Merge commit 'origin/master' into next

48 files changed, 1637 insertions, 240 deletions

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 356d2ec8e2fb..cf42fc305419 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -46,6 +46,7 @@ config X86
         select HAVE_KERNEL_GZIP
         select HAVE_KERNEL_BZIP2
         select HAVE_KERNEL_LZMA
+        select HAVE_ARCH_KMEMCHECK
 
 config OUTPUT_FORMAT
         string
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index edbd0ca62067..1b68659c41b4 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -81,6 +81,11 @@ ifdef CONFIG_CC_STACKPROTECTOR
         endif
 endif
 
+# Don't unroll struct assignments with kmemcheck enabled
+ifeq ($(CONFIG_KMEMCHECK),y)
+        KBUILD_CFLAGS += $(call cc-option,-fno-builtin-memcpy)
+endif
+
 # Stackpointer is addressed different for 32 bit and 64 bit x86
 sp-$(CONFIG_X86_32) := esp
 sp-$(CONFIG_X86_64) := rsp
diff --git a/arch/x86/include/asm/dma-mapping.h b/arch/x86/include/asm/dma-mapping.h
index f82fdc412c64..b93405b228b4 100644
--- a/arch/x86/include/asm/dma-mapping.h
+++ b/arch/x86/include/asm/dma-mapping.h
@@ -6,6 +6,7 @@
  * Documentation/DMA-API.txt for documentation.
  */
 
+#include <linux/kmemcheck.h>
 #include <linux/scatterlist.h>
 #include <linux/dma-debug.h>
 #include <linux/dma-attrs.h>
@@ -60,6 +61,7 @@ dma_map_single(struct device *hwdev, void *ptr, size_t size,
         dma_addr_t addr;
 
         BUG_ON(!valid_dma_direction(dir));
+        kmemcheck_mark_initialized(ptr, size);
         addr = ops->map_page(hwdev, virt_to_page(ptr),
                              (unsigned long)ptr & ~PAGE_MASK, size,
                              dir, NULL);
@@ -87,8 +89,12 @@ dma_map_sg(struct device *hwdev, struct scatterlist *sg,
 {
         struct dma_map_ops *ops = get_dma_ops(hwdev);
         int ents;
+        struct scatterlist *s;
+        int i;
 
         BUG_ON(!valid_dma_direction(dir));
+        for_each_sg(sg, s, nents, i)
+                kmemcheck_mark_initialized(sg_virt(s), s->length);
         ents = ops->map_sg(hwdev, sg, nents, dir, NULL);
         debug_dma_map_sg(hwdev, sg, nents, ents, dir);
 
@@ -200,6 +206,7 @@ static inline dma_addr_t dma_map_page(struct device *dev, struct page *page,
         dma_addr_t addr;
 
         BUG_ON(!valid_dma_direction(dir));
+        kmemcheck_mark_initialized(page_address(page) + offset, size);
         addr = ops->map_page(dev, page, offset, size, dir, NULL);
         debug_dma_map_page(dev, page, offset, size, dir, addr, false);
 
diff --git a/arch/x86/include/asm/kmap_types.h b/arch/x86/include/asm/kmap_types.h
index 5759c165a5cf..9e00a731a7fb 100644
--- a/arch/x86/include/asm/kmap_types.h
+++ b/arch/x86/include/asm/kmap_types.h
@@ -2,28 +2,11 @@
 #define _ASM_X86_KMAP_TYPES_H
 
 #if defined(CONFIG_X86_32) && defined(CONFIG_DEBUG_HIGHMEM)
-# define D(n) __KM_FENCE_##n ,
-#else
-# define D(n)
+#define  __WITH_KM_FENCE
 #endif
 
-enum km_type {
-D(0)    KM_BOUNCE_READ,
-D(1)    KM_SKB_SUNRPC_DATA,
-D(2)    KM_SKB_DATA_SOFTIRQ,
-D(3)    KM_USER0,
-D(4)    KM_USER1,
-D(5)    KM_BIO_SRC_IRQ,
-D(6)    KM_BIO_DST_IRQ,
-D(7)    KM_PTE0,
-D(8)    KM_PTE1,
-D(9)    KM_IRQ0,
-D(10)   KM_IRQ1,
-D(11)   KM_SOFTIRQ0,
-D(12)   KM_SOFTIRQ1,
-D(13)   KM_TYPE_NR
-};
+#include <asm-generic/kmap_types.h>
 
-#undef D
+#undef __WITH_KM_FENCE
 
 #endif /* _ASM_X86_KMAP_TYPES_H */
diff --git a/arch/x86/include/asm/kmemcheck.h b/arch/x86/include/asm/kmemcheck.h
new file mode 100644
index 000000000000..ed01518f297e
--- /dev/null
+++ b/arch/x86/include/asm/kmemcheck.h
@@ -0,0 +1,42 @@
+#ifndef ASM_X86_KMEMCHECK_H
+#define ASM_X86_KMEMCHECK_H
+
+#include <linux/types.h>
+#include <asm/ptrace.h>
+
+#ifdef CONFIG_KMEMCHECK
+bool kmemcheck_active(struct pt_regs *regs);
+
+void kmemcheck_show(struct pt_regs *regs);
+void kmemcheck_hide(struct pt_regs *regs);
+
+bool kmemcheck_fault(struct pt_regs *regs,
+        unsigned long address, unsigned long error_code);
+bool kmemcheck_trap(struct pt_regs *regs);
+#else
+static inline bool kmemcheck_active(struct pt_regs *regs)
+{
+        return false;
+}
+
+static inline void kmemcheck_show(struct pt_regs *regs)
+{
+}
+
+static inline void kmemcheck_hide(struct pt_regs *regs)
+{
+}
+
+static inline bool kmemcheck_fault(struct pt_regs *regs,
+        unsigned long address, unsigned long error_code)
+{
+        return false;
+}
+
+static inline bool kmemcheck_trap(struct pt_regs *regs)
+{
+        return false;
+}
+#endif /* CONFIG_KMEMCHECK */
+
+#endif
diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
index 18ef7ebf2631..3cc06e3fceb8 100644
--- a/arch/x86/include/asm/pgtable.h
+++ b/arch/x86/include/asm/pgtable.h
@@ -317,6 +317,11 @@ static inline int pte_present(pte_t a)
         return pte_flags(a) & (_PAGE_PRESENT | _PAGE_PROTNONE);
 }
 
+static inline int pte_hidden(pte_t pte)
+{
+        return pte_flags(pte) & _PAGE_HIDDEN;
+}
+
 static inline int pmd_present(pmd_t pmd)
 {
         return pmd_flags(pmd) & _PAGE_PRESENT;
diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h
index 4d258ad76a0f..54cb697f4900 100644
--- a/arch/x86/include/asm/pgtable_types.h
+++ b/arch/x86/include/asm/pgtable_types.h
@@ -18,7 +18,7 @@
 #define _PAGE_BIT_GLOBAL        8       /* Global TLB entry PPro+ */
 #define _PAGE_BIT_UNUSED1       9       /* available for programmer */
 #define _PAGE_BIT_IOMAP         10      /* flag used to indicate IO mapping */
-#define _PAGE_BIT_UNUSED3       11
+#define _PAGE_BIT_HIDDEN        11      /* hidden by kmemcheck */
 #define _PAGE_BIT_PAT_LARGE     12      /* On 2MB or 1GB pages */
 #define _PAGE_BIT_SPECIAL       _PAGE_BIT_UNUSED1
 #define _PAGE_BIT_CPA_TEST      _PAGE_BIT_UNUSED1
@@ -41,13 +41,18 @@
 #define _PAGE_GLOBAL    (_AT(pteval_t, 1) << _PAGE_BIT_GLOBAL)
 #define _PAGE_UNUSED1   (_AT(pteval_t, 1) << _PAGE_BIT_UNUSED1)
 #define _PAGE_IOMAP     (_AT(pteval_t, 1) << _PAGE_BIT_IOMAP)
-#define _PAGE_UNUSED3   (_AT(pteval_t, 1) << _PAGE_BIT_UNUSED3)
 #define _PAGE_PAT       (_AT(pteval_t, 1) << _PAGE_BIT_PAT)
 #define _PAGE_PAT_LARGE (_AT(pteval_t, 1) << _PAGE_BIT_PAT_LARGE)
 #define _PAGE_SPECIAL   (_AT(pteval_t, 1) << _PAGE_BIT_SPECIAL)
 #define _PAGE_CPA_TEST  (_AT(pteval_t, 1) << _PAGE_BIT_CPA_TEST)
 #define __HAVE_ARCH_PTE_SPECIAL
 
+#ifdef CONFIG_KMEMCHECK
+#define _PAGE_HIDDEN    (_AT(pteval_t, 1) << _PAGE_BIT_HIDDEN)
+#else
+#define _PAGE_HIDDEN    (_AT(pteval_t, 0))
+#endif
+
 #if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
 #define _PAGE_NX        (_AT(pteval_t, 1) << _PAGE_BIT_NX)
 #else
diff --git a/arch/x86/include/asm/string_32.h b/arch/x86/include/asm/string_32.h
index 0e0e3ba827f7..c86f452256de 100644
--- a/arch/x86/include/asm/string_32.h
+++ b/arch/x86/include/asm/string_32.h
@@ -177,10 +177,18 @@ static inline void *__memcpy3d(void *to, const void *from, size_t len)
  *      No 3D Now!
  */
 
+#ifndef CONFIG_KMEMCHECK
 #define memcpy(t, f, n)                         \
         (__builtin_constant_p((n))              \
          ? __constant_memcpy((t), (f), (n))     \
          : __memcpy((t), (f), (n)))
+#else
+/*
+ * kmemcheck becomes very happy if we use the REP instructions unconditionally,
+ * because it means that we know both memory operands in advance.
+ */
+#define memcpy(t, f, n) __memcpy((t), (f), (n))
+#endif
 
 #endif
 
diff --git a/arch/x86/include/asm/string_64.h b/arch/x86/include/asm/string_64.h
index 2afe164bf1e6..19e2c468fc2c 100644
--- a/arch/x86/include/asm/string_64.h
+++ b/arch/x86/include/asm/string_64.h
@@ -27,6 +27,7 @@ static __always_inline void *__inline_memcpy(void *to, const void *from, size_t
    function. */
 
 #define __HAVE_ARCH_MEMCPY 1
+#ifndef CONFIG_KMEMCHECK
 #if (__GNUC__ == 4 && __GNUC_MINOR__ >= 3) || __GNUC__ > 4
 extern void *memcpy(void *to, const void *from, size_t len);
 #else
@@ -42,6 +43,13 @@ extern void *__memcpy(void *to, const void *from, size_t len);
         __ret;                                                  \
 })
 #endif
+#else
+/*
+ * kmemcheck becomes very happy if we use the REP instructions unconditionally,
+ * because it means that we know both memory operands in advance.
+ */
+#define memcpy(dst, src, len) __inline_memcpy((dst), (src), (len))
+#endif
 
 #define __HAVE_ARCH_MEMSET
 void *memset(void *s, int c, size_t n);
diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
index 602c769fc98c..b0783520988b 100644
--- a/arch/x86/include/asm/thread_info.h
+++ b/arch/x86/include/asm/thread_info.h
@@ -154,9 +154,9 @@ struct thread_info {
 
 /* thread information allocation */
 #ifdef CONFIG_DEBUG_STACK_USAGE
-#define THREAD_FLAGS (GFP_KERNEL | __GFP_ZERO)
+#define THREAD_FLAGS (GFP_KERNEL | __GFP_NOTRACK | __GFP_ZERO)
 #else
-#define THREAD_FLAGS GFP_KERNEL
+#define THREAD_FLAGS (GFP_KERNEL | __GFP_NOTRACK)
 #endif
 
 #define __HAVE_ARCH_THREAD_INFO_ALLOCATOR
diff --git a/arch/x86/include/asm/timex.h b/arch/x86/include/asm/timex.h
index b5c9d45c981f..1375cfc93960 100644
--- a/arch/x86/include/asm/timex.h
+++ b/arch/x86/include/asm/timex.h
@@ -4,9 +4,7 @@
 #include <asm/processor.h>
 #include <asm/tsc.h>
 
-/* The PIT ticks at this frequency (in HZ): */
-#define PIT_TICK_RATE           1193182
-
+/* Assume we use the PIT time source for the clock tick */
 #define CLOCK_TICK_RATE         PIT_TICK_RATE
 
 #define ARCH_HAS_READ_CURRENT_TIMER
diff --git a/arch/x86/include/asm/xor.h b/arch/x86/include/asm/xor.h
index 11b3bb86e17b..7fcf6f3dbcc3 100644
--- a/arch/x86/include/asm/xor.h
+++ b/arch/x86/include/asm/xor.h
@@ -1,5 +1,10 @@
+#ifdef CONFIG_KMEMCHECK
+/* kmemcheck doesn't handle MMX/SSE/SSE2 instructions */
+# include <asm-generic/xor.h>
+#else
 #ifdef CONFIG_X86_32
 # include "xor_32.h"
 #else
 # include "xor_64.h"
 #endif
+#endif
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 3ffdcfa9abdf..9fa33886c0d7 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -487,7 +487,6 @@ out:
 static void __cpuinit get_cpu_vendor(struct cpuinfo_x86 *c)
 {
         char *v = c->x86_vendor_id;
-        static int printed;
         int i;
 
         for (i = 0; i < X86_VENDOR_NUM; i++) {
@@ -504,13 +503,9 @@ static void __cpuinit get_cpu_vendor(struct cpuinfo_x86 *c)
                 }
         }
 
-        if (!printed) {
-                printed++;
-                printk(KERN_ERR
-                    "CPU: vendor_id '%s' unknown, using generic init.\n", v);
-
-                printk(KERN_ERR "CPU: Your system may be unstable.\n");
-        }
+        printk_once(KERN_ERR
+                        "CPU: vendor_id '%s' unknown, using generic init.\n" \
+                        "CPU: Your system may be unstable.\n", v);
 
         c->x86_vendor = X86_VENDOR_UNKNOWN;
         this_cpu = &default_cpu;
diff --git a/arch/x86/kernel/cpu/cpufreq/powernow-k8.c b/arch/x86/kernel/cpu/cpufreq/powernow-k8.c
index cf52215d9eb1..81cbe64ed6b4 100644
--- a/arch/x86/kernel/cpu/cpufreq/powernow-k8.c
+++ b/arch/x86/kernel/cpu/cpufreq/powernow-k8.c
@@ -1,3 +1,4 @@
+
 /*
  *   (c) 2003-2006 Advanced Micro Devices, Inc.
  *  Your use of this code is subject to the terms and conditions of the
@@ -117,20 +118,17 @@ static int query_current_values_with_pending_wait(struct powernow_k8_data *data)
         u32 i = 0;
 
         if (cpu_family == CPU_HW_PSTATE) {
-                if (data->currpstate == HW_PSTATE_INVALID) {
-                        /* read (initial) hw pstate if not yet set */
-                        rdmsr(MSR_PSTATE_STATUS, lo, hi);
-                        i = lo & HW_PSTATE_MASK;
-
-                        /*
-                         * a workaround for family 11h erratum 311 might cause
-                         * an "out-of-range Pstate if the core is in Pstate-0
-                         */
-                        if (i >= data->numps)
-                                data->currpstate = HW_PSTATE_0;
-                        else
-                                data->currpstate = i;
-                }
+                rdmsr(MSR_PSTATE_STATUS, lo, hi);
+                i = lo & HW_PSTATE_MASK;
+                data->currpstate = i;
+
+                /*
+                 * a workaround for family 11h erratum 311 might cause
+                 * an "out-of-range Pstate if the core is in Pstate-0
+                 */
+                if ((boot_cpu_data.x86 == 0x11) && (i >= data->numps))
+                        data->currpstate = HW_PSTATE_0;
+
                 return 0;
         }
         do {
@@ -510,41 +508,34 @@ static int core_voltage_post_transition(struct powernow_k8_data *data,
         return 0;
 }
 
-static int check_supported_cpu(unsigned int cpu)
+static void check_supported_cpu(void *_rc)
 {
-        cpumask_t oldmask;
         u32 eax, ebx, ecx, edx;
-        unsigned int rc = 0;
-
-        oldmask = current->cpus_allowed;
-        set_cpus_allowed_ptr(current, &cpumask_of_cpu(cpu));
+        int *rc = _rc;
 
-        if (smp_processor_id() != cpu) {
-                printk(KERN_ERR PFX "limiting to cpu %u failed\n", cpu);
-                goto out;
-        }
+        *rc = -ENODEV;
 
         if (current_cpu_data.x86_vendor != X86_VENDOR_AMD)
-                goto out;
+                return;
 
         eax = cpuid_eax(CPUID_PROCESSOR_SIGNATURE);
         if (((eax & CPUID_XFAM) != CPUID_XFAM_K8) &&
             ((eax & CPUID_XFAM) < CPUID_XFAM_10H))
-                goto out;
+                return;
 
         if ((eax & CPUID_XFAM) == CPUID_XFAM_K8) {
                 if (((eax & CPUID_USE_XFAM_XMOD) != CPUID_USE_XFAM_XMOD) ||
                     ((eax & CPUID_XMOD) > CPUID_XMOD_REV_MASK)) {
                         printk(KERN_INFO PFX
                                 "Processor cpuid %x not supported\n", eax);
-                        goto out;
+                        return;
                 }
 
                 eax = cpuid_eax(CPUID_GET_MAX_CAPABILITIES);
                 if (eax < CPUID_FREQ_VOLT_CAPABILITIES) {
                         printk(KERN_INFO PFX
                                "No frequency change capabilities detected\n");
-                        goto out;
+                        return;
                 }
 
                 cpuid(CPUID_FREQ_VOLT_CAPABILITIES, &eax, &ebx, &ecx, &edx);
@@ -552,21 +543,17 @@ static int check_supported_cpu(unsigned int cpu)
                         != P_STATE_TRANSITION_CAPABLE) {
                         printk(KERN_INFO PFX
                                 "Power state transitions not supported\n");
-                        goto out;
+                        return;
                 }
         } else { /* must be a HW Pstate capable processor */
                 cpuid(CPUID_FREQ_VOLT_CAPABILITIES, &eax, &ebx, &ecx, &edx);
                 if ((edx & USE_HW_PSTATE) == USE_HW_PSTATE)
                         cpu_family = CPU_HW_PSTATE;
                 else
-                        goto out;
+                        return;
         }
 
-        rc = 1;
-
-out:
-        set_cpus_allowed_ptr(current, &oldmask);
-        return rc;
+        *rc = 0;
 }
 
 static int check_pst_table(struct powernow_k8_data *data, struct pst_s *pst,
@@ -823,13 +810,14 @@ static void powernow_k8_acpi_pst_values(struct powernow_k8_data *data,
         if (!data->acpi_data.state_count || (cpu_family == CPU_HW_PSTATE))
                 return;
 
-        control = data->acpi_data.states[index].control; data->irt = (control
-                        >> IRT_SHIFT) & IRT_MASK; data->rvo = (control >>
-                                RVO_SHIFT) & RVO_MASK; data->exttype = (control
-                                        >> EXT_TYPE_SHIFT) & EXT_TYPE_MASK;
-        data->plllock = (control >> PLL_L_SHIFT) & PLL_L_MASK; data->vidmvs = 1
-                << ((control >> MVS_SHIFT) & MVS_MASK); data->vstable =
-                (control >> VST_SHIFT) & VST_MASK; }
+        control = data->acpi_data.states[index].control;
+        data->irt = (control >> IRT_SHIFT) & IRT_MASK;
+        data->rvo = (control >> RVO_SHIFT) & RVO_MASK;
+        data->exttype = (control >> EXT_TYPE_SHIFT) & EXT_TYPE_MASK;
+        data->plllock = (control >> PLL_L_SHIFT) & PLL_L_MASK;
+        data->vidmvs = 1 << ((control >> MVS_SHIFT) & MVS_MASK);
+        data->vstable = (control >> VST_SHIFT) & VST_MASK;
+}
 
 static int powernow_k8_cpu_init_acpi(struct powernow_k8_data *data)
 {
@@ -1046,6 +1034,19 @@ static int get_transition_latency(struct powernow_k8_data *data)
                 if (cur_latency > max_latency)
                         max_latency = cur_latency;
         }
+        if (max_latency == 0) {
+                /*
+                 * Fam 11h always returns 0 as transition latency.
+                 * This is intended and means "very fast". While cpufreq core
+                 * and governors currently can handle that gracefully, better
+                 * set it to 1 to avoid problems in the future.
+                 * For all others it's a BIOS bug.
+                 */
+                if (!boot_cpu_data.x86 == 0x11)
+                        printk(KERN_ERR FW_WARN PFX "Invalid zero transition "
+                                "latency\n");
+                max_latency = 1;
+        }
         /* value in usecs, needs to be in nanoseconds */
         return 1000 * max_latency;
 }
@@ -1093,7 +1094,7 @@ static int transition_frequency_fidvid(struct powernow_k8_data *data,
         freqs.old = find_khz_freq_from_fid(data->currfid);
         freqs.new = find_khz_freq_from_fid(fid);
 
-        for_each_cpu_mask_nr(i, *(data->available_cores)) {
+        for_each_cpu(i, data->available_cores) {
                 freqs.cpu = i;
                 cpufreq_notify_transition(&freqs, CPUFREQ_PRECHANGE);
         }
@@ -1101,7 +1102,7 @@ static int transition_frequency_fidvid(struct powernow_k8_data *data,
         res = transition_fid_vid(data, fid, vid);
         freqs.new = find_khz_freq_from_fid(data->currfid);
 
-        for_each_cpu_mask_nr(i, *(data->available_cores)) {
+        for_each_cpu(i, data->available_cores) {
                 freqs.cpu = i;
                 cpufreq_notify_transition(&freqs, CPUFREQ_POSTCHANGE);
         }
@@ -1126,7 +1127,7 @@ static int transition_frequency_pstate(struct powernow_k8_data *data,
                         data->currpstate);
         freqs.new = find_khz_freq_from_pstate(data->powernow_table, pstate);
 
-        for_each_cpu_mask_nr(i, *(data->available_cores)) {
+        for_each_cpu(i, data->available_cores) {
                 freqs.cpu = i;
                 cpufreq_notify_transition(&freqs, CPUFREQ_PRECHANGE);
         }
@@ -1134,7 +1135,7 @@ static int transition_frequency_pstate(struct powernow_k8_data *data,
         res = transition_pstate(data, pstate);
         freqs.new = find_khz_freq_from_pstate(data->powernow_table, pstate);
 
-        for_each_cpu_mask_nr(i, *(data->available_cores)) {
+        for_each_cpu(i, data->available_cores) {
                 freqs.cpu = i;
                 cpufreq_notify_transition(&freqs, CPUFREQ_POSTCHANGE);
         }
@@ -1235,21 +1236,47 @@ static int powernowk8_verify(struct cpufreq_policy *pol)
         return cpufreq_frequency_table_verify(pol, data->powernow_table);
 }
 
-static const char ACPI_PSS_BIOS_BUG_MSG[] =
-        KERN_ERR FW_BUG PFX "No compatible ACPI _PSS objects found.\n"
-        KERN_ERR FW_BUG PFX "Try again with latest BIOS.\n";
+struct init_on_cpu {
+        struct powernow_k8_data *data;
+        int rc;
+};
+
+static void __cpuinit powernowk8_cpu_init_on_cpu(void *_init_on_cpu)
+{
+        struct init_on_cpu *init_on_cpu = _init_on_cpu;
+
+        if (pending_bit_stuck()) {
+                printk(KERN_ERR PFX "failing init, change pending bit set\n");
+                init_on_cpu->rc = -ENODEV;
+                return;
+        }
+
+        if (query_current_values_with_pending_wait(init_on_cpu->data)) {
+                init_on_cpu->rc = -ENODEV;
+                return;
+        }
+
+        if (cpu_family == CPU_OPTERON)
+                fidvid_msr_init();
+
+        init_on_cpu->rc = 0;
+}
 
 /* per CPU init entry point to the driver */
 static int __cpuinit powernowk8_cpu_init(struct cpufreq_policy *pol)
 {
+        static const char ACPI_PSS_BIOS_BUG_MSG[] =
+                KERN_ERR FW_BUG PFX "No compatible ACPI _PSS objects found.\n"
+                KERN_ERR FW_BUG PFX "Try again with latest BIOS.\n";
         struct powernow_k8_data *data;
-        cpumask_t oldmask;
+        struct init_on_cpu init_on_cpu;
         int rc;
 
         if (!cpu_online(pol->cpu))
                 return -ENODEV;
 
-        if (!check_supported_cpu(pol->cpu))
+        smp_call_function_single(pol->cpu, check_supported_cpu, &rc, 1);
+        if (rc)
                 return -ENODEV;
 
         data = kzalloc(sizeof(struct powernow_k8_data), GFP_KERNEL);
@@ -1289,27 +1316,12 @@ static int __cpuinit powernowk8_cpu_init(struct cpufreq_policy *pol)
                 pol->cpuinfo.transition_latency = get_transition_latency(data);
 
         /* only run on specific CPU from here on */
-        oldmask = current->cpus_allowed;
-        set_cpus_allowed_ptr(current, &cpumask_of_cpu(pol->cpu));
-
-        if (smp_processor_id() != pol->cpu) {
-                printk(KERN_ERR PFX "limiting to cpu %u failed\n", pol->cpu);
-                goto err_out_unmask;
-        }
-
-        if (pending_bit_stuck()) {
-                printk(KERN_ERR PFX "failing init, change pending bit set\n");
-                goto err_out_unmask;
-        }
-
-        if (query_current_values_with_pending_wait(data))
-                goto err_out_unmask;
-
-        if (cpu_family == CPU_OPTERON)
-                fidvid_msr_init();
-
-        /* run on any CPU again */
-        set_cpus_allowed_ptr(current, &oldmask);
+        init_on_cpu.data = data;
+        smp_call_function_single(data->cpu, powernowk8_cpu_init_on_cpu,
+                                 &init_on_cpu, 1);
+        rc = init_on_cpu.rc;
+        if (rc != 0)
+                goto err_out_exit_acpi;
 
         if (cpu_family == CPU_HW_PSTATE)
                 cpumask_copy(pol->cpus, cpumask_of(pol->cpu));
@@ -1346,8 +1358,7 @@ static int __cpuinit powernowk8_cpu_init(struct cpufreq_policy *pol)
 
         return 0;
 
-err_out_unmask:
-        set_cpus_allowed_ptr(current, &oldmask);
+err_out_exit_acpi:
         powernow_k8_cpu_exit_acpi(data);
 
 err_out:
@@ -1372,28 +1383,25 @@ static int __devexit powernowk8_cpu_exit(struct cpufreq_policy *pol)
         return 0;
 }
 
+static void query_values_on_cpu(void *_err)
+{
+        int *err = _err;
+        struct powernow_k8_data *data = __get_cpu_var(powernow_data);
+
+        *err = query_current_values_with_pending_wait(data);
+}
+
 static unsigned int powernowk8_get(unsigned int cpu)
 {
-        struct powernow_k8_data *data;
-        cpumask_t oldmask = current->cpus_allowed;
+        struct powernow_k8_data *data = per_cpu(powernow_data, cpu);
         unsigned int khz = 0;
-        unsigned int first;
-
-        first = cpumask_first(cpu_core_mask(cpu));
-        data = per_cpu(powernow_data, first);
+        int err;
 
         if (!data)
                 return -EINVAL;
 
-        set_cpus_allowed_ptr(current, &cpumask_of_cpu(cpu));
-        if (smp_processor_id() != cpu) {
-                printk(KERN_ERR PFX
-                        "limiting to CPU %d failed in powernowk8_get\n", cpu);
-                set_cpus_allowed_ptr(current, &oldmask);
-                return 0;
-        }
-
-        if (query_current_values_with_pending_wait(data))
+        smp_call_function_single(cpu, query_values_on_cpu, &err, true);
+        if (err)
                 goto out;
 
         if (cpu_family == CPU_HW_PSTATE)
@@ -1404,7 +1412,6 @@ static unsigned int powernowk8_get(unsigned int cpu)
 
 
 out:
-        set_cpus_allowed_ptr(current, &oldmask);
         return khz;
 }
 
@@ -1430,7 +1437,9 @@ static int __cpuinit powernowk8_init(void)
         unsigned int i, supported_cpus = 0;
 
         for_each_online_cpu(i) {
-                if (check_supported_cpu(i))
+                int rc;
+                smp_call_function_single(i, check_supported_cpu, &rc, 1);
+                if (rc == 0)
                         supported_cpus++;
         }
 
diff --git a/arch/x86/kernel/cpu/cpufreq/powernow-k8.h b/arch/x86/kernel/cpu/cpufreq/powernow-k8.h
index 6c6698feade1..c9c1190b5e1f 100644
--- a/arch/x86/kernel/cpu/cpufreq/powernow-k8.h
+++ b/arch/x86/kernel/cpu/cpufreq/powernow-k8.h
@@ -223,14 +223,3 @@ static void powernow_k8_acpi_pst_values(struct powernow_k8_data *data, unsigned
 
 static int fill_powernow_table_pstate(struct powernow_k8_data *data, struct cpufreq_frequency_table *powernow_table);
 static int fill_powernow_table_fidvid(struct powernow_k8_data *data, struct cpufreq_frequency_table *powernow_table);
-
-#ifdef CONFIG_SMP
-static inline void define_siblings(int cpu, cpumask_t cpu_sharedcore_mask[])
-{
-}
-#else
-static inline void define_siblings(int cpu, cpumask_t cpu_sharedcore_mask[])
-{
-        cpu_set(0, cpu_sharedcore_mask[0]);
-}
-#endif
diff --git a/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c b/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c
index 55c831ed71ce..8d672ef162ce 100644
--- a/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c
+++ b/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c
@@ -323,14 +323,8 @@ static unsigned int get_cur_freq(unsigned int cpu)
 {
         unsigned l, h;
         unsigned clock_freq;
-        cpumask_t saved_mask;
 
-        saved_mask = current->cpus_allowed;
-        set_cpus_allowed_ptr(current, &cpumask_of_cpu(cpu));
-        if (smp_processor_id() != cpu)
-                return 0;
-
-        rdmsr(MSR_IA32_PERF_STATUS, l, h);
+        rdmsr_on_cpu(cpu, MSR_IA32_PERF_STATUS, &l, &h);
         clock_freq = extract_clock(l, cpu, 0);
 
         if (unlikely(clock_freq == 0)) {
@@ -340,11 +334,9 @@ static unsigned int get_cur_freq(unsigned int cpu)
                  * P-state transition (like TM2). Get the last freq set 
                  * in PERF_CTL.
                  */
-                rdmsr(MSR_IA32_PERF_CTL, l, h);
+                rdmsr_on_cpu(cpu, MSR_IA32_PERF_CTL, &l, &h);
                 clock_freq = extract_clock(l, cpu, 1);
         }
-
-        set_cpus_allowed_ptr(current, &saved_mask);
         return clock_freq;
 }
 
@@ -467,15 +459,10 @@ static int centrino_target (struct cpufreq_policy *policy,
         struct cpufreq_freqs    freqs;
         int                     retval = 0;
         unsigned int            j, k, first_cpu, tmp;
-        cpumask_var_t saved_mask, covered_cpus;
+        cpumask_var_t covered_cpus;
 
-        if (unlikely(!alloc_cpumask_var(&saved_mask, GFP_KERNEL)))
-                return -ENOMEM;
-        if (unlikely(!zalloc_cpumask_var(&covered_cpus, GFP_KERNEL))) {
-                free_cpumask_var(saved_mask);
+        if (unlikely(!zalloc_cpumask_var(&covered_cpus, GFP_KERNEL)))
                 return -ENOMEM;
-        }
-        cpumask_copy(saved_mask, &current->cpus_allowed);
 
         if (unlikely(per_cpu(centrino_model, cpu) == NULL)) {
                 retval = -ENODEV;
@@ -493,7 +480,7 @@ static int centrino_target (struct cpufreq_policy *policy,
 
         first_cpu = 1;
         for_each_cpu(j, policy->cpus) {
-                const struct cpumask *mask;
+                int good_cpu;
 
                 /* cpufreq holds the hotplug lock, so we are safe here */
                 if (!cpu_online(j))
@@ -504,32 +491,30 @@ static int centrino_target (struct cpufreq_policy *policy,
                  * Make sure we are running on CPU that wants to change freq
                  */
                 if (policy->shared_type == CPUFREQ_SHARED_TYPE_ANY)
-                        mask = policy->cpus;
+                        good_cpu = cpumask_any_and(policy->cpus,
+                                                   cpu_online_mask);
                 else
-                        mask = cpumask_of(j);
+                        good_cpu = j;
 
-                set_cpus_allowed_ptr(current, mask);
-                preempt_disable();
-                if (unlikely(!cpu_isset(smp_processor_id(), *mask))) {
+                if (good_cpu >= nr_cpu_ids) {
                         dprintk("couldn't limit to CPUs in this domain\n");
                         retval = -EAGAIN;
                         if (first_cpu) {
                                 /* We haven't started the transition yet. */
-                                goto migrate_end;
+                                goto out;
                         }
-                        preempt_enable();
                         break;
                 }
 
                 msr = per_cpu(centrino_model, cpu)->op_points[newstate].index;
 
                 if (first_cpu) {
-                        rdmsr(MSR_IA32_PERF_CTL, oldmsr, h);
+                        rdmsr_on_cpu(good_cpu, MSR_IA32_PERF_CTL, &oldmsr, &h);
                         if (msr == (oldmsr & 0xffff)) {
                                 dprintk("no change needed - msr was and needs "
                                         "to be %x\n", oldmsr);
                                 retval = 0;
-                                goto migrate_end;
+                                goto out;
                         }
 
                         freqs.old = extract_clock(oldmsr, cpu, 0);
@@ -553,14 +538,11 @@ static int centrino_target (struct cpufreq_policy *policy,
                         oldmsr |= msr;
                 }
 
-                wrmsr(MSR_IA32_PERF_CTL, oldmsr, h);
-                if (policy->shared_type == CPUFREQ_SHARED_TYPE_ANY) {
-                        preempt_enable();
+                wrmsr_on_cpu(good_cpu, MSR_IA32_PERF_CTL, oldmsr, h);
+                if (policy->shared_type == CPUFREQ_SHARED_TYPE_ANY)
                         break;
-                }
 
-                cpu_set(j, *covered_cpus);
-                preempt_enable();
+                cpumask_set_cpu(j, covered_cpus);
         }
 
         for_each_cpu(k, policy->cpus) {
@@ -578,10 +560,8 @@ static int centrino_target (struct cpufreq_policy *policy,
                  * Best effort undo..
                  */
 
-                for_each_cpu_mask_nr(j, *covered_cpus) {
-                        set_cpus_allowed_ptr(current, &cpumask_of_cpu(j));
-                        wrmsr(MSR_IA32_PERF_CTL, oldmsr, h);
-                }
+                for_each_cpu(j, covered_cpus)
+                        wrmsr_on_cpu(j, MSR_IA32_PERF_CTL, oldmsr, h);
 
                 tmp = freqs.new;
                 freqs.new = freqs.old;
@@ -593,15 +573,9 @@ static int centrino_target (struct cpufreq_policy *policy,
                         cpufreq_notify_transition(&freqs, CPUFREQ_POSTCHANGE);
                 }
         }
-        set_cpus_allowed_ptr(current, saved_mask);
         retval = 0;
-        goto out;
 
-migrate_end:
-        preempt_enable();
-        set_cpus_allowed_ptr(current, saved_mask);
 out:
-        free_cpumask_var(saved_mask);
         free_cpumask_var(covered_cpus);
         return retval;
 }
diff --git a/arch/x86/kernel/cpu/cpufreq/speedstep-ich.c b/arch/x86/kernel/cpu/cpufreq/speedstep-ich.c
index 016c1a4fa3fc..6911e91fb4f6 100644
--- a/arch/x86/kernel/cpu/cpufreq/speedstep-ich.c
+++ b/arch/x86/kernel/cpu/cpufreq/speedstep-ich.c
@@ -89,7 +89,8 @@ static int speedstep_find_register(void)
  * speedstep_set_state - set the SpeedStep state
  * @state: new processor frequency state (SPEEDSTEP_LOW or SPEEDSTEP_HIGH)
  *
- *   Tries to change the SpeedStep state.
+ *   Tries to change the SpeedStep state.  Can be called from
+ *   smp_call_function_single.
  */
 static void speedstep_set_state(unsigned int state)
 {
@@ -143,6 +144,11 @@ static void speedstep_set_state(unsigned int state)
         return;
 }
 
+/* Wrapper for smp_call_function_single. */
+static void _speedstep_set_state(void *_state)
+{
+        speedstep_set_state(*(unsigned int *)_state);
+}
 
 /**
  * speedstep_activate - activate SpeedStep control in the chipset
@@ -226,22 +232,28 @@ static unsigned int speedstep_detect_chipset(void)
         return 0;
 }
 
-static unsigned int _speedstep_get(const struct cpumask *cpus)
-{
+struct get_freq_data {
         unsigned int speed;
-        cpumask_t cpus_allowed;
-
-        cpus_allowed = current->cpus_allowed;
-        set_cpus_allowed_ptr(current, cpus);
-        speed = speedstep_get_frequency(speedstep_processor);
-        set_cpus_allowed_ptr(current, &cpus_allowed);
-        dprintk("detected %u kHz as current frequency\n", speed);
-        return speed;
+        unsigned int processor;
+};
+
+static void get_freq_data(void *_data)
+{
+        struct get_freq_data *data = _data;
+
+        data->speed = speedstep_get_frequency(data->processor);
 }
 
 static unsigned int speedstep_get(unsigned int cpu)
 {
-        return _speedstep_get(cpumask_of(cpu));
+        struct get_freq_data data = { .processor = cpu };
+
+        /* You're supposed to ensure CPU is online. */
+        if (smp_call_function_single(cpu, get_freq_data, &data, 1) != 0)
+                BUG();
+
+        dprintk("detected %u kHz as current frequency\n", data.speed);
+        return data.speed;
 }
 
 /**
@@ -257,16 +269,16 @@ static int speedstep_target(struct cpufreq_policy *policy,
                              unsigned int target_freq,
                              unsigned int relation)
 {
-        unsigned int newstate = 0;
+        unsigned int newstate = 0, policy_cpu;
         struct cpufreq_freqs freqs;
-        cpumask_t cpus_allowed;
         int i;
 
         if (cpufreq_frequency_table_target(policy, &speedstep_freqs[0],
                                 target_freq, relation, &newstate))
                 return -EINVAL;
 
-        freqs.old = _speedstep_get(policy->cpus);
+        policy_cpu = cpumask_any_and(policy->cpus, cpu_online_mask);
+        freqs.old = speedstep_get(policy_cpu);
         freqs.new = speedstep_freqs[newstate].frequency;
         freqs.cpu = policy->cpu;
 
@@ -276,20 +288,13 @@ static int speedstep_target(struct cpufreq_policy *policy,
         if (freqs.old == freqs.new)
                 return 0;
 
-        cpus_allowed = current->cpus_allowed;
-
         for_each_cpu(i, policy->cpus) {
                 freqs.cpu = i;
                 cpufreq_notify_transition(&freqs, CPUFREQ_PRECHANGE);
         }
 
-        /* switch to physical CPU where state is to be changed */
-        set_cpus_allowed_ptr(current, policy->cpus);
-
-        speedstep_set_state(newstate);
-
-        /* allow to be run on all CPUs */
-        set_cpus_allowed_ptr(current, &cpus_allowed);
+        smp_call_function_single(policy_cpu, _speedstep_set_state, &newstate,
+                                 true);
 
         for_each_cpu(i, policy->cpus) {
                 freqs.cpu = i;
@@ -312,33 +317,43 @@ static int speedstep_verify(struct cpufreq_policy *policy)
         return cpufreq_frequency_table_verify(policy, &speedstep_freqs[0]);
 }
 
+struct get_freqs {
+        struct cpufreq_policy *policy;
+        int ret;
+};
+
+static void get_freqs_on_cpu(void *_get_freqs)
+{
+        struct get_freqs *get_freqs = _get_freqs;
+
+        get_freqs->ret =
+                speedstep_get_freqs(speedstep_processor,
+                            &speedstep_freqs[SPEEDSTEP_LOW].frequency,
+                            &speedstep_freqs[SPEEDSTEP_HIGH].frequency,
+                            &get_freqs->policy->cpuinfo.transition_latency,
+                            &speedstep_set_state);
+}
 
 static int speedstep_cpu_init(struct cpufreq_policy *policy)
 {
-        int result = 0;
-        unsigned int speed;
-        cpumask_t cpus_allowed;
+        int result;
+        unsigned int policy_cpu, speed;
+        struct get_freqs gf;
 
         /* only run on CPU to be set, or on its sibling */
 #ifdef CONFIG_SMP
         cpumask_copy(policy->cpus, cpu_sibling_mask(policy->cpu));
 #endif
-
-        cpus_allowed = current->cpus_allowed;
-        set_cpus_allowed_ptr(current, policy->cpus);
+        policy_cpu = cpumask_any_and(policy->cpus, cpu_online_mask);
 
         /* detect low and high frequency and transition latency */
-        result = speedstep_get_freqs(speedstep_processor,
-                                     &speedstep_freqs[SPEEDSTEP_LOW].frequency,
-                                     &speedstep_freqs[SPEEDSTEP_HIGH].frequency,
-                                     &policy->cpuinfo.transition_latency,
-                                     &speedstep_set_state);
-        set_cpus_allowed_ptr(current, &cpus_allowed);
-        if (result)
-                return result;
+        gf.policy = policy;
+        smp_call_function_single(policy_cpu, get_freqs_on_cpu, &gf, 1);
+        if (gf.ret)
+                return gf.ret;
 
         /* get current speed setting */
-        speed = _speedstep_get(policy->cpus);
+        speed = speedstep_get(policy_cpu);
         if (!speed)
                 return -EIO;
 
diff --git a/arch/x86/kernel/cpu/cpufreq/speedstep-lib.c b/arch/x86/kernel/cpu/cpufreq/speedstep-lib.c
index 2e3c6862657b..f4c290b8482f 100644
--- a/arch/x86/kernel/cpu/cpufreq/speedstep-lib.c
+++ b/arch/x86/kernel/cpu/cpufreq/speedstep-lib.c
@@ -226,6 +226,7 @@ static unsigned int pentium4_get_frequency(void)
 }
 
 
+/* Warning: may get called from smp_call_function_single. */
 unsigned int speedstep_get_frequency(unsigned int processor)
 {
         switch (processor) {
diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index daed39ba2614..3260ab044996 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -86,6 +86,29 @@ static void __cpuinit early_init_intel(struct cpuinfo_x86 *c)
          */
         if (c->x86 == 6 && c->x86_model < 15)
                 clear_cpu_cap(c, X86_FEATURE_PAT);
+
+#ifdef CONFIG_KMEMCHECK
+        /*
+         * P4s have a "fast strings" feature which causes single-
+         * stepping REP instructions to only generate a #DB on
+         * cache-line boundaries.
+         *
+         * Ingo Molnar reported a Pentium D (model 6) and a Xeon
+         * (model 2) with the same problem.
+         */
+        if (c->x86 == 15) {
+                u64 misc_enable;
+
+                rdmsrl(MSR_IA32_MISC_ENABLE, misc_enable);
+
+                if (misc_enable & MSR_IA32_MISC_ENABLE_FAST_STRING) {
+                        printk(KERN_INFO "kmemcheck: Disabling fast string operations\n");
+
+                        misc_enable &= ~MSR_IA32_MISC_ENABLE_FAST_STRING;
+                        wrmsrl(MSR_IA32_MISC_ENABLE, misc_enable);
+                }
+        }
+#endif
 }
 
 #ifdef CONFIG_X86_32
diff --git a/arch/x86/kernel/cpuid.c b/arch/x86/kernel/cpuid.c
index 2ac1f0c2beb3..b07af8861244 100644
--- a/arch/x86/kernel/cpuid.c
+++ b/arch/x86/kernel/cpuid.c
@@ -182,6 +182,11 @@ static struct notifier_block __refdata cpuid_class_cpu_notifier =
         .notifier_call = cpuid_class_cpu_callback,
 };
 
+static char *cpuid_nodename(struct device *dev)
+{
+        return kasprintf(GFP_KERNEL, "cpu/%u/cpuid", MINOR(dev->devt));
+}
+
 static int __init cpuid_init(void)
 {
         int i, err = 0;
@@ -198,6 +203,7 @@ static int __init cpuid_init(void)
                 err = PTR_ERR(cpuid_class);
                 goto out_chrdev;
         }
+        cpuid_class->nodename = cpuid_nodename;
         for_each_online_cpu(i) {
                 err = cpuid_device_create(i);
                 if (err != 0)
diff --git a/arch/x86/kernel/i8253.c b/arch/x86/kernel/i8253.c
index c2e0bb0890d4..5cf36c053ac4 100644
--- a/arch/x86/kernel/i8253.c
+++ b/arch/x86/kernel/i8253.c
@@ -7,6 +7,7 @@
 #include <linux/spinlock.h>
 #include <linux/jiffies.h>
 #include <linux/module.h>
+#include <linux/timex.h>
 #include <linux/delay.h>
 #include <linux/init.h>
 #include <linux/io.h>
diff --git a/arch/x86/kernel/init_task.c b/arch/x86/kernel/init_task.c
index df3bf269beab..270ff83efc11 100644
--- a/arch/x86/kernel/init_task.c
+++ b/arch/x86/kernel/init_task.c
@@ -12,7 +12,6 @@
 
 static struct signal_struct init_signals = INIT_SIGNALS(init_signals);
 static struct sighand_struct init_sighand = INIT_SIGHAND(init_sighand);
-struct mm_struct init_mm = INIT_MM(init_mm);
 
 /*
  * Initial thread structure.
diff --git a/arch/x86/kernel/microcode_core.c b/arch/x86/kernel/microcode_core.c
index 9c4461501fcb..9371448290ac 100644
--- a/arch/x86/kernel/microcode_core.c
+++ b/arch/x86/kernel/microcode_core.c
@@ -236,6 +236,7 @@ static const struct file_operations microcode_fops = {
 static struct miscdevice microcode_dev = {
         .minor                  = MICROCODE_MINOR,
         .name                   = "microcode",
+        .devnode                = "cpu/microcode",
         .fops                   = &microcode_fops,
 };
 
diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
index 3cf3413ec626..98fd6cd4e3a4 100644
--- a/arch/x86/kernel/msr.c
+++ b/arch/x86/kernel/msr.c
@@ -196,6 +196,11 @@ static struct notifier_block __refdata msr_class_cpu_notifier = {
         .notifier_call = msr_class_cpu_callback,
 };
 
+static char *msr_nodename(struct device *dev)
+{
+        return kasprintf(GFP_KERNEL, "cpu/%u/msr", MINOR(dev->devt));
+}
+
 static int __init msr_init(void)
 {
         int i, err = 0;
@@ -212,6 +217,7 @@ static int __init msr_init(void)
                 err = PTR_ERR(msr_class);
                 goto out_chrdev;
         }
+        msr_class->nodename = msr_nodename;
         for_each_online_cpu(i) {
                 err = msr_device_create(i);
                 if (err != 0)
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
index 3bb2be1649bd..994dd6a4a2a0 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -63,7 +63,7 @@ void arch_task_cache_init(void)
         task_xstate_cachep =
                 kmem_cache_create("task_xstate", xstate_size,
                                   __alignof__(union thread_xstate),
-                                  SLAB_PANIC, NULL);
+                                  SLAB_PANIC | SLAB_NOTRACK, NULL);
 }
 
 /*
diff --git a/arch/x86/kernel/stacktrace.c b/arch/x86/kernel/stacktrace.c
index 4aaf7e48394f..c3eb207181fe 100644
--- a/arch/x86/kernel/stacktrace.c
+++ b/arch/x86/kernel/stacktrace.c
@@ -77,6 +77,13 @@ void save_stack_trace(struct stack_trace *trace)
 }
 EXPORT_SYMBOL_GPL(save_stack_trace);
 
+void save_stack_trace_bp(struct stack_trace *trace, unsigned long bp)
+{
+        dump_trace(current, NULL, NULL, bp, &save_stack_ops, trace);
+        if (trace->nr_entries < trace->max_entries)
+                trace->entries[trace->nr_entries++] = ULONG_MAX;
+}
+
 void save_stack_trace_tsk(struct task_struct *tsk, struct stack_trace *trace)
 {
         dump_trace(tsk, NULL, NULL, 0, &save_stack_ops_nosched, trace);
diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
index 1e1e27b7d438..5f935f0d5861 100644
--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
@@ -45,6 +45,7 @@
 #include <linux/edac.h>
 #endif
 
+#include <asm/kmemcheck.h>
 #include <asm/stacktrace.h>
 #include <asm/processor.h>
 #include <asm/debugreg.h>
@@ -534,6 +535,10 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
 
         get_debugreg(condition, 6);
 
+        /* Catch kmemcheck conditions first of all! */
+        if (condition & DR_STEP && kmemcheck_trap(regs))
+                return;
+
         /*
          * The processor cleared BTF, so don't mark that we need it set.
          */
diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c
index 3e1c057e98fe..b0597ad02c93 100644
--- a/arch/x86/kernel/tsc.c
+++ b/arch/x86/kernel/tsc.c
@@ -9,6 +9,7 @@
 #include <linux/delay.h>
 #include <linux/clocksource.h>
 #include <linux/percpu.h>
+#include <linux/timex.h>
 
 #include <asm/hpet.h>
 #include <asm/timer.h>
@@ -631,17 +632,15 @@ static int time_cpufreq_notifier(struct notifier_block *nb, unsigned long val,
                                 void *data)
 {
         struct cpufreq_freqs *freq = data;
-        unsigned long *lpj, dummy;
+        unsigned long *lpj;
 
         if (cpu_has(&cpu_data(freq->cpu), X86_FEATURE_CONSTANT_TSC))
                 return 0;
 
-        lpj = &dummy;
-        if (!(freq->flags & CPUFREQ_CONST_LOOPS))
+        lpj = &boot_cpu_data.loops_per_jiffy;
 #ifdef CONFIG_SMP
+        if (!(freq->flags & CPUFREQ_CONST_LOOPS))
                 lpj = &cpu_data(freq->cpu).loops_per_jiffy;
-#else
-        lpj = &boot_cpu_data.loops_per_jiffy;
 #endif
 
         if (!ref_freq) {
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 32d6ae8fb60e..e770bf349ec4 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -1277,7 +1277,7 @@ static struct vmcs *alloc_vmcs_cpu(int cpu)
         struct page *pages;
         struct vmcs *vmcs;
 
-        pages = alloc_pages_node(node, GFP_KERNEL, vmcs_config.order);
+        pages = alloc_pages_exact_node(node, GFP_KERNEL, vmcs_config.order);
         if (!pages)
                 return NULL;
         vmcs = page_address(pages);
diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile
index fdd30d08ab52..eefdeee8a871 100644
--- a/arch/x86/mm/Makefile
+++ b/arch/x86/mm/Makefile
@@ -10,6 +10,8 @@ obj-$(CONFIG_X86_PTDUMP)	+= dump_pagetables.o
 
 obj-$(CONFIG_HIGHMEM)           += highmem_32.o
 
+obj-$(CONFIG_KMEMCHECK)         += kmemcheck/
+
 obj-$(CONFIG_MMIOTRACE)         += mmiotrace.o
 mmiotrace-y                     := kmmio.o pf_in.o mmio-mod.o
 obj-$(CONFIG_MMIOTRACE_TEST)    += testmmiotrace.o
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index c6acc6326374..baa0e86adfbc 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -14,6 +14,7 @@
 
 #include <asm/traps.h>                  /* dotraplinkage, ...           */
 #include <asm/pgalloc.h>                /* pgd_*(), ...                 */
+#include <asm/kmemcheck.h>              /* kmemcheck_*(), ...           */
 
 /*
  * Page fault error code bits:
@@ -956,6 +957,13 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code)
         /* Get the faulting address: */
         address = read_cr2();
 
+        /*
+         * Detect and handle instructions that would cause a page fault for
+         * both a tracked kernel page and a userspace page.
+         */
+        if (kmemcheck_active(regs))
+                kmemcheck_hide(regs);
+
         if (unlikely(kmmio_fault(regs, address)))
                 return;
 
@@ -973,9 +981,13 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code)
          * protection error (error_code & 9) == 0.
          */
         if (unlikely(fault_in_kernel_space(address))) {
-                if (!(error_code & (PF_RSVD|PF_USER|PF_PROT)) &&
-                    vmalloc_fault(address) >= 0)
-                        return;
+                if (!(error_code & (PF_RSVD | PF_USER | PF_PROT))) {
+                        if (vmalloc_fault(address) >= 0)
+                                return;
+
+                        if (kmemcheck_fault(regs, address, error_code))
+                                return;
+                }
 
                 /* Can handle a stale RO->RW TLB: */
                 if (spurious_fault(error_code, address))
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
index 34c1bfb64f1c..f53b57e4086f 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -213,7 +213,7 @@ unsigned long __init_refok init_memory_mapping(unsigned long start,
         if (!after_bootmem)
                 init_gbpages();
 
-#ifdef CONFIG_DEBUG_PAGEALLOC
+#if defined(CONFIG_DEBUG_PAGEALLOC) || defined(CONFIG_KMEMCHECK)
         /*
          * For CONFIG_DEBUG_PAGEALLOC, identity mapping will use small pages.
          * This will simplify cpa(), which otherwise needs to support splitting
diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c
index 9ff3c0816d15..3cd7711bb949 100644
--- a/arch/x86/mm/init_32.c
+++ b/arch/x86/mm/init_32.c
@@ -111,7 +111,7 @@ static pte_t * __init one_page_table_init(pmd_t *pmd)
                 pte_t *page_table = NULL;
 
                 if (after_bootmem) {
-#ifdef CONFIG_DEBUG_PAGEALLOC
+#if defined(CONFIG_DEBUG_PAGEALLOC) || defined(CONFIG_KMEMCHECK)
                         page_table = (pte_t *) alloc_bootmem_pages(PAGE_SIZE);
 #endif
                         if (!page_table)
diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
index 52bb9519bb86..9c543290a813 100644
--- a/arch/x86/mm/init_64.c
+++ b/arch/x86/mm/init_64.c
@@ -104,7 +104,7 @@ static __ref void *spp_getpage(void)
         void *ptr;
 
         if (after_bootmem)
-                ptr = (void *) get_zeroed_page(GFP_ATOMIC);
+                ptr = (void *) get_zeroed_page(GFP_ATOMIC | __GFP_NOTRACK);
         else
                 ptr = alloc_bootmem_pages(PAGE_SIZE);
 
@@ -281,7 +281,7 @@ static __ref void *alloc_low_page(unsigned long *phys)
         void *adr;
 
         if (after_bootmem) {
-                adr = (void *)get_zeroed_page(GFP_ATOMIC);
+                adr = (void *)get_zeroed_page(GFP_ATOMIC | __GFP_NOTRACK);
                 *phys = __pa(adr);
 
                 return adr;
diff --git a/arch/x86/mm/kmemcheck/Makefile b/arch/x86/mm/kmemcheck/Makefile
new file mode 100644
index 000000000000..520b3bce4095
--- /dev/null
+++ b/arch/x86/mm/kmemcheck/Makefile
@@ -0,0 +1 @@
+obj-y := error.o kmemcheck.o opcode.o pte.o selftest.o shadow.o
diff --git a/arch/x86/mm/kmemcheck/error.c b/arch/x86/mm/kmemcheck/error.c
new file mode 100644
index 000000000000..4901d0dafda6
--- /dev/null
+++ b/arch/x86/mm/kmemcheck/error.c
@@ -0,0 +1,228 @@
+#include <linux/interrupt.h>
+#include <linux/kdebug.h>
+#include <linux/kmemcheck.h>
+#include <linux/kernel.h>
+#include <linux/types.h>
+#include <linux/ptrace.h>
+#include <linux/stacktrace.h>
+#include <linux/string.h>
+
+#include "error.h"
+#include "shadow.h"
+
+enum kmemcheck_error_type {
+        KMEMCHECK_ERROR_INVALID_ACCESS,
+        KMEMCHECK_ERROR_BUG,
+};
+
+#define SHADOW_COPY_SIZE (1 << CONFIG_KMEMCHECK_SHADOW_COPY_SHIFT)
+
+struct kmemcheck_error {
+        enum kmemcheck_error_type type;
+
+        union {
+                /* KMEMCHECK_ERROR_INVALID_ACCESS */
+                struct {
+                        /* Kind of access that caused the error */
+                        enum kmemcheck_shadow state;
+                        /* Address and size of the erroneous read */
+                        unsigned long   address;
+                        unsigned int    size;
+                };
+        };
+
+        struct pt_regs          regs;
+        struct stack_trace      trace;
+        unsigned long           trace_entries[32];
+
+        /* We compress it to a char. */
+        unsigned char           shadow_copy[SHADOW_COPY_SIZE];
+        unsigned char           memory_copy[SHADOW_COPY_SIZE];
+};
+
+/*
+ * Create a ring queue of errors to output. We can't call printk() directly
+ * from the kmemcheck traps, since this may call the console drivers and
+ * result in a recursive fault.
+ */
+static struct kmemcheck_error error_fifo[CONFIG_KMEMCHECK_QUEUE_SIZE];
+static unsigned int error_count;
+static unsigned int error_rd;
+static unsigned int error_wr;
+static unsigned int error_missed_count;
+
+static struct kmemcheck_error *error_next_wr(void)
+{
+        struct kmemcheck_error *e;
+
+        if (error_count == ARRAY_SIZE(error_fifo)) {
+                ++error_missed_count;
+                return NULL;
+        }
+
+        e = &error_fifo[error_wr];
+        if (++error_wr == ARRAY_SIZE(error_fifo))
+                error_wr = 0;
+        ++error_count;
+        return e;
+}
+
+static struct kmemcheck_error *error_next_rd(void)
+{
+        struct kmemcheck_error *e;
+
+        if (error_count == 0)
+                return NULL;
+
+        e = &error_fifo[error_rd];
+        if (++error_rd == ARRAY_SIZE(error_fifo))
+                error_rd = 0;
+        --error_count;
+        return e;
+}
+
+void kmemcheck_error_recall(void)
+{
+        static const char *desc[] = {
+                [KMEMCHECK_SHADOW_UNALLOCATED]          = "unallocated",
+                [KMEMCHECK_SHADOW_UNINITIALIZED]        = "uninitialized",
+                [KMEMCHECK_SHADOW_INITIALIZED]          = "initialized",
+                [KMEMCHECK_SHADOW_FREED]                = "freed",
+        };
+
+        static const char short_desc[] = {
+                [KMEMCHECK_SHADOW_UNALLOCATED]          = 'a',
+                [KMEMCHECK_SHADOW_UNINITIALIZED]        = 'u',
+                [KMEMCHECK_SHADOW_INITIALIZED]          = 'i',
+                [KMEMCHECK_SHADOW_FREED]                = 'f',
+        };
+
+        struct kmemcheck_error *e;
+        unsigned int i;
+
+        e = error_next_rd();
+        if (!e)
+                return;
+
+        switch (e->type) {
+        case KMEMCHECK_ERROR_INVALID_ACCESS:
+                printk(KERN_ERR  "WARNING: kmemcheck: Caught %d-bit read "
+                        "from %s memory (%p)\n",
+                        8 * e->size, e->state < ARRAY_SIZE(desc) ?
+                                desc[e->state] : "(invalid shadow state)",
+                        (void *) e->address);
+
+                printk(KERN_INFO);
+                for (i = 0; i < SHADOW_COPY_SIZE; ++i)
+                        printk("%02x", e->memory_copy[i]);
+                printk("\n");
+
+                printk(KERN_INFO);
+                for (i = 0; i < SHADOW_COPY_SIZE; ++i) {
+                        if (e->shadow_copy[i] < ARRAY_SIZE(short_desc))
+                                printk(" %c", short_desc[e->shadow_copy[i]]);
+                        else
+                                printk(" ?");
+                }
+                printk("\n");
+                printk(KERN_INFO "%*c\n", 2 + 2
+                        * (int) (e->address & (SHADOW_COPY_SIZE - 1)), '^');
+                break;
+        case KMEMCHECK_ERROR_BUG:
+                printk(KERN_EMERG "ERROR: kmemcheck: Fatal error\n");
+                break;
+        }
+
+        __show_regs(&e->regs, 1);
+        print_stack_trace(&e->trace, 0);
+}
+
+static void do_wakeup(unsigned long data)
+{
+        while (error_count > 0)
+                kmemcheck_error_recall();
+
+        if (error_missed_count > 0) {
+                printk(KERN_WARNING "kmemcheck: Lost %d error reports because "
+                        "the queue was too small\n", error_missed_count);
+                error_missed_count = 0;
+        }
+}
+
+static DECLARE_TASKLET(kmemcheck_tasklet, &do_wakeup, 0);
+
+/*
+ * Save the context of an error report.
+ */
+void kmemcheck_error_save(enum kmemcheck_shadow state,
+        unsigned long address, unsigned int size, struct pt_regs *regs)
+{
+        static unsigned long prev_ip;
+
+        struct kmemcheck_error *e;
+        void *shadow_copy;
+        void *memory_copy;
+
+        /* Don't report several adjacent errors from the same EIP. */
+        if (regs->ip == prev_ip)
+                return;
+        prev_ip = regs->ip;
+
+        e = error_next_wr();
+        if (!e)
+                return;
+
+        e->type = KMEMCHECK_ERROR_INVALID_ACCESS;
+
+        e->state = state;
+        e->address = address;
+        e->size = size;
+
+        /* Save regs */
+        memcpy(&e->regs, regs, sizeof(*regs));
+
+        /* Save stack trace */
+        e->trace.nr_entries = 0;
+        e->trace.entries = e->trace_entries;
+        e->trace.max_entries = ARRAY_SIZE(e->trace_entries);
+        e->trace.skip = 0;
+        save_stack_trace_bp(&e->trace, regs->bp);
+
+        /* Round address down to nearest 16 bytes */
+        shadow_copy = kmemcheck_shadow_lookup(address
+                & ~(SHADOW_COPY_SIZE - 1));
+        BUG_ON(!shadow_copy);
+
+        memcpy(e->shadow_copy, shadow_copy, SHADOW_COPY_SIZE);
+
+        kmemcheck_show_addr(address);
+        memory_copy = (void *) (address & ~(SHADOW_COPY_SIZE - 1));
+        memcpy(e->memory_copy, memory_copy, SHADOW_COPY_SIZE);
+        kmemcheck_hide_addr(address);
+
+        tasklet_hi_schedule_first(&kmemcheck_tasklet);
+}
+
+/*
+ * Save the context of a kmemcheck bug.
+ */
+void kmemcheck_error_save_bug(struct pt_regs *regs)
+{
+        struct kmemcheck_error *e;
+
+        e = error_next_wr();
+        if (!e)
+                return;
+
+        e->type = KMEMCHECK_ERROR_BUG;
+
+        memcpy(&e->regs, regs, sizeof(*regs));
+
+        e->trace.nr_entries = 0;
+        e->trace.entries = e->trace_entries;
+        e->trace.max_entries = ARRAY_SIZE(e->trace_entries);
+        e->trace.skip = 1;
+        save_stack_trace(&e->trace);
+
+        tasklet_hi_schedule_first(&kmemcheck_tasklet);
+}
diff --git a/arch/x86/mm/kmemcheck/error.h b/arch/x86/mm/kmemcheck/error.h
new file mode 100644
index 000000000000..0efc2e8d0a20
--- /dev/null
+++ b/arch/x86/mm/kmemcheck/error.h
@@ -0,0 +1,15 @@
+#ifndef ARCH__X86__MM__KMEMCHECK__ERROR_H
+#define ARCH__X86__MM__KMEMCHECK__ERROR_H
+
+#include <linux/ptrace.h>
+
+#include "shadow.h"
+
+void kmemcheck_error_save(enum kmemcheck_shadow state,
+        unsigned long address, unsigned int size, struct pt_regs *regs);
+
+void kmemcheck_error_save_bug(struct pt_regs *regs);
+
+void kmemcheck_error_recall(void);
+
+#endif
diff --git a/arch/x86/mm/kmemcheck/kmemcheck.c b/arch/x86/mm/kmemcheck/kmemcheck.c
new file mode 100644
index 000000000000..2c55ed098654
--- /dev/null
+++ b/arch/x86/mm/kmemcheck/kmemcheck.c
@@ -0,0 +1,640 @@
+/**
+ * kmemcheck - a heavyweight memory checker for the linux kernel
+ * Copyright (C) 2007, 2008  Vegard Nossum <vegardno@ifi.uio.no>
+ * (With a lot of help from Ingo Molnar and Pekka Enberg.)
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License (version 2) as
+ * published by the Free Software Foundation.
+ */
+
+#include <linux/init.h>
+#include <linux/interrupt.h>
+#include <linux/kallsyms.h>
+#include <linux/kernel.h>
+#include <linux/kmemcheck.h>
+#include <linux/mm.h>
+#include <linux/module.h>
+#include <linux/page-flags.h>
+#include <linux/percpu.h>
+#include <linux/ptrace.h>
+#include <linux/string.h>
+#include <linux/types.h>
+
+#include <asm/cacheflush.h>
+#include <asm/kmemcheck.h>
+#include <asm/pgtable.h>
+#include <asm/tlbflush.h>
+
+#include "error.h"
+#include "opcode.h"
+#include "pte.h"
+#include "selftest.h"
+#include "shadow.h"
+
+
+#ifdef CONFIG_KMEMCHECK_DISABLED_BY_DEFAULT
+#  define KMEMCHECK_ENABLED 0
+#endif
+
+#ifdef CONFIG_KMEMCHECK_ENABLED_BY_DEFAULT
+#  define KMEMCHECK_ENABLED 1
+#endif
+
+#ifdef CONFIG_KMEMCHECK_ONESHOT_BY_DEFAULT
+#  define KMEMCHECK_ENABLED 2
+#endif
+
+int kmemcheck_enabled = KMEMCHECK_ENABLED;
+
+int __init kmemcheck_init(void)
+{
+#ifdef CONFIG_SMP
+        /*
+         * Limit SMP to use a single CPU. We rely on the fact that this code
+         * runs before SMP is set up.
+         */
+        if (setup_max_cpus > 1) {
+                printk(KERN_INFO
+                        "kmemcheck: Limiting number of CPUs to 1.\n");
+                setup_max_cpus = 1;
+        }
+#endif
+
+        if (!kmemcheck_selftest()) {
+                printk(KERN_INFO "kmemcheck: self-tests failed; disabling\n");
+                kmemcheck_enabled = 0;
+                return -EINVAL;
+        }
+
+        printk(KERN_INFO "kmemcheck: Initialized\n");
+        return 0;
+}
+
+early_initcall(kmemcheck_init);
+
+/*
+ * We need to parse the kmemcheck= option before any memory is allocated.
+ */
+static int __init param_kmemcheck(char *str)
+{
+        if (!str)
+                return -EINVAL;
+
+        sscanf(str, "%d", &kmemcheck_enabled);
+        return 0;
+}
+
+early_param("kmemcheck", param_kmemcheck);
+
+int kmemcheck_show_addr(unsigned long address)
+{
+        pte_t *pte;
+
+        pte = kmemcheck_pte_lookup(address);
+        if (!pte)
+                return 0;
+
+        set_pte(pte, __pte(pte_val(*pte) | _PAGE_PRESENT));
+        __flush_tlb_one(address);
+        return 1;
+}
+
+int kmemcheck_hide_addr(unsigned long address)
+{
+        pte_t *pte;
+
+        pte = kmemcheck_pte_lookup(address);
+        if (!pte)
+                return 0;
+
+        set_pte(pte, __pte(pte_val(*pte) & ~_PAGE_PRESENT));
+        __flush_tlb_one(address);
+        return 1;
+}
+
+struct kmemcheck_context {
+        bool busy;
+        int balance;
+
+        /*
+         * There can be at most two memory operands to an instruction, but
+         * each address can cross a page boundary -- so we may need up to
+         * four addresses that must be hidden/revealed for each fault.
+         */
+        unsigned long addr[4];
+        unsigned long n_addrs;
+        unsigned long flags;
+
+        /* Data size of the instruction that caused a fault. */
+        unsigned int size;
+};
+
+static DEFINE_PER_CPU(struct kmemcheck_context, kmemcheck_context);
+
+bool kmemcheck_active(struct pt_regs *regs)
+{
+        struct kmemcheck_context *data = &__get_cpu_var(kmemcheck_context);
+
+        return data->balance > 0;
+}
+
+/* Save an address that needs to be shown/hidden */
+static void kmemcheck_save_addr(unsigned long addr)
+{
+        struct kmemcheck_context *data = &__get_cpu_var(kmemcheck_context);
+
+        BUG_ON(data->n_addrs >= ARRAY_SIZE(data->addr));
+        data->addr[data->n_addrs++] = addr;
+}
+
+static unsigned int kmemcheck_show_all(void)
+{
+        struct kmemcheck_context *data = &__get_cpu_var(kmemcheck_context);
+        unsigned int i;
+        unsigned int n;
+
+        n = 0;
+        for (i = 0; i < data->n_addrs; ++i)
+                n += kmemcheck_show_addr(data->addr[i]);
+
+        return n;
+}
+
+static unsigned int kmemcheck_hide_all(void)
+{
+        struct kmemcheck_context *data = &__get_cpu_var(kmemcheck_context);
+        unsigned int i;
+        unsigned int n;
+
+        n = 0;
+        for (i = 0; i < data->n_addrs; ++i)
+                n += kmemcheck_hide_addr(data->addr[i]);
+
+        return n;
+}
+
+/*
+ * Called from the #PF handler.
+ */
+void kmemcheck_show(struct pt_regs *regs)
+{
+        struct kmemcheck_context *data = &__get_cpu_var(kmemcheck_context);
+
+        BUG_ON(!irqs_disabled());
+
+        if (unlikely(data->balance != 0)) {
+                kmemcheck_show_all();
+                kmemcheck_error_save_bug(regs);
+                data->balance = 0;
+                return;
+        }
+
+        /*
+         * None of the addresses actually belonged to kmemcheck. Note that
+         * this is not an error.
+         */
+        if (kmemcheck_show_all() == 0)
+                return;
+
+        ++data->balance;
+
+        /*
+         * The IF needs to be cleared as well, so that the faulting
+         * instruction can run "uninterrupted". Otherwise, we might take
+         * an interrupt and start executing that before we've had a chance
+         * to hide the page again.
+         *
+         * NOTE: In the rare case of multiple faults, we must not override
+         * the original flags:
+         */
+        if (!(regs->flags & X86_EFLAGS_TF))
+                data->flags = regs->flags;
+
+        regs->flags |= X86_EFLAGS_TF;
+        regs->flags &= ~X86_EFLAGS_IF;
+}
+
+/*
+ * Called from the #DB handler.
+ */
+void kmemcheck_hide(struct pt_regs *regs)
+{
+        struct kmemcheck_context *data = &__get_cpu_var(kmemcheck_context);
+        int n;
+
+        BUG_ON(!irqs_disabled());
+
+        if (data->balance == 0)
+                return;
+
+        if (unlikely(data->balance != 1)) {
+                kmemcheck_show_all();
+                kmemcheck_error_save_bug(regs);
+                data->n_addrs = 0;
+                data->balance = 0;
+
+                if (!(data->flags & X86_EFLAGS_TF))
+                        regs->flags &= ~X86_EFLAGS_TF;
+                if (data->flags & X86_EFLAGS_IF)
+                        regs->flags |= X86_EFLAGS_IF;
+                return;
+        }
+
+        if (kmemcheck_enabled)
+                n = kmemcheck_hide_all();
+        else
+                n = kmemcheck_show_all();
+
+        if (n == 0)
+                return;
+
+        --data->balance;
+
+        data->n_addrs = 0;
+
+        if (!(data->flags & X86_EFLAGS_TF))
+                regs->flags &= ~X86_EFLAGS_TF;
+        if (data->flags & X86_EFLAGS_IF)
+                regs->flags |= X86_EFLAGS_IF;
+}
+
+void kmemcheck_show_pages(struct page *p, unsigned int n)
+{
+        unsigned int i;
+
+        for (i = 0; i < n; ++i) {
+                unsigned long address;
+                pte_t *pte;
+                unsigned int level;
+
+                address = (unsigned long) page_address(&p[i]);
+                pte = lookup_address(address, &level);
+                BUG_ON(!pte);
+                BUG_ON(level != PG_LEVEL_4K);
+
+                set_pte(pte, __pte(pte_val(*pte) | _PAGE_PRESENT));
+                set_pte(pte, __pte(pte_val(*pte) & ~_PAGE_HIDDEN));
+                __flush_tlb_one(address);
+        }
+}
+
+bool kmemcheck_page_is_tracked(struct page *p)
+{
+        /* This will also check the "hidden" flag of the PTE. */
+        return kmemcheck_pte_lookup((unsigned long) page_address(p));
+}
+
+void kmemcheck_hide_pages(struct page *p, unsigned int n)
+{
+        unsigned int i;
+
+        for (i = 0; i < n; ++i) {
+                unsigned long address;
+                pte_t *pte;
+                unsigned int level;
+
+                address = (unsigned long) page_address(&p[i]);
+                pte = lookup_address(address, &level);
+                BUG_ON(!pte);
+                BUG_ON(level != PG_LEVEL_4K);
+
+                set_pte(pte, __pte(pte_val(*pte) & ~_PAGE_PRESENT));
+                set_pte(pte, __pte(pte_val(*pte) | _PAGE_HIDDEN));
+                __flush_tlb_one(address);
+        }
+}
+
+/* Access may NOT cross page boundary */
+static void kmemcheck_read_strict(struct pt_regs *regs,
+        unsigned long addr, unsigned int size)
+{
+        void *shadow;
+        enum kmemcheck_shadow status;
+
+        shadow = kmemcheck_shadow_lookup(addr);
+        if (!shadow)
+                return;
+
+        kmemcheck_save_addr(addr);
+        status = kmemcheck_shadow_test(shadow, size);
+        if (status == KMEMCHECK_SHADOW_INITIALIZED)
+                return;
+
+        if (kmemcheck_enabled)
+                kmemcheck_error_save(status, addr, size, regs);
+
+        if (kmemcheck_enabled == 2)
+                kmemcheck_enabled = 0;
+
+        /* Don't warn about it again. */
+        kmemcheck_shadow_set(shadow, size);
+}
+
+/* Access may cross page boundary */
+static void kmemcheck_read(struct pt_regs *regs,
+        unsigned long addr, unsigned int size)
+{
+        unsigned long page = addr & PAGE_MASK;
+        unsigned long next_addr = addr + size - 1;
+        unsigned long next_page = next_addr & PAGE_MASK;
+
+        if (likely(page == next_page)) {
+                kmemcheck_read_strict(regs, addr, size);
+                return;
+        }
+
+        /*
+         * What we do is basically to split the access across the
+         * two pages and handle each part separately. Yes, this means
+         * that we may now see reads that are 3 + 5 bytes, for
+         * example (and if both are uninitialized, there will be two
+         * reports), but it makes the code a lot simpler.
+         */
+        kmemcheck_read_strict(regs, addr, next_page - addr);
+        kmemcheck_read_strict(regs, next_page, next_addr - next_page);
+}
+
+static void kmemcheck_write_strict(struct pt_regs *regs,
+        unsigned long addr, unsigned int size)
+{
+        void *shadow;
+
+        shadow = kmemcheck_shadow_lookup(addr);
+        if (!shadow)
+                return;
+
+        kmemcheck_save_addr(addr);
+        kmemcheck_shadow_set(shadow, size);
+}
+
+static void kmemcheck_write(struct pt_regs *regs,
+        unsigned long addr, unsigned int size)
+{
+        unsigned long page = addr & PAGE_MASK;
+        unsigned long next_addr = addr + size - 1;
+        unsigned long next_page = next_addr & PAGE_MASK;
+
+        if (likely(page == next_page)) {
+                kmemcheck_write_strict(regs, addr, size);
+                return;
+        }
+
+        /* See comment in kmemcheck_read(). */
+        kmemcheck_write_strict(regs, addr, next_page - addr);
+        kmemcheck_write_strict(regs, next_page, next_addr - next_page);
+}
+
+/*
+ * Copying is hard. We have two addresses, each of which may be split across
+ * a page (and each page will have different shadow addresses).
+ */
+static void kmemcheck_copy(struct pt_regs *regs,
+        unsigned long src_addr, unsigned long dst_addr, unsigned int size)
+{
+        uint8_t shadow[8];
+        enum kmemcheck_shadow status;
+
+        unsigned long page;
+        unsigned long next_addr;
+        unsigned long next_page;
+
+        uint8_t *x;
+        unsigned int i;
+        unsigned int n;
+
+        BUG_ON(size > sizeof(shadow));
+
+        page = src_addr & PAGE_MASK;
+        next_addr = src_addr + size - 1;
+        next_page = next_addr & PAGE_MASK;
+
+        if (likely(page == next_page)) {
+                /* Same page */
+                x = kmemcheck_shadow_lookup(src_addr);
+                if (x) {
+                        kmemcheck_save_addr(src_addr);
+                        for (i = 0; i < size; ++i)
+                                shadow[i] = x[i];
+                } else {
+                        for (i = 0; i < size; ++i)
+                                shadow[i] = KMEMCHECK_SHADOW_INITIALIZED;
+                }
+        } else {
+                n = next_page - src_addr;
+                BUG_ON(n > sizeof(shadow));
+
+                /* First page */
+                x = kmemcheck_shadow_lookup(src_addr);
+                if (x) {
+                        kmemcheck_save_addr(src_addr);
+                        for (i = 0; i < n; ++i)
+                                shadow[i] = x[i];
+                } else {
+                        /* Not tracked */
+                        for (i = 0; i < n; ++i)
+                                shadow[i] = KMEMCHECK_SHADOW_INITIALIZED;
+                }
+
+                /* Second page */
+                x = kmemcheck_shadow_lookup(next_page);
+                if (x) {
+                        kmemcheck_save_addr(next_page);
+                        for (i = n; i < size; ++i)
+                                shadow[i] = x[i - n];
+                } else {
+                        /* Not tracked */
+                        for (i = n; i < size; ++i)
+                                shadow[i] = KMEMCHECK_SHADOW_INITIALIZED;
+                }
+        }
+
+        page = dst_addr & PAGE_MASK;
+        next_addr = dst_addr + size - 1;
+        next_page = next_addr & PAGE_MASK;
+
+        if (likely(page == next_page)) {
+                /* Same page */
+                x = kmemcheck_shadow_lookup(dst_addr);
+                if (x) {
+                        kmemcheck_save_addr(dst_addr);
+                        for (i = 0; i < size; ++i) {
+                                x[i] = shadow[i];
+                                shadow[i] = KMEMCHECK_SHADOW_INITIALIZED;
+                        }
+                }
+        } else {
+                n = next_page - dst_addr;
+                BUG_ON(n > sizeof(shadow));
+
+                /* First page */
+                x = kmemcheck_shadow_lookup(dst_addr);
+                if (x) {
+                        kmemcheck_save_addr(dst_addr);
+                        for (i = 0; i < n; ++i) {
+                                x[i] = shadow[i];
+                                shadow[i] = KMEMCHECK_SHADOW_INITIALIZED;
+                        }
+                }
+
+                /* Second page */
+                x = kmemcheck_shadow_lookup(next_page);
+                if (x) {
+                        kmemcheck_save_addr(next_page);
+                        for (i = n; i < size; ++i) {
+                                x[i - n] = shadow[i];
+                                shadow[i] = KMEMCHECK_SHADOW_INITIALIZED;
+                        }
+                }
+        }
+
+        status = kmemcheck_shadow_test(shadow, size);
+        if (status == KMEMCHECK_SHADOW_INITIALIZED)
+                return;
+
+        if (kmemcheck_enabled)
+                kmemcheck_error_save(status, src_addr, size, regs);
+
+        if (kmemcheck_enabled == 2)
+                kmemcheck_enabled = 0;
+}
+
+enum kmemcheck_method {
+        KMEMCHECK_READ,
+        KMEMCHECK_WRITE,
+};
+
+static void kmemcheck_access(struct pt_regs *regs,
+        unsigned long fallback_address, enum kmemcheck_method fallback_method)
+{
+        const uint8_t *insn;
+        const uint8_t *insn_primary;
+        unsigned int size;
+
+        struct kmemcheck_context *data = &__get_cpu_var(kmemcheck_context);
+
+        /* Recursive fault -- ouch. */
+        if (data->busy) {
+                kmemcheck_show_addr(fallback_address);
+                kmemcheck_error_save_bug(regs);
+                return;
+        }
+
+        data->busy = true;
+
+        insn = (const uint8_t *) regs->ip;
+        insn_primary = kmemcheck_opcode_get_primary(insn);
+
+        kmemcheck_opcode_decode(insn, &size);
+
+        switch (insn_primary[0]) {
+#ifdef CONFIG_KMEMCHECK_BITOPS_OK
+                /* AND, OR, XOR */
+                /*
+                 * Unfortunately, these instructions have to be excluded from
+                 * our regular checking since they access only some (and not
+                 * all) bits. This clears out "bogus" bitfield-access warnings.
+                 */
+        case 0x80:
+        case 0x81:
+        case 0x82:
+        case 0x83:
+                switch ((insn_primary[1] >> 3) & 7) {
+                        /* OR */
+                case 1:
+                        /* AND */
+                case 4:
+                        /* XOR */
+                case 6:
+                        kmemcheck_write(regs, fallback_address, size);
+                        goto out;
+
+                        /* ADD */
+                case 0:
+                        /* ADC */
+                case 2:
+                        /* SBB */
+                case 3:
+                        /* SUB */
+                case 5:
+                        /* CMP */
+                case 7:
+                        break;
+                }
+                break;
+#endif
+
+                /* MOVS, MOVSB, MOVSW, MOVSD */
+        case 0xa4:
+        case 0xa5:
+                /*
+                 * These instructions are special because they take two
+                 * addresses, but we only get one page fault.
+                 */
+                kmemcheck_copy(regs, regs->si, regs->di, size);
+                goto out;
+
+                /* CMPS, CMPSB, CMPSW, CMPSD */
+        case 0xa6:
+        case 0xa7:
+                kmemcheck_read(regs, regs->si, size);
+                kmemcheck_read(regs, regs->di, size);
+                goto out;
+        }
+
+        /*
+         * If the opcode isn't special in any way, we use the data from the
+         * page fault handler to determine the address and type of memory
+         * access.
+         */
+        switch (fallback_method) {
+        case KMEMCHECK_READ:
+                kmemcheck_read(regs, fallback_address, size);
+                goto out;
+        case KMEMCHECK_WRITE:
+                kmemcheck_write(regs, fallback_address, size);
+                goto out;
+        }
+
+out:
+        data->busy = false;
+}
+
+bool kmemcheck_fault(struct pt_regs *regs, unsigned long address,
+        unsigned long error_code)
+{
+        pte_t *pte;
+
+        /*
+         * XXX: Is it safe to assume that memory accesses from virtual 86
+         * mode or non-kernel code segments will _never_ access kernel
+         * memory (e.g. tracked pages)? For now, we need this to avoid
+         * invoking kmemcheck for PnP BIOS calls.
+         */
+        if (regs->flags & X86_VM_MASK)
+                return false;
+        if (regs->cs != __KERNEL_CS)
+                return false;
+
+        pte = kmemcheck_pte_lookup(address);
+        if (!pte)
+                return false;
+
+        if (error_code & 2)
+                kmemcheck_access(regs, address, KMEMCHECK_WRITE);
+        else
+                kmemcheck_access(regs, address, KMEMCHECK_READ);
+
+        kmemcheck_show(regs);
+        return true;
+}
+
+bool kmemcheck_trap(struct pt_regs *regs)
+{
+        if (!kmemcheck_active(regs))
+                return false;
+
+        /* We're done. */
+        kmemcheck_hide(regs);
+        return true;
+}
diff --git a/arch/x86/mm/kmemcheck/opcode.c b/arch/x86/mm/kmemcheck/opcode.c
new file mode 100644
index 000000000000..63c19e27aa6f
--- /dev/null
+++ b/arch/x86/mm/kmemcheck/opcode.c
@@ -0,0 +1,106 @@
+#include <linux/types.h>
+
+#include "opcode.h"
+
+static bool opcode_is_prefix(uint8_t b)
+{
+        return
+                /* Group 1 */
+                b == 0xf0 || b == 0xf2 || b == 0xf3
+                /* Group 2 */
+                || b == 0x2e || b == 0x36 || b == 0x3e || b == 0x26
+                || b == 0x64 || b == 0x65 || b == 0x2e || b == 0x3e
+                /* Group 3 */
+                || b == 0x66
+                /* Group 4 */
+                || b == 0x67;
+}
+
+#ifdef CONFIG_X86_64
+static bool opcode_is_rex_prefix(uint8_t b)
+{
+        return (b & 0xf0) == 0x40;
+}
+#else
+static bool opcode_is_rex_prefix(uint8_t b)
+{
+        return false;
+}
+#endif
+
+#define REX_W (1 << 3)
+
+/*
+ * This is a VERY crude opcode decoder. We only need to find the size of the
+ * load/store that caused our #PF and this should work for all the opcodes
+ * that we care about. Moreover, the ones who invented this instruction set
+ * should be shot.
+ */
+void kmemcheck_opcode_decode(const uint8_t *op, unsigned int *size)
+{
+        /* Default operand size */
+        int operand_size_override = 4;
+
+        /* prefixes */
+        for (; opcode_is_prefix(*op); ++op) {
+                if (*op == 0x66)
+                        operand_size_override = 2;
+        }
+
+        /* REX prefix */
+        if (opcode_is_rex_prefix(*op)) {
+                uint8_t rex = *op;
+
+                ++op;
+                if (rex & REX_W) {
+                        switch (*op) {
+                        case 0x63:
+                                *size = 4;
+                                return;
+                        case 0x0f:
+                                ++op;
+
+                                switch (*op) {
+                                case 0xb6:
+                                case 0xbe:
+                                        *size = 1;
+                                        return;
+                                case 0xb7:
+                                case 0xbf:
+                                        *size = 2;
+                                        return;
+                                }
+
+                                break;
+                        }
+
+                        *size = 8;
+                        return;
+                }
+        }
+
+        /* escape opcode */
+        if (*op == 0x0f) {
+                ++op;
+
+                /*
+                 * This is move with zero-extend and sign-extend, respectively;
+                 * we don't have to think about 0xb6/0xbe, because this is
+                 * already handled in the conditional below.
+                 */
+                if (*op == 0xb7 || *op == 0xbf)
+                        operand_size_override = 2;
+        }
+
+        *size = (*op & 1) ? operand_size_override : 1;
+}
+
+const uint8_t *kmemcheck_opcode_get_primary(const uint8_t *op)
+{
+        /* skip prefixes */
+        while (opcode_is_prefix(*op))
+                ++op;
+        if (opcode_is_rex_prefix(*op))
+                ++op;
+        return op;
+}
diff --git a/arch/x86/mm/kmemcheck/opcode.h b/arch/x86/mm/kmemcheck/opcode.h
new file mode 100644
index 000000000000..6956aad66b5b
--- /dev/null
+++ b/arch/x86/mm/kmemcheck/opcode.h
@@ -0,0 +1,9 @@
+#ifndef ARCH__X86__MM__KMEMCHECK__OPCODE_H
+#define ARCH__X86__MM__KMEMCHECK__OPCODE_H
+
+#include <linux/types.h>
+
+void kmemcheck_opcode_decode(const uint8_t *op, unsigned int *size);
+const uint8_t *kmemcheck_opcode_get_primary(const uint8_t *op);
+
+#endif
diff --git a/arch/x86/mm/kmemcheck/pte.c b/arch/x86/mm/kmemcheck/pte.c
new file mode 100644
index 000000000000..4ead26eeaf96
--- /dev/null
+++ b/arch/x86/mm/kmemcheck/pte.c
@@ -0,0 +1,22 @@
+#include <linux/mm.h>
+
+#include <asm/pgtable.h>
+
+#include "pte.h"
+
+pte_t *kmemcheck_pte_lookup(unsigned long address)
+{
+        pte_t *pte;
+        unsigned int level;
+
+        pte = lookup_address(address, &level);
+        if (!pte)
+                return NULL;
+        if (level != PG_LEVEL_4K)
+                return NULL;
+        if (!pte_hidden(*pte))
+                return NULL;
+
+        return pte;
+}
+
diff --git a/arch/x86/mm/kmemcheck/pte.h b/arch/x86/mm/kmemcheck/pte.h
new file mode 100644
index 000000000000..9f5966456492
--- /dev/null
+++ b/arch/x86/mm/kmemcheck/pte.h
@@ -0,0 +1,10 @@
+#ifndef ARCH__X86__MM__KMEMCHECK__PTE_H
+#define ARCH__X86__MM__KMEMCHECK__PTE_H
+
+#include <linux/mm.h>
+
+#include <asm/pgtable.h>
+
+pte_t *kmemcheck_pte_lookup(unsigned long address);
+
+#endif
diff --git a/arch/x86/mm/kmemcheck/selftest.c b/arch/x86/mm/kmemcheck/selftest.c
new file mode 100644
index 000000000000..036efbea8b28
--- /dev/null
+++ b/arch/x86/mm/kmemcheck/selftest.c
@@ -0,0 +1,69 @@
+#include <linux/kernel.h>
+
+#include "opcode.h"
+#include "selftest.h"
+
+struct selftest_opcode {
+        unsigned int expected_size;
+        const uint8_t *insn;
+        const char *desc;
+};
+
+static const struct selftest_opcode selftest_opcodes[] = {
+        /* REP MOVS */
+        {1, "\xf3\xa4",                 "rep movsb <mem8>, <mem8>"},
+        {4, "\xf3\xa5",                 "rep movsl <mem32>, <mem32>"},
+
+        /* MOVZX / MOVZXD */
+        {1, "\x66\x0f\xb6\x51\xf8",     "movzwq <mem8>, <reg16>"},
+        {1, "\x0f\xb6\x51\xf8",         "movzwq <mem8>, <reg32>"},
+
+        /* MOVSX / MOVSXD */
+        {1, "\x66\x0f\xbe\x51\xf8",     "movswq <mem8>, <reg16>"},
+        {1, "\x0f\xbe\x51\xf8",         "movswq <mem8>, <reg32>"},
+
+#ifdef CONFIG_X86_64
+        /* MOVZX / MOVZXD */
+        {1, "\x49\x0f\xb6\x51\xf8",     "movzbq <mem8>, <reg64>"},
+        {2, "\x49\x0f\xb7\x51\xf8",     "movzbq <mem16>, <reg64>"},
+
+        /* MOVSX / MOVSXD */
+        {1, "\x49\x0f\xbe\x51\xf8",     "movsbq <mem8>, <reg64>"},
+        {2, "\x49\x0f\xbf\x51\xf8",     "movsbq <mem16>, <reg64>"},
+        {4, "\x49\x63\x51\xf8",         "movslq <mem32>, <reg64>"},
+#endif
+};
+
+static bool selftest_opcode_one(const struct selftest_opcode *op)
+{
+        unsigned size;
+
+        kmemcheck_opcode_decode(op->insn, &size);
+
+        if (size == op->expected_size)
+                return true;
+
+        printk(KERN_WARNING "kmemcheck: opcode %s: expected size %d, got %d\n",
+                op->desc, op->expected_size, size);
+        return false;
+}
+
+static bool selftest_opcodes_all(void)
+{
+        bool pass = true;
+        unsigned int i;
+
+        for (i = 0; i < ARRAY_SIZE(selftest_opcodes); ++i)
+                pass = pass && selftest_opcode_one(&selftest_opcodes[i]);
+
+        return pass;
+}
+
+bool kmemcheck_selftest(void)
+{
+        bool pass = true;
+
+        pass = pass && selftest_opcodes_all();
+
+        return pass;
+}
diff --git a/arch/x86/mm/kmemcheck/selftest.h b/arch/x86/mm/kmemcheck/selftest.h
new file mode 100644
index 000000000000..8fed4fe11f95
--- /dev/null
+++ b/arch/x86/mm/kmemcheck/selftest.h
@@ -0,0 +1,6 @@
+#ifndef ARCH_X86_MM_KMEMCHECK_SELFTEST_H
+#define ARCH_X86_MM_KMEMCHECK_SELFTEST_H
+
+bool kmemcheck_selftest(void);
+
+#endif
diff --git a/arch/x86/mm/kmemcheck/shadow.c b/arch/x86/mm/kmemcheck/shadow.c
new file mode 100644
index 000000000000..e773b6bd0079
--- /dev/null
+++ b/arch/x86/mm/kmemcheck/shadow.c
@@ -0,0 +1,162 @@
+#include <linux/kmemcheck.h>
+#include <linux/module.h>
+#include <linux/mm.h>
+#include <linux/module.h>
+
+#include <asm/page.h>
+#include <asm/pgtable.h>
+
+#include "pte.h"
+#include "shadow.h"
+
+/*
+ * Return the shadow address for the given address. Returns NULL if the
+ * address is not tracked.
+ *
+ * We need to be extremely careful not to follow any invalid pointers,
+ * because this function can be called for *any* possible address.
+ */
+void *kmemcheck_shadow_lookup(unsigned long address)
+{
+        pte_t *pte;
+        struct page *page;
+
+        if (!virt_addr_valid(address))
+                return NULL;
+
+        pte = kmemcheck_pte_lookup(address);
+        if (!pte)
+                return NULL;
+
+        page = virt_to_page(address);
+        if (!page->shadow)
+                return NULL;
+        return page->shadow + (address & (PAGE_SIZE - 1));
+}
+
+static void mark_shadow(void *address, unsigned int n,
+        enum kmemcheck_shadow status)
+{
+        unsigned long addr = (unsigned long) address;
+        unsigned long last_addr = addr + n - 1;
+        unsigned long page = addr & PAGE_MASK;
+        unsigned long last_page = last_addr & PAGE_MASK;
+        unsigned int first_n;
+        void *shadow;
+
+        /* If the memory range crosses a page boundary, stop there. */
+        if (page == last_page)
+                first_n = n;
+        else
+                first_n = page + PAGE_SIZE - addr;
+
+        shadow = kmemcheck_shadow_lookup(addr);
+        if (shadow)
+                memset(shadow, status, first_n);
+
+        addr += first_n;
+        n -= first_n;
+
+        /* Do full-page memset()s. */
+        while (n >= PAGE_SIZE) {
+                shadow = kmemcheck_shadow_lookup(addr);
+                if (shadow)
+                        memset(shadow, status, PAGE_SIZE);
+
+                addr += PAGE_SIZE;
+                n -= PAGE_SIZE;
+        }
+
+        /* Do the remaining page, if any. */
+        if (n > 0) {
+                shadow = kmemcheck_shadow_lookup(addr);
+                if (shadow)
+                        memset(shadow, status, n);
+        }
+}
+
+void kmemcheck_mark_unallocated(void *address, unsigned int n)
+{
+        mark_shadow(address, n, KMEMCHECK_SHADOW_UNALLOCATED);
+}
+
+void kmemcheck_mark_uninitialized(void *address, unsigned int n)
+{
+        mark_shadow(address, n, KMEMCHECK_SHADOW_UNINITIALIZED);
+}
+
+/*
+ * Fill the shadow memory of the given address such that the memory at that
+ * address is marked as being initialized.
+ */
+void kmemcheck_mark_initialized(void *address, unsigned int n)
+{
+        mark_shadow(address, n, KMEMCHECK_SHADOW_INITIALIZED);
+}
+EXPORT_SYMBOL_GPL(kmemcheck_mark_initialized);
+
+void kmemcheck_mark_freed(void *address, unsigned int n)
+{
+        mark_shadow(address, n, KMEMCHECK_SHADOW_FREED);
+}
+
+void kmemcheck_mark_unallocated_pages(struct page *p, unsigned int n)
+{
+        unsigned int i;
+
+        for (i = 0; i < n; ++i)
+                kmemcheck_mark_unallocated(page_address(&p[i]), PAGE_SIZE);
+}
+
+void kmemcheck_mark_uninitialized_pages(struct page *p, unsigned int n)
+{
+        unsigned int i;
+
+        for (i = 0; i < n; ++i)
+                kmemcheck_mark_uninitialized(page_address(&p[i]), PAGE_SIZE);
+}
+
+void kmemcheck_mark_initialized_pages(struct page *p, unsigned int n)
+{
+        unsigned int i;
+
+        for (i = 0; i < n; ++i)
+                kmemcheck_mark_initialized(page_address(&p[i]), PAGE_SIZE);
+}
+
+enum kmemcheck_shadow kmemcheck_shadow_test(void *shadow, unsigned int size)
+{
+        uint8_t *x;
+        unsigned int i;
+
+        x = shadow;
+
+#ifdef CONFIG_KMEMCHECK_PARTIAL_OK
+        /*
+         * Make sure _some_ bytes are initialized. Gcc frequently generates
+         * code to access neighboring bytes.
+         */
+        for (i = 0; i < size; ++i) {
+                if (x[i] == KMEMCHECK_SHADOW_INITIALIZED)
+                        return x[i];
+        }
+#else
+        /* All bytes must be initialized. */
+        for (i = 0; i < size; ++i) {
+                if (x[i] != KMEMCHECK_SHADOW_INITIALIZED)
+                        return x[i];
+        }
+#endif
+
+        return x[0];
+}
+
+void kmemcheck_shadow_set(void *shadow, unsigned int size)
+{
+        uint8_t *x;
+        unsigned int i;
+
+        x = shadow;
+        for (i = 0; i < size; ++i)
+                x[i] = KMEMCHECK_SHADOW_INITIALIZED;
+}
diff --git a/arch/x86/mm/kmemcheck/shadow.h b/arch/x86/mm/kmemcheck/shadow.h
new file mode 100644
index 000000000000..af46d9ab9d86
--- /dev/null
+++ b/arch/x86/mm/kmemcheck/shadow.h
@@ -0,0 +1,16 @@
+#ifndef ARCH__X86__MM__KMEMCHECK__SHADOW_H
+#define ARCH__X86__MM__KMEMCHECK__SHADOW_H
+
+enum kmemcheck_shadow {
+        KMEMCHECK_SHADOW_UNALLOCATED,
+        KMEMCHECK_SHADOW_UNINITIALIZED,
+        KMEMCHECK_SHADOW_INITIALIZED,
+        KMEMCHECK_SHADOW_FREED,
+};
+
+void *kmemcheck_shadow_lookup(unsigned long address);
+
+enum kmemcheck_shadow kmemcheck_shadow_test(void *shadow, unsigned int size);
+void kmemcheck_shadow_set(void *shadow, unsigned int size);
+
+#endif
diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
index 6ce9518fe2ac..3cfe9ced8a4c 100644
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
@@ -470,7 +470,7 @@ static int split_large_page(pte_t *kpte, unsigned long address)
 
         if (!debug_pagealloc)
                 spin_unlock(&cpa_lock);
-        base = alloc_pages(GFP_KERNEL, 0);
+        base = alloc_pages(GFP_KERNEL | __GFP_NOTRACK, 0);
         if (!debug_pagealloc)
                 spin_lock(&cpa_lock);
         if (!base)
diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c
index 7aa03a5389f5..8e43bdd45456 100644
--- a/arch/x86/mm/pgtable.c
+++ b/arch/x86/mm/pgtable.c
@@ -4,9 +4,11 @@
 #include <asm/tlb.h>
 #include <asm/fixmap.h>
 
+#define PGALLOC_GFP GFP_KERNEL | __GFP_NOTRACK | __GFP_REPEAT | __GFP_ZERO
+
 pte_t *pte_alloc_one_kernel(struct mm_struct *mm, unsigned long address)
 {
-        return (pte_t *)__get_free_page(GFP_KERNEL|__GFP_REPEAT|__GFP_ZERO);
+        return (pte_t *)__get_free_page(PGALLOC_GFP);
 }
 
 pgtable_t pte_alloc_one(struct mm_struct *mm, unsigned long address)
@@ -14,9 +16,9 @@ pgtable_t pte_alloc_one(struct mm_struct *mm, unsigned long address)
         struct page *pte;
 
 #ifdef CONFIG_HIGHPTE
-        pte = alloc_pages(GFP_KERNEL|__GFP_HIGHMEM|__GFP_REPEAT|__GFP_ZERO, 0);
+        pte = alloc_pages(PGALLOC_GFP | __GFP_HIGHMEM, 0);
 #else
-        pte = alloc_pages(GFP_KERNEL|__GFP_REPEAT|__GFP_ZERO, 0);
+        pte = alloc_pages(PGALLOC_GFP, 0);
 #endif
         if (pte)
                 pgtable_page_ctor(pte);
@@ -161,7 +163,7 @@ static int preallocate_pmds(pmd_t *pmds[])
         bool failed = false;
 
         for(i = 0; i < PREALLOCATED_PMDS; i++) {
-                pmd_t *pmd = (pmd_t *)get_zeroed_page(GFP_KERNEL|__GFP_REPEAT);
+                pmd_t *pmd = (pmd_t *)__get_free_page(PGALLOC_GFP);
                 if (pmd == NULL)
                         failed = true;
                 pmds[i] = pmd;
@@ -228,7 +230,7 @@ pgd_t *pgd_alloc(struct mm_struct *mm)
         pmd_t *pmds[PREALLOCATED_PMDS];
         unsigned long flags;
 
-        pgd = (pgd_t *)__get_free_page(GFP_KERNEL | __GFP_ZERO);
+        pgd = (pgd_t *)__get_free_page(PGALLOC_GFP);
 
         if (pgd == NULL)
                 goto out;