned short mxcsr;
-
-        conditional_sti(regs);
-        if (!user_mode(regs) &&
-                kernel_math_error(regs, "kernel simd math error", 19))
-                return;
-
-        /*
-         * Save the info for the exception handler and clear the error.
-         */
-        task = current;
-        save_init_fpu(task);
-        task->thread.trap_no = 19;
-        task->thread.error_code = 0;
-        info.si_signo = SIGFPE;
-        info.si_errno = 0;
-        info.si_code = __SI_FAULT;
-        info.si_addr = ip;
-        /*
-         * The SIMD FPU exceptions are handled a little differently, as there
-         * is only a single status/control register.  Thus, to determine which
-         * unmasked exception was caught we must mask the exception mask bits
-         * at 0x1f80, and then use these to mask the exception bits at 0x3f.
-         */
-        mxcsr = get_fpu_mxcsr(task);
-        switch (~((mxcsr & 0x1f80) >> 7) & (mxcsr & 0x3f)) {
-        case 0x000:
-        default:
-                break;
-        case 0x001: /* Invalid Op */
-                info.si_code = FPE_FLTINV;
-                break;
-        case 0x002: /* Denormalize */
-        case 0x010: /* Underflow */
-                info.si_code = FPE_FLTUND;
-                break;
-        case 0x004: /* Zero Divide */
-                info.si_code = FPE_FLTDIV;
-                break;
-        case 0x008: /* Overflow */
-                info.si_code = FPE_FLTOVF;
-                break;
-        case 0x020: /* Precision */
-                info.si_code = FPE_FLTRES;
-                break;
-        }
-        force_sig_info(SIGFPE, &info, task);
-}
-
-asmlinkage void do_spurious_interrupt_bug(struct pt_regs * regs)
-{
-}
-
-asmlinkage void __attribute__((weak)) smp_thermal_interrupt(void)
-{
-}
-
-asmlinkage void __attribute__((weak)) mce_threshold_interrupt(void)
-{
-}
-
-/*
- * 'math_state_restore()' saves the current math information in the
- * old math state array, and gets the new ones from the current task
- *
- * Careful.. There are problems with IBM-designed IRQ13 behaviour.
- * Don't touch unless you *really* know how it works.
- */
-asmlinkage void math_state_restore(void)
-{
-        struct task_struct *me = current;
-
-        if (!used_math()) {
-                local_irq_enable();
-                /*
-                 * does a slab alloc which can sleep
-                 */
-                if (init_fpu(me)) {
-                        /*
-                         * ran out of memory!
-                         */
-                        do_group_exit(SIGKILL);
-                        return;
-                }
-                local_irq_disable();
-        }
-
-        clts();                         /* Allow maths ops (or we recurse) */
-        /*
-         * Paranoid restore. send a SIGSEGV if we fail to restore the state.
-         */
-        if (unlikely(restore_fpu_checking(&me->thread.xstate->fxsave))) {
-                stts();
-                force_sig(SIGSEGV, me);
-                return;
-        }
-        task_thread_info(me)->status |= TS_USEDFPU;
-        me->fpu_counter++;
-}
-EXPORT_SYMBOL_GPL(math_state_restore);
-
-void __init trap_init(void)
-{
-        set_intr_gate(0, &divide_error);
-        set_intr_gate_ist(1, &debug, DEBUG_STACK);
-        set_intr_gate_ist(2, &nmi, NMI_STACK);
-        set_system_gate_ist(3, &int3, DEBUG_STACK); /* int3 can be called from all */
-        set_system_gate(4, &overflow); /* int4 can be called from all */
-        set_intr_gate(5, &bounds);
-        set_intr_gate(6, &invalid_op);
-        set_intr_gate(7, &device_not_available);
-        set_intr_gate_ist(8, &double_fault, DOUBLEFAULT_STACK);
-        set_intr_gate(9, &coprocessor_segment_overrun);
-        set_intr_gate(10, &invalid_TSS);
-        set_intr_gate(11, &segment_not_present);
-        set_intr_gate_ist(12, &stack_segment, STACKFAULT_STACK);
-        set_intr_gate(13, &general_protection);
-        set_intr_gate(14, &page_fault);
-        set_intr_gate(15, &spurious_interrupt_bug);
-        set_intr_gate(16, &coprocessor_error);
-        set_intr_gate(17, &alignment_check);
-#ifdef CONFIG_X86_MCE
-        set_intr_gate_ist(18, &machine_check, MCE_STACK);
-#endif
-        set_intr_gate(19, &simd_coprocessor_error);
-
-#ifdef CONFIG_IA32_EMULATION
-        set_system_gate(IA32_SYSCALL_VECTOR, ia32_syscall);
-#endif
-        /*
-         * initialize the per thread extended state:
-         */
-        init_thread_xstate();
-        /*
-         * Should be a barrier for any external CPU state:
-         */
-        cpu_init();
-}
-
-static int __init oops_setup(char *s)
-{
-        if (!s)
-                return -EINVAL;
-        if (!strcmp(s, "panic"))
-                panic_on_oops = 1;
-        return 0;
-}
-early_param("oops", oops_setup);
-
-static int __init kstack_setup(char *s)
-{
-        if (!s)
-                return -EINVAL;
-        kstack_depth_to_print = simple_strtoul(s, NULL, 0);
-        return 0;
-}
-early_param("kstack", kstack_setup);
-
-static int __init code_bytes_setup(char *s)
-{
-        code_bytes = simple_strtoul(s, NULL, 0);
-        if (code_bytes > 8192)
-                code_bytes = 8192;
-
-        return 1;
-}
-__setup("code_bytes=", code_bytes_setup);
diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c
index 8f98e9de1b82..161bb850fc47 100644
--- a/arch/x86/kernel/tsc.c
+++ b/arch/x86/kernel/tsc.c
@@ -104,7 +104,7 @@ __setup("notsc", notsc_setup);
 /*
  * Read TSC and the reference counters. Take care of SMI disturbance
  */
-static u64 tsc_read_refs(u64 *pm, u64 *hpet)
+static u64 tsc_read_refs(u64 *p, int hpet)
 {
         u64 t1, t2;
         int i;
@@ -112,9 +112,9 @@ static u64 tsc_read_refs(u64 *pm, u64 *hpet)
         for (i = 0; i < MAX_RETRIES; i++) {
                 t1 = get_cycles();
                 if (hpet)
-                        *hpet = hpet_readl(HPET_COUNTER) & 0xFFFFFFFF;
+                        *p = hpet_readl(HPET_COUNTER) & 0xFFFFFFFF;
                 else
-                        *pm = acpi_pm_read_early();
+                        *p = acpi_pm_read_early();
                 t2 = get_cycles();
                 if ((t2 - t1) < SMI_TRESHOLD)
                         return t2;
@@ -123,13 +123,59 @@ static u64 tsc_read_refs(u64 *pm, u64 *hpet)
 }
 
 /*
+ * Calculate the TSC frequency from HPET reference
+ */
+static unsigned long calc_hpet_ref(u64 deltatsc, u64 hpet1, u64 hpet2)
+{
+        u64 tmp;
+
+        if (hpet2 < hpet1)
+                hpet2 += 0x100000000ULL;
+        hpet2 -= hpet1;
+        tmp = ((u64)hpet2 * hpet_readl(HPET_PERIOD));
+        do_div(tmp, 1000000);
+        do_div(deltatsc, tmp);
+
+        return (unsigned long) deltatsc;
+}
+
+/*
+ * Calculate the TSC frequency from PMTimer reference
+ */
+static unsigned long calc_pmtimer_ref(u64 deltatsc, u64 pm1, u64 pm2)
+{
+        u64 tmp;
+
+        if (!pm1 && !pm2)
+                return ULONG_MAX;
+
+        if (pm2 < pm1)
+                pm2 += (u64)ACPI_PM_OVRRUN;
+        pm2 -= pm1;
+        tmp = pm2 * 1000000000LL;
+        do_div(tmp, PMTMR_TICKS_PER_SEC);
+        do_div(deltatsc, tmp);
+
+        return (unsigned long) deltatsc;
+}
+
+#define CAL_MS          10
+#define CAL_LATCH       (CLOCK_TICK_RATE / (1000 / CAL_MS))
+#define CAL_PIT_LOOPS   1000
+
+#define CAL2_MS         50
+#define CAL2_LATCH      (CLOCK_TICK_RATE / (1000 / CAL2_MS))
+#define CAL2_PIT_LOOPS  5000
+
+
+/*
  * Try to calibrate the TSC against the Programmable
  * Interrupt Timer and return the frequency of the TSC
  * in kHz.
  *
  * Return ULONG_MAX on failure to calibrate.
  */
-static unsigned long pit_calibrate_tsc(void)
+static unsigned long pit_calibrate_tsc(u32 latch, unsigned long ms, int loopmin)
 {
         u64 tsc, t1, t2, delta;
         unsigned long tscmin, tscmax;
@@ -144,8 +190,8 @@ static unsigned long pit_calibrate_tsc(void)
          * (LSB then MSB) to begin countdown.
          */
         outb(0xb0, 0x43);
-        outb((CLOCK_TICK_RATE / (1000 / 50)) & 0xff, 0x42);
-        outb((CLOCK_TICK_RATE / (1000 / 50)) >> 8, 0x42);
+        outb(latch & 0xff, 0x42);
+        outb(latch >> 8, 0x42);
 
         tsc = t1 = t2 = get_cycles();
 
@@ -166,31 +212,154 @@ static unsigned long pit_calibrate_tsc(void)
         /*
          * Sanity checks:
          *
-         * If we were not able to read the PIT more than 5000
+         * If we were not able to read the PIT more than loopmin
          * times, then we have been hit by a massive SMI
          *
          * If the maximum is 10 times larger than the minimum,
          * then we got hit by an SMI as well.
          */
-        if (pitcnt < 5000 || tscmax > 10 * tscmin)
+        if (pitcnt < loopmin || tscmax > 10 * tscmin)
                 return ULONG_MAX;
 
         /* Calculate the PIT value */
         delta = t2 - t1;
-        do_div(delta, 50);
+        do_div(delta, ms);
         return delta;
 }
 
+/*
+ * This reads the current MSB of the PIT counter, and
+ * checks if we are running on sufficiently fast and
+ * non-virtualized hardware.
+ *
+ * Our expectations are:
+ *
+ *  - the PIT is running at roughly 1.19MHz
+ *
+ *  - each IO is going to take about 1us on real hardware,
+ *    but we allow it to be much faster (by a factor of 10) or
+ *    _slightly_ slower (ie we allow up to a 2us read+counter
+ *    update - anything else implies a unacceptably slow CPU
+ *    or PIT for the fast calibration to work.
+ *
+ *  - with 256 PIT ticks to read the value, we have 214us to
+ *    see the same MSB (and overhead like doing a single TSC
+ *    read per MSB value etc).
+ *
+ *  - We're doing 2 reads per loop (LSB, MSB), and we expect
+ *    them each to take about a microsecond on real hardware.
+ *    So we expect a count value of around 100. But we'll be
+ *    generous, and accept anything over 50.
+ *
+ *  - if the PIT is stuck, and we see *many* more reads, we
+ *    return early (and the next caller of pit_expect_msb()
+ *    then consider it a failure when they don't see the
+ *    next expected value).
+ *
+ * These expectations mean that we know that we have seen the
+ * transition from one expected value to another with a fairly
+ * high accuracy, and we didn't miss any events. We can thus
+ * use the TSC value at the transitions to calculate a pretty
+ * good value for the TSC frequencty.
+ */
+static inline int pit_expect_msb(unsigned char val)
+{
+        int count = 0;
+
+        for (count = 0; count < 50000; count++) {
+                /* Ignore LSB */
+                inb(0x42);
+                if (inb(0x42) != val)
+                        break;
+        }
+        return count > 50;
+}
+
+/*
+ * How many MSB values do we want to see? We aim for a
+ * 15ms calibration, which assuming a 2us counter read
+ * error should give us roughly 150 ppm precision for
+ * the calibration.
+ */
+#define QUICK_PIT_MS 15
+#define QUICK_PIT_ITERATIONS (QUICK_PIT_MS * PIT_TICK_RATE / 1000 / 256)
+
+static unsigned long quick_pit_calibrate(void)
+{
+        /* Set the Gate high, disable speaker */
+        outb((inb(0x61) & ~0x02) | 0x01, 0x61);
+
+        /*
+         * Counter 2, mode 0 (one-shot), binary count
+         *
+         * NOTE! Mode 2 decrements by two (and then the
+         * output is flipped each time, giving the same
+         * final output frequency as a decrement-by-one),
+         * so mode 0 is much better when looking at the
+         * individual counts.
+         */
+        outb(0xb0, 0x43);
+
+        /* Start at 0xffff */
+        outb(0xff, 0x42);
+        outb(0xff, 0x42);
+
+        if (pit_expect_msb(0xff)) {
+                int i;
+                u64 t1, t2, delta;
+                unsigned char expect = 0xfe;
+
+                t1 = get_cycles();
+                for (i = 0; i < QUICK_PIT_ITERATIONS; i++, expect--) {
+                        if (!pit_expect_msb(expect))
+                                goto failed;
+                }
+                t2 = get_cycles();
+
+                /*
+                 * Make sure we can rely on the second TSC timestamp:
+                 */
+                if (!pit_expect_msb(expect))
+                        goto failed;
+
+                /*
+                 * Ok, if we get here, then we've seen the
+                 * MSB of the PIT decrement QUICK_PIT_ITERATIONS
+                 * times, and each MSB had many hits, so we never
+                 * had any sudden jumps.
+                 *
+                 * As a result, we can depend on there not being
+                 * any odd delays anywhere, and the TSC reads are
+                 * reliable.
+                 *
+                 * kHz = ticks / time-in-seconds / 1000;
+                 * kHz = (t2 - t1) / (QPI * 256 / PIT_TICK_RATE) / 1000
+                 * kHz = ((t2 - t1) * PIT_TICK_RATE) / (QPI * 256 * 1000)
+                 */
+                delta = (t2 - t1)*PIT_TICK_RATE;
+                do_div(delta, QUICK_PIT_ITERATIONS*256*1000);
+                printk("Fast TSC calibration using PIT\n");
+                return delta;
+        }
+failed:
+        return 0;
+}
 
 /**
  * native_calibrate_tsc - calibrate the tsc on boot
  */
 unsigned long native_calibrate_tsc(void)
 {
-        u64 tsc1, tsc2, delta, pm1, pm2, hpet1, hpet2;
+        u64 tsc1, tsc2, delta, ref1, ref2;
         unsigned long tsc_pit_min = ULONG_MAX, tsc_ref_min = ULONG_MAX;
-        unsigned long flags;
-        int hpet = is_hpet_enabled(), i;
+        unsigned long flags, latch, ms, fast_calibrate;
+        int hpet = is_hpet_enabled(), i, loopmin;
+
+        local_irq_save(flags);
+        fast_calibrate = quick_pit_calibrate();
+        local_irq_restore(flags);
+        if (fast_calibrate)
+                return fast_calibrate;
 
         /*
          * Run 5 calibration loops to get the lowest frequency value
@@ -216,7 +385,13 @@ unsigned long native_calibrate_tsc(void)
          * calibration delay loop as we have to wait for a certain
          * amount of time anyway.
          */
-        for (i = 0; i < 5; i++) {
+
+        /* Preset PIT loop values */
+        latch = CAL_LATCH;
+        ms = CAL_MS;
+        loopmin = CAL_PIT_LOOPS;
+
+        for (i = 0; i < 3; i++) {
                 unsigned long tsc_pit_khz;
 
                 /*
@@ -226,16 +401,16 @@ unsigned long native_calibrate_tsc(void)
                  * read the end value.
                  */
                 local_irq_save(flags);
-                tsc1 = tsc_read_refs(&pm1, hpet ? &hpet1 : NULL);
-                tsc_pit_khz = pit_calibrate_tsc();
-                tsc2 = tsc_read_refs(&pm2, hpet ? &hpet2 : NULL);
+                tsc1 = tsc_read_refs(&ref1, hpet);
+                tsc_pit_khz = pit_calibrate_tsc(latch, ms, loopmin);
+                tsc2 = tsc_read_refs(&ref2, hpet);
                 local_irq_restore(flags);
 
                 /* Pick the lowest PIT TSC calibration so far */
                 tsc_pit_min = min(tsc_pit_min, tsc_pit_khz);
 
                 /* hpet or pmtimer available ? */
-                if (!hpet && !pm1 && !pm2)
+                if (!hpet && !ref1 && !ref2)
                         continue;
 
                 /* Check, whether the sampling was disturbed by an SMI */
@@ -243,23 +418,41 @@ unsigned long native_calibrate_tsc(void)
                         continue;
 
                 tsc2 = (tsc2 - tsc1) * 1000000LL;
+                if (hpet)
+                        tsc2 = calc_hpet_ref(tsc2, ref1, ref2);
+                else
+                        tsc2 = calc_pmtimer_ref(tsc2, ref1, ref2);
 
-                if (hpet) {
-                        if (hpet2 < hpet1)
-                                hpet2 += 0x100000000ULL;
-                        hpet2 -= hpet1;
-                        tsc1 = ((u64)hpet2 * hpet_readl(HPET_PERIOD));
-                        do_div(tsc1, 1000000);
-                } else {
-                        if (pm2 < pm1)
-                                pm2 += (u64)ACPI_PM_OVRRUN;
-                        pm2 -= pm1;
-                        tsc1 = pm2 * 1000000000LL;
-                        do_div(tsc1, PMTMR_TICKS_PER_SEC);
+                tsc_ref_min = min(tsc_ref_min, (unsigned long) tsc2);
+
+                /* Check the reference deviation */
+                delta = ((u64) tsc_pit_min) * 100;
+                do_div(delta, tsc_ref_min);
+
+                /*
+                 * If both calibration results are inside a 10% window
+                 * then we can be sure, that the calibration
+                 * succeeded. We break out of the loop right away. We
+                 * use the reference value, as it is more precise.
+                 */
+                if (delta >= 90 && delta <= 110) {
+                        printk(KERN_INFO
+                               "TSC: PIT calibration matches %s. %d loops\n",
+                               hpet ? "HPET" : "PMTIMER", i + 1);
+                        return tsc_ref_min;
                 }
 
-                do_div(tsc2, tsc1);
-                tsc_ref_min = min(tsc_ref_min, (unsigned long) tsc2);
+                /*
+                 * Check whether PIT failed more than once. This
+                 * happens in virtualized environments. We need to
+                 * give the virtual PC a slightly longer timeframe for
+                 * the HPET/PMTIMER to make the result precise.
+                 */
+                if (i == 1 && tsc_pit_min == ULONG_MAX) {
+                        latch = CAL2_LATCH;
+                        ms = CAL2_MS;
+                        loopmin = CAL2_PIT_LOOPS;
+                }
         }
 
         /*
@@ -270,7 +463,7 @@ unsigned long native_calibrate_tsc(void)
                 printk(KERN_WARNING "TSC: Unable to calibrate against PIT\n");
 
                 /* We don't have an alternative source, disable TSC */
-                if (!hpet && !pm1 && !pm2) {
+                if (!hpet && !ref1 && !ref2) {
                         printk("TSC: No reference (HPET/PMTIMER) available\n");
                         return 0;
                 }
@@ -278,7 +471,7 @@ unsigned long native_calibrate_tsc(void)
                 /* The alternative source failed as well, disable TSC */
                 if (tsc_ref_min == ULONG_MAX) {
                         printk(KERN_WARNING "TSC: HPET/PMTIMER calibration "
-                               "failed due to SMI disturbance.\n");
+                               "failed.\n");
                         return 0;
                 }
 
@@ -290,44 +483,25 @@ unsigned long native_calibrate_tsc(void)
         }
 
         /* We don't have an alternative source, use the PIT calibration value */
-        if (!hpet && !pm1 && !pm2) {
+        if (!hpet && !ref1 && !ref2) {
                 printk(KERN_INFO "TSC: Using PIT calibration value\n");
                 return tsc_pit_min;
         }
 
         /* The alternative source failed, use the PIT calibration value */
         if (tsc_ref_min == ULONG_MAX) {
-                printk(KERN_WARNING "TSC: HPET/PMTIMER calibration failed due "
-                       "to SMI disturbance. Using PIT calibration\n");
+                printk(KERN_WARNING "TSC: HPET/PMTIMER calibration failed. "
+                       "Using PIT calibration\n");
                 return tsc_pit_min;
         }
 
-        /* Check the reference deviation */
-        delta = ((u64) tsc_pit_min) * 100;
-        do_div(delta, tsc_ref_min);
-
-        /*
-         * If both calibration results are inside a 5% window, the we
-         * use the lower frequency of those as it is probably the
-         * closest estimate.
-         */
-        if (delta >= 95 && delta <= 105) {
-                printk(KERN_INFO "TSC: PIT calibration confirmed by %s.\n",
-                       hpet ? "HPET" : "PMTIMER");
-                printk(KERN_INFO "TSC: using %s calibration value\n",
-                       tsc_pit_min <= tsc_ref_min ? "PIT" :
-                       hpet ? "HPET" : "PMTIMER");
-                return tsc_pit_min <= tsc_ref_min ? tsc_pit_min : tsc_ref_min;
-        }
-
-        printk(KERN_WARNING "TSC: PIT calibration deviates from %s: %lu %lu.\n",
-               hpet ? "HPET" : "PMTIMER", tsc_pit_min, tsc_ref_min);
-
         /*
          * The calibration values differ too much. In doubt, we use
          * the PIT value as we know that there are PMTIMERs around
-         * running at double speed.
+         * running at double speed. At least we let the user know:
          */
+        printk(KERN_WARNING "TSC: PIT calibration deviates from %s: %lu %lu.\n",
+               hpet ? "HPET" : "PMTIMER", tsc_pit_min, tsc_ref_min);
         printk(KERN_INFO "TSC: Using PIT calibration value\n");
         return tsc_pit_min;
 }
diff --git a/arch/x86/kernel/visws_quirks.c b/arch/x86/kernel/visws_quirks.c
index 594ef47f0a63..61a97e616f70 100644
--- a/arch/x86/kernel/visws_quirks.c
+++ b/arch/x86/kernel/visws_quirks.c
@@ -25,45 +25,31 @@
 #include <asm/visws/cobalt.h>
 #include <asm/visws/piix4.h>
 #include <asm/arch_hooks.h>
+#include <asm/io_apic.h>
 #include <asm/fixmap.h>
 #include <asm/reboot.h>
 #include <asm/setup.h>
 #include <asm/e820.h>
-#include <asm/smp.h>
 #include <asm/io.h>
 
 #include <mach_ipi.h>
 
 #include "mach_apic.h"
 
-#include <linux/init.h>
-#include <linux/smp.h>
-
 #include <linux/kernel_stat.h>
-#include <linux/interrupt.h>
-#include <linux/init.h>
 
-#include <asm/io.h>
-#include <asm/apic.h>
 #include <asm/i8259.h>
 #include <asm/irq_vectors.h>
-#include <asm/visws/cobalt.h>
 #include <asm/visws/lithium.h>
-#include <asm/visws/piix4.h>
 
 #include <linux/sched.h>
 #include <linux/kernel.h>
-#include <linux/init.h>
 #include <linux/pci.h>
 #include <linux/pci_ids.h>
 
 extern int no_broadcast;
 
-#include <asm/io.h>
 #include <asm/apic.h>
-#include <asm/arch_hooks.h>
-#include <asm/visws/cobalt.h>
-#include <asm/visws/lithium.h>
 
 char visws_board_type   = -1;
 char visws_board_rev    = -1;
diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c
index 38f566fa27d2..4eeb5cf9720d 100644
--- a/arch/x86/kernel/vm86_32.c
+++ b/arch/x86/kernel/vm86_32.c
@@ -46,6 +46,7 @@
 #include <asm/io.h>
 #include <asm/tlbflush.h>
 #include <asm/irq.h>
+#include <asm/syscalls.h>
 
 /*
  * Known problems:
diff --git a/arch/x86/kernel/vmi_32.c b/arch/x86/kernel/vmi_32.c
index 6ca515d6db54..8b6c393ab9fd 100644
--- a/arch/x86/kernel/vmi_32.c
+++ b/arch/x86/kernel/vmi_32.c
@@ -235,7 +235,7 @@ static void vmi_write_ldt_entry(struct desc_struct *dt, int entry,
                                 const void *desc)
 {
         u32 *ldt_entry = (u32 *)desc;
-        vmi_ops.write_idt_entry(dt, entry, ldt_entry[0], ldt_entry[1]);
+        vmi_ops.write_ldt_entry(dt, entry, ldt_entry[0], ldt_entry[1]);
 }
 
 static void vmi_load_sp0(struct tss_struct *tss,
@@ -393,13 +393,13 @@ static void *vmi_kmap_atomic_pte(struct page *page, enum km_type type)
 }
 #endif
 
-static void vmi_allocate_pte(struct mm_struct *mm, u32 pfn)
+static void vmi_allocate_pte(struct mm_struct *mm, unsigned long pfn)
 {
         vmi_set_page_type(pfn, VMI_PAGE_L1);
         vmi_ops.allocate_page(pfn, VMI_PAGE_L1, 0, 0, 0);
 }
 
-static void vmi_allocate_pmd(struct mm_struct *mm, u32 pfn)
+static void vmi_allocate_pmd(struct mm_struct *mm, unsigned long pfn)
 {
         /*
          * This call comes in very early, before mem_map is setup.
@@ -410,20 +410,20 @@ static void vmi_allocate_pmd(struct mm_struct *mm, u32 pfn)
         vmi_ops.allocate_page(pfn, VMI_PAGE_L2, 0, 0, 0);
 }
 
-static void vmi_allocate_pmd_clone(u32 pfn, u32 clonepfn, u32 start, u32 count)
+static void vmi_allocate_pmd_clone(unsigned long pfn, unsigned long clonepfn, unsigned long start, unsigned long count)
 {
         vmi_set_page_type(pfn, VMI_PAGE_L2 | VMI_PAGE_CLONE);
         vmi_check_page_type(clonepfn, VMI_PAGE_L2);
         vmi_ops.allocate_page(pfn, VMI_PAGE_L2 | VMI_PAGE_CLONE, clonepfn, start, count);
 }
 
-static void vmi_release_pte(u32 pfn)
+static void vmi_release_pte(unsigned long pfn)
 {
         vmi_ops.release_page(pfn, VMI_PAGE_L1);
         vmi_set_page_type(pfn, VMI_PAGE_NORMAL);
 }
 
-static void vmi_release_pmd(u32 pfn)
+static void vmi_release_pmd(unsigned long pfn)
 {
         vmi_ops.release_page(pfn, VMI_PAGE_L2);
         vmi_set_page_type(pfn, VMI_PAGE_NORMAL);
@@ -905,8 +905,8 @@ static inline int __init activate_vmi(void)
 #endif
 
 #ifdef CONFIG_X86_LOCAL_APIC
-        para_fill(pv_apic_ops.apic_read, APICRead);
-        para_fill(pv_apic_ops.apic_write, APICWrite);
+       para_fill(apic_ops->read, APICRead);
+       para_fill(apic_ops->write, APICWrite);
 #endif
 
         /*
diff --git a/arch/x86/kernel/vmlinux_32.lds.S b/arch/x86/kernel/vmlinux_32.lds.S
index af5bdad84604..a9b8560adbc2 100644
--- a/arch/x86/kernel/vmlinux_32.lds.S
+++ b/arch/x86/kernel/vmlinux_32.lds.S
@@ -140,10 +140,10 @@ SECTIONS
         *(.con_initcall.init)
         __con_initcall_end = .;
   }
-  .x86cpuvendor.init : AT(ADDR(.x86cpuvendor.init) - LOAD_OFFSET) {
-        __x86cpuvendor_start = .;
-        *(.x86cpuvendor.init)
-        __x86cpuvendor_end = .;
+  .x86_cpu_dev.init : AT(ADDR(.x86_cpu_dev.init) - LOAD_OFFSET) {
+        __x86_cpu_dev_start = .;
+        *(.x86_cpu_dev.init)
+        __x86_cpu_dev_end = .;
   }
   SECURITY_INIT
   . = ALIGN(4);
@@ -180,6 +180,7 @@ SECTIONS
   . = ALIGN(PAGE_SIZE);
   .data.percpu  : AT(ADDR(.data.percpu) - LOAD_OFFSET) {
         __per_cpu_start = .;
+        *(.data.percpu.page_aligned)
         *(.data.percpu)
         *(.data.percpu.shared_aligned)
         __per_cpu_end = .;
diff --git a/arch/x86/kernel/vmlinux_64.lds.S b/arch/x86/kernel/vmlinux_64.lds.S
index 63e5c1a22e88..46e05447405b 100644
--- a/arch/x86/kernel/vmlinux_64.lds.S
+++ b/arch/x86/kernel/vmlinux_64.lds.S
@@ -168,12 +168,11 @@ SECTIONS
         *(.con_initcall.init)
   }
   __con_initcall_end = .;
-  . = ALIGN(16);
-  __x86cpuvendor_start = .;
-  .x86cpuvendor.init : AT(ADDR(.x86cpuvendor.init) - LOAD_OFFSET) {
-        *(.x86cpuvendor.init)
+  __x86_cpu_dev_start = .;
+  .x86_cpu_dev.init : AT(ADDR(.x86_cpu_dev.init) - LOAD_OFFSET) {
+        *(.x86_cpu_dev.init)
   }
-  __x86cpuvendor_end = .;
+  __x86_cpu_dev_end = .;
   SECURITY_INIT
 
   . = ALIGN(8);
diff --git a/arch/x86/kernel/vsmp_64.c b/arch/x86/kernel/vsmp_64.c
index 0c029e8959c7..7766d36983fc 100644
--- a/arch/x86/kernel/vsmp_64.c
+++ b/arch/x86/kernel/vsmp_64.c
@@ -61,7 +61,7 @@ static void vsmp_irq_enable(void)
         native_restore_fl((flags | X86_EFLAGS_IF) & (~X86_EFLAGS_AC));
 }
 
-static unsigned __init vsmp_patch(u8 type, u16 clobbers, void *ibuf,
+static unsigned __init_or_module vsmp_patch(u8 type, u16 clobbers, void *ibuf,
                                   unsigned long addr, unsigned len)
 {
         switch (type) {
diff --git a/arch/x86/kernel/xsave.c b/arch/x86/kernel/xsave.c
new file mode 100644
index 000000000000..9abac8a9d823
--- /dev/null
+++ b/arch/x86/kernel/xsave.c
@@ -0,0 +1,345 @@
+/*
+ * xsave/xrstor support.
+ *
+ * Author: Suresh Siddha <suresh.b.siddha@intel.com>
+ */
+#include <linux/bootmem.h>
+#include <linux/compat.h>
+#include <asm/i387.h>
+#ifdef CONFIG_IA32_EMULATION
+#include <asm/sigcontext32.h>
+#endif
+#include <asm/xcr.h>
+
+/*
+ * Supported feature mask by the CPU and the kernel.
+ */
+u64 pcntxt_mask;
+
+struct _fpx_sw_bytes fx_sw_reserved;
+#ifdef CONFIG_IA32_EMULATION
+struct _fpx_sw_bytes fx_sw_reserved_ia32;
+#endif
+
+/*
+ * Check for the presence of extended state information in the
+ * user fpstate pointer in the sigcontext.
+ */
+int check_for_xstate(struct i387_fxsave_struct __user *buf,
+                     void __user *fpstate,
+                     struct _fpx_sw_bytes *fx_sw_user)
+{
+        int min_xstate_size = sizeof(struct i387_fxsave_struct) +
+                              sizeof(struct xsave_hdr_struct);
+        unsigned int magic2;
+        int err;
+
+        err = __copy_from_user(fx_sw_user, &buf->sw_reserved[0],
+                               sizeof(struct _fpx_sw_bytes));
+
+        if (err)
+                return err;
+
+        /*
+         * First Magic check failed.
+         */
+        if (fx_sw_user->magic1 != FP_XSTATE_MAGIC1)
+                return -1;
+
+        /*
+         * Check for error scenarios.
+         */
+        if (fx_sw_user->xstate_size < min_xstate_size ||
+            fx_sw_user->xstate_size > xstate_size ||
+            fx_sw_user->xstate_size > fx_sw_user->extended_size)
+                return -1;
+
+        err = __get_user(magic2, (__u32 *) (((void *)fpstate) +
+                                            fx_sw_user->extended_size -
+                                            FP_XSTATE_MAGIC2_SIZE));
+        /*
+         * Check for the presence of second magic word at the end of memory
+         * layout. This detects the case where the user just copied the legacy
+         * fpstate layout with out copying the extended state information
+         * in the memory layout.
+         */
+        if (err || magic2 != FP_XSTATE_MAGIC2)
+                return -1;
+
+        return 0;
+}
+
+#ifdef CONFIG_X86_64
+/*
+ * Signal frame handlers.
+ */
+
+int save_i387_xstate(void __user *buf)
+{
+        struct task_struct *tsk = current;
+        int err = 0;
+
+        if (!access_ok(VERIFY_WRITE, buf, sig_xstate_size))
+                return -EACCES;
+
+        BUG_ON(sig_xstate_size < xstate_size);
+
+        if ((unsigned long)buf % 64)
+                printk("save_i387_xstate: bad fpstate %p\n", buf);
+
+        if (!used_math())
+                return 0;
+        clear_used_math(); /* trigger finit */
+        if (task_thread_info(tsk)->status & TS_USEDFPU) {
+                /*
+                 * Start with clearing the user buffer. This will present a
+                 * clean context for the bytes not touched by the fxsave/xsave.
+                 */
+                err = __clear_user(buf, sig_xstate_size);
+                if (err)
+                        return err;
+
+                if (task_thread_info(tsk)->status & TS_XSAVE)
+                        err = xsave_user(buf);
+                else
+                        err = fxsave_user(buf);
+
+                if (err)
+                        return err;
+                task_thread_info(tsk)->status &= ~TS_USEDFPU;
+                stts();
+        } else {
+                if (__copy_to_user(buf, &tsk->thread.xstate->fxsave,
+                                   xstate_size))
+                        return -1;
+        }
+
+        if (task_thread_info(tsk)->status & TS_XSAVE) {
+                struct _fpstate __user *fx = buf;
+                struct _xstate __user *x = buf;
+                u64 xstate_bv;
+
+                err = __copy_to_user(&fx->sw_reserved, &fx_sw_reserved,
+                                     sizeof(struct _fpx_sw_bytes));
+
+                err |= __put_user(FP_XSTATE_MAGIC2,
+                                  (__u32 __user *) (buf + sig_xstate_size
+                                                    - FP_XSTATE_MAGIC2_SIZE));
+
+                /*
+                 * Read the xstate_bv which we copied (directly from the cpu or
+                 * from the state in task struct) to the user buffers and
+                 * set the FP/SSE bits.
+                 */
+                err |= __get_user(xstate_bv, &x->xstate_hdr.xstate_bv);
+
+                /*
+                 * For legacy compatible, we always set FP/SSE bits in the bit
+                 * vector while saving the state to the user context. This will
+                 * enable us capturing any changes(during sigreturn) to
+                 * the FP/SSE bits by the legacy applications which don't touch
+                 * xstate_bv in the xsave header.
+                 *
+                 * xsave aware apps can change the xstate_bv in the xsave
+                 * header as well as change any contents in the memory layout.
+                 * xrestore as part of sigreturn will capture all the changes.
+                 */
+                xstate_bv |= XSTATE_FPSSE;
+
+                err |= __put_user(xstate_bv, &x->xstate_hdr.xstate_bv);
+
+                if (err)
+                        return err;
+        }
+
+        return 1;
+}
+
+/*
+ * Restore the extended state if present. Otherwise, restore the FP/SSE
+ * state.
+ */
+int restore_user_xstate(void __user *buf)
+{
+        struct _fpx_sw_bytes fx_sw_user;
+        u64 mask;
+        int err;
+
+        if (((unsigned long)buf % 64) ||
+             check_for_xstate(buf, buf, &fx_sw_user))
+                goto fx_only;
+
+        mask = fx_sw_user.xstate_bv;
+
+        /*
+         * restore the state passed by the user.
+         */
+        err = xrestore_user(buf, mask);
+        if (err)
+                return err;
+
+        /*
+         * init the state skipped by the user.
+         */
+        mask = pcntxt_mask & ~mask;
+
+        xrstor_state(init_xstate_buf, mask);
+
+        return 0;
+
+fx_only:
+        /*
+         * couldn't find the extended state information in the
+         * memory layout. Restore just the FP/SSE and init all
+         * the other extended state.
+         */
+        xrstor_state(init_xstate_buf, pcntxt_mask & ~XSTATE_FPSSE);
+        return fxrstor_checking((__force struct i387_fxsave_struct *)buf);
+}
+
+/*
+ * This restores directly out of user space. Exceptions are handled.
+ */
+int restore_i387_xstate(void __user *buf)
+{
+        struct task_struct *tsk = current;
+        int err = 0;
+
+        if (!buf) {
+                if (used_math())
+                        goto clear;
+                return 0;
+        } else
+                if (!access_ok(VERIFY_READ, buf, sig_xstate_size))
+                        return -EACCES;
+
+        if (!used_math()) {
+                err = init_fpu(tsk);
+                if (err)
+                        return err;
+        }
+
+        if (!(task_thread_info(current)->status & TS_USEDFPU)) {
+                clts();
+                task_thread_info(current)->status |= TS_USEDFPU;
+        }
+        if (task_thread_info(tsk)->status & TS_XSAVE)
+                err = restore_user_xstate(buf);
+        else
+                err = fxrstor_checking((__force struct i387_fxsave_struct *)
+                                       buf);
+        if (unlikely(err)) {
+                /*
+                 * Encountered an error while doing the restore from the
+                 * user buffer, clear the fpu state.
+                 */
+clear:
+                clear_fpu(tsk);
+                clear_used_math();
+        }
+        return err;
+}
+#endif
+
+/*
+ * Prepare the SW reserved portion of the fxsave memory layout, indicating
+ * the presence of the extended state information in the memory layout
+ * pointed by the fpstate pointer in the sigcontext.
+ * This will be saved when ever the FP and extended state context is
+ * saved on the user stack during the signal handler delivery to the user.
+ */
+void prepare_fx_sw_frame(void)
+{
+        int size_extended = (xstate_size - sizeof(struct i387_fxsave_struct)) +
+                             FP_XSTATE_MAGIC2_SIZE;
+
+        sig_xstate_size = sizeof(struct _fpstate) + size_extended;
+
+#ifdef CONFIG_IA32_EMULATION
+        sig_xstate_ia32_size = sizeof(struct _fpstate_ia32) + size_extended;
+#endif
+
+        memset(&fx_sw_reserved, 0, sizeof(fx_sw_reserved));
+
+        fx_sw_reserved.magic1 = FP_XSTATE_MAGIC1;
+        fx_sw_reserved.extended_size = sig_xstate_size;
+        fx_sw_reserved.xstate_bv = pcntxt_mask;
+        fx_sw_reserved.xstate_size = xstate_size;
+#ifdef CONFIG_IA32_EMULATION
+        memcpy(&fx_sw_reserved_ia32, &fx_sw_reserved,
+               sizeof(struct _fpx_sw_bytes));
+        fx_sw_reserved_ia32.extended_size = sig_xstate_ia32_size;
+#endif
+}
+
+/*
+ * Represents init state for the supported extended state.
+ */
+struct xsave_struct *init_xstate_buf;
+
+#ifdef CONFIG_X86_64
+unsigned int sig_xstate_size = sizeof(struct _fpstate);
+#endif
+
+/*
+ * Enable the extended processor state save/restore feature
+ */
+void __cpuinit xsave_init(void)
+{
+        if (!cpu_has_xsave)
+                return;
+
+        set_in_cr4(X86_CR4_OSXSAVE);
+
+        /*
+         * Enable all the features that the HW is capable of
+         * and the Linux kernel is aware of.
+         */
+        xsetbv(XCR_XFEATURE_ENABLED_MASK, pcntxt_mask);
+}
+
+/*
+ * setup the xstate image representing the init state
+ */
+static void __init setup_xstate_init(void)
+{
+        init_xstate_buf = alloc_bootmem(xstate_size);
+        init_xstate_buf->i387.mxcsr = MXCSR_DEFAULT;
+}
+
+/*
+ * Enable and initialize the xsave feature.
+ */
+void __init xsave_cntxt_init(void)
+{
+        unsigned int eax, ebx, ecx, edx;
+
+        cpuid_count(0xd, 0, &eax, &ebx, &ecx, &edx);
+        pcntxt_mask = eax + ((u64)edx << 32);
+
+        if ((pcntxt_mask & XSTATE_FPSSE) != XSTATE_FPSSE) {
+                printk(KERN_ERR "FP/SSE not shown under xsave features 0x%llx\n",
+                       pcntxt_mask);
+                BUG();
+        }
+
+        /*
+         * for now OS knows only about FP/SSE
+         */
+        pcntxt_mask = pcntxt_mask & XCNTXT_MASK;
+        xsave_init();
+
+        /*
+         * Recompute the context size for enabled features
+         */
+        cpuid_count(0xd, 0, &eax, &ebx, &ecx, &edx);
+        xstate_size = ebx;
+
+        prepare_fx_sw_frame();
+
+        setup_xstate_init();
+
+        printk(KERN_INFO "xsave/xrstor: enabled xstate_bv 0x%llx, "
+               "cntxt size 0x%x\n",
+               pcntxt_mask, xstate_size);
+}
diff --git a/arch/x86/kvm/Makefile b/arch/x86/kvm/Makefile
index d0e940bb6f40..c02343594b4d 100644
--- a/arch/x86/kvm/Makefile
+++ b/arch/x86/kvm/Makefile
@@ -3,10 +3,13 @@
 #
 
 common-objs = $(addprefix ../../../virt/kvm/, kvm_main.o ioapic.o \
-                coalesced_mmio.o)
+                coalesced_mmio.o irq_comm.o)
 ifeq ($(CONFIG_KVM_TRACE),y)
 common-objs += $(addprefix ../../../virt/kvm/, kvm_trace.o)
 endif
+ifeq ($(CONFIG_DMAR),y)
+common-objs += $(addprefix ../../../virt/kvm/, vtd.o)
+endif
 
 EXTRA_CFLAGS += -Ivirt/kvm -Iarch/x86/kvm
 
diff --git a/arch/x86/kvm/i8254.c b/arch/x86/kvm/i8254.c
index 1bf8f57a3041..11c6725fb798 100644
--- a/arch/x86/kvm/i8254.c
+++ b/arch/x86/kvm/i8254.c
@@ -200,13 +200,14 @@ static int __pit_timer_fn(struct kvm_kpit_state *ps)
 
         if (!atomic_inc_and_test(&pt->pending))
                 set_bit(KVM_REQ_PENDING_TIMER, &vcpu0->requests);
-        if (vcpu0 && waitqueue_active(&vcpu0->wq)) {
-                vcpu0->arch.mp_state = KVM_MP_STATE_RUNNABLE;
+
+        if (vcpu0 && waitqueue_active(&vcpu0->wq))
                 wake_up_interruptible(&vcpu0->wq);
-        }
 
         hrtimer_add_expires_ns(&pt->timer, pt->period);
-        pt->scheduled = ktime_to_ns(hrtimer_get_expires(&pt->timer));
+        pt->scheduled = hrtimer_get_expires_ns(&pt->timer);
+        if (pt->period)
+                ps->channels[0].count_load_time = hrtimer_get_expires(&pt->timer);
 
         return (pt->period == 0 ? 0 : 1);
 }
@@ -215,12 +216,22 @@ int pit_has_pending_timer(struct kvm_vcpu *vcpu)
 {
         struct kvm_pit *pit = vcpu->kvm->arch.vpit;
 
-        if (pit && vcpu->vcpu_id == 0 && pit->pit_state.inject_pending)
+        if (pit && vcpu->vcpu_id == 0 && pit->pit_state.irq_ack)
                 return atomic_read(&pit->pit_state.pit_timer.pending);
-
         return 0;
 }
 
+static void kvm_pit_ack_irq(struct kvm_irq_ack_notifier *kian)
+{
+        struct kvm_kpit_state *ps = container_of(kian, struct kvm_kpit_state,
+                                                 irq_ack_notifier);
+        spin_lock(&ps->inject_lock);
+        if (atomic_dec_return(&ps->pit_timer.pending) < 0)
+                atomic_inc(&ps->pit_timer.pending);
+        ps->irq_ack = 1;
+        spin_unlock(&ps->inject_lock);
+}
+
 static enum hrtimer_restart pit_timer_fn(struct hrtimer *data)
 {
         struct kvm_kpit_state *ps;
@@ -255,8 +266,9 @@ static void destroy_pit_timer(struct kvm_kpit_timer *pt)
         hrtimer_cancel(&pt->timer);
 }
 
-static void create_pit_timer(struct kvm_kpit_timer *pt, u32 val, int is_period)
+static void create_pit_timer(struct kvm_kpit_state *ps, u32 val, int is_period)
 {
+        struct kvm_kpit_timer *pt = &ps->pit_timer;
         s64 interval;
 
         interval = muldiv64(val, NSEC_PER_SEC, KVM_PIT_FREQ);
@@ -268,6 +280,7 @@ static void create_pit_timer(struct kvm_kpit_timer *pt, u32 val, int is_period)
         pt->period = (is_period == 0) ? 0 : interval;
         pt->timer.function = pit_timer_fn;
         atomic_set(&pt->pending, 0);
+        ps->irq_ack = 1;
 
         hrtimer_start(&pt->timer, ktime_add_ns(ktime_get(), interval),
                       HRTIMER_MODE_ABS);
@@ -302,11 +315,11 @@ static void pit_load_count(struct kvm *kvm, int channel, u32 val)
         case 1:
         /* FIXME: enhance mode 4 precision */
         case 4:
-                create_pit_timer(&ps->pit_timer, val, 0);
+                create_pit_timer(ps, val, 0);
                 break;
         case 2:
         case 3:
-                create_pit_timer(&ps->pit_timer, val, 1);
+                create_pit_timer(ps, val, 1);
                 break;
         default:
                 destroy_pit_timer(&ps->pit_timer);
@@ -520,7 +533,7 @@ void kvm_pit_reset(struct kvm_pit *pit)
         mutex_unlock(&pit->pit_state.lock);
 
         atomic_set(&pit->pit_state.pit_timer.pending, 0);
-        pit->pit_state.inject_pending = 1;
+        pit->pit_state.irq_ack = 1;
 }
 
 struct kvm_pit *kvm_create_pit(struct kvm *kvm)
@@ -534,6 +547,7 @@ struct kvm_pit *kvm_create_pit(struct kvm *kvm)
 
         mutex_init(&pit->pit_state.lock);
         mutex_lock(&pit->pit_state.lock);
+        spin_lock_init(&pit->pit_state.inject_lock);
 
         /* Initialize PIO device */
         pit->dev.read = pit_ioport_read;
@@ -555,6 +569,9 @@ struct kvm_pit *kvm_create_pit(struct kvm *kvm)
         pit_state->pit = pit;
         hrtimer_init(&pit_state->pit_timer.timer,
                      CLOCK_MONOTONIC, HRTIMER_MODE_ABS);
+        pit_state->irq_ack_notifier.gsi = 0;
+        pit_state->irq_ack_notifier.irq_acked = kvm_pit_ack_irq;
+        kvm_register_irq_ack_notifier(kvm, &pit_state->irq_ack_notifier);
         mutex_unlock(&pit->pit_state.lock);
 
         kvm_pit_reset(pit);
@@ -578,10 +595,8 @@ void kvm_free_pit(struct kvm *kvm)
 static void __inject_pit_timer_intr(struct kvm *kvm)
 {
         mutex_lock(&kvm->lock);
-        kvm_ioapic_set_irq(kvm->arch.vioapic, 0, 1);
-        kvm_ioapic_set_irq(kvm->arch.vioapic, 0, 0);
-        kvm_pic_set_irq(pic_irqchip(kvm), 0, 1);
-        kvm_pic_set_irq(pic_irqchip(kvm), 0, 0);
+        kvm_set_irq(kvm, 0, 1);
+        kvm_set_irq(kvm, 0, 0);
         mutex_unlock(&kvm->lock);
 }
 
@@ -592,37 +607,19 @@ void kvm_inject_pit_timer_irqs(struct kvm_vcpu *vcpu)
         struct kvm_kpit_state *ps;
 
         if (vcpu && pit) {
+                int inject = 0;
                 ps = &pit->pit_state;
 
-                /* Try to inject pending interrupts when:
-                 * 1. Pending exists
-                 * 2. Last interrupt was accepted or waited for too long time*/
-                if (atomic_read(&ps->pit_timer.pending) &&
-                    (ps->inject_pending ||
-                    (jiffies - ps->last_injected_time
-                                >= KVM_MAX_PIT_INTR_INTERVAL))) {
-                        ps->inject_pending = 0;
-                        __inject_pit_timer_intr(kvm);
-                        ps->last_injected_time = jiffies;
-                }
-        }
-}
-
-void kvm_pit_timer_intr_post(struct kvm_vcpu *vcpu, int vec)
-{
-        struct kvm_arch *arch = &vcpu->kvm->arch;
-        struct kvm_kpit_state *ps;
-
-        if (vcpu && arch->vpit) {
-                ps = &arch->vpit->pit_state;
-                if (atomic_read(&ps->pit_timer.pending) &&
-                (((arch->vpic->pics[0].imr & 1) == 0 &&
-                  arch->vpic->pics[0].irq_base == vec) ||
-                  (arch->vioapic->redirtbl[0].fields.vector == vec &&
-                  arch->vioapic->redirtbl[0].fields.mask != 1))) {
-                        ps->inject_pending = 1;
-                        atomic_dec(&ps->pit_timer.pending);
-                        ps->channels[0].count_load_time = ktime_get();
+                /* Try to inject pending interrupts when
+                 * last one has been acked.
+                 */
+                spin_lock(&ps->inject_lock);
+                if (atomic_read(&ps->pit_timer.pending) && ps->irq_ack) {
+                        ps->irq_ack = 0;
+                        inject = 1;
                 }
+                spin_unlock(&ps->inject_lock);
+                if (inject)
+                        __inject_pit_timer_intr(kvm);
         }
 }
diff --git a/arch/x86/kvm/i8254.h b/arch/x86/kvm/i8254.h
index db25c2a6c8c4..e436d4983aa1 100644
--- a/arch/x86/kvm/i8254.h
+++ b/arch/x86/kvm/i8254.h
@@ -8,7 +8,6 @@ struct kvm_kpit_timer {
         int irq;
         s64 period; /* unit: ns */
         s64 scheduled;
-        ktime_t last_update;
         atomic_t pending;
 };
 
@@ -34,8 +33,9 @@ struct kvm_kpit_state {
         u32    speaker_data_on;
         struct mutex lock;
         struct kvm_pit *pit;
-        bool inject_pending; /* if inject pending interrupts */
-        unsigned long last_injected_time;
+        spinlock_t inject_lock;
+        unsigned long irq_ack;
+        struct kvm_irq_ack_notifier irq_ack_notifier;
 };
 
 struct kvm_pit {
@@ -54,7 +54,6 @@ struct kvm_pit {
 #define KVM_PIT_CHANNEL_MASK        0x3
 
 void kvm_inject_pit_timer_irqs(struct kvm_vcpu *vcpu);
-void kvm_pit_timer_intr_post(struct kvm_vcpu *vcpu, int vec);
 void kvm_pit_load_count(struct kvm *kvm, int channel, u32 val);
 struct kvm_pit *kvm_create_pit(struct kvm *kvm);
 void kvm_free_pit(struct kvm *kvm);
diff --git a/arch/x86/kvm/i8259.c b/arch/x86/kvm/i8259.c
index c31164e8aa46..17e41e165f1a 100644
--- a/arch/x86/kvm/i8259.c
+++ b/arch/x86/kvm/i8259.c
@@ -30,6 +30,19 @@
 
 #include <linux/kvm_host.h>
 
+static void pic_clear_isr(struct kvm_kpic_state *s, int irq)
+{
+        s->isr &= ~(1 << irq);
+        s->isr_ack |= (1 << irq);
+}
+
+void kvm_pic_clear_isr_ack(struct kvm *kvm)
+{
+        struct kvm_pic *s = pic_irqchip(kvm);
+        s->pics[0].isr_ack = 0xff;
+        s->pics[1].isr_ack = 0xff;
+}
+
 /*
  * set irq level. If an edge is detected, then the IRR is set to 1
  */
@@ -141,11 +154,12 @@ void kvm_pic_set_irq(void *opaque, int irq, int level)
  */
 static inline void pic_intack(struct kvm_kpic_state *s, int irq)
 {
+        s->isr |= 1 << irq;
         if (s->auto_eoi) {
                 if (s->rotate_on_auto_eoi)
                         s->priority_add = (irq + 1) & 7;
-        } else
-                s->isr |= (1 << irq);
+                pic_clear_isr(s, irq);
+        }
         /*
          * We don't clear a level sensitive interrupt here
          */
@@ -153,9 +167,10 @@ static inline void pic_intack(struct kvm_kpic_state *s, int irq)
                 s->irr &= ~(1 << irq);
 }
 
-int kvm_pic_read_irq(struct kvm_pic *s)
+int kvm_pic_read_irq(struct kvm *kvm)
 {
         int irq, irq2, intno;
+        struct kvm_pic *s = pic_irqchip(kvm);
 
         irq = pic_get_irq(&s->pics[0]);
         if (irq >= 0) {
@@ -181,16 +196,32 @@ int kvm_pic_read_irq(struct kvm_pic *s)
                 intno = s->pics[0].irq_base + irq;
         }
         pic_update_irq(s);
+        kvm_notify_acked_irq(kvm, irq);
 
         return intno;
 }
 
 void kvm_pic_reset(struct kvm_kpic_state *s)
 {
+        int irq, irqbase;
+        struct kvm *kvm = s->pics_state->irq_request_opaque;
+        struct kvm_vcpu *vcpu0 = kvm->vcpus[0];
+
+        if (s == &s->pics_state->pics[0])
+                irqbase = 0;
+        else
+                irqbase = 8;
+
+        for (irq = 0; irq < PIC_NUM_PINS/2; irq++) {
+                if (vcpu0 && kvm_apic_accept_pic_intr(vcpu0))
+                        if (s->irr & (1 << irq) || s->isr & (1 << irq))
+                                kvm_notify_acked_irq(kvm, irq+irqbase);
+        }
         s->last_irr = 0;
         s->irr = 0;
         s->imr = 0;
         s->isr = 0;
+        s->isr_ack = 0xff;
         s->priority_add = 0;
         s->irq_base = 0;
         s->read_reg_select = 0;
@@ -243,7 +274,7 @@ static void pic_ioport_write(void *opaque, u32 addr, u32 val)
                                 priority = get_priority(s, s->isr);
                                 if (priority != 8) {
                                         irq = (priority + s->priority_add) & 7;
-                                        s->isr &= ~(1 << irq);
+                                        pic_clear_isr(s, irq);
                                         if (cmd == 5)
                                                 s->priority_add = (irq + 1) & 7;
                                         pic_update_irq(s->pics_state);
@@ -251,7 +282,7 @@ static void pic_ioport_write(void *opaque, u32 addr, u32 val)
                                 break;
                         case 3:
                                 irq = val & 7;
-                                s->isr &= ~(1 << irq);
+                                pic_clear_isr(s, irq);
                                 pic_update_irq(s->pics_state);
                                 break;
                         case 6:
@@ -260,8 +291,8 @@ static void pic_ioport_write(void *opaque, u32 addr, u32 val)
                                 break;
                         case 7:
                                 irq = val & 7;
-                                s->isr &= ~(1 << irq);
                                 s->priority_add = (irq + 1) & 7;
+                                pic_clear_isr(s, irq);
                                 pic_update_irq(s->pics_state);
                                 break;
                         default:
@@ -303,7 +334,7 @@ static u32 pic_poll_read(struct kvm_kpic_state *s, u32 addr1)
                         s->pics_state->pics[0].irr &= ~(1 << 2);
                 }
                 s->irr &= ~(1 << ret);
-                s->isr &= ~(1 << ret);
+                pic_clear_isr(s, ret);
                 if (addr1 >> 7 || ret != 2)
                         pic_update_irq(s->pics_state);
         } else {
@@ -422,10 +453,14 @@ static void pic_irq_request(void *opaque, int level)
 {
         struct kvm *kvm = opaque;
         struct kvm_vcpu *vcpu = kvm->vcpus[0];
+        struct kvm_pic *s = pic_irqchip(kvm);
+        int irq = pic_get_irq(&s->pics[0]);
 
-        pic_irqchip(kvm)->output = level;
-        if (vcpu)
+        s->output = level;
+        if (vcpu && level && (s->pics[0].isr_ack & (1 << irq))) {
+                s->pics[0].isr_ack &= ~(1 << irq);
                 kvm_vcpu_kick(vcpu);
+        }
 }
 
 struct kvm_pic *kvm_create_pic(struct kvm *kvm)
diff --git a/arch/x86/kvm/irq.c b/arch/x86/kvm/irq.c
index 76d736b5f664..c019b8edcdb7 100644
--- a/arch/x86/kvm/irq.c
+++ b/arch/x86/kvm/irq.c
@@ -72,7 +72,7 @@ int kvm_cpu_get_interrupt(struct kvm_vcpu *v)
                 if (kvm_apic_accept_pic_intr(v)) {
                         s = pic_irqchip(v->kvm);
                         s->output = 0;          /* PIC */
-                        vector = kvm_pic_read_irq(s);
+                        vector = kvm_pic_read_irq(v->kvm);
                 }
         }
         return vector;
@@ -90,7 +90,6 @@ EXPORT_SYMBOL_GPL(kvm_inject_pending_timer_irqs);
 void kvm_timer_intr_post(struct kvm_vcpu *vcpu, int vec)
 {
         kvm_apic_timer_intr_post(vcpu, vec);
-        kvm_pit_timer_intr_post(vcpu, vec);
         /* TODO: PIT, RTC etc. */
 }
 EXPORT_SYMBOL_GPL(kvm_timer_intr_post);
diff --git a/arch/x86/kvm/irq.h b/arch/x86/kvm/irq.h
index 7ca47cbb48bb..f17c8f5bbf31 100644
--- a/arch/x86/kvm/irq.h
+++ b/arch/x86/kvm/irq.h
@@ -42,6 +42,7 @@ struct kvm_kpic_state {
         u8 irr;         /* interrupt request register */
         u8 imr;         /* interrupt mask register */
         u8 isr;         /* interrupt service register */
+        u8 isr_ack;     /* interrupt ack detection */
         u8 priority_add;        /* highest irq priority */
         u8 irq_base;
         u8 read_reg_select;
@@ -63,12 +64,13 @@ struct kvm_pic {
         void *irq_request_opaque;
         int output;             /* intr from master PIC */
         struct kvm_io_device dev;
+        void (*ack_notifier)(void *opaque, int irq);
 };
 
 struct kvm_pic *kvm_create_pic(struct kvm *kvm);
-void kvm_pic_set_irq(void *opaque, int irq, int level);
-int kvm_pic_read_irq(struct kvm_pic *s);
+int kvm_pic_read_irq(struct kvm *kvm);
 void kvm_pic_update_irq(struct kvm_pic *s);
+void kvm_pic_clear_isr_ack(struct kvm *kvm);
 
 static inline struct kvm_pic *pic_irqchip(struct kvm *kvm)
 {
diff --git a/arch/x86/kvm/kvm_cache_regs.h b/arch/x86/kvm/kvm_cache_regs.h
new file mode 100644
index 000000000000..1ff819dce7d3
--- /dev/null
+++ b/arch/x86/kvm/kvm_cache_regs.h
@@ -0,0 +1,32 @@
+#ifndef ASM_KVM_CACHE_REGS_H
+#define ASM_KVM_CACHE_REGS_H
+
+static inline unsigned long kvm_register_read(struct kvm_vcpu *vcpu,
+                                              enum kvm_reg reg)
+{
+        if (!test_bit(reg, (unsigned long *)&vcpu->arch.regs_avail))
+                kvm_x86_ops->cache_reg(vcpu, reg);
+
+        return vcpu->arch.regs[reg];
+}
+
+static inline void kvm_register_write(struct kvm_vcpu *vcpu,
+                                      enum kvm_reg reg,
+                                      unsigned long val)
+{
+        vcpu->arch.regs[reg] = val;
+        __set_bit(reg, (unsigned long *)&vcpu->arch.regs_dirty);
+        __set_bit(reg, (unsigned long *)&vcpu->arch.regs_avail);
+}
+
+static inline unsigned long kvm_rip_read(struct kvm_vcpu *vcpu)
+{
+        return kvm_register_read(vcpu, VCPU_REGS_RIP);
+}
+
+static inline void kvm_rip_write(struct kvm_vcpu *vcpu, unsigned long val)
+{
+        kvm_register_write(vcpu, VCPU_REGS_RIP, val);
+}
+
+#endif
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index a5b61de6adf1..0fc3cab48943 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -32,6 +32,7 @@
 #include <asm/current.h>
 #include <asm/apicdef.h>
 #include <asm/atomic.h>
+#include "kvm_cache_regs.h"
 #include "irq.h"
 
 #define PRId64 "d"
@@ -338,13 +339,7 @@ static int __apic_accept_irq(struct kvm_lapic *apic, int delivery_mode,
                 } else
                         apic_clear_vector(vector, apic->regs + APIC_TMR);
 
-                if (vcpu->arch.mp_state == KVM_MP_STATE_RUNNABLE)
-                        kvm_vcpu_kick(vcpu);
-                else if (vcpu->arch.mp_state == KVM_MP_STATE_HALTED) {
-                        vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE;
-                        if (waitqueue_active(&vcpu->wq))
-                                wake_up_interruptible(&vcpu->wq);
-                }
+                kvm_vcpu_kick(vcpu);
 
                 result = (orig_irr == 0);
                 break;
@@ -370,21 +365,18 @@ static int __apic_accept_irq(struct kvm_lapic *apic, int delivery_mode,
                         vcpu->arch.mp_state = KVM_MP_STATE_INIT_RECEIVED;
                         kvm_vcpu_kick(vcpu);
                 } else {
-                        printk(KERN_DEBUG
-                               "Ignoring de-assert INIT to vcpu %d\n",
-                               vcpu->vcpu_id);
+                        apic_debug("Ignoring de-assert INIT to vcpu %d\n",
+                                   vcpu->vcpu_id);
                 }
-
                 break;
 
         case APIC_DM_STARTUP:
-                printk(KERN_DEBUG "SIPI to vcpu %d vector 0x%02x\n",
-                       vcpu->vcpu_id, vector);
+                apic_debug("SIPI to vcpu %d vector 0x%02x\n",
+                           vcpu->vcpu_id, vector);
                 if (vcpu->arch.mp_state == KVM_MP_STATE_INIT_RECEIVED) {
                         vcpu->arch.sipi_vector = vector;
                         vcpu->arch.mp_state = KVM_MP_STATE_SIPI_RECEIVED;
-                        if (waitqueue_active(&vcpu->wq))
-                                wake_up_interruptible(&vcpu->wq);
+                        kvm_vcpu_kick(vcpu);
                 }
                 break;
 
@@ -438,7 +430,7 @@ struct kvm_vcpu *kvm_get_lowest_prio_vcpu(struct kvm *kvm, u8 vector,
 static void apic_set_eoi(struct kvm_lapic *apic)
 {
         int vector = apic_find_highest_isr(apic);
-
+        int trigger_mode;
         /*
          * Not every write EOI will has corresponding ISR,
          * one example is when Kernel check timer on setup_IO_APIC
@@ -450,7 +442,10 @@ static void apic_set_eoi(struct kvm_lapic *apic)
         apic_update_ppr(apic);
 
         if (apic_test_and_clear_vector(vector, apic->regs + APIC_TMR))
-                kvm_ioapic_update_eoi(apic->vcpu->kvm, vector);
+                trigger_mode = IOAPIC_LEVEL_TRIG;
+        else
+                trigger_mode = IOAPIC_EDGE_TRIG;
+        kvm_ioapic_update_eoi(apic->vcpu->kvm, vector, trigger_mode);
 }
 
 static void apic_send_ipi(struct kvm_lapic *apic)
@@ -558,8 +553,7 @@ static void __report_tpr_access(struct kvm_lapic *apic, bool write)
         struct kvm_run *run = vcpu->run;
 
         set_bit(KVM_REQ_REPORT_TPR_ACCESS, &vcpu->requests);
-        kvm_x86_ops->cache_regs(vcpu);
-        run->tpr_access.rip = vcpu->arch.rip;
+        run->tpr_access.rip = kvm_rip_read(vcpu);
         run->tpr_access.is_write = write;
 }
 
@@ -683,9 +677,9 @@ static void apic_mmio_write(struct kvm_io_device *this,
          * Refer SDM 8.4.1
          */
         if (len != 4 || alignment) {
-                if (printk_ratelimit())
-                        printk(KERN_ERR "apic write: bad size=%d %lx\n",
-                               len, (long)address);
+                /* Don't shout loud, $infamous_os would cause only noise. */
+                apic_debug("apic write: bad size=%d %lx\n",
+                           len, (long)address);
                 return;
         }
 
@@ -947,10 +941,9 @@ static int __apic_timer_fn(struct kvm_lapic *apic)
 
         if(!atomic_inc_and_test(&apic->timer.pending))
                 set_bit(KVM_REQ_PENDING_TIMER, &apic->vcpu->requests);
-        if (waitqueue_active(q)) {
-                apic->vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE;
+        if (waitqueue_active(q))
                 wake_up_interruptible(q);
-        }
+
         if (apic_lvtt_period(apic)) {
                 result = 1;
                 hrtimer_add_expires_ns(&apic->timer.dev, apic->timer.period);
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index 0bfe2bd305eb..99c239c5c0ac 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -70,6 +70,9 @@ static int dbg = 0;
 module_param(dbg, bool, 0644);
 #endif
 
+static int oos_shadow = 1;
+module_param(oos_shadow, bool, 0644);
+
 #ifndef MMU_DEBUG
 #define ASSERT(x) do { } while (0)
 #else
@@ -135,18 +138,24 @@ module_param(dbg, bool, 0644);
 #define ACC_USER_MASK    PT_USER_MASK
 #define ACC_ALL          (ACC_EXEC_MASK | ACC_WRITE_MASK | ACC_USER_MASK)
 
-struct kvm_pv_mmu_op_buffer {
-        void *ptr;
-        unsigned len;
-        unsigned processed;
-        char buf[512] __aligned(sizeof(long));
-};
+#define SHADOW_PT_INDEX(addr, level) PT64_INDEX(addr, level)
 
 struct kvm_rmap_desc {
         u64 *shadow_ptes[RMAP_EXT];
         struct kvm_rmap_desc *more;
 };
 
+struct kvm_shadow_walk {
+        int (*entry)(struct kvm_shadow_walk *walk, struct kvm_vcpu *vcpu,
+                     u64 addr, u64 *spte, int level);
+};
+
+struct kvm_unsync_walk {
+        int (*entry) (struct kvm_mmu_page *sp, struct kvm_unsync_walk *walk);
+};
+
+typedef int (*mmu_parent_walk_fn) (struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp);
+
 static struct kmem_cache *pte_chain_cache;
 static struct kmem_cache *rmap_desc_cache;
 static struct kmem_cache *mmu_page_header_cache;
@@ -405,16 +414,19 @@ static int host_largepage_backed(struct kvm *kvm, gfn_t gfn)
 {
         struct vm_area_struct *vma;
         unsigned long addr;
+        int ret = 0;
 
         addr = gfn_to_hva(kvm, gfn);
         if (kvm_is_error_hva(addr))
-                return 0;
+                return ret;
 
+        down_read(&current->mm->mmap_sem);
         vma = find_vma(current->mm, addr);
         if (vma && is_vm_hugetlb_page(vma))
-                return 1;
+                ret = 1;
+        up_read(&current->mm->mmap_sem);
 
-        return 0;
+        return ret;
 }
 
 static int is_largepage_backed(struct kvm_vcpu *vcpu, gfn_t large_gfn)
@@ -649,8 +661,6 @@ static void rmap_write_protect(struct kvm *kvm, u64 gfn)
 
         if (write_protected)
                 kvm_flush_remote_tlbs(kvm);
-
-        account_shadowed(kvm, gfn);
 }
 
 static int kvm_unmap_rmapp(struct kvm *kvm, unsigned long *rmapp)
@@ -711,6 +721,10 @@ static int kvm_age_rmapp(struct kvm *kvm, unsigned long *rmapp)
         u64 *spte;
         int young = 0;
 
+        /* always return old for EPT */
+        if (!shadow_accessed_mask)
+                return 0;
+
         spte = rmap_next(kvm, rmapp, NULL);
         while (spte) {
                 int _young;
@@ -855,6 +869,77 @@ static void mmu_page_remove_parent_pte(struct kvm_mmu_page *sp,
         BUG();
 }
 
+
+static void mmu_parent_walk(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp,
+                            mmu_parent_walk_fn fn)
+{
+        struct kvm_pte_chain *pte_chain;
+        struct hlist_node *node;
+        struct kvm_mmu_page *parent_sp;
+        int i;
+
+        if (!sp->multimapped && sp->parent_pte) {
+                parent_sp = page_header(__pa(sp->parent_pte));
+                fn(vcpu, parent_sp);
+                mmu_parent_walk(vcpu, parent_sp, fn);
+                return;
+        }
+        hlist_for_each_entry(pte_chain, node, &sp->parent_ptes, link)
+                for (i = 0; i < NR_PTE_CHAIN_ENTRIES; ++i) {
+                        if (!pte_chain->parent_ptes[i])
+                                break;
+                        parent_sp = page_header(__pa(pte_chain->parent_ptes[i]));
+                        fn(vcpu, parent_sp);
+                        mmu_parent_walk(vcpu, parent_sp, fn);
+                }
+}
+
+static void kvm_mmu_update_unsync_bitmap(u64 *spte)
+{
+        unsigned int index;
+        struct kvm_mmu_page *sp = page_header(__pa(spte));
+
+        index = spte - sp->spt;
+        __set_bit(index, sp->unsync_child_bitmap);
+        sp->unsync_children = 1;
+}
+
+static void kvm_mmu_update_parents_unsync(struct kvm_mmu_page *sp)
+{
+        struct kvm_pte_chain *pte_chain;
+        struct hlist_node *node;
+        int i;
+
+        if (!sp->parent_pte)
+                return;
+
+        if (!sp->multimapped) {
+                kvm_mmu_update_unsync_bitmap(sp->parent_pte);
+                return;
+        }
+
+        hlist_for_each_entry(pte_chain, node, &sp->parent_ptes, link)
+                for (i = 0; i < NR_PTE_CHAIN_ENTRIES; ++i) {
+                        if (!pte_chain->parent_ptes[i])
+                                break;
+                        kvm_mmu_update_unsync_bitmap(pte_chain->parent_ptes[i]);
+                }
+}
+
+static int unsync_walk_fn(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp)
+{
+        sp->unsync_children = 1;
+        kvm_mmu_update_parents_unsync(sp);
+        return 1;
+}
+
+static void kvm_mmu_mark_parents_unsync(struct kvm_vcpu *vcpu,
+                                        struct kvm_mmu_page *sp)
+{
+        mmu_parent_walk(vcpu, sp, unsync_walk_fn);
+        kvm_mmu_update_parents_unsync(sp);
+}
+
 static void nonpaging_prefetch_page(struct kvm_vcpu *vcpu,
                                     struct kvm_mmu_page *sp)
 {
@@ -864,6 +949,58 @@ static void nonpaging_prefetch_page(struct kvm_vcpu *vcpu,
                 sp->spt[i] = shadow_trap_nonpresent_pte;
 }
 
+static int nonpaging_sync_page(struct kvm_vcpu *vcpu,
+                               struct kvm_mmu_page *sp)
+{
+        return 1;
+}
+
+static void nonpaging_invlpg(struct kvm_vcpu *vcpu, gva_t gva)
+{
+}
+
+#define for_each_unsync_children(bitmap, idx)           \
+        for (idx = find_first_bit(bitmap, 512);         \
+             idx < 512;                                 \
+             idx = find_next_bit(bitmap, 512, idx+1))
+
+static int mmu_unsync_walk(struct kvm_mmu_page *sp,
+                           struct kvm_unsync_walk *walker)
+{
+        int i, ret;
+
+        if (!sp->unsync_children)
+                return 0;
+
+        for_each_unsync_children(sp->unsync_child_bitmap, i) {
+                u64 ent = sp->spt[i];
+
+                if (is_shadow_present_pte(ent)) {
+                        struct kvm_mmu_page *child;
+                        child = page_header(ent & PT64_BASE_ADDR_MASK);
+
+                        if (child->unsync_children) {
+                                ret = mmu_unsync_walk(child, walker);
+                                if (ret)
+                                        return ret;
+                                __clear_bit(i, sp->unsync_child_bitmap);
+                        }
+
+                        if (child->unsync) {
+                                ret = walker->entry(child, walker);
+                                __clear_bit(i, sp->unsync_child_bitmap);
+                                if (ret)
+                                        return ret;
+                        }
+                }
+        }
+
+        if (find_first_bit(sp->unsync_child_bitmap, 512) == 512)
+                sp->unsync_children = 0;
+
+        return 0;
+}
+
 static struct kvm_mmu_page *kvm_mmu_lookup_page(struct kvm *kvm, gfn_t gfn)
 {
         unsigned index;
@@ -884,6 +1021,59 @@ static struct kvm_mmu_page *kvm_mmu_lookup_page(struct kvm *kvm, gfn_t gfn)
         return NULL;
 }
 
+static void kvm_unlink_unsync_page(struct kvm *kvm, struct kvm_mmu_page *sp)
+{
+        WARN_ON(!sp->unsync);
+        sp->unsync = 0;
+        --kvm->stat.mmu_unsync;
+}
+
+static int kvm_mmu_zap_page(struct kvm *kvm, struct kvm_mmu_page *sp);
+
+static int kvm_sync_page(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp)
+{
+        if (sp->role.glevels != vcpu->arch.mmu.root_level) {
+                kvm_mmu_zap_page(vcpu->kvm, sp);
+                return 1;
+        }
+
+        rmap_write_protect(vcpu->kvm, sp->gfn);
+        if (vcpu->arch.mmu.sync_page(vcpu, sp)) {
+                kvm_mmu_zap_page(vcpu->kvm, sp);
+                return 1;
+        }
+
+        kvm_mmu_flush_tlb(vcpu);
+        kvm_unlink_unsync_page(vcpu->kvm, sp);
+        return 0;
+}
+
+struct sync_walker {
+        struct kvm_vcpu *vcpu;
+        struct kvm_unsync_walk walker;
+};
+
+static int mmu_sync_fn(struct kvm_mmu_page *sp, struct kvm_unsync_walk *walk)
+{
+        struct sync_walker *sync_walk = container_of(walk, struct sync_walker,
+                                                     walker);
+        struct kvm_vcpu *vcpu = sync_walk->vcpu;
+
+        kvm_sync_page(vcpu, sp);
+        return (need_resched() || spin_needbreak(&vcpu->kvm->mmu_lock));
+}
+
+static void mmu_sync_children(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp)
+{
+        struct sync_walker walker = {
+                .walker = { .entry = mmu_sync_fn, },
+                .vcpu = vcpu,
+        };
+
+        while (mmu_unsync_walk(sp, &walker.walker))
+                cond_resched_lock(&vcpu->kvm->mmu_lock);
+}
+
 static struct kvm_mmu_page *kvm_mmu_get_page(struct kvm_vcpu *vcpu,
                                              gfn_t gfn,
                                              gva_t gaddr,
@@ -897,7 +1087,7 @@ static struct kvm_mmu_page *kvm_mmu_get_page(struct kvm_vcpu *vcpu,
         unsigned quadrant;
         struct hlist_head *bucket;
         struct kvm_mmu_page *sp;
-        struct hlist_node *node;
+        struct hlist_node *node, *tmp;
 
         role.word = 0;
         role.glevels = vcpu->arch.mmu.root_level;
@@ -913,9 +1103,20 @@ static struct kvm_mmu_page *kvm_mmu_get_page(struct kvm_vcpu *vcpu,
                  gfn, role.word);
         index = kvm_page_table_hashfn(gfn);
         bucket = &vcpu->kvm->arch.mmu_page_hash[index];
-        hlist_for_each_entry(sp, node, bucket, hash_link)
-                if (sp->gfn == gfn && sp->role.word == role.word) {
+        hlist_for_each_entry_safe(sp, node, tmp, bucket, hash_link)
+                if (sp->gfn == gfn) {
+                        if (sp->unsync)
+                                if (kvm_sync_page(vcpu, sp))
+                                        continue;
+
+                        if (sp->role.word != role.word)
+                                continue;
+
                         mmu_page_add_parent_pte(vcpu, sp, parent_pte);
+                        if (sp->unsync_children) {
+                                set_bit(KVM_REQ_MMU_SYNC, &vcpu->requests);
+                                kvm_mmu_mark_parents_unsync(vcpu, sp);
+                        }
                         pgprintk("%s: found\n", __func__);
                         return sp;
                 }
@@ -927,8 +1128,10 @@ static struct kvm_mmu_page *kvm_mmu_get_page(struct kvm_vcpu *vcpu,
         sp->gfn = gfn;
         sp->role = role;
         hlist_add_head(&sp->hash_link, bucket);
-        if (!metaphysical)
+        if (!metaphysical) {
                 rmap_write_protect(vcpu->kvm, gfn);
+                account_shadowed(vcpu->kvm, gfn);
+        }
         if (shadow_trap_nonpresent_pte != shadow_notrap_nonpresent_pte)
                 vcpu->arch.mmu.prefetch_page(vcpu, sp);
         else
@@ -936,6 +1139,35 @@ static struct kvm_mmu_page *kvm_mmu_get_page(struct kvm_vcpu *vcpu,
         return sp;
 }
 
+static int walk_shadow(struct kvm_shadow_walk *walker,
+                       struct kvm_vcpu *vcpu, u64 addr)
+{
+        hpa_t shadow_addr;
+        int level;
+        int r;
+        u64 *sptep;
+        unsigned index;
+
+        shadow_addr = vcpu->arch.mmu.root_hpa;
+        level = vcpu->arch.mmu.shadow_root_level;
+        if (level == PT32E_ROOT_LEVEL) {
+                shadow_addr = vcpu->arch.mmu.pae_root[(addr >> 30) & 3];
+                shadow_addr &= PT64_BASE_ADDR_MASK;
+                --level;
+        }
+
+        while (level >= PT_PAGE_TABLE_LEVEL) {
+                index = SHADOW_PT_INDEX(addr, level);
+                sptep = ((u64 *)__va(shadow_addr)) + index;
+                r = walker->entry(walker, vcpu, addr, sptep, level);
+                if (r)
+                        return r;
+                shadow_addr = *sptep & PT64_BASE_ADDR_MASK;
+                --level;
+        }
+        return 0;
+}
+
 static void kvm_mmu_page_unlink_children(struct kvm *kvm,
                                          struct kvm_mmu_page *sp)
 {
@@ -951,7 +1183,6 @@ static void kvm_mmu_page_unlink_children(struct kvm *kvm,
                                 rmap_remove(kvm, &pt[i]);
                         pt[i] = shadow_trap_nonpresent_pte;
                 }
-                kvm_flush_remote_tlbs(kvm);
                 return;
         }
 
@@ -970,7 +1201,6 @@ static void kvm_mmu_page_unlink_children(struct kvm *kvm,
                 }
                 pt[i] = shadow_trap_nonpresent_pte;
         }
-        kvm_flush_remote_tlbs(kvm);
 }
 
 static void kvm_mmu_put_page(struct kvm_mmu_page *sp, u64 *parent_pte)
@@ -987,11 +1217,10 @@ static void kvm_mmu_reset_last_pte_updated(struct kvm *kvm)
                         kvm->vcpus[i]->arch.last_pte_updated = NULL;
 }
 
-static void kvm_mmu_zap_page(struct kvm *kvm, struct kvm_mmu_page *sp)
+static void kvm_mmu_unlink_parents(struct kvm *kvm, struct kvm_mmu_page *sp)
 {
         u64 *parent_pte;
 
-        ++kvm->stat.mmu_shadow_zapped;
         while (sp->multimapped || sp->parent_pte) {
                 if (!sp->multimapped)
                         parent_pte = sp->parent_pte;
@@ -1006,21 +1235,59 @@ static void kvm_mmu_zap_page(struct kvm *kvm, struct kvm_mmu_page *sp)
                 kvm_mmu_put_page(sp, parent_pte);
                 set_shadow_pte(parent_pte, shadow_trap_nonpresent_pte);
         }
+}
+
+struct zap_walker {
+        struct kvm_unsync_walk walker;
+        struct kvm *kvm;
+        int zapped;
+};
+
+static int mmu_zap_fn(struct kvm_mmu_page *sp, struct kvm_unsync_walk *walk)
+{
+        struct zap_walker *zap_walk = container_of(walk, struct zap_walker,
+                                                     walker);
+        kvm_mmu_zap_page(zap_walk->kvm, sp);
+        zap_walk->zapped = 1;
+        return 0;
+}
+
+static int mmu_zap_unsync_children(struct kvm *kvm, struct kvm_mmu_page *sp)
+{
+        struct zap_walker walker = {
+                .walker = { .entry = mmu_zap_fn, },
+                .kvm = kvm,
+                .zapped = 0,
+        };
+
+        if (sp->role.level == PT_PAGE_TABLE_LEVEL)
+                return 0;
+        mmu_unsync_walk(sp, &walker.walker);
+        return walker.zapped;
+}
+
+static int kvm_mmu_zap_page(struct kvm *kvm, struct kvm_mmu_page *sp)
+{
+        int ret;
+        ++kvm->stat.mmu_shadow_zapped;
+        ret = mmu_zap_unsync_children(kvm, sp);
         kvm_mmu_page_unlink_children(kvm, sp);
+        kvm_mmu_unlink_parents(kvm, sp);
+        kvm_flush_remote_tlbs(kvm);
+        if (!sp->role.invalid && !sp->role.metaphysical)
+                unaccount_shadowed(kvm, sp->gfn);
+        if (sp->unsync)
+                kvm_unlink_unsync_page(kvm, sp);
         if (!sp->root_count) {
-                if (!sp->role.metaphysical && !sp->role.invalid)
-                        unaccount_shadowed(kvm, sp->gfn);
                 hlist_del(&sp->hash_link);
                 kvm_mmu_free_page(kvm, sp);
         } else {
-                int invalid = sp->role.invalid;
-                list_move(&sp->link, &kvm->arch.active_mmu_pages);
                 sp->role.invalid = 1;
+                list_move(&sp->link, &kvm->arch.active_mmu_pages);
                 kvm_reload_remote_mmus(kvm);
-                if (!sp->role.metaphysical && !invalid)
-                        unaccount_shadowed(kvm, sp->gfn);
         }
         kvm_mmu_reset_last_pte_updated(kvm);
+        return ret;
 }
 
 /*
@@ -1073,8 +1340,9 @@ static int kvm_mmu_unprotect_page(struct kvm *kvm, gfn_t gfn)
                 if (sp->gfn == gfn && !sp->role.metaphysical) {
                         pgprintk("%s: gfn %lx role %x\n", __func__, gfn,
                                  sp->role.word);
-                        kvm_mmu_zap_page(kvm, sp);
                         r = 1;
+                        if (kvm_mmu_zap_page(kvm, sp))
+                                n = bucket->first;
                 }
         return r;
 }
@@ -1097,6 +1365,20 @@ static void page_header_update_slot(struct kvm *kvm, void *pte, gfn_t gfn)
         __set_bit(slot, &sp->slot_bitmap);
 }
 
+static void mmu_convert_notrap(struct kvm_mmu_page *sp)
+{
+        int i;
+        u64 *pt = sp->spt;
+
+        if (shadow_trap_nonpresent_pte == shadow_notrap_nonpresent_pte)
+                return;
+
+        for (i = 0; i < PT64_ENT_PER_PAGE; ++i) {
+                if (pt[i] == shadow_notrap_nonpresent_pte)
+                        set_shadow_pte(&pt[i], shadow_trap_nonpresent_pte);
+        }
+}
+
 struct page *gva_to_page(struct kvm_vcpu *vcpu, gva_t gva)
 {
         struct page *page;
@@ -1106,51 +1388,60 @@ struct page *gva_to_page(struct kvm_vcpu *vcpu, gva_t gva)
         if (gpa == UNMAPPED_GVA)
                 return NULL;
 
-        down_read(&current->mm->mmap_sem);
         page = gfn_to_page(vcpu->kvm, gpa >> PAGE_SHIFT);
-        up_read(&current->mm->mmap_sem);
 
         return page;
 }
 
-static void mmu_set_spte(struct kvm_vcpu *vcpu, u64 *shadow_pte,
-                         unsigned pt_access, unsigned pte_access,
-                         int user_fault, int write_fault, int dirty,
-                         int *ptwrite, int largepage, gfn_t gfn,
-                         pfn_t pfn, bool speculative)
+static int kvm_unsync_page(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp)
 {
-        u64 spte;
-        int was_rmapped = 0;
-        int was_writeble = is_writeble_pte(*shadow_pte);
+        unsigned index;
+        struct hlist_head *bucket;
+        struct kvm_mmu_page *s;
+        struct hlist_node *node, *n;
 
-        pgprintk("%s: spte %llx access %x write_fault %d"
-                 " user_fault %d gfn %lx\n",
-                 __func__, *shadow_pte, pt_access,
-                 write_fault, user_fault, gfn);
+        index = kvm_page_table_hashfn(sp->gfn);
+        bucket = &vcpu->kvm->arch.mmu_page_hash[index];
+        /* don't unsync if pagetable is shadowed with multiple roles */
+        hlist_for_each_entry_safe(s, node, n, bucket, hash_link) {
+                if (s->gfn != sp->gfn || s->role.metaphysical)
+                        continue;
+                if (s->role.word != sp->role.word)
+                        return 1;
+        }
+        kvm_mmu_mark_parents_unsync(vcpu, sp);
+        ++vcpu->kvm->stat.mmu_unsync;
+        sp->unsync = 1;
+        mmu_convert_notrap(sp);
+        return 0;
+}
 
-        if (is_rmap_pte(*shadow_pte)) {
-                /*
-                 * If we overwrite a PTE page pointer with a 2MB PMD, unlink
-                 * the parent of the now unreachable PTE.
-                 */
-                if (largepage && !is_large_pte(*shadow_pte)) {
-                        struct kvm_mmu_page *child;
-                        u64 pte = *shadow_pte;
+static int mmu_need_write_protect(struct kvm_vcpu *vcpu, gfn_t gfn,
+                                  bool can_unsync)
+{
+        struct kvm_mmu_page *shadow;
 
-                        child = page_header(pte & PT64_BASE_ADDR_MASK);
-                        mmu_page_remove_parent_pte(child, shadow_pte);
-                } else if (pfn != spte_to_pfn(*shadow_pte)) {
-                        pgprintk("hfn old %lx new %lx\n",
-                                 spte_to_pfn(*shadow_pte), pfn);
-                        rmap_remove(vcpu->kvm, shadow_pte);
-                } else {
-                        if (largepage)
-                                was_rmapped = is_large_pte(*shadow_pte);
-                        else
-                                was_rmapped = 1;
-                }
+        shadow = kvm_mmu_lookup_page(vcpu->kvm, gfn);
+        if (shadow) {
+                if (shadow->role.level != PT_PAGE_TABLE_LEVEL)
+                        return 1;
+                if (shadow->unsync)
+                        return 0;
+                if (can_unsync && oos_shadow)
+                        return kvm_unsync_page(vcpu, shadow);
+                return 1;
         }
+        return 0;
+}
 
+static int set_spte(struct kvm_vcpu *vcpu, u64 *shadow_pte,
+                    unsigned pte_access, int user_fault,
+                    int write_fault, int dirty, int largepage,
+                    gfn_t gfn, pfn_t pfn, bool speculative,
+                    bool can_unsync)
+{
+        u64 spte;
+        int ret = 0;
         /*
          * We don't set the accessed bit, since we sometimes want to see
          * whether the guest actually used the pte (in order to detect
@@ -1158,7 +1449,7 @@ static void mmu_set_spte(struct kvm_vcpu *vcpu, u64 *shadow_pte,
          */
         spte = shadow_base_present_pte | shadow_dirty_mask;
         if (!speculative)
-                pte_access |= PT_ACCESSED_MASK;
+                spte |= shadow_accessed_mask;
         if (!dirty)
                 pte_access &= ~ACC_WRITE_MASK;
         if (pte_access & ACC_EXEC_MASK)
@@ -1174,35 +1465,82 @@ static void mmu_set_spte(struct kvm_vcpu *vcpu, u64 *shadow_pte,
 
         if ((pte_access & ACC_WRITE_MASK)
             || (write_fault && !is_write_protection(vcpu) && !user_fault)) {
-                struct kvm_mmu_page *shadow;
+
+                if (largepage && has_wrprotected_page(vcpu->kvm, gfn)) {
+                        ret = 1;
+                        spte = shadow_trap_nonpresent_pte;
+                        goto set_pte;
+                }
 
                 spte |= PT_WRITABLE_MASK;
 
-                shadow = kvm_mmu_lookup_page(vcpu->kvm, gfn);
-                if (shadow ||
-                   (largepage && has_wrprotected_page(vcpu->kvm, gfn))) {
+                if (mmu_need_write_protect(vcpu, gfn, can_unsync)) {
                         pgprintk("%s: found shadow page for %lx, marking ro\n",
                                  __func__, gfn);
+                        ret = 1;
                         pte_access &= ~ACC_WRITE_MASK;
-                        if (is_writeble_pte(spte)) {
+                        if (is_writeble_pte(spte))
                                 spte &= ~PT_WRITABLE_MASK;
-                                kvm_x86_ops->tlb_flush(vcpu);
-                        }
-                        if (write_fault)
-                                *ptwrite = 1;
                 }
         }
 
         if (pte_access & ACC_WRITE_MASK)
                 mark_page_dirty(vcpu->kvm, gfn);
 
-        pgprintk("%s: setting spte %llx\n", __func__, spte);
-        pgprintk("instantiating %s PTE (%s) at %ld (%llx) addr %p\n",
-                 (spte&PT_PAGE_SIZE_MASK)? "2MB" : "4kB",
-                 (spte&PT_WRITABLE_MASK)?"RW":"R", gfn, spte, shadow_pte);
+set_pte:
         set_shadow_pte(shadow_pte, spte);
-        if (!was_rmapped && (spte & PT_PAGE_SIZE_MASK)
-            && (spte & PT_PRESENT_MASK))
+        return ret;
+}
+
+static void mmu_set_spte(struct kvm_vcpu *vcpu, u64 *shadow_pte,
+                         unsigned pt_access, unsigned pte_access,
+                         int user_fault, int write_fault, int dirty,
+                         int *ptwrite, int largepage, gfn_t gfn,
+                         pfn_t pfn, bool speculative)
+{
+        int was_rmapped = 0;
+        int was_writeble = is_writeble_pte(*shadow_pte);
+
+        pgprintk("%s: spte %llx access %x write_fault %d"
+                 " user_fault %d gfn %lx\n",
+                 __func__, *shadow_pte, pt_access,
+                 write_fault, user_fault, gfn);
+
+        if (is_rmap_pte(*shadow_pte)) {
+                /*
+                 * If we overwrite a PTE page pointer with a 2MB PMD, unlink
+                 * the parent of the now unreachable PTE.
+                 */
+                if (largepage && !is_large_pte(*shadow_pte)) {
+                        struct kvm_mmu_page *child;
+                        u64 pte = *shadow_pte;
+
+                        child = page_header(pte & PT64_BASE_ADDR_MASK);
+                        mmu_page_remove_parent_pte(child, shadow_pte);
+                } else if (pfn != spte_to_pfn(*shadow_pte)) {
+                        pgprintk("hfn old %lx new %lx\n",
+                                 spte_to_pfn(*shadow_pte), pfn);
+                        rmap_remove(vcpu->kvm, shadow_pte);
+                } else {
+                        if (largepage)
+                                was_rmapped = is_large_pte(*shadow_pte);
+                        else
+                                was_rmapped = 1;
+                }
+        }
+        if (set_spte(vcpu, shadow_pte, pte_access, user_fault, write_fault,
+                      dirty, largepage, gfn, pfn, speculative, true)) {
+                if (write_fault)
+                        *ptwrite = 1;
+                kvm_x86_ops->tlb_flush(vcpu);
+        }
+
+        pgprintk("%s: setting spte %llx\n", __func__, *shadow_pte);
+        pgprintk("instantiating %s PTE (%s) at %ld (%llx) addr %p\n",
+                 is_large_pte(*shadow_pte)? "2MB" : "4kB",
+                 is_present_pte(*shadow_pte)?"RW":"R", gfn,
+                 *shadow_pte, shadow_pte);
+        if (!was_rmapped && is_large_pte(*shadow_pte))
                 ++vcpu->kvm->stat.lpages;
 
         page_header_update_slot(vcpu->kvm, shadow_pte, gfn);
@@ -1226,54 +1564,67 @@ static void nonpaging_new_cr3(struct kvm_vcpu *vcpu)
 {
 }
 
-static int __direct_map(struct kvm_vcpu *vcpu, gpa_t v, int write,
-                           int largepage, gfn_t gfn, pfn_t pfn,
-                           int level)
-{
-        hpa_t table_addr = vcpu->arch.mmu.root_hpa;
-        int pt_write = 0;
-
-        for (; ; level--) {
-                u32 index = PT64_INDEX(v, level);
-                u64 *table;
-
-                ASSERT(VALID_PAGE(table_addr));
-                table = __va(table_addr);
+struct direct_shadow_walk {
+        struct kvm_shadow_walk walker;
+        pfn_t pfn;
+        int write;
+        int largepage;
+        int pt_write;
+};
 
-                if (level == 1) {
-                        mmu_set_spte(vcpu, &table[index], ACC_ALL, ACC_ALL,
-                                     0, write, 1, &pt_write, 0, gfn, pfn, false);
-                        return pt_write;
-                }
+static int direct_map_entry(struct kvm_shadow_walk *_walk,
+                            struct kvm_vcpu *vcpu,
+                            u64 addr, u64 *sptep, int level)
+{
+        struct direct_shadow_walk *walk =
+                container_of(_walk, struct direct_shadow_walk, walker);
+        struct kvm_mmu_page *sp;
+        gfn_t pseudo_gfn;
+        gfn_t gfn = addr >> PAGE_SHIFT;
+
+        if (level == PT_PAGE_TABLE_LEVEL
+            || (walk->largepage && level == PT_DIRECTORY_LEVEL)) {
+                mmu_set_spte(vcpu, sptep, ACC_ALL, ACC_ALL,
+                             0, walk->write, 1, &walk->pt_write,
+                             walk->largepage, gfn, walk->pfn, false);
+                ++vcpu->stat.pf_fixed;
+                return 1;
+        }
 
-                if (largepage && level == 2) {
-                        mmu_set_spte(vcpu, &table[index], ACC_ALL, ACC_ALL,
-                                     0, write, 1, &pt_write, 1, gfn, pfn, false);
-                        return pt_write;
+        if (*sptep == shadow_trap_nonpresent_pte) {
+                pseudo_gfn = (addr & PT64_DIR_BASE_ADDR_MASK) >> PAGE_SHIFT;
+                sp = kvm_mmu_get_page(vcpu, pseudo_gfn, (gva_t)addr, level - 1,
+                                      1, ACC_ALL, sptep);
+                if (!sp) {
+                        pgprintk("nonpaging_map: ENOMEM\n");
+                        kvm_release_pfn_clean(walk->pfn);
+                        return -ENOMEM;
                 }
 
-                if (table[index] == shadow_trap_nonpresent_pte) {
-                        struct kvm_mmu_page *new_table;
-                        gfn_t pseudo_gfn;
-
-                        pseudo_gfn = (v & PT64_DIR_BASE_ADDR_MASK)
-                                >> PAGE_SHIFT;
-                        new_table = kvm_mmu_get_page(vcpu, pseudo_gfn,
-                                                     v, level - 1,
-                                                     1, ACC_ALL, &table[index]);
-                        if (!new_table) {
-                                pgprintk("nonpaging_map: ENOMEM\n");
-                                kvm_release_pfn_clean(pfn);
-                                return -ENOMEM;
-                        }
-
-                        set_shadow_pte(&table[index],
-                                       __pa(new_table->spt)
-                                       | PT_PRESENT_MASK | PT_WRITABLE_MASK
-                                       | shadow_user_mask | shadow_x_mask);
-                }
-                table_addr = table[index] & PT64_BASE_ADDR_MASK;
+                set_shadow_pte(sptep,
+                               __pa(sp->spt)
+                               | PT_PRESENT_MASK | PT_WRITABLE_MASK
+                               | shadow_user_mask | shadow_x_mask);
         }
+        return 0;
+}
+
+static int __direct_map(struct kvm_vcpu *vcpu, gpa_t v, int write,
+                        int largepage, gfn_t gfn, pfn_t pfn)
+{
+        int r;
+        struct direct_shadow_walk walker = {
+                .walker = { .entry = direct_map_entry, },
+                .pfn = pfn,
+                .largepage = largepage,
+                .write = write,
+                .pt_write = 0,
+        };
+
+        r = walk_shadow(&walker.walker, vcpu, gfn << PAGE_SHIFT);
+        if (r < 0)
+                return r;
+        return walker.pt_write;
 }
 
 static int nonpaging_map(struct kvm_vcpu *vcpu, gva_t v, int write, gfn_t gfn)
@@ -1283,16 +1634,14 @@ static int nonpaging_map(struct kvm_vcpu *vcpu, gva_t v, int write, gfn_t gfn)
         pfn_t pfn;
         unsigned long mmu_seq;
 
-        down_read(&current->mm->mmap_sem);
         if (is_largepage_backed(vcpu, gfn & ~(KVM_PAGES_PER_HPAGE-1))) {
                 gfn &= ~(KVM_PAGES_PER_HPAGE-1);
                 largepage = 1;
         }
 
         mmu_seq = vcpu->kvm->mmu_notifier_seq;
-        /* implicit mb(), we'll read before PT lock is unlocked */
+        smp_rmb();
         pfn = gfn_to_pfn(vcpu->kvm, gfn);
-        up_read(&current->mm->mmap_sem);
 
         /* mmio */
         if (is_error_pfn(pfn)) {
@@ -1304,8 +1653,7 @@ static int nonpaging_map(struct kvm_vcpu *vcpu, gva_t v, int write, gfn_t gfn)
         if (mmu_notifier_retry(vcpu, mmu_seq))
                 goto out_unlock;
         kvm_mmu_free_some_pages(vcpu);
-        r = __direct_map(vcpu, v, write, largepage, gfn, pfn,
-                         PT32E_ROOT_LEVEL);
+        r = __direct_map(vcpu, v, write, largepage, gfn, pfn);
         spin_unlock(&vcpu->kvm->mmu_lock);
 
 
@@ -1401,6 +1749,37 @@ static void mmu_alloc_roots(struct kvm_vcpu *vcpu)
         vcpu->arch.mmu.root_hpa = __pa(vcpu->arch.mmu.pae_root);
 }
 
+static void mmu_sync_roots(struct kvm_vcpu *vcpu)
+{
+        int i;
+        struct kvm_mmu_page *sp;
+
+        if (!VALID_PAGE(vcpu->arch.mmu.root_hpa))
+                return;
+        if (vcpu->arch.mmu.shadow_root_level == PT64_ROOT_LEVEL) {
+                hpa_t root = vcpu->arch.mmu.root_hpa;
+                sp = page_header(root);
+                mmu_sync_children(vcpu, sp);
+                return;
+        }
+        for (i = 0; i < 4; ++i) {
+                hpa_t root = vcpu->arch.mmu.pae_root[i];
+
+                if (root) {
+                        root &= PT64_BASE_ADDR_MASK;
+                        sp = page_header(root);
+                        mmu_sync_children(vcpu, sp);
+                }
+        }
+}
+
+void kvm_mmu_sync_roots(struct kvm_vcpu *vcpu)
+{
+        spin_lock(&vcpu->kvm->mmu_lock);
+        mmu_sync_roots(vcpu);
+        spin_unlock(&vcpu->kvm->mmu_lock);
+}
+
 static gpa_t nonpaging_gva_to_gpa(struct kvm_vcpu *vcpu, gva_t vaddr)
 {
         return vaddr;
@@ -1442,15 +1821,13 @@ static int tdp_page_fault(struct kvm_vcpu *vcpu, gva_t gpa,
         if (r)
                 return r;
 
-        down_read(&current->mm->mmap_sem);
         if (is_largepage_backed(vcpu, gfn & ~(KVM_PAGES_PER_HPAGE-1))) {
                 gfn &= ~(KVM_PAGES_PER_HPAGE-1);
                 largepage = 1;
         }
         mmu_seq = vcpu->kvm->mmu_notifier_seq;
-        /* implicit mb(), we'll read before PT lock is unlocked */
+        smp_rmb();
         pfn = gfn_to_pfn(vcpu->kvm, gfn);
-        up_read(&current->mm->mmap_sem);
         if (is_error_pfn(pfn)) {
                 kvm_release_pfn_clean(pfn);
                 return 1;
@@ -1460,7 +1837,7 @@ static int tdp_page_fault(struct kvm_vcpu *vcpu, gva_t gpa,
                 goto out_unlock;
         kvm_mmu_free_some_pages(vcpu);
         r = __direct_map(vcpu, gpa, error_code & PFERR_WRITE_MASK,
-                         largepage, gfn, pfn, kvm_x86_ops->get_tdp_level());
+                         largepage, gfn, pfn);
         spin_unlock(&vcpu->kvm->mmu_lock);
 
         return r;
@@ -1485,6 +1862,8 @@ static int nonpaging_init_context(struct kvm_vcpu *vcpu)
         context->gva_to_gpa = nonpaging_gva_to_gpa;
         context->free = nonpaging_free;
         context->prefetch_page = nonpaging_prefetch_page;
+        context->sync_page = nonpaging_sync_page;
+        context->invlpg = nonpaging_invlpg;
         context->root_level = 0;
         context->shadow_root_level = PT32E_ROOT_LEVEL;
         context->root_hpa = INVALID_PAGE;
@@ -1532,6 +1911,8 @@ static int paging64_init_context_common(struct kvm_vcpu *vcpu, int level)
         context->page_fault = paging64_page_fault;
         context->gva_to_gpa = paging64_gva_to_gpa;
         context->prefetch_page = paging64_prefetch_page;
+        context->sync_page = paging64_sync_page;
+        context->invlpg = paging64_invlpg;
         context->free = paging_free;
         context->root_level = level;
         context->shadow_root_level = level;
@@ -1553,6 +1934,8 @@ static int paging32_init_context(struct kvm_vcpu *vcpu)
         context->gva_to_gpa = paging32_gva_to_gpa;
         context->free = paging_free;
         context->prefetch_page = paging32_prefetch_page;
+        context->sync_page = paging32_sync_page;
+        context->invlpg = paging32_invlpg;
         context->root_level = PT32_ROOT_LEVEL;
         context->shadow_root_level = PT32E_ROOT_LEVEL;
         context->root_hpa = INVALID_PAGE;
@@ -1572,6 +1955,8 @@ static int init_kvm_tdp_mmu(struct kvm_vcpu *vcpu)
         context->page_fault = tdp_page_fault;
         context->free = nonpaging_free;
         context->prefetch_page = nonpaging_prefetch_page;
+        context->sync_page = nonpaging_sync_page;
+        context->invlpg = nonpaging_invlpg;
         context->shadow_root_level = kvm_x86_ops->get_tdp_level();
         context->root_hpa = INVALID_PAGE;
 
@@ -1643,6 +2028,7 @@ int kvm_mmu_load(struct kvm_vcpu *vcpu)
         spin_lock(&vcpu->kvm->mmu_lock);
         kvm_mmu_free_some_pages(vcpu);
         mmu_alloc_roots(vcpu);
+        mmu_sync_roots(vcpu);
         spin_unlock(&vcpu->kvm->mmu_lock);
         kvm_x86_ops->set_cr3(vcpu, vcpu->arch.mmu.root_hpa);
         kvm_mmu_flush_tlb(vcpu);
@@ -1763,15 +2149,13 @@ static void mmu_guess_page_from_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
                 return;
         gfn = (gpte & PT64_BASE_ADDR_MASK) >> PAGE_SHIFT;
 
-        down_read(&current->mm->mmap_sem);
         if (is_large_pte(gpte) && is_largepage_backed(vcpu, gfn)) {
                 gfn &= ~(KVM_PAGES_PER_HPAGE-1);
                 vcpu->arch.update_pte.largepage = 1;
         }
         vcpu->arch.update_pte.mmu_seq = vcpu->kvm->mmu_notifier_seq;
-        /* implicit mb(), we'll read before PT lock is unlocked */
+        smp_rmb();
         pfn = gfn_to_pfn(vcpu->kvm, gfn);
-        up_read(&current->mm->mmap_sem);
 
         if (is_error_pfn(pfn)) {
                 kvm_release_pfn_clean(pfn);
@@ -1833,7 +2217,7 @@ void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
         index = kvm_page_table_hashfn(gfn);
         bucket = &vcpu->kvm->arch.mmu_page_hash[index];
         hlist_for_each_entry_safe(sp, node, n, bucket, hash_link) {
-                if (sp->gfn != gfn || sp->role.metaphysical)
+                if (sp->gfn != gfn || sp->role.metaphysical || sp->role.invalid)
                         continue;
                 pte_size = sp->role.glevels == PT32_ROOT_LEVEL ? 4 : 8;
                 misaligned = (offset ^ (offset + bytes - 1)) & ~(pte_size - 1);
@@ -1851,7 +2235,8 @@ void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
                          */
                         pgprintk("misaligned: gpa %llx bytes %d role %x\n",
                                  gpa, bytes, sp->role.word);
-                        kvm_mmu_zap_page(vcpu->kvm, sp);
+                        if (kvm_mmu_zap_page(vcpu->kvm, sp))
+                                n = bucket->first;
                         ++vcpu->kvm->stat.mmu_flooded;
                         continue;
                 }
@@ -1965,6 +2350,16 @@ out:
 }
 EXPORT_SYMBOL_GPL(kvm_mmu_page_fault);
 
+void kvm_mmu_invlpg(struct kvm_vcpu *vcpu, gva_t gva)
+{
+        spin_lock(&vcpu->kvm->mmu_lock);
+        vcpu->arch.mmu.invlpg(vcpu, gva);
+        spin_unlock(&vcpu->kvm->mmu_lock);
+        kvm_mmu_flush_tlb(vcpu);
+        ++vcpu->stat.invlpg;
+}
+EXPORT_SYMBOL_GPL(kvm_mmu_invlpg);
+
 void kvm_enable_tdp(void)
 {
         tdp_enabled = true;
@@ -2051,6 +2446,7 @@ void kvm_mmu_slot_remove_write_access(struct kvm *kvm, int slot)
 {
         struct kvm_mmu_page *sp;
 
+        spin_lock(&kvm->mmu_lock);
         list_for_each_entry(sp, &kvm->arch.active_mmu_pages, link) {
                 int i;
                 u64 *pt;
@@ -2064,6 +2460,8 @@ void kvm_mmu_slot_remove_write_access(struct kvm *kvm, int slot)
                         if (pt[i] & PT_WRITABLE_MASK)
                                 pt[i] &= ~PT_WRITABLE_MASK;
         }
+        kvm_flush_remote_tlbs(kvm);
+        spin_unlock(&kvm->mmu_lock);
 }
 
 void kvm_mmu_zap_all(struct kvm *kvm)
@@ -2072,7 +2470,9 @@ void kvm_mmu_zap_all(struct kvm *kvm)
 
         spin_lock(&kvm->mmu_lock);
         list_for_each_entry_safe(sp, node, &kvm->arch.active_mmu_pages, link)
-                kvm_mmu_zap_page(kvm, sp);
+                if (kvm_mmu_zap_page(kvm, sp))
+                        node = container_of(kvm->arch.active_mmu_pages.next,
+                                            struct kvm_mmu_page, link);
         spin_unlock(&kvm->mmu_lock);
 
         kvm_flush_remote_tlbs(kvm);
@@ -2287,18 +2687,18 @@ int kvm_pv_mmu_op(struct kvm_vcpu *vcpu, unsigned long bytes,
                   gpa_t addr, unsigned long *ret)
 {
         int r;
-        struct kvm_pv_mmu_op_buffer buffer;
+        struct kvm_pv_mmu_op_buffer *buffer = &vcpu->arch.mmu_op_buffer;
 
-        buffer.ptr = buffer.buf;
-        buffer.len = min_t(unsigned long, bytes, sizeof buffer.buf);
-        buffer.processed = 0;
+        buffer->ptr = buffer->buf;
+        buffer->len = min_t(unsigned long, bytes, sizeof buffer->buf);
+        buffer->processed = 0;
 
-        r = kvm_read_guest(vcpu->kvm, addr, buffer.buf, buffer.len);
+        r = kvm_read_guest(vcpu->kvm, addr, buffer->buf, buffer->len);
         if (r)
                 goto out;
 
-        while (buffer.len) {
-                r = kvm_pv_mmu_op_one(vcpu, &buffer);
+        while (buffer->len) {
+                r = kvm_pv_mmu_op_one(vcpu, buffer);
                 if (r < 0)
                         goto out;
                 if (r == 0)
@@ -2307,7 +2707,7 @@ int kvm_pv_mmu_op(struct kvm_vcpu *vcpu, unsigned long bytes,
 
         r = 1;
 out:
-        *ret = buffer.processed;
+        *ret = buffer->processed;
         return r;
 }
 
diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
index 4a814bff21f2..613ec9aa674a 100644
--- a/arch/x86/kvm/paging_tmpl.h
+++ b/arch/x86/kvm/paging_tmpl.h
@@ -25,11 +25,11 @@
 #if PTTYPE == 64
         #define pt_element_t u64
         #define guest_walker guest_walker64
+        #define shadow_walker shadow_walker64
         #define FNAME(name) paging##64_##name
         #define PT_BASE_ADDR_MASK PT64_BASE_ADDR_MASK
         #define PT_DIR_BASE_ADDR_MASK PT64_DIR_BASE_ADDR_MASK
         #define PT_INDEX(addr, level) PT64_INDEX(addr, level)
-        #define SHADOW_PT_INDEX(addr, level) PT64_INDEX(addr, level)
         #define PT_LEVEL_MASK(level) PT64_LEVEL_MASK(level)
         #define PT_LEVEL_BITS PT64_LEVEL_BITS
         #ifdef CONFIG_X86_64
@@ -42,11 +42,11 @@
 #elif PTTYPE == 32
         #define pt_element_t u32
         #define guest_walker guest_walker32
+        #define shadow_walker shadow_walker32
         #define FNAME(name) paging##32_##name
         #define PT_BASE_ADDR_MASK PT32_BASE_ADDR_MASK
         #define PT_DIR_BASE_ADDR_MASK PT32_DIR_BASE_ADDR_MASK
         #define PT_INDEX(addr, level) PT32_INDEX(addr, level)
-        #define SHADOW_PT_INDEX(addr, level) PT64_INDEX(addr, level)
         #define PT_LEVEL_MASK(level) PT32_LEVEL_MASK(level)
         #define PT_LEVEL_BITS PT32_LEVEL_BITS
         #define PT_MAX_FULL_LEVELS 2
@@ -73,6 +73,17 @@ struct guest_walker {
         u32 error_code;
 };
 
+struct shadow_walker {
+        struct kvm_shadow_walk walker;
+        struct guest_walker *guest_walker;
+        int user_fault;
+        int write_fault;
+        int largepage;
+        int *ptwrite;
+        pfn_t pfn;
+        u64 *sptep;
+};
+
 static gfn_t gpte_to_gfn(pt_element_t gpte)
 {
         return (gpte & PT_BASE_ADDR_MASK) >> PAGE_SHIFT;
@@ -91,14 +102,10 @@ static bool FNAME(cmpxchg_gpte)(struct kvm *kvm,
         pt_element_t *table;
         struct page *page;
 
-        down_read(&current->mm->mmap_sem);
         page = gfn_to_page(kvm, table_gfn);
-        up_read(&current->mm->mmap_sem);
 
         table = kmap_atomic(page, KM_USER0);
-
         ret = CMPXCHG(&table[index], orig_pte, new_pte);
-
         kunmap_atomic(table, KM_USER0);
 
         kvm_release_page_dirty(page);
@@ -274,86 +281,89 @@ static void FNAME(update_pte)(struct kvm_vcpu *vcpu, struct kvm_mmu_page *page,
 /*
  * Fetch a shadow pte for a specific level in the paging hierarchy.
  */
-static u64 *FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr,
-                         struct guest_walker *walker,
-                         int user_fault, int write_fault, int largepage,
-                         int *ptwrite, pfn_t pfn)
+static int FNAME(shadow_walk_entry)(struct kvm_shadow_walk *_sw,
+                                    struct kvm_vcpu *vcpu, u64 addr,
+                                    u64 *sptep, int level)
 {
-        hpa_t shadow_addr;
-        int level;
-        u64 *shadow_ent;
-        unsigned access = walker->pt_access;
-
-        if (!is_present_pte(walker->ptes[walker->level - 1]))
-                return NULL;
-
-        shadow_addr = vcpu->arch.mmu.root_hpa;
-        level = vcpu->arch.mmu.shadow_root_level;
-        if (level == PT32E_ROOT_LEVEL) {
-                shadow_addr = vcpu->arch.mmu.pae_root[(addr >> 30) & 3];
-                shadow_addr &= PT64_BASE_ADDR_MASK;
-                --level;
+        struct shadow_walker *sw =
+                container_of(_sw, struct shadow_walker, walker);
+        struct guest_walker *gw = sw->guest_walker;
+        unsigned access = gw->pt_access;
+        struct kvm_mmu_page *shadow_page;
+        u64 spte;
+        int metaphysical;
+        gfn_t table_gfn;
+        int r;
+        pt_element_t curr_pte;
+
+        if (level == PT_PAGE_TABLE_LEVEL
+            || (sw->largepage && level == PT_DIRECTORY_LEVEL)) {
+                mmu_set_spte(vcpu, sptep, access, gw->pte_access & access,
+                             sw->user_fault, sw->write_fault,
+                             gw->ptes[gw->level-1] & PT_DIRTY_MASK,
+                             sw->ptwrite, sw->largepage, gw->gfn, sw->pfn,
+                             false);
+                sw->sptep = sptep;
+                return 1;
         }
 
-        for (; ; level--) {
-                u32 index = SHADOW_PT_INDEX(addr, level);
-                struct kvm_mmu_page *shadow_page;
-                u64 shadow_pte;
-                int metaphysical;
-                gfn_t table_gfn;
-
-                shadow_ent = ((u64 *)__va(shadow_addr)) + index;
-                if (level == PT_PAGE_TABLE_LEVEL)
-                        break;
-
-                if (largepage && level == PT_DIRECTORY_LEVEL)
-                        break;
+        if (is_shadow_present_pte(*sptep) && !is_large_pte(*sptep))
+                return 0;
 
-                if (is_shadow_present_pte(*shadow_ent)
-                    && !is_large_pte(*shadow_ent)) {
-                        shadow_addr = *shadow_ent & PT64_BASE_ADDR_MASK;
-                        continue;
-                }
+        if (is_large_pte(*sptep)) {
+                set_shadow_pte(sptep, shadow_trap_nonpresent_pte);
+                kvm_flush_remote_tlbs(vcpu->kvm);
+                rmap_remove(vcpu->kvm, sptep);
+        }
 
-                if (is_large_pte(*shadow_ent))
-                        rmap_remove(vcpu->kvm, shadow_ent);
-
-                if (level - 1 == PT_PAGE_TABLE_LEVEL
-                    && walker->level == PT_DIRECTORY_LEVEL) {
-                        metaphysical = 1;
-                        if (!is_dirty_pte(walker->ptes[level - 1]))
-                                access &= ~ACC_WRITE_MASK;
-                        table_gfn = gpte_to_gfn(walker->ptes[level - 1]);
-                } else {
-                        metaphysical = 0;
-                        table_gfn = walker->table_gfn[level - 2];
-                }
-                shadow_page = kvm_mmu_get_page(vcpu, table_gfn, addr, level-1,
-                                               metaphysical, access,
-                                               shadow_ent);
-                if (!metaphysical) {
-                        int r;
-                        pt_element_t curr_pte;
-                        r = kvm_read_guest_atomic(vcpu->kvm,
-                                                  walker->pte_gpa[level - 2],
-                                                  &curr_pte, sizeof(curr_pte));
-                        if (r || curr_pte != walker->ptes[level - 2]) {
-                                kvm_release_pfn_clean(pfn);
-                                return NULL;
-                        }
+        if (level == PT_DIRECTORY_LEVEL && gw->level == PT_DIRECTORY_LEVEL) {
+                metaphysical = 1;
+                if (!is_dirty_pte(gw->ptes[level - 1]))
+                        access &= ~ACC_WRITE_MASK;
+                table_gfn = gpte_to_gfn(gw->ptes[level - 1]);
+        } else {
+                metaphysical = 0;
+                table_gfn = gw->table_gfn[level - 2];
+        }
+        shadow_page = kvm_mmu_get_page(vcpu, table_gfn, (gva_t)addr, level-1,
+                                       metaphysical, access, sptep);
+        if (!metaphysical) {
+                r = kvm_read_guest_atomic(vcpu->kvm, gw->pte_gpa[level - 2],
+                                          &curr_pte, sizeof(curr_pte));
+                if (r || curr_pte != gw->ptes[level - 2]) {
+                        kvm_release_pfn_clean(sw->pfn);
+                        sw->sptep = NULL;
+                        return 1;
                 }
-                shadow_addr = __pa(shadow_page->spt);
-                shadow_pte = shadow_addr | PT_PRESENT_MASK | PT_ACCESSED_MASK
-                        | PT_WRITABLE_MASK | PT_USER_MASK;
-                set_shadow_pte(shadow_ent, shadow_pte);
         }
 
-        mmu_set_spte(vcpu, shadow_ent, access, walker->pte_access & access,
-                     user_fault, write_fault,
-                     walker->ptes[walker->level-1] & PT_DIRTY_MASK,
-                     ptwrite, largepage, walker->gfn, pfn, false);
+        spte = __pa(shadow_page->spt) | PT_PRESENT_MASK | PT_ACCESSED_MASK
+                | PT_WRITABLE_MASK | PT_USER_MASK;
+        *sptep = spte;
+        return 0;
+}
+
+static u64 *FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr,
+                         struct guest_walker *guest_walker,
+                         int user_fault, int write_fault, int largepage,
+                         int *ptwrite, pfn_t pfn)
+{
+        struct shadow_walker walker = {
+                .walker = { .entry = FNAME(shadow_walk_entry), },
+                .guest_walker = guest_walker,
+                .user_fault = user_fault,
+                .write_fault = write_fault,
+                .largepage = largepage,
+                .ptwrite = ptwrite,
+                .pfn = pfn,
+        };
+
+        if (!is_present_pte(guest_walker->ptes[guest_walker->level - 1]))
+                return NULL;
+
+        walk_shadow(&walker.walker, vcpu, addr);
 
-        return shadow_ent;
+        return walker.sptep;
 }
 
 /*
@@ -407,7 +417,6 @@ static int FNAME(page_fault)(struct kvm_vcpu *vcpu, gva_t addr,
                 return 0;
         }
 
-        down_read(&current->mm->mmap_sem);
         if (walker.level == PT_DIRECTORY_LEVEL) {
                 gfn_t large_gfn;
                 large_gfn = walker.gfn & ~(KVM_PAGES_PER_HPAGE-1);
@@ -417,9 +426,8 @@ static int FNAME(page_fault)(struct kvm_vcpu *vcpu, gva_t addr,
                 }
         }
         mmu_seq = vcpu->kvm->mmu_notifier_seq;
-        /* implicit mb(), we'll read before PT lock is unlocked */
+        smp_rmb();
         pfn = gfn_to_pfn(vcpu->kvm, walker.gfn);
-        up_read(&current->mm->mmap_sem);
 
         /* mmio */
         if (is_error_pfn(pfn)) {
@@ -453,6 +461,31 @@ out_unlock:
         return 0;
 }
 
+static int FNAME(shadow_invlpg_entry)(struct kvm_shadow_walk *_sw,
+                                      struct kvm_vcpu *vcpu, u64 addr,
+                                      u64 *sptep, int level)
+{
+
+        if (level == PT_PAGE_TABLE_LEVEL) {
+                if (is_shadow_present_pte(*sptep))
+                        rmap_remove(vcpu->kvm, sptep);
+                set_shadow_pte(sptep, shadow_trap_nonpresent_pte);
+                return 1;
+        }
+        if (!is_shadow_present_pte(*sptep))
+                return 1;
+        return 0;
+}
+
+static void FNAME(invlpg)(struct kvm_vcpu *vcpu, gva_t gva)
+{
+        struct shadow_walker walker = {
+                .walker = { .entry = FNAME(shadow_invlpg_entry), },
+        };
+
+        walk_shadow(&walker.walker, vcpu, gva);
+}
+
 static gpa_t FNAME(gva_to_gpa)(struct kvm_vcpu *vcpu, gva_t vaddr)
 {
         struct guest_walker walker;
@@ -499,12 +532,66 @@ static void FNAME(prefetch_page)(struct kvm_vcpu *vcpu,
         }
 }
 
+/*
+ * Using the cached information from sp->gfns is safe because:
+ * - The spte has a reference to the struct page, so the pfn for a given gfn
+ *   can't change unless all sptes pointing to it are nuked first.
+ * - Alias changes zap the entire shadow cache.
+ */
+static int FNAME(sync_page)(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp)
+{
+        int i, offset, nr_present;
+
+        offset = nr_present = 0;
+
+        if (PTTYPE == 32)
+                offset = sp->role.quadrant << PT64_LEVEL_BITS;
+
+        for (i = 0; i < PT64_ENT_PER_PAGE; i++) {
+                unsigned pte_access;
+                pt_element_t gpte;
+                gpa_t pte_gpa;
+                gfn_t gfn = sp->gfns[i];
+
+                if (!is_shadow_present_pte(sp->spt[i]))
+                        continue;
+
+                pte_gpa = gfn_to_gpa(sp->gfn);
+                pte_gpa += (i+offset) * sizeof(pt_element_t);
+
+                if (kvm_read_guest_atomic(vcpu->kvm, pte_gpa, &gpte,
+                                          sizeof(pt_element_t)))
+                        return -EINVAL;
+
+                if (gpte_to_gfn(gpte) != gfn || !is_present_pte(gpte) ||
+                    !(gpte & PT_ACCESSED_MASK)) {
+                        u64 nonpresent;
+
+                        rmap_remove(vcpu->kvm, &sp->spt[i]);
+                        if (is_present_pte(gpte))
+                                nonpresent = shadow_trap_nonpresent_pte;
+                        else
+                                nonpresent = shadow_notrap_nonpresent_pte;
+                        set_shadow_pte(&sp->spt[i], nonpresent);
+                        continue;
+                }
+
+                nr_present++;
+                pte_access = sp->role.access & FNAME(gpte_access)(vcpu, gpte);
+                set_spte(vcpu, &sp->spt[i], pte_access, 0, 0,
+                         is_dirty_pte(gpte), 0, gfn,
+                         spte_to_pfn(sp->spt[i]), true, false);
+        }
+
+        return !nr_present;
+}
+
 #undef pt_element_t
 #undef guest_walker
+#undef shadow_walker
 #undef FNAME
 #undef PT_BASE_ADDR_MASK
 #undef PT_INDEX
-#undef SHADOW_PT_INDEX
 #undef PT_LEVEL_MASK
 #undef PT_DIR_BASE_ADDR_MASK
 #undef PT_LEVEL_BITS
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index e2ee264740c7..9c4ce657d963 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -18,6 +18,7 @@
 #include "kvm_svm.h"
 #include "irq.h"
 #include "mmu.h"
+#include "kvm_cache_regs.h"
 
 #include <linux/module.h>
 #include <linux/kernel.h>
@@ -35,10 +36,6 @@ MODULE_LICENSE("GPL");
 #define IOPM_ALLOC_ORDER 2
 #define MSRPM_ALLOC_ORDER 1
 
-#define DB_VECTOR 1
-#define UD_VECTOR 6
-#define GP_VECTOR 13
-
 #define DR7_GD_MASK (1 << 13)
 #define DR6_BD_MASK (1 << 13)
 
@@ -47,7 +44,7 @@ MODULE_LICENSE("GPL");
 
 #define SVM_FEATURE_NPT  (1 << 0)
 #define SVM_FEATURE_LBRV (1 << 1)
-#define SVM_DEATURE_SVML (1 << 2)
+#define SVM_FEATURE_SVML (1 << 2)
 
 #define DEBUGCTL_RESERVED_BITS (~(0x3fULL))
 
@@ -62,6 +59,7 @@ static int npt = 1;
 module_param(npt, int, S_IRUGO);
 
 static void kvm_reput_irq(struct vcpu_svm *svm);
+static void svm_flush_tlb(struct kvm_vcpu *vcpu);
 
 static inline struct vcpu_svm *to_svm(struct kvm_vcpu *vcpu)
 {
@@ -235,13 +233,11 @@ static void skip_emulated_instruction(struct kvm_vcpu *vcpu)
                 printk(KERN_DEBUG "%s: NOP\n", __func__);
                 return;
         }
-        if (svm->next_rip - svm->vmcb->save.rip > MAX_INST_SIZE)
-                printk(KERN_ERR "%s: ip 0x%llx next 0x%llx\n",
-                       __func__,
-                       svm->vmcb->save.rip,
-                       svm->next_rip);
+        if (svm->next_rip - kvm_rip_read(vcpu) > MAX_INST_SIZE)
+                printk(KERN_ERR "%s: ip 0x%lx next 0x%llx\n",
+                       __func__, kvm_rip_read(vcpu), svm->next_rip);
 
-        vcpu->arch.rip = svm->vmcb->save.rip = svm->next_rip;
+        kvm_rip_write(vcpu, svm->next_rip);
         svm->vmcb->control.int_state &= ~SVM_INTERRUPT_SHADOW_MASK;
 
         vcpu->arch.interrupt_window_open = 1;
@@ -529,6 +525,7 @@ static void init_vmcb(struct vcpu_svm *svm)
                                 (1ULL << INTERCEPT_CPUID) |
                                 (1ULL << INTERCEPT_INVD) |
                                 (1ULL << INTERCEPT_HLT) |
+                                (1ULL << INTERCEPT_INVLPG) |
                                 (1ULL << INTERCEPT_INVLPGA) |
                                 (1ULL << INTERCEPT_IOIO_PROT) |
                                 (1ULL << INTERCEPT_MSR_PROT) |
@@ -580,6 +577,7 @@ static void init_vmcb(struct vcpu_svm *svm)
         save->dr7 = 0x400;
         save->rflags = 2;
         save->rip = 0x0000fff0;
+        svm->vcpu.arch.regs[VCPU_REGS_RIP] = save->rip;
 
         /*
          * cr0 val on cpu init should be 0x60000010, we enable cpu
@@ -592,7 +590,8 @@ static void init_vmcb(struct vcpu_svm *svm)
         if (npt_enabled) {
                 /* Setup VMCB for Nested Paging */
                 control->nested_ctl = 1;
-                control->intercept &= ~(1ULL << INTERCEPT_TASK_SWITCH);
+                control->intercept &= ~((1ULL << INTERCEPT_TASK_SWITCH) |
+                                        (1ULL << INTERCEPT_INVLPG));
                 control->intercept_exceptions &= ~(1 << PF_VECTOR);
                 control->intercept_cr_read &= ~(INTERCEPT_CR0_MASK|
                                                 INTERCEPT_CR3_MASK);
@@ -614,10 +613,12 @@ static int svm_vcpu_reset(struct kvm_vcpu *vcpu)
         init_vmcb(svm);
 
         if (vcpu->vcpu_id != 0) {
-                svm->vmcb->save.rip = 0;
+                kvm_rip_write(vcpu, 0);
                 svm->vmcb->save.cs.base = svm->vcpu.arch.sipi_vector << 12;
                 svm->vmcb->save.cs.selector = svm->vcpu.arch.sipi_vector << 8;
         }
+        vcpu->arch.regs_avail = ~0;
+        vcpu->arch.regs_dirty = ~0;
 
         return 0;
 }
@@ -720,23 +721,6 @@ static void svm_vcpu_put(struct kvm_vcpu *vcpu)
         rdtscll(vcpu->arch.host_tsc);
 }
 
-static void svm_cache_regs(struct kvm_vcpu *vcpu)
-{
-        struct vcpu_svm *svm = to_svm(vcpu);
-
-        vcpu->arch.regs[VCPU_REGS_RAX] = svm->vmcb->save.rax;
-        vcpu->arch.regs[VCPU_REGS_RSP] = svm->vmcb->save.rsp;
-        vcpu->arch.rip = svm->vmcb->save.rip;
-}
-
-static void svm_decache_regs(struct kvm_vcpu *vcpu)
-{
-        struct vcpu_svm *svm = to_svm(vcpu);
-        svm->vmcb->save.rax = vcpu->arch.regs[VCPU_REGS_RAX];
-        svm->vmcb->save.rsp = vcpu->arch.regs[VCPU_REGS_RSP];
-        svm->vmcb->save.rip = vcpu->arch.rip;
-}
-
 static unsigned long svm_get_rflags(struct kvm_vcpu *vcpu)
 {
         return to_svm(vcpu)->vmcb->save.rflags;
@@ -878,6 +862,10 @@ set:
 static void svm_set_cr4(struct kvm_vcpu *vcpu, unsigned long cr4)
 {
         unsigned long host_cr4_mce = read_cr4() & X86_CR4_MCE;
+        unsigned long old_cr4 = to_svm(vcpu)->vmcb->save.cr4;
+
+        if (npt_enabled && ((old_cr4 ^ cr4) & X86_CR4_PGE))
+                force_new_asid(vcpu);
 
         vcpu->arch.cr4 = cr4;
         if (!npt_enabled)
@@ -1027,8 +1015,15 @@ static int pf_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
                 KVMTRACE_3D(TDP_FAULT, &svm->vcpu, error_code,
                             (u32)fault_address, (u32)(fault_address >> 32),
                             handler);
+        /*
+         * FIXME: Tis shouldn't be necessary here, but there is a flush
+         * missing in the MMU code. Until we find this bug, flush the
+         * complete TLB here on an NPF
+         */
+        if (npt_enabled)
+                svm_flush_tlb(&svm->vcpu);
 
-        if (event_injection)
+        if (!npt_enabled && event_injection)
                 kvm_mmu_unprotect_page_virt(&svm->vcpu, fault_address);
         return kvm_mmu_page_fault(&svm->vcpu, fault_address, error_code);
 }
@@ -1127,14 +1122,14 @@ static int nop_on_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
 
 static int halt_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
 {
-        svm->next_rip = svm->vmcb->save.rip + 1;
+        svm->next_rip = kvm_rip_read(&svm->vcpu) + 1;
         skip_emulated_instruction(&svm->vcpu);
         return kvm_emulate_halt(&svm->vcpu);
 }
 
 static int vmmcall_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
 {
-        svm->next_rip = svm->vmcb->save.rip + 3;
+        svm->next_rip = kvm_rip_read(&svm->vcpu) + 3;
         skip_emulated_instruction(&svm->vcpu);
         kvm_emulate_hypercall(&svm->vcpu);
         return 1;
@@ -1166,11 +1161,18 @@ static int task_switch_interception(struct vcpu_svm *svm,
 
 static int cpuid_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
 {
-        svm->next_rip = svm->vmcb->save.rip + 2;
+        svm->next_rip = kvm_rip_read(&svm->vcpu) + 2;
         kvm_emulate_cpuid(&svm->vcpu);
         return 1;
 }
 
+static int invlpg_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+{
+        if (emulate_instruction(&svm->vcpu, kvm_run, 0, 0, 0) != EMULATE_DONE)
+                pr_unimpl(&svm->vcpu, "%s: failed\n", __func__);
+        return 1;
+}
+
 static int emulate_on_interception(struct vcpu_svm *svm,
                                    struct kvm_run *kvm_run)
 {
@@ -1261,9 +1263,9 @@ static int rdmsr_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
                 KVMTRACE_3D(MSR_READ, &svm->vcpu, ecx, (u32)data,
                             (u32)(data >> 32), handler);
 
-                svm->vmcb->save.rax = data & 0xffffffff;
+                svm->vcpu.arch.regs[VCPU_REGS_RAX] = data & 0xffffffff;
                 svm->vcpu.arch.regs[VCPU_REGS_RDX] = data >> 32;
-                svm->next_rip = svm->vmcb->save.rip + 2;
+                svm->next_rip = kvm_rip_read(&svm->vcpu) + 2;
                 skip_emulated_instruction(&svm->vcpu);
         }
         return 1;
@@ -1347,13 +1349,13 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 data)
 static int wrmsr_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
 {
         u32 ecx = svm->vcpu.arch.regs[VCPU_REGS_RCX];
-        u64 data = (svm->vmcb->save.rax & -1u)
+        u64 data = (svm->vcpu.arch.regs[VCPU_REGS_RAX] & -1u)
                 | ((u64)(svm->vcpu.arch.regs[VCPU_REGS_RDX] & -1u) << 32);
 
         KVMTRACE_3D(MSR_WRITE, &svm->vcpu, ecx, (u32)data, (u32)(data >> 32),
                     handler);
 
-        svm->next_rip = svm->vmcb->save.rip + 2;
+        svm->next_rip = kvm_rip_read(&svm->vcpu) + 2;
         if (svm_set_msr(&svm->vcpu, ecx, data))
                 kvm_inject_gp(&svm->vcpu, 0);
         else
@@ -1424,7 +1426,7 @@ static int (*svm_exit_handlers[])(struct vcpu_svm *svm,
         [SVM_EXIT_CPUID]                        = cpuid_interception,
         [SVM_EXIT_INVD]                         = emulate_on_interception,
         [SVM_EXIT_HLT]                          = halt_interception,
-        [SVM_EXIT_INVLPG]                       = emulate_on_interception,
+        [SVM_EXIT_INVLPG]                       = invlpg_interception,
         [SVM_EXIT_INVLPGA]                      = invalid_op_interception,
         [SVM_EXIT_IOIO]                         = io_interception,
         [SVM_EXIT_MSR]                          = msr_interception,
@@ -1526,6 +1528,7 @@ static inline void svm_inject_irq(struct vcpu_svm *svm, int irq)
 
         KVMTRACE_1D(INJ_VIRQ, &svm->vcpu, (u32)irq, handler);
 
+        ++svm->vcpu.stat.irq_injections;
         control = &svm->vmcb->control;
         control->int_vector = irq;
         control->int_ctl &= ~V_INTR_PRIO_MASK;
@@ -1704,6 +1707,12 @@ static inline void sync_lapic_to_cr8(struct kvm_vcpu *vcpu)
         svm->vmcb->control.int_ctl |= cr8 & V_TPR_MASK;
 }
 
+#ifdef CONFIG_X86_64
+#define R "r"
+#else
+#define R "e"
+#endif
+
 static void svm_vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
 {
         struct vcpu_svm *svm = to_svm(vcpu);
@@ -1711,6 +1720,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         u16 gs_selector;
         u16 ldt_selector;
 
+        svm->vmcb->save.rax = vcpu->arch.regs[VCPU_REGS_RAX];
+        svm->vmcb->save.rsp = vcpu->arch.regs[VCPU_REGS_RSP];
+        svm->vmcb->save.rip = vcpu->arch.regs[VCPU_REGS_RIP];
+
         pre_svm_run(svm);
 
         sync_lapic_to_cr8(vcpu);
@@ -1738,19 +1751,14 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         local_irq_enable();
 
         asm volatile (
+                "push %%"R"bp; \n\t"
+                "mov %c[rbx](%[svm]), %%"R"bx \n\t"
+                "mov %c[rcx](%[svm]), %%"R"cx \n\t"
+                "mov %c[rdx](%[svm]), %%"R"dx \n\t"
+                "mov %c[rsi](%[svm]), %%"R"si \n\t"
+                "mov %c[rdi](%[svm]), %%"R"di \n\t"
+                "mov %c[rbp](%[svm]), %%"R"bp \n\t"
 #ifdef CONFIG_X86_64
-                "push %%rbp; \n\t"
-#else
-                "push %%ebp; \n\t"
-#endif
-
-#ifdef CONFIG_X86_64
-                "mov %c[rbx](%[svm]), %%rbx \n\t"
-                "mov %c[rcx](%[svm]), %%rcx \n\t"
-                "mov %c[rdx](%[svm]), %%rdx \n\t"
-                "mov %c[rsi](%[svm]), %%rsi \n\t"
-                "mov %c[rdi](%[svm]), %%rdi \n\t"
-                "mov %c[rbp](%[svm]), %%rbp \n\t"
                 "mov %c[r8](%[svm]),  %%r8  \n\t"
                 "mov %c[r9](%[svm]),  %%r9  \n\t"
                 "mov %c[r10](%[svm]), %%r10 \n\t"
@@ -1759,41 +1767,24 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                 "mov %c[r13](%[svm]), %%r13 \n\t"
                 "mov %c[r14](%[svm]), %%r14 \n\t"
                 "mov %c[r15](%[svm]), %%r15 \n\t"
-#else
-                "mov %c[rbx](%[svm]), %%ebx \n\t"
-                "mov %c[rcx](%[svm]), %%ecx \n\t"
-                "mov %c[rdx](%[svm]), %%edx \n\t"
-                "mov %c[rsi](%[svm]), %%esi \n\t"
-                "mov %c[rdi](%[svm]), %%edi \n\t"
-                "mov %c[rbp](%[svm]), %%ebp \n\t"
 #endif
 
-#ifdef CONFIG_X86_64
                 /* Enter guest mode */
-                "push %%rax \n\t"
-                "mov %c[vmcb](%[svm]), %%rax \n\t"
+                "push %%"R"ax \n\t"
+                "mov %c[vmcb](%[svm]), %%"R"ax \n\t"
                 __ex(SVM_VMLOAD) "\n\t"
                 __ex(SVM_VMRUN) "\n\t"
                 __ex(SVM_VMSAVE) "\n\t"
-                "pop %%rax \n\t"
-#else
-                /* Enter guest mode */
-                "push %%eax \n\t"
-                "mov %c[vmcb](%[svm]), %%eax \n\t"
-                __ex(SVM_VMLOAD) "\n\t"
-                __ex(SVM_VMRUN) "\n\t"
-                __ex(SVM_VMSAVE) "\n\t"
-                "pop %%eax \n\t"
-#endif
+                "pop %%"R"ax \n\t"
 
                 /* Save guest registers, load host registers */
+                "mov %%"R"bx, %c[rbx](%[svm]) \n\t"
+                "mov %%"R"cx, %c[rcx](%[svm]) \n\t"
+                "mov %%"R"dx, %c[rdx](%[svm]) \n\t"
+                "mov %%"R"si, %c[rsi](%[svm]) \n\t"
+                "mov %%"R"di, %c[rdi](%[svm]) \n\t"
+                "mov %%"R"bp, %c[rbp](%[svm]) \n\t"
 #ifdef CONFIG_X86_64
-                "mov %%rbx, %c[rbx](%[svm]) \n\t"
-                "mov %%rcx, %c[rcx](%[svm]) \n\t"
-                "mov %%rdx, %c[rdx](%[svm]) \n\t"
-                "mov %%rsi, %c[rsi](%[svm]) \n\t"
-                "mov %%rdi, %c[rdi](%[svm]) \n\t"
-                "mov %%rbp, %c[rbp](%[svm]) \n\t"
                 "mov %%r8,  %c[r8](%[svm]) \n\t"
                 "mov %%r9,  %c[r9](%[svm]) \n\t"
                 "mov %%r10, %c[r10](%[svm]) \n\t"
@@ -1802,18 +1793,8 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                 "mov %%r13, %c[r13](%[svm]) \n\t"
                 "mov %%r14, %c[r14](%[svm]) \n\t"
                 "mov %%r15, %c[r15](%[svm]) \n\t"
-
-                "pop  %%rbp; \n\t"
-#else
-                "mov %%ebx, %c[rbx](%[svm]) \n\t"
-                "mov %%ecx, %c[rcx](%[svm]) \n\t"
-                "mov %%edx, %c[rdx](%[svm]) \n\t"
-                "mov %%esi, %c[rsi](%[svm]) \n\t"
-                "mov %%edi, %c[rdi](%[svm]) \n\t"
-                "mov %%ebp, %c[rbp](%[svm]) \n\t"
-
-                "pop  %%ebp; \n\t"
 #endif
+                "pop %%"R"bp"
                 :
                 : [svm]"a"(svm),
                   [vmcb]"i"(offsetof(struct vcpu_svm, vmcb_pa)),
@@ -1834,11 +1815,9 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                   [r15]"i"(offsetof(struct vcpu_svm, vcpu.arch.regs[VCPU_REGS_R15]))
 #endif
                 : "cc", "memory"
+                , R"bx", R"cx", R"dx", R"si", R"di"
 #ifdef CONFIG_X86_64
-                , "rbx", "rcx", "rdx", "rsi", "rdi"
                 , "r8", "r9", "r10", "r11" , "r12", "r13", "r14", "r15"
-#else
-                , "ebx", "ecx", "edx" , "esi", "edi"
 #endif
                 );
 
@@ -1846,6 +1825,9 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                 load_db_regs(svm->host_db_regs);
 
         vcpu->arch.cr2 = svm->vmcb->save.cr2;
+        vcpu->arch.regs[VCPU_REGS_RAX] = svm->vmcb->save.rax;
+        vcpu->arch.regs[VCPU_REGS_RSP] = svm->vmcb->save.rsp;
+        vcpu->arch.regs[VCPU_REGS_RIP] = svm->vmcb->save.rip;
 
         write_dr6(svm->host_dr6);
         write_dr7(svm->host_dr7);
@@ -1867,6 +1849,8 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         svm->next_rip = 0;
 }
 
+#undef R
+
 static void svm_set_cr3(struct kvm_vcpu *vcpu, unsigned long root)
 {
         struct vcpu_svm *svm = to_svm(vcpu);
@@ -1965,8 +1949,6 @@ static struct kvm_x86_ops svm_x86_ops = {
         .set_gdt = svm_set_gdt,
         .get_dr = svm_get_dr,
         .set_dr = svm_set_dr,
-        .cache_regs = svm_cache_regs,
-        .decache_regs = svm_decache_regs,
         .get_rflags = svm_get_rflags,
         .set_rflags = svm_set_rflags,
 
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 2a69773e3b26..2643b430d83a 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -26,6 +26,8 @@
 #include <linux/highmem.h>
 #include <linux/sched.h>
 #include <linux/moduleparam.h>
+#include "kvm_cache_regs.h"
+#include "x86.h"
 
 #include <asm/io.h>
 #include <asm/desc.h>
@@ -47,6 +49,9 @@ module_param(flexpriority_enabled, bool, 0);
 static int enable_ept = 1;
 module_param(enable_ept, bool, 0);
 
+static int emulate_invalid_guest_state = 0;
+module_param(emulate_invalid_guest_state, bool, 0);
+
 struct vmcs {
         u32 revision_id;
         u32 abort;
@@ -56,6 +61,7 @@ struct vmcs {
 struct vcpu_vmx {
         struct kvm_vcpu       vcpu;
         struct list_head      local_vcpus_link;
+        unsigned long         host_rsp;
         int                   launched;
         u8                    fail;
         u32                   idt_vectoring_info;
@@ -83,6 +89,7 @@ struct vcpu_vmx {
                 } irq;
         } rmode;
         int vpid;
+        bool emulation_required;
 };
 
 static inline struct vcpu_vmx *to_vmx(struct kvm_vcpu *vcpu)
@@ -468,7 +475,7 @@ static void update_exception_bitmap(struct kvm_vcpu *vcpu)
         if (!vcpu->fpu_active)
                 eb |= 1u << NM_VECTOR;
         if (vcpu->guest_debug.enabled)
-                eb |= 1u << 1;
+                eb |= 1u << DB_VECTOR;
         if (vcpu->arch.rmode.active)
                 eb = ~0;
         if (vm_need_ept())
@@ -715,9 +722,9 @@ static void skip_emulated_instruction(struct kvm_vcpu *vcpu)
         unsigned long rip;
         u32 interruptibility;
 
-        rip = vmcs_readl(GUEST_RIP);
+        rip = kvm_rip_read(vcpu);
         rip += vmcs_read32(VM_EXIT_INSTRUCTION_LEN);
-        vmcs_writel(GUEST_RIP, rip);
+        kvm_rip_write(vcpu, rip);
 
         /*
          * We emulated an instruction, so temporary interrupt blocking
@@ -733,19 +740,35 @@ static void skip_emulated_instruction(struct kvm_vcpu *vcpu)
 static void vmx_queue_exception(struct kvm_vcpu *vcpu, unsigned nr,
                                 bool has_error_code, u32 error_code)
 {
+        struct vcpu_vmx *vmx = to_vmx(vcpu);
+
+        if (has_error_code)
+                vmcs_write32(VM_ENTRY_EXCEPTION_ERROR_CODE, error_code);
+
+        if (vcpu->arch.rmode.active) {
+                vmx->rmode.irq.pending = true;
+                vmx->rmode.irq.vector = nr;
+                vmx->rmode.irq.rip = kvm_rip_read(vcpu);
+                if (nr == BP_VECTOR)
+                        vmx->rmode.irq.rip++;
+                vmcs_write32(VM_ENTRY_INTR_INFO_FIELD,
+                             nr | INTR_TYPE_SOFT_INTR
+                             | (has_error_code ? INTR_INFO_DELIVER_CODE_MASK : 0)
+                             | INTR_INFO_VALID_MASK);
+                vmcs_write32(VM_ENTRY_INSTRUCTION_LEN, 1);
+                kvm_rip_write(vcpu, vmx->rmode.irq.rip - 1);
+                return;
+        }
+
         vmcs_write32(VM_ENTRY_INTR_INFO_FIELD,
                      nr | INTR_TYPE_EXCEPTION
                      | (has_error_code ? INTR_INFO_DELIVER_CODE_MASK : 0)
                      | INTR_INFO_VALID_MASK);
-        if (has_error_code)
-                vmcs_write32(VM_ENTRY_EXCEPTION_ERROR_CODE, error_code);
 }
 
 static bool vmx_exception_injected(struct kvm_vcpu *vcpu)
 {
-        struct vcpu_vmx *vmx = to_vmx(vcpu);
-
-        return !(vmx->idt_vectoring_info & VECTORING_INFO_VALID_MASK);
+        return false;
 }
 
 /*
@@ -947,24 +970,19 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data)
         return ret;
 }
 
-/*
- * Sync the rsp and rip registers into the vcpu structure.  This allows
- * registers to be accessed by indexing vcpu->arch.regs.
- */
-static void vcpu_load_rsp_rip(struct kvm_vcpu *vcpu)
-{
-        vcpu->arch.regs[VCPU_REGS_RSP] = vmcs_readl(GUEST_RSP);
-        vcpu->arch.rip = vmcs_readl(GUEST_RIP);
-}
-
-/*
- * Syncs rsp and rip back into the vmcs.  Should be called after possible
- * modification.
- */
-static void vcpu_put_rsp_rip(struct kvm_vcpu *vcpu)
+static void vmx_cache_reg(struct kvm_vcpu *vcpu, enum kvm_reg reg)
 {
-        vmcs_writel(GUEST_RSP, vcpu->arch.regs[VCPU_REGS_RSP]);
-        vmcs_writel(GUEST_RIP, vcpu->arch.rip);
+        __set_bit(reg, (unsigned long *)&vcpu->arch.regs_avail);
+        switch (reg) {
+        case VCPU_REGS_RSP:
+                vcpu->arch.regs[VCPU_REGS_RSP] = vmcs_readl(GUEST_RSP);
+                break;
+        case VCPU_REGS_RIP:
+                vcpu->arch.regs[VCPU_REGS_RIP] = vmcs_readl(GUEST_RIP);
+                break;
+        default:
+                break;
+        }
 }
 
 static int set_guest_debug(struct kvm_vcpu *vcpu, struct kvm_debug_guest *dbg)
@@ -1007,17 +1025,9 @@ static int set_guest_debug(struct kvm_vcpu *vcpu, struct kvm_debug_guest *dbg)
 
 static int vmx_get_irq(struct kvm_vcpu *vcpu)
 {
-        struct vcpu_vmx *vmx = to_vmx(vcpu);
-        u32 idtv_info_field;
-
-        idtv_info_field = vmx->idt_vectoring_info;
-        if (idtv_info_field & INTR_INFO_VALID_MASK) {
-                if (is_external_interrupt(idtv_info_field))
-                        return idtv_info_field & VECTORING_INFO_VECTOR_MASK;
-                else
-                        printk(KERN_DEBUG "pending exception: not handled yet\n");
-        }
-        return -1;
+        if (!vcpu->arch.interrupt.pending)
+                return -1;
+        return vcpu->arch.interrupt.nr;
 }
 
 static __init int cpu_has_kvm_support(void)
@@ -1031,9 +1041,9 @@ static __init int vmx_disabled_by_bios(void)
         u64 msr;
 
         rdmsrl(MSR_IA32_FEATURE_CONTROL, msr);
-        return (msr & (MSR_IA32_FEATURE_CONTROL_LOCKED |
-                       MSR_IA32_FEATURE_CONTROL_VMXON_ENABLED))
-            == MSR_IA32_FEATURE_CONTROL_LOCKED;
+        return (msr & (FEATURE_CONTROL_LOCKED |
+                       FEATURE_CONTROL_VMXON_ENABLED))
+            == FEATURE_CONTROL_LOCKED;
         /* locked but not enabled */
 }
 
@@ -1045,14 +1055,14 @@ static void hardware_enable(void *garbage)
 
         INIT_LIST_HEAD(&per_cpu(vcpus_on_cpu, cpu));
         rdmsrl(MSR_IA32_FEATURE_CONTROL, old);
-        if ((old & (MSR_IA32_FEATURE_CONTROL_LOCKED |
-                    MSR_IA32_FEATURE_CONTROL_VMXON_ENABLED))
-            != (MSR_IA32_FEATURE_CONTROL_LOCKED |
-                MSR_IA32_FEATURE_CONTROL_VMXON_ENABLED))
+        if ((old & (FEATURE_CONTROL_LOCKED |
+                    FEATURE_CONTROL_VMXON_ENABLED))
+            != (FEATURE_CONTROL_LOCKED |
+                FEATURE_CONTROL_VMXON_ENABLED))
                 /* enable and lock */
                 wrmsrl(MSR_IA32_FEATURE_CONTROL, old |
-                       MSR_IA32_FEATURE_CONTROL_LOCKED |
-                       MSR_IA32_FEATURE_CONTROL_VMXON_ENABLED);
+                       FEATURE_CONTROL_LOCKED |
+                       FEATURE_CONTROL_VMXON_ENABLED);
         write_cr4(read_cr4() | X86_CR4_VMXE); /* FIXME: not cpu hotplug safe */
         asm volatile (ASM_VMX_VMXON_RAX
                       : : "a"(&phys_addr), "m"(phys_addr)
@@ -1120,7 +1130,8 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf)
               CPU_BASED_CR3_STORE_EXITING |
               CPU_BASED_USE_IO_BITMAPS |
               CPU_BASED_MOV_DR_EXITING |
-              CPU_BASED_USE_TSC_OFFSETING;
+              CPU_BASED_USE_TSC_OFFSETING |
+              CPU_BASED_INVLPG_EXITING;
         opt = CPU_BASED_TPR_SHADOW |
               CPU_BASED_USE_MSR_BITMAPS |
               CPU_BASED_ACTIVATE_SECONDARY_CONTROLS;
@@ -1149,9 +1160,11 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf)
                 _cpu_based_exec_control &= ~CPU_BASED_TPR_SHADOW;
 #endif
         if (_cpu_based_2nd_exec_control & SECONDARY_EXEC_ENABLE_EPT) {
-                /* CR3 accesses don't need to cause VM Exits when EPT enabled */
+                /* CR3 accesses and invlpg don't need to cause VM Exits when EPT
+                   enabled */
                 min &= ~(CPU_BASED_CR3_LOAD_EXITING |
-                         CPU_BASED_CR3_STORE_EXITING);
+                         CPU_BASED_CR3_STORE_EXITING |
+                         CPU_BASED_INVLPG_EXITING);
                 if (adjust_vmx_controls(min, opt, MSR_IA32_VMX_PROCBASED_CTLS,
                                         &_cpu_based_exec_control) < 0)
                         return -EIO;
@@ -1288,7 +1301,9 @@ static void fix_pmode_dataseg(int seg, struct kvm_save_segment *save)
 static void enter_pmode(struct kvm_vcpu *vcpu)
 {
         unsigned long flags;
+        struct vcpu_vmx *vmx = to_vmx(vcpu);
 
+        vmx->emulation_required = 1;
         vcpu->arch.rmode.active = 0;
 
         vmcs_writel(GUEST_TR_BASE, vcpu->arch.rmode.tr.base);
@@ -1305,6 +1320,9 @@ static void enter_pmode(struct kvm_vcpu *vcpu)
 
         update_exception_bitmap(vcpu);
 
+        if (emulate_invalid_guest_state)
+                return;
+
         fix_pmode_dataseg(VCPU_SREG_ES, &vcpu->arch.rmode.es);
         fix_pmode_dataseg(VCPU_SREG_DS, &vcpu->arch.rmode.ds);
         fix_pmode_dataseg(VCPU_SREG_GS, &vcpu->arch.rmode.gs);
@@ -1345,7 +1363,9 @@ static void fix_rmode_seg(int seg, struct kvm_save_segment *save)
 static void enter_rmode(struct kvm_vcpu *vcpu)
 {
         unsigned long flags;
+        struct vcpu_vmx *vmx = to_vmx(vcpu);
 
+        vmx->emulation_required = 1;
         vcpu->arch.rmode.active = 1;
 
         vcpu->arch.rmode.tr.base = vmcs_readl(GUEST_TR_BASE);
@@ -1367,6 +1387,9 @@ static void enter_rmode(struct kvm_vcpu *vcpu)
         vmcs_writel(GUEST_CR4, vmcs_readl(GUEST_CR4) | X86_CR4_VME);
         update_exception_bitmap(vcpu);
 
+        if (emulate_invalid_guest_state)
+                goto continue_rmode;
+
         vmcs_write16(GUEST_SS_SELECTOR, vmcs_readl(GUEST_SS_BASE) >> 4);
         vmcs_write32(GUEST_SS_LIMIT, 0xffff);
         vmcs_write32(GUEST_SS_AR_BYTES, 0xf3);
@@ -1382,6 +1405,7 @@ static void enter_rmode(struct kvm_vcpu *vcpu)
         fix_rmode_seg(VCPU_SREG_GS, &vcpu->arch.rmode.gs);
         fix_rmode_seg(VCPU_SREG_FS, &vcpu->arch.rmode.fs);
 
+continue_rmode:
         kvm_mmu_reset_context(vcpu);
         init_rmode(vcpu->kvm);
 }
@@ -1715,6 +1739,186 @@ static void vmx_set_gdt(struct kvm_vcpu *vcpu, struct descriptor_table *dt)
         vmcs_writel(GUEST_GDTR_BASE, dt->base);
 }
 
+static bool rmode_segment_valid(struct kvm_vcpu *vcpu, int seg)
+{
+        struct kvm_segment var;
+        u32 ar;
+
+        vmx_get_segment(vcpu, &var, seg);
+        ar = vmx_segment_access_rights(&var);
+
+        if (var.base != (var.selector << 4))
+                return false;
+        if (var.limit != 0xffff)
+                return false;
+        if (ar != 0xf3)
+                return false;
+
+        return true;
+}
+
+static bool code_segment_valid(struct kvm_vcpu *vcpu)
+{
+        struct kvm_segment cs;
+        unsigned int cs_rpl;
+
+        vmx_get_segment(vcpu, &cs, VCPU_SREG_CS);
+        cs_rpl = cs.selector & SELECTOR_RPL_MASK;
+
+        if (~cs.type & (AR_TYPE_CODE_MASK|AR_TYPE_ACCESSES_MASK))
+                return false;
+        if (!cs.s)
+                return false;
+        if (!(~cs.type & (AR_TYPE_CODE_MASK|AR_TYPE_WRITEABLE_MASK))) {
+                if (cs.dpl > cs_rpl)
+                        return false;
+        } else if (cs.type & AR_TYPE_CODE_MASK) {
+                if (cs.dpl != cs_rpl)
+                        return false;
+        }
+        if (!cs.present)
+                return false;
+
+        /* TODO: Add Reserved field check, this'll require a new member in the kvm_segment_field structure */
+        return true;
+}
+
+static bool stack_segment_valid(struct kvm_vcpu *vcpu)
+{
+        struct kvm_segment ss;
+        unsigned int ss_rpl;
+
+        vmx_get_segment(vcpu, &ss, VCPU_SREG_SS);
+        ss_rpl = ss.selector & SELECTOR_RPL_MASK;
+
+        if ((ss.type != 3) || (ss.type != 7))
+                return false;
+        if (!ss.s)
+                return false;
+        if (ss.dpl != ss_rpl) /* DPL != RPL */
+                return false;
+        if (!ss.present)
+                return false;
+
+        return true;
+}
+
+static bool data_segment_valid(struct kvm_vcpu *vcpu, int seg)
+{
+        struct kvm_segment var;
+        unsigned int rpl;
+
+        vmx_get_segment(vcpu, &var, seg);
+        rpl = var.selector & SELECTOR_RPL_MASK;
+
+        if (!var.s)
+                return false;
+        if (!var.present)
+                return false;
+        if (~var.type & (AR_TYPE_CODE_MASK|AR_TYPE_WRITEABLE_MASK)) {
+                if (var.dpl < rpl) /* DPL < RPL */
+                        return false;
+        }
+
+        /* TODO: Add other members to kvm_segment_field to allow checking for other access
+         * rights flags
+         */
+        return true;
+}
+
+static bool tr_valid(struct kvm_vcpu *vcpu)
+{
+        struct kvm_segment tr;
+
+        vmx_get_segment(vcpu, &tr, VCPU_SREG_TR);
+
+        if (tr.selector & SELECTOR_TI_MASK)     /* TI = 1 */
+                return false;
+        if ((tr.type != 3) || (tr.type != 11)) /* TODO: Check if guest is in IA32e mode */
+                return false;
+        if (!tr.present)
+                return false;
+
+        return true;
+}
+
+static bool ldtr_valid(struct kvm_vcpu *vcpu)
+{
+        struct kvm_segment ldtr;
+
+        vmx_get_segment(vcpu, &ldtr, VCPU_SREG_LDTR);
+
+        if (ldtr.selector & SELECTOR_TI_MASK)   /* TI = 1 */
+                return false;
+        if (ldtr.type != 2)
+                return false;
+        if (!ldtr.present)
+                return false;
+
+        return true;
+}
+
+static bool cs_ss_rpl_check(struct kvm_vcpu *vcpu)
+{
+        struct kvm_segment cs, ss;
+
+        vmx_get_segment(vcpu, &cs, VCPU_SREG_CS);
+        vmx_get_segment(vcpu, &ss, VCPU_SREG_SS);
+
+        return ((cs.selector & SELECTOR_RPL_MASK) ==
+                 (ss.selector & SELECTOR_RPL_MASK));
+}
+
+/*
+ * Check if guest state is valid. Returns true if valid, false if
+ * not.
+ * We assume that registers are always usable
+ */
+static bool guest_state_valid(struct kvm_vcpu *vcpu)
+{
+        /* real mode guest state checks */
+        if (!(vcpu->arch.cr0 & X86_CR0_PE)) {
+                if (!rmode_segment_valid(vcpu, VCPU_SREG_CS))
+                        return false;
+                if (!rmode_segment_valid(vcpu, VCPU_SREG_SS))
+                        return false;
+                if (!rmode_segment_valid(vcpu, VCPU_SREG_DS))
+                        return false;
+                if (!rmode_segment_valid(vcpu, VCPU_SREG_ES))
+                        return false;
+                if (!rmode_segment_valid(vcpu, VCPU_SREG_FS))
+                        return false;
+                if (!rmode_segment_valid(vcpu, VCPU_SREG_GS))
+                        return false;
+        } else {
+        /* protected mode guest state checks */
+                if (!cs_ss_rpl_check(vcpu))
+                        return false;
+                if (!code_segment_valid(vcpu))
+                        return false;
+                if (!stack_segment_valid(vcpu))
+                        return false;
+                if (!data_segment_valid(vcpu, VCPU_SREG_DS))
+                        return false;
+                if (!data_segment_valid(vcpu, VCPU_SREG_ES))
+                        return false;
+                if (!data_segment_valid(vcpu, VCPU_SREG_FS))
+                        return false;
+                if (!data_segment_valid(vcpu, VCPU_SREG_GS))
+                        return false;
+                if (!tr_valid(vcpu))
+                        return false;
+                if (!ldtr_valid(vcpu))
+                        return false;
+        }
+        /* TODO:
+         * - Add checks on RIP
+         * - Add checks on RFLAGS
+         */
+
+        return true;
+}
+
 static int init_rmode_tss(struct kvm *kvm)
 {
         gfn_t fn = rmode_tss_base(kvm) >> PAGE_SHIFT;
@@ -1726,7 +1930,8 @@ static int init_rmode_tss(struct kvm *kvm)
         if (r < 0)
                 goto out;
         data = TSS_BASE_SIZE + TSS_REDIRECTION_SIZE;
-        r = kvm_write_guest_page(kvm, fn++, &data, 0x66, sizeof(u16));
+        r = kvm_write_guest_page(kvm, fn++, &data,
+                        TSS_IOPB_BASE_OFFSET, sizeof(u16));
         if (r < 0)
                 goto out;
         r = kvm_clear_guest_page(kvm, fn++, 0, PAGE_SIZE);
@@ -1789,7 +1994,7 @@ static void seg_setup(int seg)
         vmcs_write16(sf->selector, 0);
         vmcs_writel(sf->base, 0);
         vmcs_write32(sf->limit, 0xffff);
-        vmcs_write32(sf->ar_bytes, 0x93);
+        vmcs_write32(sf->ar_bytes, 0xf3);
 }
 
 static int alloc_apic_access_page(struct kvm *kvm)
@@ -1808,9 +2013,7 @@ static int alloc_apic_access_page(struct kvm *kvm)
         if (r)
                 goto out;
 
-        down_read(&current->mm->mmap_sem);
         kvm->arch.apic_access_page = gfn_to_page(kvm, 0xfee00);
-        up_read(&current->mm->mmap_sem);
 out:
         up_write(&kvm->slots_lock);
         return r;
@@ -1832,10 +2035,8 @@ static int alloc_identity_pagetable(struct kvm *kvm)
         if (r)
                 goto out;
 
-        down_read(&current->mm->mmap_sem);
         kvm->arch.ept_identity_pagetable = gfn_to_page(kvm,
                         VMX_EPT_IDENTITY_PAGETABLE_ADDR >> PAGE_SHIFT);
-        up_read(&current->mm->mmap_sem);
 out:
         up_write(&kvm->slots_lock);
         return r;
@@ -1917,7 +2118,8 @@ static int vmx_vcpu_setup(struct vcpu_vmx *vmx)
         }
         if (!vm_need_ept())
                 exec_control |= CPU_BASED_CR3_STORE_EXITING |
-                                CPU_BASED_CR3_LOAD_EXITING;
+                                CPU_BASED_CR3_LOAD_EXITING  |
+                                CPU_BASED_INVLPG_EXITING;
         vmcs_write32(CPU_BASED_VM_EXEC_CONTROL, exec_control);
 
         if (cpu_has_secondary_exec_ctrls()) {
@@ -2019,6 +2221,7 @@ static int vmx_vcpu_reset(struct kvm_vcpu *vcpu)
         u64 msr;
         int ret;
 
+        vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP));
         down_read(&vcpu->kvm->slots_lock);
         if (!init_rmode(vmx->vcpu.kvm)) {
                 ret = -ENOMEM;
@@ -2036,6 +2239,7 @@ static int vmx_vcpu_reset(struct kvm_vcpu *vcpu)
 
         fx_init(&vmx->vcpu);
 
+        seg_setup(VCPU_SREG_CS);
         /*
          * GUEST_CS_BASE should really be 0xffff0000, but VT vm86 mode
          * insists on having GUEST_CS_BASE == GUEST_CS_SELECTOR << 4.  Sigh.
@@ -2047,8 +2251,6 @@ static int vmx_vcpu_reset(struct kvm_vcpu *vcpu)
                 vmcs_write16(GUEST_CS_SELECTOR, vmx->vcpu.arch.sipi_vector << 8);
                 vmcs_writel(GUEST_CS_BASE, vmx->vcpu.arch.sipi_vector << 12);
         }
-        vmcs_write32(GUEST_CS_LIMIT, 0xffff);
-        vmcs_write32(GUEST_CS_AR_BYTES, 0x9b);
 
         seg_setup(VCPU_SREG_DS);
         seg_setup(VCPU_SREG_ES);
@@ -2072,10 +2274,10 @@ static int vmx_vcpu_reset(struct kvm_vcpu *vcpu)
 
         vmcs_writel(GUEST_RFLAGS, 0x02);
         if (vmx->vcpu.vcpu_id == 0)
-                vmcs_writel(GUEST_RIP, 0xfff0);
+                kvm_rip_write(vcpu, 0xfff0);
         else
-                vmcs_writel(GUEST_RIP, 0);
-        vmcs_writel(GUEST_RSP, 0);
+                kvm_rip_write(vcpu, 0);
+        kvm_register_write(vcpu, VCPU_REGS_RSP, 0);
 
         /* todo: dr0 = dr1 = dr2 = dr3 = 0; dr6 = 0xffff0ff0 */
         vmcs_writel(GUEST_DR7, 0x400);
@@ -2125,6 +2327,9 @@ static int vmx_vcpu_reset(struct kvm_vcpu *vcpu)
 
         ret = 0;
 
+        /* HACK: Don't enable emulation on guest boot/reset */
+        vmx->emulation_required = 0;
+
 out:
         up_read(&vcpu->kvm->slots_lock);
         return ret;
@@ -2136,14 +2341,15 @@ static void vmx_inject_irq(struct kvm_vcpu *vcpu, int irq)
 
         KVMTRACE_1D(INJ_VIRQ, vcpu, (u32)irq, handler);
 
+        ++vcpu->stat.irq_injections;
         if (vcpu->arch.rmode.active) {
                 vmx->rmode.irq.pending = true;
                 vmx->rmode.irq.vector = irq;
-                vmx->rmode.irq.rip = vmcs_readl(GUEST_RIP);
+                vmx->rmode.irq.rip = kvm_rip_read(vcpu);
                 vmcs_write32(VM_ENTRY_INTR_INFO_FIELD,
                              irq | INTR_TYPE_SOFT_INTR | INTR_INFO_VALID_MASK);
                 vmcs_write32(VM_ENTRY_INSTRUCTION_LEN, 1);
-                vmcs_writel(GUEST_RIP, vmx->rmode.irq.rip - 1);
+                kvm_rip_write(vcpu, vmx->rmode.irq.rip - 1);
                 return;
         }
         vmcs_write32(VM_ENTRY_INTR_INFO_FIELD,
@@ -2154,7 +2360,6 @@ static void vmx_inject_nmi(struct kvm_vcpu *vcpu)
 {
         vmcs_write32(VM_ENTRY_INTR_INFO_FIELD,
                         INTR_TYPE_NMI_INTR | INTR_INFO_VALID_MASK | NMI_VECTOR);
-        vcpu->arch.nmi_pending = 0;
 }
 
 static void kvm_do_inject_irq(struct kvm_vcpu *vcpu)
@@ -2166,7 +2371,7 @@ static void kvm_do_inject_irq(struct kvm_vcpu *vcpu)
         clear_bit(bit_index, &vcpu->arch.irq_pending[word_index]);
         if (!vcpu->arch.irq_pending[word_index])
                 clear_bit(word_index, &vcpu->arch.irq_summary);
-        vmx_inject_irq(vcpu, irq);
+        kvm_queue_interrupt(vcpu, irq);
 }
 
 
@@ -2180,13 +2385,12 @@ static void do_interrupt_requests(struct kvm_vcpu *vcpu,
                  (vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) & 3) == 0);
 
         if (vcpu->arch.interrupt_window_open &&
-            vcpu->arch.irq_summary &&
-            !(vmcs_read32(VM_ENTRY_INTR_INFO_FIELD) & INTR_INFO_VALID_MASK))
-                /*
-                 * If interrupts enabled, and not blocked by sti or mov ss. Good.
-                 */
+            vcpu->arch.irq_summary && !vcpu->arch.interrupt.pending)
                 kvm_do_inject_irq(vcpu);
 
+        if (vcpu->arch.interrupt_window_open && vcpu->arch.interrupt.pending)
+                vmx_inject_irq(vcpu, vcpu->arch.interrupt.nr);
+
         cpu_based_vm_exec_control = vmcs_read32(CPU_BASED_VM_EXEC_CONTROL);
         if (!vcpu->arch.interrupt_window_open &&
             (vcpu->arch.irq_summary || kvm_run->request_interrupt_window))
@@ -2237,9 +2441,6 @@ static void kvm_guest_debug_pre(struct kvm_vcpu *vcpu)
 static int handle_rmode_exception(struct kvm_vcpu *vcpu,
                                   int vec, u32 err_code)
 {
-        if (!vcpu->arch.rmode.active)
-                return 0;
-
         /*
          * Instruction with address size override prefix opcode 0x67
          * Cause the #SS fault with 0 error code in VM86 mode.
@@ -2247,6 +2448,25 @@ static int handle_rmode_exception(struct kvm_vcpu *vcpu,
         if (((vec == GP_VECTOR) || (vec == SS_VECTOR)) && err_code == 0)
                 if (emulate_instruction(vcpu, NULL, 0, 0, 0) == EMULATE_DONE)
                         return 1;
+        /*
+         * Forward all other exceptions that are valid in real mode.
+         * FIXME: Breaks guest debugging in real mode, needs to be fixed with
+         *        the required debugging infrastructure rework.
+         */
+        switch (vec) {
+        case DE_VECTOR:
+        case DB_VECTOR:
+        case BP_VECTOR:
+        case OF_VECTOR:
+        case BR_VECTOR:
+        case UD_VECTOR:
+        case DF_VECTOR:
+        case SS_VECTOR:
+        case GP_VECTOR:
+        case MF_VECTOR:
+                kvm_queue_exception(vcpu, vec);
+                return 1;
+        }
         return 0;
 }
 
@@ -2288,7 +2508,7 @@ static int handle_exception(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         }
 
         error_code = 0;
-        rip = vmcs_readl(GUEST_RIP);
+        rip = kvm_rip_read(vcpu);
         if (intr_info & INTR_INFO_DELIVER_CODE_MASK)
                 error_code = vmcs_read32(VM_EXIT_INTR_ERROR_CODE);
         if (is_page_fault(intr_info)) {
@@ -2298,7 +2518,7 @@ static int handle_exception(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                 cr2 = vmcs_readl(EXIT_QUALIFICATION);
                 KVMTRACE_3D(PAGE_FAULT, vcpu, error_code, (u32)cr2,
                             (u32)((u64)cr2 >> 32), handler);
-                if (vect_info & VECTORING_INFO_VALID_MASK)
+                if (vcpu->arch.interrupt.pending || vcpu->arch.exception.pending)
                         kvm_mmu_unprotect_page_virt(vcpu, cr2);
                 return kvm_mmu_page_fault(vcpu, cr2, error_code);
         }
@@ -2386,27 +2606,25 @@ static int handle_cr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         reg = (exit_qualification >> 8) & 15;
         switch ((exit_qualification >> 4) & 3) {
         case 0: /* mov to cr */
-                KVMTRACE_3D(CR_WRITE, vcpu, (u32)cr, (u32)vcpu->arch.regs[reg],
-                            (u32)((u64)vcpu->arch.regs[reg] >> 32), handler);
+                KVMTRACE_3D(CR_WRITE, vcpu, (u32)cr,
+                            (u32)kvm_register_read(vcpu, reg),
+                            (u32)((u64)kvm_register_read(vcpu, reg) >> 32),
+                            handler);
                 switch (cr) {
                 case 0:
-                        vcpu_load_rsp_rip(vcpu);
-                        kvm_set_cr0(vcpu, vcpu->arch.regs[reg]);
+                        kvm_set_cr0(vcpu, kvm_register_read(vcpu, reg));
                         skip_emulated_instruction(vcpu);
                         return 1;
                 case 3:
-                        vcpu_load_rsp_rip(vcpu);
-                        kvm_set_cr3(vcpu, vcpu->arch.regs[reg]);
+                        kvm_set_cr3(vcpu, kvm_register_read(vcpu, reg));
                         skip_emulated_instruction(vcpu);
                         return 1;
                 case 4:
-                        vcpu_load_rsp_rip(vcpu);
-                        kvm_set_cr4(vcpu, vcpu->arch.regs[reg]);
+                        kvm_set_cr4(vcpu, kvm_register_read(vcpu, reg));
                         skip_emulated_instruction(vcpu);
                         return 1;
                 case 8:
-                        vcpu_load_rsp_rip(vcpu);
-                        kvm_set_cr8(vcpu, vcpu->arch.regs[reg]);
+                        kvm_set_cr8(vcpu, kvm_register_read(vcpu, reg));
                         skip_emulated_instruction(vcpu);
                         if (irqchip_in_kernel(vcpu->kvm))
                                 return 1;
@@ -2415,7 +2633,6 @@ static int handle_cr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                 };
                 break;
         case 2: /* clts */
-                vcpu_load_rsp_rip(vcpu);
                 vmx_fpu_deactivate(vcpu);
                 vcpu->arch.cr0 &= ~X86_CR0_TS;
                 vmcs_writel(CR0_READ_SHADOW, vcpu->arch.cr0);
@@ -2426,21 +2643,17 @@ static int handle_cr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         case 1: /*mov from cr*/
                 switch (cr) {
                 case 3:
-                        vcpu_load_rsp_rip(vcpu);
-                        vcpu->arch.regs[reg] = vcpu->arch.cr3;
-                        vcpu_put_rsp_rip(vcpu);
+                        kvm_register_write(vcpu, reg, vcpu->arch.cr3);
                         KVMTRACE_3D(CR_READ, vcpu, (u32)cr,
-                                    (u32)vcpu->arch.regs[reg],
-                                    (u32)((u64)vcpu->arch.regs[reg] >> 32),
+                                    (u32)kvm_register_read(vcpu, reg),
+                                    (u32)((u64)kvm_register_read(vcpu, reg) >> 32),
                                     handler);
                         skip_emulated_instruction(vcpu);
                         return 1;
                 case 8:
-                        vcpu_load_rsp_rip(vcpu);
-                        vcpu->arch.regs[reg] = kvm_get_cr8(vcpu);
-                        vcpu_put_rsp_rip(vcpu);
+                        kvm_register_write(vcpu, reg, kvm_get_cr8(vcpu));
                         KVMTRACE_2D(CR_READ, vcpu, (u32)cr,
-                                    (u32)vcpu->arch.regs[reg], handler);
+                                    (u32)kvm_register_read(vcpu, reg), handler);
                         skip_emulated_instruction(vcpu);
                         return 1;
                 }
@@ -2472,7 +2685,6 @@ static int handle_dr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         exit_qualification = vmcs_readl(EXIT_QUALIFICATION);
         dr = exit_qualification & 7;
         reg = (exit_qualification >> 8) & 15;
-        vcpu_load_rsp_rip(vcpu);
         if (exit_qualification & 16) {
                 /* mov from dr */
                 switch (dr) {
@@ -2485,12 +2697,11 @@ static int handle_dr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                 default:
                         val = 0;
                 }
-                vcpu->arch.regs[reg] = val;
+                kvm_register_write(vcpu, reg, val);
                 KVMTRACE_2D(DR_READ, vcpu, (u32)dr, (u32)val, handler);
         } else {
                 /* mov to dr */
         }
-        vcpu_put_rsp_rip(vcpu);
         skip_emulated_instruction(vcpu);
         return 1;
 }
@@ -2583,6 +2794,15 @@ static int handle_vmcall(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         return 1;
 }
 
+static int handle_invlpg(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+{
+        u64 exit_qualification = vmcs_read64(EXIT_QUALIFICATION);
+
+        kvm_mmu_invlpg(vcpu, exit_qualification);
+        skip_emulated_instruction(vcpu);
+        return 1;
+}
+
 static int handle_wbinvd(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
 {
         skip_emulated_instruction(vcpu);
@@ -2695,6 +2915,43 @@ static int handle_nmi_window(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         return 1;
 }
 
+static void handle_invalid_guest_state(struct kvm_vcpu *vcpu,
+                                struct kvm_run *kvm_run)
+{
+        struct vcpu_vmx *vmx = to_vmx(vcpu);
+        int err;
+
+        preempt_enable();
+        local_irq_enable();
+
+        while (!guest_state_valid(vcpu)) {
+                err = emulate_instruction(vcpu, kvm_run, 0, 0, 0);
+
+                switch (err) {
+                        case EMULATE_DONE:
+                                break;
+                        case EMULATE_DO_MMIO:
+                                kvm_report_emulation_failure(vcpu, "mmio");
+                                /* TODO: Handle MMIO */
+                                return;
+                        default:
+                                kvm_report_emulation_failure(vcpu, "emulation failure");
+                                return;
+                }
+
+                if (signal_pending(current))
+                        break;
+                if (need_resched())
+                        schedule();
+        }
+
+        local_irq_disable();
+        preempt_disable();
+
+        /* Guest state should be valid now, no more emulation should be needed */
+        vmx->emulation_required = 0;
+}
+
 /*
  * The exit handlers return 1 if the exit was handled fully and guest execution
  * may resume.  Otherwise they set the kvm_run parameter to indicate what needs
@@ -2714,6 +2971,7 @@ static int (*kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu,
         [EXIT_REASON_MSR_WRITE]               = handle_wrmsr,
         [EXIT_REASON_PENDING_INTERRUPT]       = handle_interrupt_window,
         [EXIT_REASON_HLT]                     = handle_halt,
+        [EXIT_REASON_INVLPG]                  = handle_invlpg,
         [EXIT_REASON_VMCALL]                  = handle_vmcall,
         [EXIT_REASON_TPR_BELOW_THRESHOLD]     = handle_tpr_below_threshold,
         [EXIT_REASON_APIC_ACCESS]             = handle_apic_access,
@@ -2735,8 +2993,8 @@ static int kvm_handle_exit(struct kvm_run *kvm_run, struct kvm_vcpu *vcpu)
         struct vcpu_vmx *vmx = to_vmx(vcpu);
         u32 vectoring_info = vmx->idt_vectoring_info;
 
-        KVMTRACE_3D(VMEXIT, vcpu, exit_reason, (u32)vmcs_readl(GUEST_RIP),
-                    (u32)((u64)vmcs_readl(GUEST_RIP) >> 32), entryexit);
+        KVMTRACE_3D(VMEXIT, vcpu, exit_reason, (u32)kvm_rip_read(vcpu),
+                    (u32)((u64)kvm_rip_read(vcpu) >> 32), entryexit);
 
         /* Access CR3 don't cause VMExit in paging mode, so we need
          * to sync with guest real CR3. */
@@ -2829,88 +3087,92 @@ static void enable_intr_window(struct kvm_vcpu *vcpu)
                 enable_irq_window(vcpu);
 }
 
-static void vmx_intr_assist(struct kvm_vcpu *vcpu)
+static void vmx_complete_interrupts(struct vcpu_vmx *vmx)
 {
-        struct vcpu_vmx *vmx = to_vmx(vcpu);
-        u32 idtv_info_field, intr_info_field, exit_intr_info_field;
-        int vector;
+        u32 exit_intr_info;
+        u32 idt_vectoring_info;
+        bool unblock_nmi;
+        u8 vector;
+        int type;
+        bool idtv_info_valid;
+        u32 error;
 
-        update_tpr_threshold(vcpu);
-
-        intr_info_field = vmcs_read32(VM_ENTRY_INTR_INFO_FIELD);
-        exit_intr_info_field = vmcs_read32(VM_EXIT_INTR_INFO);
-        idtv_info_field = vmx->idt_vectoring_info;
-        if (intr_info_field & INTR_INFO_VALID_MASK) {
-                if (idtv_info_field & INTR_INFO_VALID_MASK) {
-                        /* TODO: fault when IDT_Vectoring */
-                        if (printk_ratelimit())
-                                printk(KERN_ERR "Fault when IDT_Vectoring\n");
-                }
-                enable_intr_window(vcpu);
-                return;
+        exit_intr_info = vmcs_read32(VM_EXIT_INTR_INFO);
+        if (cpu_has_virtual_nmis()) {
+                unblock_nmi = (exit_intr_info & INTR_INFO_UNBLOCK_NMI) != 0;
+                vector = exit_intr_info & INTR_INFO_VECTOR_MASK;
+                /*
+                 * SDM 3: 25.7.1.2
+                 * Re-set bit "block by NMI" before VM entry if vmexit caused by
+                 * a guest IRET fault.
+                 */
+                if (unblock_nmi && vector != DF_VECTOR)
+                        vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO,
+                                      GUEST_INTR_STATE_NMI);
         }
-        if (unlikely(idtv_info_field & INTR_INFO_VALID_MASK)) {
-                if ((idtv_info_field & VECTORING_INFO_TYPE_MASK)
-                    == INTR_TYPE_EXT_INTR
-                    && vcpu->arch.rmode.active) {
-                        u8 vect = idtv_info_field & VECTORING_INFO_VECTOR_MASK;
-
-                        vmx_inject_irq(vcpu, vect);
-                        enable_intr_window(vcpu);
-                        return;
-                }
-
-                KVMTRACE_1D(REDELIVER_EVT, vcpu, idtv_info_field, handler);
 
+        idt_vectoring_info = vmx->idt_vectoring_info;
+        idtv_info_valid = idt_vectoring_info & VECTORING_INFO_VALID_MASK;
+        vector = idt_vectoring_info & VECTORING_INFO_VECTOR_MASK;
+        type = idt_vectoring_info & VECTORING_INFO_TYPE_MASK;
+        if (vmx->vcpu.arch.nmi_injected) {
                 /*
                  * SDM 3: 25.7.1.2
                  * Clear bit "block by NMI" before VM entry if a NMI delivery
                  * faulted.
                  */
-                if ((idtv_info_field & VECTORING_INFO_TYPE_MASK)
-                    == INTR_TYPE_NMI_INTR && cpu_has_virtual_nmis())
-                        vmcs_write32(GUEST_INTERRUPTIBILITY_INFO,
-                                vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) &
-                                ~GUEST_INTR_STATE_NMI);
-
-                vmcs_write32(VM_ENTRY_INTR_INFO_FIELD, idtv_info_field
-                                & ~INTR_INFO_RESVD_BITS_MASK);
-                vmcs_write32(VM_ENTRY_INSTRUCTION_LEN,
-                                vmcs_read32(VM_EXIT_INSTRUCTION_LEN));
-
-                if (unlikely(idtv_info_field & INTR_INFO_DELIVER_CODE_MASK))
-                        vmcs_write32(VM_ENTRY_EXCEPTION_ERROR_CODE,
-                                vmcs_read32(IDT_VECTORING_ERROR_CODE));
-                enable_intr_window(vcpu);
-                return;
+                if (idtv_info_valid && type == INTR_TYPE_NMI_INTR)
+                        vmcs_clear_bits(GUEST_INTERRUPTIBILITY_INFO,
+                                        GUEST_INTR_STATE_NMI);
+                else
+                        vmx->vcpu.arch.nmi_injected = false;
+        }
+        kvm_clear_exception_queue(&vmx->vcpu);
+        if (idtv_info_valid && type == INTR_TYPE_EXCEPTION) {
+                if (idt_vectoring_info & VECTORING_INFO_DELIVER_CODE_MASK) {
+                        error = vmcs_read32(IDT_VECTORING_ERROR_CODE);
+                        kvm_queue_exception_e(&vmx->vcpu, vector, error);
+                } else
+                        kvm_queue_exception(&vmx->vcpu, vector);
+                vmx->idt_vectoring_info = 0;
         }
+        kvm_clear_interrupt_queue(&vmx->vcpu);
+        if (idtv_info_valid && type == INTR_TYPE_EXT_INTR) {
+                kvm_queue_interrupt(&vmx->vcpu, vector);
+                vmx->idt_vectoring_info = 0;
+        }
+}
+
+static void vmx_intr_assist(struct kvm_vcpu *vcpu)
+{
+        update_tpr_threshold(vcpu);
+
         if (cpu_has_virtual_nmis()) {
-                /*
-                 * SDM 3: 25.7.1.2
-                 * Re-set bit "block by NMI" before VM entry if vmexit caused by
-                 * a guest IRET fault.
-                 */
-                if ((exit_intr_info_field & INTR_INFO_UNBLOCK_NMI) &&
-                    (exit_intr_info_field & INTR_INFO_VECTOR_MASK) != 8)
-                        vmcs_write32(GUEST_INTERRUPTIBILITY_INFO,
-                                vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) |
-                                GUEST_INTR_STATE_NMI);
-                else if (vcpu->arch.nmi_pending) {
-                        if (vmx_nmi_enabled(vcpu))
-                                vmx_inject_nmi(vcpu);
+                if (vcpu->arch.nmi_pending && !vcpu->arch.nmi_injected) {
+                        if (vmx_nmi_enabled(vcpu)) {
+                                vcpu->arch.nmi_pending = false;
+                                vcpu->arch.nmi_injected = true;
+                        } else {
+                                enable_intr_window(vcpu);
+                                return;
+                        }
+                }
+                if (vcpu->arch.nmi_injected) {
+                        vmx_inject_nmi(vcpu);
                         enable_intr_window(vcpu);
                         return;
                 }
-
         }
-        if (!kvm_cpu_has_interrupt(vcpu))
-                return;
-        if (vmx_irq_enabled(vcpu)) {
-                vector = kvm_cpu_get_interrupt(vcpu);
-                vmx_inject_irq(vcpu, vector);
-                kvm_timer_intr_post(vcpu, vector);
-        } else
-                enable_irq_window(vcpu);
+        if (!vcpu->arch.interrupt.pending && kvm_cpu_has_interrupt(vcpu)) {
+                if (vmx_irq_enabled(vcpu))
+                        kvm_queue_interrupt(vcpu, kvm_cpu_get_interrupt(vcpu));
+                else
+                        enable_irq_window(vcpu);
+        }
+        if (vcpu->arch.interrupt.pending) {
+                vmx_inject_irq(vcpu, vcpu->arch.interrupt.nr);
+                kvm_timer_intr_post(vcpu, vcpu->arch.interrupt.nr);
+        }
 }
 
 /*
@@ -2922,9 +3184,9 @@ static void vmx_intr_assist(struct kvm_vcpu *vcpu)
 static void fixup_rmode_irq(struct vcpu_vmx *vmx)
 {
         vmx->rmode.irq.pending = 0;
-        if (vmcs_readl(GUEST_RIP) + 1 != vmx->rmode.irq.rip)
+        if (kvm_rip_read(&vmx->vcpu) + 1 != vmx->rmode.irq.rip)
                 return;
-        vmcs_writel(GUEST_RIP, vmx->rmode.irq.rip);
+        kvm_rip_write(&vmx->vcpu, vmx->rmode.irq.rip);
         if (vmx->idt_vectoring_info & VECTORING_INFO_VALID_MASK) {
                 vmx->idt_vectoring_info &= ~VECTORING_INFO_TYPE_MASK;
                 vmx->idt_vectoring_info |= INTR_TYPE_EXT_INTR;
@@ -2936,11 +3198,30 @@ static void fixup_rmode_irq(struct vcpu_vmx *vmx)
                 | vmx->rmode.irq.vector;
 }
 
+#ifdef CONFIG_X86_64
+#define R "r"
+#define Q "q"
+#else
+#define R "e"
+#define Q "l"
+#endif
+
 static void vmx_vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
 {
         struct vcpu_vmx *vmx = to_vmx(vcpu);
         u32 intr_info;
 
+        /* Handle invalid guest state instead of entering VMX */
+        if (vmx->emulation_required && emulate_invalid_guest_state) {
+                handle_invalid_guest_state(vcpu, kvm_run);
+                return;
+        }
+
+        if (test_bit(VCPU_REGS_RSP, (unsigned long *)&vcpu->arch.regs_dirty))
+                vmcs_writel(GUEST_RSP, vcpu->arch.regs[VCPU_REGS_RSP]);
+        if (test_bit(VCPU_REGS_RIP, (unsigned long *)&vcpu->arch.regs_dirty))
+                vmcs_writel(GUEST_RIP, vcpu->arch.regs[VCPU_REGS_RIP]);
+
         /*
          * Loading guest fpu may have cleared host cr0.ts
          */
@@ -2948,26 +3229,25 @@ static void vmx_vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
 
         asm(
                 /* Store host registers */
-#ifdef CONFIG_X86_64
-                "push %%rdx; push %%rbp;"
-                "push %%rcx \n\t"
-#else
-                "push %%edx; push %%ebp;"
-                "push %%ecx \n\t"
-#endif
+                "push %%"R"dx; push %%"R"bp;"
+                "push %%"R"cx \n\t"
+                "cmp %%"R"sp, %c[host_rsp](%0) \n\t"
+                "je 1f \n\t"
+                "mov %%"R"sp, %c[host_rsp](%0) \n\t"
                 __ex(ASM_VMX_VMWRITE_RSP_RDX) "\n\t"
+                "1: \n\t"
                 /* Check if vmlaunch of vmresume is needed */
                 "cmpl $0, %c[launched](%0) \n\t"
                 /* Load guest registers.  Don't clobber flags. */
+                "mov %c[cr2](%0), %%"R"ax \n\t"
+                "mov %%"R"ax, %%cr2 \n\t"
+                "mov %c[rax](%0), %%"R"ax \n\t"
+                "mov %c[rbx](%0), %%"R"bx \n\t"
+                "mov %c[rdx](%0), %%"R"dx \n\t"
+                "mov %c[rsi](%0), %%"R"si \n\t"
+                "mov %c[rdi](%0), %%"R"di \n\t"
+                "mov %c[rbp](%0), %%"R"bp \n\t"
 #ifdef CONFIG_X86_64
-                "mov %c[cr2](%0), %%rax \n\t"
-                "mov %%rax, %%cr2 \n\t"
-                "mov %c[rax](%0), %%rax \n\t"
-                "mov %c[rbx](%0), %%rbx \n\t"
-                "mov %c[rdx](%0), %%rdx \n\t"
-                "mov %c[rsi](%0), %%rsi \n\t"
-                "mov %c[rdi](%0), %%rdi \n\t"
-                "mov %c[rbp](%0), %%rbp \n\t"
                 "mov %c[r8](%0),  %%r8  \n\t"
                 "mov %c[r9](%0),  %%r9  \n\t"
                 "mov %c[r10](%0), %%r10 \n\t"
@@ -2976,18 +3256,9 @@ static void vmx_vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                 "mov %c[r13](%0), %%r13 \n\t"
                 "mov %c[r14](%0), %%r14 \n\t"
                 "mov %c[r15](%0), %%r15 \n\t"
-                "mov %c[rcx](%0), %%rcx \n\t" /* kills %0 (rcx) */
-#else
-                "mov %c[cr2](%0), %%eax \n\t"
-                "mov %%eax,   %%cr2 \n\t"
-                "mov %c[rax](%0), %%eax \n\t"
-                "mov %c[rbx](%0), %%ebx \n\t"
-                "mov %c[rdx](%0), %%edx \n\t"
-                "mov %c[rsi](%0), %%esi \n\t"
-                "mov %c[rdi](%0), %%edi \n\t"
-                "mov %c[rbp](%0), %%ebp \n\t"
-                "mov %c[rcx](%0), %%ecx \n\t" /* kills %0 (ecx) */
 #endif
+                "mov %c[rcx](%0), %%"R"cx \n\t" /* kills %0 (ecx) */
+
                 /* Enter guest mode */
                 "jne .Llaunched \n\t"
                 __ex(ASM_VMX_VMLAUNCH) "\n\t"
@@ -2995,15 +3266,15 @@ static void vmx_vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                 ".Llaunched: " __ex(ASM_VMX_VMRESUME) "\n\t"
                 ".Lkvm_vmx_return: "
                 /* Save guest registers, load host registers, keep flags */
+                "xchg %0,     (%%"R"sp) \n\t"
+                "mov %%"R"ax, %c[rax](%0) \n\t"
+                "mov %%"R"bx, %c[rbx](%0) \n\t"
+                "push"Q" (%%"R"sp); pop"Q" %c[rcx](%0) \n\t"
+                "mov %%"R"dx, %c[rdx](%0) \n\t"
+                "mov %%"R"si, %c[rsi](%0) \n\t"
+                "mov %%"R"di, %c[rdi](%0) \n\t"
+                "mov %%"R"bp, %c[rbp](%0) \n\t"
 #ifdef CONFIG_X86_64
-                "xchg %0,     (%%rsp) \n\t"
-                "mov %%rax, %c[rax](%0) \n\t"
-                "mov %%rbx, %c[rbx](%0) \n\t"
-                "pushq (%%rsp); popq %c[rcx](%0) \n\t"
-                "mov %%rdx, %c[rdx](%0) \n\t"
-                "mov %%rsi, %c[rsi](%0) \n\t"
-                "mov %%rdi, %c[rdi](%0) \n\t"
-                "mov %%rbp, %c[rbp](%0) \n\t"
                 "mov %%r8,  %c[r8](%0) \n\t"
                 "mov %%r9,  %c[r9](%0) \n\t"
                 "mov %%r10, %c[r10](%0) \n\t"
@@ -3012,28 +3283,16 @@ static void vmx_vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                 "mov %%r13, %c[r13](%0) \n\t"
                 "mov %%r14, %c[r14](%0) \n\t"
                 "mov %%r15, %c[r15](%0) \n\t"
-                "mov %%cr2, %%rax   \n\t"
-                "mov %%rax, %c[cr2](%0) \n\t"
-
-                "pop  %%rbp; pop  %%rbp; pop  %%rdx \n\t"
-#else
-                "xchg %0, (%%esp) \n\t"
-                "mov %%eax, %c[rax](%0) \n\t"
-                "mov %%ebx, %c[rbx](%0) \n\t"
-                "pushl (%%esp); popl %c[rcx](%0) \n\t"
-                "mov %%edx, %c[rdx](%0) \n\t"
-                "mov %%esi, %c[rsi](%0) \n\t"
-                "mov %%edi, %c[rdi](%0) \n\t"
-                "mov %%ebp, %c[rbp](%0) \n\t"
-                "mov %%cr2, %%eax  \n\t"
-                "mov %%eax, %c[cr2](%0) \n\t"
-
-                "pop %%ebp; pop %%ebp; pop %%edx \n\t"
 #endif
+                "mov %%cr2, %%"R"ax   \n\t"
+                "mov %%"R"ax, %c[cr2](%0) \n\t"
+
+                "pop  %%"R"bp; pop  %%"R"bp; pop  %%"R"dx \n\t"
                 "setbe %c[fail](%0) \n\t"
               : : "c"(vmx), "d"((unsigned long)HOST_RSP),
                 [launched]"i"(offsetof(struct vcpu_vmx, launched)),
                 [fail]"i"(offsetof(struct vcpu_vmx, fail)),
+                [host_rsp]"i"(offsetof(struct vcpu_vmx, host_rsp)),
                 [rax]"i"(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_RAX])),
                 [rbx]"i"(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_RBX])),
                 [rcx]"i"(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_RCX])),
@@ -3053,14 +3312,15 @@ static void vmx_vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
 #endif
                 [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2))
               : "cc", "memory"
+                , R"bx", R"di", R"si"
 #ifdef CONFIG_X86_64
-                , "rbx", "rdi", "rsi"
                 , "r8", "r9", "r10", "r11", "r12", "r13", "r14", "r15"
-#else
-                , "ebx", "edi", "rsi"
 #endif
               );
 
+        vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP));
+        vcpu->arch.regs_dirty = 0;
+
         vmx->idt_vectoring_info = vmcs_read32(IDT_VECTORING_INFO_FIELD);
         if (vmx->rmode.irq.pending)
                 fixup_rmode_irq(vmx);
@@ -3080,8 +3340,13 @@ static void vmx_vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                 KVMTRACE_0D(NMI, vcpu, handler);
                 asm("int $2");
         }
+
+        vmx_complete_interrupts(vmx);
 }
 
+#undef R
+#undef Q
+
 static void vmx_free_vmcs(struct kvm_vcpu *vcpu)
 {
         struct vcpu_vmx *vmx = to_vmx(vcpu);
@@ -3224,8 +3489,7 @@ static struct kvm_x86_ops vmx_x86_ops = {
         .set_idt = vmx_set_idt,
         .get_gdt = vmx_get_gdt,
         .set_gdt = vmx_set_gdt,
-        .cache_regs = vcpu_load_rsp_rip,
-        .decache_regs = vcpu_put_rsp_rip,
+        .cache_reg = vmx_cache_reg,
         .get_rflags = vmx_get_rflags,
         .set_rflags = vmx_set_rflags,
 
@@ -3301,8 +3565,7 @@ static int __init vmx_init(void)
                 kvm_mmu_set_base_ptes(VMX_EPT_READABLE_MASK |
                         VMX_EPT_WRITABLE_MASK |
                         VMX_EPT_DEFAULT_MT << VMX_EPT_MT_EPTE_SHIFT);
-                kvm_mmu_set_mask_ptes(0ull, VMX_EPT_FAKE_ACCESSED_MASK,
-                                VMX_EPT_FAKE_DIRTY_MASK, 0ull,
+                kvm_mmu_set_mask_ptes(0ull, 0ull, 0ull, 0ull,
                                 VMX_EPT_EXECUTABLE_MASK);
                 kvm_enable_tdp();
         } else
diff --git a/arch/x86/kvm/vmx.h b/arch/x86/kvm/vmx.h
index 425a13436b3f..3e010d21fdd7 100644
--- a/arch/x86/kvm/vmx.h
+++ b/arch/x86/kvm/vmx.h
@@ -331,24 +331,6 @@ enum vmcs_field {
 
 #define AR_RESERVD_MASK 0xfffe0f00
 
-#define MSR_IA32_VMX_BASIC                      0x480
-#define MSR_IA32_VMX_PINBASED_CTLS              0x481
-#define MSR_IA32_VMX_PROCBASED_CTLS             0x482
-#define MSR_IA32_VMX_EXIT_CTLS                  0x483
-#define MSR_IA32_VMX_ENTRY_CTLS                 0x484
-#define MSR_IA32_VMX_MISC                       0x485
-#define MSR_IA32_VMX_CR0_FIXED0                 0x486
-#define MSR_IA32_VMX_CR0_FIXED1                 0x487
-#define MSR_IA32_VMX_CR4_FIXED0                 0x488
-#define MSR_IA32_VMX_CR4_FIXED1                 0x489
-#define MSR_IA32_VMX_VMCS_ENUM                  0x48a
-#define MSR_IA32_VMX_PROCBASED_CTLS2            0x48b
-#define MSR_IA32_VMX_EPT_VPID_CAP               0x48c
-
-#define MSR_IA32_FEATURE_CONTROL                0x3a
-#define MSR_IA32_FEATURE_CONTROL_LOCKED         0x1
-#define MSR_IA32_FEATURE_CONTROL_VMXON_ENABLED  0x4
-
 #define APIC_ACCESS_PAGE_PRIVATE_MEMSLOT        9
 #define IDENTITY_PAGETABLE_PRIVATE_MEMSLOT      10
 
@@ -370,8 +352,6 @@ enum vmcs_field {
 #define VMX_EPT_READABLE_MASK                   0x1ull
 #define VMX_EPT_WRITABLE_MASK                   0x2ull
 #define VMX_EPT_EXECUTABLE_MASK                 0x4ull
-#define VMX_EPT_FAKE_ACCESSED_MASK              (1ull << 62)
-#define VMX_EPT_FAKE_DIRTY_MASK                 (1ull << 63)
 
 #define VMX_EPT_IDENTITY_PAGETABLE_ADDR         0xfffbc000ul
 
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 0d682fc6aeb3..4f0677d1eae8 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -4,10 +4,14 @@
  * derived from drivers/kvm/kvm_main.c
  *
  * Copyright (C) 2006 Qumranet, Inc.
+ * Copyright (C) 2008 Qumranet, Inc.
+ * Copyright IBM Corporation, 2008
  *
  * Authors:
  *   Avi Kivity   <avi@qumranet.com>
  *   Yaniv Kamay  <yaniv@qumranet.com>
+ *   Amit Shah    <amit.shah@qumranet.com>
+ *   Ben-Ami Yassour <benami@il.ibm.com>
  *
  * This work is licensed under the terms of the GNU GPL, version 2.  See
  * the COPYING file in the top-level directory.
@@ -19,14 +23,18 @@
 #include "mmu.h"
 #include "i8254.h"
 #include "tss.h"
+#include "kvm_cache_regs.h"
+#include "x86.h"
 
 #include <linux/clocksource.h>
+#include <linux/interrupt.h>
 #include <linux/kvm.h>
 #include <linux/fs.h>
 #include <linux/vmalloc.h>
 #include <linux/module.h>
 #include <linux/mman.h>
 #include <linux/highmem.h>
+#include <linux/intel-iommu.h>
 
 #include <asm/uaccess.h>
 #include <asm/msr.h>
@@ -61,6 +69,7 @@ static int kvm_dev_ioctl_get_supported_cpuid(struct kvm_cpuid2 *cpuid,
                                     struct kvm_cpuid_entry2 __user *entries);
 
 struct kvm_x86_ops *kvm_x86_ops;
+EXPORT_SYMBOL_GPL(kvm_x86_ops);
 
 struct kvm_stats_debugfs_item debugfs_entries[] = {
         { "pf_fixed", VCPU_STAT(pf_fixed) },
@@ -83,6 +92,7 @@ struct kvm_stats_debugfs_item debugfs_entries[] = {
         { "fpu_reload", VCPU_STAT(fpu_reload) },
         { "insn_emulation", VCPU_STAT(insn_emulation) },
         { "insn_emulation_fail", VCPU_STAT(insn_emulation_fail) },
+        { "irq_injections", VCPU_STAT(irq_injections) },
         { "mmu_shadow_zapped", VM_STAT(mmu_shadow_zapped) },
         { "mmu_pte_write", VM_STAT(mmu_pte_write) },
         { "mmu_pte_updated", VM_STAT(mmu_pte_updated) },
@@ -90,12 +100,12 @@ struct kvm_stats_debugfs_item debugfs_entries[] = {
         { "mmu_flooded", VM_STAT(mmu_flooded) },
         { "mmu_recycled", VM_STAT(mmu_recycled) },
         { "mmu_cache_miss", VM_STAT(mmu_cache_miss) },
+        { "mmu_unsync", VM_STAT(mmu_unsync) },
         { "remote_tlb_flush", VM_STAT(remote_tlb_flush) },
         { "largepages", VM_STAT(lpages) },
         { NULL }
 };
 
-
 unsigned long segment_base(u16 selector)
 {
         struct descriptor_table gdt;
@@ -352,6 +362,7 @@ EXPORT_SYMBOL_GPL(kvm_set_cr4);
 void kvm_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3)
 {
         if (cr3 == vcpu->arch.cr3 && !pdptrs_changed(vcpu)) {
+                kvm_mmu_sync_roots(vcpu);
                 kvm_mmu_flush_tlb(vcpu);
                 return;
         }
@@ -564,7 +575,7 @@ static void kvm_set_time_scale(uint32_t tsc_khz, struct pvclock_vcpu_time_info *
         hv_clock->tsc_to_system_mul = div_frac(nsecs, tps32);
 
         pr_debug("%s: tsc_khz %u, tsc_shift %d, tsc_mul %u\n",
-                 __FUNCTION__, tsc_khz, hv_clock->tsc_shift,
+                 __func__, tsc_khz, hv_clock->tsc_shift,
                  hv_clock->tsc_to_system_mul);
 }
 
@@ -662,6 +673,18 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 data)
                 pr_unimpl(vcpu, "%s: MSR_IA32_MCG_CTL 0x%llx, nop\n",
                         __func__, data);
                 break;
+        case MSR_IA32_DEBUGCTLMSR:
+                if (!data) {
+                        /* We support the non-activated case already */
+                        break;
+                } else if (data & ~(DEBUGCTLMSR_LBR | DEBUGCTLMSR_BTF)) {
+                        /* Values other than LBR and BTF are vendor-specific,
+                           thus reserved and should throw a #GP */
+                        return 1;
+                }
+                pr_unimpl(vcpu, "%s: MSR_IA32_DEBUGCTLMSR 0x%llx, nop\n",
+                        __func__, data);
+                break;
         case MSR_IA32_UCODE_REV:
         case MSR_IA32_UCODE_WRITE:
                 break;
@@ -692,10 +715,8 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 data)
                 /* ...but clean it before doing the actual write */
                 vcpu->arch.time_offset = data & ~(PAGE_MASK | 1);
 
-                down_read(&current->mm->mmap_sem);
                 vcpu->arch.time_page =
                                 gfn_to_page(vcpu->kvm, data >> PAGE_SHIFT);
-                up_read(&current->mm->mmap_sem);
 
                 if (is_error_page(vcpu->arch.time_page)) {
                         kvm_release_page_clean(vcpu->arch.time_page);
@@ -752,8 +773,14 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata)
         case MSR_IA32_MC0_MISC+8:
         case MSR_IA32_MC0_MISC+12:
         case MSR_IA32_MC0_MISC+16:
+        case MSR_IA32_MC0_MISC+20:
         case MSR_IA32_UCODE_REV:
         case MSR_IA32_EBL_CR_POWERON:
+        case MSR_IA32_DEBUGCTLMSR:
+        case MSR_IA32_LASTBRANCHFROMIP:
+        case MSR_IA32_LASTBRANCHTOIP:
+        case MSR_IA32_LASTINTFROMIP:
+        case MSR_IA32_LASTINTTOIP:
                 data = 0;
                 break;
         case MSR_MTRRcap:
@@ -901,6 +928,9 @@ int kvm_dev_ioctl_check_extension(long ext)
         case KVM_CAP_PV_MMU:
                 r = !tdp_enabled;
                 break;
+        case KVM_CAP_IOMMU:
+                r = intel_iommu_found();
+                break;
         default:
                 r = 0;
                 break;
@@ -1303,28 +1333,33 @@ long kvm_arch_vcpu_ioctl(struct file *filp,
         struct kvm_vcpu *vcpu = filp->private_data;
         void __user *argp = (void __user *)arg;
         int r;
+        struct kvm_lapic_state *lapic = NULL;
 
         switch (ioctl) {
         case KVM_GET_LAPIC: {
-                struct kvm_lapic_state lapic;
+                lapic = kzalloc(sizeof(struct kvm_lapic_state), GFP_KERNEL);
 
-                memset(&lapic, 0, sizeof lapic);
-                r = kvm_vcpu_ioctl_get_lapic(vcpu, &lapic);
+                r = -ENOMEM;
+                if (!lapic)
+                        goto out;
+                r = kvm_vcpu_ioctl_get_lapic(vcpu, lapic);
                 if (r)
                         goto out;
                 r = -EFAULT;
-                if (copy_to_user(argp, &lapic, sizeof lapic))
+                if (copy_to_user(argp, lapic, sizeof(struct kvm_lapic_state)))
                         goto out;
                 r = 0;
                 break;
         }
         case KVM_SET_LAPIC: {
-                struct kvm_lapic_state lapic;
-
+                lapic = kmalloc(sizeof(struct kvm_lapic_state), GFP_KERNEL);
+                r = -ENOMEM;
+                if (!lapic)
+                        goto out;
                 r = -EFAULT;
-                if (copy_from_user(&lapic, argp, sizeof lapic))
+                if (copy_from_user(lapic, argp, sizeof(struct kvm_lapic_state)))
                         goto out;
-                r = kvm_vcpu_ioctl_set_lapic(vcpu, &lapic);;
+                r = kvm_vcpu_ioctl_set_lapic(vcpu, lapic);
                 if (r)
                         goto out;
                 r = 0;
@@ -1422,6 +1457,8 @@ long kvm_arch_vcpu_ioctl(struct file *filp,
                 r = -EINVAL;
         }
 out:
+        if (lapic)
+                kfree(lapic);
         return r;
 }
 
@@ -1630,6 +1667,15 @@ long kvm_arch_vm_ioctl(struct file *filp,
         struct kvm *kvm = filp->private_data;
         void __user *argp = (void __user *)arg;
         int r = -EINVAL;
+        /*
+         * This union makes it completely explicit to gcc-3.x
+         * that these two variables' stack usage should be
+         * combined, not added together.
+         */
+        union {
+                struct kvm_pit_state ps;
+                struct kvm_memory_alias alias;
+        } u;
 
         switch (ioctl) {
         case KVM_SET_TSS_ADDR:
@@ -1661,17 +1707,14 @@ long kvm_arch_vm_ioctl(struct file *filp,
         case KVM_GET_NR_MMU_PAGES:
                 r = kvm_vm_ioctl_get_nr_mmu_pages(kvm);
                 break;
-        case KVM_SET_MEMORY_ALIAS: {
-                struct kvm_memory_alias alias;
-
+        case KVM_SET_MEMORY_ALIAS:
                 r = -EFAULT;
-                if (copy_from_user(&alias, argp, sizeof alias))
+                if (copy_from_user(&u.alias, argp, sizeof(struct kvm_memory_alias)))
                         goto out;
-                r = kvm_vm_ioctl_set_memory_alias(kvm, &alias);
+                r = kvm_vm_ioctl_set_memory_alias(kvm, &u.alias);
                 if (r)
                         goto out;
                 break;
-        }
         case KVM_CREATE_IRQCHIP:
                 r = -ENOMEM;
                 kvm->arch.vpic = kvm_create_pic(kvm);
@@ -1699,13 +1742,7 @@ long kvm_arch_vm_ioctl(struct file *filp,
                         goto out;
                 if (irqchip_in_kernel(kvm)) {
                         mutex_lock(&kvm->lock);
-                        if (irq_event.irq < 16)
-                                kvm_pic_set_irq(pic_irqchip(kvm),
-                                        irq_event.irq,
-                                        irq_event.level);
-                        kvm_ioapic_set_irq(kvm->arch.vioapic,
-                                        irq_event.irq,
-                                        irq_event.level);
+                        kvm_set_irq(kvm, irq_event.irq, irq_event.level);
                         mutex_unlock(&kvm->lock);
                         r = 0;
                 }
@@ -1713,65 +1750,77 @@ long kvm_arch_vm_ioctl(struct file *filp,
         }
         case KVM_GET_IRQCHIP: {
                 /* 0: PIC master, 1: PIC slave, 2: IOAPIC */
-                struct kvm_irqchip chip;
+                struct kvm_irqchip *chip = kmalloc(sizeof(*chip), GFP_KERNEL);
 
-                r = -EFAULT;
-                if (copy_from_user(&chip, argp, sizeof chip))
+                r = -ENOMEM;
+                if (!chip)
                         goto out;
+                r = -EFAULT;
+                if (copy_from_user(chip, argp, sizeof *chip))
+                        goto get_irqchip_out;
                 r = -ENXIO;
                 if (!irqchip_in_kernel(kvm))
-                        goto out;
-                r = kvm_vm_ioctl_get_irqchip(kvm, &chip);
+                        goto get_irqchip_out;
+                r = kvm_vm_ioctl_get_irqchip(kvm, chip);
                 if (r)
-                        goto out;
+                        goto get_irqchip_out;
                 r = -EFAULT;
-                if (copy_to_user(argp, &chip, sizeof chip))
-                        goto out;
+                if (copy_to_user(argp, chip, sizeof *chip))
+                        goto get_irqchip_out;
                 r = 0;
+        get_irqchip_out:
+                kfree(chip);
+                if (r)
+                        goto out;
                 break;
         }
         case KVM_SET_IRQCHIP: {
                 /* 0: PIC master, 1: PIC slave, 2: IOAPIC */
-                struct kvm_irqchip chip;
+                struct kvm_irqchip *chip = kmalloc(sizeof(*chip), GFP_KERNEL);
 
-                r = -EFAULT;
-                if (copy_from_user(&chip, argp, sizeof chip))
+                r = -ENOMEM;
+                if (!chip)
                         goto out;
+                r = -EFAULT;
+                if (copy_from_user(chip, argp, sizeof *chip))
+                        goto set_irqchip_out;
                 r = -ENXIO;
                 if (!irqchip_in_kernel(kvm))
-                        goto out;
-                r = kvm_vm_ioctl_set_irqchip(kvm, &chip);
+                        goto set_irqchip_out;
+                r = kvm_vm_ioctl_set_irqchip(kvm, chip);
                 if (r)
-                        goto out;
+                        goto set_irqchip_out;
                 r = 0;
+        set_irqchip_out:
+                kfree(chip);
+                if (r)
+                        goto out;
                 break;
         }
         case KVM_GET_PIT: {
-                struct kvm_pit_state ps;
                 r = -EFAULT;
-                if (copy_from_user(&ps, argp, sizeof ps))
+                if (copy_from_user(&u.ps, argp, sizeof(struct kvm_pit_state)))
                         goto out;
                 r = -ENXIO;
                 if (!kvm->arch.vpit)
                         goto out;
-                r = kvm_vm_ioctl_get_pit(kvm, &ps);
+                r = kvm_vm_ioctl_get_pit(kvm, &u.ps);
                 if (r)
                         goto out;
                 r = -EFAULT;
-                if (copy_to_user(argp, &ps, sizeof ps))
+                if (copy_to_user(argp, &u.ps, sizeof(struct kvm_pit_state)))
                         goto out;
                 r = 0;
                 break;
         }
         case KVM_SET_PIT: {
-                struct kvm_pit_state ps;
                 r = -EFAULT;
-                if (copy_from_user(&ps, argp, sizeof ps))
+                if (copy_from_user(&u.ps, argp, sizeof u.ps))
                         goto out;
                 r = -ENXIO;
                 if (!kvm->arch.vpit)
                         goto out;
-                r = kvm_vm_ioctl_set_pit(kvm, &ps);
+                r = kvm_vm_ioctl_set_pit(kvm, &u.ps);
                 if (r)
                         goto out;
                 r = 0;
@@ -2018,9 +2067,7 @@ static int emulator_cmpxchg_emulated(unsigned long addr,
 
                 val = *(u64 *)new;
 
-                down_read(&current->mm->mmap_sem);
                 page = gfn_to_page(vcpu->kvm, gpa >> PAGE_SHIFT);
-                up_read(&current->mm->mmap_sem);
 
                 kaddr = kmap_atomic(page, KM_USER0);
                 set_64bit((u64 *)(kaddr + offset_in_page(gpa)), val);
@@ -2040,6 +2087,7 @@ static unsigned long get_segment_base(struct kvm_vcpu *vcpu, int seg)
 
 int emulate_invlpg(struct kvm_vcpu *vcpu, gva_t address)
 {
+        kvm_mmu_invlpg(vcpu, address);
         return X86EMUL_CONTINUE;
 }
 
@@ -2080,7 +2128,7 @@ int emulator_set_dr(struct x86_emulate_ctxt *ctxt, int dr, unsigned long value)
 void kvm_report_emulation_failure(struct kvm_vcpu *vcpu, const char *context)
 {
         u8 opcodes[4];
-        unsigned long rip = vcpu->arch.rip;
+        unsigned long rip = kvm_rip_read(vcpu);
         unsigned long rip_linear;
 
         if (!printk_ratelimit())
@@ -2102,6 +2150,14 @@ static struct x86_emulate_ops emulate_ops = {
         .cmpxchg_emulated    = emulator_cmpxchg_emulated,
 };
 
+static void cache_all_regs(struct kvm_vcpu *vcpu)
+{
+        kvm_register_read(vcpu, VCPU_REGS_RAX);
+        kvm_register_read(vcpu, VCPU_REGS_RSP);
+        kvm_register_read(vcpu, VCPU_REGS_RIP);
+        vcpu->arch.regs_dirty = ~0;
+}
+
 int emulate_instruction(struct kvm_vcpu *vcpu,
                         struct kvm_run *run,
                         unsigned long cr2,
@@ -2111,8 +2167,15 @@ int emulate_instruction(struct kvm_vcpu *vcpu,
         int r;
         struct decode_cache *c;
 
+        kvm_clear_exception_queue(vcpu);
         vcpu->arch.mmio_fault_cr2 = cr2;
-        kvm_x86_ops->cache_regs(vcpu);
+        /*
+         * TODO: fix x86_emulate.c to use guest_read/write_register
+         * instead of direct ->regs accesses, can save hundred cycles
+         * on Intel for instructions that don't read/change RSP, for
+         * for example.
+         */
+        cache_all_regs(vcpu);
 
         vcpu->mmio_is_write = 0;
         vcpu->arch.pio.string = 0;
@@ -2172,7 +2235,6 @@ int emulate_instruction(struct kvm_vcpu *vcpu,
                 return EMULATE_DO_MMIO;
         }
 
-        kvm_x86_ops->decache_regs(vcpu);
         kvm_x86_ops->set_rflags(vcpu, vcpu->arch.emulate_ctxt.eflags);
 
         if (vcpu->mmio_is_write) {
@@ -2225,20 +2287,19 @@ int complete_pio(struct kvm_vcpu *vcpu)
         struct kvm_pio_request *io = &vcpu->arch.pio;
         long delta;
         int r;
-
-        kvm_x86_ops->cache_regs(vcpu);
+        unsigned long val;
 
         if (!io->string) {
-                if (io->in)
-                        memcpy(&vcpu->arch.regs[VCPU_REGS_RAX], vcpu->arch.pio_data,
-                               io->size);
+                if (io->in) {
+                        val = kvm_register_read(vcpu, VCPU_REGS_RAX);
+                        memcpy(&val, vcpu->arch.pio_data, io->size);
+                        kvm_register_write(vcpu, VCPU_REGS_RAX, val);
+                }
         } else {
                 if (io->in) {
                         r = pio_copy_data(vcpu);
-                        if (r) {
-                                kvm_x86_ops->cache_regs(vcpu);
+                        if (r)
                                 return r;
-                        }
                 }
 
                 delta = 1;
@@ -2248,19 +2309,24 @@ int complete_pio(struct kvm_vcpu *vcpu)
                          * The size of the register should really depend on
                          * current address size.
                          */
-                        vcpu->arch.regs[VCPU_REGS_RCX] -= delta;
+                        val = kvm_register_read(vcpu, VCPU_REGS_RCX);
+                        val -= delta;
+                        kvm_register_write(vcpu, VCPU_REGS_RCX, val);
                 }
                 if (io->down)
                         delta = -delta;
                 delta *= io->size;
-                if (io->in)
-                        vcpu->arch.regs[VCPU_REGS_RDI] += delta;
-                else
-                        vcpu->arch.regs[VCPU_REGS_RSI] += delta;
+                if (io->in) {
+                        val = kvm_register_read(vcpu, VCPU_REGS_RDI);
+                        val += delta;
+                        kvm_register_write(vcpu, VCPU_REGS_RDI, val);
+                } else {
+                        val = kvm_register_read(vcpu, VCPU_REGS_RSI);
+                        val += delta;
+                        kvm_register_write(vcpu, VCPU_REGS_RSI, val);
+                }
         }
 
-        kvm_x86_ops->decache_regs(vcpu);
-
         io->count -= io->cur_count;
         io->cur_count = 0;
 
@@ -2313,6 +2379,7 @@ int kvm_emulate_pio(struct kvm_vcpu *vcpu, struct kvm_run *run, int in,
                   int size, unsigned port)
 {
         struct kvm_io_device *pio_dev;
+        unsigned long val;
 
         vcpu->run->exit_reason = KVM_EXIT_IO;
         vcpu->run->io.direction = in ? KVM_EXIT_IO_IN : KVM_EXIT_IO_OUT;
@@ -2333,8 +2400,8 @@ int kvm_emulate_pio(struct kvm_vcpu *vcpu, struct kvm_run *run, int in,
                 KVMTRACE_2D(IO_WRITE, vcpu, vcpu->run->io.port, (u32)size,
                             handler);
 
-        kvm_x86_ops->cache_regs(vcpu);
-        memcpy(vcpu->arch.pio_data, &vcpu->arch.regs[VCPU_REGS_RAX], 4);
+        val = kvm_register_read(vcpu, VCPU_REGS_RAX);
+        memcpy(vcpu->arch.pio_data, &val, 4);
 
         kvm_x86_ops->skip_emulated_instruction(vcpu);
 
@@ -2492,11 +2559,6 @@ int kvm_emulate_halt(struct kvm_vcpu *vcpu)
         KVMTRACE_0D(HLT, vcpu, handler);
         if (irqchip_in_kernel(vcpu->kvm)) {
                 vcpu->arch.mp_state = KVM_MP_STATE_HALTED;
-                up_read(&vcpu->kvm->slots_lock);
-                kvm_vcpu_block(vcpu);
-                down_read(&vcpu->kvm->slots_lock);
-                if (vcpu->arch.mp_state != KVM_MP_STATE_RUNNABLE)
-                        return -EINTR;
                 return 1;
         } else {
                 vcpu->run->exit_reason = KVM_EXIT_HLT;
@@ -2519,13 +2581,11 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu)
         unsigned long nr, a0, a1, a2, a3, ret;
         int r = 1;
 
-        kvm_x86_ops->cache_regs(vcpu);
-
-        nr = vcpu->arch.regs[VCPU_REGS_RAX];
-        a0 = vcpu->arch.regs[VCPU_REGS_RBX];
-        a1 = vcpu->arch.regs[VCPU_REGS_RCX];
-        a2 = vcpu->arch.regs[VCPU_REGS_RDX];
-        a3 = vcpu->arch.regs[VCPU_REGS_RSI];
+        nr = kvm_register_read(vcpu, VCPU_REGS_RAX);
+        a0 = kvm_register_read(vcpu, VCPU_REGS_RBX);
+        a1 = kvm_register_read(vcpu, VCPU_REGS_RCX);
+        a2 = kvm_register_read(vcpu, VCPU_REGS_RDX);
+        a3 = kvm_register_read(vcpu, VCPU_REGS_RSI);
 
         KVMTRACE_1D(VMMCALL, vcpu, (u32)nr, handler);
 
@@ -2548,8 +2608,7 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu)
                 ret = -KVM_ENOSYS;
                 break;
         }
-        vcpu->arch.regs[VCPU_REGS_RAX] = ret;
-        kvm_x86_ops->decache_regs(vcpu);
+        kvm_register_write(vcpu, VCPU_REGS_RAX, ret);
         ++vcpu->stat.hypercalls;
         return r;
 }
@@ -2559,6 +2618,7 @@ int kvm_fix_hypercall(struct kvm_vcpu *vcpu)
 {
         char instruction[3];
         int ret = 0;
+        unsigned long rip = kvm_rip_read(vcpu);
 
 
         /*
@@ -2568,9 +2628,8 @@ int kvm_fix_hypercall(struct kvm_vcpu *vcpu)
          */
         kvm_mmu_zap_all(vcpu->kvm);
 
-        kvm_x86_ops->cache_regs(vcpu);
         kvm_x86_ops->patch_hypercall(vcpu, instruction);
-        if (emulator_write_emulated(vcpu->arch.rip, instruction, 3, vcpu)
+        if (emulator_write_emulated(rip, instruction, 3, vcpu)
             != X86EMUL_CONTINUE)
                 ret = -EFAULT;
 
@@ -2700,13 +2759,12 @@ void kvm_emulate_cpuid(struct kvm_vcpu *vcpu)
         u32 function, index;
         struct kvm_cpuid_entry2 *e, *best;
 
-        kvm_x86_ops->cache_regs(vcpu);
-        function = vcpu->arch.regs[VCPU_REGS_RAX];
-        index = vcpu->arch.regs[VCPU_REGS_RCX];
-        vcpu->arch.regs[VCPU_REGS_RAX] = 0;
-        vcpu->arch.regs[VCPU_REGS_RBX] = 0;
-        vcpu->arch.regs[VCPU_REGS_RCX] = 0;
-        vcpu->arch.regs[VCPU_REGS_RDX] = 0;
+        function = kvm_register_read(vcpu, VCPU_REGS_RAX);
+        index = kvm_register_read(vcpu, VCPU_REGS_RCX);
+        kvm_register_write(vcpu, VCPU_REGS_RAX, 0);
+        kvm_register_write(vcpu, VCPU_REGS_RBX, 0);
+        kvm_register_write(vcpu, VCPU_REGS_RCX, 0);
+        kvm_register_write(vcpu, VCPU_REGS_RDX, 0);
         best = NULL;
         for (i = 0; i < vcpu->arch.cpuid_nent; ++i) {
                 e = &vcpu->arch.cpuid_entries[i];
@@ -2724,18 +2782,17 @@ void kvm_emulate_cpuid(struct kvm_vcpu *vcpu)
                                 best = e;
         }
         if (best) {
-                vcpu->arch.regs[VCPU_REGS_RAX] = best->eax;
-                vcpu->arch.regs[VCPU_REGS_RBX] = best->ebx;
-                vcpu->arch.regs[VCPU_REGS_RCX] = best->ecx;
-                vcpu->arch.regs[VCPU_REGS_RDX] = best->edx;
+                kvm_register_write(vcpu, VCPU_REGS_RAX, best->eax);
+                kvm_register_write(vcpu, VCPU_REGS_RBX, best->ebx);
+                kvm_register_write(vcpu, VCPU_REGS_RCX, best->ecx);
+                kvm_register_write(vcpu, VCPU_REGS_RDX, best->edx);
         }
-        kvm_x86_ops->decache_regs(vcpu);
         kvm_x86_ops->skip_emulated_instruction(vcpu);
         KVMTRACE_5D(CPUID, vcpu, function,
-                    (u32)vcpu->arch.regs[VCPU_REGS_RAX],
-                    (u32)vcpu->arch.regs[VCPU_REGS_RBX],
-                    (u32)vcpu->arch.regs[VCPU_REGS_RCX],
-                    (u32)vcpu->arch.regs[VCPU_REGS_RDX], handler);
+                    (u32)kvm_register_read(vcpu, VCPU_REGS_RAX),
+                    (u32)kvm_register_read(vcpu, VCPU_REGS_RBX),
+                    (u32)kvm_register_read(vcpu, VCPU_REGS_RCX),
+                    (u32)kvm_register_read(vcpu, VCPU_REGS_RDX), handler);
 }
 EXPORT_SYMBOL_GPL(kvm_emulate_cpuid);
 
@@ -2776,9 +2833,7 @@ static void vapic_enter(struct kvm_vcpu *vcpu)
         if (!apic || !apic->vapic_addr)
                 return;
 
-        down_read(&current->mm->mmap_sem);
         page = gfn_to_page(vcpu->kvm, apic->vapic_addr >> PAGE_SHIFT);
-        up_read(&current->mm->mmap_sem);
 
         vcpu->arch.apic->vapic_page = page;
 }
@@ -2796,28 +2851,10 @@ static void vapic_exit(struct kvm_vcpu *vcpu)
         up_read(&vcpu->kvm->slots_lock);
 }
 
-static int __vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
 {
         int r;
 
-        if (unlikely(vcpu->arch.mp_state == KVM_MP_STATE_SIPI_RECEIVED)) {
-                pr_debug("vcpu %d received sipi with vector # %x\n",
-                       vcpu->vcpu_id, vcpu->arch.sipi_vector);
-                kvm_lapic_reset(vcpu);
-                r = kvm_x86_ops->vcpu_reset(vcpu);
-                if (r)
-                        return r;
-                vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE;
-        }
-
-        down_read(&vcpu->kvm->slots_lock);
-        vapic_enter(vcpu);
-
-preempted:
-        if (vcpu->guest_debug.enabled)
-                kvm_x86_ops->guest_debug_pre(vcpu);
-
-again:
         if (vcpu->requests)
                 if (test_and_clear_bit(KVM_REQ_MMU_RELOAD, &vcpu->requests))
                         kvm_mmu_unload(vcpu);
@@ -2829,6 +2866,8 @@ again:
         if (vcpu->requests) {
                 if (test_and_clear_bit(KVM_REQ_MIGRATE_TIMER, &vcpu->requests))
                         __kvm_migrate_timers(vcpu);
+                if (test_and_clear_bit(KVM_REQ_MMU_SYNC, &vcpu->requests))
+                        kvm_mmu_sync_roots(vcpu);
                 if (test_and_clear_bit(KVM_REQ_TLB_FLUSH, &vcpu->requests))
                         kvm_x86_ops->tlb_flush(vcpu);
                 if (test_and_clear_bit(KVM_REQ_REPORT_TPR_ACCESS,
@@ -2854,21 +2893,15 @@ again:
 
         local_irq_disable();
 
-        if (vcpu->requests || need_resched()) {
+        if (vcpu->requests || need_resched() || signal_pending(current)) {
                 local_irq_enable();
                 preempt_enable();
                 r = 1;
                 goto out;
         }
 
-        if (signal_pending(current)) {
-                local_irq_enable();
-                preempt_enable();
-                r = -EINTR;
-                kvm_run->exit_reason = KVM_EXIT_INTR;
-                ++vcpu->stat.signal_exits;
-                goto out;
-        }
+        if (vcpu->guest_debug.enabled)
+                kvm_x86_ops->guest_debug_pre(vcpu);
 
         vcpu->guest_mode = 1;
         /*
@@ -2917,8 +2950,8 @@ again:
          * Profile KVM exit RIPs:
          */
         if (unlikely(prof_on == KVM_PROFILING)) {
-                kvm_x86_ops->cache_regs(vcpu);
-                profile_hit(KVM_PROFILING, (void *)vcpu->arch.rip);
+                unsigned long rip = kvm_rip_read(vcpu);
+                profile_hit(KVM_PROFILING, (void *)rip);
         }
 
         if (vcpu->arch.exception.pending && kvm_x86_ops->exception_injected(vcpu))
@@ -2927,26 +2960,63 @@ again:
         kvm_lapic_sync_from_vapic(vcpu);
 
         r = kvm_x86_ops->handle_exit(kvm_run, vcpu);
+out:
+        return r;
+}
 
-        if (r > 0) {
-                if (dm_request_for_irq_injection(vcpu, kvm_run)) {
-                        r = -EINTR;
-                        kvm_run->exit_reason = KVM_EXIT_INTR;
-                        ++vcpu->stat.request_irq_exits;
-                        goto out;
-                }
-                if (!need_resched())
-                        goto again;
+static int __vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+{
+        int r;
+
+        if (unlikely(vcpu->arch.mp_state == KVM_MP_STATE_SIPI_RECEIVED)) {
+                pr_debug("vcpu %d received sipi with vector # %x\n",
+                         vcpu->vcpu_id, vcpu->arch.sipi_vector);
+                kvm_lapic_reset(vcpu);
+                r = kvm_x86_ops->vcpu_reset(vcpu);
+                if (r)
+                        return r;
+                vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE;
         }
 
-out:
-        up_read(&vcpu->kvm->slots_lock);
-        if (r > 0) {
-                kvm_resched(vcpu);
-                down_read(&vcpu->kvm->slots_lock);
-                goto preempted;
+        down_read(&vcpu->kvm->slots_lock);
+        vapic_enter(vcpu);
+
+        r = 1;
+        while (r > 0) {
+                if (vcpu->arch.mp_state == KVM_MP_STATE_RUNNABLE)
+                        r = vcpu_enter_guest(vcpu, kvm_run);
+                else {
+                        up_read(&vcpu->kvm->slots_lock);
+                        kvm_vcpu_block(vcpu);
+                        down_read(&vcpu->kvm->slots_lock);
+                        if (test_and_clear_bit(KVM_REQ_UNHALT, &vcpu->requests))
+                                if (vcpu->arch.mp_state == KVM_MP_STATE_HALTED)
+                                        vcpu->arch.mp_state =
+                                                        KVM_MP_STATE_RUNNABLE;
+                        if (vcpu->arch.mp_state != KVM_MP_STATE_RUNNABLE)
+                                r = -EINTR;
+                }
+
+                if (r > 0) {
+                        if (dm_request_for_irq_injection(vcpu, kvm_run)) {
+                                r = -EINTR;
+                                kvm_run->exit_reason = KVM_EXIT_INTR;
+                                ++vcpu->stat.request_irq_exits;
+                        }
+                        if (signal_pending(current)) {
+                                r = -EINTR;
+                                kvm_run->exit_reason = KVM_EXIT_INTR;
+                                ++vcpu->stat.signal_exits;
+                        }
+                        if (need_resched()) {
+                                up_read(&vcpu->kvm->slots_lock);
+                                kvm_resched(vcpu);
+                                down_read(&vcpu->kvm->slots_lock);
+                        }
+                }
         }
 
+        up_read(&vcpu->kvm->slots_lock);
         post_kvm_run_save(vcpu, kvm_run);
 
         vapic_exit(vcpu);
@@ -2966,6 +3036,7 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
 
         if (unlikely(vcpu->arch.mp_state == KVM_MP_STATE_UNINITIALIZED)) {
                 kvm_vcpu_block(vcpu);
+                clear_bit(KVM_REQ_UNHALT, &vcpu->requests);
                 r = -EAGAIN;
                 goto out;
         }
@@ -2999,11 +3070,9 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                 }
         }
 #endif
-        if (kvm_run->exit_reason == KVM_EXIT_HYPERCALL) {
-                kvm_x86_ops->cache_regs(vcpu);
-                vcpu->arch.regs[VCPU_REGS_RAX] = kvm_run->hypercall.ret;
-                kvm_x86_ops->decache_regs(vcpu);
-        }
+        if (kvm_run->exit_reason == KVM_EXIT_HYPERCALL)
+                kvm_register_write(vcpu, VCPU_REGS_RAX,
+                                     kvm_run->hypercall.ret);
 
         r = __vcpu_run(vcpu, kvm_run);
 
@@ -3019,28 +3088,26 @@ int kvm_arch_vcpu_ioctl_get_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs)
 {
         vcpu_load(vcpu);
 
-        kvm_x86_ops->cache_regs(vcpu);
-
-        regs->rax = vcpu->arch.regs[VCPU_REGS_RAX];
-        regs->rbx = vcpu->arch.regs[VCPU_REGS_RBX];
-        regs->rcx = vcpu->arch.regs[VCPU_REGS_RCX];
-        regs->rdx = vcpu->arch.regs[VCPU_REGS_RDX];
-        regs->rsi = vcpu->arch.regs[VCPU_REGS_RSI];
-        regs->rdi = vcpu->arch.regs[VCPU_REGS_RDI];
-        regs->rsp = vcpu->arch.regs[VCPU_REGS_RSP];
-        regs->rbp = vcpu->arch.regs[VCPU_REGS_RBP];
+        regs->rax = kvm_register_read(vcpu, VCPU_REGS_RAX);
+        regs->rbx = kvm_register_read(vcpu, VCPU_REGS_RBX);
+        regs->rcx = kvm_register_read(vcpu, VCPU_REGS_RCX);
+        regs->rdx = kvm_register_read(vcpu, VCPU_REGS_RDX);
+        regs->rsi = kvm_register_read(vcpu, VCPU_REGS_RSI);
+        regs->rdi = kvm_register_read(vcpu, VCPU_REGS_RDI);
+        regs->rsp = kvm_register_read(vcpu, VCPU_REGS_RSP);
+        regs->rbp = kvm_register_read(vcpu, VCPU_REGS_RBP);
 #ifdef CONFIG_X86_64
-        regs->r8 = vcpu->arch.regs[VCPU_REGS_R8];
-        regs->r9 = vcpu->arch.regs[VCPU_REGS_R9];
-        regs->r10 = vcpu->arch.regs[VCPU_REGS_R10];
-        regs->r11 = vcpu->arch.regs[VCPU_REGS_R11];
-        regs->r12 = vcpu->arch.regs[VCPU_REGS_R12];
-        regs->r13 = vcpu->arch.regs[VCPU_REGS_R13];
-        regs->r14 = vcpu->arch.regs[VCPU_REGS_R14];
-        regs->r15 = vcpu->arch.regs[VCPU_REGS_R15];
+        regs->r8 = kvm_register_read(vcpu, VCPU_REGS_R8);
+        regs->r9 = kvm_register_read(vcpu, VCPU_REGS_R9);
+        regs->r10 = kvm_register_read(vcpu, VCPU_REGS_R10);
+        regs->r11 = kvm_register_read(vcpu, VCPU_REGS_R11);
+        regs->r12 = kvm_register_read(vcpu, VCPU_REGS_R12);
+        regs->r13 = kvm_register_read(vcpu, VCPU_REGS_R13);
+        regs->r14 = kvm_register_read(vcpu, VCPU_REGS_R14);
+        regs->r15 = kvm_register_read(vcpu, VCPU_REGS_R15);
 #endif
 
-        regs->rip = vcpu->arch.rip;
+        regs->rip = kvm_rip_read(vcpu);
         regs->rflags = kvm_x86_ops->get_rflags(vcpu);
 
         /*
@@ -3058,29 +3125,29 @@ int kvm_arch_vcpu_ioctl_set_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs)
 {
         vcpu_load(vcpu);
 
-        vcpu->arch.regs[VCPU_REGS_RAX] = regs->rax;
-        vcpu->arch.regs[VCPU_REGS_RBX] = regs->rbx;
-        vcpu->arch.regs[VCPU_REGS_RCX] = regs->rcx;
-        vcpu->arch.regs[VCPU_REGS_RDX] = regs->rdx;
-        vcpu->arch.regs[VCPU_REGS_RSI] = regs->rsi;
-        vcpu->arch.regs[VCPU_REGS_RDI] = regs->rdi;
-        vcpu->arch.regs[VCPU_REGS_RSP] = regs->rsp;
-        vcpu->arch.regs[VCPU_REGS_RBP] = regs->rbp;
+        kvm_register_write(vcpu, VCPU_REGS_RAX, regs->rax);
+        kvm_register_write(vcpu, VCPU_REGS_RBX, regs->rbx);
+        kvm_register_write(vcpu, VCPU_REGS_RCX, regs->rcx);
+        kvm_register_write(vcpu, VCPU_REGS_RDX, regs->rdx);
+        kvm_register_write(vcpu, VCPU_REGS_RSI, regs->rsi);
+        kvm_register_write(vcpu, VCPU_REGS_RDI, regs->rdi);
+        kvm_register_write(vcpu, VCPU_REGS_RSP, regs->rsp);
+        kvm_register_write(vcpu, VCPU_REGS_RBP, regs->rbp);
 #ifdef CONFIG_X86_64
-        vcpu->arch.regs[VCPU_REGS_R8] = regs->r8;
-        vcpu->arch.regs[VCPU_REGS_R9] = regs->r9;
-        vcpu->arch.regs[VCPU_REGS_R10] = regs->r10;
-        vcpu->arch.regs[VCPU_REGS_R11] = regs->r11;
-        vcpu->arch.regs[VCPU_REGS_R12] = regs->r12;
-        vcpu->arch.regs[VCPU_REGS_R13] = regs->r13;
-        vcpu->arch.regs[VCPU_REGS_R14] = regs->r14;
-        vcpu->arch.regs[VCPU_REGS_R15] = regs->r15;
+        kvm_register_write(vcpu, VCPU_REGS_R8, regs->r8);
+        kvm_register_write(vcpu, VCPU_REGS_R9, regs->r9);
+        kvm_register_write(vcpu, VCPU_REGS_R10, regs->r10);
+        kvm_register_write(vcpu, VCPU_REGS_R11, regs->r11);
+        kvm_register_write(vcpu, VCPU_REGS_R12, regs->r12);
+        kvm_register_write(vcpu, VCPU_REGS_R13, regs->r13);
+        kvm_register_write(vcpu, VCPU_REGS_R14, regs->r14);
+        kvm_register_write(vcpu, VCPU_REGS_R15, regs->r15);
+
 #endif
 
-        vcpu->arch.rip = regs->rip;
+        kvm_rip_write(vcpu, regs->rip);
         kvm_x86_ops->set_rflags(vcpu, regs->rflags);
 
-        kvm_x86_ops->decache_regs(vcpu);
 
         vcpu->arch.exception.pending = false;
 
@@ -3294,11 +3361,33 @@ static int load_segment_descriptor_to_kvm_desct(struct kvm_vcpu *vcpu,
         return 0;
 }
 
+static int kvm_load_realmode_segment(struct kvm_vcpu *vcpu, u16 selector, int seg)
+{
+        struct kvm_segment segvar = {
+                .base = selector << 4,
+                .limit = 0xffff,
+                .selector = selector,
+                .type = 3,
+                .present = 1,
+                .dpl = 3,
+                .db = 0,
+                .s = 1,
+                .l = 0,
+                .g = 0,
+                .avl = 0,
+                .unusable = 0,
+        };
+        kvm_x86_ops->set_segment(vcpu, &segvar, seg);
+        return 0;
+}
+
 int kvm_load_segment_descriptor(struct kvm_vcpu *vcpu, u16 selector,
                                 int type_bits, int seg)
 {
         struct kvm_segment kvm_seg;
 
+        if (!(vcpu->arch.cr0 & X86_CR0_PE))
+                return kvm_load_realmode_segment(vcpu, selector, seg);
         if (load_segment_descriptor_to_kvm_desct(vcpu, selector, &kvm_seg))
                 return 1;
         kvm_seg.type |= type_bits;
@@ -3316,17 +3405,16 @@ static void save_state_to_tss32(struct kvm_vcpu *vcpu,
                                 struct tss_segment_32 *tss)
 {
         tss->cr3 = vcpu->arch.cr3;
-        tss->eip = vcpu->arch.rip;
+        tss->eip = kvm_rip_read(vcpu);
         tss->eflags = kvm_x86_ops->get_rflags(vcpu);
-        tss->eax = vcpu->arch.regs[VCPU_REGS_RAX];
-        tss->ecx = vcpu->arch.regs[VCPU_REGS_RCX];
-        tss->edx = vcpu->arch.regs[VCPU_REGS_RDX];
-        tss->ebx = vcpu->arch.regs[VCPU_REGS_RBX];
-        tss->esp = vcpu->arch.regs[VCPU_REGS_RSP];
-        tss->ebp = vcpu->arch.regs[VCPU_REGS_RBP];
-        tss->esi = vcpu->arch.regs[VCPU_REGS_RSI];
-        tss->edi = vcpu->arch.regs[VCPU_REGS_RDI];
-
+        tss->eax = kvm_register_read(vcpu, VCPU_REGS_RAX);
+        tss->ecx = kvm_register_read(vcpu, VCPU_REGS_RCX);
+        tss->edx = kvm_register_read(vcpu, VCPU_REGS_RDX);
+        tss->ebx = kvm_register_read(vcpu, VCPU_REGS_RBX);
+        tss->esp = kvm_register_read(vcpu, VCPU_REGS_RSP);
+        tss->ebp = kvm_register_read(vcpu, VCPU_REGS_RBP);
+        tss->esi = kvm_register_read(vcpu, VCPU_REGS_RSI);
+        tss->edi = kvm_register_read(vcpu, VCPU_REGS_RDI);
         tss->es = get_segment_selector(vcpu, VCPU_SREG_ES);
         tss->cs = get_segment_selector(vcpu, VCPU_SREG_CS);
         tss->ss = get_segment_selector(vcpu, VCPU_SREG_SS);
@@ -3342,17 +3430,17 @@ static int load_state_from_tss32(struct kvm_vcpu *vcpu,
 {
         kvm_set_cr3(vcpu, tss->cr3);
 
-        vcpu->arch.rip = tss->eip;
+        kvm_rip_write(vcpu, tss->eip);
         kvm_x86_ops->set_rflags(vcpu, tss->eflags | 2);
 
-        vcpu->arch.regs[VCPU_REGS_RAX] = tss->eax;
-        vcpu->arch.regs[VCPU_REGS_RCX] = tss->ecx;
-        vcpu->arch.regs[VCPU_REGS_RDX] = tss->edx;
-        vcpu->arch.regs[VCPU_REGS_RBX] = tss->ebx;
-        vcpu->arch.regs[VCPU_REGS_RSP] = tss->esp;
-        vcpu->arch.regs[VCPU_REGS_RBP] = tss->ebp;
-        vcpu->arch.regs[VCPU_REGS_RSI] = tss->esi;
-        vcpu->arch.regs[VCPU_REGS_RDI] = tss->edi;
+        kvm_register_write(vcpu, VCPU_REGS_RAX, tss->eax);
+        kvm_register_write(vcpu, VCPU_REGS_RCX, tss->ecx);
+        kvm_register_write(vcpu, VCPU_REGS_RDX, tss->edx);
+        kvm_register_write(vcpu, VCPU_REGS_RBX, tss->ebx);
+        kvm_register_write(vcpu, VCPU_REGS_RSP, tss->esp);
+        kvm_register_write(vcpu, VCPU_REGS_RBP, tss->ebp);
+        kvm_register_write(vcpu, VCPU_REGS_RSI, tss->esi);
+        kvm_register_write(vcpu, VCPU_REGS_RDI, tss->edi);
 
         if (kvm_load_segment_descriptor(vcpu, tss->ldt_selector, 0, VCPU_SREG_LDTR))
                 return 1;
@@ -3380,16 +3468,16 @@ static int load_state_from_tss32(struct kvm_vcpu *vcpu,
 static void save_state_to_tss16(struct kvm_vcpu *vcpu,
                                 struct tss_segment_16 *tss)
 {
-        tss->ip = vcpu->arch.rip;
+        tss->ip = kvm_rip_read(vcpu);
         tss->flag = kvm_x86_ops->get_rflags(vcpu);
-        tss->ax = vcpu->arch.regs[VCPU_REGS_RAX];
-        tss->cx = vcpu->arch.regs[VCPU_REGS_RCX];
-        tss->dx = vcpu->arch.regs[VCPU_REGS_RDX];
-        tss->bx = vcpu->arch.regs[VCPU_REGS_RBX];
-        tss->sp = vcpu->arch.regs[VCPU_REGS_RSP];
-        tss->bp = vcpu->arch.regs[VCPU_REGS_RBP];
-        tss->si = vcpu->arch.regs[VCPU_REGS_RSI];
-        tss->di = vcpu->arch.regs[VCPU_REGS_RDI];
+        tss->ax = kvm_register_read(vcpu, VCPU_REGS_RAX);
+        tss->cx = kvm_register_read(vcpu, VCPU_REGS_RCX);
+        tss->dx = kvm_register_read(vcpu, VCPU_REGS_RDX);
+        tss->bx = kvm_register_read(vcpu, VCPU_REGS_RBX);
+        tss->sp = kvm_register_read(vcpu, VCPU_REGS_RSP);
+        tss->bp = kvm_register_read(vcpu, VCPU_REGS_RBP);
+        tss->si = kvm_register_read(vcpu, VCPU_REGS_RSI);
+        tss->di = kvm_register_read(vcpu, VCPU_REGS_RDI);
 
         tss->es = get_segment_selector(vcpu, VCPU_SREG_ES);
         tss->cs = get_segment_selector(vcpu, VCPU_SREG_CS);
@@ -3402,16 +3490,16 @@ static void save_state_to_tss16(struct kvm_vcpu *vcpu,
 static int load_state_from_tss16(struct kvm_vcpu *vcpu,
                                  struct tss_segment_16 *tss)
 {
-        vcpu->arch.rip = tss->ip;
+        kvm_rip_write(vcpu, tss->ip);
         kvm_x86_ops->set_rflags(vcpu, tss->flag | 2);
-        vcpu->arch.regs[VCPU_REGS_RAX] = tss->ax;
-        vcpu->arch.regs[VCPU_REGS_RCX] = tss->cx;
-        vcpu->arch.regs[VCPU_REGS_RDX] = tss->dx;
-        vcpu->arch.regs[VCPU_REGS_RBX] = tss->bx;
-        vcpu->arch.regs[VCPU_REGS_RSP] = tss->sp;
-        vcpu->arch.regs[VCPU_REGS_RBP] = tss->bp;
-        vcpu->arch.regs[VCPU_REGS_RSI] = tss->si;
-        vcpu->arch.regs[VCPU_REGS_RDI] = tss->di;
+        kvm_register_write(vcpu, VCPU_REGS_RAX, tss->ax);
+        kvm_register_write(vcpu, VCPU_REGS_RCX, tss->cx);
+        kvm_register_write(vcpu, VCPU_REGS_RDX, tss->dx);
+        kvm_register_write(vcpu, VCPU_REGS_RBX, tss->bx);
+        kvm_register_write(vcpu, VCPU_REGS_RSP, tss->sp);
+        kvm_register_write(vcpu, VCPU_REGS_RBP, tss->bp);
+        kvm_register_write(vcpu, VCPU_REGS_RSI, tss->si);
+        kvm_register_write(vcpu, VCPU_REGS_RDI, tss->di);
 
         if (kvm_load_segment_descriptor(vcpu, tss->ldt, 0, VCPU_SREG_LDTR))
                 return 1;
@@ -3534,7 +3622,6 @@ int kvm_task_switch(struct kvm_vcpu *vcpu, u16 tss_selector, int reason)
         }
 
         kvm_x86_ops->skip_emulated_instruction(vcpu);
-        kvm_x86_ops->cache_regs(vcpu);
 
         if (nseg_desc.type & 8)
                 ret = kvm_task_switch_32(vcpu, tss_selector, old_tss_base,
@@ -3559,7 +3646,6 @@ int kvm_task_switch(struct kvm_vcpu *vcpu, u16 tss_selector, int reason)
         tr_seg.type = 11;
         kvm_set_segment(vcpu, &tr_seg, VCPU_SREG_TR);
 out:
-        kvm_x86_ops->decache_regs(vcpu);
         return ret;
 }
 EXPORT_SYMBOL_GPL(kvm_task_switch);
@@ -3622,6 +3708,7 @@ int kvm_arch_vcpu_ioctl_set_sregs(struct kvm_vcpu *vcpu,
                         pr_debug("Set back pending irq %d\n",
                                  pending_vec);
                 }
+                kvm_pic_clear_isr_ack(vcpu->kvm);
         }
 
         kvm_set_segment(vcpu, &sregs->cs, VCPU_SREG_CS);
@@ -3634,6 +3721,12 @@ int kvm_arch_vcpu_ioctl_set_sregs(struct kvm_vcpu *vcpu,
         kvm_set_segment(vcpu, &sregs->tr, VCPU_SREG_TR);
         kvm_set_segment(vcpu, &sregs->ldt, VCPU_SREG_LDTR);
 
+        /* Older userspace won't unhalt the vcpu on reset. */
+        if (vcpu->vcpu_id == 0 && kvm_rip_read(vcpu) == 0xfff0 &&
+            sregs->cs.selector == 0xf000 && sregs->cs.base == 0xffff0000 &&
+            !(vcpu->arch.cr0 & X86_CR0_PE))
+                vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE;
+
         vcpu_put(vcpu);
 
         return 0;
@@ -3918,6 +4011,7 @@ struct  kvm *kvm_arch_create_vm(void)
                 return ERR_PTR(-ENOMEM);
 
         INIT_LIST_HEAD(&kvm->arch.active_mmu_pages);
+        INIT_LIST_HEAD(&kvm->arch.assigned_dev_head);
 
         return kvm;
 }
@@ -3950,6 +4044,8 @@ static void kvm_free_vcpus(struct kvm *kvm)
 
 void kvm_arch_destroy_vm(struct kvm *kvm)
 {
+        kvm_iommu_unmap_guest(kvm);
+        kvm_free_all_assigned_devices(kvm);
         kvm_free_pit(kvm);
         kfree(kvm->arch.vpic);
         kfree(kvm->arch.vioapic);
@@ -3981,7 +4077,7 @@ int kvm_arch_set_memory_region(struct kvm *kvm,
                         userspace_addr = do_mmap(NULL, 0,
                                                  npages * PAGE_SIZE,
                                                  PROT_READ | PROT_WRITE,
-                                                 MAP_SHARED | MAP_ANONYMOUS,
+                                                 MAP_PRIVATE | MAP_ANONYMOUS,
                                                  0);
                         up_write(&current->mm->mmap_sem);
 
diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
new file mode 100644
index 000000000000..6a4be78a7384
--- /dev/null
+++ b/arch/x86/kvm/x86.h
@@ -0,0 +1,22 @@
+#ifndef ARCH_X86_KVM_X86_H
+#define ARCH_X86_KVM_X86_H
+
+#include <linux/kvm_host.h>
+
+static inline void kvm_clear_exception_queue(struct kvm_vcpu *vcpu)
+{
+        vcpu->arch.exception.pending = false;
+}
+
+static inline void kvm_queue_interrupt(struct kvm_vcpu *vcpu, u8 vector)
+{
+        vcpu->arch.interrupt.pending = true;
+        vcpu->arch.interrupt.nr = vector;
+}
+
+static inline void kvm_clear_interrupt_queue(struct kvm_vcpu *vcpu)
+{
+        vcpu->arch.interrupt.pending = false;
+}
+
+#endif
diff --git a/arch/x86/kvm/x86_emulate.c b/arch/x86/kvm/x86_emulate.c
index f2f90468f8b1..ea051173b0da 100644
--- a/arch/x86/kvm/x86_emulate.c
+++ b/arch/x86/kvm/x86_emulate.c
@@ -26,6 +26,7 @@
 #define DPRINTF(_f, _a ...) printf(_f , ## _a)
 #else
 #include <linux/kvm_host.h>
+#include "kvm_cache_regs.h"
 #define DPRINTF(x...) do {} while (0)
 #endif
 #include <linux/module.h>
@@ -46,25 +47,26 @@
 #define ImplicitOps (1<<1)      /* Implicit in opcode. No generic decode. */
 #define DstReg      (2<<1)      /* Register operand. */
 #define DstMem      (3<<1)      /* Memory operand. */
-#define DstMask     (3<<1)
+#define DstAcc      (4<<1)      /* Destination Accumulator */
+#define DstMask     (7<<1)
 /* Source operand type. */
-#define SrcNone     (0<<3)      /* No source operand. */
-#define SrcImplicit (0<<3)      /* Source operand is implicit in the opcode. */
-#define SrcReg      (1<<3)      /* Register operand. */
-#define SrcMem      (2<<3)      /* Memory operand. */
-#define SrcMem16    (3<<3)      /* Memory operand (16-bit). */
-#define SrcMem32    (4<<3)      /* Memory operand (32-bit). */
-#define SrcImm      (5<<3)      /* Immediate operand. */
-#define SrcImmByte  (6<<3)      /* 8-bit sign-extended immediate operand. */
-#define SrcMask     (7<<3)
+#define SrcNone     (0<<4)      /* No source operand. */
+#define SrcImplicit (0<<4)      /* Source operand is implicit in the opcode. */
+#define SrcReg      (1<<4)      /* Register operand. */
+#define SrcMem      (2<<4)      /* Memory operand. */
+#define SrcMem16    (3<<4)      /* Memory operand (16-bit). */
+#define SrcMem32    (4<<4)      /* Memory operand (32-bit). */
+#define SrcImm      (5<<4)      /* Immediate operand. */
+#define SrcImmByte  (6<<4)      /* 8-bit sign-extended immediate operand. */
+#define SrcMask     (7<<4)
 /* Generic ModRM decode. */
-#define ModRM       (1<<6)
+#define ModRM       (1<<7)
 /* Destination is only written; never read. */
-#define Mov         (1<<7)
-#define BitOp       (1<<8)
-#define MemAbs      (1<<9)      /* Memory operand is absolute displacement */
-#define String      (1<<10)     /* String instruction (rep capable) */
-#define Stack       (1<<11)     /* Stack instruction (push/pop) */
+#define Mov         (1<<8)
+#define BitOp       (1<<9)
+#define MemAbs      (1<<10)      /* Memory operand is absolute displacement */
+#define String      (1<<12)     /* String instruction (rep capable) */
+#define Stack       (1<<13)     /* Stack instruction (push/pop) */
 #define Group       (1<<14)     /* Bits 3:5 of modrm byte extend opcode */
 #define GroupDual   (1<<15)     /* Alternate decoding of mod == 3 */
 #define GroupMask   0xff        /* Group number stored in bits 0:7 */
@@ -94,7 +96,7 @@ static u16 opcode_table[256] = {
         /* 0x20 - 0x27 */
         ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
         ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
-        SrcImmByte, SrcImm, 0, 0,
+        DstAcc | SrcImmByte, DstAcc | SrcImm, 0, 0,
         /* 0x28 - 0x2F */
         ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
         ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
@@ -106,7 +108,8 @@ static u16 opcode_table[256] = {
         /* 0x38 - 0x3F */
         ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
         ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
-        0, 0, 0, 0,
+        ByteOp | DstAcc | SrcImm, DstAcc | SrcImm,
+        0, 0,
         /* 0x40 - 0x47 */
         DstReg, DstReg, DstReg, DstReg, DstReg, DstReg, DstReg, DstReg,
         /* 0x48 - 0x4F */
@@ -153,9 +156,16 @@ static u16 opcode_table[256] = {
         0, 0, ByteOp | ImplicitOps | Mov | String, ImplicitOps | Mov | String,
         ByteOp | ImplicitOps | Mov | String, ImplicitOps | Mov | String,
         ByteOp | ImplicitOps | String, ImplicitOps | String,
-        /* 0xB0 - 0xBF */
-        0, 0, 0, 0, 0, 0, 0, 0,
-        DstReg | SrcImm | Mov, 0, 0, 0, 0, 0, 0, 0,
+        /* 0xB0 - 0xB7 */
+        ByteOp | DstReg | SrcImm | Mov, ByteOp | DstReg | SrcImm | Mov,
+        ByteOp | DstReg | SrcImm | Mov, ByteOp | DstReg | SrcImm | Mov,
+        ByteOp | DstReg | SrcImm | Mov, ByteOp | DstReg | SrcImm | Mov,
+        ByteOp | DstReg | SrcImm | Mov, ByteOp | DstReg | SrcImm | Mov,
+        /* 0xB8 - 0xBF */
+        DstReg | SrcImm | Mov, DstReg | SrcImm | Mov,
+        DstReg | SrcImm | Mov, DstReg | SrcImm | Mov,
+        DstReg | SrcImm | Mov, DstReg | SrcImm | Mov,
+        DstReg | SrcImm | Mov, DstReg | SrcImm | Mov,
         /* 0xC0 - 0xC7 */
         ByteOp | DstMem | SrcImm | ModRM, DstMem | SrcImmByte | ModRM,
         0, ImplicitOps | Stack, 0, 0,
@@ -169,17 +179,20 @@ static u16 opcode_table[256] = {
         /* 0xD8 - 0xDF */
         0, 0, 0, 0, 0, 0, 0, 0,
         /* 0xE0 - 0xE7 */
-        0, 0, 0, 0, 0, 0, 0, 0,
+        0, 0, 0, 0,
+        SrcNone | ByteOp | ImplicitOps, SrcNone | ImplicitOps,
+        SrcNone | ByteOp | ImplicitOps, SrcNone | ImplicitOps,
         /* 0xE8 - 0xEF */
         ImplicitOps | Stack, SrcImm | ImplicitOps,
         ImplicitOps, SrcImmByte | ImplicitOps,
-        0, 0, 0, 0,
+        SrcNone | ByteOp | ImplicitOps, SrcNone | ImplicitOps,
+        SrcNone | ByteOp | ImplicitOps, SrcNone | ImplicitOps,
         /* 0xF0 - 0xF7 */
         0, 0, 0, 0,
         ImplicitOps, ImplicitOps, Group | Group3_Byte, Group | Group3,
         /* 0xF8 - 0xFF */
         ImplicitOps, 0, ImplicitOps, ImplicitOps,
-        0, 0, Group | Group4, Group | Group5,
+        ImplicitOps, ImplicitOps, Group | Group4, Group | Group5,
 };
 
 static u16 twobyte_table[256] = {
@@ -268,15 +281,16 @@ static u16 group_table[] = {
         ByteOp | DstMem | SrcNone | ModRM, ByteOp | DstMem | SrcNone | ModRM,
         0, 0, 0, 0,
         [Group3*8] =
-        DstMem | SrcImm | ModRM | SrcImm, 0,
-        DstMem | SrcNone | ModRM, ByteOp | DstMem | SrcNone | ModRM,
+        DstMem | SrcImm | ModRM, 0,
+        DstMem | SrcNone | ModRM, DstMem | SrcNone | ModRM,
         0, 0, 0, 0,
         [Group4*8] =
         ByteOp | DstMem | SrcNone | ModRM, ByteOp | DstMem | SrcNone | ModRM,
         0, 0, 0, 0, 0, 0,
         [Group5*8] =
-        DstMem | SrcNone | ModRM, DstMem | SrcNone | ModRM, 0, 0,
-        SrcMem | ModRM, 0, SrcMem | ModRM | Stack, 0,
+        DstMem | SrcNone | ModRM, DstMem | SrcNone | ModRM,
+        SrcMem | ModRM | Stack, 0,
+        SrcMem | ModRM | Stack, 0, SrcMem | ModRM | Stack, 0,
         [Group7*8] =
         0, 0, ModRM | SrcMem, ModRM | SrcMem,
         SrcNone | ModRM | DstMem | Mov, 0,
@@ -839,7 +853,7 @@ x86_decode_insn(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops)
         /* Shadow copy of register state. Committed on successful emulation. */
 
         memset(c, 0, sizeof(struct decode_cache));
-        c->eip = ctxt->vcpu->arch.rip;
+        c->eip = kvm_rip_read(ctxt->vcpu);
         ctxt->cs_base = seg_base(ctxt, VCPU_SREG_CS);
         memcpy(c->regs, ctxt->vcpu->arch.regs, sizeof c->regs);
 
@@ -1048,6 +1062,23 @@ done_prefixes:
                 }
                 c->dst.type = OP_MEM;
                 break;
+        case DstAcc:
+                c->dst.type = OP_REG;
+                c->dst.bytes = c->op_bytes;
+                c->dst.ptr = &c->regs[VCPU_REGS_RAX];
+                switch (c->op_bytes) {
+                        case 1:
+                                c->dst.val = *(u8 *)c->dst.ptr;
+                                break;
+                        case 2:
+                                c->dst.val = *(u16 *)c->dst.ptr;
+                                break;
+                        case 4:
+                                c->dst.val = *(u32 *)c->dst.ptr;
+                                break;
+                }
+                c->dst.orig_val = c->dst.val;
+                break;
         }
 
         if (c->rip_relative)
@@ -1151,6 +1182,14 @@ static inline int emulate_grp45(struct x86_emulate_ctxt *ctxt,
         case 1: /* dec */
                 emulate_1op("dec", c->dst, ctxt->eflags);
                 break;
+        case 2: /* call near abs */ {
+                long int old_eip;
+                old_eip = c->eip;
+                c->eip = c->src.val;
+                c->src.val = old_eip;
+                emulate_push(ctxt);
+                break;
+        }
         case 4: /* jmp abs */
                 c->eip = c->src.val;
                 break;
@@ -1251,6 +1290,8 @@ x86_emulate_insn(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops)
         u64 msr_data;
         unsigned long saved_eip = 0;
         struct decode_cache *c = &ctxt->decode;
+        unsigned int port;
+        int io_dir_in;
         int rc = 0;
 
         /* Shadow copy of register state. Committed on successful emulation.
@@ -1267,7 +1308,7 @@ x86_emulate_insn(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops)
         if (c->rep_prefix && (c->d & String)) {
                 /* All REP prefixes have the same first termination condition */
                 if (c->regs[VCPU_REGS_RCX] == 0) {
-                        ctxt->vcpu->arch.rip = c->eip;
+                        kvm_rip_write(ctxt->vcpu, c->eip);
                         goto done;
                 }
                 /* The second termination condition only applies for REPE
@@ -1281,17 +1322,17 @@ x86_emulate_insn(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops)
                                 (c->b == 0xae) || (c->b == 0xaf)) {
                         if ((c->rep_prefix == REPE_PREFIX) &&
                                 ((ctxt->eflags & EFLG_ZF) == 0)) {
-                                        ctxt->vcpu->arch.rip = c->eip;
+                                        kvm_rip_write(ctxt->vcpu, c->eip);
                                         goto done;
                         }
                         if ((c->rep_prefix == REPNE_PREFIX) &&
                                 ((ctxt->eflags & EFLG_ZF) == EFLG_ZF)) {
-                                ctxt->vcpu->arch.rip = c->eip;
+                                kvm_rip_write(ctxt->vcpu, c->eip);
                                 goto done;
                         }
                 }
                 c->regs[VCPU_REGS_RCX]--;
-                c->eip = ctxt->vcpu->arch.rip;
+                c->eip = kvm_rip_read(ctxt->vcpu);
         }
 
         if (c->src.type == OP_MEM) {
@@ -1351,27 +1392,10 @@ special_insn:
               sbb:              /* sbb */
                 emulate_2op_SrcV("sbb", c->src, c->dst, ctxt->eflags);
                 break;
-        case 0x20 ... 0x23:
+        case 0x20 ... 0x25:
               and:              /* and */
                 emulate_2op_SrcV("and", c->src, c->dst, ctxt->eflags);
                 break;
-        case 0x24:              /* and al imm8 */
-                c->dst.type = OP_REG;
-                c->dst.ptr = &c->regs[VCPU_REGS_RAX];
-                c->dst.val = *(u8 *)c->dst.ptr;
-                c->dst.bytes = 1;
-                c->dst.orig_val = c->dst.val;
-                goto and;
-        case 0x25:              /* and ax imm16, or eax imm32 */
-                c->dst.type = OP_REG;
-                c->dst.bytes = c->op_bytes;
-                c->dst.ptr = &c->regs[VCPU_REGS_RAX];
-                if (c->op_bytes == 2)
-                        c->dst.val = *(u16 *)c->dst.ptr;
-                else
-                        c->dst.val = *(u32 *)c->dst.ptr;
-                c->dst.orig_val = c->dst.val;
-                goto and;
         case 0x28 ... 0x2d:
               sub:              /* sub */
                 emulate_2op_SrcV("sub", c->src, c->dst, ctxt->eflags);
@@ -1659,7 +1683,7 @@ special_insn:
         case 0xae ... 0xaf:     /* scas */
                 DPRINTF("Urk! I don't handle SCAS.\n");
                 goto cannot_emulate;
-        case 0xb8: /* mov r, imm */
+        case 0xb0 ... 0xbf: /* mov r, imm */
                 goto mov;
         case 0xc0 ... 0xc1:
                 emulate_grp2(ctxt);
@@ -1679,6 +1703,16 @@ special_insn:
                 c->src.val = c->regs[VCPU_REGS_RCX];
                 emulate_grp2(ctxt);
                 break;
+        case 0xe4:      /* inb */
+        case 0xe5:      /* in */
+                port = insn_fetch(u8, 1, c->eip);
+                io_dir_in = 1;
+                goto do_io;
+        case 0xe6: /* outb */
+        case 0xe7: /* out */
+                port = insn_fetch(u8, 1, c->eip);
+                io_dir_in = 0;
+                goto do_io;
         case 0xe8: /* call (near) */ {
                 long int rel;
                 switch (c->op_bytes) {
@@ -1729,6 +1763,22 @@ special_insn:
                 jmp_rel(c, c->src.val);
                 c->dst.type = OP_NONE; /* Disable writeback. */
                 break;
+        case 0xec: /* in al,dx */
+        case 0xed: /* in (e/r)ax,dx */
+                port = c->regs[VCPU_REGS_RDX];
+                io_dir_in = 1;
+                goto do_io;
+        case 0xee: /* out al,dx */
+        case 0xef: /* out (e/r)ax,dx */
+                port = c->regs[VCPU_REGS_RDX];
+                io_dir_in = 0;
+        do_io:  if (kvm_emulate_pio(ctxt->vcpu, NULL, io_dir_in,
+                                   (c->d & ByteOp) ? 1 : c->op_bytes,
+                                   port) != 0) {
+                        c->eip = saved_eip;
+                        goto cannot_emulate;
+                }
+                return 0;
         case 0xf4:              /* hlt */
                 ctxt->vcpu->arch.halt_request = 1;
                 break;
@@ -1754,6 +1804,14 @@ special_insn:
                 ctxt->eflags |= X86_EFLAGS_IF;
                 c->dst.type = OP_NONE;  /* Disable writeback. */
                 break;
+        case 0xfc: /* cld */
+                ctxt->eflags &= ~EFLG_DF;
+                c->dst.type = OP_NONE;  /* Disable writeback. */
+                break;
+        case 0xfd: /* std */
+                ctxt->eflags |= EFLG_DF;
+                c->dst.type = OP_NONE;  /* Disable writeback. */
+                break;
         case 0xfe ... 0xff:     /* Grp4/Grp5 */
                 rc = emulate_grp45(ctxt, ops);
                 if (rc != 0)
@@ -1768,7 +1826,7 @@ writeback:
 
         /* Commit shadow register state. */
         memcpy(ctxt->vcpu->arch.regs, c->regs, sizeof c->regs);
-        ctxt->vcpu->arch.rip = c->eip;
+        kvm_rip_write(ctxt->vcpu, c->eip);
 
 done:
         if (rc == X86EMUL_UNHANDLEABLE) {
@@ -1793,7 +1851,7 @@ twobyte_insn:
                                 goto done;
 
                         /* Let the processor re-execute the fixed hypercall */
-                        c->eip = ctxt->vcpu->arch.rip;
+                        c->eip = kvm_rip_read(ctxt->vcpu);
                         /* Disable writeback. */
                         c->dst.type = OP_NONE;
                         break;
@@ -1889,7 +1947,7 @@ twobyte_insn:
                 rc = kvm_set_msr(ctxt->vcpu, c->regs[VCPU_REGS_RCX], msr_data);
                 if (rc) {
                         kvm_inject_gp(ctxt->vcpu, 0);
-                        c->eip = ctxt->vcpu->arch.rip;
+                        c->eip = kvm_rip_read(ctxt->vcpu);
                 }
                 rc = X86EMUL_CONTINUE;
                 c->dst.type = OP_NONE;
@@ -1899,7 +1957,7 @@ twobyte_insn:
                 rc = kvm_get_msr(ctxt->vcpu, c->regs[VCPU_REGS_RCX], &msr_data);
                 if (rc) {
                         kvm_inject_gp(ctxt->vcpu, 0);
-                        c->eip = ctxt->vcpu->arch.rip;
+                        c->eip = kvm_rip_read(ctxt->vcpu);
                 } else {
                         c->regs[VCPU_REGS_RAX] = (u32)msr_data;
                         c->regs[VCPU_REGS_RDX] = msr_data >> 32;
diff --git a/arch/x86/lguest/boot.c b/arch/x86/lguest/boot.c
index d9249a882aa5..65f0b8a47bed 100644
--- a/arch/x86/lguest/boot.c
+++ b/arch/x86/lguest/boot.c
@@ -55,6 +55,7 @@
 #include <linux/lguest_launcher.h>
 #include <linux/virtio_console.h>
 #include <linux/pm.h>
+#include <asm/apic.h>
 #include <asm/lguest.h>
 #include <asm/paravirt.h>
 #include <asm/param.h>
@@ -783,14 +784,44 @@ static void lguest_wbinvd(void)
  * code qualifies for Advanced.  It will also never interrupt anything.  It
  * does, however, allow us to get through the Linux boot code. */
 #ifdef CONFIG_X86_LOCAL_APIC
-static void lguest_apic_write(unsigned long reg, u32 v)
+static void lguest_apic_write(u32 reg, u32 v)
 {
 }
 
-static u32 lguest_apic_read(unsigned long reg)
+static u32 lguest_apic_read(u32 reg)
 {
         return 0;
 }
+
+static u64 lguest_apic_icr_read(void)
+{
+        return 0;
+}
+
+static void lguest_apic_icr_write(u32 low, u32 id)
+{
+        /* Warn to see if there's any stray references */
+        WARN_ON(1);
+}
+
+static void lguest_apic_wait_icr_idle(void)
+{
+        return;
+}
+
+static u32 lguest_apic_safe_wait_icr_idle(void)
+{
+        return 0;
+}
+
+static struct apic_ops lguest_basic_apic_ops = {
+        .read = lguest_apic_read,
+        .write = lguest_apic_write,
+        .icr_read = lguest_apic_icr_read,
+        .icr_write = lguest_apic_icr_write,
+        .wait_icr_idle = lguest_apic_wait_icr_idle,
+        .safe_wait_icr_idle = lguest_apic_safe_wait_icr_idle,
+};
 #endif
 
 /* STOP!  Until an interrupt comes in. */
@@ -990,8 +1021,7 @@ __init void lguest_init(void)
 
 #ifdef CONFIG_X86_LOCAL_APIC
         /* apic read/write intercepts */
-        pv_apic_ops.apic_write = lguest_apic_write;
-        pv_apic_ops.apic_read = lguest_apic_read;
+        apic_ops = &lguest_basic_apic_ops;
 #endif
 
         /* time operations */
diff --git a/arch/x86/lib/Makefile b/arch/x86/lib/Makefile
index aa3fa4119424..55e11aa6d66c 100644
--- a/arch/x86/lib/Makefile
+++ b/arch/x86/lib/Makefile
@@ -17,9 +17,6 @@ ifeq ($(CONFIG_X86_32),y)
         lib-$(CONFIG_X86_USE_3DNOW) += mmx_32.o
 else
         obj-y += io_64.o iomap_copy_64.o
-
-        CFLAGS_csum-partial_64.o := -funroll-loops
-
         lib-y += csum-partial_64.o csum-copy_64.o csum-wrappers_64.o
         lib-y += thunk_64.o clear_page_64.o copy_page_64.o
         lib-y += memmove_64.o memset_64.o
diff --git a/arch/x86/lib/msr-on-cpu.c b/arch/x86/lib/msr-on-cpu.c
index 01b868ba82f8..321cf720dbb6 100644
--- a/arch/x86/lib/msr-on-cpu.c
+++ b/arch/x86/lib/msr-on-cpu.c
@@ -16,37 +16,46 @@ static void __rdmsr_on_cpu(void *info)
         rdmsr(rv->msr_no, rv->l, rv->h);
 }
 
-static void __rdmsr_safe_on_cpu(void *info)
+static void __wrmsr_on_cpu(void *info)
 {
         struct msr_info *rv = info;
 
-        rv->err = rdmsr_safe(rv->msr_no, &rv->l, &rv->h);
+        wrmsr(rv->msr_no, rv->l, rv->h);
 }
 
-static int _rdmsr_on_cpu(unsigned int cpu, u32 msr_no, u32 *l, u32 *h, int safe)
+int rdmsr_on_cpu(unsigned int cpu, u32 msr_no, u32 *l, u32 *h)
 {
-        int err = 0;
+        int err;
         struct msr_info rv;
 
         rv.msr_no = msr_no;
-        if (safe) {
-                err = smp_call_function_single(cpu, __rdmsr_safe_on_cpu,
-                                               &rv, 1);
-                err = err ? err : rv.err;
-        } else {
-                err = smp_call_function_single(cpu, __rdmsr_on_cpu, &rv, 1);
-        }
+        err = smp_call_function_single(cpu, __rdmsr_on_cpu, &rv, 1);
         *l = rv.l;
         *h = rv.h;
 
         return err;
 }
 
-static void __wrmsr_on_cpu(void *info)
+int wrmsr_on_cpu(unsigned int cpu, u32 msr_no, u32 l, u32 h)
+{
+        int err;
+        struct msr_info rv;
+
+        rv.msr_no = msr_no;
+        rv.l = l;
+        rv.h = h;
+        err = smp_call_function_single(cpu, __wrmsr_on_cpu, &rv, 1);
+
+        return err;
+}
+
+/* These "safe" variants are slower and should be used when the target MSR
+   may not actually exist. */
+static void __rdmsr_safe_on_cpu(void *info)
 {
         struct msr_info *rv = info;
 
-        wrmsr(rv->msr_no, rv->l, rv->h);
+        rv->err = rdmsr_safe(rv->msr_no, &rv->l, &rv->h);
 }
 
 static void __wrmsr_safe_on_cpu(void *info)
@@ -56,45 +65,30 @@ static void __wrmsr_safe_on_cpu(void *info)
         rv->err = wrmsr_safe(rv->msr_no, rv->l, rv->h);
 }
 
-static int _wrmsr_on_cpu(unsigned int cpu, u32 msr_no, u32 l, u32 h, int safe)
+int rdmsr_safe_on_cpu(unsigned int cpu, u32 msr_no, u32 *l, u32 *h)
 {
-        int err = 0;
+        int err;
         struct msr_info rv;
 
         rv.msr_no = msr_no;
-        rv.l = l;
-        rv.h = h;
-        if (safe) {
-                err = smp_call_function_single(cpu, __wrmsr_safe_on_cpu,
-                                               &rv, 1);
-                err = err ? err : rv.err;
-        } else {
-                err = smp_call_function_single(cpu, __wrmsr_on_cpu, &rv, 1);
-        }
-
-        return err;
-}
+        err = smp_call_function_single(cpu, __rdmsr_safe_on_cpu, &rv, 1);
+        *l = rv.l;
+        *h = rv.h;
 
-int wrmsr_on_cpu(unsigned int cpu, u32 msr_no, u32 l, u32 h)
-{
-        return _wrmsr_on_cpu(cpu, msr_no, l, h, 0);
+        return err ? err : rv.err;
 }
 
-int rdmsr_on_cpu(unsigned int cpu, u32 msr_no, u32 *l, u32 *h)
-{
-        return _rdmsr_on_cpu(cpu, msr_no, l, h, 0);
-}
-
-/* These "safe" variants are slower and should be used when the target MSR
-   may not actually exist. */
 int wrmsr_safe_on_cpu(unsigned int cpu, u32 msr_no, u32 l, u32 h)
 {
-        return _wrmsr_on_cpu(cpu, msr_no, l, h, 1);
-}
+        int err;
+        struct msr_info rv;
 
-int rdmsr_safe_on_cpu(unsigned int cpu, u32 msr_no, u32 *l, u32 *h)
-{
-        return _rdmsr_on_cpu(cpu, msr_no, l, h, 1);
+        rv.msr_no = msr_no;
+        rv.l = l;
+        rv.h = h;
+        err = smp_call_function_single(cpu, __wrmsr_safe_on_cpu, &rv, 1);
+
+        return err ? err : rv.err;
 }
 
 EXPORT_SYMBOL(rdmsr_on_cpu);
diff --git a/arch/x86/lib/string_32.c b/arch/x86/lib/string_32.c
index 94972e7c094d..82004d2bf05e 100644
--- a/arch/x86/lib/string_32.c
+++ b/arch/x86/lib/string_32.c
@@ -22,7 +22,7 @@ char *strcpy(char *dest, const char *src)
                 "testb %%al,%%al\n\t"
                 "jne 1b"
                 : "=&S" (d0), "=&D" (d1), "=&a" (d2)
-                :"0" (src), "1" (dest) : "memory");
+                : "0" (src), "1" (dest) : "memory");
         return dest;
 }
 EXPORT_SYMBOL(strcpy);
@@ -42,7 +42,7 @@ char *strncpy(char *dest, const char *src, size_t count)
                 "stosb\n"
                 "2:"
                 : "=&S" (d0), "=&D" (d1), "=&c" (d2), "=&a" (d3)
-                :"0" (src), "1" (dest), "2" (count) : "memory");
+                : "0" (src), "1" (dest), "2" (count) : "memory");
         return dest;
 }
 EXPORT_SYMBOL(strncpy);
@@ -60,7 +60,7 @@ char *strcat(char *dest, const char *src)
                 "testb %%al,%%al\n\t"
                 "jne 1b"
                 : "=&S" (d0), "=&D" (d1), "=&a" (d2), "=&c" (d3)
-                : "0" (src), "1" (dest), "2" (0), "3" (0xffffffffu): "memory");
+                : "0" (src), "1" (dest), "2" (0), "3" (0xffffffffu) : "memory");
         return dest;
 }
 EXPORT_SYMBOL(strcat);
@@ -105,9 +105,9 @@ int strcmp(const char *cs, const char *ct)
                 "2:\tsbbl %%eax,%%eax\n\t"
                 "orb $1,%%al\n"
                 "3:"
-                :"=a" (res), "=&S" (d0), "=&D" (d1)
-                :"1" (cs), "2" (ct)
-                :"memory");
+                : "=a" (res), "=&S" (d0), "=&D" (d1)
+                : "1" (cs), "2" (ct)
+                : "memory");
         return res;
 }
 EXPORT_SYMBOL(strcmp);
@@ -130,9 +130,9 @@ int strncmp(const char *cs, const char *ct, size_t count)
                 "3:\tsbbl %%eax,%%eax\n\t"
                 "orb $1,%%al\n"
                 "4:"
-                :"=a" (res), "=&S" (d0), "=&D" (d1), "=&c" (d2)
-                :"1" (cs), "2" (ct), "3" (count)
-                :"memory");
+                : "=a" (res), "=&S" (d0), "=&D" (d1), "=&c" (d2)
+                : "1" (cs), "2" (ct), "3" (count)
+                : "memory");
         return res;
 }
 EXPORT_SYMBOL(strncmp);
@@ -152,9 +152,9 @@ char *strchr(const char *s, int c)
                 "movl $1,%1\n"
                 "2:\tmovl %1,%0\n\t"
                 "decl %0"
-                :"=a" (res), "=&S" (d0)
-                :"1" (s), "0" (c)
-                :"memory");
+                : "=a" (res), "=&S" (d0)
+                : "1" (s), "0" (c)
+                : "memory");
         return res;
 }
 EXPORT_SYMBOL(strchr);
@@ -169,9 +169,9 @@ size_t strlen(const char *s)
                 "scasb\n\t"
                 "notl %0\n\t"
                 "decl %0"
-                :"=c" (res), "=&D" (d0)
-                :"1" (s), "a" (0), "0" (0xffffffffu)
-                :"memory");
+                : "=c" (res), "=&D" (d0)
+                : "1" (s), "a" (0), "0" (0xffffffffu)
+                : "memory");
         return res;
 }
 EXPORT_SYMBOL(strlen);
@@ -189,9 +189,9 @@ void *memchr(const void *cs, int c, size_t count)
                 "je 1f\n\t"
                 "movl $1,%0\n"
                 "1:\tdecl %0"
-                :"=D" (res), "=&c" (d0)
-                :"a" (c), "0" (cs), "1" (count)
-                :"memory");
+                : "=D" (res), "=&c" (d0)
+                : "a" (c), "0" (cs), "1" (count)
+                : "memory");
         return res;
 }
 EXPORT_SYMBOL(memchr);
@@ -228,9 +228,9 @@ size_t strnlen(const char *s, size_t count)
                 "cmpl $-1,%1\n\t"
                 "jne 1b\n"
                 "3:\tsubl %2,%0"
-                :"=a" (res), "=&d" (d0)
-                :"c" (s), "1" (count)
-                :"memory");
+                : "=a" (res), "=&d" (d0)
+                : "c" (s), "1" (count)
+                : "memory");
         return res;
 }
 EXPORT_SYMBOL(strnlen);
diff --git a/arch/x86/lib/strstr_32.c b/arch/x86/lib/strstr_32.c
index 42e8a50303f3..8e2d55f754bf 100644
--- a/arch/x86/lib/strstr_32.c
+++ b/arch/x86/lib/strstr_32.c
@@ -23,9 +23,9 @@ __asm__ __volatile__(
         "jne 1b\n\t"
         "xorl %%eax,%%eax\n\t"
         "2:"
-        :"=a" (__res), "=&c" (d0), "=&S" (d1)
-        :"0" (0), "1" (0xffffffff), "2" (cs), "g" (ct)
-        :"dx", "di");
+        : "=a" (__res), "=&c" (d0), "=&S" (d1)
+        : "0" (0), "1" (0xffffffff), "2" (cs), "g" (ct)
+        : "dx", "di");
 return __res;
 }
 
diff --git a/arch/x86/lib/usercopy_32.c b/arch/x86/lib/usercopy_32.c
index 24e60944971a..9e68075544f6 100644
--- a/arch/x86/lib/usercopy_32.c
+++ b/arch/x86/lib/usercopy_32.c
@@ -14,6 +14,13 @@
 #include <asm/uaccess.h>
 #include <asm/mmx.h>
 
+#ifdef CONFIG_X86_INTEL_USERCOPY
+/*
+ * Alignment at which movsl is preferred for bulk memory copies.
+ */
+struct movsl_mask movsl_mask __read_mostly;
+#endif
+
 static inline int __movsl_is_ok(unsigned long a1, unsigned long a2, unsigned long n)
 {
 #ifdef CONFIG_X86_INTEL_USERCOPY
diff --git a/arch/x86/mach-default/setup.c b/arch/x86/mach-default/setup.c
index 3d317836be9e..37b9ae4d44c5 100644
--- a/arch/x86/mach-default/setup.c
+++ b/arch/x86/mach-default/setup.c
@@ -10,13 +10,15 @@
 #include <asm/e820.h>
 #include <asm/setup.h>
 
+#include <mach_ipi.h>
+
 #ifdef CONFIG_HOTPLUG_CPU
 #define DEFAULT_SEND_IPI        (1)
 #else
 #define DEFAULT_SEND_IPI        (0)
 #endif
 
-int no_broadcast=DEFAULT_SEND_IPI;
+int no_broadcast = DEFAULT_SEND_IPI;
 
 /**
  * pre_intr_init_hook - initialisation prior to setting up interrupt vectors
@@ -36,15 +38,6 @@ void __init pre_intr_init_hook(void)
         init_ISA_irqs();
 }
 
-/*
- * IRQ2 is cascade interrupt to second interrupt controller
- */
-static struct irqaction irq2 = {
-        .handler = no_action,
-        .mask = CPU_MASK_NONE,
-        .name = "cascade",
-};
-
 /**
  * intr_init_hook - post gate setup interrupt initialisation
  *
@@ -60,12 +53,6 @@ void __init intr_init_hook(void)
                 if (x86_quirks->arch_intr_init())
                         return;
         }
-#ifdef CONFIG_X86_LOCAL_APIC
-        apic_intr_init();
-#endif
-
-        if (!acpi_ioapic)
-                setup_irq(2, &irq2);
 }
 
 /**
diff --git a/arch/x86/mach-es7000/Makefile b/arch/x86/mach-es7000/Makefile
deleted file mode 100644
index 3ef8b43b62fc..000000000000
--- a/arch/x86/mach-es7000/Makefile
+++ /dev/null
@@ -1,5 +0,0 @@
-#
-# Makefile for the linux kernel.
-#
-
-obj-$(CONFIG_X86_ES7000)        := es7000plat.o
diff --git a/arch/x86/mach-es7000/es7000.h b/arch/x86/mach-es7000/es7000.h
deleted file mode 100644
index c8d5aa132fa0..000000000000
--- a/arch/x86/mach-es7000/es7000.h
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- * Written by: Garry Forsgren, Unisys Corporation
- *             Natalie Protasevich, Unisys Corporation
- * This file contains the code to configure and interface 
- * with Unisys ES7000 series hardware system manager.
- *
- * Copyright (c) 2003 Unisys Corporation.  All Rights Reserved.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of version 2 of the GNU General Public License as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it would be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write the Free Software Foundation, Inc., 59
- * Temple Place - Suite 330, Boston MA 02111-1307, USA.
- *
- * Contact information: Unisys Corporation, Township Line & Union Meeting 
- * Roads-A, Unisys Way, Blue Bell, Pennsylvania, 19424, or:
- *
- * http://www.unisys.com
- */
-
-/*
- * ES7000 chipsets
- */
-
-#define NON_UNISYS              0
-#define ES7000_CLASSIC          1
-#define ES7000_ZORRO            2
-
-
-#define MIP_REG                 1
-#define MIP_PSAI_REG            4
-
-#define MIP_BUSY                1
-#define MIP_SPIN                0xf0000
-#define MIP_VALID               0x0100000000000000ULL
-#define MIP_PORT(VALUE) ((VALUE >> 32) & 0xffff)
-
-#define MIP_RD_LO(VALUE)        (VALUE & 0xffffffff)   
-
-struct mip_reg_info {
-        unsigned long long mip_info;
-        unsigned long long delivery_info;
-        unsigned long long host_reg;
-        unsigned long long mip_reg;
-};
-
-struct part_info {
-        unsigned char type;   
-        unsigned char length;
-        unsigned char part_id;
-        unsigned char apic_mode;
-        unsigned long snum;    
-        char ptype[16];
-        char sname[64];
-        char pname[64];
-};
-
-struct psai {
-        unsigned long long entry_type;
-        unsigned long long addr;
-        unsigned long long bep_addr;
-};
-
-struct es7000_mem_info {
-        unsigned char type;   
-        unsigned char length;
-        unsigned char resv[6];
-        unsigned long long  start; 
-        unsigned long long  size; 
-};
-
-struct es7000_oem_table {
-        unsigned long long hdr;
-        struct mip_reg_info mip;
-        struct part_info pif;
-        struct es7000_mem_info shm;
-        struct psai psai;
-};
-
-#ifdef CONFIG_ACPI
-
-struct oem_table {
-        struct acpi_table_header Header;
-        u32 OEMTableAddr;
-        u32 OEMTableSize;
-};
-
-extern int find_unisys_acpi_oem_table(unsigned long *oem_addr);
-#endif
-
-struct mip_reg {
-        unsigned long long off_0;
-        unsigned long long off_8;
-        unsigned long long off_10;
-        unsigned long long off_18;
-        unsigned long long off_20;
-        unsigned long long off_28;
-        unsigned long long off_30;
-        unsigned long long off_38;
-};
-
-#define MIP_SW_APIC             0x1020b
-#define MIP_FUNC(VALUE)         (VALUE & 0xff)
-
-extern int parse_unisys_oem (char *oemptr);
-extern void setup_unisys(void);
-extern int es7000_start_cpu(int cpu, unsigned long eip);
-extern void es7000_sw_apic(void);
diff --git a/arch/x86/mach-generic/Makefile b/arch/x86/mach-generic/Makefile
index 0dbd7803a1d5..6730f4e7c744 100644
--- a/arch/x86/mach-generic/Makefile
+++ b/arch/x86/mach-generic/Makefile
@@ -9,4 +9,3 @@ obj-$(CONFIG_X86_NUMAQ)		+= numaq.o
 obj-$(CONFIG_X86_SUMMIT)        += summit.o
 obj-$(CONFIG_X86_BIGSMP)        += bigsmp.o
 obj-$(CONFIG_X86_ES7000)        += es7000.o
-obj-$(CONFIG_X86_ES7000)        += ../../x86/mach-es7000/
diff --git a/arch/x86/mach-generic/bigsmp.c b/arch/x86/mach-generic/bigsmp.c
index 59d771714559..df37fc9d6a26 100644
--- a/arch/x86/mach-generic/bigsmp.c
+++ b/arch/x86/mach-generic/bigsmp.c
@@ -5,18 +5,17 @@
 #define APIC_DEFINITION 1
 #include <linux/threads.h>
 #include <linux/cpumask.h>
-#include <asm/smp.h>
 #include <asm/mpspec.h>
 #include <asm/genapic.h>
 #include <asm/fixmap.h>
 #include <asm/apicdef.h>
 #include <linux/kernel.h>
-#include <linux/smp.h>
 #include <linux/init.h>
 #include <linux/dmi.h>
-#include <asm/mach-bigsmp/mach_apic.h>
-#include <asm/mach-bigsmp/mach_apicdef.h>
-#include <asm/mach-bigsmp/mach_ipi.h>
+#include <asm/bigsmp/apicdef.h>
+#include <linux/smp.h>
+#include <asm/bigsmp/apic.h>
+#include <asm/bigsmp/ipi.h>
 #include <asm/mach-default/mach_mpparse.h>
 
 static int dmi_bigsmp; /* can be set by dmi scanners */
diff --git a/arch/x86/mach-generic/es7000.c b/arch/x86/mach-generic/es7000.c
index 4742626f08c4..6513d41ea21e 100644
--- a/arch/x86/mach-generic/es7000.c
+++ b/arch/x86/mach-generic/es7000.c
@@ -4,20 +4,19 @@
 #define APIC_DEFINITION 1
 #include <linux/threads.h>
 #include <linux/cpumask.h>
-#include <asm/smp.h>
 #include <asm/mpspec.h>
 #include <asm/genapic.h>
 #include <asm/fixmap.h>
 #include <asm/apicdef.h>
 #include <linux/kernel.h>
 #include <linux/string.h>
-#include <linux/smp.h>
 #include <linux/init.h>
-#include <asm/mach-es7000/mach_apicdef.h>
-#include <asm/mach-es7000/mach_apic.h>
-#include <asm/mach-es7000/mach_ipi.h>
-#include <asm/mach-es7000/mach_mpparse.h>
-#include <asm/mach-es7000/mach_wakecpu.h>
+#include <asm/es7000/apicdef.h>
+#include <linux/smp.h>
+#include <asm/es7000/apic.h>
+#include <asm/es7000/ipi.h>
+#include <asm/es7000/mpparse.h>
+#include <asm/es7000/wakecpu.h>
 
 static int probe_es7000(void)
 {
@@ -48,16 +47,26 @@ static __init int mps_oem_check(struct mp_config_table *mpc, char *oem,
 /* Hook from generic ACPI tables.c */
 static int __init acpi_madt_oem_check(char *oem_id, char *oem_table_id)
 {
-        unsigned long oem_addr;
+        unsigned long oem_addr = 0;
+        int check_dsdt;
+        int ret = 0;
+
+        /* check dsdt at first to avoid clear fix_map for oem_addr */
+        check_dsdt = es7000_check_dsdt();
+
         if (!find_unisys_acpi_oem_table(&oem_addr)) {
-                if (es7000_check_dsdt())
-                        return parse_unisys_oem((char *)oem_addr);
+                if (check_dsdt)
+                        ret = parse_unisys_oem((char *)oem_addr);
                 else {
                         setup_unisys();
-                        return 1;
+                        ret = 1;
                 }
+                /*
+                 * we need to unmap it
+                 */
+                unmap_unisys_acpi_oem_table(oem_addr);
         }
-        return 0;
+        return ret;
 }
 #else
 static int __init acpi_madt_oem_check(char *oem_id, char *oem_table_id)
diff --git a/arch/x86/mach-generic/numaq.c b/arch/x86/mach-generic/numaq.c
index 8091e68764c4..8cf58394975e 100644
--- a/arch/x86/mach-generic/numaq.c
+++ b/arch/x86/mach-generic/numaq.c
@@ -4,7 +4,6 @@
 #define APIC_DEFINITION 1
 #include <linux/threads.h>
 #include <linux/cpumask.h>
-#include <linux/smp.h>
 #include <asm/mpspec.h>
 #include <asm/genapic.h>
 #include <asm/fixmap.h>
@@ -12,11 +11,12 @@
 #include <linux/kernel.h>
 #include <linux/string.h>
 #include <linux/init.h>
-#include <asm/mach-numaq/mach_apic.h>
-#include <asm/mach-numaq/mach_apicdef.h>
-#include <asm/mach-numaq/mach_ipi.h>
-#include <asm/mach-numaq/mach_mpparse.h>
-#include <asm/mach-numaq/mach_wakecpu.h>
+#include <asm/numaq/apicdef.h>
+#include <linux/smp.h>
+#include <asm/numaq/apic.h>
+#include <asm/numaq/ipi.h>
+#include <asm/numaq/mpparse.h>
+#include <asm/numaq/wakecpu.h>
 #include <asm/numaq.h>
 
 static int mps_oem_check(struct mp_config_table *mpc, char *oem,
diff --git a/arch/x86/mach-generic/summit.c b/arch/x86/mach-generic/summit.c
index a97ea0f35b1e..6ad6b67a723d 100644
--- a/arch/x86/mach-generic/summit.c
+++ b/arch/x86/mach-generic/summit.c
@@ -4,19 +4,18 @@
 #define APIC_DEFINITION 1
 #include <linux/threads.h>
 #include <linux/cpumask.h>
-#include <asm/smp.h>
 #include <asm/mpspec.h>
 #include <asm/genapic.h>
 #include <asm/fixmap.h>
 #include <asm/apicdef.h>
 #include <linux/kernel.h>
 #include <linux/string.h>
-#include <linux/smp.h>
 #include <linux/init.h>
-#include <asm/mach-summit/mach_apic.h>
-#include <asm/mach-summit/mach_apicdef.h>
-#include <asm/mach-summit/mach_ipi.h>
-#include <asm/mach-summit/mach_mpparse.h>
+#include <asm/summit/apicdef.h>
+#include <linux/smp.h>
+#include <asm/summit/apic.h>
+#include <asm/summit/ipi.h>
+#include <asm/summit/mpparse.h>
 
 static int probe_summit(void)
 {
diff --git a/arch/x86/mach-voyager/voyager_smp.c b/arch/x86/mach-voyager/voyager_smp.c
index ee0fba092157..199a5f4a873c 100644
--- a/arch/x86/mach-voyager/voyager_smp.c
+++ b/arch/x86/mach-voyager/voyager_smp.c
@@ -448,6 +448,8 @@ static void __init start_secondary(void *unused)
 
         VDEBUG(("VOYAGER SMP: CPU%d, stack at about %p\n", cpuid, &cpuid));
 
+        notify_cpu_starting(cpuid);
+
         /* enable interrupts */
         local_irq_enable();
 
diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile
index dfb932dcf136..59f89b434b45 100644
--- a/arch/x86/mm/Makefile
+++ b/arch/x86/mm/Makefile
@@ -13,12 +13,8 @@ obj-$(CONFIG_MMIOTRACE)		+= mmiotrace.o
 mmiotrace-y                     := pf_in.o mmio-mod.o
 obj-$(CONFIG_MMIOTRACE_TEST)    += testmmiotrace.o
 
-ifeq ($(CONFIG_X86_32),y)
-obj-$(CONFIG_NUMA)              += discontig_32.o
-else
-obj-$(CONFIG_NUMA)              += numa_64.o
+obj-$(CONFIG_NUMA)              += numa_$(BITS).o
 obj-$(CONFIG_K8_NUMA)           += k8topology_64.o
-endif
 obj-$(CONFIG_ACPI_NUMA)         += srat_$(BITS).o
 
 obj-$(CONFIG_MEMTEST)           += memtest.o
diff --git a/arch/x86/mm/dump_pagetables.c b/arch/x86/mm/dump_pagetables.c
index a20d1fa64b4e..e7277cbcfb40 100644
--- a/arch/x86/mm/dump_pagetables.c
+++ b/arch/x86/mm/dump_pagetables.c
@@ -148,8 +148,8 @@ static void note_page(struct seq_file *m, struct pg_state *st,
          * we have now. "break" is either changing perms, levels or
          * address space marker.
          */
-        prot = pgprot_val(new_prot) & ~(PTE_PFN_MASK);
-        cur = pgprot_val(st->current_prot) & ~(PTE_PFN_MASK);
+        prot = pgprot_val(new_prot) & PTE_FLAGS_MASK;
+        cur = pgprot_val(st->current_prot) & PTE_FLAGS_MASK;
 
         if (!st->level) {
                 /* First entry */
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index 455f3fe67b42..31e8730fa246 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -35,6 +35,7 @@
 #include <asm/tlbflush.h>
 #include <asm/proto.h>
 #include <asm-generic/sections.h>
+#include <asm/traps.h>
 
 /*
  * Page fault error code bits
@@ -357,8 +358,6 @@ static int is_errata100(struct pt_regs *regs, unsigned long address)
         return 0;
 }
 
-void do_invalid_op(struct pt_regs *, unsigned long);
-
 static int is_f00f_bug(struct pt_regs *regs, unsigned long address)
 {
 #ifdef CONFIG_X86_F00F_BUG
@@ -593,11 +592,6 @@ void __kprobes do_page_fault(struct pt_regs *regs, unsigned long error_code)
         unsigned long flags;
 #endif
 
-        /*
-         * We can fault from pretty much anywhere, with unknown IRQ state.
-         */
-        trace_hardirqs_fixup();
-
         tsk = current;
         mm = tsk->mm;
         prefetchw(&mm->mmap_sem);
@@ -646,24 +640,23 @@ void __kprobes do_page_fault(struct pt_regs *regs, unsigned long error_code)
         }
 
 
-#ifdef CONFIG_X86_32
-        /* It's safe to allow irq's after cr2 has been saved and the vmalloc
-           fault has been handled. */
-        if (regs->flags & (X86_EFLAGS_IF | X86_VM_MASK))
-                local_irq_enable();
-
         /*
-         * If we're in an interrupt, have no user context or are running in an
-         * atomic region then we must not take the fault.
+         * It's safe to allow irq's after cr2 has been saved and the
+         * vmalloc fault has been handled.
+         *
+         * User-mode registers count as a user access even for any
+         * potential system fault or CPU buglet.
          */
-        if (in_atomic() || !mm)
-                goto bad_area_nosemaphore;
-#else /* CONFIG_X86_64 */
-        if (likely(regs->flags & X86_EFLAGS_IF))
+        if (user_mode_vm(regs)) {
+                local_irq_enable();
+                error_code |= PF_USER;
+        } else if (regs->flags & X86_EFLAGS_IF)
                 local_irq_enable();
 
+#ifdef CONFIG_X86_64
         if (unlikely(error_code & PF_RSVD))
                 pgtable_bad(address, regs, error_code);
+#endif
 
         /*
          * If we're in an interrupt, have no user context or are running in an
@@ -672,15 +665,9 @@ void __kprobes do_page_fault(struct pt_regs *regs, unsigned long error_code)
         if (unlikely(in_atomic() || !mm))
                 goto bad_area_nosemaphore;
 
-        /*
-         * User-mode registers count as a user access even for any
-         * potential system fault or CPU buglet.
-         */
-        if (user_mode_vm(regs))
-                error_code |= PF_USER;
 again:
-#endif
-        /* When running in the kernel we expect faults to occur only to
+        /*
+         * When running in the kernel we expect faults to occur only to
          * addresses in user space.  All other faults represent errors in the
          * kernel and should generate an OOPS.  Unfortunately, in the case of an
          * erroneous fault occurring in a code path which already holds mmap_sem
@@ -743,9 +730,6 @@ good_area:
                         goto bad_area;
         }
 
-#ifdef CONFIG_X86_32
-survive:
-#endif
         /*
          * If for any reason at all we couldn't handle the fault,
          * make sure we exit gracefully rather than endlessly redo
@@ -880,12 +864,11 @@ out_of_memory:
         up_read(&mm->mmap_sem);
         if (is_global_init(tsk)) {
                 yield();
-#ifdef CONFIG_X86_32
-                down_read(&mm->mmap_sem);
-                goto survive;
-#else
+                /*
+                 * Re-lookup the vma - in theory the vma tree might
+                 * have changed:
+                 */
                 goto again;
-#endif
         }
 
         printk("VM: killing process %s\n", tsk->comm);
@@ -915,15 +898,15 @@ LIST_HEAD(pgd_list);
 
 void vmalloc_sync_all(void)
 {
-#ifdef CONFIG_X86_32
-        unsigned long start = VMALLOC_START & PGDIR_MASK;
         unsigned long address;
 
+#ifdef CONFIG_X86_32
         if (SHARED_KERNEL_PMD)
                 return;
 
-        BUILD_BUG_ON(TASK_SIZE & ~PGDIR_MASK);
-        for (address = start; address >= TASK_SIZE; address += PGDIR_SIZE) {
+        for (address = VMALLOC_START & PMD_MASK;
+             address >= TASK_SIZE && address < FIXADDR_TOP;
+             address += PMD_SIZE) {
                 unsigned long flags;
                 struct page *page;
 
@@ -936,10 +919,8 @@ void vmalloc_sync_all(void)
                 spin_unlock_irqrestore(&pgd_lock, flags);
         }
 #else /* CONFIG_X86_64 */
-        unsigned long start = VMALLOC_START & PGDIR_MASK;
-        unsigned long address;
-
-        for (address = start; address <= VMALLOC_END; address += PGDIR_SIZE) {
+        for (address = VMALLOC_START & PGDIR_MASK; address <= VMALLOC_END;
+             address += PGDIR_SIZE) {
                 const pgd_t *pgd_ref = pgd_offset_k(address);
                 unsigned long flags;
                 struct page *page;
diff --git a/arch/x86/mm/gup.c b/arch/x86/mm/gup.c
index 007bb06c7504..4ba373c5b8c8 100644
--- a/arch/x86/mm/gup.c
+++ b/arch/x86/mm/gup.c
@@ -82,7 +82,7 @@ static noinline int gup_pte_range(pmd_t pmd, unsigned long addr,
                 pte_t pte = gup_get_pte(ptep);
                 struct page *page;
 
-                if ((pte_val(pte) & (mask | _PAGE_SPECIAL)) != mask) {
+                if ((pte_flags(pte) & (mask | _PAGE_SPECIAL)) != mask) {
                         pte_unmap(ptep);
                         return 0;
                 }
@@ -116,10 +116,10 @@ static noinline int gup_huge_pmd(pmd_t pmd, unsigned long addr,
         mask = _PAGE_PRESENT|_PAGE_USER;
         if (write)
                 mask |= _PAGE_RW;
-        if ((pte_val(pte) & mask) != mask)
+        if ((pte_flags(pte) & mask) != mask)
                 return 0;
         /* hugepages are never "special" */
-        VM_BUG_ON(pte_val(pte) & _PAGE_SPECIAL);
+        VM_BUG_ON(pte_flags(pte) & _PAGE_SPECIAL);
         VM_BUG_ON(!pfn_valid(pte_pfn(pte)));
 
         refs = 0;
@@ -173,10 +173,10 @@ static noinline int gup_huge_pud(pud_t pud, unsigned long addr,
         mask = _PAGE_PRESENT|_PAGE_USER;
         if (write)
                 mask |= _PAGE_RW;
-        if ((pte_val(pte) & mask) != mask)
+        if ((pte_flags(pte) & mask) != mask)
                 return 0;
         /* hugepages are never "special" */
-        VM_BUG_ON(pte_val(pte) & _PAGE_SPECIAL);
+        VM_BUG_ON(pte_flags(pte) & _PAGE_SPECIAL);
         VM_BUG_ON(!pfn_valid(pte_pfn(pte)));
 
         refs = 0;
diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c
index d37f29376b0c..8396868e82c5 100644
--- a/arch/x86/mm/init_32.c
+++ b/arch/x86/mm/init_32.c
@@ -31,6 +31,7 @@
 #include <linux/cpumask.h>
 
 #include <asm/asm.h>
+#include <asm/bios_ebda.h>
 #include <asm/processor.h>
 #include <asm/system.h>
 #include <asm/uaccess.h>
@@ -47,6 +48,7 @@
 #include <asm/paravirt.h>
 #include <asm/setup.h>
 #include <asm/cacheflush.h>
+#include <asm/smp.h>
 
 unsigned int __VMALLOC_RESERVE = 128 << 20;
 
@@ -194,11 +196,30 @@ static void __init kernel_physical_mapping_init(pgd_t *pgd_base,
         pgd_t *pgd;
         pmd_t *pmd;
         pte_t *pte;
-        unsigned pages_2m = 0, pages_4k = 0;
+        unsigned pages_2m, pages_4k;
+        int mapping_iter;
+
+        /*
+         * First iteration will setup identity mapping using large/small pages
+         * based on use_pse, with other attributes same as set by
+         * the early code in head_32.S
+         *
+         * Second iteration will setup the appropriate attributes (NX, GLOBAL..)
+         * as desired for the kernel identity mapping.
+         *
+         * This two pass mechanism conforms to the TLB app note which says:
+         *
+         *     "Software should not write to a paging-structure entry in a way
+         *      that would change, for any linear address, both the page size
+         *      and either the page frame or attributes."
+         */
+        mapping_iter = 1;
 
         if (!cpu_has_pse)
                 use_pse = 0;
 
+repeat:
+        pages_2m = pages_4k = 0;
         pfn = start_pfn;
         pgd_idx = pgd_index((pfn<<PAGE_SHIFT) + PAGE_OFFSET);
         pgd = pgd_base + pgd_idx;
@@ -224,6 +245,13 @@ static void __init kernel_physical_mapping_init(pgd_t *pgd_base,
                         if (use_pse) {
                                 unsigned int addr2;
                                 pgprot_t prot = PAGE_KERNEL_LARGE;
+                                /*
+                                 * first pass will use the same initial
+                                 * identity mapping attribute + _PAGE_PSE.
+                                 */
+                                pgprot_t init_prot =
+                                        __pgprot(PTE_IDENT_ATTR |
+                                                 _PAGE_PSE);
 
                                 addr2 = (pfn + PTRS_PER_PTE-1) * PAGE_SIZE +
                                         PAGE_OFFSET + PAGE_SIZE-1;
@@ -233,7 +261,10 @@ static void __init kernel_physical_mapping_init(pgd_t *pgd_base,
                                         prot = PAGE_KERNEL_LARGE_EXEC;
 
                                 pages_2m++;
-                                set_pmd(pmd, pfn_pmd(pfn, prot));
+                                if (mapping_iter == 1)
+                                        set_pmd(pmd, pfn_pmd(pfn, init_prot));
+                                else
+                                        set_pmd(pmd, pfn_pmd(pfn, prot));
 
                                 pfn += PTRS_PER_PTE;
                                 continue;
@@ -245,17 +276,43 @@ static void __init kernel_physical_mapping_init(pgd_t *pgd_base,
                         for (; pte_ofs < PTRS_PER_PTE && pfn < end_pfn;
                              pte++, pfn++, pte_ofs++, addr += PAGE_SIZE) {
                                 pgprot_t prot = PAGE_KERNEL;
+                                /*
+                                 * first pass will use the same initial
+                                 * identity mapping attribute.
+                                 */
+                                pgprot_t init_prot = __pgprot(PTE_IDENT_ATTR);
 
                                 if (is_kernel_text(addr))
                                         prot = PAGE_KERNEL_EXEC;
 
                                 pages_4k++;
-                                set_pte(pte, pfn_pte(pfn, prot));
+                                if (mapping_iter == 1)
+                                        set_pte(pte, pfn_pte(pfn, init_prot));
+                                else
+                                        set_pte(pte, pfn_pte(pfn, prot));
                         }
                 }
         }
-        update_page_count(PG_LEVEL_2M, pages_2m);
-        update_page_count(PG_LEVEL_4K, pages_4k);
+        if (mapping_iter == 1) {
+                /*
+                 * update direct mapping page count only in the first
+                 * iteration.
+                 */
+                update_page_count(PG_LEVEL_2M, pages_2m);
+                update_page_count(PG_LEVEL_4K, pages_4k);
+
+                /*
+                 * local global flush tlb, which will flush the previous
+                 * mappings present in both small and large page TLB's.
+                 */
+                __flush_tlb_all();
+
+                /*
+                 * Second iteration will set the actual desired PTE attributes.
+                 */
+                mapping_iter = 2;
+                goto repeat;
+        }
 }
 
 /*
@@ -458,11 +515,7 @@ static void __init pagetable_init(void)
 {
         pgd_t *pgd_base = swapper_pg_dir;
 
-        paravirt_pagetable_setup_start(pgd_base);
-
         permanent_kmaps_init(pgd_base);
-
-        paravirt_pagetable_setup_done(pgd_base);
 }
 
 #ifdef CONFIG_ACPI_SLEEP
@@ -505,7 +558,7 @@ void zap_low_mappings(void)
 
 int nx_enabled;
 
-pteval_t __supported_pte_mask __read_mostly = ~(_PAGE_NX | _PAGE_GLOBAL);
+pteval_t __supported_pte_mask __read_mostly = ~(_PAGE_NX | _PAGE_GLOBAL | _PAGE_IOMAP);
 EXPORT_SYMBOL_GPL(__supported_pte_mask);
 
 #ifdef CONFIG_X86_PAE
@@ -722,7 +775,7 @@ void __init setup_bootmem_allocator(void)
         after_init_bootmem = 1;
 }
 
-static void __init find_early_table_space(unsigned long end)
+static void __init find_early_table_space(unsigned long end, int use_pse)
 {
         unsigned long puds, pmds, ptes, tables, start;
 
@@ -732,7 +785,7 @@ static void __init find_early_table_space(unsigned long end)
         pmds = (end + PMD_SIZE - 1) >> PMD_SHIFT;
         tables += PAGE_ALIGN(pmds * sizeof(pmd_t));
 
-        if (cpu_has_pse) {
+        if (use_pse) {
                 unsigned long extra;
 
                 extra = end - ((end>>PMD_SHIFT) << PMD_SHIFT);
@@ -772,12 +825,22 @@ unsigned long __init_refok init_memory_mapping(unsigned long start,
         pgd_t *pgd_base = swapper_pg_dir;
         unsigned long start_pfn, end_pfn;
         unsigned long big_page_start;
+#ifdef CONFIG_DEBUG_PAGEALLOC
+        /*
+         * For CONFIG_DEBUG_PAGEALLOC, identity mapping will use small pages.
+         * This will simplify cpa(), which otherwise needs to support splitting
+         * large pages into small in interrupt context, etc.
+         */
+        int use_pse = 0;
+#else
+        int use_pse = cpu_has_pse;
+#endif
 
         /*
          * Find space for the kernel direct mapping tables.
          */
         if (!after_init_bootmem)
-                find_early_table_space(end);
+                find_early_table_space(end, use_pse);
 
 #ifdef CONFIG_X86_PAE
         set_nx();
@@ -823,7 +886,7 @@ unsigned long __init_refok init_memory_mapping(unsigned long start,
         end_pfn = (end>>PMD_SHIFT) << (PMD_SHIFT - PAGE_SHIFT);
         if (start_pfn < end_pfn)
                 kernel_physical_mapping_init(pgd_base, start_pfn, end_pfn,
-                                                cpu_has_pse);
+                                             use_pse);
 
         /* tail is not big page alignment ? */
         start_pfn = end_pfn;
@@ -907,6 +970,8 @@ void __init mem_init(void)
         int codesize, reservedpages, datasize, initsize;
         int tmp;
 
+        start_periodic_check_for_corruption();
+
 #ifdef CONFIG_FLATMEM
         BUG_ON(!mem_map);
 #endif
@@ -986,7 +1051,6 @@ void __init mem_init(void)
         if (boot_cpu_data.wp_works_ok < 0)
                 test_wp_bit();
 
-        cpa_init();
         save_pg_dir();
         zap_low_mappings();
 }
diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
index d3746efb060d..b8e461d49412 100644
--- a/arch/x86/mm/init_64.c
+++ b/arch/x86/mm/init_64.c
@@ -31,6 +31,7 @@
 #include <linux/nmi.h>
 
 #include <asm/processor.h>
+#include <asm/bios_ebda.h>
 #include <asm/system.h>
 #include <asm/uaccess.h>
 #include <asm/pgtable.h>
@@ -88,6 +89,62 @@ early_param("gbpages", parse_direct_gbpages_on);
 
 int after_bootmem;
 
+pteval_t __supported_pte_mask __read_mostly = ~_PAGE_IOMAP;
+EXPORT_SYMBOL_GPL(__supported_pte_mask);
+
+static int do_not_nx __cpuinitdata;
+
+/*
+ * noexec=on|off
+ * Control non-executable mappings for 64-bit processes.
+ *
+ * on   Enable (default)
+ * off  Disable
+ */
+static int __init nonx_setup(char *str)
+{
+        if (!str)
+                return -EINVAL;
+        if (!strncmp(str, "on", 2)) {
+                __supported_pte_mask |= _PAGE_NX;
+                do_not_nx = 0;
+        } else if (!strncmp(str, "off", 3)) {
+                do_not_nx = 1;
+                __supported_pte_mask &= ~_PAGE_NX;
+        }
+        return 0;
+}
+early_param("noexec", nonx_setup);
+
+void __cpuinit check_efer(void)
+{
+        unsigned long efer;
+
+        rdmsrl(MSR_EFER, efer);
+        if (!(efer & EFER_NX) || do_not_nx)
+                __supported_pte_mask &= ~_PAGE_NX;
+}
+
+int force_personality32;
+
+/*
+ * noexec32=on|off
+ * Control non executable heap for 32bit processes.
+ * To control the stack too use noexec=off
+ *
+ * on   PROT_READ does not imply PROT_EXEC for 32-bit processes (default)
+ * off  PROT_READ implies PROT_EXEC
+ */
+static int __init nonx32_setup(char *str)
+{
+        if (!strcmp(str, "on"))
+                force_personality32 &= ~READ_IMPLIES_EXEC;
+        else if (!strcmp(str, "off"))
+                force_personality32 |= READ_IMPLIES_EXEC;
+        return 1;
+}
+__setup("noexec32=", nonx32_setup);
+
 /*
  * NOTE: This function is marked __ref because it calls __init function
  * (alloc_bootmem_pages). It's safe to do it ONLY when after_bootmem == 0.
@@ -139,9 +196,6 @@ set_pte_vaddr_pud(pud_t *pud_page, unsigned long vaddr, pte_t new_pte)
         }
 
         pte = pte_offset_kernel(pmd, vaddr);
-        if (!pte_none(*pte) && pte_val(new_pte) &&
-            pte_val(*pte) != (pte_val(new_pte) & __supported_pte_mask))
-                pte_ERROR(*pte);
         set_pte(pte, new_pte);
 
         /*
@@ -225,7 +279,7 @@ void __init init_extra_mapping_uc(unsigned long phys, unsigned long size)
 void __init cleanup_highmap(void)
 {
         unsigned long vaddr = __START_KERNEL_map;
-        unsigned long end = round_up((unsigned long)_end, PMD_SIZE) - 1;
+        unsigned long end = roundup((unsigned long)_end, PMD_SIZE) - 1;
         pmd_t *pmd = level2_kernel_pgt;
         pmd_t *last_pmd = pmd + PTRS_PER_PMD;
 
@@ -256,7 +310,7 @@ static __ref void *alloc_low_page(unsigned long *phys)
         if (pfn >= table_top)
                 panic("alloc_low_page: ran out of memory");
 
-        adr = early_ioremap(pfn * PAGE_SIZE, PAGE_SIZE);
+        adr = early_memremap(pfn * PAGE_SIZE, PAGE_SIZE);
         memset(adr, 0, PAGE_SIZE);
         *phys  = pfn * PAGE_SIZE;
         return adr;
@@ -271,7 +325,8 @@ static __ref void unmap_low_page(void *adr)
 }
 
 static unsigned long __meminit
-phys_pte_init(pte_t *pte_page, unsigned long addr, unsigned long end)
+phys_pte_init(pte_t *pte_page, unsigned long addr, unsigned long end,
+              pgprot_t prot)
 {
         unsigned pages = 0;
         unsigned long last_map_addr = end;
@@ -289,36 +344,43 @@ phys_pte_init(pte_t *pte_page, unsigned long addr, unsigned long end)
                         break;
                 }
 
+                /*
+                 * We will re-use the existing mapping.
+                 * Xen for example has some special requirements, like mapping
+                 * pagetable pages as RO. So assume someone who pre-setup
+                 * these mappings are more intelligent.
+                 */
                 if (pte_val(*pte))
                         continue;
 
                 if (0)
                         printk("   pte=%p addr=%lx pte=%016lx\n",
                                pte, addr, pfn_pte(addr >> PAGE_SHIFT, PAGE_KERNEL).pte);
-                set_pte(pte, pfn_pte(addr >> PAGE_SHIFT, PAGE_KERNEL));
-                last_map_addr = (addr & PAGE_MASK) + PAGE_SIZE;
                 pages++;
+                set_pte(pte, pfn_pte(addr >> PAGE_SHIFT, prot));
+                last_map_addr = (addr & PAGE_MASK) + PAGE_SIZE;
         }
+
         update_page_count(PG_LEVEL_4K, pages);
 
         return last_map_addr;
 }
 
 static unsigned long __meminit
-phys_pte_update(pmd_t *pmd, unsigned long address, unsigned long end)
+phys_pte_update(pmd_t *pmd, unsigned long address, unsigned long end,
+                pgprot_t prot)
 {
         pte_t *pte = (pte_t *)pmd_page_vaddr(*pmd);
 
-        return phys_pte_init(pte, address, end);
+        return phys_pte_init(pte, address, end, prot);
 }
 
 static unsigned long __meminit
 phys_pmd_init(pmd_t *pmd_page, unsigned long address, unsigned long end,
-                         unsigned long page_size_mask)
+              unsigned long page_size_mask, pgprot_t prot)
 {
         unsigned long pages = 0;
         unsigned long last_map_addr = end;
-        unsigned long start = address;
 
         int i = pmd_index(address);
 
@@ -326,6 +388,7 @@ phys_pmd_init(pmd_t *pmd_page, unsigned long address, unsigned long end,
                 unsigned long pte_phys;
                 pmd_t *pmd = pmd_page + pmd_index(address);
                 pte_t *pte;
+                pgprot_t new_prot = prot;
 
                 if (address >= end) {
                         if (!after_bootmem) {
@@ -339,27 +402,40 @@ phys_pmd_init(pmd_t *pmd_page, unsigned long address, unsigned long end,
                         if (!pmd_large(*pmd)) {
                                 spin_lock(&init_mm.page_table_lock);
                                 last_map_addr = phys_pte_update(pmd, address,
-                                                                end);
+                                                                end, prot);
                                 spin_unlock(&init_mm.page_table_lock);
+                                continue;
                         }
-                        /* Count entries we're using from level2_ident_pgt */
-                        if (start == 0)
-                                pages++;
-                        continue;
+                        /*
+                         * If we are ok with PG_LEVEL_2M mapping, then we will
+                         * use the existing mapping,
+                         *
+                         * Otherwise, we will split the large page mapping but
+                         * use the same existing protection bits except for
+                         * large page, so that we don't violate Intel's TLB
+                         * Application note (317080) which says, while changing
+                         * the page sizes, new and old translations should
+                         * not differ with respect to page frame and
+                         * attributes.
+                         */
+                        if (page_size_mask & (1 << PG_LEVEL_2M))
+                                continue;
+                        new_prot = pte_pgprot(pte_clrhuge(*(pte_t *)pmd));
                 }
 
                 if (page_size_mask & (1<<PG_LEVEL_2M)) {
                         pages++;
                         spin_lock(&init_mm.page_table_lock);
                         set_pte((pte_t *)pmd,
-                                pfn_pte(address >> PAGE_SHIFT, PAGE_KERNEL_LARGE));
+                                pfn_pte(address >> PAGE_SHIFT,
+                                        __pgprot(pgprot_val(prot) | _PAGE_PSE)));
                         spin_unlock(&init_mm.page_table_lock);
                         last_map_addr = (address & PMD_MASK) + PMD_SIZE;
                         continue;
                 }
 
                 pte = alloc_low_page(&pte_phys);
-                last_map_addr = phys_pte_init(pte, address, end);
+                last_map_addr = phys_pte_init(pte, address, end, new_prot);
                 unmap_low_page(pte);
 
                 spin_lock(&init_mm.page_table_lock);
@@ -372,12 +448,12 @@ phys_pmd_init(pmd_t *pmd_page, unsigned long address, unsigned long end,
 
 static unsigned long __meminit
 phys_pmd_update(pud_t *pud, unsigned long address, unsigned long end,
-                         unsigned long page_size_mask)
+                unsigned long page_size_mask, pgprot_t prot)
 {
         pmd_t *pmd = pmd_offset(pud, 0);
         unsigned long last_map_addr;
 
-        last_map_addr = phys_pmd_init(pmd, address, end, page_size_mask);
+        last_map_addr = phys_pmd_init(pmd, address, end, page_size_mask, prot);
         __flush_tlb_all();
         return last_map_addr;
 }
@@ -394,6 +470,7 @@ phys_pud_init(pud_t *pud_page, unsigned long addr, unsigned long end,
                 unsigned long pmd_phys;
                 pud_t *pud = pud_page + pud_index(addr);
                 pmd_t *pmd;
+                pgprot_t prot = PAGE_KERNEL;
 
                 if (addr >= end)
                         break;
@@ -405,10 +482,26 @@ phys_pud_init(pud_t *pud_page, unsigned long addr, unsigned long end,
                 }
 
                 if (pud_val(*pud)) {
-                        if (!pud_large(*pud))
+                        if (!pud_large(*pud)) {
                                 last_map_addr = phys_pmd_update(pud, addr, end,
-                                                         page_size_mask);
-                        continue;
+                                                         page_size_mask, prot);
+                                continue;
+                        }
+                        /*
+                         * If we are ok with PG_LEVEL_1G mapping, then we will
+                         * use the existing mapping.
+                         *
+                         * Otherwise, we will split the gbpage mapping but use
+                         * the same existing protection  bits except for large
+                         * page, so that we don't violate Intel's TLB
+                         * Application note (317080) which says, while changing
+                         * the page sizes, new and old translations should
+                         * not differ with respect to page frame and
+                         * attributes.
+                         */
+                        if (page_size_mask & (1 << PG_LEVEL_1G))
+                                continue;
+                        prot = pte_pgprot(pte_clrhuge(*(pte_t *)pud));
                 }
 
                 if (page_size_mask & (1<<PG_LEVEL_1G)) {
@@ -422,7 +515,8 @@ phys_pud_init(pud_t *pud_page, unsigned long addr, unsigned long end,
                 }
 
                 pmd = alloc_low_page(&pmd_phys);
-                last_map_addr = phys_pmd_init(pmd, addr, end, page_size_mask);
+                last_map_addr = phys_pmd_init(pmd, addr, end, page_size_mask,
+                                              prot);
                 unmap_low_page(pmd);
 
                 spin_lock(&init_mm.page_table_lock);
@@ -430,6 +524,7 @@ phys_pud_init(pud_t *pud_page, unsigned long addr, unsigned long end,
                 spin_unlock(&init_mm.page_table_lock);
         }
         __flush_tlb_all();
+
         update_page_count(PG_LEVEL_1G, pages);
 
         return last_map_addr;
@@ -446,27 +541,28 @@ phys_pud_update(pgd_t *pgd, unsigned long addr, unsigned long end,
         return phys_pud_init(pud, addr, end, page_size_mask);
 }
 
-static void __init find_early_table_space(unsigned long end)
+static void __init find_early_table_space(unsigned long end, int use_pse,
+                                          int use_gbpages)
 {
         unsigned long puds, pmds, ptes, tables, start;
 
         puds = (end + PUD_SIZE - 1) >> PUD_SHIFT;
-        tables = round_up(puds * sizeof(pud_t), PAGE_SIZE);
-        if (direct_gbpages) {
+        tables = roundup(puds * sizeof(pud_t), PAGE_SIZE);
+        if (use_gbpages) {
                 unsigned long extra;
                 extra = end - ((end>>PUD_SHIFT) << PUD_SHIFT);
                 pmds = (extra + PMD_SIZE - 1) >> PMD_SHIFT;
         } else
                 pmds = (end + PMD_SIZE - 1) >> PMD_SHIFT;
-        tables += round_up(pmds * sizeof(pmd_t), PAGE_SIZE);
+        tables += roundup(pmds * sizeof(pmd_t), PAGE_SIZE);
 
-        if (cpu_has_pse) {
+        if (use_pse) {
                 unsigned long extra;
                 extra = end - ((end>>PMD_SHIFT) << PMD_SHIFT);
                 ptes = (extra + PAGE_SIZE - 1) >> PAGE_SHIFT;
         } else
                 ptes = (end + PAGE_SIZE - 1) >> PAGE_SHIFT;
-        tables += round_up(ptes * sizeof(pte_t), PAGE_SIZE);
+        tables += roundup(ptes * sizeof(pte_t), PAGE_SIZE);
 
         /*
          * RED-PEN putting page tables only on node 0 could
@@ -528,6 +624,7 @@ static unsigned long __init kernel_physical_mapping_init(unsigned long start,
                 pgd_populate(&init_mm, pgd, __va(pud_phys));
                 spin_unlock(&init_mm.page_table_lock);
         }
+        __flush_tlb_all();
 
         return last_map_addr;
 }
@@ -571,6 +668,7 @@ unsigned long __init_refok init_memory_mapping(unsigned long start,
 
         struct map_range mr[NR_RANGE_MR];
         int nr_range, i;
+        int use_pse, use_gbpages;
 
         printk(KERN_INFO "init_memory_mapping\n");
 
@@ -584,9 +682,21 @@ unsigned long __init_refok init_memory_mapping(unsigned long start,
         if (!after_bootmem)
                 init_gbpages();
 
-        if (direct_gbpages)
+#ifdef CONFIG_DEBUG_PAGEALLOC
+        /*
+         * For CONFIG_DEBUG_PAGEALLOC, identity mapping will use small pages.
+         * This will simplify cpa(), which otherwise needs to support splitting
+         * large pages into small in interrupt context, etc.
+         */
+        use_pse = use_gbpages = 0;
+#else
+        use_pse = cpu_has_pse;
+        use_gbpages = direct_gbpages;
+#endif
+
+        if (use_gbpages)
                 page_size_mask |= 1 << PG_LEVEL_1G;
-        if (cpu_has_pse)
+        if (use_pse)
                 page_size_mask |= 1 << PG_LEVEL_2M;
 
         memset(mr, 0, sizeof(mr));
@@ -636,7 +746,7 @@ unsigned long __init_refok init_memory_mapping(unsigned long start,
                 old_start = mr[i].start;
                 memmove(&mr[i], &mr[i+1],
                          (nr_range - 1 - i) * sizeof (struct map_range));
-                mr[i].start = old_start;
+                mr[i--].start = old_start;
                 nr_range--;
         }
 
@@ -647,7 +757,7 @@ unsigned long __init_refok init_memory_mapping(unsigned long start,
                          (mr[i].page_size_mask & (1<<PG_LEVEL_2M))?"2M":"4k"));
 
         if (!after_bootmem)
-                find_early_table_space(end);
+                find_early_table_space(end, use_pse, use_gbpages);
 
         for (i = 0; i < nr_range; i++)
                 last_map_addr = kernel_physical_mapping_init(
@@ -769,6 +879,8 @@ void __init mem_init(void)
 {
         long codesize, reservedpages, datasize, initsize;
 
+        start_periodic_check_for_corruption();
+
         pci_iommu_alloc();
 
         /* clear_bss() already clear the empty_zero_page */
@@ -806,8 +918,6 @@ void __init mem_init(void)
                 reservedpages << (PAGE_SHIFT-10),
                 datasize >> 10,
                 initsize >> 10);
-
-        cpa_init();
 }
 
 void free_init_pages(char *what, unsigned long begin, unsigned long end)
diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c
index d4b6e6a29ae3..ae71e11eb3e5 100644
--- a/arch/x86/mm/ioremap.c
+++ b/arch/x86/mm/ioremap.c
@@ -24,18 +24,47 @@
 
 #ifdef CONFIG_X86_64
 
+static inline int phys_addr_valid(unsigned long addr)
+{
+        return addr < (1UL << boot_cpu_data.x86_phys_bits);
+}
+
 unsigned long __phys_addr(unsigned long x)
 {
-        if (x >= __START_KERNEL_map)
-                return x - __START_KERNEL_map + phys_base;
-        return x - PAGE_OFFSET;
+        if (x >= __START_KERNEL_map) {
+                x -= __START_KERNEL_map;
+                VIRTUAL_BUG_ON(x >= KERNEL_IMAGE_SIZE);
+                x += phys_base;
+        } else {
+                VIRTUAL_BUG_ON(x < PAGE_OFFSET);
+                x -= PAGE_OFFSET;
+                VIRTUAL_BUG_ON(system_state == SYSTEM_BOOTING ? x > MAXMEM :
+                                        !phys_addr_valid(x));
+        }
+        return x;
 }
 EXPORT_SYMBOL(__phys_addr);
 
-static inline int phys_addr_valid(unsigned long addr)
+bool __virt_addr_valid(unsigned long x)
 {
-        return addr < (1UL << boot_cpu_data.x86_phys_bits);
+        if (x >= __START_KERNEL_map) {
+                x -= __START_KERNEL_map;
+                if (x >= KERNEL_IMAGE_SIZE)
+                        return false;
+                x += phys_base;
+        } else {
+                if (x < PAGE_OFFSET)
+                        return false;
+                x -= PAGE_OFFSET;
+                if (system_state == SYSTEM_BOOTING ?
+                                x > MAXMEM : !phys_addr_valid(x)) {
+                        return false;
+                }
+        }
+
+        return pfn_valid(x >> PAGE_SHIFT);
 }
+EXPORT_SYMBOL(__virt_addr_valid);
 
 #else
 
@@ -44,6 +73,28 @@ static inline int phys_addr_valid(unsigned long addr)
         return 1;
 }
 
+#ifdef CONFIG_DEBUG_VIRTUAL
+unsigned long __phys_addr(unsigned long x)
+{
+        /* VMALLOC_* aren't constants; not available at the boot time */
+        VIRTUAL_BUG_ON(x < PAGE_OFFSET);
+        VIRTUAL_BUG_ON(system_state != SYSTEM_BOOTING &&
+                is_vmalloc_addr((void *) x));
+        return x - PAGE_OFFSET;
+}
+EXPORT_SYMBOL(__phys_addr);
+#endif
+
+bool __virt_addr_valid(unsigned long x)
+{
+        if (x < PAGE_OFFSET)
+                return false;
+        if (system_state != SYSTEM_BOOTING && is_vmalloc_addr((void *) x))
+                return false;
+        return pfn_valid((x - PAGE_OFFSET) >> PAGE_SHIFT);
+}
+EXPORT_SYMBOL(__virt_addr_valid);
+
 #endif
 
 int page_is_ram(unsigned long pagenr)
@@ -83,6 +134,25 @@ int page_is_ram(unsigned long pagenr)
         return 0;
 }
 
+int pagerange_is_ram(unsigned long start, unsigned long end)
+{
+        int ram_page = 0, not_rampage = 0;
+        unsigned long page_nr;
+
+        for (page_nr = (start >> PAGE_SHIFT); page_nr < (end >> PAGE_SHIFT);
+             ++page_nr) {
+                if (page_is_ram(page_nr))
+                        ram_page = 1;
+                else
+                        not_rampage = 1;
+
+                if (ram_page == not_rampage)
+                        return -1;
+        }
+
+        return ram_page;
+}
+
 /*
  * Fix up the linear direct mapping of the kernel to avoid cache attribute
  * conflicts.
@@ -150,6 +220,12 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr,
                 return (__force void __iomem *)phys_to_virt(phys_addr);
 
         /*
+         * Check if the request spans more than any BAR in the iomem resource
+         * tree.
+         */
+        WARN_ON(iomem_map_sanity_check(phys_addr, size));
+
+        /*
          * Don't allow anybody to remap normal RAM that we're using..
          */
         for (pfn = phys_addr >> PAGE_SHIFT;
@@ -204,16 +280,16 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr,
         switch (prot_val) {
         case _PAGE_CACHE_UC:
         default:
-                prot = PAGE_KERNEL_NOCACHE;
+                prot = PAGE_KERNEL_IO_NOCACHE;
                 break;
         case _PAGE_CACHE_UC_MINUS:
-                prot = PAGE_KERNEL_UC_MINUS;
+                prot = PAGE_KERNEL_IO_UC_MINUS;
                 break;
         case _PAGE_CACHE_WC:
-                prot = PAGE_KERNEL_WC;
+                prot = PAGE_KERNEL_IO_WC;
                 break;
         case _PAGE_CACHE_WB:
-                prot = PAGE_KERNEL;
+                prot = PAGE_KERNEL_IO;
                 break;
         }
 
@@ -421,7 +497,7 @@ void unxlate_dev_mem_ptr(unsigned long phys, void *addr)
         return;
 }
 
-int __initdata early_ioremap_debug;
+static int __initdata early_ioremap_debug;
 
 static int __init early_ioremap_debug_setup(char *str)
 {
@@ -530,12 +606,12 @@ static void __init __early_set_fixmap(enum fixed_addresses idx,
 }
 
 static inline void __init early_set_fixmap(enum fixed_addresses idx,
-                                        unsigned long phys)
+                                           unsigned long phys, pgprot_t prot)
 {
         if (after_paging_init)
-                set_fixmap(idx, phys);
+                __set_fixmap(idx, phys, prot);
         else
-                __early_set_fixmap(idx, phys, PAGE_KERNEL);
+                __early_set_fixmap(idx, phys, prot);
 }
 
 static inline void __init early_clear_fixmap(enum fixed_addresses idx)
@@ -546,16 +622,22 @@ static inline void __init early_clear_fixmap(enum fixed_addresses idx)
                 __early_set_fixmap(idx, 0, __pgprot(0));
 }
 
-
-int __initdata early_ioremap_nested;
-
+static void *prev_map[FIX_BTMAPS_SLOTS] __initdata;
+static unsigned long prev_size[FIX_BTMAPS_SLOTS] __initdata;
 static int __init check_early_ioremap_leak(void)
 {
-        if (!early_ioremap_nested)
+        int count = 0;
+        int i;
+
+        for (i = 0; i < FIX_BTMAPS_SLOTS; i++)
+                if (prev_map[i])
+                        count++;
+
+        if (!count)
                 return 0;
         WARN(1, KERN_WARNING
                "Debug warning: early ioremap leak of %d areas detected.\n",
-                early_ioremap_nested);
+                count);
         printk(KERN_WARNING
                 "please boot with early_ioremap_debug and report the dmesg.\n");
 
@@ -563,18 +645,33 @@ static int __init check_early_ioremap_leak(void)
 }
 late_initcall(check_early_ioremap_leak);
 
-void __init *early_ioremap(unsigned long phys_addr, unsigned long size)
+static void __init *__early_ioremap(unsigned long phys_addr, unsigned long size, pgprot_t prot)
 {
         unsigned long offset, last_addr;
-        unsigned int nrpages, nesting;
+        unsigned int nrpages;
         enum fixed_addresses idx0, idx;
+        int i, slot;
 
         WARN_ON(system_state != SYSTEM_BOOTING);
 
-        nesting = early_ioremap_nested;
+        slot = -1;
+        for (i = 0; i < FIX_BTMAPS_SLOTS; i++) {
+                if (!prev_map[i]) {
+                        slot = i;
+                        break;
+                }
+        }
+
+        if (slot < 0) {
+                printk(KERN_INFO "early_iomap(%08lx, %08lx) not found slot\n",
+                         phys_addr, size);
+                WARN_ON(1);
+                return NULL;
+        }
+
         if (early_ioremap_debug) {
                 printk(KERN_INFO "early_ioremap(%08lx, %08lx) [%d] => ",
-                       phys_addr, size, nesting);
+                       phys_addr, size, slot);
                 dump_stack();
         }
 
@@ -585,17 +682,13 @@ void __init *early_ioremap(unsigned long phys_addr, unsigned long size)
                 return NULL;
         }
 
-        if (nesting >= FIX_BTMAPS_NESTING) {
-                WARN_ON(1);
-                return NULL;
-        }
-        early_ioremap_nested++;
+        prev_size[slot] = size;
         /*
          * Mappings have to be page-aligned
          */
         offset = phys_addr & ~PAGE_MASK;
         phys_addr &= PAGE_MASK;
-        size = PAGE_ALIGN(last_addr) - phys_addr;
+        size = PAGE_ALIGN(last_addr + 1) - phys_addr;
 
         /*
          * Mappings have to fit in the FIX_BTMAP area.
@@ -609,10 +702,10 @@ void __init *early_ioremap(unsigned long phys_addr, unsigned long size)
         /*
          * Ok, go for it..
          */
-        idx0 = FIX_BTMAP_BEGIN - NR_FIX_BTMAPS*nesting;
+        idx0 = FIX_BTMAP_BEGIN - NR_FIX_BTMAPS*slot;
         idx = idx0;
         while (nrpages > 0) {
-                early_set_fixmap(idx, phys_addr);
+                early_set_fixmap(idx, phys_addr, prot);
                 phys_addr += PAGE_SIZE;
                 --idx;
                 --nrpages;
@@ -620,7 +713,20 @@ void __init *early_ioremap(unsigned long phys_addr, unsigned long size)
         if (early_ioremap_debug)
                 printk(KERN_CONT "%08lx + %08lx\n", offset, fix_to_virt(idx0));
 
-        return (void *) (offset + fix_to_virt(idx0));
+        prev_map[slot] = (void *) (offset + fix_to_virt(idx0));
+        return prev_map[slot];
+}
+
+/* Remap an IO device */
+void __init *early_ioremap(unsigned long phys_addr, unsigned long size)
+{
+        return __early_ioremap(phys_addr, size, PAGE_KERNEL_IO);
+}
+
+/* Remap memory */
+void __init *early_memremap(unsigned long phys_addr, unsigned long size)
+{
+        return __early_ioremap(phys_addr, size, PAGE_KERNEL);
 }
 
 void __init early_iounmap(void *addr, unsigned long size)
@@ -629,15 +735,33 @@ void __init early_iounmap(void *addr, unsigned long size)
         unsigned long offset;
         unsigned int nrpages;
         enum fixed_addresses idx;
-        int nesting;
+        int i, slot;
+
+        slot = -1;
+        for (i = 0; i < FIX_BTMAPS_SLOTS; i++) {
+                if (prev_map[i] == addr) {
+                        slot = i;
+                        break;
+                }
+        }
+
+        if (slot < 0) {
+                printk(KERN_INFO "early_iounmap(%p, %08lx) not found slot\n",
+                         addr, size);
+                WARN_ON(1);
+                return;
+        }
 
-        nesting = --early_ioremap_nested;
-        if (WARN_ON(nesting < 0))
+        if (prev_size[slot] != size) {
+                printk(KERN_INFO "early_iounmap(%p, %08lx) [%d] size not consistent %08lx\n",
+                         addr, size, slot, prev_size[slot]);
+                WARN_ON(1);
                 return;
+        }
 
         if (early_ioremap_debug) {
                 printk(KERN_INFO "early_iounmap(%p, %08lx) [%d]\n", addr,
-                       size, nesting);
+                       size, slot);
                 dump_stack();
         }
 
@@ -649,12 +773,13 @@ void __init early_iounmap(void *addr, unsigned long size)
         offset = virt_addr & ~PAGE_MASK;
         nrpages = PAGE_ALIGN(offset + size - 1) >> PAGE_SHIFT;
 
-        idx = FIX_BTMAP_BEGIN - NR_FIX_BTMAPS*nesting;
+        idx = FIX_BTMAP_BEGIN - NR_FIX_BTMAPS*slot;
         while (nrpages > 0) {
                 early_clear_fixmap(idx);
                 --idx;
                 --nrpages;
         }
+        prev_map[slot] = 0;
 }
 
 void __this_fixmap_does_not_exist(void)
diff --git a/arch/x86/mm/discontig_32.c b/arch/x86/mm/numa_32.c
index 62fa440678d8..847c164725f4 100644
--- a/arch/x86/mm/discontig_32.c
+++ b/arch/x86/mm/numa_32.c
@@ -328,7 +328,7 @@ void __init initmem_init(unsigned long start_pfn,
 
         get_memcfg_numa();
 
-        kva_pages = round_up(calculate_numa_remap_pages(), PTRS_PER_PTE);
+        kva_pages = roundup(calculate_numa_remap_pages(), PTRS_PER_PTE);
 
         kva_target_pfn = round_down(max_low_pfn - kva_pages, PTRS_PER_PTE);
         do {
diff --git a/arch/x86/mm/numa_64.c b/arch/x86/mm/numa_64.c
index a4dd793d6003..cebcbf152d46 100644
--- a/arch/x86/mm/numa_64.c
+++ b/arch/x86/mm/numa_64.c
@@ -79,7 +79,7 @@ static int __init allocate_cachealigned_memnodemap(void)
                 return 0;
 
         addr = 0x8000;
-        nodemap_size = round_up(sizeof(s16) * memnodemapsize, L1_CACHE_BYTES);
+        nodemap_size = roundup(sizeof(s16) * memnodemapsize, L1_CACHE_BYTES);
         nodemap_addr = find_e820_area(addr, max_pfn<<PAGE_SHIFT,
                                       nodemap_size, L1_CACHE_BYTES);
         if (nodemap_addr == -1UL) {
@@ -176,10 +176,10 @@ void __init setup_node_bootmem(int nodeid, unsigned long start,
         unsigned long start_pfn, last_pfn, bootmap_pages, bootmap_size;
         unsigned long bootmap_start, nodedata_phys;
         void *bootmap;
-        const int pgdat_size = round_up(sizeof(pg_data_t), PAGE_SIZE);
+        const int pgdat_size = roundup(sizeof(pg_data_t), PAGE_SIZE);
         int nid;
 
-        start = round_up(start, ZONE_ALIGN);
+        start = roundup(start, ZONE_ALIGN);
 
         printk(KERN_INFO "Bootmem setup node %d %016lx-%016lx\n", nodeid,
                start, end);
@@ -210,9 +210,9 @@ void __init setup_node_bootmem(int nodeid, unsigned long start,
         bootmap_pages = bootmem_bootmap_pages(last_pfn - start_pfn);
         nid = phys_to_nid(nodedata_phys);
         if (nid == nodeid)
-                bootmap_start = round_up(nodedata_phys + pgdat_size, PAGE_SIZE);
+                bootmap_start = roundup(nodedata_phys + pgdat_size, PAGE_SIZE);
         else
-                bootmap_start = round_up(start, PAGE_SIZE);
+                bootmap_start = roundup(start, PAGE_SIZE);
         /*
          * SMP_CACHE_BYTES could be enough, but init_bootmem_node like
          * to use that to align to PAGE_SIZE
diff --git a/arch/x86/mm/pageattr-test.c b/arch/x86/mm/pageattr-test.c
index d4aa503caaa2..e1d106909218 100644
--- a/arch/x86/mm/pageattr-test.c
+++ b/arch/x86/mm/pageattr-test.c
@@ -32,7 +32,7 @@ enum {
         GPS                     = (1<<30)
 };
 
-#define PAGE_TESTBIT    __pgprot(_PAGE_UNUSED1)
+#define PAGE_CPA_TEST   __pgprot(_PAGE_CPA_TEST)
 
 static int pte_testbit(pte_t pte)
 {
@@ -118,6 +118,7 @@ static int pageattr_test(void)
         unsigned int level;
         int i, k;
         int err;
+        unsigned long test_addr;
 
         if (print)
                 printk(KERN_INFO "CPA self-test:\n");
@@ -172,7 +173,8 @@ static int pageattr_test(void)
                         continue;
                 }
 
-                err = change_page_attr_set(addr[i], len[i], PAGE_TESTBIT);
+                test_addr = addr[i];
+                err = change_page_attr_set(&test_addr, len[i], PAGE_CPA_TEST, 0);
                 if (err < 0) {
                         printk(KERN_ERR "CPA %d failed %d\n", i, err);
                         failed++;
@@ -204,7 +206,8 @@ static int pageattr_test(void)
                         failed++;
                         continue;
                 }
-                err = change_page_attr_clear(addr[i], len[i], PAGE_TESTBIT);
+                test_addr = addr[i];
+                err = change_page_attr_clear(&test_addr, len[i], PAGE_CPA_TEST, 0);
                 if (err < 0) {
                         printk(KERN_ERR "CPA reverting failed: %d\n", err);
                         failed++;
diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
index 43e2f8483e4f..a9ec89c3fbca 100644
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
@@ -25,15 +25,27 @@
  * The current flushing context - we pass it instead of 5 arguments:
  */
 struct cpa_data {
-        unsigned long   vaddr;
+        unsigned long   *vaddr;
         pgprot_t        mask_set;
         pgprot_t        mask_clr;
         int             numpages;
-        int             flushtlb;
+        int             flags;
         unsigned long   pfn;
         unsigned        force_split : 1;
+        int             curpage;
 };
 
+/*
+ * Serialize cpa() (for !DEBUG_PAGEALLOC which uses large identity mappings)
+ * using cpa_lock. So that we don't allow any other cpu, with stale large tlb
+ * entries change the page attribute in parallel to some other cpu
+ * splitting a large page entry along with changing the attribute.
+ */
+static DEFINE_SPINLOCK(cpa_lock);
+
+#define CPA_FLUSHTLB 1
+#define CPA_ARRAY 2
+
 #ifdef CONFIG_PROC_FS
 static unsigned long direct_pages_count[PG_LEVEL_NUM];
 
@@ -84,7 +96,7 @@ static inline unsigned long highmap_start_pfn(void)
 
 static inline unsigned long highmap_end_pfn(void)
 {
-        return __pa(round_up((unsigned long)_end, PMD_SIZE)) >> PAGE_SHIFT;
+        return __pa(roundup((unsigned long)_end, PMD_SIZE)) >> PAGE_SHIFT;
 }
 
 #endif
@@ -190,6 +202,41 @@ static void cpa_flush_range(unsigned long start, int numpages, int cache)
         }
 }
 
+static void cpa_flush_array(unsigned long *start, int numpages, int cache)
+{
+        unsigned int i, level;
+        unsigned long *addr;
+
+        BUG_ON(irqs_disabled());
+
+        on_each_cpu(__cpa_flush_range, NULL, 1);
+
+        if (!cache)
+                return;
+
+        /* 4M threshold */
+        if (numpages >= 1024) {
+                if (boot_cpu_data.x86_model >= 4)
+                        wbinvd();
+                return;
+        }
+        /*
+         * We only need to flush on one CPU,
+         * clflush is a MESI-coherent instruction that
+         * will cause all other CPUs to flush the same
+         * cachelines:
+         */
+        for (i = 0, addr = start; i < numpages; i++, addr++) {
+                pte_t *pte = lookup_address(*addr, &level);
+
+                /*
+                 * Only flush present addresses:
+                 */
+                if (pte && (pte_val(*pte) & _PAGE_PRESENT))
+                        clflush_cache_range((void *) *addr, PAGE_SIZE);
+        }
+}
+
 /*
  * Certain areas of memory on x86 require very specific protection flags,
  * for example the BIOS area or kernel text. Callers don't always get this
@@ -398,7 +445,7 @@ try_preserve_large_page(pte_t *kpte, unsigned long address,
                  */
                 new_pte = pfn_pte(pte_pfn(old_pte), canon_pgprot(new_prot));
                 __set_pmd_pte(kpte, address, new_pte);
-                cpa->flushtlb = 1;
+                cpa->flags |= CPA_FLUSHTLB;
                 do_split = 0;
         }
 
@@ -408,84 +455,6 @@ out_unlock:
         return do_split;
 }
 
-static LIST_HEAD(page_pool);
-static unsigned long pool_size, pool_pages, pool_low;
-static unsigned long pool_used, pool_failed;
-
-static void cpa_fill_pool(struct page **ret)
-{
-        gfp_t gfp = GFP_KERNEL;
-        unsigned long flags;
-        struct page *p;
-
-        /*
-         * Avoid recursion (on debug-pagealloc) and also signal
-         * our priority to get to these pagetables:
-         */
-        if (current->flags & PF_MEMALLOC)
-                return;
-        current->flags |= PF_MEMALLOC;
-
-        /*
-         * Allocate atomically from atomic contexts:
-         */
-        if (in_atomic() || irqs_disabled() || debug_pagealloc)
-                gfp =  GFP_ATOMIC | __GFP_NORETRY | __GFP_NOWARN;
-
-        while (pool_pages < pool_size || (ret && !*ret)) {
-                p = alloc_pages(gfp, 0);
-                if (!p) {
-                        pool_failed++;
-                        break;
-                }
-                /*
-                 * If the call site needs a page right now, provide it:
-                 */
-                if (ret && !*ret) {
-                        *ret = p;
-                        continue;
-                }
-                spin_lock_irqsave(&pgd_lock, flags);
-                list_add(&p->lru, &page_pool);
-                pool_pages++;
-                spin_unlock_irqrestore(&pgd_lock, flags);
-        }
-
-        current->flags &= ~PF_MEMALLOC;
-}
-
-#define SHIFT_MB                (20 - PAGE_SHIFT)
-#define ROUND_MB_GB             ((1 << 10) - 1)
-#define SHIFT_MB_GB             10
-#define POOL_PAGES_PER_GB       16
-
-void __init cpa_init(void)
-{
-        struct sysinfo si;
-        unsigned long gb;
-
-        si_meminfo(&si);
-        /*
-         * Calculate the number of pool pages:
-         *
-         * Convert totalram (nr of pages) to MiB and round to the next
-         * GiB. Shift MiB to Gib and multiply the result by
-         * POOL_PAGES_PER_GB:
-         */
-        if (debug_pagealloc) {
-                gb = ((si.totalram >> SHIFT_MB) + ROUND_MB_GB) >> SHIFT_MB_GB;
-                pool_size = POOL_PAGES_PER_GB * gb;
-        } else {
-                pool_size = 1;
-        }
-        pool_low = pool_size;
-
-        cpa_fill_pool(NULL);
-        printk(KERN_DEBUG
-               "CPA: page pool initialized %lu of %lu pages preallocated\n",
-               pool_pages, pool_size);
-}
-
 static int split_large_page(pte_t *kpte, unsigned long address)
 {
         unsigned long flags, pfn, pfninc = 1;
@@ -494,28 +463,15 @@ static int split_large_page(pte_t *kpte, unsigned long address)
         pgprot_t ref_prot;
         struct page *base;
 
-        /*
-         * Get a page from the pool. The pool list is protected by the
-         * pgd_lock, which we have to take anyway for the split
-         * operation:
-         */
-        spin_lock_irqsave(&pgd_lock, flags);
-        if (list_empty(&page_pool)) {
-                spin_unlock_irqrestore(&pgd_lock, flags);
-                base = NULL;
-                cpa_fill_pool(&base);
-                if (!base)
-                        return -ENOMEM;
-                spin_lock_irqsave(&pgd_lock, flags);
-        } else {
-                base = list_first_entry(&page_pool, struct page, lru);
-                list_del(&base->lru);
-                pool_pages--;
-
-                if (pool_pages < pool_low)
-                        pool_low = pool_pages;
-        }
+        if (!debug_pagealloc)
+                spin_unlock(&cpa_lock);
+        base = alloc_pages(GFP_KERNEL, 0);
+        if (!debug_pagealloc)
+                spin_lock(&cpa_lock);
+        if (!base)
+                return -ENOMEM;
 
+        spin_lock_irqsave(&pgd_lock, flags);
         /*
          * Check for races, another CPU might have split this page
          * up for us already:
@@ -572,11 +528,8 @@ out_unlock:
          * If we dropped out via the lookup_address check under
          * pgd_lock then stick the page back into the pool:
          */
-        if (base) {
-                list_add(&base->lru, &page_pool);
-                pool_pages++;
-        } else
-                pool_used++;
+        if (base)
+                __free_page(base);
         spin_unlock_irqrestore(&pgd_lock, flags);
 
         return 0;
@@ -584,11 +537,16 @@ out_unlock:
 
 static int __change_page_attr(struct cpa_data *cpa, int primary)
 {
-        unsigned long address = cpa->vaddr;
+        unsigned long address;
         int do_split, err;
         unsigned int level;
         pte_t *kpte, old_pte;
 
+        if (cpa->flags & CPA_ARRAY)
+                address = cpa->vaddr[cpa->curpage];
+        else
+                address = *cpa->vaddr;
+
 repeat:
         kpte = lookup_address(address, &level);
         if (!kpte)
@@ -600,7 +558,7 @@ repeat:
                         return 0;
                 WARN(1, KERN_WARNING "CPA: called for zero pte. "
                        "vaddr = %lx cpa->vaddr = %lx\n", address,
-                       cpa->vaddr);
+                       *cpa->vaddr);
                 return -EINVAL;
         }
 
@@ -626,7 +584,7 @@ repeat:
                  */
                 if (pte_val(old_pte) != pte_val(new_pte)) {
                         set_pte_atomic(kpte, new_pte);
-                        cpa->flushtlb = 1;
+                        cpa->flags |= CPA_FLUSHTLB;
                 }
                 cpa->numpages = 1;
                 return 0;
@@ -650,7 +608,25 @@ repeat:
          */
         err = split_large_page(kpte, address);
         if (!err) {
-                cpa->flushtlb = 1;
+                /*
+                 * Do a global flush tlb after splitting the large page
+                 * and before we do the actual change page attribute in the PTE.
+                 *
+                 * With out this, we violate the TLB application note, that says
+                 * "The TLBs may contain both ordinary and large-page
+                 *  translations for a 4-KByte range of linear addresses. This
+                 *  may occur if software modifies the paging structures so that
+                 *  the page size used for the address range changes. If the two
+                 *  translations differ with respect to page frame or attributes
+                 *  (e.g., permissions), processor behavior is undefined and may
+                 *  be implementation-specific."
+                 *
+                 * We do this global tlb flush inside the cpa_lock, so that we
+                 * don't allow any other cpu, with stale tlb entries change the
+                 * page attribute in parallel, that also falls into the
+                 * just split large page entry.
+                 */
+                flush_tlb_all();
                 goto repeat;
         }
 
@@ -663,6 +639,7 @@ static int cpa_process_alias(struct cpa_data *cpa)
 {
         struct cpa_data alias_cpa;
         int ret = 0;
+        unsigned long temp_cpa_vaddr, vaddr;
 
         if (cpa->pfn >= max_pfn_mapped)
                 return 0;
@@ -675,16 +652,24 @@ static int cpa_process_alias(struct cpa_data *cpa)
          * No need to redo, when the primary call touched the direct
          * mapping already:
          */
-        if (!(within(cpa->vaddr, PAGE_OFFSET,
+        if (cpa->flags & CPA_ARRAY)
+                vaddr = cpa->vaddr[cpa->curpage];
+        else
+                vaddr = *cpa->vaddr;
+
+        if (!(within(vaddr, PAGE_OFFSET,
                     PAGE_OFFSET + (max_low_pfn_mapped << PAGE_SHIFT))
 #ifdef CONFIG_X86_64
-                || within(cpa->vaddr, PAGE_OFFSET + (1UL<<32),
+                || within(vaddr, PAGE_OFFSET + (1UL<<32),
                     PAGE_OFFSET + (max_pfn_mapped << PAGE_SHIFT))
 #endif
         )) {
 
                 alias_cpa = *cpa;
-                alias_cpa.vaddr = (unsigned long) __va(cpa->pfn << PAGE_SHIFT);
+                temp_cpa_vaddr = (unsigned long) __va(cpa->pfn << PAGE_SHIFT);
+                alias_cpa.vaddr = &temp_cpa_vaddr;
+                alias_cpa.flags &= ~CPA_ARRAY;
+
 
                 ret = __change_page_attr_set_clr(&alias_cpa, 0);
         }
@@ -696,7 +681,7 @@ static int cpa_process_alias(struct cpa_data *cpa)
          * No need to redo, when the primary call touched the high
          * mapping already:
          */
-        if (within(cpa->vaddr, (unsigned long) _text, (unsigned long) _end))
+        if (within(vaddr, (unsigned long) _text, (unsigned long) _end))
                 return 0;
 
         /*
@@ -707,8 +692,9 @@ static int cpa_process_alias(struct cpa_data *cpa)
                 return 0;
 
         alias_cpa = *cpa;
-        alias_cpa.vaddr =
-                (cpa->pfn << PAGE_SHIFT) + __START_KERNEL_map - phys_base;
+        temp_cpa_vaddr = (cpa->pfn << PAGE_SHIFT) + __START_KERNEL_map - phys_base;
+        alias_cpa.vaddr = &temp_cpa_vaddr;
+        alias_cpa.flags &= ~CPA_ARRAY;
 
         /*
          * The high mapping range is imprecise, so ignore the return value.
@@ -728,8 +714,15 @@ static int __change_page_attr_set_clr(struct cpa_data *cpa, int checkalias)
                  * preservation check.
                  */
                 cpa->numpages = numpages;
+                /* for array changes, we can't use large page */
+                if (cpa->flags & CPA_ARRAY)
+                        cpa->numpages = 1;
 
+                if (!debug_pagealloc)
+                        spin_lock(&cpa_lock);
                 ret = __change_page_attr(cpa, checkalias);
+                if (!debug_pagealloc)
+                        spin_unlock(&cpa_lock);
                 if (ret)
                         return ret;
 
@@ -746,7 +739,11 @@ static int __change_page_attr_set_clr(struct cpa_data *cpa, int checkalias)
                  */
                 BUG_ON(cpa->numpages > numpages);
                 numpages -= cpa->numpages;
-                cpa->vaddr += cpa->numpages * PAGE_SIZE;
+                if (cpa->flags & CPA_ARRAY)
+                        cpa->curpage++;
+                else
+                        *cpa->vaddr += cpa->numpages * PAGE_SIZE;
+
         }
         return 0;
 }
@@ -757,9 +754,9 @@ static inline int cache_attr(pgprot_t attr)
                 (_PAGE_PAT | _PAGE_PAT_LARGE | _PAGE_PWT | _PAGE_PCD);
 }
 
-static int change_page_attr_set_clr(unsigned long addr, int numpages,
+static int change_page_attr_set_clr(unsigned long *addr, int numpages,
                                     pgprot_t mask_set, pgprot_t mask_clr,
-                                    int force_split)
+                                    int force_split, int array)
 {
         struct cpa_data cpa;
         int ret, cache, checkalias;
@@ -774,21 +771,38 @@ static int change_page_attr_set_clr(unsigned long addr, int numpages,
                 return 0;
 
         /* Ensure we are PAGE_SIZE aligned */
-        if (addr & ~PAGE_MASK) {
-                addr &= PAGE_MASK;
-                /*
-                 * People should not be passing in unaligned addresses:
-                 */
-                WARN_ON_ONCE(1);
+        if (!array) {
+                if (*addr & ~PAGE_MASK) {
+                        *addr &= PAGE_MASK;
+                        /*
+                         * People should not be passing in unaligned addresses:
+                         */
+                        WARN_ON_ONCE(1);
+                }
+        } else {
+                int i;
+                for (i = 0; i < numpages; i++) {
+                        if (addr[i] & ~PAGE_MASK) {
+                                addr[i] &= PAGE_MASK;
+                                WARN_ON_ONCE(1);
+                        }
+                }
         }
 
+        /* Must avoid aliasing mappings in the highmem code */
+        kmap_flush_unused();
+
         cpa.vaddr = addr;
         cpa.numpages = numpages;
         cpa.mask_set = mask_set;
         cpa.mask_clr = mask_clr;
-        cpa.flushtlb = 0;
+        cpa.flags = 0;
+        cpa.curpage = 0;
         cpa.force_split = force_split;
 
+        if (array)
+                cpa.flags |= CPA_ARRAY;
+
         /* No alias checking for _NX bit modifications */
         checkalias = (pgprot_val(mask_set) | pgprot_val(mask_clr)) != _PAGE_NX;
 
@@ -797,7 +811,7 @@ static int change_page_attr_set_clr(unsigned long addr, int numpages,
         /*
          * Check whether we really changed something:
          */
-        if (!cpa.flushtlb)
+        if (!(cpa.flags & CPA_FLUSHTLB))
                 goto out;
 
         /*
@@ -812,27 +826,30 @@ static int change_page_attr_set_clr(unsigned long addr, int numpages,
          * error case we fall back to cpa_flush_all (which uses
          * wbindv):
          */
-        if (!ret && cpu_has_clflush)
-                cpa_flush_range(addr, numpages, cache);
-        else
+        if (!ret && cpu_has_clflush) {
+                if (cpa.flags & CPA_ARRAY)
+                        cpa_flush_array(addr, numpages, cache);
+                else
+                        cpa_flush_range(*addr, numpages, cache);
+        } else
                 cpa_flush_all(cache);
 
 out:
-        cpa_fill_pool(NULL);
-
         return ret;
 }
 
-static inline int change_page_attr_set(unsigned long addr, int numpages,
-                                       pgprot_t mask)
+static inline int change_page_attr_set(unsigned long *addr, int numpages,
+                                       pgprot_t mask, int array)
 {
-        return change_page_attr_set_clr(addr, numpages, mask, __pgprot(0), 0);
+        return change_page_attr_set_clr(addr, numpages, mask, __pgprot(0), 0,
+                array);
 }
 
-static inline int change_page_attr_clear(unsigned long addr, int numpages,
-                                         pgprot_t mask)
+static inline int change_page_attr_clear(unsigned long *addr, int numpages,
+                                         pgprot_t mask, int array)
 {
-        return change_page_attr_set_clr(addr, numpages, __pgprot(0), mask, 0);
+        return change_page_attr_set_clr(addr, numpages, __pgprot(0), mask, 0,
+                array);
 }
 
 int _set_memory_uc(unsigned long addr, int numpages)
@@ -840,8 +857,8 @@ int _set_memory_uc(unsigned long addr, int numpages)
         /*
          * for now UC MINUS. see comments in ioremap_nocache()
          */
-        return change_page_attr_set(addr, numpages,
-                                    __pgprot(_PAGE_CACHE_UC_MINUS));
+        return change_page_attr_set(&addr, numpages,
+                                    __pgprot(_PAGE_CACHE_UC_MINUS), 0);
 }
 
 int set_memory_uc(unsigned long addr, int numpages)
@@ -857,10 +874,48 @@ int set_memory_uc(unsigned long addr, int numpages)
 }
 EXPORT_SYMBOL(set_memory_uc);
 
+int set_memory_array_uc(unsigned long *addr, int addrinarray)
+{
+        unsigned long start;
+        unsigned long end;
+        int i;
+        /*
+         * for now UC MINUS. see comments in ioremap_nocache()
+         */
+        for (i = 0; i < addrinarray; i++) {
+                start = __pa(addr[i]);
+                for (end = start + PAGE_SIZE; i < addrinarray - 1; end += PAGE_SIZE) {
+                        if (end != __pa(addr[i + 1]))
+                                break;
+                        i++;
+                }
+                if (reserve_memtype(start, end, _PAGE_CACHE_UC_MINUS, NULL))
+                        goto out;
+        }
+
+        return change_page_attr_set(addr, addrinarray,
+                                    __pgprot(_PAGE_CACHE_UC_MINUS), 1);
+out:
+        for (i = 0; i < addrinarray; i++) {
+                unsigned long tmp = __pa(addr[i]);
+
+                if (tmp == start)
+                        break;
+                for (end = tmp + PAGE_SIZE; i < addrinarray - 1; end += PAGE_SIZE) {
+                        if (end != __pa(addr[i + 1]))
+                                break;
+                        i++;
+                }
+                free_memtype(tmp, end);
+        }
+        return -EINVAL;
+}
+EXPORT_SYMBOL(set_memory_array_uc);
+
 int _set_memory_wc(unsigned long addr, int numpages)
 {
-        return change_page_attr_set(addr, numpages,
-                                    __pgprot(_PAGE_CACHE_WC));
+        return change_page_attr_set(&addr, numpages,
+                                    __pgprot(_PAGE_CACHE_WC), 0);
 }
 
 int set_memory_wc(unsigned long addr, int numpages)
@@ -878,8 +933,8 @@ EXPORT_SYMBOL(set_memory_wc);
 
 int _set_memory_wb(unsigned long addr, int numpages)
 {
-        return change_page_attr_clear(addr, numpages,
-                                      __pgprot(_PAGE_CACHE_MASK));
+        return change_page_attr_clear(&addr, numpages,
+                                      __pgprot(_PAGE_CACHE_MASK), 0);
 }
 
 int set_memory_wb(unsigned long addr, int numpages)
@@ -890,37 +945,59 @@ int set_memory_wb(unsigned long addr, int numpages)
 }
 EXPORT_SYMBOL(set_memory_wb);
 
+int set_memory_array_wb(unsigned long *addr, int addrinarray)
+{
+        int i;
+
+        for (i = 0; i < addrinarray; i++) {
+                unsigned long start = __pa(addr[i]);
+                unsigned long end;
+
+                for (end = start + PAGE_SIZE; i < addrinarray - 1; end += PAGE_SIZE) {
+                        if (end != __pa(addr[i + 1]))
+                                break;
+                        i++;
+                }
+                free_memtype(start, end);
+        }
+        return change_page_attr_clear(addr, addrinarray,
+                                      __pgprot(_PAGE_CACHE_MASK), 1);
+}
+EXPORT_SYMBOL(set_memory_array_wb);
+
 int set_memory_x(unsigned long addr, int numpages)
 {
-        return change_page_attr_clear(addr, numpages, __pgprot(_PAGE_NX));
+        return change_page_attr_clear(&addr, numpages, __pgprot(_PAGE_NX), 0);
 }
 EXPORT_SYMBOL(set_memory_x);
 
 int set_memory_nx(unsigned long addr, int numpages)
 {
-        return change_page_attr_set(addr, numpages, __pgprot(_PAGE_NX));
+        return change_page_attr_set(&addr, numpages, __pgprot(_PAGE_NX), 0);
 }
 EXPORT_SYMBOL(set_memory_nx);
 
 int set_memory_ro(unsigned long addr, int numpages)
 {
-        return change_page_attr_clear(addr, numpages, __pgprot(_PAGE_RW));
+        return change_page_attr_clear(&addr, numpages, __pgprot(_PAGE_RW), 0);
 }
+EXPORT_SYMBOL_GPL(set_memory_ro);
 
 int set_memory_rw(unsigned long addr, int numpages)
 {
-        return change_page_attr_set(addr, numpages, __pgprot(_PAGE_RW));
+        return change_page_attr_set(&addr, numpages, __pgprot(_PAGE_RW), 0);
 }
+EXPORT_SYMBOL_GPL(set_memory_rw);
 
 int set_memory_np(unsigned long addr, int numpages)
 {
-        return change_page_attr_clear(addr, numpages, __pgprot(_PAGE_PRESENT));
+        return change_page_attr_clear(&addr, numpages, __pgprot(_PAGE_PRESENT), 0);
 }
 
 int set_memory_4k(unsigned long addr, int numpages)
 {
-        return change_page_attr_set_clr(addr, numpages, __pgprot(0),
-                                        __pgprot(0), 1);
+        return change_page_attr_set_clr(&addr, numpages, __pgprot(0),
+                                        __pgprot(0), 1, 0);
 }
 
 int set_pages_uc(struct page *page, int numpages)
@@ -973,22 +1050,38 @@ int set_pages_rw(struct page *page, int numpages)
 
 static int __set_pages_p(struct page *page, int numpages)
 {
-        struct cpa_data cpa = { .vaddr = (unsigned long) page_address(page),
+        unsigned long tempaddr = (unsigned long) page_address(page);
+        struct cpa_data cpa = { .vaddr = &tempaddr,
                                 .numpages = numpages,
                                 .mask_set = __pgprot(_PAGE_PRESENT | _PAGE_RW),
-                                .mask_clr = __pgprot(0)};
+                                .mask_clr = __pgprot(0),
+                                .flags = 0};
 
-        return __change_page_attr_set_clr(&cpa, 1);
+        /*
+         * No alias checking needed for setting present flag. otherwise,
+         * we may need to break large pages for 64-bit kernel text
+         * mappings (this adds to complexity if we want to do this from
+         * atomic context especially). Let's keep it simple!
+         */
+        return __change_page_attr_set_clr(&cpa, 0);
 }
 
 static int __set_pages_np(struct page *page, int numpages)
 {
-        struct cpa_data cpa = { .vaddr = (unsigned long) page_address(page),
+        unsigned long tempaddr = (unsigned long) page_address(page);
+        struct cpa_data cpa = { .vaddr = &tempaddr,
                                 .numpages = numpages,
                                 .mask_set = __pgprot(0),
-                                .mask_clr = __pgprot(_PAGE_PRESENT | _PAGE_RW)};
+                                .mask_clr = __pgprot(_PAGE_PRESENT | _PAGE_RW),
+                                .flags = 0};
 
-        return __change_page_attr_set_clr(&cpa, 1);
+        /*
+         * No alias checking needed for setting not present flag. otherwise,
+         * we may need to break large pages for 64-bit kernel text
+         * mappings (this adds to complexity if we want to do this from
+         * atomic context especially). Let's keep it simple!
+         */
+        return __change_page_attr_set_clr(&cpa, 0);
 }
 
 void kernel_map_pages(struct page *page, int numpages, int enable)
@@ -1008,11 +1101,8 @@ void kernel_map_pages(struct page *page, int numpages, int enable)
 
         /*
          * The return value is ignored as the calls cannot fail.
-         * Large pages are kept enabled at boot time, and are
-         * split up quickly with DEBUG_PAGEALLOC. If a splitup
-         * fails here (due to temporary memory shortage) no damage
-         * is done because we just keep the largepage intact up
-         * to the next attempt when it will likely be split up:
+         * Large pages for identity mappings are not used at boot time
+         * and hence no memory allocations during large page split.
          */
         if (enable)
                 __set_pages_p(page, numpages);
@@ -1024,53 +1114,8 @@ void kernel_map_pages(struct page *page, int numpages, int enable)
          * but that can deadlock->flush only current cpu:
          */
         __flush_tlb_all();
-
-        /*
-         * Try to refill the page pool here. We can do this only after
-         * the tlb flush.
-         */
-        cpa_fill_pool(NULL);
 }
 
-#ifdef CONFIG_DEBUG_FS
-static int dpa_show(struct seq_file *m, void *v)
-{
-        seq_puts(m, "DEBUG_PAGEALLOC\n");
-        seq_printf(m, "pool_size     : %lu\n", pool_size);
-        seq_printf(m, "pool_pages    : %lu\n", pool_pages);
-        seq_printf(m, "pool_low      : %lu\n", pool_low);
-        seq_printf(m, "pool_used     : %lu\n", pool_used);
-        seq_printf(m, "pool_failed   : %lu\n", pool_failed);
-
-        return 0;
-}
-
-static int dpa_open(struct inode *inode, struct file *filp)
-{
-        return single_open(filp, dpa_show, NULL);
-}
-
-static const struct file_operations dpa_fops = {
-        .open           = dpa_open,
-        .read           = seq_read,
-        .llseek         = seq_lseek,
-        .release        = single_release,
-};
-
-static int __init debug_pagealloc_proc_init(void)
-{
-        struct dentry *de;
-
-        de = debugfs_create_file("debug_pagealloc", 0600, NULL, NULL,
-                                 &dpa_fops);
-        if (!de)
-                return -ENOMEM;
-
-        return 0;
-}
-__initcall(debug_pagealloc_proc_init);
-#endif
-
 #ifdef CONFIG_HIBERNATION
 
 bool kernel_page_present(struct page *page)
diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c
index 2a50e0fa64a5..738fd0f24958 100644
--- a/arch/x86/mm/pat.c
+++ b/arch/x86/mm/pat.c
@@ -7,24 +7,24 @@
  * Loosely based on earlier PAT patchset from Eric Biederman and Andi Kleen.
  */
 
-#include <linux/mm.h>
+#include <linux/seq_file.h>
+#include <linux/bootmem.h>
+#include <linux/debugfs.h>
 #include <linux/kernel.h>
 #include <linux/gfp.h>
+#include <linux/mm.h>
 #include <linux/fs.h>
-#include <linux/bootmem.h>
-#include <linux/debugfs.h>
-#include <linux/seq_file.h>
 
-#include <asm/msr.h>
-#include <asm/tlbflush.h>
+#include <asm/cacheflush.h>
 #include <asm/processor.h>
-#include <asm/page.h>
+#include <asm/tlbflush.h>
 #include <asm/pgtable.h>
-#include <asm/pat.h>
-#include <asm/e820.h>
-#include <asm/cacheflush.h>
 #include <asm/fcntl.h>
+#include <asm/e820.h>
 #include <asm/mtrr.h>
+#include <asm/page.h>
+#include <asm/msr.h>
+#include <asm/pat.h>
 #include <asm/io.h>
 
 #ifdef CONFIG_X86_PAT
@@ -46,6 +46,7 @@ early_param("nopat", nopat);
 
 
 static int debug_enable;
+
 static int __init pat_debug_setup(char *str)
 {
         debug_enable = 1;
@@ -145,14 +146,14 @@ static char *cattr_name(unsigned long flags)
  */
 
 struct memtype {
-        u64 start;
-        u64 end;
-        unsigned long type;
-        struct list_head nd;
+        u64                     start;
+        u64                     end;
+        unsigned long           type;
+        struct list_head        nd;
 };
 
 static LIST_HEAD(memtype_list);
-static DEFINE_SPINLOCK(memtype_lock);   /* protects memtype list */
+static DEFINE_SPINLOCK(memtype_lock);   /* protects memtype list */
 
 /*
  * Does intersection of PAT memory type and MTRR memory type and returns
@@ -180,8 +181,8 @@ static unsigned long pat_x_mtrr_type(u64 start, u64 end, unsigned long req_type)
         return req_type;
 }
 
-static int chk_conflict(struct memtype *new, struct memtype *entry,
-                        unsigned long *type)
+static int
+chk_conflict(struct memtype *new, struct memtype *entry, unsigned long *type)
 {
         if (new->type != entry->type) {
                 if (type) {
@@ -211,6 +212,66 @@ static struct memtype *cached_entry;
 static u64 cached_start;
 
 /*
+ * For RAM pages, mark the pages as non WB memory type using
+ * PageNonWB (PG_arch_1). We allow only one set_memory_uc() or
+ * set_memory_wc() on a RAM page at a time before marking it as WB again.
+ * This is ok, because only one driver will be owning the page and
+ * doing set_memory_*() calls.
+ *
+ * For now, we use PageNonWB to track that the RAM page is being mapped
+ * as non WB. In future, we will have to use one more flag
+ * (or some other mechanism in page_struct) to distinguish between
+ * UC and WC mapping.
+ */
+static int reserve_ram_pages_type(u64 start, u64 end, unsigned long req_type,
+                                  unsigned long *new_type)
+{
+        struct page *page;
+        u64 pfn, end_pfn;
+
+        for (pfn = (start >> PAGE_SHIFT); pfn < (end >> PAGE_SHIFT); ++pfn) {
+                page = pfn_to_page(pfn);
+                if (page_mapped(page) || PageNonWB(page))
+                        goto out;
+
+                SetPageNonWB(page);
+        }
+        return 0;
+
+out:
+        end_pfn = pfn;
+        for (pfn = (start >> PAGE_SHIFT); pfn < end_pfn; ++pfn) {
+                page = pfn_to_page(pfn);
+                ClearPageNonWB(page);
+        }
+
+        return -EINVAL;
+}
+
+static int free_ram_pages_type(u64 start, u64 end)
+{
+        struct page *page;
+        u64 pfn, end_pfn;
+
+        for (pfn = (start >> PAGE_SHIFT); pfn < (end >> PAGE_SHIFT); ++pfn) {
+                page = pfn_to_page(pfn);
+                if (page_mapped(page) || !PageNonWB(page))
+                        goto out;
+
+                ClearPageNonWB(page);
+        }
+        return 0;
+
+out:
+        end_pfn = pfn;
+        for (pfn = (start >> PAGE_SHIFT); pfn < end_pfn; ++pfn) {
+                page = pfn_to_page(pfn);
+                SetPageNonWB(page);
+        }
+        return -EINVAL;
+}
+
+/*
  * req_type typically has one of the:
  * - _PAGE_CACHE_WB
  * - _PAGE_CACHE_WC
@@ -226,14 +287,15 @@ static u64 cached_start;
  * it will return a negative return value.
  */
 int reserve_memtype(u64 start, u64 end, unsigned long req_type,
-                        unsigned long *new_type)
+                    unsigned long *new_type)
 {
         struct memtype *new, *entry;
         unsigned long actual_type;
         struct list_head *where;
+        int is_range_ram;
         int err = 0;
 
-        BUG_ON(start >= end); /* end is exclusive */
+        BUG_ON(start >= end); /* end is exclusive */
 
         if (!pat_enabled) {
                 /* This is identical to page table setting without PAT */
@@ -266,17 +328,24 @@ int reserve_memtype(u64 start, u64 end, unsigned long req_type,
                         actual_type = _PAGE_CACHE_WB;
                 else
                         actual_type = _PAGE_CACHE_UC_MINUS;
-        } else
+        } else {
                 actual_type = pat_x_mtrr_type(start, end,
                                               req_type & _PAGE_CACHE_MASK);
+        }
+
+        is_range_ram = pagerange_is_ram(start, end);
+        if (is_range_ram == 1)
+                return reserve_ram_pages_type(start, end, req_type, new_type);
+        else if (is_range_ram < 0)
+                return -EINVAL;
 
         new  = kmalloc(sizeof(struct memtype), GFP_KERNEL);
         if (!new)
                 return -ENOMEM;
 
-        new->start = start;
-        new->end = end;
-        new->type = actual_type;
+        new->start      = start;
+        new->end        = end;
+        new->type       = actual_type;
 
         if (new_type)
                 *new_type = actual_type;
@@ -335,6 +404,7 @@ int reserve_memtype(u64 start, u64 end, unsigned long req_type,
                        start, end, cattr_name(new->type), cattr_name(req_type));
                 kfree(new);
                 spin_unlock(&memtype_lock);
+
                 return err;
         }
 
@@ -358,6 +428,7 @@ int free_memtype(u64 start, u64 end)
 {
         struct memtype *entry;
         int err = -EINVAL;
+        int is_range_ram;
 
         if (!pat_enabled)
                 return 0;
@@ -366,6 +437,12 @@ int free_memtype(u64 start, u64 end)
         if (is_ISA_range(start, end - 1))
                 return 0;
 
+        is_range_ram = pagerange_is_ram(start, end);
+        if (is_range_ram == 1)
+                return free_ram_pages_type(start, end);
+        else if (is_range_ram < 0)
+                return -EINVAL;
+
         spin_lock(&memtype_lock);
         list_for_each_entry(entry, &memtype_list, nd) {
                 if (entry->start == start && entry->end == end) {
@@ -386,6 +463,7 @@ int free_memtype(u64 start, u64 end)
         }
 
         dprintk("free_memtype request 0x%Lx-0x%Lx\n", start, end);
+
         return err;
 }
 
@@ -492,9 +570,9 @@ int phys_mem_access_prot_allowed(struct file *file, unsigned long pfn,
 
 void map_devmem(unsigned long pfn, unsigned long size, pgprot_t vma_prot)
 {
+        unsigned long want_flags = (pgprot_val(vma_prot) & _PAGE_CACHE_MASK);
         u64 addr = (u64)pfn << PAGE_SHIFT;
         unsigned long flags;
-        unsigned long want_flags = (pgprot_val(vma_prot) & _PAGE_CACHE_MASK);
 
         reserve_memtype(addr, addr + size, want_flags, &flags);
         if (flags != want_flags) {
@@ -514,7 +592,7 @@ void unmap_devmem(unsigned long pfn, unsigned long size, pgprot_t vma_prot)
         free_memtype(addr, addr + size);
 }
 
-#if defined(CONFIG_DEBUG_FS)
+#if defined(CONFIG_DEBUG_FS) && defined(CONFIG_X86_PAT)
 
 /* get Nth element of the linked list */
 static struct memtype *memtype_get_idx(loff_t pos)
@@ -537,6 +615,7 @@ static struct memtype *memtype_get_idx(loff_t pos)
         }
         spin_unlock(&memtype_lock);
         kfree(print_entry);
+
         return NULL;
 }
 
@@ -567,6 +646,7 @@ static int memtype_seq_show(struct seq_file *seq, void *v)
         seq_printf(seq, "%s @ 0x%Lx-0x%Lx\n", cattr_name(print_entry->type),
                         print_entry->start, print_entry->end);
         kfree(print_entry);
+
         return 0;
 }
 
@@ -598,4 +678,4 @@ static int __init pat_memtype_list_init(void)
 
 late_initcall(pat_memtype_list_init);
 
-#endif /* CONFIG_DEBUG_FS */
+#endif /* CONFIG_DEBUG_FS && CONFIG_X86_PAT */
diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c
index d50302774fe2..86f2ffc43c3d 100644
--- a/arch/x86/mm/pgtable.c
+++ b/arch/x86/mm/pgtable.c
@@ -63,10 +63,8 @@ static inline void pgd_list_del(pgd_t *pgd)
 #define UNSHARED_PTRS_PER_PGD                           \
         (SHARED_KERNEL_PMD ? KERNEL_PGD_BOUNDARY : PTRS_PER_PGD)
 
-static void pgd_ctor(void *p)
+static void pgd_ctor(pgd_t *pgd)
 {
-        pgd_t *pgd = p;
-
         /* If the pgd points to a shared pagetable level (either the
            ptes in non-PAE, or shared PMD in PAE), then just copy the
            references from swapper_pg_dir. */
@@ -87,7 +85,7 @@ static void pgd_ctor(void *p)
                 pgd_list_add(pgd);
 }
 
-static void pgd_dtor(void *pgd)
+static void pgd_dtor(pgd_t *pgd)
 {
         unsigned long flags; /* can be called from interrupt context */
 
diff --git a/arch/x86/mm/pgtable_32.c b/arch/x86/mm/pgtable_32.c
index cab0abbd1ebe..0951db9ee519 100644
--- a/arch/x86/mm/pgtable_32.c
+++ b/arch/x86/mm/pgtable_32.c
@@ -123,7 +123,8 @@ static int __init parse_vmalloc(char *arg)
         if (!arg)
                 return -EINVAL;
 
-        __VMALLOC_RESERVE = memparse(arg, &arg);
+        /* Add VMALLOC_OFFSET to the parsed value due to vm area guard hole*/
+        __VMALLOC_RESERVE = memparse(arg, &arg) + VMALLOC_OFFSET;
         return 0;
 }
 early_param("vmalloc", parse_vmalloc);
diff --git a/arch/x86/mm/srat_64.c b/arch/x86/mm/srat_64.c
index 1b4763e26ea9..51c0a2fc14fe 100644
--- a/arch/x86/mm/srat_64.c
+++ b/arch/x86/mm/srat_64.c
@@ -138,7 +138,7 @@ acpi_numa_processor_affinity_init(struct acpi_srat_cpu_affinity *pa)
                 return;
         }
 
-        if (is_uv_system())
+        if (get_uv_system_type() >= UV_X2APIC)
                 apic_id = (pa->apic_id << 8) | pa->local_sapic_eid;
         else
                 apic_id = pa->apic_id;
diff --git a/arch/x86/oprofile/Makefile b/arch/x86/oprofile/Makefile
index 30f3eb366667..446902b2a6b6 100644
--- a/arch/x86/oprofile/Makefile
+++ b/arch/x86/oprofile/Makefile
@@ -7,6 +7,6 @@ DRIVER_OBJS = $(addprefix ../../../drivers/oprofile/, \
                 timer_int.o )
 
 oprofile-y                              := $(DRIVER_OBJS) init.o backtrace.o
-oprofile-$(CONFIG_X86_LOCAL_APIC)       += nmi_int.o op_model_athlon.o \
+oprofile-$(CONFIG_X86_LOCAL_APIC)       += nmi_int.o op_model_amd.o \
                                            op_model_ppro.o op_model_p4.o
 oprofile-$(CONFIG_X86_IO_APIC)          += nmi_timer_int.o
diff --git a/arch/x86/oprofile/nmi_int.c b/arch/x86/oprofile/nmi_int.c
index 0227694f7dab..57f6c9088081 100644
--- a/arch/x86/oprofile/nmi_int.c
+++ b/arch/x86/oprofile/nmi_int.c
@@ -1,10 +1,11 @@
 /**
  * @file nmi_int.c
  *
- * @remark Copyright 2002 OProfile authors
+ * @remark Copyright 2002-2008 OProfile authors
  * @remark Read the file COPYING
  *
  * @author John Levon <levon@movementarian.org>
+ * @author Robert Richter <robert.richter@amd.com>
  */
 
 #include <linux/init.h>
@@ -295,10 +296,12 @@ static void nmi_cpu_shutdown(void *dummy)
 
 static void nmi_shutdown(void)
 {
-        struct op_msrs *msrs = &get_cpu_var(cpu_msrs);
+        struct op_msrs *msrs;
+
         nmi_enabled = 0;
         on_each_cpu(nmi_cpu_shutdown, NULL, 1);
         unregister_die_notifier(&profile_exceptions_nb);
+        msrs = &get_cpu_var(cpu_msrs);
         model->shutdown(msrs);
         free_msrs();
         put_cpu_var(cpu_msrs);
@@ -437,6 +440,7 @@ int __init op_nmi_init(struct oprofile_operations *ops)
         __u8 vendor = boot_cpu_data.x86_vendor;
         __u8 family = boot_cpu_data.x86;
         char *cpu_type;
+        int ret = 0;
 
         if (!cpu_has_apic)
                 return -ENODEV;
@@ -449,19 +453,23 @@ int __init op_nmi_init(struct oprofile_operations *ops)
                 default:
                         return -ENODEV;
                 case 6:
-                        model = &op_athlon_spec;
+                        model = &op_amd_spec;
                         cpu_type = "i386/athlon";
                         break;
                 case 0xf:
-                        model = &op_athlon_spec;
+                        model = &op_amd_spec;
                         /* Actually it could be i386/hammer too, but give
                          user space an consistent name. */
                         cpu_type = "x86-64/hammer";
                         break;
                 case 0x10:
-                        model = &op_athlon_spec;
+                        model = &op_amd_spec;
                         cpu_type = "x86-64/family10";
                         break;
+                case 0x11:
+                        model = &op_amd_spec;
+                        cpu_type = "x86-64/family11h";
+                        break;
                 }
                 break;
 
@@ -488,17 +496,24 @@ int __init op_nmi_init(struct oprofile_operations *ops)
                 return -ENODEV;
         }
 
-        init_sysfs();
 #ifdef CONFIG_SMP
         register_cpu_notifier(&oprofile_cpu_nb);
 #endif
-        using_nmi = 1;
+        /* default values, can be overwritten by model */
         ops->create_files = nmi_create_files;
         ops->setup = nmi_setup;
         ops->shutdown = nmi_shutdown;
         ops->start = nmi_start;
         ops->stop = nmi_stop;
         ops->cpu_type = cpu_type;
+
+        if (model->init)
+                ret = model->init(ops);
+        if (ret)
+                return ret;
+
+        init_sysfs();
+        using_nmi = 1;
         printk(KERN_INFO "oprofile: using NMI interrupt.\n");
         return 0;
 }
@@ -511,4 +526,6 @@ void op_nmi_exit(void)
                 unregister_cpu_notifier(&oprofile_cpu_nb);
 #endif
         }
+        if (model->exit)
+                model->exit();
 }
diff --git a/arch/x86/oprofile/op_model_amd.c b/arch/x86/oprofile/op_model_amd.c
new file mode 100644
index 000000000000..d9faf607b3a6
--- /dev/null
+++ b/arch/x86/oprofile/op_model_amd.c
@@ -0,0 +1,543 @@
+/*
+ * @file op_model_amd.c
+ * athlon / K7 / K8 / Family 10h model-specific MSR operations
+ *
+ * @remark Copyright 2002-2008 OProfile authors
+ * @remark Read the file COPYING
+ *
+ * @author John Levon
+ * @author Philippe Elie
+ * @author Graydon Hoare
+ * @author Robert Richter <robert.richter@amd.com>
+ * @author Barry Kasindorf
+*/
+
+#include <linux/oprofile.h>
+#include <linux/device.h>
+#include <linux/pci.h>
+
+#include <asm/ptrace.h>
+#include <asm/msr.h>
+#include <asm/nmi.h>
+
+#include "op_x86_model.h"
+#include "op_counter.h"
+
+#define NUM_COUNTERS 4
+#define NUM_CONTROLS 4
+
+#define CTR_IS_RESERVED(msrs, c) (msrs->counters[(c)].addr ? 1 : 0)
+#define CTR_READ(l, h, msrs, c) do {rdmsr(msrs->counters[(c)].addr, (l), (h)); } while (0)
+#define CTR_WRITE(l, msrs, c) do {wrmsr(msrs->counters[(c)].addr, -(unsigned int)(l), -1); } while (0)
+#define CTR_OVERFLOWED(n) (!((n) & (1U<<31)))
+
+#define CTRL_IS_RESERVED(msrs, c) (msrs->controls[(c)].addr ? 1 : 0)
+#define CTRL_READ(l, h, msrs, c) do {rdmsr(msrs->controls[(c)].addr, (l), (h)); } while (0)
+#define CTRL_WRITE(l, h, msrs, c) do {wrmsr(msrs->controls[(c)].addr, (l), (h)); } while (0)
+#define CTRL_SET_ACTIVE(n) (n |= (1<<22))
+#define CTRL_SET_INACTIVE(n) (n &= ~(1<<22))
+#define CTRL_CLEAR_LO(x) (x &= (1<<21))
+#define CTRL_CLEAR_HI(x) (x &= 0xfffffcf0)
+#define CTRL_SET_ENABLE(val) (val |= 1<<20)
+#define CTRL_SET_USR(val, u) (val |= ((u & 1) << 16))
+#define CTRL_SET_KERN(val, k) (val |= ((k & 1) << 17))
+#define CTRL_SET_UM(val, m) (val |= (m << 8))
+#define CTRL_SET_EVENT_LOW(val, e) (val |= (e & 0xff))
+#define CTRL_SET_EVENT_HIGH(val, e) (val |= ((e >> 8) & 0xf))
+#define CTRL_SET_HOST_ONLY(val, h) (val |= ((h & 1) << 9))
+#define CTRL_SET_GUEST_ONLY(val, h) (val |= ((h & 1) << 8))
+
+static unsigned long reset_value[NUM_COUNTERS];
+
+#ifdef CONFIG_OPROFILE_IBS
+
+/* IbsFetchCtl bits/masks */
+#define IBS_FETCH_HIGH_VALID_BIT        (1UL << 17)     /* bit 49 */
+#define IBS_FETCH_HIGH_ENABLE           (1UL << 16)     /* bit 48 */
+#define IBS_FETCH_LOW_MAX_CNT_MASK      0x0000FFFFUL    /* MaxCnt mask */
+
+/*IbsOpCtl bits */
+#define IBS_OP_LOW_VALID_BIT            (1ULL<<18)      /* bit 18 */
+#define IBS_OP_LOW_ENABLE               (1ULL<<17)      /* bit 17 */
+
+/* Codes used in cpu_buffer.c */
+/* This produces duplicate code, need to be fixed */
+#define IBS_FETCH_BEGIN 3
+#define IBS_OP_BEGIN    4
+
+/* The function interface needs to be fixed, something like add
+   data. Should then be added to linux/oprofile.h. */
+extern void oprofile_add_ibs_sample(struct pt_regs *const regs,
+                                    unsigned int * const ibs_sample, u8 code);
+
+struct ibs_fetch_sample {
+        /* MSRC001_1031 IBS Fetch Linear Address Register */
+        unsigned int ibs_fetch_lin_addr_low;
+        unsigned int ibs_fetch_lin_addr_high;
+        /* MSRC001_1030 IBS Fetch Control Register */
+        unsigned int ibs_fetch_ctl_low;
+        unsigned int ibs_fetch_ctl_high;
+        /* MSRC001_1032 IBS Fetch Physical Address Register */
+        unsigned int ibs_fetch_phys_addr_low;
+        unsigned int ibs_fetch_phys_addr_high;
+};
+
+struct ibs_op_sample {
+        /* MSRC001_1034 IBS Op Logical Address Register (IbsRIP) */
+        unsigned int ibs_op_rip_low;
+        unsigned int ibs_op_rip_high;
+        /* MSRC001_1035 IBS Op Data Register */
+        unsigned int ibs_op_data1_low;
+        unsigned int ibs_op_data1_high;
+        /* MSRC001_1036 IBS Op Data 2 Register */
+        unsigned int ibs_op_data2_low;
+        unsigned int ibs_op_data2_high;
+        /* MSRC001_1037 IBS Op Data 3 Register */
+        unsigned int ibs_op_data3_low;
+        unsigned int ibs_op_data3_high;
+        /* MSRC001_1038 IBS DC Linear Address Register (IbsDcLinAd) */
+        unsigned int ibs_dc_linear_low;
+        unsigned int ibs_dc_linear_high;
+        /* MSRC001_1039 IBS DC Physical Address Register (IbsDcPhysAd) */
+        unsigned int ibs_dc_phys_low;
+        unsigned int ibs_dc_phys_high;
+};
+
+/*
+ * unitialize the APIC for the IBS interrupts if needed on AMD Family10h+
+*/
+static void clear_ibs_nmi(void);
+
+static int ibs_allowed; /* AMD Family10h and later */
+
+struct op_ibs_config {
+        unsigned long op_enabled;
+        unsigned long fetch_enabled;
+        unsigned long max_cnt_fetch;
+        unsigned long max_cnt_op;
+        unsigned long rand_en;
+        unsigned long dispatched_ops;
+};
+
+static struct op_ibs_config ibs_config;
+
+#endif
+
+/* functions for op_amd_spec */
+
+static void op_amd_fill_in_addresses(struct op_msrs * const msrs)
+{
+        int i;
+
+        for (i = 0; i < NUM_COUNTERS; i++) {
+                if (reserve_perfctr_nmi(MSR_K7_PERFCTR0 + i))
+                        msrs->counters[i].addr = MSR_K7_PERFCTR0 + i;
+                else
+                        msrs->counters[i].addr = 0;
+        }
+
+        for (i = 0; i < NUM_CONTROLS; i++) {
+                if (reserve_evntsel_nmi(MSR_K7_EVNTSEL0 + i))
+                        msrs->controls[i].addr = MSR_K7_EVNTSEL0 + i;
+                else
+                        msrs->controls[i].addr = 0;
+        }
+}
+
+
+static void op_amd_setup_ctrs(struct op_msrs const * const msrs)
+{
+        unsigned int low, high;
+        int i;
+
+        /* clear all counters */
+        for (i = 0 ; i < NUM_CONTROLS; ++i) {
+                if (unlikely(!CTRL_IS_RESERVED(msrs, i)))
+                        continue;
+                CTRL_READ(low, high, msrs, i);
+                CTRL_CLEAR_LO(low);
+                CTRL_CLEAR_HI(high);
+                CTRL_WRITE(low, high, msrs, i);
+        }
+
+        /* avoid a false detection of ctr overflows in NMI handler */
+        for (i = 0; i < NUM_COUNTERS; ++i) {
+                if (unlikely(!CTR_IS_RESERVED(msrs, i)))
+                        continue;
+                CTR_WRITE(1, msrs, i);
+        }
+
+        /* enable active counters */
+        for (i = 0; i < NUM_COUNTERS; ++i) {
+                if ((counter_config[i].enabled) && (CTR_IS_RESERVED(msrs, i))) {
+                        reset_value[i] = counter_config[i].count;
+
+                        CTR_WRITE(counter_config[i].count, msrs, i);
+
+                        CTRL_READ(low, high, msrs, i);
+                        CTRL_CLEAR_LO(low);
+                        CTRL_CLEAR_HI(high);
+                        CTRL_SET_ENABLE(low);
+                        CTRL_SET_USR(low, counter_config[i].user);
+                        CTRL_SET_KERN(low, counter_config[i].kernel);
+                        CTRL_SET_UM(low, counter_config[i].unit_mask);
+                        CTRL_SET_EVENT_LOW(low, counter_config[i].event);
+                        CTRL_SET_EVENT_HIGH(high, counter_config[i].event);
+                        CTRL_SET_HOST_ONLY(high, 0);
+                        CTRL_SET_GUEST_ONLY(high, 0);
+
+                        CTRL_WRITE(low, high, msrs, i);
+                } else {
+                        reset_value[i] = 0;
+                }
+        }
+}
+
+#ifdef CONFIG_OPROFILE_IBS
+
+static inline int
+op_amd_handle_ibs(struct pt_regs * const regs,
+                  struct op_msrs const * const msrs)
+{
+        unsigned int low, high;
+        struct ibs_fetch_sample ibs_fetch;
+        struct ibs_op_sample ibs_op;
+
+        if (!ibs_allowed)
+                return 1;
+
+        if (ibs_config.fetch_enabled) {
+                rdmsr(MSR_AMD64_IBSFETCHCTL, low, high);
+                if (high & IBS_FETCH_HIGH_VALID_BIT) {
+                        ibs_fetch.ibs_fetch_ctl_high = high;
+                        ibs_fetch.ibs_fetch_ctl_low = low;
+                        rdmsr(MSR_AMD64_IBSFETCHLINAD, low, high);
+                        ibs_fetch.ibs_fetch_lin_addr_high = high;
+                        ibs_fetch.ibs_fetch_lin_addr_low = low;
+                        rdmsr(MSR_AMD64_IBSFETCHPHYSAD, low, high);
+                        ibs_fetch.ibs_fetch_phys_addr_high = high;
+                        ibs_fetch.ibs_fetch_phys_addr_low = low;
+
+                        oprofile_add_ibs_sample(regs,
+                                                (unsigned int *)&ibs_fetch,
+                                                IBS_FETCH_BEGIN);
+
+                        /*reenable the IRQ */
+                        rdmsr(MSR_AMD64_IBSFETCHCTL, low, high);
+                        high &= ~IBS_FETCH_HIGH_VALID_BIT;
+                        high |= IBS_FETCH_HIGH_ENABLE;
+                        low &= IBS_FETCH_LOW_MAX_CNT_MASK;
+                        wrmsr(MSR_AMD64_IBSFETCHCTL, low, high);
+                }
+        }
+
+        if (ibs_config.op_enabled) {
+                rdmsr(MSR_AMD64_IBSOPCTL, low, high);
+                if (low & IBS_OP_LOW_VALID_BIT) {
+                        rdmsr(MSR_AMD64_IBSOPRIP, low, high);
+                        ibs_op.ibs_op_rip_low = low;
+                        ibs_op.ibs_op_rip_high = high;
+                        rdmsr(MSR_AMD64_IBSOPDATA, low, high);
+                        ibs_op.ibs_op_data1_low = low;
+                        ibs_op.ibs_op_data1_high = high;
+                        rdmsr(MSR_AMD64_IBSOPDATA2, low, high);
+                        ibs_op.ibs_op_data2_low = low;
+                        ibs_op.ibs_op_data2_high = high;
+                        rdmsr(MSR_AMD64_IBSOPDATA3, low, high);
+                        ibs_op.ibs_op_data3_low = low;
+                        ibs_op.ibs_op_data3_high = high;
+                        rdmsr(MSR_AMD64_IBSDCLINAD, low, high);
+                        ibs_op.ibs_dc_linear_low = low;
+                        ibs_op.ibs_dc_linear_high = high;
+                        rdmsr(MSR_AMD64_IBSDCPHYSAD, low, high);
+                        ibs_op.ibs_dc_phys_low = low;
+                        ibs_op.ibs_dc_phys_high = high;
+
+                        /* reenable the IRQ */
+                        oprofile_add_ibs_sample(regs,
+                                                (unsigned int *)&ibs_op,
+                                                IBS_OP_BEGIN);
+                        rdmsr(MSR_AMD64_IBSOPCTL, low, high);
+                        high = 0;
+                        low &= ~IBS_OP_LOW_VALID_BIT;
+                        low |= IBS_OP_LOW_ENABLE;
+                        wrmsr(MSR_AMD64_IBSOPCTL, low, high);
+                }
+        }
+
+        return 1;
+}
+
+#endif
+
+static int op_amd_check_ctrs(struct pt_regs * const regs,
+                             struct op_msrs const * const msrs)
+{
+        unsigned int low, high;
+        int i;
+
+        for (i = 0 ; i < NUM_COUNTERS; ++i) {
+                if (!reset_value[i])
+                        continue;
+                CTR_READ(low, high, msrs, i);
+                if (CTR_OVERFLOWED(low)) {
+                        oprofile_add_sample(regs, i);
+                        CTR_WRITE(reset_value[i], msrs, i);
+                }
+        }
+
+#ifdef CONFIG_OPROFILE_IBS
+        op_amd_handle_ibs(regs, msrs);
+#endif
+
+        /* See op_model_ppro.c */
+        return 1;
+}
+
+static void op_amd_start(struct op_msrs const * const msrs)
+{
+        unsigned int low, high;
+        int i;
+        for (i = 0 ; i < NUM_COUNTERS ; ++i) {
+                if (reset_value[i]) {
+                        CTRL_READ(low, high, msrs, i);
+                        CTRL_SET_ACTIVE(low);
+                        CTRL_WRITE(low, high, msrs, i);
+                }
+        }
+
+#ifdef CONFIG_OPROFILE_IBS
+        if (ibs_allowed && ibs_config.fetch_enabled) {
+                low = (ibs_config.max_cnt_fetch >> 4) & 0xFFFF;
+                high = IBS_FETCH_HIGH_ENABLE;
+                wrmsr(MSR_AMD64_IBSFETCHCTL, low, high);
+        }
+
+        if (ibs_allowed && ibs_config.op_enabled) {
+                low = ((ibs_config.max_cnt_op >> 4) & 0xFFFF) + IBS_OP_LOW_ENABLE;
+                high = 0;
+                wrmsr(MSR_AMD64_IBSOPCTL, low, high);
+        }
+#endif
+}
+
+
+static void op_amd_stop(struct op_msrs const * const msrs)
+{
+        unsigned int low, high;
+        int i;
+
+        /* Subtle: stop on all counters to avoid race with
+         * setting our pm callback */
+        for (i = 0 ; i < NUM_COUNTERS ; ++i) {
+                if (!reset_value[i])
+                        continue;
+                CTRL_READ(low, high, msrs, i);
+                CTRL_SET_INACTIVE(low);
+                CTRL_WRITE(low, high, msrs, i);
+        }
+
+#ifdef CONFIG_OPROFILE_IBS
+        if (ibs_allowed && ibs_config.fetch_enabled) {
+                low = 0;                /* clear max count and enable */
+                high = 0;
+                wrmsr(MSR_AMD64_IBSFETCHCTL, low, high);
+        }
+
+        if (ibs_allowed && ibs_config.op_enabled) {
+                low = 0;                /* clear max count and enable */
+                high = 0;
+                wrmsr(MSR_AMD64_IBSOPCTL, low, high);
+        }
+#endif
+}
+
+static void op_amd_shutdown(struct op_msrs const * const msrs)
+{
+        int i;
+
+        for (i = 0 ; i < NUM_COUNTERS ; ++i) {
+                if (CTR_IS_RESERVED(msrs, i))
+                        release_perfctr_nmi(MSR_K7_PERFCTR0 + i);
+        }
+        for (i = 0 ; i < NUM_CONTROLS ; ++i) {
+                if (CTRL_IS_RESERVED(msrs, i))
+                        release_evntsel_nmi(MSR_K7_EVNTSEL0 + i);
+        }
+}
+
+#ifndef CONFIG_OPROFILE_IBS
+
+/* no IBS support */
+
+static int op_amd_init(struct oprofile_operations *ops)
+{
+        return 0;
+}
+
+static void op_amd_exit(void) {}
+
+#else
+
+static u8 ibs_eilvt_off;
+
+static inline void apic_init_ibs_nmi_per_cpu(void *arg)
+{
+        ibs_eilvt_off = setup_APIC_eilvt_ibs(0, APIC_EILVT_MSG_NMI, 0);
+}
+
+static inline void apic_clear_ibs_nmi_per_cpu(void *arg)
+{
+        setup_APIC_eilvt_ibs(0, APIC_EILVT_MSG_FIX, 1);
+}
+
+static int pfm_amd64_setup_eilvt(void)
+{
+#define IBSCTL_LVTOFFSETVAL             (1 << 8)
+#define IBSCTL                          0x1cc
+        struct pci_dev *cpu_cfg;
+        int nodes;
+        u32 value = 0;
+
+        /* per CPU setup */
+        on_each_cpu(apic_init_ibs_nmi_per_cpu, NULL, 1);
+
+        nodes = 0;
+        cpu_cfg = NULL;
+        do {
+                cpu_cfg = pci_get_device(PCI_VENDOR_ID_AMD,
+                                         PCI_DEVICE_ID_AMD_10H_NB_MISC,
+                                         cpu_cfg);
+                if (!cpu_cfg)
+                        break;
+                ++nodes;
+                pci_write_config_dword(cpu_cfg, IBSCTL, ibs_eilvt_off
+                                       | IBSCTL_LVTOFFSETVAL);
+                pci_read_config_dword(cpu_cfg, IBSCTL, &value);
+                if (value != (ibs_eilvt_off | IBSCTL_LVTOFFSETVAL)) {
+                        printk(KERN_DEBUG "Failed to setup IBS LVT offset, "
+                                "IBSCTL = 0x%08x", value);
+                        return 1;
+                }
+        } while (1);
+
+        if (!nodes) {
+                printk(KERN_DEBUG "No CPU node configured for IBS");
+                return 1;
+        }
+
+#ifdef CONFIG_NUMA
+        /* Sanity check */
+        /* Works only for 64bit with proper numa implementation. */
+        if (nodes != num_possible_nodes()) {
+                printk(KERN_DEBUG "Failed to setup CPU node(s) for IBS, "
+                        "found: %d, expected %d",
+                        nodes, num_possible_nodes());
+                return 1;
+        }
+#endif
+        return 0;
+}
+
+/*
+ * initialize the APIC for the IBS interrupts
+ * if available (AMD Family10h rev B0 and later)
+ */
+static void setup_ibs(void)
+{
+        ibs_allowed = boot_cpu_has(X86_FEATURE_IBS);
+
+        if (!ibs_allowed)
+                return;
+
+        if (pfm_amd64_setup_eilvt()) {
+                ibs_allowed = 0;
+                return;
+        }
+
+        printk(KERN_INFO "oprofile: AMD IBS detected\n");
+}
+
+
+/*
+ * unitialize the APIC for the IBS interrupts if needed on AMD Family10h
+ * rev B0 and later */
+static void clear_ibs_nmi(void)
+{
+        if (ibs_allowed)
+                on_each_cpu(apic_clear_ibs_nmi_per_cpu, NULL, 1);
+}
+
+static int (*create_arch_files)(struct super_block * sb, struct dentry * root);
+
+static int setup_ibs_files(struct super_block * sb, struct dentry * root)
+{
+        char buf[12];
+        struct dentry *dir;
+        int ret = 0;
+
+        /* architecture specific files */
+        if (create_arch_files)
+                ret = create_arch_files(sb, root);
+
+        if (ret)
+                return ret;
+
+        if (!ibs_allowed)
+                return ret;
+
+        /* model specific files */
+
+        /* setup some reasonable defaults */
+        ibs_config.max_cnt_fetch = 250000;
+        ibs_config.fetch_enabled = 0;
+        ibs_config.max_cnt_op = 250000;
+        ibs_config.op_enabled = 0;
+        ibs_config.dispatched_ops = 1;
+        snprintf(buf,  sizeof(buf), "ibs_fetch");
+        dir = oprofilefs_mkdir(sb, root, buf);
+        oprofilefs_create_ulong(sb, dir, "rand_enable",
+                                &ibs_config.rand_en);
+        oprofilefs_create_ulong(sb, dir, "enable",
+                &ibs_config.fetch_enabled);
+        oprofilefs_create_ulong(sb, dir, "max_count",
+                &ibs_config.max_cnt_fetch);
+        snprintf(buf,  sizeof(buf), "ibs_uops");
+        dir = oprofilefs_mkdir(sb, root, buf);
+        oprofilefs_create_ulong(sb, dir, "enable",
+                &ibs_config.op_enabled);
+        oprofilefs_create_ulong(sb, dir, "max_count",
+                &ibs_config.max_cnt_op);
+        oprofilefs_create_ulong(sb, dir, "dispatched_ops",
+                &ibs_config.dispatched_ops);
+
+        return 0;
+}
+
+static int op_amd_init(struct oprofile_operations *ops)
+{
+        setup_ibs();
+        create_arch_files = ops->create_files;
+        ops->create_files = setup_ibs_files;
+        return 0;
+}
+
+static void op_amd_exit(void)
+{
+        clear_ibs_nmi();
+}
+
+#endif
+
+struct op_x86_model_spec const op_amd_spec = {
+        .init = op_amd_init,
+        .exit = op_amd_exit,
+        .num_counters = NUM_COUNTERS,
+        .num_controls = NUM_CONTROLS,
+        .fill_in_addresses = &op_amd_fill_in_addresses,
+        .setup_ctrs = &op_amd_setup_ctrs,
+        .check_ctrs = &op_amd_check_ctrs,
+        .start = &op_amd_start,
+        .stop = &op_amd_stop,
+        .shutdown = &op_amd_shutdown
+};
diff --git a/arch/x86/oprofile/op_model_athlon.c b/arch/x86/oprofile/op_model_athlon.c
deleted file mode 100644
index 3d534879a9dc..000000000000
--- a/arch/x86/oprofile/op_model_athlon.c
+++ /dev/null
@@ -1,190 +0,0 @@
-/*
- * @file op_model_athlon.h
- * athlon / K7 / K8 / Family 10h model-specific MSR operations
- *
- * @remark Copyright 2002 OProfile authors
- * @remark Read the file COPYING
- *
- * @author John Levon
- * @author Philippe Elie
- * @author Graydon Hoare
- */
-
-#include <linux/oprofile.h>
-#include <asm/ptrace.h>
-#include <asm/msr.h>
-#include <asm/nmi.h>
-
-#include "op_x86_model.h"
-#include "op_counter.h"
-
-#define NUM_COUNTERS 4
-#define NUM_CONTROLS 4
-
-#define CTR_IS_RESERVED(msrs, c) (msrs->counters[(c)].addr ? 1 : 0)
-#define CTR_READ(l, h, msrs, c) do {rdmsr(msrs->counters[(c)].addr, (l), (h)); } while (0)
-#define CTR_WRITE(l, msrs, c) do {wrmsr(msrs->counters[(c)].addr, -(unsigned int)(l), -1); } while (0)
-#define CTR_OVERFLOWED(n) (!((n) & (1U<<31)))
-
-#define CTRL_IS_RESERVED(msrs, c) (msrs->controls[(c)].addr ? 1 : 0)
-#define CTRL_READ(l, h, msrs, c) do {rdmsr(msrs->controls[(c)].addr, (l), (h)); } while (0)
-#define CTRL_WRITE(l, h, msrs, c) do {wrmsr(msrs->controls[(c)].addr, (l), (h)); } while (0)
-#define CTRL_SET_ACTIVE(n) (n |= (1<<22))
-#define CTRL_SET_INACTIVE(n) (n &= ~(1<<22))
-#define CTRL_CLEAR_LO(x) (x &= (1<<21))
-#define CTRL_CLEAR_HI(x) (x &= 0xfffffcf0)
-#define CTRL_SET_ENABLE(val) (val |= 1<<20)
-#define CTRL_SET_USR(val, u) (val |= ((u & 1) << 16))
-#define CTRL_SET_KERN(val, k) (val |= ((k & 1) << 17))
-#define CTRL_SET_UM(val, m) (val |= (m << 8))
-#define CTRL_SET_EVENT_LOW(val, e) (val |= (e & 0xff))
-#define CTRL_SET_EVENT_HIGH(val, e) (val |= ((e >> 8) & 0xf))
-#define CTRL_SET_HOST_ONLY(val, h) (val |= ((h & 1) << 9))
-#define CTRL_SET_GUEST_ONLY(val, h) (val |= ((h & 1) << 8))
-
-static unsigned long reset_value[NUM_COUNTERS];
-
-static void athlon_fill_in_addresses(struct op_msrs * const msrs)
-{
-        int i;
-
-        for (i = 0; i < NUM_COUNTERS; i++) {
-                if (reserve_perfctr_nmi(MSR_K7_PERFCTR0 + i))
-                        msrs->counters[i].addr = MSR_K7_PERFCTR0 + i;
-                else
-                        msrs->counters[i].addr = 0;
-        }
-
-        for (i = 0; i < NUM_CONTROLS; i++) {
-                if (reserve_evntsel_nmi(MSR_K7_EVNTSEL0 + i))
-                        msrs->controls[i].addr = MSR_K7_EVNTSEL0 + i;
-                else
-                        msrs->controls[i].addr = 0;
-        }
-}
-
-
-static void athlon_setup_ctrs(struct op_msrs const * const msrs)
-{
-        unsigned int low, high;
-        int i;
-
-        /* clear all counters */
-        for (i = 0 ; i < NUM_CONTROLS; ++i) {
-                if (unlikely(!CTRL_IS_RESERVED(msrs, i)))
-                        continue;
-                CTRL_READ(low, high, msrs, i);
-                CTRL_CLEAR_LO(low);
-                CTRL_CLEAR_HI(high);
-                CTRL_WRITE(low, high, msrs, i);
-        }
-
-        /* avoid a false detection of ctr overflows in NMI handler */
-        for (i = 0; i < NUM_COUNTERS; ++i) {
-                if (unlikely(!CTR_IS_RESERVED(msrs, i)))
-                        continue;
-                CTR_WRITE(1, msrs, i);
-        }
-
-        /* enable active counters */
-        for (i = 0; i < NUM_COUNTERS; ++i) {
-                if ((counter_config[i].enabled) && (CTR_IS_RESERVED(msrs, i))) {
-                        reset_value[i] = counter_config[i].count;
-
-                        CTR_WRITE(counter_config[i].count, msrs, i);
-
-                        CTRL_READ(low, high, msrs, i);
-                        CTRL_CLEAR_LO(low);
-                        CTRL_CLEAR_HI(high);
-                        CTRL_SET_ENABLE(low);
-                        CTRL_SET_USR(low, counter_config[i].user);
-                        CTRL_SET_KERN(low, counter_config[i].kernel);
-                        CTRL_SET_UM(low, counter_config[i].unit_mask);
-                        CTRL_SET_EVENT_LOW(low, counter_config[i].event);
-                        CTRL_SET_EVENT_HIGH(high, counter_config[i].event);
-                        CTRL_SET_HOST_ONLY(high, 0);
-                        CTRL_SET_GUEST_ONLY(high, 0);
-
-                        CTRL_WRITE(low, high, msrs, i);
-                } else {
-                        reset_value[i] = 0;
-                }
-        }
-}
-
-
-static int athlon_check_ctrs(struct pt_regs * const regs,
-                             struct op_msrs const * const msrs)
-{
-        unsigned int low, high;
-        int i;
-
-        for (i = 0 ; i < NUM_COUNTERS; ++i) {
-                if (!reset_value[i])
-                        continue;
-                CTR_READ(low, high, msrs, i);
-                if (CTR_OVERFLOWED(low)) {
-                        oprofile_add_sample(regs, i);
-                        CTR_WRITE(reset_value[i], msrs, i);
-                }
-        }
-
-        /* See op_model_ppro.c */
-        return 1;
-}
-
-
-static void athlon_start(struct op_msrs const * const msrs)
-{
-        unsigned int low, high;
-        int i;
-        for (i = 0 ; i < NUM_COUNTERS ; ++i) {
-                if (reset_value[i]) {
-                        CTRL_READ(low, high, msrs, i);
-                        CTRL_SET_ACTIVE(low);
-                        CTRL_WRITE(low, high, msrs, i);
-                }
-        }
-}
-
-
-static void athlon_stop(struct op_msrs const * const msrs)
-{
-        unsigned int low, high;
-        int i;
-
-        /* Subtle: stop on all counters to avoid race with
-         * setting our pm callback */
-        for (i = 0 ; i < NUM_COUNTERS ; ++i) {
-                if (!reset_value[i])
-                        continue;
-                CTRL_READ(low, high, msrs, i);
-                CTRL_SET_INACTIVE(low);
-                CTRL_WRITE(low, high, msrs, i);
-        }
-}
-
-static void athlon_shutdown(struct op_msrs const * const msrs)
-{
-        int i;
-
-        for (i = 0 ; i < NUM_COUNTERS ; ++i) {
-                if (CTR_IS_RESERVED(msrs, i))
-                        release_perfctr_nmi(MSR_K7_PERFCTR0 + i);
-        }
-        for (i = 0 ; i < NUM_CONTROLS ; ++i) {
-                if (CTRL_IS_RESERVED(msrs, i))
-                        release_evntsel_nmi(MSR_K7_EVNTSEL0 + i);
-        }
-}
-
-struct op_x86_model_spec const op_athlon_spec = {
-        .num_counters = NUM_COUNTERS,
-        .num_controls = NUM_CONTROLS,
-        .fill_in_addresses = &athlon_fill_in_addresses,
-        .setup_ctrs = &athlon_setup_ctrs,
-        .check_ctrs = &athlon_check_ctrs,
-        .start = &athlon_start,
-        .stop = &athlon_stop,
-        .shutdown = &athlon_shutdown
-};
diff --git a/arch/x86/oprofile/op_model_p4.c b/arch/x86/oprofile/op_model_p4.c
index 56b4757a1f47..43ac5af338d8 100644
--- a/arch/x86/oprofile/op_model_p4.c
+++ b/arch/x86/oprofile/op_model_p4.c
@@ -10,11 +10,12 @@
 
 #include <linux/oprofile.h>
 #include <linux/smp.h>
+#include <linux/ptrace.h>
+#include <linux/nmi.h>
 #include <asm/msr.h>
-#include <asm/ptrace.h>
 #include <asm/fixmap.h>
 #include <asm/apic.h>
-#include <asm/nmi.h>
+
 
 #include "op_x86_model.h"
 #include "op_counter.h"
@@ -40,7 +41,7 @@ static unsigned int num_controls = NUM_CONTROLS_NON_HT;
 static inline void setup_num_counters(void)
 {
 #ifdef CONFIG_SMP
-        if (smp_num_siblings == 2){
+        if (smp_num_siblings == 2) {
                 num_counters = NUM_COUNTERS_HT2;
                 num_controls = NUM_CONTROLS_HT2;
         }
@@ -86,7 +87,7 @@ struct p4_event_binding {
 #define CTR_FLAME_2    (1 << 6)
 #define CTR_IQ_5       (1 << 7)
 
-static struct p4_counter_binding p4_counters [NUM_COUNTERS_NON_HT] = {
+static struct p4_counter_binding p4_counters[NUM_COUNTERS_NON_HT] = {
         { CTR_BPU_0,   MSR_P4_BPU_PERFCTR0,   MSR_P4_BPU_CCCR0 },
         { CTR_MS_0,    MSR_P4_MS_PERFCTR0,    MSR_P4_MS_CCCR0 },
         { CTR_FLAME_0, MSR_P4_FLAME_PERFCTR0, MSR_P4_FLAME_CCCR0 },
@@ -97,32 +98,32 @@ static struct p4_counter_binding p4_counters [NUM_COUNTERS_NON_HT] = {
         { CTR_IQ_5,    MSR_P4_IQ_PERFCTR5,    MSR_P4_IQ_CCCR5 }
 };
 
-#define NUM_UNUSED_CCCRS        NUM_CCCRS_NON_HT - NUM_COUNTERS_NON_HT
+#define NUM_UNUSED_CCCRS (NUM_CCCRS_NON_HT - NUM_COUNTERS_NON_HT)
 
 /* p4 event codes in libop/op_event.h are indices into this table. */
 
 static struct p4_event_binding p4_events[NUM_EVENTS] = {
-        
+
         { /* BRANCH_RETIRED */
-                0x05, 0x06, 
+                0x05, 0x06,
                 { {CTR_IQ_4, MSR_P4_CRU_ESCR2},
                   {CTR_IQ_5, MSR_P4_CRU_ESCR3} }
         },
-        
+
         { /* MISPRED_BRANCH_RETIRED */
-                0x04, 0x03, 
+                0x04, 0x03,
                 { { CTR_IQ_4, MSR_P4_CRU_ESCR0},
                   { CTR_IQ_5, MSR_P4_CRU_ESCR1} }
         },
-        
+
         { /* TC_DELIVER_MODE */
                 0x01, 0x01,
-                { { CTR_MS_0, MSR_P4_TC_ESCR0},  
+                { { CTR_MS_0, MSR_P4_TC_ESCR0},
                   { CTR_MS_2, MSR_P4_TC_ESCR1} }
         },
-        
+
         { /* BPU_FETCH_REQUEST */
-                0x00, 0x03, 
+                0x00, 0x03,
                 { { CTR_BPU_0, MSR_P4_BPU_ESCR0},
                   { CTR_BPU_2, MSR_P4_BPU_ESCR1} }
         },
@@ -146,7 +147,7 @@ static struct p4_event_binding p4_events[NUM_EVENTS] = {
         },
 
         { /* LOAD_PORT_REPLAY */
-                0x02, 0x04, 
+                0x02, 0x04,
                 { { CTR_FLAME_0, MSR_P4_SAAT_ESCR0},
                   { CTR_FLAME_2, MSR_P4_SAAT_ESCR1} }
         },
@@ -170,43 +171,43 @@ static struct p4_event_binding p4_events[NUM_EVENTS] = {
         },
 
         { /* BSQ_CACHE_REFERENCE */
-                0x07, 0x0c, 
+                0x07, 0x0c,
                 { { CTR_BPU_0, MSR_P4_BSU_ESCR0},
                   { CTR_BPU_2, MSR_P4_BSU_ESCR1} }
         },
 
         { /* IOQ_ALLOCATION */
-                0x06, 0x03, 
+                0x06, 0x03,
                 { { CTR_BPU_0, MSR_P4_FSB_ESCR0},
                   { 0, 0 } }
         },
 
         { /* IOQ_ACTIVE_ENTRIES */
-                0x06, 0x1a, 
+                0x06, 0x1a,
                 { { CTR_BPU_2, MSR_P4_FSB_ESCR1},
                   { 0, 0 } }
         },
 
         { /* FSB_DATA_ACTIVITY */
-                0x06, 0x17, 
+                0x06, 0x17,
                 { { CTR_BPU_0, MSR_P4_FSB_ESCR0},
                   { CTR_BPU_2, MSR_P4_FSB_ESCR1} }
         },
 
         { /* BSQ_ALLOCATION */
-                0x07, 0x05, 
+                0x07, 0x05,
                 { { CTR_BPU_0, MSR_P4_BSU_ESCR0},
                   { 0, 0 } }
         },
 
         { /* BSQ_ACTIVE_ENTRIES */
                 0x07, 0x06,
-                { { CTR_BPU_2, MSR_P4_BSU_ESCR1 /* guess */},  
+                { { CTR_BPU_2, MSR_P4_BSU_ESCR1 /* guess */},
                   { 0, 0 } }
         },
 
         { /* X87_ASSIST */
-                0x05, 0x03, 
+                0x05, 0x03,
                 { { CTR_IQ_4, MSR_P4_CRU_ESCR2},
                   { CTR_IQ_5, MSR_P4_CRU_ESCR3} }
         },
@@ -216,21 +217,21 @@ static struct p4_event_binding p4_events[NUM_EVENTS] = {
                 { { CTR_FLAME_0, MSR_P4_FIRM_ESCR0},
                   { CTR_FLAME_2, MSR_P4_FIRM_ESCR1} }
         },
-  
+
         { /* PACKED_SP_UOP */
-                0x01, 0x08, 
+                0x01, 0x08,
                 { { CTR_FLAME_0, MSR_P4_FIRM_ESCR0},
                   { CTR_FLAME_2, MSR_P4_FIRM_ESCR1} }
         },
-  
+
         { /* PACKED_DP_UOP */
-                0x01, 0x0c, 
+                0x01, 0x0c,
                 { { CTR_FLAME_0, MSR_P4_FIRM_ESCR0},
                   { CTR_FLAME_2, MSR_P4_FIRM_ESCR1} }
         },
 
         { /* SCALAR_SP_UOP */
-                0x01, 0x0a, 
+                0x01, 0x0a,
                 { { CTR_FLAME_0, MSR_P4_FIRM_ESCR0},
                   { CTR_FLAME_2, MSR_P4_FIRM_ESCR1} }
         },
@@ -242,31 +243,31 @@ static struct p4_event_binding p4_events[NUM_EVENTS] = {
         },
 
         { /* 64BIT_MMX_UOP */
-                0x01, 0x02, 
+                0x01, 0x02,
                 { { CTR_FLAME_0, MSR_P4_FIRM_ESCR0},
                   { CTR_FLAME_2, MSR_P4_FIRM_ESCR1} }
         },
-  
+
         { /* 128BIT_MMX_UOP */
-                0x01, 0x1a, 
+                0x01, 0x1a,
                 { { CTR_FLAME_0, MSR_P4_FIRM_ESCR0},
                   { CTR_FLAME_2, MSR_P4_FIRM_ESCR1} }
         },
 
         { /* X87_FP_UOP */
-                0x01, 0x04, 
+                0x01, 0x04,
                 { { CTR_FLAME_0, MSR_P4_FIRM_ESCR0},
                   { CTR_FLAME_2, MSR_P4_FIRM_ESCR1} }
         },
-  
+
         { /* X87_SIMD_MOVES_UOP */
-                0x01, 0x2e, 
+                0x01, 0x2e,
                 { { CTR_FLAME_0, MSR_P4_FIRM_ESCR0},
                   { CTR_FLAME_2, MSR_P4_FIRM_ESCR1} }
         },
-  
+
         { /* MACHINE_CLEAR */
-                0x05, 0x02, 
+                0x05, 0x02,
                 { { CTR_IQ_4, MSR_P4_CRU_ESCR2},
                   { CTR_IQ_5, MSR_P4_CRU_ESCR3} }
         },
@@ -276,9 +277,9 @@ static struct p4_event_binding p4_events[NUM_EVENTS] = {
                 { { CTR_BPU_0, MSR_P4_FSB_ESCR0},
                   { CTR_BPU_2, MSR_P4_FSB_ESCR1} }
         },
-  
+
         { /* TC_MS_XFER */
-                0x00, 0x05, 
+                0x00, 0x05,
                 { { CTR_MS_0, MSR_P4_MS_ESCR0},
                   { CTR_MS_2, MSR_P4_MS_ESCR1} }
         },
@@ -308,7 +309,7 @@ static struct p4_event_binding p4_events[NUM_EVENTS] = {
         },
 
         { /* INSTR_RETIRED */
-                0x04, 0x02, 
+                0x04, 0x02,
                 { { CTR_IQ_4, MSR_P4_CRU_ESCR0},
                   { CTR_IQ_5, MSR_P4_CRU_ESCR1} }
         },
@@ -319,14 +320,14 @@ static struct p4_event_binding p4_events[NUM_EVENTS] = {
                   { CTR_IQ_5, MSR_P4_CRU_ESCR1} }
         },
 
-        { /* UOP_TYPE */    
-                0x02, 0x02, 
+        { /* UOP_TYPE */
+                0x02, 0x02,
                 { { CTR_IQ_4, MSR_P4_RAT_ESCR0},
                   { CTR_IQ_5, MSR_P4_RAT_ESCR1} }
         },
 
         { /* RETIRED_MISPRED_BRANCH_TYPE */
-                0x02, 0x05, 
+                0x02, 0x05,
                 { { CTR_MS_0, MSR_P4_TBPU_ESCR0},
                   { CTR_MS_2, MSR_P4_TBPU_ESCR1} }
         },
@@ -349,8 +350,8 @@ static struct p4_event_binding p4_events[NUM_EVENTS] = {
 #define ESCR_SET_OS_1(escr, os) ((escr) |= (((os) & 1) << 1))
 #define ESCR_SET_EVENT_SELECT(escr, sel) ((escr) |= (((sel) & 0x3f) << 25))
 #define ESCR_SET_EVENT_MASK(escr, mask) ((escr) |= (((mask) & 0xffff) << 9))
-#define ESCR_READ(escr,high,ev,i) do {rdmsr(ev->bindings[(i)].escr_address, (escr), (high));} while (0)
-#define ESCR_WRITE(escr,high,ev,i) do {wrmsr(ev->bindings[(i)].escr_address, (escr), (high));} while (0)
+#define ESCR_READ(escr, high, ev, i) do {rdmsr(ev->bindings[(i)].escr_address, (escr), (high)); } while (0)
+#define ESCR_WRITE(escr, high, ev, i) do {wrmsr(ev->bindings[(i)].escr_address, (escr), (high)); } while (0)
 
 #define CCCR_RESERVED_BITS 0x38030FFF
 #define CCCR_CLEAR(cccr) ((cccr) &= CCCR_RESERVED_BITS)
@@ -360,15 +361,15 @@ static struct p4_event_binding p4_events[NUM_EVENTS] = {
 #define CCCR_SET_PMI_OVF_1(cccr) ((cccr) |= (1<<27))
 #define CCCR_SET_ENABLE(cccr) ((cccr) |= (1<<12))
 #define CCCR_SET_DISABLE(cccr) ((cccr) &= ~(1<<12))
-#define CCCR_READ(low, high, i) do {rdmsr(p4_counters[(i)].cccr_address, (low), (high));} while (0)
-#define CCCR_WRITE(low, high, i) do {wrmsr(p4_counters[(i)].cccr_address, (low), (high));} while (0)
+#define CCCR_READ(low, high, i) do {rdmsr(p4_counters[(i)].cccr_address, (low), (high)); } while (0)
+#define CCCR_WRITE(low, high, i) do {wrmsr(p4_counters[(i)].cccr_address, (low), (high)); } while (0)
 #define CCCR_OVF_P(cccr) ((cccr) & (1U<<31))
 #define CCCR_CLEAR_OVF(cccr) ((cccr) &= (~(1U<<31)))
 
-#define CTRL_IS_RESERVED(msrs,c) (msrs->controls[(c)].addr ? 1 : 0)
-#define CTR_IS_RESERVED(msrs,c) (msrs->counters[(c)].addr ? 1 : 0)
-#define CTR_READ(l,h,i) do {rdmsr(p4_counters[(i)].counter_address, (l), (h));} while (0)
-#define CTR_WRITE(l,i) do {wrmsr(p4_counters[(i)].counter_address, -(u32)(l), -1);} while (0)
+#define CTRL_IS_RESERVED(msrs, c) (msrs->controls[(c)].addr ? 1 : 0)
+#define CTR_IS_RESERVED(msrs, c) (msrs->counters[(c)].addr ? 1 : 0)
+#define CTR_READ(l, h, i) do {rdmsr(p4_counters[(i)].counter_address, (l), (h)); } while (0)
+#define CTR_WRITE(l, i) do {wrmsr(p4_counters[(i)].counter_address, -(u32)(l), -1); } while (0)
 #define CTR_OVERFLOW_P(ctr) (!((ctr) & 0x80000000))
 
 
@@ -380,7 +381,7 @@ static unsigned int get_stagger(void)
 #ifdef CONFIG_SMP
         int cpu = smp_processor_id();
         return (cpu != first_cpu(per_cpu(cpu_sibling_map, cpu)));
-#endif  
+#endif
         return 0;
 }
 
@@ -395,25 +396,23 @@ static unsigned long reset_value[NUM_COUNTERS_NON_HT];
 
 static void p4_fill_in_addresses(struct op_msrs * const msrs)
 {
-        unsigned int i; 
+        unsigned int i;
         unsigned int addr, cccraddr, stag;
 
         setup_num_counters();
         stag = get_stagger();
 
         /* initialize some registers */
-        for (i = 0; i < num_counters; ++i) {
+        for (i = 0; i < num_counters; ++i)
                 msrs->counters[i].addr = 0;
-        }
-        for (i = 0; i < num_controls; ++i) {
+        for (i = 0; i < num_controls; ++i)
                 msrs->controls[i].addr = 0;
-        }
-        
+
         /* the counter & cccr registers we pay attention to */
         for (i = 0; i < num_counters; ++i) {
                 addr = p4_counters[VIRT_CTR(stag, i)].counter_address;
                 cccraddr = p4_counters[VIRT_CTR(stag, i)].cccr_address;
-                if (reserve_perfctr_nmi(addr)){
+                if (reserve_perfctr_nmi(addr)) {
                         msrs->counters[i].addr = addr;
                         msrs->controls[i].addr = cccraddr;
                 }
@@ -447,22 +446,22 @@ static void p4_fill_in_addresses(struct op_msrs * const msrs)
                 if (reserve_evntsel_nmi(addr))
                         msrs->controls[i].addr = addr;
         }
-        
+
         for (addr = MSR_P4_MS_ESCR0 + stag;
-             addr <= MSR_P4_TC_ESCR1; ++i, addr += addr_increment()) { 
+             addr <= MSR_P4_TC_ESCR1; ++i, addr += addr_increment()) {
                 if (reserve_evntsel_nmi(addr))
                         msrs->controls[i].addr = addr;
         }
-        
+
         for (addr = MSR_P4_IX_ESCR0 + stag;
-             addr <= MSR_P4_CRU_ESCR3; ++i, addr += addr_increment()) { 
+             addr <= MSR_P4_CRU_ESCR3; ++i, addr += addr_increment()) {
                 if (reserve_evntsel_nmi(addr))
                         msrs->controls[i].addr = addr;
         }
 
         /* there are 2 remaining non-contiguously located ESCRs */
 
-        if (num_counters == NUM_COUNTERS_NON_HT) {              
+        if (num_counters == NUM_COUNTERS_NON_HT) {
                 /* standard non-HT CPUs handle both remaining ESCRs*/
                 if (reserve_evntsel_nmi(MSR_P4_CRU_ESCR5))
                         msrs->controls[i++].addr = MSR_P4_CRU_ESCR5;
@@ -498,20 +497,20 @@ static void pmc_setup_one_p4_counter(unsigned int ctr)
         unsigned int stag;
 
         stag = get_stagger();
-        
+
         /* convert from counter *number* to counter *bit* */
         counter_bit = 1 << VIRT_CTR(stag, ctr);
-        
+
         /* find our event binding structure. */
         if (counter_config[ctr].event <= 0 || counter_config[ctr].event > NUM_EVENTS) {
-                printk(KERN_ERR 
-                       "oprofile: P4 event code 0x%lx out of range\n", 
+                printk(KERN_ERR
+                       "oprofile: P4 event code 0x%lx out of range\n",
                        counter_config[ctr].event);
                 return;
         }
-        
+
         ev = &(p4_events[counter_config[ctr].event - 1]);
-        
+
         for (i = 0; i < maxbind; i++) {
                 if (ev->bindings[i].virt_counter & counter_bit) {
 
@@ -526,25 +525,24 @@ static void pmc_setup_one_p4_counter(unsigned int ctr)
                                 ESCR_SET_OS_1(escr, counter_config[ctr].kernel);
                         }
                         ESCR_SET_EVENT_SELECT(escr, ev->event_select);
-                        ESCR_SET_EVENT_MASK(escr, counter_config[ctr].unit_mask);                       
+                        ESCR_SET_EVENT_MASK(escr, counter_config[ctr].unit_mask);
                         ESCR_WRITE(escr, high, ev, i);
-                       
+
                         /* modify CCCR */
                         CCCR_READ(cccr, high, VIRT_CTR(stag, ctr));
                         CCCR_CLEAR(cccr);
                         CCCR_SET_REQUIRED_BITS(cccr);
                         CCCR_SET_ESCR_SELECT(cccr, ev->escr_select);
-                        if (stag == 0) {
+                        if (stag == 0)
                                 CCCR_SET_PMI_OVF_0(cccr);
-                        } else {
+                        else
                                 CCCR_SET_PMI_OVF_1(cccr);
-                        }
                         CCCR_WRITE(cccr, high, VIRT_CTR(stag, ctr));
                         return;
                 }
         }
 
-        printk(KERN_ERR 
+        printk(KERN_ERR
                "oprofile: P4 event code 0x%lx no binding, stag %d ctr %d\n",
                counter_config[ctr].event, stag, ctr);
 }
@@ -559,14 +557,14 @@ static void p4_setup_ctrs(struct op_msrs const * const msrs)
         stag = get_stagger();
 
         rdmsr(MSR_IA32_MISC_ENABLE, low, high);
-        if (! MISC_PMC_ENABLED_P(low)) {
+        if (!MISC_PMC_ENABLED_P(low)) {
                 printk(KERN_ERR "oprofile: P4 PMC not available\n");
                 return;
         }
 
         /* clear the cccrs we will use */
         for (i = 0 ; i < num_counters ; i++) {
-                if (unlikely(!CTRL_IS_RESERVED(msrs,i)))
+                if (unlikely(!CTRL_IS_RESERVED(msrs, i)))
                         continue;
                 rdmsr(p4_counters[VIRT_CTR(stag, i)].cccr_address, low, high);
                 CCCR_CLEAR(low);
@@ -576,14 +574,14 @@ static void p4_setup_ctrs(struct op_msrs const * const msrs)
 
         /* clear all escrs (including those outside our concern) */
         for (i = num_counters; i < num_controls; i++) {
-                if (unlikely(!CTRL_IS_RESERVED(msrs,i)))
+                if (unlikely(!CTRL_IS_RESERVED(msrs, i)))
                         continue;
                 wrmsr(msrs->controls[i].addr, 0, 0);
         }
 
         /* setup all counters */
         for (i = 0 ; i < num_counters ; ++i) {
-                if ((counter_config[i].enabled) && (CTRL_IS_RESERVED(msrs,i))) {
+                if ((counter_config[i].enabled) && (CTRL_IS_RESERVED(msrs, i))) {
                         reset_value[i] = counter_config[i].count;
                         pmc_setup_one_p4_counter(i);
                         CTR_WRITE(counter_config[i].count, VIRT_CTR(stag, i));
@@ -603,11 +601,11 @@ static int p4_check_ctrs(struct pt_regs * const regs,
         stag = get_stagger();
 
         for (i = 0; i < num_counters; ++i) {
-                
-                if (!reset_value[i]) 
+
+                if (!reset_value[i])
                         continue;
 
-                /* 
+                /*
                  * there is some eccentricity in the hardware which
                  * requires that we perform 2 extra corrections:
                  *
@@ -616,24 +614,24 @@ static int p4_check_ctrs(struct pt_regs * const regs,
                  *
                  * - write the counter back twice to ensure it gets
                  *   updated properly.
-                 * 
+                 *
                  * the former seems to be related to extra NMIs happening
                  * during the current NMI; the latter is reported as errata
                  * N15 in intel doc 249199-029, pentium 4 specification
                  * update, though their suggested work-around does not
                  * appear to solve the problem.
                  */
-                
+
                 real = VIRT_CTR(stag, i);
 
                 CCCR_READ(low, high, real);
-                CTR_READ(ctr, high, real);
+                CTR_READ(ctr, high, real);
                 if (CCCR_OVF_P(low) || CTR_OVERFLOW_P(ctr)) {
                         oprofile_add_sample(regs, i);
-                        CTR_WRITE(reset_value[i], real);
+                        CTR_WRITE(reset_value[i], real);
                         CCCR_CLEAR_OVF(low);
                         CCCR_WRITE(low, high, real);
-                        CTR_WRITE(reset_value[i], real);
+                        CTR_WRITE(reset_value[i], real);
                 }
         }
 
@@ -683,15 +681,16 @@ static void p4_shutdown(struct op_msrs const * const msrs)
         int i;
 
         for (i = 0 ; i < num_counters ; ++i) {
-                if (CTR_IS_RESERVED(msrs,i))
+                if (CTR_IS_RESERVED(msrs, i))
                         release_perfctr_nmi(msrs->counters[i].addr);
         }
-        /* some of the control registers are specially reserved in
+        /*
+         * some of the control registers are specially reserved in
          * conjunction with the counter registers (hence the starting offset).
          * This saves a few bits.
          */
         for (i = num_counters ; i < num_controls ; ++i) {
-                if (CTRL_IS_RESERVED(msrs,i))
+                if (CTRL_IS_RESERVED(msrs, i))
                         release_evntsel_nmi(msrs->controls[i].addr);
         }
 }
diff --git a/arch/x86/oprofile/op_x86_model.h b/arch/x86/oprofile/op_x86_model.h
index 45b605fa71d0..05a0261ba0c3 100644
--- a/arch/x86/oprofile/op_x86_model.h
+++ b/arch/x86/oprofile/op_x86_model.h
@@ -32,6 +32,8 @@ struct pt_regs;
  * various x86 CPU models' perfctr support.
  */
 struct op_x86_model_spec {
+        int (*init)(struct oprofile_operations *ops);
+        void (*exit)(void);
         unsigned int const num_counters;
         unsigned int const num_controls;
         void (*fill_in_addresses)(struct op_msrs * const msrs);
@@ -46,6 +48,6 @@ struct op_x86_model_spec {
 extern struct op_x86_model_spec const op_ppro_spec;
 extern struct op_x86_model_spec const op_p4_spec;
 extern struct op_x86_model_spec const op_p4_ht2_spec;
-extern struct op_x86_model_spec const op_athlon_spec;
+extern struct op_x86_model_spec const op_amd_spec;
 
 #endif /* OP_X86_MODEL_H */
diff --git a/arch/x86/pci/acpi.c b/arch/x86/pci/acpi.c
index 19af06927fbc..1d88d2b39771 100644
--- a/arch/x86/pci/acpi.c
+++ b/arch/x86/pci/acpi.c
@@ -250,10 +250,5 @@ int __init pci_acpi_init(void)
                         acpi_pci_irq_enable(dev);
         }
 
-#ifdef CONFIG_X86_IO_APIC
-        if (acpi_ioapic)
-                print_IO_APIC();
-#endif
-
         return 0;
 }
diff --git a/arch/x86/pci/amd_bus.c b/arch/x86/pci/amd_bus.c
index 6a0fca78c362..22e057665e55 100644
--- a/arch/x86/pci/amd_bus.c
+++ b/arch/x86/pci/amd_bus.c
@@ -580,7 +580,7 @@ static int __cpuinit amd_cpu_notify(struct notifier_block *self,
                                     unsigned long action, void *hcpu)
 {
         int cpu = (long)hcpu;
-        switch(action) {
+        switch (action) {
         case CPU_ONLINE:
         case CPU_ONLINE_FROZEN:
                 smp_call_function_single(cpu, enable_pci_io_ecs, NULL, 0);
diff --git a/arch/x86/pci/fixup.c b/arch/x86/pci/fixup.c
index 4bdaa590375d..3c27a809393b 100644
--- a/arch/x86/pci/fixup.c
+++ b/arch/x86/pci/fixup.c
@@ -511,3 +511,31 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_AMD, 0x1201, fam10h_pci_cfg_space_size);
 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_AMD, 0x1202, fam10h_pci_cfg_space_size);
 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_AMD, 0x1203, fam10h_pci_cfg_space_size);
 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_AMD, 0x1204, fam10h_pci_cfg_space_size);
+
+/*
+ * SB600: Disable BAR1 on device 14.0 to avoid HPET resources from
+ * confusing the PCI engine:
+ */
+static void sb600_disable_hpet_bar(struct pci_dev *dev)
+{
+        u8 val;
+
+        /*
+         * The SB600 and SB700 both share the same device
+         * ID, but the PM register 0x55 does something different
+         * for the SB700, so make sure we are dealing with the
+         * SB600 before touching the bit:
+         */
+
+        pci_read_config_byte(dev, 0x08, &val);
+
+        if (val < 0x2F) {
+                outb(0x55, 0xCD6);
+                val = inb(0xCD7);
+
+                /* Set bit 7 in PM register 0x55 */
+                outb(0x55, 0xCD6);
+                outb(val | 0x80, 0xCD7);
+        }
+}
+DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_ATI, 0x4385, sb600_disable_hpet_bar);
diff --git a/arch/x86/pci/i386.c b/arch/x86/pci/i386.c
index 8791fc55e715..844df0cbbd3e 100644
--- a/arch/x86/pci/i386.c
+++ b/arch/x86/pci/i386.c
@@ -33,6 +33,7 @@
 #include <linux/bootmem.h>
 
 #include <asm/pat.h>
+#include <asm/e820.h>
 
 #include "pci.h"
 
@@ -227,6 +228,8 @@ void __init pcibios_resource_survey(void)
         pcibios_allocate_bus_resources(&pci_root_buses);
         pcibios_allocate_resources(0);
         pcibios_allocate_resources(1);
+
+        e820_reserve_resources_late();
 }
 
 /**
diff --git a/arch/x86/pci/irq.c b/arch/x86/pci/irq.c
index 8e077185e185..006599db0dc7 100644
--- a/arch/x86/pci/irq.c
+++ b/arch/x86/pci/irq.c
@@ -1043,35 +1043,44 @@ static void __init pcibios_fixup_irqs(void)
                 if (io_apic_assign_pci_irqs) {
                         int irq;
 
-                        if (pin) {
-                                /*
-                                 * interrupt pins are numbered starting
-                                 * from 1
-                                 */
-                                pin--;
-                                irq = IO_APIC_get_PCI_irq_vector(dev->bus->number,
-                                        PCI_SLOT(dev->devfn), pin);
-        /*
-         * Busses behind bridges are typically not listed in the MP-table.
-         * In this case we have to look up the IRQ based on the parent bus,
-         * parent slot, and pin number. The SMP code detects such bridged
-         * busses itself so we should get into this branch reliably.
-         */
-                                if (irq < 0 && dev->bus->parent) { /* go back to the bridge */
-                                        struct pci_dev *bridge = dev->bus->self;
-
-                                        pin = (pin + PCI_SLOT(dev->devfn)) % 4;
-                                        irq = IO_APIC_get_PCI_irq_vector(bridge->bus->number,
-                                                        PCI_SLOT(bridge->devfn), pin);
-                                        if (irq >= 0)
-                                                dev_warn(&dev->dev, "using bridge %s INT %c to get IRQ %d\n",
-                                                         pci_name(bridge),
-                                                         'A' + pin, irq);
-                                }
-                                if (irq >= 0) {
-                                        dev_info(&dev->dev, "PCI->APIC IRQ transform: INT %c -> IRQ %d\n", 'A' + pin, irq);
-                                        dev->irq = irq;
-                                }
+                        if (!pin)
+                                continue;
+
+                        /*
+                         * interrupt pins are numbered starting from 1
+                         */
+                        pin--;
+                        irq = IO_APIC_get_PCI_irq_vector(dev->bus->number,
+                                PCI_SLOT(dev->devfn), pin);
+                        /*
+                         * Busses behind bridges are typically not listed in the
+                         * MP-table.  In this case we have to look up the IRQ
+                         * based on the parent bus, parent slot, and pin number.
+                         * The SMP code detects such bridged busses itself so we
+                         * should get into this branch reliably.
+                         */
+                        if (irq < 0 && dev->bus->parent) {
+                                /* go back to the bridge */
+                                struct pci_dev *bridge = dev->bus->self;
+                                int bus;
+
+                                pin = (pin + PCI_SLOT(dev->devfn)) % 4;
+                                bus = bridge->bus->number;
+                                irq = IO_APIC_get_PCI_irq_vector(bus,
+                                                PCI_SLOT(bridge->devfn), pin);
+                                if (irq >= 0)
+                                        dev_warn(&dev->dev,
+                                                "using bridge %s INT %c to "
+                                                        "get IRQ %d\n",
+                                                 pci_name(bridge),
+                                                 'A' + pin, irq);
+                        }
+                        if (irq >= 0) {
+                                dev_info(&dev->dev,
+                                        "PCI->APIC IRQ transform: INT %c "
+                                                "-> IRQ %d\n",
+                                        'A' + pin, irq);
+                                dev->irq = irq;
                         }
                 }
 #endif
diff --git a/arch/x86/pci/mmconfig-shared.c b/arch/x86/pci/mmconfig-shared.c
index d9635764ce3d..654a2234f8f3 100644
--- a/arch/x86/pci/mmconfig-shared.c
+++ b/arch/x86/pci/mmconfig-shared.c
@@ -209,7 +209,7 @@ static int __init pci_mmcfg_check_hostbridge(void)
         return name != NULL;
 }
 
-static void __init pci_mmcfg_insert_resources(unsigned long resource_flags)
+static void __init pci_mmcfg_insert_resources(void)
 {
 #define PCI_MMCFG_RESOURCE_NAME_LEN 19
         int i;
@@ -233,7 +233,7 @@ static void __init pci_mmcfg_insert_resources(unsigned long resource_flags)
                          cfg->pci_segment);
                 res->start = cfg->address;
                 res->end = res->start + (num_buses << 20) - 1;
-                res->flags = IORESOURCE_MEM | resource_flags;
+                res->flags = IORESOURCE_MEM | IORESOURCE_BUSY;
                 insert_resource(&iomem_resource, res);
                 names += PCI_MMCFG_RESOURCE_NAME_LEN;
         }
@@ -434,11 +434,9 @@ static void __init __pci_mmcfg_init(int early)
             (pci_mmcfg_config[0].address == 0))
                 return;
 
-        if (pci_mmcfg_arch_init()) {
-                if (known_bridge)
-                        pci_mmcfg_insert_resources(IORESOURCE_BUSY);
+        if (pci_mmcfg_arch_init())
                 pci_probe = (pci_probe & ~PCI_PROBE_MASK) | PCI_PROBE_MMCONF;
-        } else {
+        else {
                 /*
                  * Signal not to attempt to insert mmcfg resources because
                  * the architecture mmcfg setup could not initialize.
@@ -475,7 +473,7 @@ static int __init pci_mmcfg_late_insert_resources(void)
          * marked so it won't cause request errors when __request_region is
          * called.
          */
-        pci_mmcfg_insert_resources(0);
+        pci_mmcfg_insert_resources();
 
         return 0;
 }
diff --git a/arch/x86/power/cpu_32.c b/arch/x86/power/cpu_32.c
index d3e083dea720..274d06082f48 100644
--- a/arch/x86/power/cpu_32.c
+++ b/arch/x86/power/cpu_32.c
@@ -11,6 +11,7 @@
 #include <linux/suspend.h>
 #include <asm/mtrr.h>
 #include <asm/mce.h>
+#include <asm/xcr.h>
 
 static struct saved_context saved_context;
 
@@ -126,6 +127,12 @@ static void __restore_processor_state(struct saved_context *ctxt)
         if (boot_cpu_has(X86_FEATURE_SEP))
                 enable_sep_cpu();
 
+        /*
+         * restore XCR0 for xsave capable cpu's.
+         */
+        if (cpu_has_xsave)
+                xsetbv(XCR_XFEATURE_ENABLED_MASK, pcntxt_mask);
+
         fix_processor_context();
         do_fpu_end();
         mtrr_ap_init();
diff --git a/arch/x86/power/cpu_64.c b/arch/x86/power/cpu_64.c
index 66bdfb591fd8..e3b6cf70d62c 100644
--- a/arch/x86/power/cpu_64.c
+++ b/arch/x86/power/cpu_64.c
@@ -14,6 +14,7 @@
 #include <asm/page.h>
 #include <asm/pgtable.h>
 #include <asm/mtrr.h>
+#include <asm/xcr.h>
 
 static void fix_processor_context(void);
 
@@ -122,6 +123,12 @@ static void __restore_processor_state(struct saved_context *ctxt)
         wrmsrl(MSR_GS_BASE, ctxt->gs_base);
         wrmsrl(MSR_KERNEL_GS_BASE, ctxt->gs_kernel_base);
 
+        /*
+         * restore XCR0 for xsave capable cpu's.
+         */
+        if (cpu_has_xsave)
+                xsetbv(XCR_XFEATURE_ENABLED_MASK, pcntxt_mask);
+
         fix_processor_context();
 
         do_fpu_end();
diff --git a/arch/x86/power/hibernate_asm_32.S b/arch/x86/power/hibernate_asm_32.S
index 4fc7e872c85e..d1e9b53f9d33 100644
--- a/arch/x86/power/hibernate_asm_32.S
+++ b/arch/x86/power/hibernate_asm_32.S
@@ -1,5 +1,3 @@
-.text
-
 /*
  * This may not use any stack, nor any variable that is not "NoSave":
  *
@@ -12,17 +10,18 @@
 #include <asm/segment.h>
 #include <asm/page.h>
 #include <asm/asm-offsets.h>
+#include <asm/processor-flags.h>
 
-        .text
+.text
 
 ENTRY(swsusp_arch_suspend)
-
         movl %esp, saved_context_esp
         movl %ebx, saved_context_ebx
         movl %ebp, saved_context_ebp
         movl %esi, saved_context_esi
         movl %edi, saved_context_edi
-        pushfl ; popl saved_context_eflags
+        pushfl
+        popl saved_context_eflags
 
         call swsusp_save
         ret
@@ -59,7 +58,7 @@ done:
         movl    mmu_cr4_features, %ecx
         jecxz   1f      # cr4 Pentium and higher, skip if zero
         movl    %ecx, %edx
-        andl    $~(1<<7), %edx;  # PGE
+        andl    $~(X86_CR4_PGE), %edx
         movl    %edx, %cr4;  # turn off PGE
 1:
         movl    %cr3, %eax;  # flush TLB
@@ -74,7 +73,8 @@ done:
         movl saved_context_esi, %esi
         movl saved_context_edi, %edi
 
-        pushl saved_context_eflags ; popfl
+        pushl saved_context_eflags
+        popfl
 
         xorl    %eax, %eax
 
diff --git a/arch/x86/xen/Kconfig b/arch/x86/xen/Kconfig
index 3815e425f470..87b9ab166423 100644
--- a/arch/x86/xen/Kconfig
+++ b/arch/x86/xen/Kconfig
@@ -26,5 +26,13 @@ config XEN_MAX_DOMAIN_MEMORY
 
 config XEN_SAVE_RESTORE
        bool
-       depends on PM
-       default y
\ No newline at end of file
+       depends on XEN && PM
+       default y
+
+config XEN_DEBUG_FS
+        bool "Enable Xen debug and tuning parameters in debugfs"
+        depends on XEN && DEBUG_FS
+        default n
+        help
+          Enable statistics output and various tuning options in debugfs.
+          Enabling this option may incur a significant performance overhead.
diff --git a/arch/x86/xen/Makefile b/arch/x86/xen/Makefile
index 59c1e539aed2..313947940a1a 100644
--- a/arch/x86/xen/Makefile
+++ b/arch/x86/xen/Makefile
@@ -1,4 +1,12 @@
-obj-y           := enlighten.o setup.o multicalls.o mmu.o \
+ifdef CONFIG_FTRACE
+# Do not profile debug and lowlevel utilities
+CFLAGS_REMOVE_spinlock.o = -pg
+CFLAGS_REMOVE_time.o = -pg
+CFLAGS_REMOVE_irq.o = -pg
+endif
+
+obj-y           := enlighten.o setup.o multicalls.o mmu.o irq.o \
                         time.o xen-asm_$(BITS).o grant-table.o suspend.o
 
-obj-$(CONFIG_SMP)       += smp.o
+obj-$(CONFIG_SMP)               += smp.o spinlock.o
+obj-$(CONFIG_XEN_DEBUG_FS)      += debugfs.o
\ No newline at end of file
diff --git a/arch/x86/xen/debugfs.c b/arch/x86/xen/debugfs.c
new file mode 100644
index 000000000000..b53225d2cac3
--- /dev/null
+++ b/arch/x86/xen/debugfs.c
@@ -0,0 +1,123 @@
+#include <linux/init.h>
+#include <linux/debugfs.h>
+#include <linux/module.h>
+
+#include "debugfs.h"
+
+static struct dentry *d_xen_debug;
+
+struct dentry * __init xen_init_debugfs(void)
+{
+        if (!d_xen_debug) {
+                d_xen_debug = debugfs_create_dir("xen", NULL);
+
+                if (!d_xen_debug)
+                        pr_warning("Could not create 'xen' debugfs directory\n");
+        }
+
+        return d_xen_debug;
+}
+
+struct array_data
+{
+        void *array;
+        unsigned elements;
+};
+
+static int u32_array_open(struct inode *inode, struct file *file)
+{
+        file->private_data = NULL;
+        return nonseekable_open(inode, file);
+}
+
+static size_t format_array(char *buf, size_t bufsize, const char *fmt,
+                           u32 *array, unsigned array_size)
+{
+        size_t ret = 0;
+        unsigned i;
+
+        for(i = 0; i < array_size; i++) {
+                size_t len;
+
+                len = snprintf(buf, bufsize, fmt, array[i]);
+                len++;  /* ' ' or '\n' */
+                ret += len;
+
+                if (buf) {
+                        buf += len;
+                        bufsize -= len;
+                        buf[-1] = (i == array_size-1) ? '\n' : ' ';
+                }
+        }
+
+        ret++;          /* \0 */
+        if (buf)
+                *buf = '\0';
+
+        return ret;
+}
+
+static char *format_array_alloc(const char *fmt, u32 *array, unsigned array_size)
+{
+        size_t len = format_array(NULL, 0, fmt, array, array_size);
+        char *ret;
+
+        ret = kmalloc(len, GFP_KERNEL);
+        if (ret == NULL)
+                return NULL;
+
+        format_array(ret, len, fmt, array, array_size);
+        return ret;
+}
+
+static ssize_t u32_array_read(struct file *file, char __user *buf, size_t len,
+                              loff_t *ppos)
+{
+        struct inode *inode = file->f_path.dentry->d_inode;
+        struct array_data *data = inode->i_private;
+        size_t size;
+
+        if (*ppos == 0) {
+                if (file->private_data) {
+                        kfree(file->private_data);
+                        file->private_data = NULL;
+                }
+
+                file->private_data = format_array_alloc("%u", data->array, data->elements);
+        }
+
+        size = 0;
+        if (file->private_data)
+                size = strlen(file->private_data);
+
+        return simple_read_from_buffer(buf, len, ppos, file->private_data, size);
+}
+
+static int xen_array_release(struct inode *inode, struct file *file)
+{
+        kfree(file->private_data);
+
+        return 0;
+}
+
+static struct file_operations u32_array_fops = {
+        .owner  = THIS_MODULE,
+        .open   = u32_array_open,
+        .release= xen_array_release,
+        .read   = u32_array_read,
+};
+
+struct dentry *xen_debugfs_create_u32_array(const char *name, mode_t mode,
+                                            struct dentry *parent,
+                                            u32 *array, unsigned elements)
+{
+        struct array_data *data = kmalloc(sizeof(*data), GFP_KERNEL);
+
+        if (data == NULL)
+                return NULL;
+
+        data->array = array;
+        data->elements = elements;
+
+        return debugfs_create_file(name, mode, parent, data, &u32_array_fops);
+}
diff --git a/arch/x86/xen/debugfs.h b/arch/x86/xen/debugfs.h
new file mode 100644
index 000000000000..e28132084832
--- /dev/null
+++ b/arch/x86/xen/debugfs.h
@@ -0,0 +1,10 @@
+#ifndef _XEN_DEBUGFS_H
+#define _XEN_DEBUGFS_H
+
+struct dentry * __init xen_init_debugfs(void);
+
+struct dentry *xen_debugfs_create_u32_array(const char *name, mode_t mode,
+                                            struct dentry *parent,
+                                            u32 *array, unsigned elements);
+
+#endif /* _XEN_DEBUGFS_H */
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
index 9ff6e3cbf08f..0013a729b41d 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -30,12 +30,12 @@
 #include <xen/interface/xen.h>
 #include <xen/interface/physdev.h>
 #include <xen/interface/vcpu.h>
-#include <xen/interface/sched.h>
 #include <xen/features.h>
 #include <xen/page.h>
 #include <xen/hvc-console.h>
 
 #include <asm/paravirt.h>
+#include <asm/apic.h>
 #include <asm/page.h>
 #include <asm/xen/hypercall.h>
 #include <asm/xen/hypervisor.h>
@@ -57,6 +57,9 @@ EXPORT_SYMBOL_GPL(hypercall_page);
 DEFINE_PER_CPU(struct vcpu_info *, xen_vcpu);
 DEFINE_PER_CPU(struct vcpu_info, xen_vcpu_info);
 
+enum xen_domain_type xen_domain_type = XEN_NATIVE;
+EXPORT_SYMBOL_GPL(xen_domain_type);
+
 /*
  * Identity map, in addition to plain kernel map.  This needs to be
  * large enough to allocate page table pages to allocate the rest.
@@ -110,7 +113,14 @@ struct shared_info *HYPERVISOR_shared_info = (void *)&xen_dummy_shared_info;
  *
  * 0: not available, 1: available
  */
-static int have_vcpu_info_placement = 1;
+static int have_vcpu_info_placement =
+#ifdef CONFIG_X86_32
+        1
+#else
+        0
+#endif
+        ;
+
 
 static void xen_vcpu_setup(int cpu)
 {
@@ -226,103 +236,68 @@ static unsigned long xen_get_debugreg(int reg)
         return HYPERVISOR_get_debugreg(reg);
 }
 
-static unsigned long xen_save_fl(void)
+static void xen_leave_lazy(void)
 {
-        struct vcpu_info *vcpu;
-        unsigned long flags;
-
-        vcpu = x86_read_percpu(xen_vcpu);
-
-        /* flag has opposite sense of mask */
-        flags = !vcpu->evtchn_upcall_mask;
-
-        /* convert to IF type flag
-           -0 -> 0x00000000
-           -1 -> 0xffffffff
-        */
-        return (-flags) & X86_EFLAGS_IF;
+        paravirt_leave_lazy(paravirt_get_lazy_mode());
+        xen_mc_flush();
 }
 
-static void xen_restore_fl(unsigned long flags)
+static unsigned long xen_store_tr(void)
 {
-        struct vcpu_info *vcpu;
-
-        /* convert from IF type flag */
-        flags = !(flags & X86_EFLAGS_IF);
-
-        /* There's a one instruction preempt window here.  We need to
-           make sure we're don't switch CPUs between getting the vcpu
-           pointer and updating the mask. */
-        preempt_disable();
-        vcpu = x86_read_percpu(xen_vcpu);
-        vcpu->evtchn_upcall_mask = flags;
-        preempt_enable_no_resched();
-
-        /* Doesn't matter if we get preempted here, because any
-           pending event will get dealt with anyway. */
-
-        if (flags == 0) {
-                preempt_check_resched();
-                barrier(); /* unmask then check (avoid races) */
-                if (unlikely(vcpu->evtchn_upcall_pending))
-                        force_evtchn_callback();
-        }
+        return 0;
 }
 
-static void xen_irq_disable(void)
+/*
+ * Set the page permissions for a particular virtual address.  If the
+ * address is a vmalloc mapping (or other non-linear mapping), then
+ * find the linear mapping of the page and also set its protections to
+ * match.
+ */
+static void set_aliased_prot(void *v, pgprot_t prot)
 {
-        /* There's a one instruction preempt window here.  We need to
-           make sure we're don't switch CPUs between getting the vcpu
-           pointer and updating the mask. */
-        preempt_disable();
-        x86_read_percpu(xen_vcpu)->evtchn_upcall_mask = 1;
-        preempt_enable_no_resched();
-}
+        int level;
+        pte_t *ptep;
+        pte_t pte;
+        unsigned long pfn;
+        struct page *page;
 
-static void xen_irq_enable(void)
-{
-        struct vcpu_info *vcpu;
+        ptep = lookup_address((unsigned long)v, &level);
+        BUG_ON(ptep == NULL);
 
-        /* We don't need to worry about being preempted here, since
-           either a) interrupts are disabled, so no preemption, or b)
-           the caller is confused and is trying to re-enable interrupts
-           on an indeterminate processor. */
+        pfn = pte_pfn(*ptep);
+        page = pfn_to_page(pfn);
 
-        vcpu = x86_read_percpu(xen_vcpu);
-        vcpu->evtchn_upcall_mask = 0;
+        pte = pfn_pte(pfn, prot);
 
-        /* Doesn't matter if we get preempted here, because any
-           pending event will get dealt with anyway. */
+        if (HYPERVISOR_update_va_mapping((unsigned long)v, pte, 0))
+                BUG();
 
-        barrier(); /* unmask then check (avoid races) */
-        if (unlikely(vcpu->evtchn_upcall_pending))
-                force_evtchn_callback();
-}
+        if (!PageHighMem(page)) {
+                void *av = __va(PFN_PHYS(pfn));
 
-static void xen_safe_halt(void)
-{
-        /* Blocking includes an implicit local_irq_enable(). */
-        if (HYPERVISOR_sched_op(SCHEDOP_block, NULL) != 0)
-                BUG();
+                if (av != v)
+                        if (HYPERVISOR_update_va_mapping((unsigned long)av, pte, 0))
+                                BUG();
+        } else
+                kmap_flush_unused();
 }
 
-static void xen_halt(void)
+static void xen_alloc_ldt(struct desc_struct *ldt, unsigned entries)
 {
-        if (irqs_disabled())
-                HYPERVISOR_vcpu_op(VCPUOP_down, smp_processor_id(), NULL);
-        else
-                xen_safe_halt();
-}
+        const unsigned entries_per_page = PAGE_SIZE / LDT_ENTRY_SIZE;
+        int i;
 
-static void xen_leave_lazy(void)
-{
-        paravirt_leave_lazy(paravirt_get_lazy_mode());
-        xen_mc_flush();
+        for(i = 0; i < entries; i += entries_per_page)
+                set_aliased_prot(ldt + i, PAGE_KERNEL_RO);
 }
 
-static unsigned long xen_store_tr(void)
+static void xen_free_ldt(struct desc_struct *ldt, unsigned entries)
 {
-        return 0;
+        const unsigned entries_per_page = PAGE_SIZE / LDT_ENTRY_SIZE;
+        int i;
+
+        for(i = 0; i < entries; i += entries_per_page)
+                set_aliased_prot(ldt + i, PAGE_KERNEL);
 }
 
 static void xen_set_ldt(const void *addr, unsigned entries)
@@ -425,8 +400,7 @@ static void xen_load_gs_index(unsigned int idx)
 static void xen_write_ldt_entry(struct desc_struct *dt, int entrynum,
                                 const void *ptr)
 {
-        unsigned long lp = (unsigned long)&dt[entrynum];
-        xmaddr_t mach_lp = virt_to_machine(lp);
+        xmaddr_t mach_lp = arbitrary_virt_to_machine(&dt[entrynum]);
         u64 entry = *(u64 *)ptr;
 
         preempt_disable();
@@ -559,7 +533,7 @@ static void xen_write_gdt_entry(struct desc_struct *dt, int entry,
 }
 
 static void xen_load_sp0(struct tss_struct *tss,
-                          struct thread_struct *thread)
+                         struct thread_struct *thread)
 {
         struct multicall_space mcs = xen_mc_entry(0);
         MULTI_stack_switch(mcs.mc, __KERNEL_DS, thread->sp0);
@@ -580,16 +554,47 @@ static void xen_io_delay(void)
 }
 
 #ifdef CONFIG_X86_LOCAL_APIC
-static u32 xen_apic_read(unsigned long reg)
+static u32 xen_apic_read(u32 reg)
 {
         return 0;
 }
 
-static void xen_apic_write(unsigned long reg, u32 val)
+static void xen_apic_write(u32 reg, u32 val)
 {
         /* Warn to see if there's any stray references */
         WARN_ON(1);
 }
+
+static u64 xen_apic_icr_read(void)
+{
+        return 0;
+}
+
+static void xen_apic_icr_write(u32 low, u32 id)
+{
+        /* Warn to see if there's any stray references */
+        WARN_ON(1);
+}
+
+static void xen_apic_wait_icr_idle(void)
+{
+        return;
+}
+
+static u32 xen_safe_apic_wait_icr_idle(void)
+{
+        return 0;
+}
+
+static struct apic_ops xen_basic_apic_ops = {
+        .read = xen_apic_read,
+        .write = xen_apic_write,
+        .icr_read = xen_apic_icr_read,
+        .icr_write = xen_apic_icr_write,
+        .wait_icr_idle = xen_apic_wait_icr_idle,
+        .safe_wait_icr_idle = xen_safe_apic_wait_icr_idle,
+};
+
 #endif
 
 static void xen_flush_tlb(void)
@@ -803,6 +808,19 @@ static int xen_write_msr_safe(unsigned int msr, unsigned low, unsigned high)
                         ret = -EFAULT;
                 break;
 #endif
+
+        case MSR_STAR:
+        case MSR_CSTAR:
+        case MSR_LSTAR:
+        case MSR_SYSCALL_MASK:
+        case MSR_IA32_SYSENTER_CS:
+        case MSR_IA32_SYSENTER_ESP:
+        case MSR_IA32_SYSENTER_EIP:
+                /* Fast syscall setup is all done in hypercalls, so
+                   these are all ignored.  Stub them out here to stop
+                   Xen console noise. */
+                break;
+
         default:
                 ret = native_write_msr_safe(msr, low, high);
         }
@@ -812,7 +830,7 @@ static int xen_write_msr_safe(unsigned int msr, unsigned low, unsigned high)
 
 /* Early in boot, while setting up the initial pagetable, assume
    everything is pinned. */
-static __init void xen_alloc_pte_init(struct mm_struct *mm, u32 pfn)
+static __init void xen_alloc_pte_init(struct mm_struct *mm, unsigned long pfn)
 {
 #ifdef CONFIG_FLATMEM
         BUG_ON(mem_map);        /* should only be used early */
@@ -822,7 +840,7 @@ static __init void xen_alloc_pte_init(struct mm_struct *mm, u32 pfn)
 
 /* Early release_pte assumes that all pts are pinned, since there's
    only init_mm and anything attached to that is pinned. */
-static void xen_release_pte_init(u32 pfn)
+static void xen_release_pte_init(unsigned long pfn)
 {
         make_lowmem_page_readwrite(__va(PFN_PHYS(pfn)));
 }
@@ -838,7 +856,7 @@ static void pin_pagetable_pfn(unsigned cmd, unsigned long pfn)
 
 /* This needs to make sure the new pte page is pinned iff its being
    attached to a pinned pagetable. */
-static void xen_alloc_ptpage(struct mm_struct *mm, u32 pfn, unsigned level)
+static void xen_alloc_ptpage(struct mm_struct *mm, unsigned long pfn, unsigned level)
 {
         struct page *page = pfn_to_page(pfn);
 
@@ -846,8 +864,8 @@ static void xen_alloc_ptpage(struct mm_struct *mm, u32 pfn, unsigned level)
                 SetPagePinned(page);
 
                 if (!PageHighMem(page)) {
-                        make_lowmem_page_readonly(__va(PFN_PHYS(pfn)));
-                        if (level == PT_PTE)
+                        make_lowmem_page_readonly(__va(PFN_PHYS((unsigned long)pfn)));
+                        if (level == PT_PTE && USE_SPLIT_PTLOCKS)
                                 pin_pagetable_pfn(MMUEXT_PIN_L1_TABLE, pfn);
                 } else
                         /* make sure there are no stray mappings of
@@ -856,12 +874,12 @@ static void xen_alloc_ptpage(struct mm_struct *mm, u32 pfn, unsigned level)
         }
 }
 
-static void xen_alloc_pte(struct mm_struct *mm, u32 pfn)
+static void xen_alloc_pte(struct mm_struct *mm, unsigned long pfn)
 {
         xen_alloc_ptpage(mm, pfn, PT_PTE);
 }
 
-static void xen_alloc_pmd(struct mm_struct *mm, u32 pfn)
+static void xen_alloc_pmd(struct mm_struct *mm, unsigned long pfn)
 {
         xen_alloc_ptpage(mm, pfn, PT_PMD);
 }
@@ -909,13 +927,13 @@ static void xen_pgd_free(struct mm_struct *mm, pgd_t *pgd)
 }
 
 /* This should never happen until we're OK to use struct page */
-static void xen_release_ptpage(u32 pfn, unsigned level)
+static void xen_release_ptpage(unsigned long pfn, unsigned level)
 {
         struct page *page = pfn_to_page(pfn);
 
         if (PagePinned(page)) {
                 if (!PageHighMem(page)) {
-                        if (level == PT_PTE)
+                        if (level == PT_PTE && USE_SPLIT_PTLOCKS)
                                 pin_pagetable_pfn(MMUEXT_UNPIN_TABLE, pfn);
                         make_lowmem_page_readwrite(__va(PFN_PHYS(pfn)));
                 }
@@ -923,23 +941,23 @@ static void xen_release_ptpage(u32 pfn, unsigned level)
         }
 }
 
-static void xen_release_pte(u32 pfn)
+static void xen_release_pte(unsigned long pfn)
 {
         xen_release_ptpage(pfn, PT_PTE);
 }
 
-static void xen_release_pmd(u32 pfn)
+static void xen_release_pmd(unsigned long pfn)
 {
         xen_release_ptpage(pfn, PT_PMD);
 }
 
 #if PAGETABLE_LEVELS == 4
-static void xen_alloc_pud(struct mm_struct *mm, u32 pfn)
+static void xen_alloc_pud(struct mm_struct *mm, unsigned long pfn)
 {
         xen_alloc_ptpage(mm, pfn, PT_PUD);
 }
 
-static void xen_release_pud(u32 pfn)
+static void xen_release_pud(unsigned long pfn)
 {
         xen_release_ptpage(pfn, PT_PUD);
 }
@@ -962,6 +980,7 @@ static void *xen_kmap_atomic_pte(struct page *page, enum km_type type)
 }
 #endif
 
+#ifdef CONFIG_X86_32
 static __init pte_t mask_rw_pte(pte_t *ptep, pte_t pte)
 {
         /* If there's an existing pte, then don't allow _PAGE_RW to be set */
@@ -980,6 +999,7 @@ static __init void xen_set_pte_init(pte_t *ptep, pte_t pte)
 
         xen_set_pte(ptep, pte);
 }
+#endif
 
 static __init void xen_pagetable_setup_start(pgd_t *base)
 {
@@ -1046,7 +1066,6 @@ void xen_setup_vcpu_info_placement(void)
 
         /* xen_vcpu_setup managed to place the vcpu_info within the
            percpu area for all cpus, so make use of it */
-#ifdef CONFIG_X86_32
         if (have_vcpu_info_placement) {
                 printk(KERN_INFO "Xen: using vcpu_info placement\n");
 
@@ -1056,7 +1075,6 @@ void xen_setup_vcpu_info_placement(void)
                 pv_irq_ops.irq_enable = xen_irq_enable_direct;
                 pv_mmu_ops.read_cr2 = xen_read_cr2_direct;
         }
-#endif
 }
 
 static unsigned xen_patch(u8 type, u16 clobbers, void *insnbuf,
@@ -1077,12 +1095,10 @@ static unsigned xen_patch(u8 type, u16 clobbers, void *insnbuf,
         goto patch_site
 
         switch (type) {
-#ifdef CONFIG_X86_32
                 SITE(pv_irq_ops, irq_enable);
                 SITE(pv_irq_ops, irq_disable);
                 SITE(pv_irq_ops, save_fl);
                 SITE(pv_irq_ops, restore_fl);
-#endif /* CONFIG_X86_32 */
 #undef SITE
 
         patch_site:
@@ -1220,6 +1236,9 @@ static const struct pv_cpu_ops xen_cpu_ops __initdata = {
         .load_gs_index = xen_load_gs_index,
 #endif
 
+        .alloc_ldt = xen_alloc_ldt,
+        .free_ldt = xen_free_ldt,
+
         .store_gdt = native_store_gdt,
         .store_idt = native_store_idt,
         .store_tr = xen_store_tr,
@@ -1241,40 +1260,8 @@ static const struct pv_cpu_ops xen_cpu_ops __initdata = {
         },
 };
 
-static void __init __xen_init_IRQ(void)
-{
-#ifdef CONFIG_X86_64
-        int i;
-
-        /* Create identity vector->irq map */
-        for(i = 0; i < NR_VECTORS; i++) {
-                int cpu;
-
-                for_each_possible_cpu(cpu)
-                        per_cpu(vector_irq, cpu)[i] = i;
-        }
-#endif  /* CONFIG_X86_64 */
-
-        xen_init_IRQ();
-}
-
-static const struct pv_irq_ops xen_irq_ops __initdata = {
-        .init_IRQ = __xen_init_IRQ,
-        .save_fl = xen_save_fl,
-        .restore_fl = xen_restore_fl,
-        .irq_disable = xen_irq_disable,
-        .irq_enable = xen_irq_enable,
-        .safe_halt = xen_safe_halt,
-        .halt = xen_halt,
-#ifdef CONFIG_X86_64
-        .adjust_exception_frame = xen_adjust_exception_frame,
-#endif
-};
-
 static const struct pv_apic_ops xen_apic_ops __initdata = {
 #ifdef CONFIG_X86_LOCAL_APIC
-        .apic_write = xen_apic_write,
-        .apic_read = xen_apic_read,
         .setup_boot_clock = paravirt_nop,
         .setup_secondary_clock = paravirt_nop,
         .startup_ipi_hook = paravirt_nop,
@@ -1324,7 +1311,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initdata = {
         .ptep_modify_prot_commit = __ptep_modify_prot_commit,
 
         .pte_val = xen_pte_val,
-        .pte_flags = native_pte_val,
+        .pte_flags = native_pte_flags,
         .pgd_val = xen_pgd_val,
 
         .make_pte = xen_make_pte,
@@ -1413,7 +1400,7 @@ static void __init xen_reserve_top(void)
         if (HYPERVISOR_xen_version(XENVER_platform_parameters, &pp) == 0)
                 top = pp.virt_start;
 
-        reserve_top_address(-top + 2 * PAGE_SIZE);
+        reserve_top_address(-top);
 #endif  /* CONFIG_X86_32 */
 }
 
@@ -1447,48 +1434,11 @@ static void *m2v(phys_addr_t maddr)
         return __ka(m2p(maddr));
 }
 
-#ifdef CONFIG_X86_64
-static void walk(pgd_t *pgd, unsigned long addr)
-{
-        unsigned l4idx = pgd_index(addr);
-        unsigned l3idx = pud_index(addr);
-        unsigned l2idx = pmd_index(addr);
-        unsigned l1idx = pte_index(addr);
-        pgd_t l4;
-        pud_t l3;
-        pmd_t l2;
-        pte_t l1;
-
-        xen_raw_printk("walk %p, %lx -> %d %d %d %d\n",
-                       pgd, addr, l4idx, l3idx, l2idx, l1idx);
-
-        l4 = pgd[l4idx];
-        xen_raw_printk("  l4: %016lx\n", l4.pgd);
-        xen_raw_printk("      %016lx\n", pgd_val(l4));
-
-        l3 = ((pud_t *)(m2v(l4.pgd)))[l3idx];
-        xen_raw_printk("  l3: %016lx\n", l3.pud);
-        xen_raw_printk("      %016lx\n", pud_val(l3));
-
-        l2 = ((pmd_t *)(m2v(l3.pud)))[l2idx];
-        xen_raw_printk("  l2: %016lx\n", l2.pmd);
-        xen_raw_printk("      %016lx\n", pmd_val(l2));
-
-        l1 = ((pte_t *)(m2v(l2.pmd)))[l1idx];
-        xen_raw_printk("  l1: %016lx\n", l1.pte);
-        xen_raw_printk("      %016lx\n", pte_val(l1));
-}
-#endif
-
 static void set_page_prot(void *addr, pgprot_t prot)
 {
         unsigned long pfn = __pa(addr) >> PAGE_SHIFT;
         pte_t pte = pfn_pte(pfn, prot);
 
-        xen_raw_printk("addr=%p pfn=%lx mfn=%lx prot=%016llx pte=%016llx\n",
-                       addr, pfn, get_phys_to_machine(pfn),
-                       pgprot_val(prot), pte.pte);
-
         if (HYPERVISOR_update_va_mapping((unsigned long)addr, pte, 0))
                 BUG();
 }
@@ -1664,6 +1614,8 @@ asmlinkage void __init xen_start_kernel(void)
         if (!xen_start_info)
                 return;
 
+        xen_domain_type = XEN_PV_DOMAIN;
+
         BUG_ON(memcmp(xen_start_info->magic, "xen-3", 5) != 0);
 
         xen_setup_features();
@@ -1673,10 +1625,18 @@ asmlinkage void __init xen_start_kernel(void)
         pv_init_ops = xen_init_ops;
         pv_time_ops = xen_time_ops;
         pv_cpu_ops = xen_cpu_ops;
-        pv_irq_ops = xen_irq_ops;
         pv_apic_ops = xen_apic_ops;
         pv_mmu_ops = xen_mmu_ops;
 
+        xen_init_irq_ops();
+
+#ifdef CONFIG_X86_LOCAL_APIC
+        /*
+         * set up the basic apic ops.
+         */
+        apic_ops = &xen_basic_apic_ops;
+#endif
+
         if (xen_feature(XENFEAT_mmu_pt_update_preserve_ad)) {
                 pv_mmu_ops.ptep_modify_prot_start = xen_ptep_modify_prot_start;
                 pv_mmu_ops.ptep_modify_prot_commit = xen_ptep_modify_prot_commit;
@@ -1700,7 +1660,7 @@ asmlinkage void __init xen_start_kernel(void)
 
         /* Prevent unwanted bits from being set in PTEs. */
         __supported_pte_mask &= ~_PAGE_GLOBAL;
-        if (!is_initial_xendomain())
+        if (!xen_initial_domain())
                 __supported_pte_mask &= ~(_PAGE_PWT | _PAGE_PCD);
 
         /* Don't do the full vcpu_info placement stuff until we have a
@@ -1735,7 +1695,7 @@ asmlinkage void __init xen_start_kernel(void)
         boot_params.hdr.ramdisk_size = xen_start_info->mod_len;
         boot_params.hdr.cmd_line_ptr = __pa(xen_start_info->cmd_line);
 
-        if (!is_initial_xendomain()) {
+        if (!xen_initial_domain()) {
                 add_preferred_console("xenboot", 0, NULL);
                 add_preferred_console("tty", 0, NULL);
                 add_preferred_console("hvc", 0, NULL);
@@ -1743,15 +1703,6 @@ asmlinkage void __init xen_start_kernel(void)
 
         xen_raw_console_write("about to get started...\n");
 
-#if 0
-        xen_raw_printk("&boot_params=%p __pa(&boot_params)=%lx __va(__pa(&boot_params))=%lx\n",
-                       &boot_params, __pa_symbol(&boot_params),
-                       __va(__pa_symbol(&boot_params)));
-
-        walk(pgd, &boot_params);
-        walk(pgd, __va(__pa(&boot_params)));
-#endif
-
         /* Start the world */
 #ifdef CONFIG_X86_32
         i386_start_kernel();
diff --git a/arch/x86/xen/irq.c b/arch/x86/xen/irq.c
new file mode 100644
index 000000000000..28b85ab8422e
--- /dev/null
+++ b/arch/x86/xen/irq.c
@@ -0,0 +1,143 @@
+#include <linux/hardirq.h>
+
+#include <xen/interface/xen.h>
+#include <xen/interface/sched.h>
+#include <xen/interface/vcpu.h>
+
+#include <asm/xen/hypercall.h>
+#include <asm/xen/hypervisor.h>
+
+#include "xen-ops.h"
+
+/*
+ * Force a proper event-channel callback from Xen after clearing the
+ * callback mask. We do this in a very simple manner, by making a call
+ * down into Xen. The pending flag will be checked by Xen on return.
+ */
+void xen_force_evtchn_callback(void)
+{
+        (void)HYPERVISOR_xen_version(0, NULL);
+}
+
+static void __init __xen_init_IRQ(void)
+{
+#ifdef CONFIG_X86_64
+        int i;
+
+        /* Create identity vector->irq map */
+        for(i = 0; i < NR_VECTORS; i++) {
+                int cpu;
+
+                for_each_possible_cpu(cpu)
+                        per_cpu(vector_irq, cpu)[i] = i;
+        }
+#endif  /* CONFIG_X86_64 */
+
+        xen_init_IRQ();
+}
+
+static unsigned long xen_save_fl(void)
+{
+        struct vcpu_info *vcpu;
+        unsigned long flags;
+
+        vcpu = x86_read_percpu(xen_vcpu);
+
+        /* flag has opposite sense of mask */
+        flags = !vcpu->evtchn_upcall_mask;
+
+        /* convert to IF type flag
+           -0 -> 0x00000000
+           -1 -> 0xffffffff
+        */
+        return (-flags) & X86_EFLAGS_IF;
+}
+
+static void xen_restore_fl(unsigned long flags)
+{
+        struct vcpu_info *vcpu;
+
+        /* convert from IF type flag */
+        flags = !(flags & X86_EFLAGS_IF);
+
+        /* There's a one instruction preempt window here.  We need to
+           make sure we're don't switch CPUs between getting the vcpu
+           pointer and updating the mask. */
+        preempt_disable();
+        vcpu = x86_read_percpu(xen_vcpu);
+        vcpu->evtchn_upcall_mask = flags;
+        preempt_enable_no_resched();
+
+        /* Doesn't matter if we get preempted here, because any
+           pending event will get dealt with anyway. */
+
+        if (flags == 0) {
+                preempt_check_resched();
+                barrier(); /* unmask then check (avoid races) */
+                if (unlikely(vcpu->evtchn_upcall_pending))
+                        xen_force_evtchn_callback();
+        }
+}
+
+static void xen_irq_disable(void)
+{
+        /* There's a one instruction preempt window here.  We need to
+           make sure we're don't switch CPUs between getting the vcpu
+           pointer and updating the mask. */
+        preempt_disable();
+        x86_read_percpu(xen_vcpu)->evtchn_upcall_mask = 1;
+        preempt_enable_no_resched();
+}
+
+static void xen_irq_enable(void)
+{
+        struct vcpu_info *vcpu;
+
+        /* We don't need to worry about being preempted here, since
+           either a) interrupts are disabled, so no preemption, or b)
+           the caller is confused and is trying to re-enable interrupts
+           on an indeterminate processor. */
+
+        vcpu = x86_read_percpu(xen_vcpu);
+        vcpu->evtchn_upcall_mask = 0;
+
+        /* Doesn't matter if we get preempted here, because any
+           pending event will get dealt with anyway. */
+
+        barrier(); /* unmask then check (avoid races) */
+        if (unlikely(vcpu->evtchn_upcall_pending))
+                xen_force_evtchn_callback();
+}
+
+static void xen_safe_halt(void)
+{
+        /* Blocking includes an implicit local_irq_enable(). */
+        if (HYPERVISOR_sched_op(SCHEDOP_block, NULL) != 0)
+                BUG();
+}
+
+static void xen_halt(void)
+{
+        if (irqs_disabled())
+                HYPERVISOR_vcpu_op(VCPUOP_down, smp_processor_id(), NULL);
+        else
+                xen_safe_halt();
+}
+
+static const struct pv_irq_ops xen_irq_ops __initdata = {
+        .init_IRQ = __xen_init_IRQ,
+        .save_fl = xen_save_fl,
+        .restore_fl = xen_restore_fl,
+        .irq_disable = xen_irq_disable,
+        .irq_enable = xen_irq_enable,
+        .safe_halt = xen_safe_halt,
+        .halt = xen_halt,
+#ifdef CONFIG_X86_64
+        .adjust_exception_frame = xen_adjust_exception_frame,
+#endif
+};
+
+void __init xen_init_irq_ops()
+{
+        pv_irq_ops = xen_irq_ops;
+}
diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
index aa37469da696..ae173f6edd8b 100644
--- a/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
@@ -40,6 +40,7 @@
  */
 #include <linux/sched.h>
 #include <linux/highmem.h>
+#include <linux/debugfs.h>
 #include <linux/bug.h>
 
 #include <asm/pgtable.h>
@@ -57,6 +58,61 @@
 
 #include "multicalls.h"
 #include "mmu.h"
+#include "debugfs.h"
+
+#define MMU_UPDATE_HISTO        30
+
+#ifdef CONFIG_XEN_DEBUG_FS
+
+static struct {
+        u32 pgd_update;
+        u32 pgd_update_pinned;
+        u32 pgd_update_batched;
+
+        u32 pud_update;
+        u32 pud_update_pinned;
+        u32 pud_update_batched;
+
+        u32 pmd_update;
+        u32 pmd_update_pinned;
+        u32 pmd_update_batched;
+
+        u32 pte_update;
+        u32 pte_update_pinned;
+        u32 pte_update_batched;
+
+        u32 mmu_update;
+        u32 mmu_update_extended;
+        u32 mmu_update_histo[MMU_UPDATE_HISTO];
+
+        u32 prot_commit;
+        u32 prot_commit_batched;
+
+        u32 set_pte_at;
+        u32 set_pte_at_batched;
+        u32 set_pte_at_pinned;
+        u32 set_pte_at_current;
+        u32 set_pte_at_kernel;
+} mmu_stats;
+
+static u8 zero_stats;
+
+static inline void check_zero(void)
+{
+        if (unlikely(zero_stats)) {
+                memset(&mmu_stats, 0, sizeof(mmu_stats));
+                zero_stats = 0;
+        }
+}
+
+#define ADD_STATS(elem, val)                    \
+        do { check_zero(); mmu_stats.elem += (val); } while(0)
+
+#else  /* !CONFIG_XEN_DEBUG_FS */
+
+#define ADD_STATS(elem, val)    do { (void)(val); } while(0)
+
+#endif /* CONFIG_XEN_DEBUG_FS */
 
 /*
  * Just beyond the highest usermode address.  STACK_TOP_MAX has a
@@ -229,25 +285,35 @@ void make_lowmem_page_readwrite(void *vaddr)
 }
 
 
-static bool page_pinned(void *ptr)
+static bool xen_page_pinned(void *ptr)
 {
         struct page *page = virt_to_page(ptr);
 
         return PagePinned(page);
 }
 
-static void extend_mmu_update(const struct mmu_update *update)
+static void xen_extend_mmu_update(const struct mmu_update *update)
 {
         struct multicall_space mcs;
         struct mmu_update *u;
 
         mcs = xen_mc_extend_args(__HYPERVISOR_mmu_update, sizeof(*u));
 
-        if (mcs.mc != NULL)
+        if (mcs.mc != NULL) {
+                ADD_STATS(mmu_update_extended, 1);
+                ADD_STATS(mmu_update_histo[mcs.mc->args[1]], -1);
+
                 mcs.mc->args[1]++;
-        else {
+
+                if (mcs.mc->args[1] < MMU_UPDATE_HISTO)
+                        ADD_STATS(mmu_update_histo[mcs.mc->args[1]], 1);
+                else
+                        ADD_STATS(mmu_update_histo[0], 1);
+        } else {
+                ADD_STATS(mmu_update, 1);
                 mcs = __xen_mc_entry(sizeof(*u));
                 MULTI_mmu_update(mcs.mc, mcs.args, 1, NULL, DOMID_SELF);
+                ADD_STATS(mmu_update_histo[1], 1);
         }
 
         u = mcs.args;
@@ -265,7 +331,9 @@ void xen_set_pmd_hyper(pmd_t *ptr, pmd_t val)
         /* ptr may be ioremapped for 64-bit pagetable setup */
         u.ptr = arbitrary_virt_to_machine(ptr).maddr;
         u.val = pmd_val_ma(val);
-        extend_mmu_update(&u);
+        xen_extend_mmu_update(&u);
+
+        ADD_STATS(pmd_update_batched, paravirt_get_lazy_mode() == PARAVIRT_LAZY_MMU);
 
         xen_mc_issue(PARAVIRT_LAZY_MMU);
 
@@ -274,13 +342,17 @@ void xen_set_pmd_hyper(pmd_t *ptr, pmd_t val)
 
 void xen_set_pmd(pmd_t *ptr, pmd_t val)
 {
+        ADD_STATS(pmd_update, 1);
+
         /* If page is not pinned, we can just update the entry
            directly */
-        if (!page_pinned(ptr)) {
+        if (!xen_page_pinned(ptr)) {
                 *ptr = val;
                 return;
         }
 
+        ADD_STATS(pmd_update_pinned, 1);
+
         xen_set_pmd_hyper(ptr, val);
 }
 
@@ -300,12 +372,18 @@ void xen_set_pte_at(struct mm_struct *mm, unsigned long addr,
         if (mm == &init_mm)
                 preempt_disable();
 
+        ADD_STATS(set_pte_at, 1);
+//      ADD_STATS(set_pte_at_pinned, xen_page_pinned(ptep));
+        ADD_STATS(set_pte_at_current, mm == current->mm);
+        ADD_STATS(set_pte_at_kernel, mm == &init_mm);
+
         if (mm == current->mm || mm == &init_mm) {
                 if (paravirt_get_lazy_mode() == PARAVIRT_LAZY_MMU) {
                         struct multicall_space mcs;
                         mcs = xen_mc_entry(0);
 
                         MULTI_update_va_mapping(mcs.mc, addr, pteval, 0);
+                        ADD_STATS(set_pte_at_batched, 1);
                         xen_mc_issue(PARAVIRT_LAZY_MMU);
                         goto out;
                 } else
@@ -334,7 +412,10 @@ void xen_ptep_modify_prot_commit(struct mm_struct *mm, unsigned long addr,
 
         u.ptr = virt_to_machine(ptep).maddr | MMU_PT_UPDATE_PRESERVE_AD;
         u.val = pte_val_ma(pte);
-        extend_mmu_update(&u);
+        xen_extend_mmu_update(&u);
+
+        ADD_STATS(prot_commit, 1);
+        ADD_STATS(prot_commit_batched, paravirt_get_lazy_mode() == PARAVIRT_LAZY_MMU);
 
         xen_mc_issue(PARAVIRT_LAZY_MMU);
 }
@@ -400,7 +481,9 @@ void xen_set_pud_hyper(pud_t *ptr, pud_t val)
         /* ptr may be ioremapped for 64-bit pagetable setup */
         u.ptr = arbitrary_virt_to_machine(ptr).maddr;
         u.val = pud_val_ma(val);
-        extend_mmu_update(&u);
+        xen_extend_mmu_update(&u);
+
+        ADD_STATS(pud_update_batched, paravirt_get_lazy_mode() == PARAVIRT_LAZY_MMU);
 
         xen_mc_issue(PARAVIRT_LAZY_MMU);
 
@@ -409,18 +492,26 @@ void xen_set_pud_hyper(pud_t *ptr, pud_t val)
 
 void xen_set_pud(pud_t *ptr, pud_t val)
 {
+        ADD_STATS(pud_update, 1);
+
         /* If page is not pinned, we can just update the entry
            directly */
-        if (!page_pinned(ptr)) {
+        if (!xen_page_pinned(ptr)) {
                 *ptr = val;
                 return;
         }
 
+        ADD_STATS(pud_update_pinned, 1);
+
         xen_set_pud_hyper(ptr, val);
 }
 
 void xen_set_pte(pte_t *ptep, pte_t pte)
 {
+        ADD_STATS(pte_update, 1);
+//      ADD_STATS(pte_update_pinned, xen_page_pinned(ptep));
+        ADD_STATS(pte_update_batched, paravirt_get_lazy_mode() == PARAVIRT_LAZY_MMU);
+
 #ifdef CONFIG_X86_PAE
         ptep->pte_high = pte.pte_high;
         smp_wmb();
@@ -490,7 +581,7 @@ static void __xen_set_pgd_hyper(pgd_t *ptr, pgd_t val)
 
         u.ptr = virt_to_machine(ptr).maddr;
         u.val = pgd_val_ma(val);
-        extend_mmu_update(&u);
+        xen_extend_mmu_update(&u);
 }
 
 /*
@@ -517,17 +608,22 @@ void xen_set_pgd(pgd_t *ptr, pgd_t val)
 {
         pgd_t *user_ptr = xen_get_user_pgd(ptr);
 
+        ADD_STATS(pgd_update, 1);
+
         /* If page is not pinned, we can just update the entry
            directly */
-        if (!page_pinned(ptr)) {
+        if (!xen_page_pinned(ptr)) {
                 *ptr = val;
                 if (user_ptr) {
-                        WARN_ON(page_pinned(user_ptr));
+                        WARN_ON(xen_page_pinned(user_ptr));
                         *user_ptr = val;
                 }
                 return;
         }
 
+        ADD_STATS(pgd_update_pinned, 1);
+        ADD_STATS(pgd_update_batched, paravirt_get_lazy_mode() == PARAVIRT_LAZY_MMU);
+
         /* If it's pinned, then we can at least batch the kernel and
            user updates together. */
         xen_mc_batch();
@@ -555,9 +651,12 @@ void xen_set_pgd(pgd_t *ptr, pgd_t val)
  * For 64-bit, we must skip the Xen hole in the middle of the address
  * space, just after the big x86-64 virtual hole.
  */
-static int pgd_walk(pgd_t *pgd, int (*func)(struct page *, enum pt_level),
-                    unsigned long limit)
+static int xen_pgd_walk(struct mm_struct *mm,
+                        int (*func)(struct mm_struct *mm, struct page *,
+                                    enum pt_level),
+                        unsigned long limit)
 {
+        pgd_t *pgd = mm->pgd;
         int flush = 0;
         unsigned hole_low, hole_high;
         unsigned pgdidx_limit, pudidx_limit, pmdidx_limit;
@@ -590,8 +689,6 @@ static int pgd_walk(pgd_t *pgd, int (*func)(struct page *, enum pt_level),
         pmdidx_limit = 0;
 #endif
 
-        flush |= (*func)(virt_to_page(pgd), PT_PGD);
-
         for (pgdidx = 0; pgdidx <= pgdidx_limit; pgdidx++) {
                 pud_t *pud;
 
@@ -604,7 +701,7 @@ static int pgd_walk(pgd_t *pgd, int (*func)(struct page *, enum pt_level),
                 pud = pud_offset(&pgd[pgdidx], 0);
 
                 if (PTRS_PER_PUD > 1) /* not folded */
-                        flush |= (*func)(virt_to_page(pud), PT_PUD);
+                        flush |= (*func)(mm, virt_to_page(pud), PT_PUD);
 
                 for (pudidx = 0; pudidx < PTRS_PER_PUD; pudidx++) {
                         pmd_t *pmd;
@@ -619,7 +716,7 @@ static int pgd_walk(pgd_t *pgd, int (*func)(struct page *, enum pt_level),
                         pmd = pmd_offset(&pud[pudidx], 0);
 
                         if (PTRS_PER_PMD > 1) /* not folded */
-                                flush |= (*func)(virt_to_page(pmd), PT_PMD);
+                                flush |= (*func)(mm, virt_to_page(pmd), PT_PMD);
 
                         for (pmdidx = 0; pmdidx < PTRS_PER_PMD; pmdidx++) {
                                 struct page *pte;
@@ -633,28 +730,34 @@ static int pgd_walk(pgd_t *pgd, int (*func)(struct page *, enum pt_level),
                                         continue;
 
                                 pte = pmd_page(pmd[pmdidx]);
-                                flush |= (*func)(pte, PT_PTE);
+                                flush |= (*func)(mm, pte, PT_PTE);
                         }
                 }
         }
+
 out:
+        /* Do the top level last, so that the callbacks can use it as
+           a cue to do final things like tlb flushes. */
+        flush |= (*func)(mm, virt_to_page(pgd), PT_PGD);
 
         return flush;
 }
 
-static spinlock_t *lock_pte(struct page *page)
+/* If we're using split pte locks, then take the page's lock and
+   return a pointer to it.  Otherwise return NULL. */
+static spinlock_t *xen_pte_lock(struct page *page, struct mm_struct *mm)
 {
         spinlock_t *ptl = NULL;
 
-#if NR_CPUS >= CONFIG_SPLIT_PTLOCK_CPUS
+#if USE_SPLIT_PTLOCKS
         ptl = __pte_lockptr(page);
-        spin_lock(ptl);
+        spin_lock_nest_lock(ptl, &mm->page_table_lock);
 #endif
 
         return ptl;
 }
 
-static void do_unlock(void *v)
+static void xen_pte_unlock(void *v)
 {
         spinlock_t *ptl = v;
         spin_unlock(ptl);
@@ -672,7 +775,8 @@ static void xen_do_pin(unsigned level, unsigned long pfn)
         MULTI_mmuext_op(mcs.mc, op, 1, NULL, DOMID_SELF);
 }
 
-static int pin_page(struct page *page, enum pt_level level)
+static int xen_pin_page(struct mm_struct *mm, struct page *page,
+                        enum pt_level level)
 {
         unsigned pgfl = TestSetPagePinned(page);
         int flush;
@@ -691,21 +795,40 @@ static int pin_page(struct page *page, enum pt_level level)
 
                 flush = 0;
 
+                /*
+                 * We need to hold the pagetable lock between the time
+                 * we make the pagetable RO and when we actually pin
+                 * it.  If we don't, then other users may come in and
+                 * attempt to update the pagetable by writing it,
+                 * which will fail because the memory is RO but not
+                 * pinned, so Xen won't do the trap'n'emulate.
+                 *
+                 * If we're using split pte locks, we can't hold the
+                 * entire pagetable's worth of locks during the
+                 * traverse, because we may wrap the preempt count (8
+                 * bits).  The solution is to mark RO and pin each PTE
+                 * page while holding the lock.  This means the number
+                 * of locks we end up holding is never more than a
+                 * batch size (~32 entries, at present).
+                 *
+                 * If we're not using split pte locks, we needn't pin
+                 * the PTE pages independently, because we're
+                 * protected by the overall pagetable lock.
+                 */
                 ptl = NULL;
                 if (level == PT_PTE)
-                        ptl = lock_pte(page);
+                        ptl = xen_pte_lock(page, mm);
 
                 MULTI_update_va_mapping(mcs.mc, (unsigned long)pt,
                                         pfn_pte(pfn, PAGE_KERNEL_RO),
                                         level == PT_PGD ? UVMF_TLB_FLUSH : 0);
 
-                if (level == PT_PTE)
+                if (ptl) {
                         xen_do_pin(MMUEXT_PIN_L1_TABLE, pfn);
 
-                if (ptl) {
                         /* Queue a deferred unlock for when this batch
                            is completed. */
-                        xen_mc_callback(do_unlock, ptl);
+                        xen_mc_callback(xen_pte_unlock, ptl);
                 }
         }
 
@@ -715,11 +838,11 @@ static int pin_page(struct page *page, enum pt_level level)
 /* This is called just after a mm has been created, but it has not
    been used yet.  We need to make sure that its pagetable is all
    read-only, and can be pinned. */
-void xen_pgd_pin(pgd_t *pgd)
+static void __xen_pgd_pin(struct mm_struct *mm, pgd_t *pgd)
 {
         xen_mc_batch();
 
-        if (pgd_walk(pgd, pin_page, USER_LIMIT)) {
+        if (xen_pgd_walk(mm, xen_pin_page, USER_LIMIT)) {
                 /* re-enable interrupts for kmap_flush_unused */
                 xen_mc_issue(0);
                 kmap_flush_unused();
@@ -733,25 +856,35 @@ void xen_pgd_pin(pgd_t *pgd)
                 xen_do_pin(MMUEXT_PIN_L4_TABLE, PFN_DOWN(__pa(pgd)));
 
                 if (user_pgd) {
-                        pin_page(virt_to_page(user_pgd), PT_PGD);
+                        xen_pin_page(mm, virt_to_page(user_pgd), PT_PGD);
                         xen_do_pin(MMUEXT_PIN_L4_TABLE, PFN_DOWN(__pa(user_pgd)));
                 }
         }
 #else /* CONFIG_X86_32 */
 #ifdef CONFIG_X86_PAE
         /* Need to make sure unshared kernel PMD is pinnable */
-        pin_page(virt_to_page(pgd_page(pgd[pgd_index(TASK_SIZE)])), PT_PMD);
+        xen_pin_page(mm, virt_to_page(pgd_page(pgd[pgd_index(TASK_SIZE)])),
+                     PT_PMD);
 #endif
         xen_do_pin(MMUEXT_PIN_L3_TABLE, PFN_DOWN(__pa(pgd)));
 #endif /* CONFIG_X86_64 */
         xen_mc_issue(0);
 }
 
+static void xen_pgd_pin(struct mm_struct *mm)
+{
+        __xen_pgd_pin(mm, mm->pgd);
+}
+
 /*
  * On save, we need to pin all pagetables to make sure they get their
  * mfns turned into pfns.  Search the list for any unpinned pgds and pin
  * them (unpinned pgds are not currently in use, probably because the
  * process is under construction or destruction).
+ *
+ * Expected to be called in stop_machine() ("equivalent to taking
+ * every spinlock in the system"), so the locking doesn't really
+ * matter all that much.
  */
 void xen_mm_pin_all(void)
 {
@@ -762,7 +895,7 @@ void xen_mm_pin_all(void)
 
         list_for_each_entry(page, &pgd_list, lru) {
                 if (!PagePinned(page)) {
-                        xen_pgd_pin((pgd_t *)page_address(page));
+                        __xen_pgd_pin(&init_mm, (pgd_t *)page_address(page));
                         SetPageSavePinned(page);
                 }
         }
@@ -775,7 +908,8 @@ void xen_mm_pin_all(void)
  * that's before we have page structures to store the bits.  So do all
  * the book-keeping now.
  */
-static __init int mark_pinned(struct page *page, enum pt_level level)
+static __init int xen_mark_pinned(struct mm_struct *mm, struct page *page,
+                                  enum pt_level level)
 {
         SetPagePinned(page);
         return 0;
@@ -783,10 +917,11 @@ static __init int mark_pinned(struct page *page, enum pt_level level)
 
 void __init xen_mark_init_mm_pinned(void)
 {
-        pgd_walk(init_mm.pgd, mark_pinned, FIXADDR_TOP);
+        xen_pgd_walk(&init_mm, xen_mark_pinned, FIXADDR_TOP);
 }
 
-static int unpin_page(struct page *page, enum pt_level level)
+static int xen_unpin_page(struct mm_struct *mm, struct page *page,
+                          enum pt_level level)
 {
         unsigned pgfl = TestClearPagePinned(page);
 
@@ -796,10 +931,18 @@ static int unpin_page(struct page *page, enum pt_level level)
                 spinlock_t *ptl = NULL;
                 struct multicall_space mcs;
 
+                /*
+                 * Do the converse to pin_page.  If we're using split
+                 * pte locks, we must be holding the lock for while
+                 * the pte page is unpinned but still RO to prevent
+                 * concurrent updates from seeing it in this
+                 * partially-pinned state.
+                 */
                 if (level == PT_PTE) {
-                        ptl = lock_pte(page);
+                        ptl = xen_pte_lock(page, mm);
 
-                        xen_do_pin(MMUEXT_UNPIN_TABLE, pfn);
+                        if (ptl)
+                                xen_do_pin(MMUEXT_UNPIN_TABLE, pfn);
                 }
 
                 mcs = __xen_mc_entry(0);
@@ -810,7 +953,7 @@ static int unpin_page(struct page *page, enum pt_level level)
 
                 if (ptl) {
                         /* unlock when batch completed */
-                        xen_mc_callback(do_unlock, ptl);
+                        xen_mc_callback(xen_pte_unlock, ptl);
                 }
         }
 
@@ -818,7 +961,7 @@ static int unpin_page(struct page *page, enum pt_level level)
 }
 
 /* Release a pagetables pages back as normal RW */
-static void xen_pgd_unpin(pgd_t *pgd)
+static void __xen_pgd_unpin(struct mm_struct *mm, pgd_t *pgd)
 {
         xen_mc_batch();
 
@@ -830,21 +973,27 @@ static void xen_pgd_unpin(pgd_t *pgd)
 
                 if (user_pgd) {
                         xen_do_pin(MMUEXT_UNPIN_TABLE, PFN_DOWN(__pa(user_pgd)));
-                        unpin_page(virt_to_page(user_pgd), PT_PGD);
+                        xen_unpin_page(mm, virt_to_page(user_pgd), PT_PGD);
                 }
         }
 #endif
 
 #ifdef CONFIG_X86_PAE
         /* Need to make sure unshared kernel PMD is unpinned */
-        pin_page(virt_to_page(pgd_page(pgd[pgd_index(TASK_SIZE)])), PT_PMD);
+        xen_unpin_page(mm, virt_to_page(pgd_page(pgd[pgd_index(TASK_SIZE)])),
+                       PT_PMD);
 #endif
 
-        pgd_walk(pgd, unpin_page, USER_LIMIT);
+        xen_pgd_walk(mm, xen_unpin_page, USER_LIMIT);
 
         xen_mc_issue(0);
 }
 
+static void xen_pgd_unpin(struct mm_struct *mm)
+{
+        __xen_pgd_unpin(mm, mm->pgd);
+}
+
 /*
  * On resume, undo any pinning done at save, so that the rest of the
  * kernel doesn't see any unexpected pinned pagetables.
@@ -859,7 +1008,7 @@ void xen_mm_unpin_all(void)
         list_for_each_entry(page, &pgd_list, lru) {
                 if (PageSavePinned(page)) {
                         BUG_ON(!PagePinned(page));
-                        xen_pgd_unpin((pgd_t *)page_address(page));
+                        __xen_pgd_unpin(&init_mm, (pgd_t *)page_address(page));
                         ClearPageSavePinned(page);
                 }
         }
@@ -870,14 +1019,14 @@ void xen_mm_unpin_all(void)
 void xen_activate_mm(struct mm_struct *prev, struct mm_struct *next)
 {
         spin_lock(&next->page_table_lock);
-        xen_pgd_pin(next->pgd);
+        xen_pgd_pin(next);
         spin_unlock(&next->page_table_lock);
 }
 
 void xen_dup_mmap(struct mm_struct *oldmm, struct mm_struct *mm)
 {
         spin_lock(&mm->page_table_lock);
-        xen_pgd_pin(mm->pgd);
+        xen_pgd_pin(mm);
         spin_unlock(&mm->page_table_lock);
 }
 
@@ -907,7 +1056,7 @@ static void drop_other_mm_ref(void *info)
         }
 }
 
-static void drop_mm_ref(struct mm_struct *mm)
+static void xen_drop_mm_ref(struct mm_struct *mm)
 {
         cpumask_t mask;
         unsigned cpu;
@@ -937,7 +1086,7 @@ static void drop_mm_ref(struct mm_struct *mm)
                 smp_call_function_mask(mask, drop_other_mm_ref, mm, 1);
 }
 #else
-static void drop_mm_ref(struct mm_struct *mm)
+static void xen_drop_mm_ref(struct mm_struct *mm)
 {
         if (current->active_mm == mm)
                 load_cr3(swapper_pg_dir);
@@ -961,14 +1110,77 @@ static void drop_mm_ref(struct mm_struct *mm)
 void xen_exit_mmap(struct mm_struct *mm)
 {
         get_cpu();              /* make sure we don't move around */
-        drop_mm_ref(mm);
+        xen_drop_mm_ref(mm);
         put_cpu();
 
         spin_lock(&mm->page_table_lock);
 
         /* pgd may not be pinned in the error exit path of execve */
-        if (page_pinned(mm->pgd))
-                xen_pgd_unpin(mm->pgd);
+        if (xen_page_pinned(mm->pgd))
+                xen_pgd_unpin(mm);
 
         spin_unlock(&mm->page_table_lock);
 }
+
+#ifdef CONFIG_XEN_DEBUG_FS
+
+static struct dentry *d_mmu_debug;
+
+static int __init xen_mmu_debugfs(void)
+{
+        struct dentry *d_xen = xen_init_debugfs();
+
+        if (d_xen == NULL)
+                return -ENOMEM;
+
+        d_mmu_debug = debugfs_create_dir("mmu", d_xen);
+
+        debugfs_create_u8("zero_stats", 0644, d_mmu_debug, &zero_stats);
+
+        debugfs_create_u32("pgd_update", 0444, d_mmu_debug, &mmu_stats.pgd_update);
+        debugfs_create_u32("pgd_update_pinned", 0444, d_mmu_debug,
+                           &mmu_stats.pgd_update_pinned);
+        debugfs_create_u32("pgd_update_batched", 0444, d_mmu_debug,
+                           &mmu_stats.pgd_update_pinned);
+
+        debugfs_create_u32("pud_update", 0444, d_mmu_debug, &mmu_stats.pud_update);
+        debugfs_create_u32("pud_update_pinned", 0444, d_mmu_debug,
+                           &mmu_stats.pud_update_pinned);
+        debugfs_create_u32("pud_update_batched", 0444, d_mmu_debug,
+                           &mmu_stats.pud_update_pinned);
+
+        debugfs_create_u32("pmd_update", 0444, d_mmu_debug, &mmu_stats.pmd_update);
+        debugfs_create_u32("pmd_update_pinned", 0444, d_mmu_debug,
+                           &mmu_stats.pmd_update_pinned);
+        debugfs_create_u32("pmd_update_batched", 0444, d_mmu_debug,
+                           &mmu_stats.pmd_update_pinned);
+
+        debugfs_create_u32("pte_update", 0444, d_mmu_debug, &mmu_stats.pte_update);
+//      debugfs_create_u32("pte_update_pinned", 0444, d_mmu_debug,
+//                         &mmu_stats.pte_update_pinned);
+        debugfs_create_u32("pte_update_batched", 0444, d_mmu_debug,
+                           &mmu_stats.pte_update_pinned);
+
+        debugfs_create_u32("mmu_update", 0444, d_mmu_debug, &mmu_stats.mmu_update);
+        debugfs_create_u32("mmu_update_extended", 0444, d_mmu_debug,
+                           &mmu_stats.mmu_update_extended);
+        xen_debugfs_create_u32_array("mmu_update_histo", 0444, d_mmu_debug,
+                                     mmu_stats.mmu_update_histo, 20);
+
+        debugfs_create_u32("set_pte_at", 0444, d_mmu_debug, &mmu_stats.set_pte_at);
+        debugfs_create_u32("set_pte_at_batched", 0444, d_mmu_debug,
+                           &mmu_stats.set_pte_at_batched);
+        debugfs_create_u32("set_pte_at_current", 0444, d_mmu_debug,
+                           &mmu_stats.set_pte_at_current);
+        debugfs_create_u32("set_pte_at_kernel", 0444, d_mmu_debug,
+                           &mmu_stats.set_pte_at_kernel);
+
+        debugfs_create_u32("prot_commit", 0444, d_mmu_debug, &mmu_stats.prot_commit);
+        debugfs_create_u32("prot_commit_batched", 0444, d_mmu_debug,
+                           &mmu_stats.prot_commit_batched);
+
+        return 0;
+}
+fs_initcall(xen_mmu_debugfs);
+
+#endif  /* CONFIG_XEN_DEBUG_FS */
diff --git a/arch/x86/xen/mmu.h b/arch/x86/xen/mmu.h
index 0f59bd03f9e3..98d71659da5a 100644
--- a/arch/x86/xen/mmu.h
+++ b/arch/x86/xen/mmu.h
@@ -18,9 +18,6 @@ void xen_activate_mm(struct mm_struct *prev, struct mm_struct *next);
 void xen_dup_mmap(struct mm_struct *oldmm, struct mm_struct *mm);
 void xen_exit_mmap(struct mm_struct *mm);
 
-void xen_pgd_pin(pgd_t *pgd);
-//void xen_pgd_unpin(pgd_t *pgd);
-
 pteval_t xen_pte_val(pte_t);
 pmdval_t xen_pmd_val(pmd_t);
 pgdval_t xen_pgd_val(pgd_t);
diff --git a/arch/x86/xen/multicalls.c b/arch/x86/xen/multicalls.c
index 9efd1c6c9776..8ea8a0d0b0de 100644
--- a/arch/x86/xen/multicalls.c
+++ b/arch/x86/xen/multicalls.c
@@ -21,16 +21,20 @@
  */
 #include <linux/percpu.h>
 #include <linux/hardirq.h>
+#include <linux/debugfs.h>
 
 #include <asm/xen/hypercall.h>
 
 #include "multicalls.h"
+#include "debugfs.h"
+
+#define MC_BATCH        32
 
 #define MC_DEBUG        1
 
-#define MC_BATCH        32
 #define MC_ARGS         (MC_BATCH * 16)
 
+
 struct mc_buffer {
         struct multicall_entry entries[MC_BATCH];
 #if MC_DEBUG
@@ -47,6 +51,76 @@ struct mc_buffer {
 static DEFINE_PER_CPU(struct mc_buffer, mc_buffer);
 DEFINE_PER_CPU(unsigned long, xen_mc_irq_flags);
 
+/* flush reasons 0- slots, 1- args, 2- callbacks */
+enum flush_reasons
+{
+        FL_SLOTS,
+        FL_ARGS,
+        FL_CALLBACKS,
+
+        FL_N_REASONS
+};
+
+#ifdef CONFIG_XEN_DEBUG_FS
+#define NHYPERCALLS     40              /* not really */
+
+static struct {
+        unsigned histo[MC_BATCH+1];
+
+        unsigned issued;
+        unsigned arg_total;
+        unsigned hypercalls;
+        unsigned histo_hypercalls[NHYPERCALLS];
+
+        unsigned flush[FL_N_REASONS];
+} mc_stats;
+
+static u8 zero_stats;
+
+static inline void check_zero(void)
+{
+        if (unlikely(zero_stats)) {
+                memset(&mc_stats, 0, sizeof(mc_stats));
+                zero_stats = 0;
+        }
+}
+
+static void mc_add_stats(const struct mc_buffer *mc)
+{
+        int i;
+
+        check_zero();
+
+        mc_stats.issued++;
+        mc_stats.hypercalls += mc->mcidx;
+        mc_stats.arg_total += mc->argidx;
+
+        mc_stats.histo[mc->mcidx]++;
+        for(i = 0; i < mc->mcidx; i++) {
+                unsigned op = mc->entries[i].op;
+                if (op < NHYPERCALLS)
+                        mc_stats.histo_hypercalls[op]++;
+        }
+}
+
+static void mc_stats_flush(enum flush_reasons idx)
+{
+        check_zero();
+
+        mc_stats.flush[idx]++;
+}
+
+#else  /* !CONFIG_XEN_DEBUG_FS */
+
+static inline void mc_add_stats(const struct mc_buffer *mc)
+{
+}
+
+static inline void mc_stats_flush(enum flush_reasons idx)
+{
+}
+#endif  /* CONFIG_XEN_DEBUG_FS */
+
 void xen_mc_flush(void)
 {
         struct mc_buffer *b = &__get_cpu_var(mc_buffer);
@@ -60,6 +134,8 @@ void xen_mc_flush(void)
            something in the middle */
         local_irq_save(flags);
 
+        mc_add_stats(b);
+
         if (b->mcidx) {
 #if MC_DEBUG
                 memcpy(b->debug, b->entries,
@@ -115,6 +191,7 @@ struct multicall_space __xen_mc_entry(size_t args)
 
         if (b->mcidx == MC_BATCH ||
             (argidx + args) > MC_ARGS) {
+                mc_stats_flush(b->mcidx == MC_BATCH ? FL_SLOTS : FL_ARGS);
                 xen_mc_flush();
                 argidx = roundup(b->argidx, sizeof(u64));
         }
@@ -158,10 +235,44 @@ void xen_mc_callback(void (*fn)(void *), void *data)
         struct mc_buffer *b = &__get_cpu_var(mc_buffer);
         struct callback *cb;
 
-        if (b->cbidx == MC_BATCH)
+        if (b->cbidx == MC_BATCH) {
+                mc_stats_flush(FL_CALLBACKS);
                 xen_mc_flush();
+        }
 
         cb = &b->callbacks[b->cbidx++];
         cb->fn = fn;
         cb->data = data;
 }
+
+#ifdef CONFIG_XEN_DEBUG_FS
+
+static struct dentry *d_mc_debug;
+
+static int __init xen_mc_debugfs(void)
+{
+        struct dentry *d_xen = xen_init_debugfs();
+
+        if (d_xen == NULL)
+                return -ENOMEM;
+
+        d_mc_debug = debugfs_create_dir("multicalls", d_xen);
+
+        debugfs_create_u8("zero_stats", 0644, d_mc_debug, &zero_stats);
+
+        debugfs_create_u32("batches", 0444, d_mc_debug, &mc_stats.issued);
+        debugfs_create_u32("hypercalls", 0444, d_mc_debug, &mc_stats.hypercalls);
+        debugfs_create_u32("arg_total", 0444, d_mc_debug, &mc_stats.arg_total);
+
+        xen_debugfs_create_u32_array("batch_histo", 0444, d_mc_debug,
+                                     mc_stats.histo, MC_BATCH);
+        xen_debugfs_create_u32_array("hypercall_histo", 0444, d_mc_debug,
+                                     mc_stats.histo_hypercalls, NHYPERCALLS);
+        xen_debugfs_create_u32_array("flush_reasons", 0444, d_mc_debug,
+                                     mc_stats.flush, FL_N_REASONS);
+
+        return 0;
+}
+fs_initcall(xen_mc_debugfs);
+
+#endif  /* CONFIG_XEN_DEBUG_FS */
diff --git a/arch/x86/xen/setup.c b/arch/x86/xen/setup.c
index b6acc3a0af46..d67901083888 100644
--- a/arch/x86/xen/setup.c
+++ b/arch/x86/xen/setup.c
@@ -42,7 +42,7 @@ char * __init xen_memory_setup(void)
 
         e820.nr_map = 0;
 
-        e820_add_region(0, PFN_PHYS(max_pfn), E820_RAM);
+        e820_add_region(0, PFN_PHYS((u64)max_pfn), E820_RAM);
 
         /*
          * Even though this is normal, usable memory under Xen, reserve
diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c
index d8faf79a0a1d..d77da613b1d2 100644
--- a/arch/x86/xen/smp.c
+++ b/arch/x86/xen/smp.c
@@ -11,11 +11,8 @@
  * useful topology information for the kernel to make use of.  As a
  * result, all CPUs are treated as if they're single-core and
  * single-threaded.
- *
- * This does not handle HOTPLUG_CPU yet.
  */
 #include <linux/sched.h>
-#include <linux/kernel_stat.h>
 #include <linux/err.h>
 #include <linux/smp.h>
 
@@ -36,8 +33,6 @@
 #include "xen-ops.h"
 #include "mmu.h"
 
-static void __cpuinit xen_init_lock_cpu(int cpu);
-
 cpumask_t xen_cpu_initialized_map;
 
 static DEFINE_PER_CPU(int, resched_irq);
@@ -64,11 +59,12 @@ static irqreturn_t xen_reschedule_interrupt(int irq, void *dev_id)
         return IRQ_HANDLED;
 }
 
-static __cpuinit void cpu_bringup_and_idle(void)
+static __cpuinit void cpu_bringup(void)
 {
         int cpu = smp_processor_id();
 
         cpu_init();
+        touch_softlockup_watchdog();
         preempt_disable();
 
         xen_enable_sysenter();
@@ -89,6 +85,11 @@ static __cpuinit void cpu_bringup_and_idle(void)
         local_irq_enable();
 
         wmb();                  /* make sure everything is out */
+}
+
+static __cpuinit void cpu_bringup_and_idle(void)
+{
+        cpu_bringup();
         cpu_idle();
 }
 
@@ -212,8 +213,6 @@ static void __init xen_smp_prepare_cpus(unsigned int max_cpus)
 
                 cpu_set(cpu, cpu_present_map);
         }
-
-        //init_xenbus_allowed_cpumask();
 }
 
 static __cpuinit int
@@ -281,12 +280,6 @@ static int __cpuinit xen_cpu_up(unsigned int cpu)
         struct task_struct *idle = idle_task(cpu);
         int rc;
 
-#if 0
-        rc = cpu_up_check(cpu);
-        if (rc)
-                return rc;
-#endif
-
 #ifdef CONFIG_X86_64
         /* Allocate node local memory for AP pdas */
         WARN_ON(cpu == 0);
@@ -339,6 +332,60 @@ static void xen_smp_cpus_done(unsigned int max_cpus)
 {
 }
 
+#ifdef CONFIG_HOTPLUG_CPU
+static int xen_cpu_disable(void)
+{
+        unsigned int cpu = smp_processor_id();
+        if (cpu == 0)
+                return -EBUSY;
+
+        cpu_disable_common();
+
+        load_cr3(swapper_pg_dir);
+        return 0;
+}
+
+static void xen_cpu_die(unsigned int cpu)
+{
+        while (HYPERVISOR_vcpu_op(VCPUOP_is_up, cpu, NULL)) {
+                current->state = TASK_UNINTERRUPTIBLE;
+                schedule_timeout(HZ/10);
+        }
+        unbind_from_irqhandler(per_cpu(resched_irq, cpu), NULL);
+        unbind_from_irqhandler(per_cpu(callfunc_irq, cpu), NULL);
+        unbind_from_irqhandler(per_cpu(debug_irq, cpu), NULL);
+        unbind_from_irqhandler(per_cpu(callfuncsingle_irq, cpu), NULL);
+        xen_uninit_lock_cpu(cpu);
+        xen_teardown_timer(cpu);
+
+        if (num_online_cpus() == 1)
+                alternatives_smp_switch(0);
+}
+
+static void xen_play_dead(void)
+{
+        play_dead_common();
+        HYPERVISOR_vcpu_op(VCPUOP_down, smp_processor_id(), NULL);
+        cpu_bringup();
+}
+
+#else /* !CONFIG_HOTPLUG_CPU */
+static int xen_cpu_disable(void)
+{
+        return -ENOSYS;
+}
+
+static void xen_cpu_die(unsigned int cpu)
+{
+        BUG();
+}
+
+static void xen_play_dead(void)
+{
+        BUG();
+}
+
+#endif
 static void stop_self(void *v)
 {
         int cpu = smp_processor_id();
@@ -419,176 +466,16 @@ static irqreturn_t xen_call_function_single_interrupt(int irq, void *dev_id)
         return IRQ_HANDLED;
 }
 
-struct xen_spinlock {
-        unsigned char lock;             /* 0 -> free; 1 -> locked */
-        unsigned short spinners;        /* count of waiting cpus */
-};
-
-static int xen_spin_is_locked(struct raw_spinlock *lock)
-{
-        struct xen_spinlock *xl = (struct xen_spinlock *)lock;
-
-        return xl->lock != 0;
-}
-
-static int xen_spin_is_contended(struct raw_spinlock *lock)
-{
-        struct xen_spinlock *xl = (struct xen_spinlock *)lock;
-
-        /* Not strictly true; this is only the count of contended
-           lock-takers entering the slow path. */
-        return xl->spinners != 0;
-}
-
-static int xen_spin_trylock(struct raw_spinlock *lock)
-{
-        struct xen_spinlock *xl = (struct xen_spinlock *)lock;
-        u8 old = 1;
-
-        asm("xchgb %b0,%1"
-            : "+q" (old), "+m" (xl->lock) : : "memory");
-
-        return old == 0;
-}
-
-static DEFINE_PER_CPU(int, lock_kicker_irq) = -1;
-static DEFINE_PER_CPU(struct xen_spinlock *, lock_spinners);
-
-static inline void spinning_lock(struct xen_spinlock *xl)
-{
-        __get_cpu_var(lock_spinners) = xl;
-        wmb();                  /* set lock of interest before count */
-        asm(LOCK_PREFIX " incw %0"
-            : "+m" (xl->spinners) : : "memory");
-}
-
-static inline void unspinning_lock(struct xen_spinlock *xl)
-{
-        asm(LOCK_PREFIX " decw %0"
-            : "+m" (xl->spinners) : : "memory");
-        wmb();                  /* decrement count before clearing lock */
-        __get_cpu_var(lock_spinners) = NULL;
-}
-
-static noinline int xen_spin_lock_slow(struct raw_spinlock *lock)
-{
-        struct xen_spinlock *xl = (struct xen_spinlock *)lock;
-        int irq = __get_cpu_var(lock_kicker_irq);
-        int ret;
-
-        /* If kicker interrupts not initialized yet, just spin */
-        if (irq == -1)
-                return 0;
-
-        /* announce we're spinning */
-        spinning_lock(xl);
-
-        /* clear pending */
-        xen_clear_irq_pending(irq);
-
-        /* check again make sure it didn't become free while
-           we weren't looking  */
-        ret = xen_spin_trylock(lock);
-        if (ret)
-                goto out;
-
-        /* block until irq becomes pending */
-        xen_poll_irq(irq);
-        kstat_this_cpu.irqs[irq]++;
-
-out:
-        unspinning_lock(xl);
-        return ret;
-}
-
-static void xen_spin_lock(struct raw_spinlock *lock)
-{
-        struct xen_spinlock *xl = (struct xen_spinlock *)lock;
-        int timeout;
-        u8 oldval;
-
-        do {
-                timeout = 1 << 10;
-
-                asm("1: xchgb %1,%0\n"
-                    "   testb %1,%1\n"
-                    "   jz 3f\n"
-                    "2: rep;nop\n"
-                    "   cmpb $0,%0\n"
-                    "   je 1b\n"
-                    "   dec %2\n"
-                    "   jnz 2b\n"
-                    "3:\n"
-                    : "+m" (xl->lock), "=q" (oldval), "+r" (timeout)
-                    : "1" (1)
-                    : "memory");
-
-        } while (unlikely(oldval != 0 && !xen_spin_lock_slow(lock)));
-}
-
-static noinline void xen_spin_unlock_slow(struct xen_spinlock *xl)
-{
-        int cpu;
-
-        for_each_online_cpu(cpu) {
-                /* XXX should mix up next cpu selection */
-                if (per_cpu(lock_spinners, cpu) == xl) {
-                        xen_send_IPI_one(cpu, XEN_SPIN_UNLOCK_VECTOR);
-                        break;
-                }
-        }
-}
-
-static void xen_spin_unlock(struct raw_spinlock *lock)
-{
-        struct xen_spinlock *xl = (struct xen_spinlock *)lock;
-
-        smp_wmb();              /* make sure no writes get moved after unlock */
-        xl->lock = 0;           /* release lock */
-
-        /* make sure unlock happens before kick */
-        barrier();
-
-        if (unlikely(xl->spinners))
-                xen_spin_unlock_slow(xl);
-}
-
-static __cpuinit void xen_init_lock_cpu(int cpu)
-{
-        int irq;
-        const char *name;
-
-        name = kasprintf(GFP_KERNEL, "spinlock%d", cpu);
-        irq = bind_ipi_to_irqhandler(XEN_SPIN_UNLOCK_VECTOR,
-                                     cpu,
-                                     xen_reschedule_interrupt,
-                                     IRQF_DISABLED|IRQF_PERCPU|IRQF_NOBALANCING,
-                                     name,
-                                     NULL);
-
-        if (irq >= 0) {
-                disable_irq(irq); /* make sure it's never delivered */
-                per_cpu(lock_kicker_irq, cpu) = irq;
-        }
-
-        printk("cpu %d spinlock event irq %d\n", cpu, irq);
-}
-
-static void __init xen_init_spinlocks(void)
-{
-        pv_lock_ops.spin_is_locked = xen_spin_is_locked;
-        pv_lock_ops.spin_is_contended = xen_spin_is_contended;
-        pv_lock_ops.spin_lock = xen_spin_lock;
-        pv_lock_ops.spin_trylock = xen_spin_trylock;
-        pv_lock_ops.spin_unlock = xen_spin_unlock;
-}
-
 static const struct smp_ops xen_smp_ops __initdata = {
         .smp_prepare_boot_cpu = xen_smp_prepare_boot_cpu,
         .smp_prepare_cpus = xen_smp_prepare_cpus,
-        .cpu_up = xen_cpu_up,
         .smp_cpus_done = xen_smp_cpus_done,
 
+        .cpu_up = xen_cpu_up,
+        .cpu_die = xen_cpu_die,
+        .cpu_disable = xen_cpu_disable,
+        .play_dead = xen_play_dead,
+
         .smp_send_stop = xen_smp_send_stop,
         .smp_send_reschedule = xen_smp_send_reschedule,
 
diff --git a/arch/x86/xen/spinlock.c b/arch/x86/xen/spinlock.c
new file mode 100644
index 000000000000..dd71e3a021cd
--- /dev/null
+++ b/arch/x86/xen/spinlock.c
@@ -0,0 +1,428 @@
+/*
+ * Split spinlock implementation out into its own file, so it can be
+ * compiled in a FTRACE-compatible way.
+ */
+#include <linux/kernel_stat.h>
+#include <linux/spinlock.h>
+#include <linux/debugfs.h>
+#include <linux/log2.h>
+
+#include <asm/paravirt.h>
+
+#include <xen/interface/xen.h>
+#include <xen/events.h>
+
+#include "xen-ops.h"
+#include "debugfs.h"
+
+#ifdef CONFIG_XEN_DEBUG_FS
+static struct xen_spinlock_stats
+{
+        u64 taken;
+        u32 taken_slow;
+        u32 taken_slow_nested;
+        u32 taken_slow_pickup;
+        u32 taken_slow_spurious;
+        u32 taken_slow_irqenable;
+
+        u64 released;
+        u32 released_slow;
+        u32 released_slow_kicked;
+
+#define HISTO_BUCKETS   30
+        u32 histo_spin_total[HISTO_BUCKETS+1];
+        u32 histo_spin_spinning[HISTO_BUCKETS+1];
+        u32 histo_spin_blocked[HISTO_BUCKETS+1];
+
+        u64 time_total;
+        u64 time_spinning;
+        u64 time_blocked;
+} spinlock_stats;
+
+static u8 zero_stats;
+
+static unsigned lock_timeout = 1 << 10;
+#define TIMEOUT lock_timeout
+
+static inline void check_zero(void)
+{
+        if (unlikely(zero_stats)) {
+                memset(&spinlock_stats, 0, sizeof(spinlock_stats));
+                zero_stats = 0;
+        }
+}
+
+#define ADD_STATS(elem, val)                    \
+        do { check_zero(); spinlock_stats.elem += (val); } while(0)
+
+static inline u64 spin_time_start(void)
+{
+        return xen_clocksource_read();
+}
+
+static void __spin_time_accum(u64 delta, u32 *array)
+{
+        unsigned index = ilog2(delta);
+
+        check_zero();
+
+        if (index < HISTO_BUCKETS)
+                array[index]++;
+        else
+                array[HISTO_BUCKETS]++;
+}
+
+static inline void spin_time_accum_spinning(u64 start)
+{
+        u32 delta = xen_clocksource_read() - start;
+
+        __spin_time_accum(delta, spinlock_stats.histo_spin_spinning);
+        spinlock_stats.time_spinning += delta;
+}
+
+static inline void spin_time_accum_total(u64 start)
+{
+        u32 delta = xen_clocksource_read() - start;
+
+        __spin_time_accum(delta, spinlock_stats.histo_spin_total);
+        spinlock_stats.time_total += delta;
+}
+
+static inline void spin_time_accum_blocked(u64 start)
+{
+        u32 delta = xen_clocksource_read() - start;
+
+        __spin_time_accum(delta, spinlock_stats.histo_spin_blocked);
+        spinlock_stats.time_blocked += delta;
+}
+#else  /* !CONFIG_XEN_DEBUG_FS */
+#define TIMEOUT                 (1 << 10)
+#define ADD_STATS(elem, val)    do { (void)(val); } while(0)
+
+static inline u64 spin_time_start(void)
+{
+        return 0;
+}
+
+static inline void spin_time_accum_total(u64 start)
+{
+}
+static inline void spin_time_accum_spinning(u64 start)
+{
+}
+static inline void spin_time_accum_blocked(u64 start)
+{
+}
+#endif  /* CONFIG_XEN_DEBUG_FS */
+
+struct xen_spinlock {
+        unsigned char lock;             /* 0 -> free; 1 -> locked */
+        unsigned short spinners;        /* count of waiting cpus */
+};
+
+static int xen_spin_is_locked(struct raw_spinlock *lock)
+{
+        struct xen_spinlock *xl = (struct xen_spinlock *)lock;
+
+        return xl->lock != 0;
+}
+
+static int xen_spin_is_contended(struct raw_spinlock *lock)
+{
+        struct xen_spinlock *xl = (struct xen_spinlock *)lock;
+
+        /* Not strictly true; this is only the count of contended
+           lock-takers entering the slow path. */
+        return xl->spinners != 0;
+}
+
+static int xen_spin_trylock(struct raw_spinlock *lock)
+{
+        struct xen_spinlock *xl = (struct xen_spinlock *)lock;
+        u8 old = 1;
+
+        asm("xchgb %b0,%1"
+            : "+q" (old), "+m" (xl->lock) : : "memory");
+
+        return old == 0;
+}
+
+static DEFINE_PER_CPU(int, lock_kicker_irq) = -1;
+static DEFINE_PER_CPU(struct xen_spinlock *, lock_spinners);
+
+/*
+ * Mark a cpu as interested in a lock.  Returns the CPU's previous
+ * lock of interest, in case we got preempted by an interrupt.
+ */
+static inline struct xen_spinlock *spinning_lock(struct xen_spinlock *xl)
+{
+        struct xen_spinlock *prev;
+
+        prev = __get_cpu_var(lock_spinners);
+        __get_cpu_var(lock_spinners) = xl;
+
+        wmb();                  /* set lock of interest before count */
+
+        asm(LOCK_PREFIX " incw %0"
+            : "+m" (xl->spinners) : : "memory");
+
+        return prev;
+}
+
+/*
+ * Mark a cpu as no longer interested in a lock.  Restores previous
+ * lock of interest (NULL for none).
+ */
+static inline void unspinning_lock(struct xen_spinlock *xl, struct xen_spinlock *prev)
+{
+        asm(LOCK_PREFIX " decw %0"
+            : "+m" (xl->spinners) : : "memory");
+        wmb();                  /* decrement count before restoring lock */
+        __get_cpu_var(lock_spinners) = prev;
+}
+
+static noinline int xen_spin_lock_slow(struct raw_spinlock *lock, bool irq_enable)
+{
+        struct xen_spinlock *xl = (struct xen_spinlock *)lock;
+        struct xen_spinlock *prev;
+        int irq = __get_cpu_var(lock_kicker_irq);
+        int ret;
+        unsigned long flags;
+        u64 start;
+
+        /* If kicker interrupts not initialized yet, just spin */
+        if (irq == -1)
+                return 0;
+
+        start = spin_time_start();
+
+        /* announce we're spinning */
+        prev = spinning_lock(xl);
+
+        flags = __raw_local_save_flags();
+        if (irq_enable) {
+                ADD_STATS(taken_slow_irqenable, 1);
+                raw_local_irq_enable();
+        }
+
+        ADD_STATS(taken_slow, 1);
+        ADD_STATS(taken_slow_nested, prev != NULL);
+
+        do {
+                /* clear pending */
+                xen_clear_irq_pending(irq);
+
+                /* check again make sure it didn't become free while
+                   we weren't looking  */
+                ret = xen_spin_trylock(lock);
+                if (ret) {
+                        ADD_STATS(taken_slow_pickup, 1);
+
+                        /*
+                         * If we interrupted another spinlock while it
+                         * was blocking, make sure it doesn't block
+                         * without rechecking the lock.
+                         */
+                        if (prev != NULL)
+                                xen_set_irq_pending(irq);
+                        goto out;
+                }
+
+                /*
+                 * Block until irq becomes pending.  If we're
+                 * interrupted at this point (after the trylock but
+                 * before entering the block), then the nested lock
+                 * handler guarantees that the irq will be left
+                 * pending if there's any chance the lock became free;
+                 * xen_poll_irq() returns immediately if the irq is
+                 * pending.
+                 */
+                xen_poll_irq(irq);
+                ADD_STATS(taken_slow_spurious, !xen_test_irq_pending(irq));
+        } while (!xen_test_irq_pending(irq)); /* check for spurious wakeups */
+
+        kstat_this_cpu.irqs[irq]++;
+
+out:
+        raw_local_irq_restore(flags);
+        unspinning_lock(xl, prev);
+        spin_time_accum_blocked(start);
+
+        return ret;
+}
+
+static inline void __xen_spin_lock(struct raw_spinlock *lock, bool irq_enable)
+{
+        struct xen_spinlock *xl = (struct xen_spinlock *)lock;
+        unsigned timeout;
+        u8 oldval;
+        u64 start_spin;
+
+        ADD_STATS(taken, 1);
+
+        start_spin = spin_time_start();
+
+        do {
+                u64 start_spin_fast = spin_time_start();
+
+                timeout = TIMEOUT;
+
+                asm("1: xchgb %1,%0\n"
+                    "   testb %1,%1\n"
+                    "   jz 3f\n"
+                    "2: rep;nop\n"
+                    "   cmpb $0,%0\n"
+                    "   je 1b\n"
+                    "   dec %2\n"
+                    "   jnz 2b\n"
+                    "3:\n"
+                    : "+m" (xl->lock), "=q" (oldval), "+r" (timeout)
+                    : "1" (1)
+                    : "memory");
+
+                spin_time_accum_spinning(start_spin_fast);
+
+        } while (unlikely(oldval != 0 &&
+                          (TIMEOUT == ~0 || !xen_spin_lock_slow(lock, irq_enable))));
+
+        spin_time_accum_total(start_spin);
+}
+
+static void xen_spin_lock(struct raw_spinlock *lock)
+{
+        __xen_spin_lock(lock, false);
+}
+
+static void xen_spin_lock_flags(struct raw_spinlock *lock, unsigned long flags)
+{
+        __xen_spin_lock(lock, !raw_irqs_disabled_flags(flags));
+}
+
+static noinline void xen_spin_unlock_slow(struct xen_spinlock *xl)
+{
+        int cpu;
+
+        ADD_STATS(released_slow, 1);
+
+        for_each_online_cpu(cpu) {
+                /* XXX should mix up next cpu selection */
+                if (per_cpu(lock_spinners, cpu) == xl) {
+                        ADD_STATS(released_slow_kicked, 1);
+                        xen_send_IPI_one(cpu, XEN_SPIN_UNLOCK_VECTOR);
+                        break;
+                }
+        }
+}
+
+static void xen_spin_unlock(struct raw_spinlock *lock)
+{
+        struct xen_spinlock *xl = (struct xen_spinlock *)lock;
+
+        ADD_STATS(released, 1);
+
+        smp_wmb();              /* make sure no writes get moved after unlock */
+        xl->lock = 0;           /* release lock */
+
+        /* make sure unlock happens before kick */
+        barrier();
+
+        if (unlikely(xl->spinners))
+                xen_spin_unlock_slow(xl);
+}
+
+static irqreturn_t dummy_handler(int irq, void *dev_id)
+{
+        BUG();
+        return IRQ_HANDLED;
+}
+
+void __cpuinit xen_init_lock_cpu(int cpu)
+{
+        int irq;
+        const char *name;
+
+        name = kasprintf(GFP_KERNEL, "spinlock%d", cpu);
+        irq = bind_ipi_to_irqhandler(XEN_SPIN_UNLOCK_VECTOR,
+                                     cpu,
+                                     dummy_handler,
+                                     IRQF_DISABLED|IRQF_PERCPU|IRQF_NOBALANCING,
+                                     name,
+                                     NULL);
+
+        if (irq >= 0) {
+                disable_irq(irq); /* make sure it's never delivered */
+                per_cpu(lock_kicker_irq, cpu) = irq;
+        }
+
+        printk("cpu %d spinlock event irq %d\n", cpu, irq);
+}
+
+void xen_uninit_lock_cpu(int cpu)
+{
+        unbind_from_irqhandler(per_cpu(lock_kicker_irq, cpu), NULL);
+}
+
+void __init xen_init_spinlocks(void)
+{
+        pv_lock_ops.spin_is_locked = xen_spin_is_locked;
+        pv_lock_ops.spin_is_contended = xen_spin_is_contended;
+        pv_lock_ops.spin_lock = xen_spin_lock;
+        pv_lock_ops.spin_lock_flags = xen_spin_lock_flags;
+        pv_lock_ops.spin_trylock = xen_spin_trylock;
+        pv_lock_ops.spin_unlock = xen_spin_unlock;
+}
+
+#ifdef CONFIG_XEN_DEBUG_FS
+
+static struct dentry *d_spin_debug;
+
+static int __init xen_spinlock_debugfs(void)
+{
+        struct dentry *d_xen = xen_init_debugfs();
+
+        if (d_xen == NULL)
+                return -ENOMEM;
+
+        d_spin_debug = debugfs_create_dir("spinlocks", d_xen);
+
+        debugfs_create_u8("zero_stats", 0644, d_spin_debug, &zero_stats);
+
+        debugfs_create_u32("timeout", 0644, d_spin_debug, &lock_timeout);
+
+        debugfs_create_u64("taken", 0444, d_spin_debug, &spinlock_stats.taken);
+        debugfs_create_u32("taken_slow", 0444, d_spin_debug,
+                           &spinlock_stats.taken_slow);
+        debugfs_create_u32("taken_slow_nested", 0444, d_spin_debug,
+                           &spinlock_stats.taken_slow_nested);
+        debugfs_create_u32("taken_slow_pickup", 0444, d_spin_debug,
+                           &spinlock_stats.taken_slow_pickup);
+        debugfs_create_u32("taken_slow_spurious", 0444, d_spin_debug,
+                           &spinlock_stats.taken_slow_spurious);
+        debugfs_create_u32("taken_slow_irqenable", 0444, d_spin_debug,
+                           &spinlock_stats.taken_slow_irqenable);
+
+        debugfs_create_u64("released", 0444, d_spin_debug, &spinlock_stats.released);
+        debugfs_create_u32("released_slow", 0444, d_spin_debug,
+                           &spinlock_stats.released_slow);
+        debugfs_create_u32("released_slow_kicked", 0444, d_spin_debug,
+                           &spinlock_stats.released_slow_kicked);
+
+        debugfs_create_u64("time_spinning", 0444, d_spin_debug,
+                           &spinlock_stats.time_spinning);
+        debugfs_create_u64("time_blocked", 0444, d_spin_debug,
+                           &spinlock_stats.time_blocked);
+        debugfs_create_u64("time_total", 0444, d_spin_debug,
+                           &spinlock_stats.time_total);
+
+        xen_debugfs_create_u32_array("histo_total", 0444, d_spin_debug,
+                                     spinlock_stats.histo_spin_total, HISTO_BUCKETS + 1);
+        xen_debugfs_create_u32_array("histo_spinning", 0444, d_spin_debug,
+                                     spinlock_stats.histo_spin_spinning, HISTO_BUCKETS + 1);
+        xen_debugfs_create_u32_array("histo_blocked", 0444, d_spin_debug,
+                                     spinlock_stats.histo_spin_blocked, HISTO_BUCKETS + 1);
+
+        return 0;
+}
+fs_initcall(xen_spinlock_debugfs);
+
+#endif  /* CONFIG_XEN_DEBUG_FS */
diff --git a/arch/x86/xen/time.c b/arch/x86/xen/time.c
index 685b77470fc3..c9f7cda48ed7 100644
--- a/arch/x86/xen/time.c
+++ b/arch/x86/xen/time.c
@@ -30,8 +30,6 @@
 #define TIMER_SLOP      100000
 #define NS_PER_TICK     (1000000000LL / HZ)
 
-static cycle_t xen_clocksource_read(void);
-
 /* runstate info updated by Xen */
 static DEFINE_PER_CPU(struct vcpu_runstate_info, runstate);
 
@@ -200,20 +198,13 @@ unsigned long long xen_sched_clock(void)
 /* Get the TSC speed from Xen */
 unsigned long xen_tsc_khz(void)
 {
-        u64 xen_khz = 1000000ULL << 32;
-        const struct pvclock_vcpu_time_info *info =
+        struct pvclock_vcpu_time_info *info =
                 &HYPERVISOR_shared_info->vcpu_info[0].time;
 
-        do_div(xen_khz, info->tsc_to_system_mul);
-        if (info->tsc_shift < 0)
-                xen_khz <<= -info->tsc_shift;
-        else
-                xen_khz >>= info->tsc_shift;
-
-        return xen_khz;
+        return pvclock_tsc_khz(info);
 }
 
-static cycle_t xen_clocksource_read(void)
+cycle_t xen_clocksource_read(void)
 {
         struct pvclock_vcpu_time_info *src;
         cycle_t ret;
@@ -452,6 +443,14 @@ void xen_setup_timer(int cpu)
         setup_runstate_info(cpu);
 }
 
+void xen_teardown_timer(int cpu)
+{
+        struct clock_event_device *evt;
+        BUG_ON(cpu == 0);
+        evt = &per_cpu(xen_clock_events, cpu);
+        unbind_from_irqhandler(evt->irq, NULL);
+}
+
 void xen_setup_cpu_clockevents(void)
 {
         BUG_ON(preemptible());
diff --git a/arch/x86/xen/xen-asm_32.S b/arch/x86/xen/xen-asm_32.S
index 2497a30f41de..42786f59d9c0 100644
--- a/arch/x86/xen/xen-asm_32.S
+++ b/arch/x86/xen/xen-asm_32.S
@@ -298,7 +298,7 @@ check_events:
         push %eax
         push %ecx
         push %edx
-        call force_evtchn_callback
+        call xen_force_evtchn_callback
         pop %edx
         pop %ecx
         pop %eax
diff --git a/arch/x86/xen/xen-asm_64.S b/arch/x86/xen/xen-asm_64.S
index 7f58304fafb3..05794c566e87 100644
--- a/arch/x86/xen/xen-asm_64.S
+++ b/arch/x86/xen/xen-asm_64.S
@@ -26,8 +26,15 @@
 /* Pseudo-flag used for virtual NMI, which we don't implement yet */
 #define XEN_EFLAGS_NMI  0x80000000
 
-#if 0
-#include <asm/percpu.h>
+#if 1
+/*
+        x86-64 does not yet support direct access to percpu variables
+        via a segment override, so we just need to make sure this code
+        never gets used
+ */
+#define BUG                     ud2a
+#define PER_CPU_VAR(var, off)   0xdeadbeef
+#endif
 
 /*
         Enable events.  This clears the event mask and tests the pending
@@ -35,6 +42,8 @@
         events, then enter the hypervisor to get them handled.
  */
 ENTRY(xen_irq_enable_direct)
+        BUG
+
         /* Unmask events */
         movb $0, PER_CPU_VAR(xen_vcpu_info, XEN_vcpu_info_mask)
 
@@ -58,6 +67,8 @@ ENDPATCH(xen_irq_enable_direct)
         non-zero.
  */
 ENTRY(xen_irq_disable_direct)
+        BUG
+
         movb $1, PER_CPU_VAR(xen_vcpu_info, XEN_vcpu_info_mask)
 ENDPATCH(xen_irq_disable_direct)
         ret
@@ -74,6 +85,8 @@ ENDPATCH(xen_irq_disable_direct)
         Xen and x86 use opposite senses (mask vs enable).
  */
 ENTRY(xen_save_fl_direct)
+        BUG
+
         testb $0xff, PER_CPU_VAR(xen_vcpu_info, XEN_vcpu_info_mask)
         setz %ah
         addb %ah,%ah
@@ -91,6 +104,8 @@ ENDPATCH(xen_save_fl_direct)
         if so.
  */
 ENTRY(xen_restore_fl_direct)
+        BUG
+
         testb $X86_EFLAGS_IF>>8, %ah
         setz PER_CPU_VAR(xen_vcpu_info, XEN_vcpu_info_mask)
         /* Preempt here doesn't matter because that will deal with
@@ -122,7 +137,7 @@ check_events:
         push %r9
         push %r10
         push %r11
-        call force_evtchn_callback
+        call xen_force_evtchn_callback
         pop %r11
         pop %r10
         pop %r9
@@ -133,7 +148,6 @@ check_events:
         pop %rcx
         pop %rax
         ret
-#endif
 
 ENTRY(xen_adjust_exception_frame)
         mov 8+0(%rsp),%rcx
diff --git a/arch/x86/xen/xen-ops.h b/arch/x86/xen/xen-ops.h
index dd3c23152a2e..d7422dc2a55c 100644
--- a/arch/x86/xen/xen-ops.h
+++ b/arch/x86/xen/xen-ops.h
@@ -2,6 +2,7 @@
 #define XEN_OPS_H
 
 #include <linux/init.h>
+#include <linux/clocksource.h>
 #include <linux/irqreturn.h>
 #include <xen/xen-ops.h>
 
@@ -31,7 +32,10 @@ void xen_vcpu_restore(void);
 
 void __init xen_build_dynamic_phys_to_machine(void);
 
+void xen_init_irq_ops(void);
 void xen_setup_timer(int cpu);
+void xen_teardown_timer(int cpu);
+cycle_t xen_clocksource_read(void);
 void xen_setup_cpu_clockevents(void);
 unsigned long xen_tsc_khz(void);
 void __init xen_time_init(void);
@@ -50,6 +54,10 @@ void __init xen_setup_vcpu_info_placement(void);
 #ifdef CONFIG_SMP
 void xen_smp_init(void);
 
+void __init xen_init_spinlocks(void);
+__cpuinit void xen_init_lock_cpu(int cpu);
+void xen_uninit_lock_cpu(int cpu);
+
 extern cpumask_t xen_cpu_initialized_map;
 #else
 static inline void xen_smp_init(void) {}