Merge branch 'linus' into x86/urgent

Merge reason: We want to queue up a dependent patch.

Signed-off-by: Ingo Molnar <mingo@elte.hu>

103 files changed, 3058 insertions, 1442 deletions

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index b3cfd2433c34..32a1918e1b88 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -51,6 +51,7 @@ config X86
         select HAVE_KERNEL_LZMA
         select HAVE_HW_BREAKPOINT
         select HAVE_ARCH_KMEMCHECK
+        select HAVE_USER_RETURN_NOTIFIER
 
 config OUTPUT_FORMAT
         string
@@ -1331,7 +1332,9 @@ config MATH_EMULATION
           kernel, it won't hurt.
 
 config MTRR
-        bool "MTRR (Memory Type Range Register) support"
+        bool
+        default y
+        prompt "MTRR (Memory Type Range Register) support" if EMBEDDED
         ---help---
           On Intel P6 family processors (Pentium Pro, Pentium II and later)
           the Memory Type Range Registers (MTRRs) may be used to control
@@ -1397,7 +1400,8 @@ config MTRR_SANITIZER_SPARE_REG_NR_DEFAULT
 
 config X86_PAT
         bool
-        prompt "x86 PAT support"
+        default y
+        prompt "x86 PAT support" if EMBEDDED
         depends on MTRR
         ---help---
           Use PAT attributes to setup page level cache control.
diff --git a/arch/x86/Kconfig.cpu b/arch/x86/Kconfig.cpu
index 5e99762eb5c2..08e442bc3ab9 100644
--- a/arch/x86/Kconfig.cpu
+++ b/arch/x86/Kconfig.cpu
@@ -301,15 +301,11 @@ config X86_CPU
 
 #
 # Define implied options from the CPU selection here
-config X86_L1_CACHE_BYTES
+config X86_INTERNODE_CACHE_SHIFT
         int
-        default "128" if MPSC
-        default "64" if GENERIC_CPU || MK8 || MCORE2 || MATOM || X86_32
-
-config X86_INTERNODE_CACHE_BYTES
-        int
-        default "4096" if X86_VSMP
-        default X86_L1_CACHE_BYTES if !X86_VSMP
+        default "12" if X86_VSMP
+        default "7" if NUMA
+        default X86_L1_CACHE_SHIFT
 
 config X86_CMPXCHG
         def_bool X86_64 || (X86_32 && !M386)
@@ -317,9 +313,9 @@ config X86_CMPXCHG
 config X86_L1_CACHE_SHIFT
         int
         default "7" if MPENTIUM4 || MPSC
+        default "6" if MK7 || MK8 || MPENTIUMM || MCORE2 || MATOM || MVIAC7 || X86_GENERIC || GENERIC_CPU
         default "4" if X86_ELAN || M486 || M386 || MGEODEGX1
         default "5" if MWINCHIP3D || MWINCHIPC6 || MCRUSOE || MEFFICEON || MCYRIXIII || MK6 || MPENTIUMIII || MPENTIUMII || M686 || M586MMX || M586TSC || M586 || MVIAC3_2 || MGEODE_LX
-        default "6" if MK7 || MK8 || MPENTIUMM || MCORE2 || MATOM || MVIAC7 || X86_GENERIC || GENERIC_CPU
 
 config X86_XADD
         def_bool y
diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
index 077e1b69198e..faff0dc9c06a 100644
--- a/arch/x86/boot/compressed/head_64.S
+++ b/arch/x86/boot/compressed/head_64.S
@@ -107,8 +107,7 @@ ENTRY(startup_32)
         lgdt    gdt(%ebp)
 
         /* Enable PAE mode */
-        xorl    %eax, %eax
-        orl     $(X86_CR4_PAE), %eax
+        movl    $(X86_CR4_PAE), %eax
         movl    %eax, %cr4
 
  /*
diff --git a/arch/x86/boot/compressed/vmlinux.lds.S b/arch/x86/boot/compressed/vmlinux.lds.S
index f4193bb48782..a6f1a59a5b0c 100644
--- a/arch/x86/boot/compressed/vmlinux.lds.S
+++ b/arch/x86/boot/compressed/vmlinux.lds.S
@@ -4,6 +4,7 @@ OUTPUT_FORMAT(CONFIG_OUTPUT_FORMAT, CONFIG_OUTPUT_FORMAT, CONFIG_OUTPUT_FORMAT)
 
 #undef i386
 
+#include <asm/cache.h>
 #include <asm/page_types.h>
 
 #ifdef CONFIG_X86_64
@@ -46,7 +47,7 @@ SECTIONS
                 *(.data.*)
                 _edata = . ;
         }
-        . = ALIGN(CONFIG_X86_L1_CACHE_BYTES);
+        . = ALIGN(L1_CACHE_BYTES);
         .bss : {
                 _bss = . ;
                 *(.bss)
diff --git a/arch/x86/boot/video.c b/arch/x86/boot/video.c
index d42da3802499..f767164cd5df 100644
--- a/arch/x86/boot/video.c
+++ b/arch/x86/boot/video.c
@@ -27,6 +27,12 @@ static void store_cursor_position(void)
 
         boot_params.screen_info.orig_x = oreg.dl;
         boot_params.screen_info.orig_y = oreg.dh;
+
+        if (oreg.ch & 0x20)
+                boot_params.screen_info.flags |= VIDEO_FLAGS_NOCURSOR;
+
+        if ((oreg.ch & 0x1f) > (oreg.cl & 0x1f))
+                boot_params.screen_info.flags |= VIDEO_FLAGS_NOCURSOR;
 }
 
 static void store_video_mode(void)
diff --git a/arch/x86/crypto/Makefile b/arch/x86/crypto/Makefile
index cfb0010fa940..1a58ad89fdf7 100644
--- a/arch/x86/crypto/Makefile
+++ b/arch/x86/crypto/Makefile
@@ -12,6 +12,7 @@ obj-$(CONFIG_CRYPTO_AES_X86_64) += aes-x86_64.o
 obj-$(CONFIG_CRYPTO_TWOFISH_X86_64) += twofish-x86_64.o
 obj-$(CONFIG_CRYPTO_SALSA20_X86_64) += salsa20-x86_64.o
 obj-$(CONFIG_CRYPTO_AES_NI_INTEL) += aesni-intel.o
+obj-$(CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL) += ghash-clmulni-intel.o
 
 obj-$(CONFIG_CRYPTO_CRC32C_INTEL) += crc32c-intel.o
 
@@ -24,3 +25,5 @@ twofish-x86_64-y := twofish-x86_64-asm_64.o twofish_glue.o
 salsa20-x86_64-y := salsa20-x86_64-asm_64.o salsa20_glue.o
 
 aesni-intel-y := aesni-intel_asm.o aesni-intel_glue.o
+
+ghash-clmulni-intel-y := ghash-clmulni-intel_asm.o ghash-clmulni-intel_glue.o
diff --git a/arch/x86/crypto/aesni-intel_asm.S b/arch/x86/crypto/aesni-intel_asm.S
index eb0566e83319..20bb0e1ac681 100644
--- a/arch/x86/crypto/aesni-intel_asm.S
+++ b/arch/x86/crypto/aesni-intel_asm.S
@@ -16,6 +16,7 @@
  */
 
 #include <linux/linkage.h>
+#include <asm/inst.h>
 
 .text
 
@@ -122,103 +123,72 @@ ENTRY(aesni_set_key)
         movups 0x10(%rsi), %xmm2        # other user key
         movaps %xmm2, (%rcx)
         add $0x10, %rcx
-        # aeskeygenassist $0x1, %xmm2, %xmm1    # round 1
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x01
+        AESKEYGENASSIST 0x1 %xmm2 %xmm1         # round 1
         call _key_expansion_256a
-        # aeskeygenassist $0x1, %xmm0, %xmm1
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x01
+        AESKEYGENASSIST 0x1 %xmm0 %xmm1
         call _key_expansion_256b
-        # aeskeygenassist $0x2, %xmm2, %xmm1    # round 2
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x02
+        AESKEYGENASSIST 0x2 %xmm2 %xmm1         # round 2
         call _key_expansion_256a
-        # aeskeygenassist $0x2, %xmm0, %xmm1
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x02
+        AESKEYGENASSIST 0x2 %xmm0 %xmm1
         call _key_expansion_256b
-        # aeskeygenassist $0x4, %xmm2, %xmm1    # round 3
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x04
+        AESKEYGENASSIST 0x4 %xmm2 %xmm1         # round 3
         call _key_expansion_256a
-        # aeskeygenassist $0x4, %xmm0, %xmm1
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x04
+        AESKEYGENASSIST 0x4 %xmm0 %xmm1
         call _key_expansion_256b
-        # aeskeygenassist $0x8, %xmm2, %xmm1    # round 4
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x08
+        AESKEYGENASSIST 0x8 %xmm2 %xmm1         # round 4
         call _key_expansion_256a
-        # aeskeygenassist $0x8, %xmm0, %xmm1
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x08
+        AESKEYGENASSIST 0x8 %xmm0 %xmm1
         call _key_expansion_256b
-        # aeskeygenassist $0x10, %xmm2, %xmm1   # round 5
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x10
+        AESKEYGENASSIST 0x10 %xmm2 %xmm1        # round 5
         call _key_expansion_256a
-        # aeskeygenassist $0x10, %xmm0, %xmm1
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x10
+        AESKEYGENASSIST 0x10 %xmm0 %xmm1
         call _key_expansion_256b
-        # aeskeygenassist $0x20, %xmm2, %xmm1   # round 6
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x20
+        AESKEYGENASSIST 0x20 %xmm2 %xmm1        # round 6
         call _key_expansion_256a
-        # aeskeygenassist $0x20, %xmm0, %xmm1
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x20
+        AESKEYGENASSIST 0x20 %xmm0 %xmm1
         call _key_expansion_256b
-        # aeskeygenassist $0x40, %xmm2, %xmm1   # round 7
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x40
+        AESKEYGENASSIST 0x40 %xmm2 %xmm1        # round 7
         call _key_expansion_256a
         jmp .Ldec_key
 .Lenc_key192:
         movq 0x10(%rsi), %xmm2          # other user key
-        # aeskeygenassist $0x1, %xmm2, %xmm1    # round 1
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x01
+        AESKEYGENASSIST 0x1 %xmm2 %xmm1         # round 1
         call _key_expansion_192a
-        # aeskeygenassist $0x2, %xmm2, %xmm1    # round 2
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x02
+        AESKEYGENASSIST 0x2 %xmm2 %xmm1         # round 2
         call _key_expansion_192b
-        # aeskeygenassist $0x4, %xmm2, %xmm1    # round 3
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x04
+        AESKEYGENASSIST 0x4 %xmm2 %xmm1         # round 3
         call _key_expansion_192a
-        # aeskeygenassist $0x8, %xmm2, %xmm1    # round 4
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x08
+        AESKEYGENASSIST 0x8 %xmm2 %xmm1         # round 4
         call _key_expansion_192b
-        # aeskeygenassist $0x10, %xmm2, %xmm1   # round 5
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x10
+        AESKEYGENASSIST 0x10 %xmm2 %xmm1        # round 5
         call _key_expansion_192a
-        # aeskeygenassist $0x20, %xmm2, %xmm1   # round 6
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x20
+        AESKEYGENASSIST 0x20 %xmm2 %xmm1        # round 6
         call _key_expansion_192b
-        # aeskeygenassist $0x40, %xmm2, %xmm1   # round 7
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x40
+        AESKEYGENASSIST 0x40 %xmm2 %xmm1        # round 7
         call _key_expansion_192a
-        # aeskeygenassist $0x80, %xmm2, %xmm1   # round 8
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x80
+        AESKEYGENASSIST 0x80 %xmm2 %xmm1        # round 8
         call _key_expansion_192b
         jmp .Ldec_key
 .Lenc_key128:
-        # aeskeygenassist $0x1, %xmm0, %xmm1    # round 1
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x01
+        AESKEYGENASSIST 0x1 %xmm0 %xmm1         # round 1
         call _key_expansion_128
-        # aeskeygenassist $0x2, %xmm0, %xmm1    # round 2
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x02
+        AESKEYGENASSIST 0x2 %xmm0 %xmm1         # round 2
         call _key_expansion_128
-        # aeskeygenassist $0x4, %xmm0, %xmm1    # round 3
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x04
+        AESKEYGENASSIST 0x4 %xmm0 %xmm1         # round 3
         call _key_expansion_128
-        # aeskeygenassist $0x8, %xmm0, %xmm1    # round 4
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x08
+        AESKEYGENASSIST 0x8 %xmm0 %xmm1         # round 4
         call _key_expansion_128
-        # aeskeygenassist $0x10, %xmm0, %xmm1   # round 5
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x10
+        AESKEYGENASSIST 0x10 %xmm0 %xmm1        # round 5
         call _key_expansion_128
-        # aeskeygenassist $0x20, %xmm0, %xmm1   # round 6
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x20
+        AESKEYGENASSIST 0x20 %xmm0 %xmm1        # round 6
         call _key_expansion_128
-        # aeskeygenassist $0x40, %xmm0, %xmm1   # round 7
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x40
+        AESKEYGENASSIST 0x40 %xmm0 %xmm1        # round 7
         call _key_expansion_128
-        # aeskeygenassist $0x80, %xmm0, %xmm1   # round 8
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x80
+        AESKEYGENASSIST 0x80 %xmm0 %xmm1        # round 8
         call _key_expansion_128
-        # aeskeygenassist $0x1b, %xmm0, %xmm1   # round 9
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x1b
+        AESKEYGENASSIST 0x1b %xmm0 %xmm1        # round 9
         call _key_expansion_128
-        # aeskeygenassist $0x36, %xmm0, %xmm1   # round 10
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x36
+        AESKEYGENASSIST 0x36 %xmm0 %xmm1        # round 10
         call _key_expansion_128
 .Ldec_key:
         sub $0x10, %rcx
@@ -231,8 +201,7 @@ ENTRY(aesni_set_key)
 .align 4
 .Ldec_key_loop:
         movaps (%rdi), %xmm0
-        # aesimc %xmm0, %xmm1
-        .byte 0x66, 0x0f, 0x38, 0xdb, 0xc8
+        AESIMC %xmm0 %xmm1
         movaps %xmm1, (%rsi)
         add $0x10, %rdi
         sub $0x10, %rsi
@@ -274,51 +243,37 @@ _aesni_enc1:
         je .Lenc192
         add $0x20, TKEYP
         movaps -0x60(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps -0x50(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
 .align 4
 .Lenc192:
         movaps -0x40(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps -0x30(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
 .align 4
 .Lenc128:
         movaps -0x20(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps -0x10(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps (TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps 0x10(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps 0x20(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps 0x30(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps 0x40(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps 0x50(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps 0x60(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps 0x70(TKEYP), KEY
-        # aesenclast KEY, STATE # last round
-        .byte 0x66, 0x0f, 0x38, 0xdd, 0xc2
+        AESENCLAST KEY STATE
         ret
 
 /*
@@ -353,135 +308,79 @@ _aesni_enc4:
         je .L4enc192
         add $0x20, TKEYP
         movaps -0x60(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps -0x50(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
 #.align 4
 .L4enc192:
         movaps -0x40(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps -0x30(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
 #.align 4
 .L4enc128:
         movaps -0x20(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps -0x10(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps (TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps 0x10(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps 0x20(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps 0x30(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps 0x40(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps 0x50(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps 0x60(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps 0x70(TKEYP), KEY
-        # aesenclast KEY, STATE1        # last round
-        .byte 0x66, 0x0f, 0x38, 0xdd, 0xc2
-        # aesenclast KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdd, 0xe2
-        # aesenclast KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdd, 0xea
-        # aesenclast KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdd, 0xf2
+        AESENCLAST KEY STATE1           # last round
+        AESENCLAST KEY STATE2
+        AESENCLAST KEY STATE3
+        AESENCLAST KEY STATE4
         ret
 
 /*
@@ -518,51 +417,37 @@ _aesni_dec1:
         je .Ldec192
         add $0x20, TKEYP
         movaps -0x60(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps -0x50(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
 .align 4
 .Ldec192:
         movaps -0x40(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps -0x30(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
 .align 4
 .Ldec128:
         movaps -0x20(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps -0x10(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps (TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps 0x10(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps 0x20(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps 0x30(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps 0x40(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps 0x50(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps 0x60(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps 0x70(TKEYP), KEY
-        # aesdeclast KEY, STATE         # last round
-        .byte 0x66, 0x0f, 0x38, 0xdf, 0xc2
+        AESDECLAST KEY STATE
         ret
 
 /*
@@ -597,135 +482,79 @@ _aesni_dec4:
         je .L4dec192
         add $0x20, TKEYP
         movaps -0x60(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps -0x50(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
 .align 4
 .L4dec192:
         movaps -0x40(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps -0x30(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
 .align 4
 .L4dec128:
         movaps -0x20(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps -0x10(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps (TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps 0x10(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps 0x20(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps 0x30(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps 0x40(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps 0x50(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps 0x60(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps 0x70(TKEYP), KEY
-        # aesdeclast KEY, STATE1        # last round
-        .byte 0x66, 0x0f, 0x38, 0xdf, 0xc2
-        # aesdeclast KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdf, 0xe2
-        # aesdeclast KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdf, 0xea
-        # aesdeclast KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdf, 0xf2
+        AESDECLAST KEY STATE1           # last round
+        AESDECLAST KEY STATE2
+        AESDECLAST KEY STATE3
+        AESDECLAST KEY STATE4
         ret
 
 /*
diff --git a/arch/x86/crypto/ghash-clmulni-intel_asm.S b/arch/x86/crypto/ghash-clmulni-intel_asm.S
new file mode 100644
index 000000000000..1eb7f90cb7b9
--- /dev/null
+++ b/arch/x86/crypto/ghash-clmulni-intel_asm.S
@@ -0,0 +1,157 @@
+/*
+ * Accelerated GHASH implementation with Intel PCLMULQDQ-NI
+ * instructions. This file contains accelerated part of ghash
+ * implementation. More information about PCLMULQDQ can be found at:
+ *
+ * http://software.intel.com/en-us/articles/carry-less-multiplication-and-its-usage-for-computing-the-gcm-mode/
+ *
+ * Copyright (c) 2009 Intel Corp.
+ *   Author: Huang Ying <ying.huang@intel.com>
+ *           Vinodh Gopal
+ *           Erdinc Ozturk
+ *           Deniz Karakoyunlu
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 as published
+ * by the Free Software Foundation.
+ */
+
+#include <linux/linkage.h>
+#include <asm/inst.h>
+
+.data
+
+.align 16
+.Lbswap_mask:
+        .octa 0x000102030405060708090a0b0c0d0e0f
+.Lpoly:
+        .octa 0xc2000000000000000000000000000001
+.Ltwo_one:
+        .octa 0x00000001000000000000000000000001
+
+#define DATA    %xmm0
+#define SHASH   %xmm1
+#define T1      %xmm2
+#define T2      %xmm3
+#define T3      %xmm4
+#define BSWAP   %xmm5
+#define IN1     %xmm6
+
+.text
+
+/*
+ * __clmul_gf128mul_ble:        internal ABI
+ * input:
+ *      DATA:                   operand1
+ *      SHASH:                  operand2, hash_key << 1 mod poly
+ * output:
+ *      DATA:                   operand1 * operand2 mod poly
+ * changed:
+ *      T1
+ *      T2
+ *      T3
+ */
+__clmul_gf128mul_ble:
+        movaps DATA, T1
+        pshufd $0b01001110, DATA, T2
+        pshufd $0b01001110, SHASH, T3
+        pxor DATA, T2
+        pxor SHASH, T3
+
+        PCLMULQDQ 0x00 SHASH DATA       # DATA = a0 * b0
+        PCLMULQDQ 0x11 SHASH T1         # T1 = a1 * b1
+        PCLMULQDQ 0x00 T3 T2            # T2 = (a1 + a0) * (b1 + b0)
+        pxor DATA, T2
+        pxor T1, T2                     # T2 = a0 * b1 + a1 * b0
+
+        movaps T2, T3
+        pslldq $8, T3
+        psrldq $8, T2
+        pxor T3, DATA
+        pxor T2, T1                     # <T1:DATA> is result of
+                                        # carry-less multiplication
+
+        # first phase of the reduction
+        movaps DATA, T3
+        psllq $1, T3
+        pxor DATA, T3
+        psllq $5, T3
+        pxor DATA, T3
+        psllq $57, T3
+        movaps T3, T2
+        pslldq $8, T2
+        psrldq $8, T3
+        pxor T2, DATA
+        pxor T3, T1
+
+        # second phase of the reduction
+        movaps DATA, T2
+        psrlq $5, T2
+        pxor DATA, T2
+        psrlq $1, T2
+        pxor DATA, T2
+        psrlq $1, T2
+        pxor T2, T1
+        pxor T1, DATA
+        ret
+
+/* void clmul_ghash_mul(char *dst, const be128 *shash) */
+ENTRY(clmul_ghash_mul)
+        movups (%rdi), DATA
+        movups (%rsi), SHASH
+        movaps .Lbswap_mask, BSWAP
+        PSHUFB_XMM BSWAP DATA
+        call __clmul_gf128mul_ble
+        PSHUFB_XMM BSWAP DATA
+        movups DATA, (%rdi)
+        ret
+
+/*
+ * void clmul_ghash_update(char *dst, const char *src, unsigned int srclen,
+ *                         const be128 *shash);
+ */
+ENTRY(clmul_ghash_update)
+        cmp $16, %rdx
+        jb .Lupdate_just_ret    # check length
+        movaps .Lbswap_mask, BSWAP
+        movups (%rdi), DATA
+        movups (%rcx), SHASH
+        PSHUFB_XMM BSWAP DATA
+.align 4
+.Lupdate_loop:
+        movups (%rsi), IN1
+        PSHUFB_XMM BSWAP IN1
+        pxor IN1, DATA
+        call __clmul_gf128mul_ble
+        sub $16, %rdx
+        add $16, %rsi
+        cmp $16, %rdx
+        jge .Lupdate_loop
+        PSHUFB_XMM BSWAP DATA
+        movups DATA, (%rdi)
+.Lupdate_just_ret:
+        ret
+
+/*
+ * void clmul_ghash_setkey(be128 *shash, const u8 *key);
+ *
+ * Calculate hash_key << 1 mod poly
+ */
+ENTRY(clmul_ghash_setkey)
+        movaps .Lbswap_mask, BSWAP
+        movups (%rsi), %xmm0
+        PSHUFB_XMM BSWAP %xmm0
+        movaps %xmm0, %xmm1
+        psllq $1, %xmm0
+        psrlq $63, %xmm1
+        movaps %xmm1, %xmm2
+        pslldq $8, %xmm1
+        psrldq $8, %xmm2
+        por %xmm1, %xmm0
+        # reduction
+        pshufd $0b00100100, %xmm2, %xmm1
+        pcmpeqd .Ltwo_one, %xmm1
+        pand .Lpoly, %xmm1
+        pxor %xmm1, %xmm0
+        movups %xmm0, (%rdi)
+        ret
diff --git a/arch/x86/crypto/ghash-clmulni-intel_glue.c b/arch/x86/crypto/ghash-clmulni-intel_glue.c
new file mode 100644
index 000000000000..cbcc8d8ea93a
--- /dev/null
+++ b/arch/x86/crypto/ghash-clmulni-intel_glue.c
@@ -0,0 +1,333 @@
+/*
+ * Accelerated GHASH implementation with Intel PCLMULQDQ-NI
+ * instructions. This file contains glue code.
+ *
+ * Copyright (c) 2009 Intel Corp.
+ *   Author: Huang Ying <ying.huang@intel.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 as published
+ * by the Free Software Foundation.
+ */
+
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/crypto.h>
+#include <crypto/algapi.h>
+#include <crypto/cryptd.h>
+#include <crypto/gf128mul.h>
+#include <crypto/internal/hash.h>
+#include <asm/i387.h>
+
+#define GHASH_BLOCK_SIZE        16
+#define GHASH_DIGEST_SIZE       16
+
+void clmul_ghash_mul(char *dst, const be128 *shash);
+
+void clmul_ghash_update(char *dst, const char *src, unsigned int srclen,
+                        const be128 *shash);
+
+void clmul_ghash_setkey(be128 *shash, const u8 *key);
+
+struct ghash_async_ctx {
+        struct cryptd_ahash *cryptd_tfm;
+};
+
+struct ghash_ctx {
+        be128 shash;
+};
+
+struct ghash_desc_ctx {
+        u8 buffer[GHASH_BLOCK_SIZE];
+        u32 bytes;
+};
+
+static int ghash_init(struct shash_desc *desc)
+{
+        struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
+
+        memset(dctx, 0, sizeof(*dctx));
+
+        return 0;
+}
+
+static int ghash_setkey(struct crypto_shash *tfm,
+                        const u8 *key, unsigned int keylen)
+{
+        struct ghash_ctx *ctx = crypto_shash_ctx(tfm);
+
+        if (keylen != GHASH_BLOCK_SIZE) {
+                crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
+                return -EINVAL;
+        }
+
+        clmul_ghash_setkey(&ctx->shash, key);
+
+        return 0;
+}
+
+static int ghash_update(struct shash_desc *desc,
+                         const u8 *src, unsigned int srclen)
+{
+        struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
+        struct ghash_ctx *ctx = crypto_shash_ctx(desc->tfm);
+        u8 *dst = dctx->buffer;
+
+        kernel_fpu_begin();
+        if (dctx->bytes) {
+                int n = min(srclen, dctx->bytes);
+                u8 *pos = dst + (GHASH_BLOCK_SIZE - dctx->bytes);
+
+                dctx->bytes -= n;
+                srclen -= n;
+
+                while (n--)
+                        *pos++ ^= *src++;
+
+                if (!dctx->bytes)
+                        clmul_ghash_mul(dst, &ctx->shash);
+        }
+
+        clmul_ghash_update(dst, src, srclen, &ctx->shash);
+        kernel_fpu_end();
+
+        if (srclen & 0xf) {
+                src += srclen - (srclen & 0xf);
+                srclen &= 0xf;
+                dctx->bytes = GHASH_BLOCK_SIZE - srclen;
+                while (srclen--)
+                        *dst++ ^= *src++;
+        }
+
+        return 0;
+}
+
+static void ghash_flush(struct ghash_ctx *ctx, struct ghash_desc_ctx *dctx)
+{
+        u8 *dst = dctx->buffer;
+
+        if (dctx->bytes) {
+                u8 *tmp = dst + (GHASH_BLOCK_SIZE - dctx->bytes);
+
+                while (dctx->bytes--)
+                        *tmp++ ^= 0;
+
+                kernel_fpu_begin();
+                clmul_ghash_mul(dst, &ctx->shash);
+                kernel_fpu_end();
+        }
+
+        dctx->bytes = 0;
+}
+
+static int ghash_final(struct shash_desc *desc, u8 *dst)
+{
+        struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
+        struct ghash_ctx *ctx = crypto_shash_ctx(desc->tfm);
+        u8 *buf = dctx->buffer;
+
+        ghash_flush(ctx, dctx);
+        memcpy(dst, buf, GHASH_BLOCK_SIZE);
+
+        return 0;
+}
+
+static struct shash_alg ghash_alg = {
+        .digestsize     = GHASH_DIGEST_SIZE,
+        .init           = ghash_init,
+        .update         = ghash_update,
+        .final          = ghash_final,
+        .setkey         = ghash_setkey,
+        .descsize       = sizeof(struct ghash_desc_ctx),
+        .base           = {
+                .cra_name               = "__ghash",
+                .cra_driver_name        = "__ghash-pclmulqdqni",
+                .cra_priority           = 0,
+                .cra_flags              = CRYPTO_ALG_TYPE_SHASH,
+                .cra_blocksize          = GHASH_BLOCK_SIZE,
+                .cra_ctxsize            = sizeof(struct ghash_ctx),
+                .cra_module             = THIS_MODULE,
+                .cra_list               = LIST_HEAD_INIT(ghash_alg.base.cra_list),
+        },
+};
+
+static int ghash_async_init(struct ahash_request *req)
+{
+        struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
+        struct ghash_async_ctx *ctx = crypto_ahash_ctx(tfm);
+        struct ahash_request *cryptd_req = ahash_request_ctx(req);
+        struct cryptd_ahash *cryptd_tfm = ctx->cryptd_tfm;
+
+        if (!irq_fpu_usable()) {
+                memcpy(cryptd_req, req, sizeof(*req));
+                ahash_request_set_tfm(cryptd_req, &cryptd_tfm->base);
+                return crypto_ahash_init(cryptd_req);
+        } else {
+                struct shash_desc *desc = cryptd_shash_desc(cryptd_req);
+                struct crypto_shash *child = cryptd_ahash_child(cryptd_tfm);
+
+                desc->tfm = child;
+                desc->flags = req->base.flags;
+                return crypto_shash_init(desc);
+        }
+}
+
+static int ghash_async_update(struct ahash_request *req)
+{
+        struct ahash_request *cryptd_req = ahash_request_ctx(req);
+
+        if (!irq_fpu_usable()) {
+                struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
+                struct ghash_async_ctx *ctx = crypto_ahash_ctx(tfm);
+                struct cryptd_ahash *cryptd_tfm = ctx->cryptd_tfm;
+
+                memcpy(cryptd_req, req, sizeof(*req));
+                ahash_request_set_tfm(cryptd_req, &cryptd_tfm->base);
+                return crypto_ahash_update(cryptd_req);
+        } else {
+                struct shash_desc *desc = cryptd_shash_desc(cryptd_req);
+                return shash_ahash_update(req, desc);
+        }
+}
+
+static int ghash_async_final(struct ahash_request *req)
+{
+        struct ahash_request *cryptd_req = ahash_request_ctx(req);
+
+        if (!irq_fpu_usable()) {
+                struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
+                struct ghash_async_ctx *ctx = crypto_ahash_ctx(tfm);
+                struct cryptd_ahash *cryptd_tfm = ctx->cryptd_tfm;
+
+                memcpy(cryptd_req, req, sizeof(*req));
+                ahash_request_set_tfm(cryptd_req, &cryptd_tfm->base);
+                return crypto_ahash_final(cryptd_req);
+        } else {
+                struct shash_desc *desc = cryptd_shash_desc(cryptd_req);
+                return crypto_shash_final(desc, req->result);
+        }
+}
+
+static int ghash_async_digest(struct ahash_request *req)
+{
+        struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
+        struct ghash_async_ctx *ctx = crypto_ahash_ctx(tfm);
+        struct ahash_request *cryptd_req = ahash_request_ctx(req);
+        struct cryptd_ahash *cryptd_tfm = ctx->cryptd_tfm;
+
+        if (!irq_fpu_usable()) {
+                memcpy(cryptd_req, req, sizeof(*req));
+                ahash_request_set_tfm(cryptd_req, &cryptd_tfm->base);
+                return crypto_ahash_digest(cryptd_req);
+        } else {
+                struct shash_desc *desc = cryptd_shash_desc(cryptd_req);
+                struct crypto_shash *child = cryptd_ahash_child(cryptd_tfm);
+
+                desc->tfm = child;
+                desc->flags = req->base.flags;
+                return shash_ahash_digest(req, desc);
+        }
+}
+
+static int ghash_async_setkey(struct crypto_ahash *tfm, const u8 *key,
+                              unsigned int keylen)
+{
+        struct ghash_async_ctx *ctx = crypto_ahash_ctx(tfm);
+        struct crypto_ahash *child = &ctx->cryptd_tfm->base;
+        int err;
+
+        crypto_ahash_clear_flags(child, CRYPTO_TFM_REQ_MASK);
+        crypto_ahash_set_flags(child, crypto_ahash_get_flags(tfm)
+                               & CRYPTO_TFM_REQ_MASK);
+        err = crypto_ahash_setkey(child, key, keylen);
+        crypto_ahash_set_flags(tfm, crypto_ahash_get_flags(child)
+                               & CRYPTO_TFM_RES_MASK);
+
+        return 0;
+}
+
+static int ghash_async_init_tfm(struct crypto_tfm *tfm)
+{
+        struct cryptd_ahash *cryptd_tfm;
+        struct ghash_async_ctx *ctx = crypto_tfm_ctx(tfm);
+
+        cryptd_tfm = cryptd_alloc_ahash("__ghash-pclmulqdqni", 0, 0);
+        if (IS_ERR(cryptd_tfm))
+                return PTR_ERR(cryptd_tfm);
+        ctx->cryptd_tfm = cryptd_tfm;
+        crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
+                                 sizeof(struct ahash_request) +
+                                 crypto_ahash_reqsize(&cryptd_tfm->base));
+
+        return 0;
+}
+
+static void ghash_async_exit_tfm(struct crypto_tfm *tfm)
+{
+        struct ghash_async_ctx *ctx = crypto_tfm_ctx(tfm);
+
+        cryptd_free_ahash(ctx->cryptd_tfm);
+}
+
+static struct ahash_alg ghash_async_alg = {
+        .init           = ghash_async_init,
+        .update         = ghash_async_update,
+        .final          = ghash_async_final,
+        .setkey         = ghash_async_setkey,
+        .digest         = ghash_async_digest,
+        .halg = {
+                .digestsize     = GHASH_DIGEST_SIZE,
+                .base = {
+                        .cra_name               = "ghash",
+                        .cra_driver_name        = "ghash-clmulni",
+                        .cra_priority           = 400,
+                        .cra_flags              = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_ASYNC,
+                        .cra_blocksize          = GHASH_BLOCK_SIZE,
+                        .cra_type               = &crypto_ahash_type,
+                        .cra_module             = THIS_MODULE,
+                        .cra_list               = LIST_HEAD_INIT(ghash_async_alg.halg.base.cra_list),
+                        .cra_init               = ghash_async_init_tfm,
+                        .cra_exit               = ghash_async_exit_tfm,
+                },
+        },
+};
+
+static int __init ghash_pclmulqdqni_mod_init(void)
+{
+        int err;
+
+        if (!cpu_has_pclmulqdq) {
+                printk(KERN_INFO "Intel PCLMULQDQ-NI instructions are not"
+                       " detected.\n");
+                return -ENODEV;
+        }
+
+        err = crypto_register_shash(&ghash_alg);
+        if (err)
+                goto err_out;
+        err = crypto_register_ahash(&ghash_async_alg);
+        if (err)
+                goto err_shash;
+
+        return 0;
+
+err_shash:
+        crypto_unregister_shash(&ghash_alg);
+err_out:
+        return err;
+}
+
+static void __exit ghash_pclmulqdqni_mod_exit(void)
+{
+        crypto_unregister_ahash(&ghash_async_alg);
+        crypto_unregister_shash(&ghash_alg);
+}
+
+module_init(ghash_pclmulqdqni_mod_init);
+module_exit(ghash_pclmulqdqni_mod_exit);
+
+MODULE_LICENSE("GPL");
+MODULE_DESCRIPTION("GHASH Message Digest Algorithm, "
+                   "acclerated by PCLMULQDQ-NI");
+MODULE_ALIAS("ghash");
diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
index 581b0568fe19..4eefdca9832b 100644
--- a/arch/x86/ia32/ia32entry.S
+++ b/arch/x86/ia32/ia32entry.S
@@ -653,7 +653,7 @@ ia32_sys_call_table:
         .quad compat_sys_writev
         .quad sys_getsid
         .quad sys_fdatasync
-        .quad sys32_sysctl      /* sysctl */
+        .quad compat_sys_sysctl /* sysctl */
         .quad sys_mlock         /* 150 */
         .quad sys_munlock
         .quad sys_mlockall
@@ -841,4 +841,5 @@ ia32_sys_call_table:
         .quad compat_sys_pwritev
         .quad compat_sys_rt_tgsigqueueinfo      /* 335 */
         .quad sys_perf_event_open
+        .quad compat_sys_recvmmsg
 ia32_syscall_end:
diff --git a/arch/x86/ia32/sys_ia32.c b/arch/x86/ia32/sys_ia32.c
index 9f5527198825..df82c0e48ded 100644
--- a/arch/x86/ia32/sys_ia32.c
+++ b/arch/x86/ia32/sys_ia32.c
@@ -434,62 +434,6 @@ asmlinkage long sys32_rt_sigqueueinfo(int pid, int sig,
         return ret;
 }
 
-#ifdef CONFIG_SYSCTL_SYSCALL
-struct sysctl_ia32 {
-        unsigned int    name;
-        int             nlen;
-        unsigned int    oldval;
-        unsigned int    oldlenp;
-        unsigned int    newval;
-        unsigned int    newlen;
-        unsigned int    __unused[4];
-};
-
-
-asmlinkage long sys32_sysctl(struct sysctl_ia32 __user *args32)
-{
-        struct sysctl_ia32 a32;
-        mm_segment_t old_fs = get_fs();
-        void __user *oldvalp, *newvalp;
-        size_t oldlen;
-        int __user *namep;
-        long ret;
-
-        if (copy_from_user(&a32, args32, sizeof(a32)))
-                return -EFAULT;
-
-        /*
-         * We need to pre-validate these because we have to disable
-         * address checking before calling do_sysctl() because of
-         * OLDLEN but we can't run the risk of the user specifying bad
-         * addresses here.  Well, since we're dealing with 32 bit
-         * addresses, we KNOW that access_ok() will always succeed, so
-         * this is an expensive NOP, but so what...
-         */
-        namep = compat_ptr(a32.name);
-        oldvalp = compat_ptr(a32.oldval);
-        newvalp =  compat_ptr(a32.newval);
-
-        if ((oldvalp && get_user(oldlen, (int __user *)compat_ptr(a32.oldlenp)))
-            || !access_ok(VERIFY_WRITE, namep, 0)
-            || !access_ok(VERIFY_WRITE, oldvalp, 0)
-            || !access_ok(VERIFY_WRITE, newvalp, 0))
-                return -EFAULT;
-
-        set_fs(KERNEL_DS);
-        lock_kernel();
-        ret = do_sysctl(namep, a32.nlen, oldvalp, (size_t __user *)&oldlen,
-                        newvalp, (size_t) a32.newlen);
-        unlock_kernel();
-        set_fs(old_fs);
-
-        if (oldvalp && put_user(oldlen, (int __user *)compat_ptr(a32.oldlenp)))
-                return -EFAULT;
-
-        return ret;
-}
-#endif
-
 /* warning: next two assume little endian */
 asmlinkage long sys32_pread(unsigned int fd, char __user *ubuf, u32 count,
                             u32 poslo, u32 poshi)
diff --git a/arch/x86/include/asm/acpi.h b/arch/x86/include/asm/acpi.h
index 4518dc500903..60d2b2db0bc5 100644
--- a/arch/x86/include/asm/acpi.h
+++ b/arch/x86/include/asm/acpi.h
@@ -118,7 +118,7 @@ extern void acpi_restore_state_mem(void);
 extern unsigned long acpi_wakeup_address;
 
 /* early initialization routine */
-extern void acpi_reserve_bootmem(void);
+extern void acpi_reserve_wakeup_memory(void);
 
 /*
  * Check if the CPU can handle C2 and deeper
@@ -158,6 +158,7 @@ struct bootnode;
 
 #ifdef CONFIG_ACPI_NUMA
 extern int acpi_numa;
+extern int acpi_get_nodes(struct bootnode *physnodes);
 extern int acpi_scan_nodes(unsigned long start, unsigned long end);
 #define NR_NODE_MEMBLKS (MAX_NUMNODES*2)
 extern void acpi_fake_nodes(const struct bootnode *fake_nodes,
diff --git a/arch/x86/include/asm/cache.h b/arch/x86/include/asm/cache.h
index 549860d3be8f..2f9047cfaaca 100644
--- a/arch/x86/include/asm/cache.h
+++ b/arch/x86/include/asm/cache.h
@@ -9,12 +9,13 @@
 
 #define __read_mostly __attribute__((__section__(".data.read_mostly")))
 
+#define INTERNODE_CACHE_SHIFT CONFIG_X86_INTERNODE_CACHE_SHIFT
+#define INTERNODE_CACHE_BYTES (1 << INTERNODE_CACHE_SHIFT)
+
 #ifdef CONFIG_X86_VSMP
-/* vSMP Internode cacheline shift */
-#define INTERNODE_CACHE_SHIFT (12)
 #ifdef CONFIG_SMP
 #define __cacheline_aligned_in_smp                                      \
-        __attribute__((__aligned__(1 << (INTERNODE_CACHE_SHIFT))))      \
+        __attribute__((__aligned__(INTERNODE_CACHE_BYTES)))             \
         __page_aligned_data
 #endif
 #endif
diff --git a/arch/x86/include/asm/cacheflush.h b/arch/x86/include/asm/cacheflush.h
index b54f6afe7ec4..634c40a739a6 100644
--- a/arch/x86/include/asm/cacheflush.h
+++ b/arch/x86/include/asm/cacheflush.h
@@ -12,6 +12,7 @@ static inline void flush_cache_range(struct vm_area_struct *vma,
                                      unsigned long start, unsigned long end) { }
 static inline void flush_cache_page(struct vm_area_struct *vma,
                                     unsigned long vmaddr, unsigned long pfn) { }
+#define ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE 0
 static inline void flush_dcache_page(struct page *page) { }
 static inline void flush_dcache_mmap_lock(struct address_space *mapping) { }
 static inline void flush_dcache_mmap_unlock(struct address_space *mapping) { }
@@ -176,6 +177,7 @@ void clflush_cache_range(void *addr, unsigned int size);
 #ifdef CONFIG_DEBUG_RODATA
 void mark_rodata_ro(void);
 extern const int rodata_test_data;
+extern int kernel_set_to_readonly;
 void set_kernel_text_rw(void);
 void set_kernel_text_ro(void);
 #else
diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h
index 9cfc88b97742..613700f27a4a 100644
--- a/arch/x86/include/asm/cpufeature.h
+++ b/arch/x86/include/asm/cpufeature.h
@@ -248,6 +248,7 @@ extern const char * const x86_power_flags[32];
 #define cpu_has_x2apic          boot_cpu_has(X86_FEATURE_X2APIC)
 #define cpu_has_xsave           boot_cpu_has(X86_FEATURE_XSAVE)
 #define cpu_has_hypervisor      boot_cpu_has(X86_FEATURE_HYPERVISOR)
+#define cpu_has_pclmulqdq       boot_cpu_has(X86_FEATURE_PCLMULQDQ)
 
 #if defined(CONFIG_X86_INVLPG) || defined(CONFIG_X86_64)
 # define cpu_has_invlpg         1
diff --git a/arch/x86/include/asm/e820.h b/arch/x86/include/asm/e820.h
index 40b4e614fe71..761249e396fe 100644
--- a/arch/x86/include/asm/e820.h
+++ b/arch/x86/include/asm/e820.h
@@ -61,6 +61,12 @@ struct e820map {
         struct e820entry map[E820_X_MAX];
 };
 
+#define ISA_START_ADDRESS       0xa0000
+#define ISA_END_ADDRESS         0x100000
+
+#define BIOS_BEGIN              0x000a0000
+#define BIOS_END                0x00100000
+
 #ifdef __KERNEL__
 /* see comment in arch/x86/kernel/e820.c */
 extern struct e820map e820;
@@ -126,15 +132,18 @@ extern void e820_reserve_resources(void);
 extern void e820_reserve_resources_late(void);
 extern void setup_memory_map(void);
 extern char *default_machine_specific_memory_setup(void);
-#endif /* __KERNEL__ */
-#endif /* __ASSEMBLY__ */
 
-#define ISA_START_ADDRESS       0xa0000
-#define ISA_END_ADDRESS         0x100000
-#define is_ISA_range(s, e) ((s) >= ISA_START_ADDRESS && (e) < ISA_END_ADDRESS)
+/*
+ * Returns true iff the specified range [s,e) is completely contained inside
+ * the ISA region.
+ */
+static inline bool is_ISA_range(u64 s, u64 e)
+{
+        return s >= ISA_START_ADDRESS && e <= ISA_END_ADDRESS;
+}
 
-#define BIOS_BEGIN              0x000a0000
-#define BIOS_END                0x00100000
+#endif /* __KERNEL__ */
+#endif /* __ASSEMBLY__ */
 
 #ifdef __KERNEL__
 #include <linux/ioport.h>
diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h
index 456a304b8172..8a024babe5e6 100644
--- a/arch/x86/include/asm/elf.h
+++ b/arch/x86/include/asm/elf.h
@@ -157,19 +157,6 @@ do {						\
 
 #define compat_elf_check_arch(x)        elf_check_arch_ia32(x)
 
-static inline void start_ia32_thread(struct pt_regs *regs, u32 ip, u32 sp)
-{
-        loadsegment(fs, 0);
-        loadsegment(ds, __USER32_DS);
-        loadsegment(es, __USER32_DS);
-        load_gs_index(0);
-        regs->ip = ip;
-        regs->sp = sp;
-        regs->flags = X86_EFLAGS_IF;
-        regs->cs = __USER32_CS;
-        regs->ss = __USER32_DS;
-}
-
 static inline void elf_common_init(struct thread_struct *t,
                                    struct pt_regs *regs, const u16 ds)
 {
@@ -191,11 +178,8 @@ do {							\
 #define COMPAT_ELF_PLAT_INIT(regs, load_addr)           \
         elf_common_init(&current->thread, regs, __USER_DS)
 
-#define compat_start_thread(regs, ip, sp)               \
-do {                                                    \
-        start_ia32_thread(regs, ip, sp);                \
-        set_fs(USER_DS);                                \
-} while (0)
+void start_thread_ia32(struct pt_regs *regs, u32 new_ip, u32 new_sp);
+#define compat_start_thread start_thread_ia32
 
 #define COMPAT_SET_PERSONALITY(ex)                      \
 do {                                                    \
diff --git a/arch/x86/include/asm/entry_arch.h b/arch/x86/include/asm/entry_arch.h
index f5693c81a1db..8e8ec663a98f 100644
--- a/arch/x86/include/asm/entry_arch.h
+++ b/arch/x86/include/asm/entry_arch.h
@@ -34,7 +34,7 @@ BUILD_INTERRUPT3(invalidate_interrupt7,INVALIDATE_TLB_VECTOR_START+7,
                  smp_invalidate_interrupt)
 #endif
 
-BUILD_INTERRUPT(generic_interrupt, GENERIC_INTERRUPT_VECTOR)
+BUILD_INTERRUPT(x86_platform_ipi, X86_PLATFORM_IPI_VECTOR)
 
 /*
  * every pentium local APIC has two 'local interrupts', with a
diff --git a/arch/x86/include/asm/hardirq.h b/arch/x86/include/asm/hardirq.h
index 108eb6fd1ae7..0f8576427cfe 100644
--- a/arch/x86/include/asm/hardirq.h
+++ b/arch/x86/include/asm/hardirq.h
@@ -12,7 +12,7 @@ typedef struct {
         unsigned int apic_timer_irqs;   /* arch dependent */
         unsigned int irq_spurious_count;
 #endif
-        unsigned int generic_irqs;      /* arch dependent */
+        unsigned int x86_platform_ipis; /* arch dependent */
         unsigned int apic_perf_irqs;
         unsigned int apic_pending_irqs;
 #ifdef CONFIG_SMP
diff --git a/arch/x86/include/asm/hpet.h b/arch/x86/include/asm/hpet.h
index 1c22cb05ad6a..5d89fd2a3690 100644
--- a/arch/x86/include/asm/hpet.h
+++ b/arch/x86/include/asm/hpet.h
@@ -65,11 +65,12 @@
 /* hpet memory map physical address */
 extern unsigned long hpet_address;
 extern unsigned long force_hpet_address;
+extern u8 hpet_blockid;
 extern int hpet_force_user;
 extern int is_hpet_enabled(void);
 extern int hpet_enable(void);
 extern void hpet_disable(void);
-extern unsigned long hpet_readl(unsigned long a);
+extern unsigned int hpet_readl(unsigned int a);
 extern void force_hpet_resume(void);
 
 extern void hpet_msi_unmask(unsigned int irq);
@@ -78,9 +79,9 @@ extern void hpet_msi_write(unsigned int irq, struct msi_msg *msg);
 extern void hpet_msi_read(unsigned int irq, struct msi_msg *msg);
 
 #ifdef CONFIG_PCI_MSI
-extern int arch_setup_hpet_msi(unsigned int irq);
+extern int arch_setup_hpet_msi(unsigned int irq, unsigned int id);
 #else
-static inline int arch_setup_hpet_msi(unsigned int irq)
+static inline int arch_setup_hpet_msi(unsigned int irq, unsigned int id)
 {
         return -EINVAL;
 }
diff --git a/arch/x86/include/asm/hw_irq.h b/arch/x86/include/asm/hw_irq.h
index 6e124269fd4b..08c48a81841f 100644
--- a/arch/x86/include/asm/hw_irq.h
+++ b/arch/x86/include/asm/hw_irq.h
@@ -27,7 +27,7 @@
 
 /* Interrupt handlers registered during init_IRQ */
 extern void apic_timer_interrupt(void);
-extern void generic_interrupt(void);
+extern void x86_platform_ipi(void);
 extern void error_interrupt(void);
 extern void perf_pending_interrupt(void);
 
@@ -119,7 +119,7 @@ extern void eisa_set_level_irq(unsigned int irq);
 /* SMP */
 extern void smp_apic_timer_interrupt(struct pt_regs *);
 extern void smp_spurious_interrupt(struct pt_regs *);
-extern void smp_generic_interrupt(struct pt_regs *);
+extern void smp_x86_platform_ipi(struct pt_regs *);
 extern void smp_error_interrupt(struct pt_regs *);
 #ifdef CONFIG_X86_IO_APIC
 extern asmlinkage void smp_irq_move_cleanup_interrupt(void);
diff --git a/arch/x86/include/asm/i387.h b/arch/x86/include/asm/i387.h
index 0b20bbb758f2..ebfb8a9e11f7 100644
--- a/arch/x86/include/asm/i387.h
+++ b/arch/x86/include/asm/i387.h
@@ -10,6 +10,8 @@
 #ifndef _ASM_X86_I387_H
 #define _ASM_X86_I387_H
 
+#ifndef __ASSEMBLY__
+
 #include <linux/sched.h>
 #include <linux/kernel_stat.h>
 #include <linux/regset.h>
@@ -411,4 +413,9 @@ static inline unsigned short get_fpu_mxcsr(struct task_struct *tsk)
         }
 }
 
+#endif /* __ASSEMBLY__ */
+
+#define PSHUFB_XMM5_XMM0 .byte 0x66, 0x0f, 0x38, 0x00, 0xc5
+#define PSHUFB_XMM5_XMM6 .byte 0x66, 0x0f, 0x38, 0x00, 0xf5
+
 #endif /* _ASM_X86_I387_H */
diff --git a/arch/x86/include/asm/inst.h b/arch/x86/include/asm/inst.h
new file mode 100644
index 000000000000..14cf526091f9
--- /dev/null
+++ b/arch/x86/include/asm/inst.h
@@ -0,0 +1,150 @@
+/*
+ * Generate .byte code for some instructions not supported by old
+ * binutils.
+ */
+#ifndef X86_ASM_INST_H
+#define X86_ASM_INST_H
+
+#ifdef __ASSEMBLY__
+
+        .macro XMM_NUM opd xmm
+        .ifc \xmm,%xmm0
+        \opd = 0
+        .endif
+        .ifc \xmm,%xmm1
+        \opd = 1
+        .endif
+        .ifc \xmm,%xmm2
+        \opd = 2
+        .endif
+        .ifc \xmm,%xmm3
+        \opd = 3
+        .endif
+        .ifc \xmm,%xmm4
+        \opd = 4
+        .endif
+        .ifc \xmm,%xmm5
+        \opd = 5
+        .endif
+        .ifc \xmm,%xmm6
+        \opd = 6
+        .endif
+        .ifc \xmm,%xmm7
+        \opd = 7
+        .endif
+        .ifc \xmm,%xmm8
+        \opd = 8
+        .endif
+        .ifc \xmm,%xmm9
+        \opd = 9
+        .endif
+        .ifc \xmm,%xmm10
+        \opd = 10
+        .endif
+        .ifc \xmm,%xmm11
+        \opd = 11
+        .endif
+        .ifc \xmm,%xmm12
+        \opd = 12
+        .endif
+        .ifc \xmm,%xmm13
+        \opd = 13
+        .endif
+        .ifc \xmm,%xmm14
+        \opd = 14
+        .endif
+        .ifc \xmm,%xmm15
+        \opd = 15
+        .endif
+        .endm
+
+        .macro PFX_OPD_SIZE
+        .byte 0x66
+        .endm
+
+        .macro PFX_REX opd1 opd2
+        .if (\opd1 | \opd2) & 8
+        .byte 0x40 | ((\opd1 & 8) >> 3) | ((\opd2 & 8) >> 1)
+        .endif
+        .endm
+
+        .macro MODRM mod opd1 opd2
+        .byte \mod | (\opd1 & 7) | ((\opd2 & 7) << 3)
+        .endm
+
+        .macro PSHUFB_XMM xmm1 xmm2
+        XMM_NUM pshufb_opd1 \xmm1
+        XMM_NUM pshufb_opd2 \xmm2
+        PFX_OPD_SIZE
+        PFX_REX pshufb_opd1 pshufb_opd2
+        .byte 0x0f, 0x38, 0x00
+        MODRM 0xc0 pshufb_opd1 pshufb_opd2
+        .endm
+
+        .macro PCLMULQDQ imm8 xmm1 xmm2
+        XMM_NUM clmul_opd1 \xmm1
+        XMM_NUM clmul_opd2 \xmm2
+        PFX_OPD_SIZE
+        PFX_REX clmul_opd1 clmul_opd2
+        .byte 0x0f, 0x3a, 0x44
+        MODRM 0xc0 clmul_opd1 clmul_opd2
+        .byte \imm8
+        .endm
+
+        .macro AESKEYGENASSIST rcon xmm1 xmm2
+        XMM_NUM aeskeygen_opd1 \xmm1
+        XMM_NUM aeskeygen_opd2 \xmm2
+        PFX_OPD_SIZE
+        PFX_REX aeskeygen_opd1 aeskeygen_opd2
+        .byte 0x0f, 0x3a, 0xdf
+        MODRM 0xc0 aeskeygen_opd1 aeskeygen_opd2
+        .byte \rcon
+        .endm
+
+        .macro AESIMC xmm1 xmm2
+        XMM_NUM aesimc_opd1 \xmm1
+        XMM_NUM aesimc_opd2 \xmm2
+        PFX_OPD_SIZE
+        PFX_REX aesimc_opd1 aesimc_opd2
+        .byte 0x0f, 0x38, 0xdb
+        MODRM 0xc0 aesimc_opd1 aesimc_opd2
+        .endm
+
+        .macro AESENC xmm1 xmm2
+        XMM_NUM aesenc_opd1 \xmm1
+        XMM_NUM aesenc_opd2 \xmm2
+        PFX_OPD_SIZE
+        PFX_REX aesenc_opd1 aesenc_opd2
+        .byte 0x0f, 0x38, 0xdc
+        MODRM 0xc0 aesenc_opd1 aesenc_opd2
+        .endm
+
+        .macro AESENCLAST xmm1 xmm2
+        XMM_NUM aesenclast_opd1 \xmm1
+        XMM_NUM aesenclast_opd2 \xmm2
+        PFX_OPD_SIZE
+        PFX_REX aesenclast_opd1 aesenclast_opd2
+        .byte 0x0f, 0x38, 0xdd
+        MODRM 0xc0 aesenclast_opd1 aesenclast_opd2
+        .endm
+
+        .macro AESDEC xmm1 xmm2
+        XMM_NUM aesdec_opd1 \xmm1
+        XMM_NUM aesdec_opd2 \xmm2
+        PFX_OPD_SIZE
+        PFX_REX aesdec_opd1 aesdec_opd2
+        .byte 0x0f, 0x38, 0xde
+        MODRM 0xc0 aesdec_opd1 aesdec_opd2
+        .endm
+
+        .macro AESDECLAST xmm1 xmm2
+        XMM_NUM aesdeclast_opd1 \xmm1
+        XMM_NUM aesdeclast_opd2 \xmm2
+        PFX_OPD_SIZE
+        PFX_REX aesdeclast_opd1 aesdeclast_opd2
+        .byte 0x0f, 0x38, 0xdf
+        MODRM 0xc0 aesdeclast_opd1 aesdeclast_opd2
+        .endm
+#endif
+
+#endif
diff --git a/arch/x86/include/asm/irq.h b/arch/x86/include/asm/irq.h
index ffd700ff5dcb..5458380b6ef8 100644
--- a/arch/x86/include/asm/irq.h
+++ b/arch/x86/include/asm/irq.h
@@ -37,7 +37,7 @@ extern void fixup_irqs(void);
 extern void irq_force_complete_move(int);
 #endif
 
-extern void (*generic_interrupt_extension)(void);
+extern void (*x86_platform_ipi_callback)(void);
 extern void native_init_IRQ(void);
 extern bool handle_irq(unsigned irq, struct pt_regs *regs);
 
diff --git a/arch/x86/include/asm/irq_vectors.h b/arch/x86/include/asm/irq_vectors.h
index 5b21f0ec3df2..6a635bd39867 100644
--- a/arch/x86/include/asm/irq_vectors.h
+++ b/arch/x86/include/asm/irq_vectors.h
@@ -106,7 +106,7 @@
 /*
  * Generic system vector for platform specific use
  */
-#define GENERIC_INTERRUPT_VECTOR        0xed
+#define X86_PLATFORM_IPI_VECTOR         0xed
 
 /*
  * Performance monitoring pending work vector:
diff --git a/arch/x86/include/asm/k8.h b/arch/x86/include/asm/k8.h
index c2d1f3b58e5f..f70e60071fe8 100644
--- a/arch/x86/include/asm/k8.h
+++ b/arch/x86/include/asm/k8.h
@@ -4,13 +4,16 @@
 #include <linux/pci.h>
 
 extern struct pci_device_id k8_nb_ids[];
+struct bootnode;
 
 extern int early_is_k8_nb(u32 value);
 extern struct pci_dev **k8_northbridges;
 extern int num_k8_northbridges;
 extern int cache_k8_northbridges(void);
 extern void k8_flush_garts(void);
-extern int k8_scan_nodes(unsigned long start, unsigned long end);
+extern int k8_get_nodes(struct bootnode *nodes);
+extern int k8_numa_init(unsigned long start_pfn, unsigned long end_pfn);
+extern int k8_scan_nodes(void);
 
 #ifdef CONFIG_K8_NB
 static inline struct pci_dev *node_to_k8_nb_misc(int node)
diff --git a/arch/x86/include/asm/kvm.h b/arch/x86/include/asm/kvm.h
index 4a5fe914dc59..950df434763f 100644
--- a/arch/x86/include/asm/kvm.h
+++ b/arch/x86/include/asm/kvm.h
@@ -19,6 +19,8 @@
 #define __KVM_HAVE_MSIX
 #define __KVM_HAVE_MCE
 #define __KVM_HAVE_PIT_STATE2
+#define __KVM_HAVE_XEN_HVM
+#define __KVM_HAVE_VCPU_EVENTS
 
 /* Architectural interrupt line count. */
 #define KVM_NR_INTERRUPTS 256
@@ -79,6 +81,7 @@ struct kvm_ioapic_state {
 #define KVM_IRQCHIP_PIC_MASTER   0
 #define KVM_IRQCHIP_PIC_SLAVE    1
 #define KVM_IRQCHIP_IOAPIC       2
+#define KVM_NR_IRQCHIPS          3
 
 /* for KVM_GET_REGS and KVM_SET_REGS */
 struct kvm_regs {
@@ -250,4 +253,31 @@ struct kvm_reinject_control {
         __u8 pit_reinject;
         __u8 reserved[31];
 };
+
+/* for KVM_GET/SET_VCPU_EVENTS */
+struct kvm_vcpu_events {
+        struct {
+                __u8 injected;
+                __u8 nr;
+                __u8 has_error_code;
+                __u8 pad;
+                __u32 error_code;
+        } exception;
+        struct {
+                __u8 injected;
+                __u8 nr;
+                __u8 soft;
+                __u8 pad;
+        } interrupt;
+        struct {
+                __u8 injected;
+                __u8 pending;
+                __u8 masked;
+                __u8 pad;
+        } nmi;
+        __u32 sipi_vector;
+        __u32 flags;
+        __u32 reserved[10];
+};
+
 #endif /* _ASM_X86_KVM_H */
diff --git a/arch/x86/include/asm/kvm_emulate.h b/arch/x86/include/asm/kvm_emulate.h
index b7ed2c423116..7c18e1230f54 100644
--- a/arch/x86/include/asm/kvm_emulate.h
+++ b/arch/x86/include/asm/kvm_emulate.h
@@ -129,7 +129,7 @@ struct decode_cache {
         u8 seg_override;
         unsigned int d;
         unsigned long regs[NR_VCPU_REGS];
-        unsigned long eip;
+        unsigned long eip, eip_orig;
         /* modrm */
         u8 modrm;
         u8 modrm_mod;
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index d83892226f73..4f865e8b8540 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -354,7 +354,6 @@ struct kvm_vcpu_arch {
         unsigned int time_offset;
         struct page *time_page;
 
-        bool singlestep; /* guest is single stepped by KVM */
         bool nmi_pending;
         bool nmi_injected;
 
@@ -371,6 +370,10 @@ struct kvm_vcpu_arch {
         u64 mcg_status;
         u64 mcg_ctl;
         u64 *mce_banks;
+
+        /* used for guest single stepping over the given code position */
+        u16 singlestep_cs;
+        unsigned long singlestep_rip;
 };
 
 struct kvm_mem_alias {
@@ -397,7 +400,6 @@ struct kvm_arch{
         struct kvm_pic *vpic;
         struct kvm_ioapic *vioapic;
         struct kvm_pit *vpit;
-        struct hlist_head irq_ack_notifier_list;
         int vapics_in_nmi_mode;
 
         unsigned int tss_addr;
@@ -410,8 +412,10 @@ struct kvm_arch{
         gpa_t ept_identity_map_addr;
 
         unsigned long irq_sources_bitmap;
-        unsigned long irq_states[KVM_IOAPIC_NUM_PINS];
         u64 vm_init_tsc;
+        s64 kvmclock_offset;
+
+        struct kvm_xen_hvm_config xen_hvm_config;
 };
 
 struct kvm_vm_stat {
@@ -461,7 +465,7 @@ struct descriptor_table {
 struct kvm_x86_ops {
         int (*cpu_has_kvm_support)(void);          /* __init */
         int (*disabled_by_bios)(void);             /* __init */
-        void (*hardware_enable)(void *dummy);      /* __init */
+        int (*hardware_enable)(void *dummy);
         void (*hardware_disable)(void *dummy);
         void (*check_processor_compatibility)(void *rtn);
         int (*hardware_setup)(void);               /* __init */
@@ -477,8 +481,8 @@ struct kvm_x86_ops {
         void (*vcpu_load)(struct kvm_vcpu *vcpu, int cpu);
         void (*vcpu_put)(struct kvm_vcpu *vcpu);
 
-        int (*set_guest_debug)(struct kvm_vcpu *vcpu,
-                               struct kvm_guest_debug *dbg);
+        void (*set_guest_debug)(struct kvm_vcpu *vcpu,
+                                struct kvm_guest_debug *dbg);
         int (*get_msr)(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata);
         int (*set_msr)(struct kvm_vcpu *vcpu, u32 msr_index, u64 data);
         u64 (*get_segment_base)(struct kvm_vcpu *vcpu, int seg);
@@ -506,8 +510,8 @@ struct kvm_x86_ops {
 
         void (*tlb_flush)(struct kvm_vcpu *vcpu);
 
-        void (*run)(struct kvm_vcpu *vcpu, struct kvm_run *run);
-        int (*handle_exit)(struct kvm_run *run, struct kvm_vcpu *vcpu);
+        void (*run)(struct kvm_vcpu *vcpu);
+        int (*handle_exit)(struct kvm_vcpu *vcpu);
         void (*skip_emulated_instruction)(struct kvm_vcpu *vcpu);
         void (*set_interrupt_shadow)(struct kvm_vcpu *vcpu, int mask);
         u32 (*get_interrupt_shadow)(struct kvm_vcpu *vcpu, int mask);
@@ -519,6 +523,8 @@ struct kvm_x86_ops {
                                 bool has_error_code, u32 error_code);
         int (*interrupt_allowed)(struct kvm_vcpu *vcpu);
         int (*nmi_allowed)(struct kvm_vcpu *vcpu);
+        bool (*get_nmi_mask)(struct kvm_vcpu *vcpu);
+        void (*set_nmi_mask)(struct kvm_vcpu *vcpu, bool masked);
         void (*enable_nmi_window)(struct kvm_vcpu *vcpu);
         void (*enable_irq_window)(struct kvm_vcpu *vcpu);
         void (*update_cr8_intercept)(struct kvm_vcpu *vcpu, int tpr, int irr);
@@ -568,7 +574,7 @@ enum emulation_result {
 #define EMULTYPE_NO_DECODE          (1 << 0)
 #define EMULTYPE_TRAP_UD            (1 << 1)
 #define EMULTYPE_SKIP               (1 << 2)
-int emulate_instruction(struct kvm_vcpu *vcpu, struct kvm_run *run,
+int emulate_instruction(struct kvm_vcpu *vcpu,
                         unsigned long cr2, u16 error_code, int emulation_type);
 void kvm_report_emulation_failure(struct kvm_vcpu *cvpu, const char *context);
 void realmode_lgdt(struct kvm_vcpu *vcpu, u16 size, unsigned long address);
@@ -585,9 +591,9 @@ int kvm_set_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data);
 
 struct x86_emulate_ctxt;
 
-int kvm_emulate_pio(struct kvm_vcpu *vcpu, struct kvm_run *run, int in,
+int kvm_emulate_pio(struct kvm_vcpu *vcpu, int in,
                      int size, unsigned port);
-int kvm_emulate_pio_string(struct kvm_vcpu *vcpu, struct kvm_run *run, int in,
+int kvm_emulate_pio_string(struct kvm_vcpu *vcpu, int in,
                            int size, unsigned long count, int down,
                             gva_t address, int rep, unsigned port);
 void kvm_emulate_cpuid(struct kvm_vcpu *vcpu);
@@ -616,6 +622,9 @@ void kvm_get_cs_db_l_bits(struct kvm_vcpu *vcpu, int *db, int *l);
 int kvm_get_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata);
 int kvm_set_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 data);
 
+unsigned long kvm_get_rflags(struct kvm_vcpu *vcpu);
+void kvm_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags);
+
 void kvm_queue_exception(struct kvm_vcpu *vcpu, unsigned nr);
 void kvm_queue_exception_e(struct kvm_vcpu *vcpu, unsigned nr, u32 error_code);
 void kvm_inject_page_fault(struct kvm_vcpu *vcpu, unsigned long cr2,
@@ -802,4 +811,7 @@ int kvm_cpu_has_interrupt(struct kvm_vcpu *vcpu);
 int kvm_arch_interrupt_allowed(struct kvm_vcpu *vcpu);
 int kvm_cpu_get_interrupt(struct kvm_vcpu *v);
 
+void kvm_define_shared_msr(unsigned index, u32 msr);
+void kvm_set_shared_msr(unsigned index, u64 val, u64 mask);
+
 #endif /* _ASM_X86_KVM_HOST_H */
diff --git a/arch/x86/include/asm/microcode.h b/arch/x86/include/asm/microcode.h
index ef51b501e22a..c24ca9a56458 100644
--- a/arch/x86/include/asm/microcode.h
+++ b/arch/x86/include/asm/microcode.h
@@ -12,6 +12,8 @@ struct device;
 enum ucode_state { UCODE_ERROR, UCODE_OK, UCODE_NFOUND };
 
 struct microcode_ops {
+        void (*init)(struct device *device);
+        void (*fini)(void);
         enum ucode_state (*request_microcode_user) (int cpu,
                                 const void __user *buf, size_t size);
 
diff --git a/arch/x86/include/asm/mpspec.h b/arch/x86/include/asm/mpspec.h
index 61d90b1331c3..d8bf23a88d05 100644
--- a/arch/x86/include/asm/mpspec.h
+++ b/arch/x86/include/asm/mpspec.h
@@ -71,12 +71,7 @@ static inline void early_get_smp_config(void)
 
 static inline void find_smp_config(void)
 {
-        x86_init.mpparse.find_smp_config(1);
-}
-
-static inline void early_find_smp_config(void)
-{
-        x86_init.mpparse.find_smp_config(0);
+        x86_init.mpparse.find_smp_config();
 }
 
 #ifdef CONFIG_X86_MPPARSE
@@ -89,7 +84,7 @@ extern void default_mpc_oem_bus_info(struct mpc_bus *m, char *str);
 # else
 #  define default_mpc_oem_bus_info NULL
 # endif
-extern void default_find_smp_config(unsigned int reserve);
+extern void default_find_smp_config(void);
 extern void default_get_smp_config(unsigned int early);
 #else
 static inline void early_reserve_e820_mpc_new(void) { }
@@ -97,7 +92,7 @@ static inline void early_reserve_e820_mpc_new(void) { }
 #define default_mpc_apic_id NULL
 #define default_smp_read_mpc_oem NULL
 #define default_mpc_oem_bus_info NULL
-#define default_find_smp_config x86_init_uint_noop
+#define default_find_smp_config x86_init_noop
 #define default_get_smp_config x86_init_uint_noop
 #endif
 
diff --git a/arch/x86/include/asm/page_types.h b/arch/x86/include/asm/page_types.h
index 6473f5ccff85..642fe34b36a2 100644
--- a/arch/x86/include/asm/page_types.h
+++ b/arch/x86/include/asm/page_types.h
@@ -49,7 +49,8 @@ extern unsigned long max_pfn_mapped;
 extern unsigned long init_memory_mapping(unsigned long start,
                                          unsigned long end);
 
-extern void initmem_init(unsigned long start_pfn, unsigned long end_pfn);
+extern void initmem_init(unsigned long start_pfn, unsigned long end_pfn,
+                                int acpi, int k8);
 extern void free_initmem(void);
 
 #endif  /* !__ASSEMBLY__ */
diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
index af6fd360ab35..a34c785c5a63 100644
--- a/arch/x86/include/asm/pgtable.h
+++ b/arch/x86/include/asm/pgtable.h
@@ -16,6 +16,8 @@
 
 #ifndef __ASSEMBLY__
 
+#include <asm/x86_init.h>
+
 /*
  * ZERO_PAGE is a global shared page that is always zero: used
  * for zero-mapped memory areas etc..
@@ -270,9 +272,9 @@ static inline int is_new_memtype_allowed(u64 paddr, unsigned long size,
                                          unsigned long new_flags)
 {
         /*
-         * PAT type is always WB for ISA. So no need to check.
+         * PAT type is always WB for untracked ranges, so no need to check.
          */
-        if (is_ISA_range(paddr, paddr + size - 1))
+        if (x86_platform.is_untracked_pat_range(paddr, paddr + size))
                 return 1;
 
         /*
diff --git a/arch/x86/include/asm/proto.h b/arch/x86/include/asm/proto.h
index 621f56d73121..4009f6534f52 100644
--- a/arch/x86/include/asm/proto.h
+++ b/arch/x86/include/asm/proto.h
@@ -5,18 +5,19 @@
 
 /* misc architecture specific prototypes */
 
-extern void early_idt_handler(void);
+void early_idt_handler(void);
 
-extern void system_call(void);
-extern void syscall_init(void);
+void system_call(void);
+void syscall_init(void);
 
-extern void ia32_syscall(void);
-extern void ia32_cstar_target(void);
-extern void ia32_sysenter_target(void);
+void ia32_syscall(void);
+void ia32_cstar_target(void);
+void ia32_sysenter_target(void);
 
-extern void syscall32_cpu_init(void);
+void syscall32_cpu_init(void);
 
-extern void check_efer(void);
+void x86_configure_nx(void);
+void x86_report_nx(void);
 
 extern int reboot_force;
 
diff --git a/arch/x86/include/asm/sections.h b/arch/x86/include/asm/sections.h
index 1b7ee5d673c2..0a5242428659 100644
--- a/arch/x86/include/asm/sections.h
+++ b/arch/x86/include/asm/sections.h
@@ -2,7 +2,13 @@
 #define _ASM_X86_SECTIONS_H
 
 #include <asm-generic/sections.h>
+#include <asm/uaccess.h>
 
 extern char __brk_base[], __brk_limit[];
+extern struct exception_table_entry __stop___ex_table[];
+
+#if defined(CONFIG_X86_64) && defined(CONFIG_DEBUG_RODATA)
+extern char __end_rodata_hpage_align[];
+#endif
 
 #endif  /* _ASM_X86_SECTIONS_H */
diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h
index 85574b7c1bc1..1fecb7e61130 100644
--- a/arch/x86/include/asm/svm.h
+++ b/arch/x86/include/asm/svm.h
@@ -57,7 +57,8 @@ struct __attribute__ ((__packed__)) vmcb_control_area {
         u16 intercept_dr_write;
         u32 intercept_exceptions;
         u64 intercept;
-        u8 reserved_1[44];
+        u8 reserved_1[42];
+        u16 pause_filter_count;
         u64 iopm_base_pa;
         u64 msrpm_base_pa;
         u64 tsc_offset;
diff --git a/arch/x86/include/asm/sys_ia32.h b/arch/x86/include/asm/sys_ia32.h
index 72a6dcd1299b..9af9decb38c3 100644
--- a/arch/x86/include/asm/sys_ia32.h
+++ b/arch/x86/include/asm/sys_ia32.h
@@ -51,11 +51,6 @@ asmlinkage long sys32_sched_rr_get_interval(compat_pid_t,
 asmlinkage long sys32_rt_sigpending(compat_sigset_t __user *, compat_size_t);
 asmlinkage long sys32_rt_sigqueueinfo(int, int, compat_siginfo_t __user *);
 
-#ifdef CONFIG_SYSCTL_SYSCALL
-struct sysctl_ia32;
-asmlinkage long sys32_sysctl(struct sysctl_ia32 __user *);
-#endif
-
 asmlinkage long sys32_pread(unsigned int, char __user *, u32, u32, u32);
 asmlinkage long sys32_pwrite(unsigned int, char __user *, u32, u32, u32);
 
diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
index d27d0a2fec4c..375c917c37d2 100644
--- a/arch/x86/include/asm/thread_info.h
+++ b/arch/x86/include/asm/thread_info.h
@@ -83,6 +83,7 @@ struct thread_info {
 #define TIF_SYSCALL_AUDIT       7       /* syscall auditing active */
 #define TIF_SECCOMP             8       /* secure computing */
 #define TIF_MCE_NOTIFY          10      /* notify userspace of an MCE */
+#define TIF_USER_RETURN_NOTIFY  11      /* notify kernel of userspace return */
 #define TIF_NOTSC               16      /* TSC is not accessible in userland */
 #define TIF_IA32                17      /* 32bit process */
 #define TIF_FORK                18      /* ret_from_fork */
@@ -107,6 +108,7 @@ struct thread_info {
 #define _TIF_SYSCALL_AUDIT      (1 << TIF_SYSCALL_AUDIT)
 #define _TIF_SECCOMP            (1 << TIF_SECCOMP)
 #define _TIF_MCE_NOTIFY         (1 << TIF_MCE_NOTIFY)
+#define _TIF_USER_RETURN_NOTIFY (1 << TIF_USER_RETURN_NOTIFY)
 #define _TIF_NOTSC              (1 << TIF_NOTSC)
 #define _TIF_IA32               (1 << TIF_IA32)
 #define _TIF_FORK               (1 << TIF_FORK)
@@ -142,13 +144,14 @@ struct thread_info {
 
 /* Only used for 64 bit */
 #define _TIF_DO_NOTIFY_MASK                                             \
-        (_TIF_SIGPENDING|_TIF_MCE_NOTIFY|_TIF_NOTIFY_RESUME)
+        (_TIF_SIGPENDING | _TIF_MCE_NOTIFY | _TIF_NOTIFY_RESUME |       \
+         _TIF_USER_RETURN_NOTIFY)
 
 /* flags to check in __switch_to() */
 #define _TIF_WORK_CTXSW                                                 \
         (_TIF_IO_BITMAP|_TIF_DEBUGCTLMSR|_TIF_DS_AREA_MSR|_TIF_NOTSC)
 
-#define _TIF_WORK_CTXSW_PREV _TIF_WORK_CTXSW
+#define _TIF_WORK_CTXSW_PREV (_TIF_WORK_CTXSW|_TIF_USER_RETURN_NOTIFY)
 #define _TIF_WORK_CTXSW_NEXT (_TIF_WORK_CTXSW|_TIF_DEBUG)
 
 #define PREEMPT_ACTIVE          0x10000000
diff --git a/arch/x86/include/asm/unistd_32.h b/arch/x86/include/asm/unistd_32.h
index 6fb3c209a7e3..3baf379fa840 100644
--- a/arch/x86/include/asm/unistd_32.h
+++ b/arch/x86/include/asm/unistd_32.h
@@ -342,10 +342,11 @@
 #define __NR_pwritev            334
 #define __NR_rt_tgsigqueueinfo  335
 #define __NR_perf_event_open    336
+#define __NR_recvmmsg           337
 
 #ifdef __KERNEL__
 
-#define NR_syscalls 337
+#define NR_syscalls 338
 
 #define __ARCH_WANT_IPC_PARSE_VERSION
 #define __ARCH_WANT_OLD_READDIR
diff --git a/arch/x86/include/asm/unistd_64.h b/arch/x86/include/asm/unistd_64.h
index 8d3ad0adbc68..4843f7ba754a 100644
--- a/arch/x86/include/asm/unistd_64.h
+++ b/arch/x86/include/asm/unistd_64.h
@@ -661,6 +661,8 @@ __SYSCALL(__NR_pwritev, sys_pwritev)
 __SYSCALL(__NR_rt_tgsigqueueinfo, sys_rt_tgsigqueueinfo)
 #define __NR_perf_event_open                    298
 __SYSCALL(__NR_perf_event_open, sys_perf_event_open)
+#define __NR_recvmmsg                           299
+__SYSCALL(__NR_recvmmsg, sys_recvmmsg)
 
 #ifndef __NO_STUBS
 #define __ARCH_WANT_OLD_READDIR
diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
index 272514c2d456..2b4945419a84 100644
--- a/arch/x86/include/asm/vmx.h
+++ b/arch/x86/include/asm/vmx.h
@@ -56,6 +56,7 @@
 #define SECONDARY_EXEC_ENABLE_VPID              0x00000020
 #define SECONDARY_EXEC_WBINVD_EXITING           0x00000040
 #define SECONDARY_EXEC_UNRESTRICTED_GUEST       0x00000080
+#define SECONDARY_EXEC_PAUSE_LOOP_EXITING       0x00000400
 
 
 #define PIN_BASED_EXT_INTR_MASK                 0x00000001
@@ -144,6 +145,8 @@ enum vmcs_field {
         VM_ENTRY_INSTRUCTION_LEN        = 0x0000401a,
         TPR_THRESHOLD                   = 0x0000401c,
         SECONDARY_VM_EXEC_CONTROL       = 0x0000401e,
+        PLE_GAP                         = 0x00004020,
+        PLE_WINDOW                      = 0x00004022,
         VM_INSTRUCTION_ERROR            = 0x00004400,
         VM_EXIT_REASON                  = 0x00004402,
         VM_EXIT_INTR_INFO               = 0x00004404,
@@ -248,6 +251,7 @@ enum vmcs_field {
 #define EXIT_REASON_MSR_READ            31
 #define EXIT_REASON_MSR_WRITE           32
 #define EXIT_REASON_MWAIT_INSTRUCTION   36
+#define EXIT_REASON_PAUSE_INSTRUCTION   40
 #define EXIT_REASON_MCE_DURING_VMENTRY   41
 #define EXIT_REASON_TPR_BELOW_THRESHOLD 43
 #define EXIT_REASON_APIC_ACCESS         44
diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h
index d8e71459f025..ea0e8ea15e15 100644
--- a/arch/x86/include/asm/x86_init.h
+++ b/arch/x86/include/asm/x86_init.h
@@ -26,7 +26,7 @@ struct x86_init_mpparse {
         void (*smp_read_mpc_oem)(struct mpc_table *mpc);
         void (*mpc_oem_pci_bus)(struct mpc_bus *m);
         void (*mpc_oem_bus_info)(struct mpc_bus *m, char *name);
-        void (*find_smp_config)(unsigned int reserve);
+        void (*find_smp_config)(void);
         void (*get_smp_config)(unsigned int early);
 };
 
@@ -125,12 +125,14 @@ struct x86_cpuinit_ops {
  * @calibrate_tsc:              calibrate TSC
  * @get_wallclock:              get time from HW clock like RTC etc.
  * @set_wallclock:              set time back to HW clock
+ * @is_untracked_pat_range      exclude from PAT logic
  */
 struct x86_platform_ops {
         unsigned long (*calibrate_tsc)(void);
         unsigned long (*get_wallclock)(void);
         int (*set_wallclock)(unsigned long nowtime);
         void (*iommu_shutdown)(void);
+        bool (*is_untracked_pat_range)(u64 start, u64 end);
 };
 
 extern struct x86_init_ops x86_init;
diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c
index 67e929b89875..87eee07da21f 100644
--- a/arch/x86/kernel/acpi/boot.c
+++ b/arch/x86/kernel/acpi/boot.c
@@ -624,6 +624,7 @@ static int __init acpi_parse_hpet(struct acpi_table_header *table)
         }
 
         hpet_address = hpet_tbl->address.address;
+        hpet_blockid = hpet_tbl->sequence;
 
         /*
          * Some broken BIOSes advertise HPET at 0x0. We really do not
diff --git a/arch/x86/kernel/acpi/sleep.c b/arch/x86/kernel/acpi/sleep.c
index ca93638ba430..82e508677b91 100644
--- a/arch/x86/kernel/acpi/sleep.c
+++ b/arch/x86/kernel/acpi/sleep.c
@@ -78,12 +78,9 @@ int acpi_save_state_mem(void)
 #ifndef CONFIG_64BIT
         store_gdt((struct desc_ptr *)&header->pmode_gdt);
 
-        header->pmode_efer_low = nx_enabled;
-        if (header->pmode_efer_low & 1) {
-                /* This is strange, why not save efer, always? */
-                rdmsr(MSR_EFER, header->pmode_efer_low,
-                        header->pmode_efer_high);
-        }
+        if (rdmsr_safe(MSR_EFER, &header->pmode_efer_low,
+                       &header->pmode_efer_high))
+                header->pmode_efer_low = header->pmode_efer_high = 0;
 #endif /* !CONFIG_64BIT */
 
         header->pmode_cr0 = read_cr0();
@@ -119,29 +116,32 @@ void acpi_restore_state_mem(void)
 
 
 /**
- * acpi_reserve_bootmem - do _very_ early ACPI initialisation
+ * acpi_reserve_wakeup_memory - do _very_ early ACPI initialisation
  *
  * We allocate a page from the first 1MB of memory for the wakeup
  * routine for when we come back from a sleep state. The
  * runtime allocator allows specification of <16MB pages, but not
  * <1MB pages.
  */
-void __init acpi_reserve_bootmem(void)
+void __init acpi_reserve_wakeup_memory(void)
 {
+        unsigned long mem;
+
         if ((&wakeup_code_end - &wakeup_code_start) > WAKEUP_SIZE) {
                 printk(KERN_ERR
                        "ACPI: Wakeup code way too big, S3 disabled.\n");
                 return;
         }
 
-        acpi_realmode = (unsigned long)alloc_bootmem_low(WAKEUP_SIZE);
+        mem = find_e820_area(0, 1<<20, WAKEUP_SIZE, PAGE_SIZE);
 
-        if (!acpi_realmode) {
+        if (mem == -1L) {
                 printk(KERN_ERR "ACPI: Cannot allocate lowmem, S3 disabled.\n");
                 return;
         }
-
-        acpi_wakeup_address = virt_to_phys((void *)acpi_realmode);
+        acpi_realmode = (unsigned long) phys_to_virt(mem);
+        acpi_wakeup_address = mem;
+        reserve_early(mem, mem + WAKEUP_SIZE, "ACPI WAKEUP");
 }
 
 
diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
index ad8c75b9e453..efb2b9cd132c 100644
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
@@ -647,7 +647,7 @@ static int __init calibrate_APIC_clock(void)
         calibration_result = (delta * APIC_DIVISOR) / LAPIC_CAL_LOOPS;
 
         apic_printk(APIC_VERBOSE, "..... delta %ld\n", delta);
-        apic_printk(APIC_VERBOSE, "..... mult: %ld\n", lapic_clockevent.mult);
+        apic_printk(APIC_VERBOSE, "..... mult: %u\n", lapic_clockevent.mult);
         apic_printk(APIC_VERBOSE, "..... calibration result: %u\n",
                     calibration_result);
 
diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c
index c0b4468683f9..d5d498fbee4b 100644
--- a/arch/x86/kernel/apic/io_apic.c
+++ b/arch/x86/kernel/apic/io_apic.c
@@ -3267,7 +3267,8 @@ void destroy_irq(unsigned int irq)
  * MSI message composition
  */
 #ifdef CONFIG_PCI_MSI
-static int msi_compose_msg(struct pci_dev *pdev, unsigned int irq, struct msi_msg *msg)
+static int msi_compose_msg(struct pci_dev *pdev, unsigned int irq,
+                           struct msi_msg *msg, u8 hpet_id)
 {
         struct irq_cfg *cfg;
         int err;
@@ -3301,7 +3302,10 @@ static int msi_compose_msg(struct pci_dev *pdev, unsigned int irq, struct msi_ms
                 irte.dest_id = IRTE_DEST(dest);
 
                 /* Set source-id of interrupt request */
-                set_msi_sid(&irte, pdev);
+                if (pdev)
+                        set_msi_sid(&irte, pdev);
+                else
+                        set_hpet_sid(&irte, hpet_id);
 
                 modify_irte(irq, &irte);
 
@@ -3466,7 +3470,7 @@ static int setup_msi_irq(struct pci_dev *dev, struct msi_desc *msidesc, int irq)
         int ret;
         struct msi_msg msg;
 
-        ret = msi_compose_msg(dev, irq, &msg);
+        ret = msi_compose_msg(dev, irq, &msg, -1);
         if (ret < 0)
                 return ret;
 
@@ -3599,7 +3603,7 @@ int arch_setup_dmar_msi(unsigned int irq)
         int ret;
         struct msi_msg msg;
 
-        ret = msi_compose_msg(NULL, irq, &msg);
+        ret = msi_compose_msg(NULL, irq, &msg, -1);
         if (ret < 0)
                 return ret;
         dmar_msi_write(irq, &msg);
@@ -3639,6 +3643,19 @@ static int hpet_msi_set_affinity(unsigned int irq, const struct cpumask *mask)
 
 #endif /* CONFIG_SMP */
 
+static struct irq_chip ir_hpet_msi_type = {
+        .name = "IR-HPET_MSI",
+        .unmask = hpet_msi_unmask,
+        .mask = hpet_msi_mask,
+#ifdef CONFIG_INTR_REMAP
+        .ack = ir_ack_apic_edge,
+#ifdef CONFIG_SMP
+        .set_affinity = ir_set_msi_irq_affinity,
+#endif
+#endif
+        .retrigger = ioapic_retrigger_irq,
+};
+
 static struct irq_chip hpet_msi_type = {
         .name = "HPET_MSI",
         .unmask = hpet_msi_unmask,
@@ -3650,20 +3667,36 @@ static struct irq_chip hpet_msi_type = {
         .retrigger = ioapic_retrigger_irq,
 };
 
-int arch_setup_hpet_msi(unsigned int irq)
+int arch_setup_hpet_msi(unsigned int irq, unsigned int id)
 {
         int ret;
         struct msi_msg msg;
         struct irq_desc *desc = irq_to_desc(irq);
 
-        ret = msi_compose_msg(NULL, irq, &msg);
+        if (intr_remapping_enabled) {
+                struct intel_iommu *iommu = map_hpet_to_ir(id);
+                int index;
+
+                if (!iommu)
+                        return -1;
+
+                index = alloc_irte(iommu, irq, 1);
+                if (index < 0)
+                        return -1;
+        }
+
+        ret = msi_compose_msg(NULL, irq, &msg, id);
         if (ret < 0)
                 return ret;
 
         hpet_msi_write(irq, &msg);
         desc->status |= IRQ_MOVE_PCNTXT;
-        set_irq_chip_and_handler_name(irq, &hpet_msi_type, handle_edge_irq,
-                "edge");
+        if (irq_remapped(irq))
+                set_irq_chip_and_handler_name(irq, &ir_hpet_msi_type,
+                                              handle_edge_irq, "edge");
+        else
+                set_irq_chip_and_handler_name(irq, &hpet_msi_type,
+                                              handle_edge_irq, "edge");
 
         return 0;
 }
diff --git a/arch/x86/kernel/apic/numaq_32.c b/arch/x86/kernel/apic/numaq_32.c
index 07cdbdcd7a92..98c4665f251c 100644
--- a/arch/x86/kernel/apic/numaq_32.c
+++ b/arch/x86/kernel/apic/numaq_32.c
@@ -264,11 +264,6 @@ static void __init smp_read_mpc_oem(struct mpc_table *mpc)
 static __init void early_check_numaq(void)
 {
         /*
-         * Find possible boot-time SMP configuration:
-         */
-        early_find_smp_config();
-
-        /*
          * get boot-time SMP configuration:
          */
         if (smp_found_config)
diff --git a/arch/x86/kernel/apic/x2apic_uv_x.c b/arch/x86/kernel/apic/x2apic_uv_x.c
index 130c4b934877..b684bb303cbf 100644
--- a/arch/x86/kernel/apic/x2apic_uv_x.c
+++ b/arch/x86/kernel/apic/x2apic_uv_x.c
@@ -30,10 +30,22 @@
 #include <asm/apic.h>
 #include <asm/ipi.h>
 #include <asm/smp.h>
+#include <asm/x86_init.h>
 
 DEFINE_PER_CPU(int, x2apic_extra_bits);
 
 static enum uv_system_type uv_system_type;
+static u64 gru_start_paddr, gru_end_paddr;
+
+static inline bool is_GRU_range(u64 start, u64 end)
+{
+        return start >= gru_start_paddr && end <= gru_end_paddr;
+}
+
+static bool uv_is_untracked_pat_range(u64 start, u64 end)
+{
+        return is_ISA_range(start, end) || is_GRU_range(start, end);
+}
 
 static int early_get_nodeid(void)
 {
@@ -49,6 +61,7 @@ static int early_get_nodeid(void)
 static int __init uv_acpi_madt_oem_check(char *oem_id, char *oem_table_id)
 {
         if (!strcmp(oem_id, "SGI")) {
+                x86_platform.is_untracked_pat_range =  uv_is_untracked_pat_range;
                 if (!strcmp(oem_table_id, "UVL"))
                         uv_system_type = UV_LEGACY_APIC;
                 else if (!strcmp(oem_table_id, "UVX"))
@@ -385,8 +398,12 @@ static __init void map_gru_high(int max_pnode)
         int shift = UVH_RH_GAM_GRU_OVERLAY_CONFIG_MMR_BASE_SHFT;
 
         gru.v = uv_read_local_mmr(UVH_RH_GAM_GRU_OVERLAY_CONFIG_MMR);
-        if (gru.s.enable)
+        if (gru.s.enable) {
                 map_high("GRU", gru.s.base, shift, max_pnode, map_wb);
+                gru_start_paddr = ((u64)gru.s.base << shift);
+                gru_end_paddr = gru_start_paddr + (1UL << shift) * (max_pnode + 1);
+
+        }
 }
 
 static __init void map_mmr_high(int max_pnode)
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index a4ec8b647544..c1afa990a6c8 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -1136,7 +1136,7 @@ void __cpuinit cpu_init(void)
         wrmsrl(MSR_KERNEL_GS_BASE, 0);
         barrier();
 
-        check_efer();
+        x86_configure_nx();
         if (cpu != 0)
                 enable_x2apic();
 
diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index 40e1835b35e8..c900b73f9224 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -263,8 +263,12 @@ static void __cpuinit srat_detect_node(struct cpuinfo_x86 *c)
         /* Don't do the funky fallback heuristics the AMD version employs
            for now. */
         node = apicid_to_node[apicid];
-        if (node == NUMA_NO_NODE || !node_online(node))
+        if (node == NUMA_NO_NODE)
                 node = first_node(node_online_map);
+        else if (!node_online(node)) {
+                /* reuse the value from init_cpu_to_node() */
+                node = cpu_to_node(cpu);
+        }
         numa_set_node(cpu, node);
 
         printk(KERN_INFO "CPU %d/0x%x -> Node %d\n", cpu, apicid, node);
diff --git a/arch/x86/kernel/cpu/mtrr/cleanup.c b/arch/x86/kernel/cpu/mtrr/cleanup.c
index 73c86db5acbe..09b1698e0466 100644
--- a/arch/x86/kernel/cpu/mtrr/cleanup.c
+++ b/arch/x86/kernel/cpu/mtrr/cleanup.c
@@ -170,6 +170,41 @@ static int __init cmp_range(const void *x1, const void *x2)
         return start1 - start2;
 }
 
+static int __init clean_sort_range(struct res_range *range, int az)
+{
+        int i, j, k = az - 1, nr_range = 0;
+
+        for (i = 0; i < k; i++) {
+                if (range[i].end)
+                        continue;
+                for (j = k; j > i; j--) {
+                        if (range[j].end) {
+                                k = j;
+                                break;
+                        }
+                }
+                if (j == i)
+                        break;
+                range[i].start = range[k].start;
+                range[i].end   = range[k].end;
+                range[k].start = 0;
+                range[k].end   = 0;
+                k--;
+        }
+        /* count it */
+        for (i = 0; i < az; i++) {
+                if (!range[i].end) {
+                        nr_range = i;
+                        break;
+                }
+        }
+
+        /* sort them */
+        sort(range, nr_range, sizeof(struct res_range), cmp_range, NULL);
+
+        return nr_range;
+}
+
 #define BIOS_BUG_MSG KERN_WARNING \
         "WARNING: BIOS bug: VAR MTRR %d contains strange UC entry under 1M, check with your system vendor!\n"
 
@@ -223,22 +258,18 @@ x86_get_mtrr_mem_range(struct res_range *range, int nr_range,
                 subtract_range(range, extra_remove_base,
                                  extra_remove_base + extra_remove_size  - 1);
 
-        /* get new range num */
-        nr_range = 0;
-        for (i = 0; i < RANGE_NUM; i++) {
-                if (!range[i].end)
-                        continue;
-                nr_range++;
-        }
         if  (debug_print) {
                 printk(KERN_DEBUG "After UC checking\n");
-                for (i = 0; i < nr_range; i++)
+                for (i = 0; i < RANGE_NUM; i++) {
+                        if (!range[i].end)
+                                continue;
                         printk(KERN_DEBUG "MTRR MAP PFN: %016lx - %016lx\n",
                                  range[i].start, range[i].end + 1);
+                }
         }
 
         /* sort the ranges */
-        sort(range, nr_range, sizeof(struct res_range), cmp_range, NULL);
+        nr_range = clean_sort_range(range, RANGE_NUM);
         if  (debug_print) {
                 printk(KERN_DEBUG "After sorting\n");
                 for (i = 0; i < nr_range; i++)
@@ -689,8 +720,6 @@ static int __init mtrr_need_cleanup(void)
                         continue;
                 if (!size)
                         type = MTRR_NUM_TYPES;
-                if (type == MTRR_TYPE_WRPROT)
-                        type = MTRR_TYPE_UNCACHABLE;
                 num[type]++;
         }
 
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
index 4deb8fc849dd..63bca794c8f9 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -977,8 +977,8 @@ apicinterrupt UV_BAU_MESSAGE \
 #endif
 apicinterrupt LOCAL_TIMER_VECTOR \
         apic_timer_interrupt smp_apic_timer_interrupt
-apicinterrupt GENERIC_INTERRUPT_VECTOR \
-        generic_interrupt smp_generic_interrupt
+apicinterrupt X86_PLATFORM_IPI_VECTOR \
+        x86_platform_ipi smp_x86_platform_ipi
 
 #ifdef CONFIG_SMP
 apicinterrupt INVALIDATE_TLB_VECTOR_START+0 \
diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
index 5a1b9758fd62..309689245431 100644
--- a/arch/x86/kernel/ftrace.c
+++ b/arch/x86/kernel/ftrace.c
@@ -189,9 +189,26 @@ static void wait_for_nmi(void)
         nmi_wait_count++;
 }
 
+static inline int
+within(unsigned long addr, unsigned long start, unsigned long end)
+{
+        return addr >= start && addr < end;
+}
+
 static int
 do_ftrace_mod_code(unsigned long ip, void *new_code)
 {
+        /*
+         * On x86_64, kernel text mappings are mapped read-only with
+         * CONFIG_DEBUG_RODATA. So we use the kernel identity mapping instead
+         * of the kernel text mapping to modify the kernel text.
+         *
+         * For 32bit kernels, these mappings are same and we can use
+         * kernel identity mapping to modify code.
+         */
+        if (within(ip, (unsigned long)_text, (unsigned long)_etext))
+                ip = (unsigned long)__va(__pa(ip));
+
         mod_code_ip = (void *)ip;
         mod_code_newcode = new_code;
 
diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
index 050c278481b1..7fd318bac59c 100644
--- a/arch/x86/kernel/head_32.S
+++ b/arch/x86/kernel/head_32.S
@@ -18,6 +18,8 @@
 #include <asm/asm-offsets.h>
 #include <asm/setup.h>
 #include <asm/processor-flags.h>
+#include <asm/msr-index.h>
+#include <asm/cpufeature.h>
 #include <asm/percpu.h>
 
 /* Physical address */
@@ -297,25 +299,27 @@ ENTRY(startup_32_smp)
         orl %edx,%eax
         movl %eax,%cr4
 
-        btl $5, %eax            # check if PAE is enabled
-        jnc 6f
+        testb $X86_CR4_PAE, %al         # check if PAE is enabled
+        jz 6f
 
         /* Check if extended functions are implemented */
         movl $0x80000000, %eax
         cpuid
-        cmpl $0x80000000, %eax
-        jbe 6f
+        /* Value must be in the range 0x80000001 to 0x8000ffff */
+        subl $0x80000001, %eax
+        cmpl $(0x8000ffff-0x80000001), %eax
+        ja 6f
         mov $0x80000001, %eax
         cpuid
         /* Execute Disable bit supported? */
-        btl $20, %edx
+        btl $(X86_FEATURE_NX & 31), %edx
         jnc 6f
 
         /* Setup EFER (Extended Feature Enable Register) */
-        movl $0xc0000080, %ecx
+        movl $MSR_EFER, %ecx
         rdmsr
 
-        btsl $11, %eax
+        btsl $_EFER_NX, %eax
         /* Make changes effective */
         wrmsr
 
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
index 22db86a37643..2d8b5035371c 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -262,11 +262,11 @@ ENTRY(secondary_startup_64)
         .quad   x86_64_start_kernel
         ENTRY(initial_gs)
         .quad   INIT_PER_CPU_VAR(irq_stack_union)
-        __FINITDATA
 
         ENTRY(stack_start)
         .quad  init_thread_union+THREAD_SIZE-8
         .word  0
+        __FINITDATA
 
 bad_address:
         jmp bad_address
@@ -340,6 +340,7 @@ ENTRY(name)
         i = i + 1 ;                                     \
         .endr
 
+        .data
         /*
          * This default setting generates an ident mapping at address 0x100000
          * and a mapping for the kernel that precisely maps virtual address
diff --git a/arch/x86/kernel/hpet.c b/arch/x86/kernel/hpet.c
index dedc2bddf7a5..ba6e65884603 100644
--- a/arch/x86/kernel/hpet.c
+++ b/arch/x86/kernel/hpet.c
@@ -33,6 +33,7 @@
  * HPET address is set in acpi/boot.c, when an ACPI entry exists
  */
 unsigned long                           hpet_address;
+u8                                      hpet_blockid; /* OS timer block num */
 #ifdef CONFIG_PCI_MSI
 static unsigned long                    hpet_num_timers;
 #endif
@@ -47,12 +48,12 @@ struct hpet_dev {
         char                            name[10];
 };
 
-unsigned long hpet_readl(unsigned long a)
+inline unsigned int hpet_readl(unsigned int a)
 {
         return readl(hpet_virt_address + a);
 }
 
-static inline void hpet_writel(unsigned long d, unsigned long a)
+static inline void hpet_writel(unsigned int d, unsigned int a)
 {
         writel(d, hpet_virt_address + a);
 }
@@ -167,7 +168,7 @@ do {								\
 
 static void hpet_reserve_msi_timers(struct hpet_data *hd);
 
-static void hpet_reserve_platform_timers(unsigned long id)
+static void hpet_reserve_platform_timers(unsigned int id)
 {
         struct hpet __iomem *hpet = hpet_virt_address;
         struct hpet_timer __iomem *timer = &hpet->hpet_timers[2];
@@ -205,7 +206,7 @@ static void hpet_reserve_platform_timers(unsigned long id)
 
 }
 #else
-static void hpet_reserve_platform_timers(unsigned long id) { }
+static void hpet_reserve_platform_timers(unsigned int id) { }
 #endif
 
 /*
@@ -246,7 +247,7 @@ static void hpet_reset_counter(void)
 
 static void hpet_start_counter(void)
 {
-        unsigned long cfg = hpet_readl(HPET_CFG);
+        unsigned int cfg = hpet_readl(HPET_CFG);
         cfg |= HPET_CFG_ENABLE;
         hpet_writel(cfg, HPET_CFG);
 }
@@ -271,7 +272,7 @@ static void hpet_resume_counter(void)
 
 static void hpet_enable_legacy_int(void)
 {
-        unsigned long cfg = hpet_readl(HPET_CFG);
+        unsigned int cfg = hpet_readl(HPET_CFG);
 
         cfg |= HPET_CFG_LEGACY;
         hpet_writel(cfg, HPET_CFG);
@@ -314,7 +315,7 @@ static int hpet_setup_msi_irq(unsigned int irq);
 static void hpet_set_mode(enum clock_event_mode mode,
                           struct clock_event_device *evt, int timer)
 {
-        unsigned long cfg, cmp, now;
+        unsigned int cfg, cmp, now;
         uint64_t delta;
 
         switch (mode) {
@@ -323,7 +324,7 @@ static void hpet_set_mode(enum clock_event_mode mode,
                 delta = ((uint64_t)(NSEC_PER_SEC/HZ)) * evt->mult;
                 delta >>= evt->shift;
                 now = hpet_readl(HPET_COUNTER);
-                cmp = now + (unsigned long) delta;
+                cmp = now + (unsigned int) delta;
                 cfg = hpet_readl(HPET_Tn_CFG(timer));
                 /* Make sure we use edge triggered interrupts */
                 cfg &= ~HPET_TN_LEVEL;
@@ -339,7 +340,7 @@ static void hpet_set_mode(enum clock_event_mode mode,
                  * (See AMD-8111 HyperTransport I/O Hub Data Sheet,
                  * Publication # 24674)
                  */
-                hpet_writel((unsigned long) delta, HPET_Tn_CMP(timer));
+                hpet_writel((unsigned int) delta, HPET_Tn_CMP(timer));
                 hpet_start_counter();
                 hpet_print_config();
                 break;
@@ -383,13 +384,24 @@ static int hpet_next_event(unsigned long delta,
         hpet_writel(cnt, HPET_Tn_CMP(timer));
 
         /*
-         * We need to read back the CMP register to make sure that
-         * what we wrote hit the chip before we compare it to the
-         * counter.
+         * We need to read back the CMP register on certain HPET
+         * implementations (ATI chipsets) which seem to delay the
+         * transfer of the compare register into the internal compare
+         * logic. With small deltas this might actually be too late as
+         * the counter could already be higher than the compare value
+         * at that point and we would wait for the next hpet interrupt
+         * forever. We found out that reading the CMP register back
+         * forces the transfer so we can rely on the comparison with
+         * the counter register below. If the read back from the
+         * compare register does not match the value we programmed
+         * then we might have a real hardware problem. We can not do
+         * much about it here, but at least alert the user/admin with
+         * a prominent warning.
          */
-        WARN_ON_ONCE((u32)hpet_readl(HPET_Tn_CMP(timer)) != cnt);
+        WARN_ONCE(hpet_readl(HPET_Tn_CMP(timer)) != cnt,
+                  KERN_WARNING "hpet: compare register read back failed.\n");
 
-        return (s32)((u32)hpet_readl(HPET_COUNTER) - cnt) >= 0 ? -ETIME : 0;
+        return (s32)(hpet_readl(HPET_COUNTER) - cnt) >= 0 ? -ETIME : 0;
 }
 
 static void hpet_legacy_set_mode(enum clock_event_mode mode,
@@ -415,7 +427,7 @@ static struct hpet_dev	*hpet_devs;
 void hpet_msi_unmask(unsigned int irq)
 {
         struct hpet_dev *hdev = get_irq_data(irq);
-        unsigned long cfg;
+        unsigned int cfg;
 
         /* unmask it */
         cfg = hpet_readl(HPET_Tn_CFG(hdev->num));
@@ -425,7 +437,7 @@ void hpet_msi_unmask(unsigned int irq)
 
 void hpet_msi_mask(unsigned int irq)
 {
-        unsigned long cfg;
+        unsigned int cfg;
         struct hpet_dev *hdev = get_irq_data(irq);
 
         /* mask it */
@@ -467,7 +479,7 @@ static int hpet_msi_next_event(unsigned long delta,
 
 static int hpet_setup_msi_irq(unsigned int irq)
 {
-        if (arch_setup_hpet_msi(irq)) {
+        if (arch_setup_hpet_msi(irq, hpet_blockid)) {
                 destroy_irq(irq);
                 return -EINVAL;
         }
@@ -584,6 +596,8 @@ static void hpet_msi_capability_lookup(unsigned int start_timer)
         unsigned int num_timers_used = 0;
         int i;
 
+        if (boot_cpu_has(X86_FEATURE_ARAT))
+                return;
         id = hpet_readl(HPET_ID);
 
         num_timers = ((id & HPET_ID_NUMBER) >> HPET_ID_NUMBER_SHIFT);
@@ -598,7 +612,7 @@ static void hpet_msi_capability_lookup(unsigned int start_timer)
 
         for (i = start_timer; i < num_timers - RESERVE_TIMERS; i++) {
                 struct hpet_dev *hdev = &hpet_devs[num_timers_used];
-                unsigned long cfg = hpet_readl(HPET_Tn_CFG(i));
+                unsigned int cfg = hpet_readl(HPET_Tn_CFG(i));
 
                 /* Only consider HPET timer with MSI support */
                 if (!(cfg & HPET_TN_FSB_CAP))
@@ -813,7 +827,7 @@ static int hpet_clocksource_register(void)
  */
 int __init hpet_enable(void)
 {
-        unsigned long id;
+        unsigned int id;
         int i;
 
         if (!is_hpet_capable())
@@ -872,10 +886,8 @@ int __init hpet_enable(void)
 
         if (id & HPET_ID_LEGSUP) {
                 hpet_legacy_clockevent_register();
-                hpet_msi_capability_lookup(2);
                 return 1;
         }
-        hpet_msi_capability_lookup(0);
         return 0;
 
 out_nohpet:
@@ -908,9 +920,17 @@ static __init int hpet_late_init(void)
         if (!hpet_virt_address)
                 return -ENODEV;
 
+        if (hpet_readl(HPET_ID) & HPET_ID_LEGSUP)
+                hpet_msi_capability_lookup(2);
+        else
+                hpet_msi_capability_lookup(0);
+
         hpet_reserve_platform_timers(hpet_readl(HPET_ID));
         hpet_print_config();
 
+        if (boot_cpu_has(X86_FEATURE_ARAT))
+                return 0;
+
         for_each_online_cpu(cpu) {
                 hpet_cpuhp_notify(NULL, CPU_ONLINE, (void *)(long)cpu);
         }
@@ -925,7 +945,7 @@ fs_initcall(hpet_late_init);
 void hpet_disable(void)
 {
         if (is_hpet_capable()) {
-                unsigned long cfg = hpet_readl(HPET_CFG);
+                unsigned int cfg = hpet_readl(HPET_CFG);
 
                 if (hpet_legacy_int_enabled) {
                         cfg &= ~HPET_CFG_LEGACY;
@@ -965,8 +985,8 @@ static int hpet_prev_update_sec;
 static struct rtc_time hpet_alarm_time;
 static unsigned long hpet_pie_count;
 static u32 hpet_t1_cmp;
-static unsigned long hpet_default_delta;
-static unsigned long hpet_pie_delta;
+static u32 hpet_default_delta;
+static u32 hpet_pie_delta;
 static unsigned long hpet_pie_limit;
 
 static rtc_irq_handler irq_handler;
@@ -1017,7 +1037,8 @@ EXPORT_SYMBOL_GPL(hpet_unregister_irq_handler);
  */
 int hpet_rtc_timer_init(void)
 {
-        unsigned long cfg, cnt, delta, flags;
+        unsigned int cfg, cnt, delta;
+        unsigned long flags;
 
         if (!is_hpet_enabled())
                 return 0;
@@ -1027,7 +1048,7 @@ int hpet_rtc_timer_init(void)
 
                 clc = (uint64_t) hpet_clockevent.mult * NSEC_PER_SEC;
                 clc >>= hpet_clockevent.shift + DEFAULT_RTC_SHIFT;
-                hpet_default_delta = (unsigned long) clc;
+                hpet_default_delta = clc;
         }
 
         if (!(hpet_rtc_flags & RTC_PIE) || hpet_pie_limit)
@@ -1113,7 +1134,7 @@ int hpet_set_periodic_freq(unsigned long freq)
                 clc = (uint64_t) hpet_clockevent.mult * NSEC_PER_SEC;
                 do_div(clc, freq);
                 clc >>= hpet_clockevent.shift;
-                hpet_pie_delta = (unsigned long) clc;
+                hpet_pie_delta = clc;
         }
         return 1;
 }
@@ -1127,7 +1148,7 @@ EXPORT_SYMBOL_GPL(hpet_rtc_dropped_irq);
 
 static void hpet_rtc_timer_reinit(void)
 {
-        unsigned long cfg, delta;
+        unsigned int cfg, delta;
         int lost_ints = -1;
 
         if (unlikely(!hpet_rtc_flags)) {
diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c
index fee6cc2b2079..664bcb7384ac 100644
--- a/arch/x86/kernel/irq.c
+++ b/arch/x86/kernel/irq.c
@@ -18,7 +18,7 @@
 atomic_t irq_err_count;
 
 /* Function pointer for generic interrupt vector handling */
-void (*generic_interrupt_extension)(void) = NULL;
+void (*x86_platform_ipi_callback)(void) = NULL;
 
 /*
  * 'what should we do if we get a hw irq event on an illegal vector'.
@@ -72,10 +72,10 @@ static int show_other_interrupts(struct seq_file *p, int prec)
                 seq_printf(p, "%10u ", irq_stats(j)->apic_pending_irqs);
         seq_printf(p, "  Performance pending work\n");
 #endif
-        if (generic_interrupt_extension) {
+        if (x86_platform_ipi_callback) {
                 seq_printf(p, "%*s: ", prec, "PLT");
                 for_each_online_cpu(j)
-                        seq_printf(p, "%10u ", irq_stats(j)->generic_irqs);
+                        seq_printf(p, "%10u ", irq_stats(j)->x86_platform_ipis);
                 seq_printf(p, "  Platform interrupts\n");
         }
 #ifdef CONFIG_SMP
@@ -187,8 +187,8 @@ u64 arch_irq_stat_cpu(unsigned int cpu)
         sum += irq_stats(cpu)->apic_perf_irqs;
         sum += irq_stats(cpu)->apic_pending_irqs;
 #endif
-        if (generic_interrupt_extension)
-                sum += irq_stats(cpu)->generic_irqs;
+        if (x86_platform_ipi_callback)
+                sum += irq_stats(cpu)->x86_platform_ipis;
 #ifdef CONFIG_SMP
         sum += irq_stats(cpu)->irq_resched_count;
         sum += irq_stats(cpu)->irq_call_count;
@@ -251,9 +251,9 @@ unsigned int __irq_entry do_IRQ(struct pt_regs *regs)
 }
 
 /*
- * Handler for GENERIC_INTERRUPT_VECTOR.
+ * Handler for X86_PLATFORM_IPI_VECTOR.
  */
-void smp_generic_interrupt(struct pt_regs *regs)
+void smp_x86_platform_ipi(struct pt_regs *regs)
 {
         struct pt_regs *old_regs = set_irq_regs(regs);
 
@@ -263,10 +263,10 @@ void smp_generic_interrupt(struct pt_regs *regs)
 
         irq_enter();
 
-        inc_irq_stat(generic_irqs);
+        inc_irq_stat(x86_platform_ipis);
 
-        if (generic_interrupt_extension)
-                generic_interrupt_extension();
+        if (x86_platform_ipi_callback)
+                x86_platform_ipi_callback();
 
         irq_exit();
 
diff --git a/arch/x86/kernel/irqinit.c b/arch/x86/kernel/irqinit.c
index 40f30773fb29..d5932226614f 100644
--- a/arch/x86/kernel/irqinit.c
+++ b/arch/x86/kernel/irqinit.c
@@ -200,8 +200,8 @@ static void __init apic_intr_init(void)
         /* self generated IPI for local APIC timer */
         alloc_intr_gate(LOCAL_TIMER_VECTOR, apic_timer_interrupt);
 
-        /* generic IPI for platform specific use */
-        alloc_intr_gate(GENERIC_INTERRUPT_VECTOR, generic_interrupt);
+        /* IPI for X86 platform specific use */
+        alloc_intr_gate(X86_PLATFORM_IPI_VECTOR, x86_platform_ipi);
 
         /* IPI vectors for APIC spurious and error interrupts */
         alloc_intr_gate(SPURIOUS_APIC_VECTOR, spurious_interrupt);
diff --git a/arch/x86/kernel/machine_kexec_32.c b/arch/x86/kernel/machine_kexec_32.c
index c843f8406da2..a3fa43ba5d3b 100644
--- a/arch/x86/kernel/machine_kexec_32.c
+++ b/arch/x86/kernel/machine_kexec_32.c
@@ -158,8 +158,7 @@ int machine_kexec_prepare(struct kimage *image)
 {
         int error;
 
-        if (nx_enabled)
-                set_pages_x(image->control_code_page, 1);
+        set_pages_x(image->control_code_page, 1);
         error = machine_kexec_alloc_page_tables(image);
         if (error)
                 return error;
@@ -173,8 +172,7 @@ int machine_kexec_prepare(struct kimage *image)
  */
 void machine_kexec_cleanup(struct kimage *image)
 {
-        if (nx_enabled)
-                set_pages_nx(image->control_code_page, 1);
+        set_pages_nx(image->control_code_page, 1);
         machine_kexec_free_page_tables(image);
 }
 
diff --git a/arch/x86/kernel/microcode_amd.c b/arch/x86/kernel/microcode_amd.c
index f4c538b681ca..63123d902103 100644
--- a/arch/x86/kernel/microcode_amd.c
+++ b/arch/x86/kernel/microcode_amd.c
@@ -33,6 +33,9 @@ MODULE_LICENSE("GPL v2");
 #define UCODE_EQUIV_CPU_TABLE_TYPE 0x00000000
 #define UCODE_UCODE_TYPE           0x00000001
 
+const struct firmware *firmware;
+static int supported_cpu;
+
 struct equiv_cpu_entry {
         u32     installed_cpu;
         u32     fixed_errata_mask;
@@ -71,17 +74,14 @@ static struct equiv_cpu_entry *equiv_cpu_table;
 
 static int collect_cpu_info_amd(int cpu, struct cpu_signature *csig)
 {
-        struct cpuinfo_x86 *c = &cpu_data(cpu);
         u32 dummy;
 
-        memset(csig, 0, sizeof(*csig));
-        if (c->x86_vendor != X86_VENDOR_AMD || c->x86 < 0x10) {
-                printk(KERN_WARNING "microcode: CPU%d: AMD CPU family 0x%x not "
-                       "supported\n", cpu, c->x86);
+        if (!supported_cpu)
                 return -1;
-        }
+
+        memset(csig, 0, sizeof(*csig));
         rdmsr(MSR_AMD64_PATCH_LEVEL, csig->rev, dummy);
-        printk(KERN_INFO "microcode: CPU%d: patch_level=0x%x\n", cpu, csig->rev);
+        pr_info("microcode: CPU%d: patch_level=0x%x\n", cpu, csig->rev);
         return 0;
 }
 
@@ -103,22 +103,15 @@ static int get_matching_microcode(int cpu, void *mc, int rev)
                 i++;
         }
 
-        if (!equiv_cpu_id) {
-                printk(KERN_WARNING "microcode: CPU%d: cpu revision "
-                       "not listed in equivalent cpu table\n", cpu);
+        if (!equiv_cpu_id)
                 return 0;
-        }
 
-        if (mc_header->processor_rev_id != equiv_cpu_id) {
-                printk(KERN_ERR "microcode: CPU%d: patch mismatch "
-                       "(processor_rev_id: %x, equiv_cpu_id: %x)\n",
-                       cpu, mc_header->processor_rev_id, equiv_cpu_id);
+        if (mc_header->processor_rev_id != equiv_cpu_id)
                 return 0;
-        }
 
         /* ucode might be chipset specific -- currently we don't support this */
         if (mc_header->nb_dev_id || mc_header->sb_dev_id) {
-                printk(KERN_ERR "microcode: CPU%d: loading of chipset "
+                pr_err(KERN_ERR "microcode: CPU%d: loading of chipset "
                        "specific code not yet supported\n", cpu);
                 return 0;
         }
@@ -148,14 +141,12 @@ static int apply_microcode_amd(int cpu)
 
         /* check current patch id and patch's id for match */
         if (rev != mc_amd->hdr.patch_id) {
-                printk(KERN_ERR "microcode: CPU%d: update failed "
+                pr_err("microcode: CPU%d: update failed "
                        "(for patch_level=0x%x)\n", cpu, mc_amd->hdr.patch_id);
                 return -1;
         }
 
-        printk(KERN_INFO "microcode: CPU%d: updated (new patch_level=0x%x)\n",
-               cpu, rev);
-
+        pr_info("microcode: CPU%d: updated (new patch_level=0x%x)\n", cpu, rev);
         uci->cpu_sig.rev = rev;
 
         return 0;
@@ -178,18 +169,15 @@ get_next_ucode(const u8 *buf, unsigned int size, unsigned int *mc_size)
                 return NULL;
 
         if (section_hdr[0] != UCODE_UCODE_TYPE) {
-                printk(KERN_ERR "microcode: error: invalid type field in "
+                pr_err("microcode: error: invalid type field in "
                        "container file section header\n");
                 return NULL;
         }
 
         total_size = (unsigned long) (section_hdr[4] + (section_hdr[5] << 8));
 
-        printk(KERN_DEBUG "microcode: size %u, total_size %u\n",
-               size, total_size);
-
         if (total_size > size || total_size > UCODE_MAX_SIZE) {
-                printk(KERN_ERR "microcode: error: size mismatch\n");
+                pr_err("microcode: error: size mismatch\n");
                 return NULL;
         }
 
@@ -218,15 +206,14 @@ static int install_equiv_cpu_table(const u8 *buf)
         size = buf_pos[2];
 
         if (buf_pos[1] != UCODE_EQUIV_CPU_TABLE_TYPE || !size) {
-                printk(KERN_ERR "microcode: error: invalid type field in "
+                pr_err("microcode: error: invalid type field in "
                        "container file section header\n");
                 return 0;
         }
 
         equiv_cpu_table = (struct equiv_cpu_entry *) vmalloc(size);
         if (!equiv_cpu_table) {
-                printk(KERN_ERR "microcode: failed to allocate "
-                       "equivalent CPU table\n");
+                pr_err("microcode: failed to allocate equivalent CPU table\n");
                 return 0;
         }
 
@@ -259,8 +246,7 @@ generic_load_microcode(int cpu, const u8 *data, size_t size)
 
         offset = install_equiv_cpu_table(ucode_ptr);
         if (!offset) {
-                printk(KERN_ERR "microcode: failed to create "
-                       "equivalent cpu table\n");
+                pr_err("microcode: failed to create equivalent cpu table\n");
                 return UCODE_ERROR;
         }
 
@@ -308,33 +294,27 @@ generic_load_microcode(int cpu, const u8 *data, size_t size)
 
 static enum ucode_state request_microcode_fw(int cpu, struct device *device)
 {
-        const char *fw_name = "amd-ucode/microcode_amd.bin";
-        const struct firmware *firmware;
         enum ucode_state ret;
 
-        if (request_firmware(&firmware, fw_name, device)) {
-                printk(KERN_ERR "microcode: failed to load file %s\n", fw_name);
+        if (firmware == NULL)
                 return UCODE_NFOUND;
-        }
 
         if (*(u32 *)firmware->data != UCODE_MAGIC) {
-                printk(KERN_ERR "microcode: invalid UCODE_MAGIC (0x%08x)\n",
+                pr_err("microcode: invalid UCODE_MAGIC (0x%08x)\n",
                        *(u32 *)firmware->data);
                 return UCODE_ERROR;
         }
 
         ret = generic_load_microcode(cpu, firmware->data, firmware->size);
 
-        release_firmware(firmware);
-
         return ret;
 }
 
 static enum ucode_state
 request_microcode_user(int cpu, const void __user *buf, size_t size)
 {
-        printk(KERN_INFO "microcode: AMD microcode update via "
-               "/dev/cpu/microcode not supported\n");
+        pr_info("microcode: AMD microcode update via "
+                "/dev/cpu/microcode not supported\n");
         return UCODE_ERROR;
 }
 
@@ -346,7 +326,32 @@ static void microcode_fini_cpu_amd(int cpu)
         uci->mc = NULL;
 }
 
+void init_microcode_amd(struct device *device)
+{
+        const char *fw_name = "amd-ucode/microcode_amd.bin";
+        struct cpuinfo_x86 *c = &boot_cpu_data;
+
+        WARN_ON(c->x86_vendor != X86_VENDOR_AMD);
+
+        if (c->x86 < 0x10) {
+                pr_warning("microcode: AMD CPU family 0x%x not supported\n",
+                           c->x86);
+                return;
+        }
+        supported_cpu = 1;
+
+        if (request_firmware(&firmware, fw_name, device))
+                pr_err("microcode: failed to load file %s\n", fw_name);
+}
+
+void fini_microcode_amd(void)
+{
+        release_firmware(firmware);
+}
+
 static struct microcode_ops microcode_amd_ops = {
+        .init                             = init_microcode_amd,
+        .fini                             = fini_microcode_amd,
         .request_microcode_user           = request_microcode_user,
         .request_microcode_fw             = request_microcode_fw,
         .collect_cpu_info                 = collect_cpu_info_amd,
diff --git a/arch/x86/kernel/microcode_core.c b/arch/x86/kernel/microcode_core.c
index 2bcad3926edb..e68aae397869 100644
--- a/arch/x86/kernel/microcode_core.c
+++ b/arch/x86/kernel/microcode_core.c
@@ -391,7 +391,7 @@ static enum ucode_state microcode_update_cpu(int cpu)
         struct ucode_cpu_info *uci = ucode_cpu_info + cpu;
         enum ucode_state ustate;
 
-        if (uci->valid)
+        if (uci->valid && uci->mc)
                 ustate = microcode_resume_cpu(cpu);
         else
                 ustate = microcode_init_cpu(cpu);
@@ -518,6 +518,9 @@ static int __init microcode_init(void)
                 return PTR_ERR(microcode_pdev);
         }
 
+        if (microcode_ops->init)
+                microcode_ops->init(&microcode_pdev->dev);
+
         get_online_cpus();
         mutex_lock(&microcode_mutex);
 
@@ -561,6 +564,9 @@ static void __exit microcode_exit(void)
 
         platform_device_unregister(microcode_pdev);
 
+        if (microcode_ops->fini)
+                microcode_ops->fini();
+
         microcode_ops = NULL;
 
         pr_info("Microcode Update Driver: v" MICROCODE_VERSION " removed.\n");
diff --git a/arch/x86/kernel/mpparse.c b/arch/x86/kernel/mpparse.c
index 5be95ef4ffec..35a57c963df9 100644
--- a/arch/x86/kernel/mpparse.c
+++ b/arch/x86/kernel/mpparse.c
@@ -667,36 +667,18 @@ void __init default_get_smp_config(unsigned int early)
          */
 }
 
-static void __init smp_reserve_bootmem(struct mpf_intel *mpf)
+static void __init smp_reserve_memory(struct mpf_intel *mpf)
 {
         unsigned long size = get_mpc_size(mpf->physptr);
-#ifdef CONFIG_X86_32
-        /*
-         * We cannot access to MPC table to compute table size yet,
-         * as only few megabytes from the bottom is mapped now.
-         * PC-9800's MPC table places on the very last of physical
-         * memory; so that simply reserving PAGE_SIZE from mpf->physptr
-         * yields BUG() in reserve_bootmem.
-         * also need to make sure physptr is below than max_low_pfn
-         * we don't need reserve the area above max_low_pfn
-         */
-        unsigned long end = max_low_pfn * PAGE_SIZE;
 
-        if (mpf->physptr < end) {
-                if (mpf->physptr + size > end)
-                        size = end - mpf->physptr;
-                reserve_bootmem_generic(mpf->physptr, size, BOOTMEM_DEFAULT);
-        }
-#else
-        reserve_bootmem_generic(mpf->physptr, size, BOOTMEM_DEFAULT);
-#endif
+        reserve_early(mpf->physptr, mpf->physptr+size, "MP-table mpc");
 }
 
-static int __init smp_scan_config(unsigned long base, unsigned long length,
-                                  unsigned reserve)
+static int __init smp_scan_config(unsigned long base, unsigned long length)
 {
         unsigned int *bp = phys_to_virt(base);
         struct mpf_intel *mpf;
+        unsigned long mem;
 
         apic_printk(APIC_VERBOSE, "Scan SMP from %p for %ld bytes.\n",
                         bp, length);
@@ -717,12 +699,10 @@ static int __init smp_scan_config(unsigned long base, unsigned long length,
                         printk(KERN_INFO "found SMP MP-table at [%p] %llx\n",
                                mpf, (u64)virt_to_phys(mpf));
 
-                        if (!reserve)
-                                return 1;
-                        reserve_bootmem_generic(virt_to_phys(mpf), sizeof(*mpf),
-                                                BOOTMEM_DEFAULT);
+                        mem = virt_to_phys(mpf);
+                        reserve_early(mem, mem + sizeof(*mpf), "MP-table mpf");
                         if (mpf->physptr)
-                                smp_reserve_bootmem(mpf);
+                                smp_reserve_memory(mpf);
 
                         return 1;
                 }
@@ -732,7 +712,7 @@ static int __init smp_scan_config(unsigned long base, unsigned long length,
         return 0;
 }
 
-void __init default_find_smp_config(unsigned int reserve)
+void __init default_find_smp_config(void)
 {
         unsigned int address;
 
@@ -744,9 +724,9 @@ void __init default_find_smp_config(unsigned int reserve)
          * 2) Scan the top 1K of base RAM
          * 3) Scan the 64K of bios
          */
-        if (smp_scan_config(0x0, 0x400, reserve) ||
-            smp_scan_config(639 * 0x400, 0x400, reserve) ||
-            smp_scan_config(0xF0000, 0x10000, reserve))
+        if (smp_scan_config(0x0, 0x400) ||
+            smp_scan_config(639 * 0x400, 0x400) ||
+            smp_scan_config(0xF0000, 0x10000))
                 return;
         /*
          * If it is an SMP machine we should know now, unless the
@@ -767,7 +747,7 @@ void __init default_find_smp_config(unsigned int reserve)
 
         address = get_bios_ebda();
         if (address)
-                smp_scan_config(address, 0x400, reserve);
+                smp_scan_config(address, 0x400);
 }
 
 #ifdef CONFIG_X86_IO_APIC
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
index 744508e7cfdd..5e2ba634ea15 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -9,6 +9,7 @@
 #include <linux/pm.h>
 #include <linux/clockchips.h>
 #include <linux/random.h>
+#include <linux/user-return-notifier.h>
 #include <trace/events/power.h>
 #include <linux/hw_breakpoint.h>
 #include <asm/system.h>
@@ -209,6 +210,7 @@ void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p,
                  */
                 memset(tss->io_bitmap, 0xff, prev->io_bitmap_max);
         }
+        propagate_user_return_notify(prev_p, next_p);
 }
 
 int sys_fork(struct pt_regs *regs)
diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
index a98fe88fab64..c95c8f4e790a 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
@@ -349,26 +349,42 @@ out:
         return err;
 }
 
-void
-start_thread(struct pt_regs *regs, unsigned long new_ip, unsigned long new_sp)
+static void
+start_thread_common(struct pt_regs *regs, unsigned long new_ip,
+                    unsigned long new_sp,
+                    unsigned int _cs, unsigned int _ss, unsigned int _ds)
 {
         loadsegment(fs, 0);
-        loadsegment(es, 0);
-        loadsegment(ds, 0);
+        loadsegment(es, _ds);
+        loadsegment(ds, _ds);
         load_gs_index(0);
         regs->ip                = new_ip;
         regs->sp                = new_sp;
         percpu_write(old_rsp, new_sp);
-        regs->cs                = __USER_CS;
-        regs->ss                = __USER_DS;
-        regs->flags             = 0x200;
+        regs->cs                = _cs;
+        regs->ss                = _ss;
+        regs->flags             = X86_EFLAGS_IF;
         set_fs(USER_DS);
         /*
          * Free the old FP and other extended state
          */
         free_thread_xstate(current);
 }
-EXPORT_SYMBOL_GPL(start_thread);
+
+void
+start_thread(struct pt_regs *regs, unsigned long new_ip, unsigned long new_sp)
+{
+        start_thread_common(regs, new_ip, new_sp,
+                            __USER_CS, __USER_DS, 0);
+}
+
+#ifdef CONFIG_IA32_EMULATION
+void start_thread_ia32(struct pt_regs *regs, u32 new_ip, u32 new_sp)
+{
+        start_thread_common(regs, new_ip, new_sp,
+                            __USER32_CS, __USER32_DS, __USER32_DS);
+}
+#endif
 
 /*
  *      switch_to(x,y) should switch tasks from x to y.
diff --git a/arch/x86/kernel/reboot_fixups_32.c b/arch/x86/kernel/reboot_fixups_32.c
index 61a837743fe5..201eab63b05f 100644
--- a/arch/x86/kernel/reboot_fixups_32.c
+++ b/arch/x86/kernel/reboot_fixups_32.c
@@ -80,6 +80,7 @@ void mach_reboot_fixups(void)
                         continue;
 
                 cur->reboot_fixup(dev);
+                pci_dev_put(dev);
         }
 }
 
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 82e88cdda9bc..946a311a25c9 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -106,6 +106,7 @@
 #include <asm/percpu.h>
 #include <asm/topology.h>
 #include <asm/apicdef.h>
+#include <asm/k8.h>
 #ifdef CONFIG_X86_64
 #include <asm/numa_64.h>
 #endif
@@ -487,42 +488,11 @@ static void __init reserve_early_setup_data(void)
 
 #ifdef CONFIG_KEXEC
 
-/**
- * Reserve @size bytes of crashkernel memory at any suitable offset.
- *
- * @size: Size of the crashkernel memory to reserve.
- * Returns the base address on success, and -1ULL on failure.
- */
-static
-unsigned long long __init find_and_reserve_crashkernel(unsigned long long size)
-{
-        const unsigned long long alignment = 16<<20;    /* 16M */
-        unsigned long long start = 0LL;
-
-        while (1) {
-                int ret;
-
-                start = find_e820_area(start, ULONG_MAX, size, alignment);
-                if (start == -1ULL)
-                        return start;
-
-                /* try to reserve it */
-                ret = reserve_bootmem_generic(start, size, BOOTMEM_EXCLUSIVE);
-                if (ret >= 0)
-                        return start;
-
-                start += alignment;
-        }
-}
-
 static inline unsigned long long get_total_mem(void)
 {
         unsigned long long total;
 
-        total = max_low_pfn - min_low_pfn;
-#ifdef CONFIG_HIGHMEM
-        total += highend_pfn - highstart_pfn;
-#endif
+        total = max_pfn - min_low_pfn;
 
         return total << PAGE_SHIFT;
 }
@@ -542,21 +512,25 @@ static void __init reserve_crashkernel(void)
 
         /* 0 means: find the address automatically */
         if (crash_base <= 0) {
-                crash_base = find_and_reserve_crashkernel(crash_size);
+                const unsigned long long alignment = 16<<20;    /* 16M */
+
+                crash_base = find_e820_area(alignment, ULONG_MAX, crash_size,
+                                 alignment);
                 if (crash_base == -1ULL) {
-                        pr_info("crashkernel reservation failed. "
-                                "No suitable area found.\n");
+                        pr_info("crashkernel reservation failed - No suitable area found.\n");
                         return;
                 }
         } else {
-                ret = reserve_bootmem_generic(crash_base, crash_size,
-                                        BOOTMEM_EXCLUSIVE);
-                if (ret < 0) {
-                        pr_info("crashkernel reservation failed - "
-                                "memory is in use\n");
+                unsigned long long start;
+
+                start = find_e820_area(crash_base, ULONG_MAX, crash_size,
+                                 1<<20);
+                if (start != crash_base) {
+                        pr_info("crashkernel reservation failed - memory is in use.\n");
                         return;
                 }
         }
+        reserve_early(crash_base, crash_base + crash_size, "CRASH KERNEL");
 
         printk(KERN_INFO "Reserving %ldMB of memory at %ldMB "
                         "for crashkernel (System RAM: %ldMB)\n",
@@ -699,6 +673,9 @@ static struct dmi_system_id __initdata bad_bios_dmi_table[] = {
 
 void __init setup_arch(char **cmdline_p)
 {
+        int acpi = 0;
+        int k8 = 0;
+
 #ifdef CONFIG_X86_32
         memcpy(&boot_cpu_data, &new_cpu_data, sizeof(new_cpu_data));
         visws_early_detect();
@@ -791,21 +768,18 @@ void __init setup_arch(char **cmdline_p)
         strlcpy(command_line, boot_command_line, COMMAND_LINE_SIZE);
         *cmdline_p = command_line;
 
-#ifdef CONFIG_X86_64
         /*
-         * Must call this twice: Once just to detect whether hardware doesn't
-         * support NX (so that the early EHCI debug console setup can safely
-         * call set_fixmap(), and then again after parsing early parameters to
-         * honor the respective command line option.
+         * x86_configure_nx() is called before parse_early_param() to detect
+         * whether hardware doesn't support NX (so that the early EHCI debug
+         * console setup can safely call set_fixmap()). It may then be called
+         * again from within noexec_setup() during parsing early parameters
+         * to honor the respective command line option.
          */
-        check_efer();
-#endif
+        x86_configure_nx();
 
         parse_early_param();
 
-#ifdef CONFIG_X86_64
-        check_efer();
-#endif
+        x86_report_nx();
 
         /* Must be before kernel pagetables are setup */
         vmi_activate();
@@ -901,6 +875,13 @@ void __init setup_arch(char **cmdline_p)
 
         reserve_brk();
 
+#ifdef CONFIG_ACPI_SLEEP
+        /*
+         * Reserve low memory region for sleep support.
+         * even before init_memory_mapping
+         */
+        acpi_reserve_wakeup_memory();
+#endif
         init_gbpages();
 
         /* max_pfn_mapped is updated here */
@@ -927,6 +908,8 @@ void __init setup_arch(char **cmdline_p)
 
         reserve_initrd();
 
+        reserve_crashkernel();
+
         vsmp_init();
 
         io_delay_init();
@@ -938,27 +921,24 @@ void __init setup_arch(char **cmdline_p)
 
         early_acpi_boot_init();
 
+        /*
+         * Find and reserve possible boot-time SMP configuration:
+         */
+        find_smp_config();
+
 #ifdef CONFIG_ACPI_NUMA
         /*
          * Parse SRAT to discover nodes.
          */
-        acpi_numa_init();
+        acpi = acpi_numa_init();
 #endif
 
-        initmem_init(0, max_pfn);
-
-#ifdef CONFIG_ACPI_SLEEP
-        /*
-         * Reserve low memory region for sleep support.
-         */
-        acpi_reserve_bootmem();
+#ifdef CONFIG_K8_NUMA
+        if (!acpi)
+                k8 = !k8_numa_init(0, max_pfn);
 #endif
-        /*
-         * Find and reserve possible boot-time SMP configuration:
-         */
-        find_smp_config();
 
-        reserve_crashkernel();
+        initmem_init(0, max_pfn, acpi, k8);
 
 #ifdef CONFIG_X86_64
         /*
diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
index fbf3b07c8567..74fe6d86dc5d 100644
--- a/arch/x86/kernel/signal.c
+++ b/arch/x86/kernel/signal.c
@@ -19,6 +19,7 @@
 #include <linux/stddef.h>
 #include <linux/personality.h>
 #include <linux/uaccess.h>
+#include <linux/user-return-notifier.h>
 
 #include <asm/processor.h>
 #include <asm/ucontext.h>
@@ -863,6 +864,8 @@ do_notify_resume(struct pt_regs *regs, void *unused, __u32 thread_info_flags)
                 if (current->replacement_session_keyring)
                         key_replace_session_keyring();
         }
+        if (thread_info_flags & _TIF_USER_RETURN_NOTIFY)
+                fire_user_return_notifiers();
 
 #ifdef CONFIG_X86_32
         clear_thread_flag(TIF_IRET);
diff --git a/arch/x86/kernel/syscall_table_32.S b/arch/x86/kernel/syscall_table_32.S
index 0157cd26d7cc..70c2125d55b9 100644
--- a/arch/x86/kernel/syscall_table_32.S
+++ b/arch/x86/kernel/syscall_table_32.S
@@ -336,3 +336,4 @@ ENTRY(sys_call_table)
         .long sys_pwritev
         .long sys_rt_tgsigqueueinfo     /* 335 */
         .long sys_perf_event_open
+        .long sys_recvmmsg
diff --git a/arch/x86/kernel/tlb_uv.c b/arch/x86/kernel/tlb_uv.c
index 1740c85e24bb..364d015efebc 100644
--- a/arch/x86/kernel/tlb_uv.c
+++ b/arch/x86/kernel/tlb_uv.c
@@ -817,10 +817,8 @@ static int __init uv_init_blade(int blade)
          */
         apicid = blade_to_first_apicid(blade);
         pa = uv_read_global_mmr64(pnode, UVH_BAU_DATA_CONFIG);
-        if ((pa & 0xff) != UV_BAU_MESSAGE) {
-                uv_write_global_mmr64(pnode, UVH_BAU_DATA_CONFIG,
+        uv_write_global_mmr64(pnode, UVH_BAU_DATA_CONFIG,
                                       ((apicid << 32) | UV_BAU_MESSAGE));
-        }
         return 0;
 }
 
diff --git a/arch/x86/kernel/uv_time.c b/arch/x86/kernel/uv_time.c
index 583f11d5c480..3c84aa001c11 100644
--- a/arch/x86/kernel/uv_time.c
+++ b/arch/x86/kernel/uv_time.c
@@ -74,7 +74,7 @@ struct uv_rtc_timer_head {
  */
 static struct uv_rtc_timer_head         **blade_info __read_mostly;
 
-static int                              uv_rtc_enable;
+static int                              uv_rtc_evt_enable;
 
 /*
  * Hardware interface routines
@@ -90,7 +90,7 @@ static void uv_rtc_send_IPI(int cpu)
         pnode = uv_apicid_to_pnode(apicid);
         val = (1UL << UVH_IPI_INT_SEND_SHFT) |
               (apicid << UVH_IPI_INT_APIC_ID_SHFT) |
-              (GENERIC_INTERRUPT_VECTOR << UVH_IPI_INT_VECTOR_SHFT);
+              (X86_PLATFORM_IPI_VECTOR << UVH_IPI_INT_VECTOR_SHFT);
 
         uv_write_global_mmr64(pnode, UVH_IPI_INT, val);
 }
@@ -115,7 +115,7 @@ static int uv_setup_intr(int cpu, u64 expires)
         uv_write_global_mmr64(pnode, UVH_EVENT_OCCURRED0_ALIAS,
                 UVH_EVENT_OCCURRED0_RTC1_MASK);
 
-        val = (GENERIC_INTERRUPT_VECTOR << UVH_RTC1_INT_CONFIG_VECTOR_SHFT) |
+        val = (X86_PLATFORM_IPI_VECTOR << UVH_RTC1_INT_CONFIG_VECTOR_SHFT) |
                 ((u64)cpu_physical_id(cpu) << UVH_RTC1_INT_CONFIG_APIC_ID_SHFT);
 
         /* Set configuration */
@@ -123,7 +123,10 @@ static int uv_setup_intr(int cpu, u64 expires)
         /* Initialize comparator value */
         uv_write_global_mmr64(pnode, UVH_INT_CMPB, expires);
 
-        return (expires < uv_read_rtc(NULL) && !uv_intr_pending(pnode));
+        if (uv_read_rtc(NULL) <= expires)
+                return 0;
+
+        return !uv_intr_pending(pnode);
 }
 
 /*
@@ -223,6 +226,7 @@ static int uv_rtc_set_timer(int cpu, u64 expires)
 
         next_cpu = head->next_cpu;
         *t = expires;
+
         /* Will this one be next to go off? */
         if (next_cpu < 0 || bcpu == next_cpu ||
                         expires < head->cpu[next_cpu].expires) {
@@ -231,7 +235,7 @@ static int uv_rtc_set_timer(int cpu, u64 expires)
                         *t = ULLONG_MAX;
                         uv_rtc_find_next_timer(head, pnode);
                         spin_unlock_irqrestore(&head->lock, flags);
-                        return 1;
+                        return -ETIME;
                 }
         }
 
@@ -244,7 +248,7 @@ static int uv_rtc_set_timer(int cpu, u64 expires)
  *
  * Returns 1 if this timer was pending.
  */
-static int uv_rtc_unset_timer(int cpu)
+static int uv_rtc_unset_timer(int cpu, int force)
 {
         int pnode = uv_cpu_to_pnode(cpu);
         int bid = uv_cpu_to_blade_id(cpu);
@@ -256,14 +260,15 @@ static int uv_rtc_unset_timer(int cpu)
 
         spin_lock_irqsave(&head->lock, flags);
 
-        if (head->next_cpu == bcpu && uv_read_rtc(NULL) >= *t)
+        if ((head->next_cpu == bcpu && uv_read_rtc(NULL) >= *t) || force)
                 rc = 1;
 
-        *t = ULLONG_MAX;
-
-        /* Was the hardware setup for this timer? */
-        if (head->next_cpu == bcpu)
-                uv_rtc_find_next_timer(head, pnode);
+        if (rc) {
+                *t = ULLONG_MAX;
+                /* Was the hardware setup for this timer? */
+                if (head->next_cpu == bcpu)
+                        uv_rtc_find_next_timer(head, pnode);
+        }
 
         spin_unlock_irqrestore(&head->lock, flags);
 
@@ -310,32 +315,32 @@ static void uv_rtc_timer_setup(enum clock_event_mode mode,
                 break;
         case CLOCK_EVT_MODE_UNUSED:
         case CLOCK_EVT_MODE_SHUTDOWN:
-                uv_rtc_unset_timer(ced_cpu);
+                uv_rtc_unset_timer(ced_cpu, 1);
                 break;
         }
 }
 
 static void uv_rtc_interrupt(void)
 {
-        struct clock_event_device *ced = &__get_cpu_var(cpu_ced);
         int cpu = smp_processor_id();
+        struct clock_event_device *ced = &per_cpu(cpu_ced, cpu);
 
         if (!ced || !ced->event_handler)
                 return;
 
-        if (uv_rtc_unset_timer(cpu) != 1)
+        if (uv_rtc_unset_timer(cpu, 0) != 1)
                 return;
 
         ced->event_handler(ced);
 }
 
-static int __init uv_enable_rtc(char *str)
+static int __init uv_enable_evt_rtc(char *str)
 {
-        uv_rtc_enable = 1;
+        uv_rtc_evt_enable = 1;
 
         return 1;
 }
-__setup("uvrtc", uv_enable_rtc);
+__setup("uvrtcevt", uv_enable_evt_rtc);
 
 static __init void uv_rtc_register_clockevents(struct work_struct *dummy)
 {
@@ -350,27 +355,32 @@ static __init int uv_rtc_setup_clock(void)
 {
         int rc;
 
-        if (!uv_rtc_enable || !is_uv_system() || generic_interrupt_extension)
+        if (!is_uv_system())
                 return -ENODEV;
 
-        generic_interrupt_extension = uv_rtc_interrupt;
-
         clocksource_uv.mult = clocksource_hz2mult(sn_rtc_cycles_per_second,
                                 clocksource_uv.shift);
 
+        /* If single blade, prefer tsc */
+        if (uv_num_possible_blades() == 1)
+                clocksource_uv.rating = 250;
+
         rc = clocksource_register(&clocksource_uv);
-        if (rc) {
-                generic_interrupt_extension = NULL;
+        if (rc)
+                printk(KERN_INFO "UV RTC clocksource failed rc %d\n", rc);
+        else
+                printk(KERN_INFO "UV RTC clocksource registered freq %lu MHz\n",
+                        sn_rtc_cycles_per_second/(unsigned long)1E6);
+
+        if (rc || !uv_rtc_evt_enable || x86_platform_ipi_callback)
                 return rc;
-        }
 
         /* Setup and register clockevents */
         rc = uv_rtc_allocate_timers();
-        if (rc) {
-                clocksource_unregister(&clocksource_uv);
-                generic_interrupt_extension = NULL;
-                return rc;
-        }
+        if (rc)
+                goto error;
+
+        x86_platform_ipi_callback = uv_rtc_interrupt;
 
         clock_event_device_uv.mult = div_sc(sn_rtc_cycles_per_second,
                                 NSEC_PER_SEC, clock_event_device_uv.shift);
@@ -383,11 +393,19 @@ static __init int uv_rtc_setup_clock(void)
 
         rc = schedule_on_each_cpu(uv_rtc_register_clockevents);
         if (rc) {
-                clocksource_unregister(&clocksource_uv);
-                generic_interrupt_extension = NULL;
+                x86_platform_ipi_callback = NULL;
                 uv_rtc_deallocate_timers();
+                goto error;
         }
 
+        printk(KERN_INFO "UV RTC clockevents registered\n");
+
+        return 0;
+
+error:
+        clocksource_unregister(&clocksource_uv);
+        printk(KERN_INFO "UV RTC clockevents failed rc %d\n", rc);
+
         return rc;
 }
 arch_initcall(uv_rtc_setup_clock);
diff --git a/arch/x86/kernel/visws_quirks.c b/arch/x86/kernel/visws_quirks.c
index abda6f53e71e..34a279a7471d 100644
--- a/arch/x86/kernel/visws_quirks.c
+++ b/arch/x86/kernel/visws_quirks.c
@@ -197,7 +197,7 @@ static void __init MP_processor_info(struct mpc_cpu *m)
         apic_version[m->apicid] = ver;
 }
 
-static void __init visws_find_smp_config(unsigned int reserve)
+static void __init visws_find_smp_config(void)
 {
         struct mpc_cpu *mp = phys_to_virt(CO_CPU_TAB_PHYS);
         unsigned short ncpus = readw(phys_to_virt(CO_CPU_NUM_PHYS));
diff --git a/arch/x86/kernel/vmiclock_32.c b/arch/x86/kernel/vmiclock_32.c
index 611b9e2360d3..74c92bb194df 100644
--- a/arch/x86/kernel/vmiclock_32.c
+++ b/arch/x86/kernel/vmiclock_32.c
@@ -226,7 +226,7 @@ static void __devinit vmi_time_init_clockevent(void)
         evt->min_delta_ns = clockevent_delta2ns(1, evt);
         evt->cpumask = cpumask_of(cpu);
 
-        printk(KERN_WARNING "vmi: registering clock event %s. mult=%lu shift=%u\n",
+        printk(KERN_WARNING "vmi: registering clock event %s. mult=%u shift=%u\n",
                evt->name, evt->mult, evt->shift);
         clockevents_register_device(evt);
 }
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 3c68fe2d46cf..f3f2104408d9 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -41,6 +41,32 @@ ENTRY(phys_startup_64)
 jiffies_64 = jiffies;
 #endif
 
+#if defined(CONFIG_X86_64) && defined(CONFIG_DEBUG_RODATA)
+/*
+ * On 64-bit, align RODATA to 2MB so that even with CONFIG_DEBUG_RODATA
+ * we retain large page mappings for boundaries spanning kernel text, rodata
+ * and data sections.
+ *
+ * However, kernel identity mappings will have different RWX permissions
+ * to the pages mapping to text and to the pages padding (which are freed) the
+ * text section. Hence kernel identity mappings will be broken to smaller
+ * pages. For 64-bit, kernel text and kernel identity mappings are different,
+ * so we can enable protection checks that come with CONFIG_DEBUG_RODATA,
+ * as well as retain 2MB large page mappings for kernel text.
+ */
+#define X64_ALIGN_DEBUG_RODATA_BEGIN    . = ALIGN(HPAGE_SIZE);
+
+#define X64_ALIGN_DEBUG_RODATA_END                              \
+                . = ALIGN(HPAGE_SIZE);                          \
+                __end_rodata_hpage_align = .;
+
+#else
+
+#define X64_ALIGN_DEBUG_RODATA_BEGIN
+#define X64_ALIGN_DEBUG_RODATA_END
+
+#endif
+
 PHDRS {
         text PT_LOAD FLAGS(5);          /* R_E */
         data PT_LOAD FLAGS(7);          /* RWE */
@@ -90,7 +116,9 @@ SECTIONS
 
         EXCEPTION_TABLE(16) :text = 0x9090
 
+        X64_ALIGN_DEBUG_RODATA_BEGIN
         RO_DATA(PAGE_SIZE)
+        X64_ALIGN_DEBUG_RODATA_END
 
         /* Data */
         .data : AT(ADDR(.data) - LOAD_OFFSET) {
@@ -107,13 +135,13 @@ SECTIONS
 
                 PAGE_ALIGNED_DATA(PAGE_SIZE)
 
-                CACHELINE_ALIGNED_DATA(CONFIG_X86_L1_CACHE_BYTES)
+                CACHELINE_ALIGNED_DATA(L1_CACHE_BYTES)
 
                 DATA_DATA
                 CONSTRUCTORS
 
                 /* rarely changed data like cpu maps */
-                READ_MOSTLY_DATA(CONFIG_X86_INTERNODE_CACHE_BYTES)
+                READ_MOSTLY_DATA(INTERNODE_CACHE_BYTES)
 
                 /* End of data section */
                 _edata = .;
@@ -137,12 +165,12 @@ SECTIONS
                 *(.vsyscall_0)
         } :user
 
-        . = ALIGN(CONFIG_X86_L1_CACHE_BYTES);
+        . = ALIGN(L1_CACHE_BYTES);
         .vsyscall_fn : AT(VLOAD(.vsyscall_fn)) {
                 *(.vsyscall_fn)
         }
 
-        . = ALIGN(CONFIG_X86_L1_CACHE_BYTES);
+        . = ALIGN(L1_CACHE_BYTES);
         .vsyscall_gtod_data : AT(VLOAD(.vsyscall_gtod_data)) {
                 *(.vsyscall_gtod_data)
         }
@@ -166,7 +194,7 @@ SECTIONS
         }
         vgetcpu_mode = VVIRT(.vgetcpu_mode);
 
-        . = ALIGN(CONFIG_X86_L1_CACHE_BYTES);
+        . = ALIGN(L1_CACHE_BYTES);
         .jiffies : AT(VLOAD(.jiffies)) {
                 *(.jiffies)
         }
diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c
index 8cb4974ff599..9055e5872ff0 100644
--- a/arch/x86/kernel/vsyscall_64.c
+++ b/arch/x86/kernel/vsyscall_64.c
@@ -73,7 +73,8 @@ void update_vsyscall_tz(void)
         write_sequnlock_irqrestore(&vsyscall_gtod_data.lock, flags);
 }
 
-void update_vsyscall(struct timespec *wall_time, struct clocksource *clock)
+void update_vsyscall(struct timespec *wall_time, struct clocksource *clock,
+                     u32 mult)
 {
         unsigned long flags;
 
@@ -82,7 +83,7 @@ void update_vsyscall(struct timespec *wall_time, struct clocksource *clock)
         vsyscall_gtod_data.clock.vread = clock->vread;
         vsyscall_gtod_data.clock.cycle_last = clock->cycle_last;
         vsyscall_gtod_data.clock.mask = clock->mask;
-        vsyscall_gtod_data.clock.mult = clock->mult;
+        vsyscall_gtod_data.clock.mult = mult;
         vsyscall_gtod_data.clock.shift = clock->shift;
         vsyscall_gtod_data.wall_time_sec = wall_time->tv_sec;
         vsyscall_gtod_data.wall_time_nsec = wall_time->tv_nsec;
@@ -237,7 +238,7 @@ static ctl_table kernel_table2[] = {
 };
 
 static ctl_table kernel_root_table2[] = {
-        { .ctl_name = CTL_KERN, .procname = "kernel", .mode = 0555,
+        { .procname = "kernel", .mode = 0555,
           .child = kernel_table2 },
         {}
 };
diff --git a/arch/x86/kernel/x86_init.c b/arch/x86/kernel/x86_init.c
index d11c5ff7c65e..ccd179dec36e 100644
--- a/arch/x86/kernel/x86_init.c
+++ b/arch/x86/kernel/x86_init.c
@@ -13,6 +13,7 @@
 #include <asm/e820.h>
 #include <asm/time.h>
 #include <asm/irq.h>
+#include <asm/pat.h>
 #include <asm/tsc.h>
 #include <asm/iommu.h>
 
@@ -80,4 +81,5 @@ struct x86_platform_ops x86_platform = {
         .get_wallclock                  = mach_get_cmos_time,
         .set_wallclock                  = mach_set_rtc_mmss,
         .iommu_shutdown                 = iommu_shutdown_noop,
+        .is_untracked_pat_range         = is_ISA_range,
 };
diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig
index b84e571f4175..4cd498332466 100644
--- a/arch/x86/kvm/Kconfig
+++ b/arch/x86/kvm/Kconfig
@@ -28,6 +28,7 @@ config KVM
         select HAVE_KVM_IRQCHIP
         select HAVE_KVM_EVENTFD
         select KVM_APIC_ARCHITECTURE
+        select USER_RETURN_NOTIFIER
         ---help---
           Support hosting fully virtualized guest machines using hardware
           virtualization extensions.  You will need a fairly recent
diff --git a/arch/x86/kvm/Makefile b/arch/x86/kvm/Makefile
index 0e7fe78d0f74..31a7035c4bd9 100644
--- a/arch/x86/kvm/Makefile
+++ b/arch/x86/kvm/Makefile
@@ -6,7 +6,8 @@ CFLAGS_svm.o := -I.
 CFLAGS_vmx.o := -I.
 
 kvm-y                   += $(addprefix ../../../virt/kvm/, kvm_main.o ioapic.o \
-                                coalesced_mmio.o irq_comm.o eventfd.o)
+                                coalesced_mmio.o irq_comm.o eventfd.o \
+                                assigned-dev.o)
 kvm-$(CONFIG_IOMMU_API) += $(addprefix ../../../virt/kvm/, iommu.o)
 
 kvm-y                   += x86.o mmu.o emulate.o i8259.o irq.o lapic.o \
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index 1be5cd640e93..7e8faea4651e 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -75,6 +75,8 @@
 #define Group       (1<<14)     /* Bits 3:5 of modrm byte extend opcode */
 #define GroupDual   (1<<15)     /* Alternate decoding of mod == 3 */
 #define GroupMask   0xff        /* Group number stored in bits 0:7 */
+/* Misc flags */
+#define No64        (1<<28)
 /* Source 2 operand type */
 #define Src2None    (0<<29)
 #define Src2CL      (1<<29)
@@ -92,19 +94,23 @@ static u32 opcode_table[256] = {
         /* 0x00 - 0x07 */
         ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
         ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
-        ByteOp | DstAcc | SrcImm, DstAcc | SrcImm, 0, 0,
+        ByteOp | DstAcc | SrcImm, DstAcc | SrcImm,
+        ImplicitOps | Stack | No64, ImplicitOps | Stack | No64,
         /* 0x08 - 0x0F */
         ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
         ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
-        0, 0, 0, 0,
+        ByteOp | DstAcc | SrcImm, DstAcc | SrcImm,
+        ImplicitOps | Stack | No64, 0,
         /* 0x10 - 0x17 */
         ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
         ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
-        ByteOp | DstAcc | SrcImm, DstAcc | SrcImm, 0, 0,
+        ByteOp | DstAcc | SrcImm, DstAcc | SrcImm,
+        ImplicitOps | Stack | No64, ImplicitOps | Stack | No64,
         /* 0x18 - 0x1F */
         ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
         ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
-        ByteOp | DstAcc | SrcImm, DstAcc | SrcImm, 0, 0,
+        ByteOp | DstAcc | SrcImm, DstAcc | SrcImm,
+        ImplicitOps | Stack | No64, ImplicitOps | Stack | No64,
         /* 0x20 - 0x27 */
         ByteOp | DstMem | SrcReg | ModRM, DstMem | SrcReg | ModRM,
         ByteOp | DstReg | SrcMem | ModRM, DstReg | SrcMem | ModRM,
@@ -133,7 +139,8 @@ static u32 opcode_table[256] = {
         DstReg | Stack, DstReg | Stack, DstReg | Stack, DstReg | Stack,
         DstReg | Stack, DstReg | Stack, DstReg | Stack, DstReg | Stack,
         /* 0x60 - 0x67 */
-        0, 0, 0, DstReg | SrcMem32 | ModRM | Mov /* movsxd (x86/64) */ ,
+        ImplicitOps | Stack | No64, ImplicitOps | Stack | No64,
+        0, DstReg | SrcMem32 | ModRM | Mov /* movsxd (x86/64) */ ,
         0, 0, 0, 0,
         /* 0x68 - 0x6F */
         SrcImm | Mov | Stack, 0, SrcImmByte | Mov | Stack, 0,
@@ -158,7 +165,7 @@ static u32 opcode_table[256] = {
         /* 0x90 - 0x97 */
         DstReg, DstReg, DstReg, DstReg, DstReg, DstReg, DstReg, DstReg,
         /* 0x98 - 0x9F */
-        0, 0, SrcImm | Src2Imm16, 0,
+        0, 0, SrcImm | Src2Imm16 | No64, 0,
         ImplicitOps | Stack, ImplicitOps | Stack, 0, 0,
         /* 0xA0 - 0xA7 */
         ByteOp | DstReg | SrcMem | Mov | MemAbs, DstReg | SrcMem | Mov | MemAbs,
@@ -185,7 +192,7 @@ static u32 opcode_table[256] = {
         ByteOp | DstMem | SrcImm | ModRM | Mov, DstMem | SrcImm | ModRM | Mov,
         /* 0xC8 - 0xCF */
         0, 0, 0, ImplicitOps | Stack,
-        ImplicitOps, SrcImmByte, ImplicitOps, ImplicitOps,
+        ImplicitOps, SrcImmByte, ImplicitOps | No64, ImplicitOps,
         /* 0xD0 - 0xD7 */
         ByteOp | DstMem | SrcImplicit | ModRM, DstMem | SrcImplicit | ModRM,
         ByteOp | DstMem | SrcImplicit | ModRM, DstMem | SrcImplicit | ModRM,
@@ -198,7 +205,7 @@ static u32 opcode_table[256] = {
         ByteOp | SrcImmUByte, SrcImmUByte,
         /* 0xE8 - 0xEF */
         SrcImm | Stack, SrcImm | ImplicitOps,
-        SrcImmU | Src2Imm16, SrcImmByte | ImplicitOps,
+        SrcImmU | Src2Imm16 | No64, SrcImmByte | ImplicitOps,
         SrcNone | ByteOp | ImplicitOps, SrcNone | ImplicitOps,
         SrcNone | ByteOp | ImplicitOps, SrcNone | ImplicitOps,
         /* 0xF0 - 0xF7 */
@@ -244,11 +251,13 @@ static u32 twobyte_table[256] = {
         /* 0x90 - 0x9F */
         0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
         /* 0xA0 - 0xA7 */
-        0, 0, 0, DstMem | SrcReg | ModRM | BitOp,
+        ImplicitOps | Stack, ImplicitOps | Stack,
+        0, DstMem | SrcReg | ModRM | BitOp,
         DstMem | SrcReg | Src2ImmByte | ModRM,
         DstMem | SrcReg | Src2CL | ModRM, 0, 0,
         /* 0xA8 - 0xAF */
-        0, 0, 0, DstMem | SrcReg | ModRM | BitOp,
+        ImplicitOps | Stack, ImplicitOps | Stack,
+        0, DstMem | SrcReg | ModRM | BitOp,
         DstMem | SrcReg | Src2ImmByte | ModRM,
         DstMem | SrcReg | Src2CL | ModRM,
         ModRM, 0,
@@ -613,6 +622,9 @@ static int do_insn_fetch(struct x86_emulate_ctxt *ctxt,
 {
         int rc = 0;
 
+        /* x86 instructions are limited to 15 bytes. */
+        if (eip + size - ctxt->decode.eip_orig > 15)
+                return X86EMUL_UNHANDLEABLE;
         eip += ctxt->cs_base;
         while (size--) {
                 rc = do_fetch_insn_byte(ctxt, ops, eip++, dest++);
@@ -871,7 +883,7 @@ x86_decode_insn(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops)
         /* Shadow copy of register state. Committed on successful emulation. */
 
         memset(c, 0, sizeof(struct decode_cache));
-        c->eip = kvm_rip_read(ctxt->vcpu);
+        c->eip = c->eip_orig = kvm_rip_read(ctxt->vcpu);
         ctxt->cs_base = seg_base(ctxt, VCPU_SREG_CS);
         memcpy(c->regs, ctxt->vcpu->arch.regs, sizeof c->regs);
 
@@ -962,6 +974,11 @@ done_prefixes:
                 }
         }
 
+        if (mode == X86EMUL_MODE_PROT64 && (c->d & No64)) {
+                kvm_report_emulation_failure(ctxt->vcpu, "invalid x86/64 instruction");;
+                return -1;
+        }
+
         if (c->d & Group) {
                 group = c->d & GroupMask;
                 c->modrm = insn_fetch(u8, 1, c->eip);
@@ -1186,6 +1203,69 @@ static int emulate_pop(struct x86_emulate_ctxt *ctxt,
         return rc;
 }
 
+static void emulate_push_sreg(struct x86_emulate_ctxt *ctxt, int seg)
+{
+        struct decode_cache *c = &ctxt->decode;
+        struct kvm_segment segment;
+
+        kvm_x86_ops->get_segment(ctxt->vcpu, &segment, seg);
+
+        c->src.val = segment.selector;
+        emulate_push(ctxt);
+}
+
+static int emulate_pop_sreg(struct x86_emulate_ctxt *ctxt,
+                             struct x86_emulate_ops *ops, int seg)
+{
+        struct decode_cache *c = &ctxt->decode;
+        unsigned long selector;
+        int rc;
+
+        rc = emulate_pop(ctxt, ops, &selector, c->op_bytes);
+        if (rc != 0)
+                return rc;
+
+        rc = kvm_load_segment_descriptor(ctxt->vcpu, (u16)selector, 1, seg);
+        return rc;
+}
+
+static void emulate_pusha(struct x86_emulate_ctxt *ctxt)
+{
+        struct decode_cache *c = &ctxt->decode;
+        unsigned long old_esp = c->regs[VCPU_REGS_RSP];
+        int reg = VCPU_REGS_RAX;
+
+        while (reg <= VCPU_REGS_RDI) {
+                (reg == VCPU_REGS_RSP) ?
+                (c->src.val = old_esp) : (c->src.val = c->regs[reg]);
+
+                emulate_push(ctxt);
+                ++reg;
+        }
+}
+
+static int emulate_popa(struct x86_emulate_ctxt *ctxt,
+                        struct x86_emulate_ops *ops)
+{
+        struct decode_cache *c = &ctxt->decode;
+        int rc = 0;
+        int reg = VCPU_REGS_RDI;
+
+        while (reg >= VCPU_REGS_RAX) {
+                if (reg == VCPU_REGS_RSP) {
+                        register_address_increment(c, &c->regs[VCPU_REGS_RSP],
+                                                        c->op_bytes);
+                        --reg;
+                }
+
+                rc = emulate_pop(ctxt, ops, &c->regs[reg], c->op_bytes);
+                if (rc != 0)
+                        break;
+                --reg;
+        }
+        return rc;
+}
+
 static inline int emulate_grp1a(struct x86_emulate_ctxt *ctxt,
                                 struct x86_emulate_ops *ops)
 {
@@ -1707,18 +1787,45 @@ special_insn:
               add:              /* add */
                 emulate_2op_SrcV("add", c->src, c->dst, ctxt->eflags);
                 break;
+        case 0x06:              /* push es */
+                emulate_push_sreg(ctxt, VCPU_SREG_ES);
+                break;
+        case 0x07:              /* pop es */
+                rc = emulate_pop_sreg(ctxt, ops, VCPU_SREG_ES);
+                if (rc != 0)
+                        goto done;
+                break;
         case 0x08 ... 0x0d:
               or:               /* or */
                 emulate_2op_SrcV("or", c->src, c->dst, ctxt->eflags);
                 break;
+        case 0x0e:              /* push cs */
+                emulate_push_sreg(ctxt, VCPU_SREG_CS);
+                break;
         case 0x10 ... 0x15:
               adc:              /* adc */
                 emulate_2op_SrcV("adc", c->src, c->dst, ctxt->eflags);
                 break;
+        case 0x16:              /* push ss */
+                emulate_push_sreg(ctxt, VCPU_SREG_SS);
+                break;
+        case 0x17:              /* pop ss */
+                rc = emulate_pop_sreg(ctxt, ops, VCPU_SREG_SS);
+                if (rc != 0)
+                        goto done;
+                break;
         case 0x18 ... 0x1d:
               sbb:              /* sbb */
                 emulate_2op_SrcV("sbb", c->src, c->dst, ctxt->eflags);
                 break;
+        case 0x1e:              /* push ds */
+                emulate_push_sreg(ctxt, VCPU_SREG_DS);
+                break;
+        case 0x1f:              /* pop ds */
+                rc = emulate_pop_sreg(ctxt, ops, VCPU_SREG_DS);
+                if (rc != 0)
+                        goto done;
+                break;
         case 0x20 ... 0x25:
               and:              /* and */
                 emulate_2op_SrcV("and", c->src, c->dst, ctxt->eflags);
@@ -1750,6 +1857,14 @@ special_insn:
                 if (rc != 0)
                         goto done;
                 break;
+        case 0x60:      /* pusha */
+                emulate_pusha(ctxt);
+                break;
+        case 0x61:      /* popa */
+                rc = emulate_popa(ctxt, ops);
+                if (rc != 0)
+                        goto done;
+                break;
         case 0x63:              /* movsxd */
                 if (ctxt->mode != X86EMUL_MODE_PROT64)
                         goto cannot_emulate;
@@ -1761,7 +1876,7 @@ special_insn:
                 break;
         case 0x6c:              /* insb */
         case 0x6d:              /* insw/insd */
-                 if (kvm_emulate_pio_string(ctxt->vcpu, NULL,
+                 if (kvm_emulate_pio_string(ctxt->vcpu,
                                 1,
                                 (c->d & ByteOp) ? 1 : c->op_bytes,
                                 c->rep_prefix ?
@@ -1777,7 +1892,7 @@ special_insn:
                 return 0;
         case 0x6e:              /* outsb */
         case 0x6f:              /* outsw/outsd */
-                if (kvm_emulate_pio_string(ctxt->vcpu, NULL,
+                if (kvm_emulate_pio_string(ctxt->vcpu,
                                 0,
                                 (c->d & ByteOp) ? 1 : c->op_bytes,
                                 c->rep_prefix ?
@@ -2070,7 +2185,7 @@ special_insn:
         case 0xef: /* out (e/r)ax,dx */
                 port = c->regs[VCPU_REGS_RDX];
                 io_dir_in = 0;
-        do_io:  if (kvm_emulate_pio(ctxt->vcpu, NULL, io_dir_in,
+        do_io:  if (kvm_emulate_pio(ctxt->vcpu, io_dir_in,
                                    (c->d & ByteOp) ? 1 : c->op_bytes,
                                    port) != 0) {
                         c->eip = saved_eip;
@@ -2297,6 +2412,14 @@ twobyte_insn:
                         jmp_rel(c, c->src.val);
                 c->dst.type = OP_NONE;
                 break;
+        case 0xa0:        /* push fs */
+                emulate_push_sreg(ctxt, VCPU_SREG_FS);
+                break;
+        case 0xa1:       /* pop fs */
+                rc = emulate_pop_sreg(ctxt, ops, VCPU_SREG_FS);
+                if (rc != 0)
+                        goto done;
+                break;
         case 0xa3:
               bt:               /* bt */
                 c->dst.type = OP_NONE;
@@ -2308,6 +2431,14 @@ twobyte_insn:
         case 0xa5: /* shld cl, r, r/m */
                 emulate_2op_cl("shld", c->src2, c->src, c->dst, ctxt->eflags);
                 break;
+        case 0xa8:      /* push gs */
+                emulate_push_sreg(ctxt, VCPU_SREG_GS);
+                break;
+        case 0xa9:      /* pop gs */
+                rc = emulate_pop_sreg(ctxt, ops, VCPU_SREG_GS);
+                if (rc != 0)
+                        goto done;
+                break;
         case 0xab:
               bts:              /* bts */
                 /* only subword offset */
diff --git a/arch/x86/kvm/i8254.c b/arch/x86/kvm/i8254.c
index 144e7f60b5e2..fab7440c9bb2 100644
--- a/arch/x86/kvm/i8254.c
+++ b/arch/x86/kvm/i8254.c
@@ -688,10 +688,8 @@ static void __inject_pit_timer_intr(struct kvm *kvm)
         struct kvm_vcpu *vcpu;
         int i;
 
-        mutex_lock(&kvm->irq_lock);
         kvm_set_irq(kvm, kvm->arch.vpit->irq_source_id, 0, 1);
         kvm_set_irq(kvm, kvm->arch.vpit->irq_source_id, 0, 0);
-        mutex_unlock(&kvm->irq_lock);
 
         /*
          * Provides NMI watchdog support via Virtual Wire mode.
diff --git a/arch/x86/kvm/i8259.c b/arch/x86/kvm/i8259.c
index 01f151682802..d057c0cbd245 100644
--- a/arch/x86/kvm/i8259.c
+++ b/arch/x86/kvm/i8259.c
@@ -38,7 +38,15 @@ static void pic_clear_isr(struct kvm_kpic_state *s, int irq)
         s->isr_ack |= (1 << irq);
         if (s != &s->pics_state->pics[0])
                 irq += 8;
+        /*
+         * We are dropping lock while calling ack notifiers since ack
+         * notifier callbacks for assigned devices call into PIC recursively.
+         * Other interrupt may be delivered to PIC while lock is dropped but
+         * it should be safe since PIC state is already updated at this stage.
+         */
+        spin_unlock(&s->pics_state->lock);
         kvm_notify_acked_irq(s->pics_state->kvm, SELECT_PIC(irq), irq);
+        spin_lock(&s->pics_state->lock);
 }
 
 void kvm_pic_clear_isr_ack(struct kvm *kvm)
@@ -176,16 +184,18 @@ int kvm_pic_set_irq(void *opaque, int irq, int level)
 static inline void pic_intack(struct kvm_kpic_state *s, int irq)
 {
         s->isr |= 1 << irq;
-        if (s->auto_eoi) {
-                if (s->rotate_on_auto_eoi)
-                        s->priority_add = (irq + 1) & 7;
-                pic_clear_isr(s, irq);
-        }
         /*
          * We don't clear a level sensitive interrupt here
          */
         if (!(s->elcr & (1 << irq)))
                 s->irr &= ~(1 << irq);
+
+        if (s->auto_eoi) {
+                if (s->rotate_on_auto_eoi)
+                        s->priority_add = (irq + 1) & 7;
+                pic_clear_isr(s, irq);
+        }
+
 }
 
 int kvm_pic_read_irq(struct kvm *kvm)
@@ -225,22 +235,11 @@ int kvm_pic_read_irq(struct kvm *kvm)
 
 void kvm_pic_reset(struct kvm_kpic_state *s)
 {
-        int irq, irqbase, n;
+        int irq;
         struct kvm *kvm = s->pics_state->irq_request_opaque;
         struct kvm_vcpu *vcpu0 = kvm->bsp_vcpu;
+        u8 irr = s->irr, isr = s->imr;
 
-        if (s == &s->pics_state->pics[0])
-                irqbase = 0;
-        else
-                irqbase = 8;
-
-        for (irq = 0; irq < PIC_NUM_PINS/2; irq++) {
-                if (vcpu0 && kvm_apic_accept_pic_intr(vcpu0))
-                        if (s->irr & (1 << irq) || s->isr & (1 << irq)) {
-                                n = irq + irqbase;
-                                kvm_notify_acked_irq(kvm, SELECT_PIC(n), n);
-                        }
-        }
         s->last_irr = 0;
         s->irr = 0;
         s->imr = 0;
@@ -256,6 +255,13 @@ void kvm_pic_reset(struct kvm_kpic_state *s)
         s->rotate_on_auto_eoi = 0;
         s->special_fully_nested_mode = 0;
         s->init4 = 0;
+
+        for (irq = 0; irq < PIC_NUM_PINS/2; irq++) {
+                if (vcpu0 && kvm_apic_accept_pic_intr(vcpu0))
+                        if (irr & (1 << irq) || isr & (1 << irq)) {
+                                pic_clear_isr(s, irq);
+                        }
+        }
 }
 
 static void pic_ioport_write(void *opaque, u32 addr, u32 val)
@@ -298,9 +304,9 @@ static void pic_ioport_write(void *opaque, u32 addr, u32 val)
                                 priority = get_priority(s, s->isr);
                                 if (priority != 8) {
                                         irq = (priority + s->priority_add) & 7;
-                                        pic_clear_isr(s, irq);
                                         if (cmd == 5)
                                                 s->priority_add = (irq + 1) & 7;
+                                        pic_clear_isr(s, irq);
                                         pic_update_irq(s->pics_state);
                                 }
                                 break;
diff --git a/arch/x86/kvm/irq.h b/arch/x86/kvm/irq.h
index 7d6058a2fd38..be399e207d57 100644
--- a/arch/x86/kvm/irq.h
+++ b/arch/x86/kvm/irq.h
@@ -71,6 +71,7 @@ struct kvm_pic {
         int output;             /* intr from master PIC */
         struct kvm_io_device dev;
         void (*ack_notifier)(void *opaque, int irq);
+        unsigned long irq_states[16];
 };
 
 struct kvm_pic *kvm_create_pic(struct kvm *kvm);
@@ -85,7 +86,11 @@ static inline struct kvm_pic *pic_irqchip(struct kvm *kvm)
 
 static inline int irqchip_in_kernel(struct kvm *kvm)
 {
-        return pic_irqchip(kvm) != NULL;
+        int ret;
+
+        ret = (pic_irqchip(kvm) != NULL);
+        smp_rmb();
+        return ret;
 }
 
 void kvm_pic_reset(struct kvm_kpic_state *s);
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index 23c217692ea9..cd60c0bd1b32 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -32,7 +32,6 @@
 #include <asm/current.h>
 #include <asm/apicdef.h>
 #include <asm/atomic.h>
-#include <asm/apicdef.h>
 #include "kvm_cache_regs.h"
 #include "irq.h"
 #include "trace.h"
@@ -471,11 +470,8 @@ static void apic_set_eoi(struct kvm_lapic *apic)
                 trigger_mode = IOAPIC_LEVEL_TRIG;
         else
                 trigger_mode = IOAPIC_EDGE_TRIG;
-        if (!(apic_get_reg(apic, APIC_SPIV) & APIC_SPIV_DIRECTED_EOI)) {
-                mutex_lock(&apic->vcpu->kvm->irq_lock);
+        if (!(apic_get_reg(apic, APIC_SPIV) & APIC_SPIV_DIRECTED_EOI))
                 kvm_ioapic_update_eoi(apic->vcpu->kvm, vector, trigger_mode);
-                mutex_unlock(&apic->vcpu->kvm->irq_lock);
-        }
 }
 
 static void apic_send_ipi(struct kvm_lapic *apic)
@@ -504,9 +500,7 @@ static void apic_send_ipi(struct kvm_lapic *apic)
                    irq.trig_mode, irq.level, irq.dest_mode, irq.delivery_mode,
                    irq.vector);
 
-        mutex_lock(&apic->vcpu->kvm->irq_lock);
         kvm_irq_delivery_to_apic(apic->vcpu->kvm, apic, &irq);
-        mutex_unlock(&apic->vcpu->kvm->irq_lock);
 }
 
 static u32 apic_get_tmcct(struct kvm_lapic *apic)
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index 818b92ad82cf..4c3e5b2314cb 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -2789,7 +2789,7 @@ int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t cr2, u32 error_code)
         if (r)
                 goto out;
 
-        er = emulate_instruction(vcpu, vcpu->run, cr2, error_code, 0);
+        er = emulate_instruction(vcpu, cr2, error_code, 0);
 
         switch (er) {
         case EMULATE_DONE:
@@ -2800,6 +2800,7 @@ int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t cr2, u32 error_code)
         case EMULATE_FAIL:
                 vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
                 vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_EMULATION;
+                vcpu->run->internal.ndata = 0;
                 return 0;
         default:
                 BUG();
diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
index 72558f8ff3f5..a6017132fba8 100644
--- a/arch/x86/kvm/paging_tmpl.h
+++ b/arch/x86/kvm/paging_tmpl.h
@@ -467,7 +467,6 @@ static void FNAME(invlpg)(struct kvm_vcpu *vcpu, gva_t gva)
                 level = iterator.level;
                 sptep = iterator.sptep;
 
-                /* FIXME: properly handle invlpg on large guest pages */
                 if (level == PT_PAGE_TABLE_LEVEL  ||
                     ((level == PT_DIRECTORY_LEVEL && is_large_pte(*sptep))) ||
                     ((level == PT_PDPE_LEVEL && is_large_pte(*sptep)))) {
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index c17404add91f..3de0b37ec038 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -46,6 +46,7 @@ MODULE_LICENSE("GPL");
 #define SVM_FEATURE_NPT  (1 << 0)
 #define SVM_FEATURE_LBRV (1 << 1)
 #define SVM_FEATURE_SVML (1 << 2)
+#define SVM_FEATURE_PAUSE_FILTER (1 << 10)
 
 #define NESTED_EXIT_HOST        0       /* Exit handled on host level */
 #define NESTED_EXIT_DONE        1       /* Exit caused nested vmexit  */
@@ -53,15 +54,6 @@ MODULE_LICENSE("GPL");
 
 #define DEBUGCTL_RESERVED_BITS (~(0x3fULL))
 
-/* Turn on to get debugging output*/
-/* #define NESTED_DEBUG */
-
-#ifdef NESTED_DEBUG
-#define nsvm_printk(fmt, args...) printk(KERN_INFO fmt, ## args)
-#else
-#define nsvm_printk(fmt, args...) do {} while(0)
-#endif
-
 static const u32 host_save_user_msrs[] = {
 #ifdef CONFIG_X86_64
         MSR_STAR, MSR_LSTAR, MSR_CSTAR, MSR_SYSCALL_MASK, MSR_KERNEL_GS_BASE,
@@ -85,6 +77,9 @@ struct nested_state {
         /* gpa pointers to the real vectors */
         u64 vmcb_msrpm;
 
+        /* A VMEXIT is required but not yet emulated */
+        bool exit_required;
+
         /* cache for intercepts of the guest */
         u16 intercept_cr_read;
         u16 intercept_cr_write;
@@ -112,6 +107,8 @@ struct vcpu_svm {
         u32 *msrpm;
 
         struct nested_state nested;
+
+        bool nmi_singlestep;
 };
 
 /* enable NPT for AMD64 and X86 with PAE */
@@ -286,7 +283,7 @@ static void skip_emulated_instruction(struct kvm_vcpu *vcpu)
         struct vcpu_svm *svm = to_svm(vcpu);
 
         if (!svm->next_rip) {
-                if (emulate_instruction(vcpu, vcpu->run, 0, 0, EMULTYPE_SKIP) !=
+                if (emulate_instruction(vcpu, 0, 0, EMULTYPE_SKIP) !=
                                 EMULATE_DONE)
                         printk(KERN_DEBUG "%s: NOP\n", __func__);
                 return;
@@ -316,7 +313,7 @@ static void svm_hardware_disable(void *garbage)
         cpu_svm_disable();
 }
 
-static void svm_hardware_enable(void *garbage)
+static int svm_hardware_enable(void *garbage)
 {
 
         struct svm_cpu_data *svm_data;
@@ -325,16 +322,21 @@ static void svm_hardware_enable(void *garbage)
         struct desc_struct *gdt;
         int me = raw_smp_processor_id();
 
+        rdmsrl(MSR_EFER, efer);
+        if (efer & EFER_SVME)
+                return -EBUSY;
+
         if (!has_svm()) {
-                printk(KERN_ERR "svm_cpu_init: err EOPNOTSUPP on %d\n", me);
-                return;
+                printk(KERN_ERR "svm_hardware_enable: err EOPNOTSUPP on %d\n",
+                       me);
+                return -EINVAL;
         }
         svm_data = per_cpu(svm_data, me);
 
         if (!svm_data) {
-                printk(KERN_ERR "svm_cpu_init: svm_data is NULL on %d\n",
+                printk(KERN_ERR "svm_hardware_enable: svm_data is NULL on %d\n",
                        me);
-                return;
+                return -EINVAL;
         }
 
         svm_data->asid_generation = 1;
@@ -345,11 +347,12 @@ static void svm_hardware_enable(void *garbage)
         gdt = (struct desc_struct *)gdt_descr.base;
         svm_data->tss_desc = (struct kvm_ldttss_desc *)(gdt + GDT_ENTRY_TSS);
 
-        rdmsrl(MSR_EFER, efer);
         wrmsrl(MSR_EFER, efer | EFER_SVME);
 
         wrmsrl(MSR_VM_HSAVE_PA,
                page_to_pfn(svm_data->save_area) << PAGE_SHIFT);
+
+        return 0;
 }
 
 static void svm_cpu_uninit(int cpu)
@@ -476,7 +479,7 @@ static __init int svm_hardware_setup(void)
                 kvm_enable_efer_bits(EFER_SVME);
         }
 
-        for_each_online_cpu(cpu) {
+        for_each_possible_cpu(cpu) {
                 r = svm_cpu_init(cpu);
                 if (r)
                         goto err;
@@ -510,7 +513,7 @@ static __exit void svm_hardware_unsetup(void)
 {
         int cpu;
 
-        for_each_online_cpu(cpu)
+        for_each_possible_cpu(cpu)
                 svm_cpu_uninit(cpu);
 
         __free_pages(pfn_to_page(iopm_base >> PAGE_SHIFT), IOPM_ALLOC_ORDER);
@@ -625,11 +628,12 @@ static void init_vmcb(struct vcpu_svm *svm)
         save->rip = 0x0000fff0;
         svm->vcpu.arch.regs[VCPU_REGS_RIP] = save->rip;
 
-        /*
-         * cr0 val on cpu init should be 0x60000010, we enable cpu
-         * cache by default. the orderly way is to enable cache in bios.
+        /* This is the guest-visible cr0 value.
+         * svm_set_cr0() sets PG and WP and clears NW and CD on save->cr0.
          */
-        save->cr0 = 0x00000010 | X86_CR0_PG | X86_CR0_WP;
+        svm->vcpu.arch.cr0 = X86_CR0_NW | X86_CR0_CD | X86_CR0_ET;
+        kvm_set_cr0(&svm->vcpu, svm->vcpu.arch.cr0);
+
         save->cr4 = X86_CR4_PAE;
         /* rdx = ?? */
 
@@ -644,8 +648,6 @@ static void init_vmcb(struct vcpu_svm *svm)
                 control->intercept_cr_write &= ~(INTERCEPT_CR0_MASK|
                                                  INTERCEPT_CR3_MASK);
                 save->g_pat = 0x0007040600070406ULL;
-                /* enable caching because the QEMU Bios doesn't enable it */
-                save->cr0 = X86_CR0_ET;
                 save->cr3 = 0;
                 save->cr4 = 0;
         }
@@ -654,6 +656,11 @@ static void init_vmcb(struct vcpu_svm *svm)
         svm->nested.vmcb = 0;
         svm->vcpu.arch.hflags = 0;
 
+        if (svm_has(SVM_FEATURE_PAUSE_FILTER)) {
+                control->pause_filter_count = 3000;
+                control->intercept |= (1ULL << INTERCEPT_PAUSE);
+        }
+
         enable_gif(svm);
 }
 
@@ -758,14 +765,13 @@ static void svm_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
         int i;
 
         if (unlikely(cpu != vcpu->cpu)) {
-                u64 tsc_this, delta;
+                u64 delta;
 
                 /*
                  * Make sure that the guest sees a monotonically
                  * increasing TSC.
                  */
-                rdtscll(tsc_this);
-                delta = vcpu->arch.host_tsc - tsc_this;
+                delta = vcpu->arch.host_tsc - native_read_tsc();
                 svm->vmcb->control.tsc_offset += delta;
                 if (is_nested(svm))
                         svm->nested.hsave->control.tsc_offset += delta;
@@ -787,7 +793,7 @@ static void svm_vcpu_put(struct kvm_vcpu *vcpu)
         for (i = 0; i < NR_HOST_SAVE_USER_MSRS; i++)
                 wrmsrl(host_save_user_msrs[i], svm->host_user_msrs[i]);
 
-        rdtscll(vcpu->arch.host_tsc);
+        vcpu->arch.host_tsc = native_read_tsc();
 }
 
 static unsigned long svm_get_rflags(struct kvm_vcpu *vcpu)
@@ -1045,7 +1051,7 @@ static void update_db_intercept(struct kvm_vcpu *vcpu)
         svm->vmcb->control.intercept_exceptions &=
                 ~((1 << DB_VECTOR) | (1 << BP_VECTOR));
 
-        if (vcpu->arch.singlestep)
+        if (svm->nmi_singlestep)
                 svm->vmcb->control.intercept_exceptions |= (1 << DB_VECTOR);
 
         if (vcpu->guest_debug & KVM_GUESTDBG_ENABLE) {
@@ -1060,26 +1066,16 @@ static void update_db_intercept(struct kvm_vcpu *vcpu)
                 vcpu->guest_debug = 0;
 }
 
-static int svm_guest_debug(struct kvm_vcpu *vcpu, struct kvm_guest_debug *dbg)
+static void svm_guest_debug(struct kvm_vcpu *vcpu, struct kvm_guest_debug *dbg)
 {
-        int old_debug = vcpu->guest_debug;
         struct vcpu_svm *svm = to_svm(vcpu);
 
-        vcpu->guest_debug = dbg->control;
-
-        update_db_intercept(vcpu);
-
         if (vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP)
                 svm->vmcb->save.dr7 = dbg->arch.debugreg[7];
         else
                 svm->vmcb->save.dr7 = vcpu->arch.dr7;
 
-        if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP)
-                svm->vmcb->save.rflags |= X86_EFLAGS_TF | X86_EFLAGS_RF;
-        else if (old_debug & KVM_GUESTDBG_SINGLESTEP)
-                svm->vmcb->save.rflags &= ~(X86_EFLAGS_TF | X86_EFLAGS_RF);
-
-        return 0;
+        update_db_intercept(vcpu);
 }
 
 static void load_host_msrs(struct kvm_vcpu *vcpu)
@@ -1180,7 +1176,7 @@ static void svm_set_dr(struct kvm_vcpu *vcpu, int dr, unsigned long value,
         }
 }
 
-static int pf_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int pf_interception(struct vcpu_svm *svm)
 {
         u64 fault_address;
         u32 error_code;
@@ -1194,17 +1190,19 @@ static int pf_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
         return kvm_mmu_page_fault(&svm->vcpu, fault_address, error_code);
 }
 
-static int db_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int db_interception(struct vcpu_svm *svm)
 {
+        struct kvm_run *kvm_run = svm->vcpu.run;
+
         if (!(svm->vcpu.guest_debug &
               (KVM_GUESTDBG_SINGLESTEP | KVM_GUESTDBG_USE_HW_BP)) &&
-                !svm->vcpu.arch.singlestep) {
+                !svm->nmi_singlestep) {
                 kvm_queue_exception(&svm->vcpu, DB_VECTOR);
                 return 1;
         }
 
-        if (svm->vcpu.arch.singlestep) {
-                svm->vcpu.arch.singlestep = false;
+        if (svm->nmi_singlestep) {
+                svm->nmi_singlestep = false;
                 if (!(svm->vcpu.guest_debug & KVM_GUESTDBG_SINGLESTEP))
                         svm->vmcb->save.rflags &=
                                 ~(X86_EFLAGS_TF | X86_EFLAGS_RF);
@@ -1223,25 +1221,27 @@ static int db_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int bp_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int bp_interception(struct vcpu_svm *svm)
 {
+        struct kvm_run *kvm_run = svm->vcpu.run;
+
         kvm_run->exit_reason = KVM_EXIT_DEBUG;
         kvm_run->debug.arch.pc = svm->vmcb->save.cs.base + svm->vmcb->save.rip;
         kvm_run->debug.arch.exception = BP_VECTOR;
         return 0;
 }
 
-static int ud_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int ud_interception(struct vcpu_svm *svm)
 {
         int er;
 
-        er = emulate_instruction(&svm->vcpu, kvm_run, 0, 0, EMULTYPE_TRAP_UD);
+        er = emulate_instruction(&svm->vcpu, 0, 0, EMULTYPE_TRAP_UD);
         if (er != EMULATE_DONE)
                 kvm_queue_exception(&svm->vcpu, UD_VECTOR);
         return 1;
 }
 
-static int nm_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int nm_interception(struct vcpu_svm *svm)
 {
         svm->vmcb->control.intercept_exceptions &= ~(1 << NM_VECTOR);
         if (!(svm->vcpu.arch.cr0 & X86_CR0_TS))
@@ -1251,7 +1251,7 @@ static int nm_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int mc_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int mc_interception(struct vcpu_svm *svm)
 {
         /*
          * On an #MC intercept the MCE handler is not called automatically in
@@ -1264,8 +1264,10 @@ static int mc_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int shutdown_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int shutdown_interception(struct vcpu_svm *svm)
 {
+        struct kvm_run *kvm_run = svm->vcpu.run;
+
         /*
          * VMCB is undefined after a SHUTDOWN intercept
          * so reinitialize it.
@@ -1277,7 +1279,7 @@ static int shutdown_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
         return 0;
 }
 
-static int io_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int io_interception(struct vcpu_svm *svm)
 {
         u32 io_info = svm->vmcb->control.exit_info_1; /* address size bug? */
         int size, in, string;
@@ -1291,7 +1293,7 @@ static int io_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
 
         if (string) {
                 if (emulate_instruction(&svm->vcpu,
-                                        kvm_run, 0, 0, 0) == EMULATE_DO_MMIO)
+                                        0, 0, 0) == EMULATE_DO_MMIO)
                         return 0;
                 return 1;
         }
@@ -1301,33 +1303,33 @@ static int io_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
         size = (io_info & SVM_IOIO_SIZE_MASK) >> SVM_IOIO_SIZE_SHIFT;
 
         skip_emulated_instruction(&svm->vcpu);
-        return kvm_emulate_pio(&svm->vcpu, kvm_run, in, size, port);
+        return kvm_emulate_pio(&svm->vcpu, in, size, port);
 }
 
-static int nmi_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int nmi_interception(struct vcpu_svm *svm)
 {
         return 1;
 }
 
-static int intr_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int intr_interception(struct vcpu_svm *svm)
 {
         ++svm->vcpu.stat.irq_exits;
         return 1;
 }
 
-static int nop_on_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int nop_on_interception(struct vcpu_svm *svm)
 {
         return 1;
 }
 
-static int halt_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int halt_interception(struct vcpu_svm *svm)
 {
         svm->next_rip = kvm_rip_read(&svm->vcpu) + 1;
         skip_emulated_instruction(&svm->vcpu);
         return kvm_emulate_halt(&svm->vcpu);
 }
 
-static int vmmcall_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int vmmcall_interception(struct vcpu_svm *svm)
 {
         svm->next_rip = kvm_rip_read(&svm->vcpu) + 3;
         skip_emulated_instruction(&svm->vcpu);
@@ -1378,8 +1380,15 @@ static inline int nested_svm_intr(struct vcpu_svm *svm)
 
         svm->vmcb->control.exit_code = SVM_EXIT_INTR;
 
-        if (nested_svm_exit_handled(svm)) {
-                nsvm_printk("VMexit -> INTR\n");
+        if (svm->nested.intercept & 1ULL) {
+                /*
+                 * The #vmexit can't be emulated here directly because this
+                 * code path runs with irqs and preemtion disabled. A
+                 * #vmexit emulation might sleep. Only signal request for
+                 * the #vmexit here.
+                 */
+                svm->nested.exit_required = true;
+                trace_kvm_nested_intr_vmexit(svm->vmcb->save.rip);
                 return 1;
         }
 
@@ -1390,10 +1399,7 @@ static void *nested_svm_map(struct vcpu_svm *svm, u64 gpa, enum km_type idx)
 {
         struct page *page;
 
-        down_read(&current->mm->mmap_sem);
         page = gfn_to_page(svm->vcpu.kvm, gpa >> PAGE_SHIFT);
-        up_read(&current->mm->mmap_sem);
-
         if (is_error_page(page))
                 goto error;
 
@@ -1532,14 +1538,12 @@ static int nested_svm_exit_handled(struct vcpu_svm *svm)
         }
         default: {
                 u64 exit_bits = 1ULL << (exit_code - SVM_EXIT_INTR);
-                nsvm_printk("exit code: 0x%x\n", exit_code);
                 if (svm->nested.intercept & exit_bits)
                         vmexit = NESTED_EXIT_DONE;
         }
         }
 
         if (vmexit == NESTED_EXIT_DONE) {
-                nsvm_printk("#VMEXIT reason=%04x\n", exit_code);
                 nested_svm_vmexit(svm);
         }
 
@@ -1584,6 +1588,12 @@ static int nested_svm_vmexit(struct vcpu_svm *svm)
         struct vmcb *hsave = svm->nested.hsave;
         struct vmcb *vmcb = svm->vmcb;
 
+        trace_kvm_nested_vmexit_inject(vmcb->control.exit_code,
+                                       vmcb->control.exit_info_1,
+                                       vmcb->control.exit_info_2,
+                                       vmcb->control.exit_int_info,
+                                       vmcb->control.exit_int_info_err);
+
         nested_vmcb = nested_svm_map(svm, svm->nested.vmcb, KM_USER0);
         if (!nested_vmcb)
                 return 1;
@@ -1617,6 +1627,22 @@ static int nested_svm_vmexit(struct vcpu_svm *svm)
         nested_vmcb->control.exit_info_2       = vmcb->control.exit_info_2;
         nested_vmcb->control.exit_int_info     = vmcb->control.exit_int_info;
         nested_vmcb->control.exit_int_info_err = vmcb->control.exit_int_info_err;
+
+        /*
+         * If we emulate a VMRUN/#VMEXIT in the same host #vmexit cycle we have
+         * to make sure that we do not lose injected events. So check event_inj
+         * here and copy it to exit_int_info if it is valid.
+         * Exit_int_info and event_inj can't be both valid because the case
+         * below only happens on a VMRUN instruction intercept which has
+         * no valid exit_int_info set.
+         */
+        if (vmcb->control.event_inj & SVM_EVTINJ_VALID) {
+                struct vmcb_control_area *nc = &nested_vmcb->control;
+
+                nc->exit_int_info     = vmcb->control.event_inj;
+                nc->exit_int_info_err = vmcb->control.event_inj_err;
+        }
+
         nested_vmcb->control.tlb_ctl           = 0;
         nested_vmcb->control.event_inj         = 0;
         nested_vmcb->control.event_inj_err     = 0;
@@ -1628,10 +1654,6 @@ static int nested_svm_vmexit(struct vcpu_svm *svm)
         /* Restore the original control entries */
         copy_vmcb_control_area(vmcb, hsave);
 
-        /* Kill any pending exceptions */
-        if (svm->vcpu.arch.exception.pending == true)
-                nsvm_printk("WARNING: Pending Exception\n");
-
         kvm_clear_exception_queue(&svm->vcpu);
         kvm_clear_interrupt_queue(&svm->vcpu);
 
@@ -1702,6 +1724,12 @@ static bool nested_svm_vmrun(struct vcpu_svm *svm)
         /* nested_vmcb is our indicator if nested SVM is activated */
         svm->nested.vmcb = svm->vmcb->save.rax;
 
+        trace_kvm_nested_vmrun(svm->vmcb->save.rip - 3, svm->nested.vmcb,
+                               nested_vmcb->save.rip,
+                               nested_vmcb->control.int_ctl,
+                               nested_vmcb->control.event_inj,
+                               nested_vmcb->control.nested_ctl);
+
         /* Clear internal status */
         kvm_clear_exception_queue(&svm->vcpu);
         kvm_clear_interrupt_queue(&svm->vcpu);
@@ -1789,28 +1817,15 @@ static bool nested_svm_vmrun(struct vcpu_svm *svm)
         svm->nested.intercept            = nested_vmcb->control.intercept;
 
         force_new_asid(&svm->vcpu);
-        svm->vmcb->control.exit_int_info = nested_vmcb->control.exit_int_info;
-        svm->vmcb->control.exit_int_info_err = nested_vmcb->control.exit_int_info_err;
         svm->vmcb->control.int_ctl = nested_vmcb->control.int_ctl | V_INTR_MASKING_MASK;
-        if (nested_vmcb->control.int_ctl & V_IRQ_MASK) {
-                nsvm_printk("nSVM Injecting Interrupt: 0x%x\n",
-                                nested_vmcb->control.int_ctl);
-        }
         if (nested_vmcb->control.int_ctl & V_INTR_MASKING_MASK)
                 svm->vcpu.arch.hflags |= HF_VINTR_MASK;
         else
                 svm->vcpu.arch.hflags &= ~HF_VINTR_MASK;
 
-        nsvm_printk("nSVM exit_int_info: 0x%x | int_state: 0x%x\n",
-                        nested_vmcb->control.exit_int_info,
-                        nested_vmcb->control.int_state);
-
         svm->vmcb->control.int_vector = nested_vmcb->control.int_vector;
         svm->vmcb->control.int_state = nested_vmcb->control.int_state;
         svm->vmcb->control.tsc_offset += nested_vmcb->control.tsc_offset;
-        if (nested_vmcb->control.event_inj & SVM_EVTINJ_VALID)
-                nsvm_printk("Injecting Event: 0x%x\n",
-                                nested_vmcb->control.event_inj);
         svm->vmcb->control.event_inj = nested_vmcb->control.event_inj;
         svm->vmcb->control.event_inj_err = nested_vmcb->control.event_inj_err;
 
@@ -1837,7 +1852,7 @@ static void nested_svm_vmloadsave(struct vmcb *from_vmcb, struct vmcb *to_vmcb)
         to_vmcb->save.sysenter_eip = from_vmcb->save.sysenter_eip;
 }
 
-static int vmload_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int vmload_interception(struct vcpu_svm *svm)
 {
         struct vmcb *nested_vmcb;
 
@@ -1857,7 +1872,7 @@ static int vmload_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int vmsave_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int vmsave_interception(struct vcpu_svm *svm)
 {
         struct vmcb *nested_vmcb;
 
@@ -1877,10 +1892,8 @@ static int vmsave_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int vmrun_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int vmrun_interception(struct vcpu_svm *svm)
 {
-        nsvm_printk("VMrun\n");
-
         if (nested_svm_check_permissions(svm))
                 return 1;
 
@@ -1907,7 +1920,7 @@ failed:
         return 1;
 }
 
-static int stgi_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int stgi_interception(struct vcpu_svm *svm)
 {
         if (nested_svm_check_permissions(svm))
                 return 1;
@@ -1920,7 +1933,7 @@ static int stgi_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int clgi_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int clgi_interception(struct vcpu_svm *svm)
 {
         if (nested_svm_check_permissions(svm))
                 return 1;
@@ -1937,10 +1950,12 @@ static int clgi_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int invlpga_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int invlpga_interception(struct vcpu_svm *svm)
 {
         struct kvm_vcpu *vcpu = &svm->vcpu;
-        nsvm_printk("INVLPGA\n");
+
+        trace_kvm_invlpga(svm->vmcb->save.rip, vcpu->arch.regs[VCPU_REGS_RCX],
+                          vcpu->arch.regs[VCPU_REGS_RAX]);
 
         /* Let's treat INVLPGA the same as INVLPG (can be optimized!) */
         kvm_mmu_invlpg(vcpu, vcpu->arch.regs[VCPU_REGS_RAX]);
@@ -1950,15 +1965,21 @@ static int invlpga_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int invalid_op_interception(struct vcpu_svm *svm,
-                                   struct kvm_run *kvm_run)
+static int skinit_interception(struct vcpu_svm *svm)
 {
+        trace_kvm_skinit(svm->vmcb->save.rip, svm->vcpu.arch.regs[VCPU_REGS_RAX]);
+
         kvm_queue_exception(&svm->vcpu, UD_VECTOR);
         return 1;
 }
 
-static int task_switch_interception(struct vcpu_svm *svm,
-                                    struct kvm_run *kvm_run)
+static int invalid_op_interception(struct vcpu_svm *svm)
+{
+        kvm_queue_exception(&svm->vcpu, UD_VECTOR);
+        return 1;
+}
+
+static int task_switch_interception(struct vcpu_svm *svm)
 {
         u16 tss_selector;
         int reason;
@@ -2008,14 +2029,14 @@ static int task_switch_interception(struct vcpu_svm *svm,
         return kvm_task_switch(&svm->vcpu, tss_selector, reason);
 }
 
-static int cpuid_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int cpuid_interception(struct vcpu_svm *svm)
 {
         svm->next_rip = kvm_rip_read(&svm->vcpu) + 2;
         kvm_emulate_cpuid(&svm->vcpu);
         return 1;
 }
 
-static int iret_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int iret_interception(struct vcpu_svm *svm)
 {
         ++svm->vcpu.stat.nmi_window_exits;
         svm->vmcb->control.intercept &= ~(1UL << INTERCEPT_IRET);
@@ -2023,26 +2044,27 @@ static int iret_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int invlpg_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int invlpg_interception(struct vcpu_svm *svm)
 {
-        if (emulate_instruction(&svm->vcpu, kvm_run, 0, 0, 0) != EMULATE_DONE)
+        if (emulate_instruction(&svm->vcpu, 0, 0, 0) != EMULATE_DONE)
                 pr_unimpl(&svm->vcpu, "%s: failed\n", __func__);
         return 1;
 }
 
-static int emulate_on_interception(struct vcpu_svm *svm,
-                                   struct kvm_run *kvm_run)
+static int emulate_on_interception(struct vcpu_svm *svm)
 {
-        if (emulate_instruction(&svm->vcpu, NULL, 0, 0, 0) != EMULATE_DONE)
+        if (emulate_instruction(&svm->vcpu, 0, 0, 0) != EMULATE_DONE)
                 pr_unimpl(&svm->vcpu, "%s: failed\n", __func__);
         return 1;
 }
 
-static int cr8_write_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int cr8_write_interception(struct vcpu_svm *svm)
 {
+        struct kvm_run *kvm_run = svm->vcpu.run;
+
         u8 cr8_prev = kvm_get_cr8(&svm->vcpu);
         /* instruction emulation calls kvm_set_cr8() */
-        emulate_instruction(&svm->vcpu, NULL, 0, 0, 0);
+        emulate_instruction(&svm->vcpu, 0, 0, 0);
         if (irqchip_in_kernel(svm->vcpu.kvm)) {
                 svm->vmcb->control.intercept_cr_write &= ~INTERCEPT_CR8_MASK;
                 return 1;
@@ -2128,7 +2150,7 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 *data)
         return 0;
 }
 
-static int rdmsr_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int rdmsr_interception(struct vcpu_svm *svm)
 {
         u32 ecx = svm->vcpu.arch.regs[VCPU_REGS_RCX];
         u64 data;
@@ -2221,7 +2243,7 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 data)
         return 0;
 }
 
-static int wrmsr_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int wrmsr_interception(struct vcpu_svm *svm)
 {
         u32 ecx = svm->vcpu.arch.regs[VCPU_REGS_RCX];
         u64 data = (svm->vcpu.arch.regs[VCPU_REGS_RAX] & -1u)
@@ -2237,17 +2259,18 @@ static int wrmsr_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int msr_interception(struct vcpu_svm *svm, struct kvm_run *kvm_run)
+static int msr_interception(struct vcpu_svm *svm)
 {
         if (svm->vmcb->control.exit_info_1)
-                return wrmsr_interception(svm, kvm_run);
+                return wrmsr_interception(svm);
         else
-                return rdmsr_interception(svm, kvm_run);
+                return rdmsr_interception(svm);
 }
 
-static int interrupt_window_interception(struct vcpu_svm *svm,
-                                   struct kvm_run *kvm_run)
+static int interrupt_window_interception(struct vcpu_svm *svm)
 {
+        struct kvm_run *kvm_run = svm->vcpu.run;
+
         svm_clear_vintr(svm);
         svm->vmcb->control.int_ctl &= ~V_IRQ_MASK;
         /*
@@ -2265,8 +2288,13 @@ static int interrupt_window_interception(struct vcpu_svm *svm,
         return 1;
 }
 
-static int (*svm_exit_handlers[])(struct vcpu_svm *svm,
-                                      struct kvm_run *kvm_run) = {
+static int pause_interception(struct vcpu_svm *svm)
+{
+        kvm_vcpu_on_spin(&(svm->vcpu));
+        return 1;
+}
+
+static int (*svm_exit_handlers[])(struct vcpu_svm *svm) = {
         [SVM_EXIT_READ_CR0]                     = emulate_on_interception,
         [SVM_EXIT_READ_CR3]                     = emulate_on_interception,
         [SVM_EXIT_READ_CR4]                     = emulate_on_interception,
@@ -2301,6 +2329,7 @@ static int (*svm_exit_handlers[])(struct vcpu_svm *svm,
         [SVM_EXIT_CPUID]                        = cpuid_interception,
         [SVM_EXIT_IRET]                         = iret_interception,
         [SVM_EXIT_INVD]                         = emulate_on_interception,
+        [SVM_EXIT_PAUSE]                        = pause_interception,
         [SVM_EXIT_HLT]                          = halt_interception,
         [SVM_EXIT_INVLPG]                       = invlpg_interception,
         [SVM_EXIT_INVLPGA]                      = invlpga_interception,
@@ -2314,26 +2343,36 @@ static int (*svm_exit_handlers[])(struct vcpu_svm *svm,
         [SVM_EXIT_VMSAVE]                       = vmsave_interception,
         [SVM_EXIT_STGI]                         = stgi_interception,
         [SVM_EXIT_CLGI]                         = clgi_interception,
-        [SVM_EXIT_SKINIT]                       = invalid_op_interception,
+        [SVM_EXIT_SKINIT]                       = skinit_interception,
         [SVM_EXIT_WBINVD]                       = emulate_on_interception,
         [SVM_EXIT_MONITOR]                      = invalid_op_interception,
         [SVM_EXIT_MWAIT]                        = invalid_op_interception,
         [SVM_EXIT_NPF]                          = pf_interception,
 };
 
-static int handle_exit(struct kvm_run *kvm_run, struct kvm_vcpu *vcpu)
+static int handle_exit(struct kvm_vcpu *vcpu)
 {
         struct vcpu_svm *svm = to_svm(vcpu);
+        struct kvm_run *kvm_run = vcpu->run;
         u32 exit_code = svm->vmcb->control.exit_code;
 
         trace_kvm_exit(exit_code, svm->vmcb->save.rip);
 
+        if (unlikely(svm->nested.exit_required)) {
+                nested_svm_vmexit(svm);
+                svm->nested.exit_required = false;
+
+                return 1;
+        }
+
         if (is_nested(svm)) {
                 int vmexit;
 
-                nsvm_printk("nested handle_exit: 0x%x | 0x%lx | 0x%lx | 0x%lx\n",
-                            exit_code, svm->vmcb->control.exit_info_1,
-                            svm->vmcb->control.exit_info_2, svm->vmcb->save.rip);
+                trace_kvm_nested_vmexit(svm->vmcb->save.rip, exit_code,
+                                        svm->vmcb->control.exit_info_1,
+                                        svm->vmcb->control.exit_info_2,
+                                        svm->vmcb->control.exit_int_info,
+                                        svm->vmcb->control.exit_int_info_err);
 
                 vmexit = nested_svm_exit_special(svm);
 
@@ -2383,7 +2422,7 @@ static int handle_exit(struct kvm_run *kvm_run, struct kvm_vcpu *vcpu)
                 return 0;
         }
 
-        return svm_exit_handlers[exit_code](svm, kvm_run);
+        return svm_exit_handlers[exit_code](svm);
 }
 
 static void reload_tss(struct kvm_vcpu *vcpu)
@@ -2460,20 +2499,47 @@ static int svm_nmi_allowed(struct kvm_vcpu *vcpu)
                 !(svm->vcpu.arch.hflags & HF_NMI_MASK);
 }
 
+static bool svm_get_nmi_mask(struct kvm_vcpu *vcpu)
+{
+        struct vcpu_svm *svm = to_svm(vcpu);
+
+        return !!(svm->vcpu.arch.hflags & HF_NMI_MASK);
+}
+
+static void svm_set_nmi_mask(struct kvm_vcpu *vcpu, bool masked)
+{
+        struct vcpu_svm *svm = to_svm(vcpu);
+
+        if (masked) {
+                svm->vcpu.arch.hflags |= HF_NMI_MASK;
+                svm->vmcb->control.intercept |= (1UL << INTERCEPT_IRET);
+        } else {
+                svm->vcpu.arch.hflags &= ~HF_NMI_MASK;
+                svm->vmcb->control.intercept &= ~(1UL << INTERCEPT_IRET);
+        }
+}
+
 static int svm_interrupt_allowed(struct kvm_vcpu *vcpu)
 {
         struct vcpu_svm *svm = to_svm(vcpu);
         struct vmcb *vmcb = svm->vmcb;
-        return (vmcb->save.rflags & X86_EFLAGS_IF) &&
-                !(vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK) &&
-                gif_set(svm) &&
-                !(is_nested(svm) && (svm->vcpu.arch.hflags & HF_VINTR_MASK));
+        int ret;
+
+        if (!gif_set(svm) ||
+             (vmcb->control.int_state & SVM_INTERRUPT_SHADOW_MASK))
+                return 0;
+
+        ret = !!(vmcb->save.rflags & X86_EFLAGS_IF);
+
+        if (is_nested(svm))
+                return ret && !(svm->vcpu.arch.hflags & HF_VINTR_MASK);
+
+        return ret;
 }
 
 static void enable_irq_window(struct kvm_vcpu *vcpu)
 {
         struct vcpu_svm *svm = to_svm(vcpu);
-        nsvm_printk("Trying to open IRQ window\n");
 
         nested_svm_intr(svm);
 
@@ -2498,7 +2564,7 @@ static void enable_nmi_window(struct kvm_vcpu *vcpu)
         /* Something prevents NMI from been injected. Single step over
            possible problem (IRET or exception injection or interrupt
            shadow) */
-        vcpu->arch.singlestep = true;
+        svm->nmi_singlestep = true;
         svm->vmcb->save.rflags |= (X86_EFLAGS_TF | X86_EFLAGS_RF);
         update_db_intercept(vcpu);
 }
@@ -2588,13 +2654,20 @@ static void svm_complete_interrupts(struct vcpu_svm *svm)
 #define R "e"
 #endif
 
-static void svm_vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static void svm_vcpu_run(struct kvm_vcpu *vcpu)
 {
         struct vcpu_svm *svm = to_svm(vcpu);
         u16 fs_selector;
         u16 gs_selector;
         u16 ldt_selector;
 
+        /*
+         * A vmexit emulation is required before the vcpu can be executed
+         * again.
+         */
+        if (unlikely(svm->nested.exit_required))
+                return;
+
         svm->vmcb->save.rax = vcpu->arch.regs[VCPU_REGS_RAX];
         svm->vmcb->save.rsp = vcpu->arch.regs[VCPU_REGS_RSP];
         svm->vmcb->save.rip = vcpu->arch.regs[VCPU_REGS_RIP];
@@ -2893,6 +2966,8 @@ static struct kvm_x86_ops svm_x86_ops = {
         .queue_exception = svm_queue_exception,
         .interrupt_allowed = svm_interrupt_allowed,
         .nmi_allowed = svm_nmi_allowed,
+        .get_nmi_mask = svm_get_nmi_mask,
+        .set_nmi_mask = svm_set_nmi_mask,
         .enable_nmi_window = enable_nmi_window,
         .enable_irq_window = enable_irq_window,
         .update_cr8_intercept = update_cr8_intercept,
diff --git a/arch/x86/kvm/trace.h b/arch/x86/kvm/trace.h
index 0d480e77eacf..816e0449db0b 100644
--- a/arch/x86/kvm/trace.h
+++ b/arch/x86/kvm/trace.h
@@ -349,6 +349,171 @@ TRACE_EVENT(kvm_apic_accept_irq,
                   __entry->coalesced ? " (coalesced)" : "")
 );
 
+/*
+ * Tracepoint for nested VMRUN
+ */
+TRACE_EVENT(kvm_nested_vmrun,
+            TP_PROTO(__u64 rip, __u64 vmcb, __u64 nested_rip, __u32 int_ctl,
+                     __u32 event_inj, bool npt),
+            TP_ARGS(rip, vmcb, nested_rip, int_ctl, event_inj, npt),
+
+        TP_STRUCT__entry(
+                __field(        __u64,          rip             )
+                __field(        __u64,          vmcb            )
+                __field(        __u64,          nested_rip      )
+                __field(        __u32,          int_ctl         )
+                __field(        __u32,          event_inj       )
+                __field(        bool,           npt             )
+        ),
+
+        TP_fast_assign(
+                __entry->rip            = rip;
+                __entry->vmcb           = vmcb;
+                __entry->nested_rip     = nested_rip;
+                __entry->int_ctl        = int_ctl;
+                __entry->event_inj      = event_inj;
+                __entry->npt            = npt;
+        ),
+
+        TP_printk("rip: 0x%016llx vmcb: 0x%016llx nrip: 0x%016llx int_ctl: 0x%08x "
+                  "event_inj: 0x%08x npt: %s\n",
+                __entry->rip, __entry->vmcb, __entry->nested_rip,
+                __entry->int_ctl, __entry->event_inj,
+                __entry->npt ? "on" : "off")
+);
+
+/*
+ * Tracepoint for #VMEXIT while nested
+ */
+TRACE_EVENT(kvm_nested_vmexit,
+            TP_PROTO(__u64 rip, __u32 exit_code,
+                     __u64 exit_info1, __u64 exit_info2,
+                     __u32 exit_int_info, __u32 exit_int_info_err),
+            TP_ARGS(rip, exit_code, exit_info1, exit_info2,
+                    exit_int_info, exit_int_info_err),
+
+        TP_STRUCT__entry(
+                __field(        __u64,          rip                     )
+                __field(        __u32,          exit_code               )
+                __field(        __u64,          exit_info1              )
+                __field(        __u64,          exit_info2              )
+                __field(        __u32,          exit_int_info           )
+                __field(        __u32,          exit_int_info_err       )
+        ),
+
+        TP_fast_assign(
+                __entry->rip                    = rip;
+                __entry->exit_code              = exit_code;
+                __entry->exit_info1             = exit_info1;
+                __entry->exit_info2             = exit_info2;
+                __entry->exit_int_info          = exit_int_info;
+                __entry->exit_int_info_err      = exit_int_info_err;
+        ),
+        TP_printk("rip: 0x%016llx reason: %s ext_inf1: 0x%016llx "
+                  "ext_inf2: 0x%016llx ext_int: 0x%08x ext_int_err: 0x%08x\n",
+                  __entry->rip,
+                  ftrace_print_symbols_seq(p, __entry->exit_code,
+                                           kvm_x86_ops->exit_reasons_str),
+                  __entry->exit_info1, __entry->exit_info2,
+                  __entry->exit_int_info, __entry->exit_int_info_err)
+);
+
+/*
+ * Tracepoint for #VMEXIT reinjected to the guest
+ */
+TRACE_EVENT(kvm_nested_vmexit_inject,
+            TP_PROTO(__u32 exit_code,
+                     __u64 exit_info1, __u64 exit_info2,
+                     __u32 exit_int_info, __u32 exit_int_info_err),
+            TP_ARGS(exit_code, exit_info1, exit_info2,
+                    exit_int_info, exit_int_info_err),
+
+        TP_STRUCT__entry(
+                __field(        __u32,          exit_code               )
+                __field(        __u64,          exit_info1              )
+                __field(        __u64,          exit_info2              )
+                __field(        __u32,          exit_int_info           )
+                __field(        __u32,          exit_int_info_err       )
+        ),
+
+        TP_fast_assign(
+                __entry->exit_code              = exit_code;
+                __entry->exit_info1             = exit_info1;
+                __entry->exit_info2             = exit_info2;
+                __entry->exit_int_info          = exit_int_info;
+                __entry->exit_int_info_err      = exit_int_info_err;
+        ),
+
+        TP_printk("reason: %s ext_inf1: 0x%016llx "
+                  "ext_inf2: 0x%016llx ext_int: 0x%08x ext_int_err: 0x%08x\n",
+                  ftrace_print_symbols_seq(p, __entry->exit_code,
+                                           kvm_x86_ops->exit_reasons_str),
+                __entry->exit_info1, __entry->exit_info2,
+                __entry->exit_int_info, __entry->exit_int_info_err)
+);
+
+/*
+ * Tracepoint for nested #vmexit because of interrupt pending
+ */
+TRACE_EVENT(kvm_nested_intr_vmexit,
+            TP_PROTO(__u64 rip),
+            TP_ARGS(rip),
+
+        TP_STRUCT__entry(
+                __field(        __u64,  rip     )
+        ),
+
+        TP_fast_assign(
+                __entry->rip    =       rip
+        ),
+
+        TP_printk("rip: 0x%016llx\n", __entry->rip)
+);
+
+/*
+ * Tracepoint for nested #vmexit because of interrupt pending
+ */
+TRACE_EVENT(kvm_invlpga,
+            TP_PROTO(__u64 rip, int asid, u64 address),
+            TP_ARGS(rip, asid, address),
+
+        TP_STRUCT__entry(
+                __field(        __u64,  rip     )
+                __field(        int,    asid    )
+                __field(        __u64,  address )
+        ),
+
+        TP_fast_assign(
+                __entry->rip            =       rip;
+                __entry->asid           =       asid;
+                __entry->address        =       address;
+        ),
+
+        TP_printk("rip: 0x%016llx asid: %d address: 0x%016llx\n",
+                  __entry->rip, __entry->asid, __entry->address)
+);
+
+/*
+ * Tracepoint for nested #vmexit because of interrupt pending
+ */
+TRACE_EVENT(kvm_skinit,
+            TP_PROTO(__u64 rip, __u32 slb),
+            TP_ARGS(rip, slb),
+
+        TP_STRUCT__entry(
+                __field(        __u64,  rip     )
+                __field(        __u32,  slb     )
+        ),
+
+        TP_fast_assign(
+                __entry->rip            =       rip;
+                __entry->slb            =       slb;
+        ),
+
+        TP_printk("rip: 0x%016llx slb: 0x%08x\n",
+                  __entry->rip, __entry->slb)
+);
+
 #endif /* _TRACE_KVM_H */
 
 /* This part must be outside protection */
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index ed53b42caba1..d4918d6fc924 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -61,12 +61,37 @@ module_param_named(unrestricted_guest,
 static int __read_mostly emulate_invalid_guest_state = 0;
 module_param(emulate_invalid_guest_state, bool, S_IRUGO);
 
+/*
+ * These 2 parameters are used to config the controls for Pause-Loop Exiting:
+ * ple_gap:    upper bound on the amount of time between two successive
+ *             executions of PAUSE in a loop. Also indicate if ple enabled.
+ *             According to test, this time is usually small than 41 cycles.
+ * ple_window: upper bound on the amount of time a guest is allowed to execute
+ *             in a PAUSE loop. Tests indicate that most spinlocks are held for
+ *             less than 2^12 cycles
+ * Time is measured based on a counter that runs at the same rate as the TSC,
+ * refer SDM volume 3b section 21.6.13 & 22.1.3.
+ */
+#define KVM_VMX_DEFAULT_PLE_GAP    41
+#define KVM_VMX_DEFAULT_PLE_WINDOW 4096
+static int ple_gap = KVM_VMX_DEFAULT_PLE_GAP;
+module_param(ple_gap, int, S_IRUGO);
+
+static int ple_window = KVM_VMX_DEFAULT_PLE_WINDOW;
+module_param(ple_window, int, S_IRUGO);
+
 struct vmcs {
         u32 revision_id;
         u32 abort;
         char data[0];
 };
 
+struct shared_msr_entry {
+        unsigned index;
+        u64 data;
+        u64 mask;
+};
+
 struct vcpu_vmx {
         struct kvm_vcpu       vcpu;
         struct list_head      local_vcpus_link;
@@ -74,13 +99,12 @@ struct vcpu_vmx {
         int                   launched;
         u8                    fail;
         u32                   idt_vectoring_info;
-        struct kvm_msr_entry *guest_msrs;
-        struct kvm_msr_entry *host_msrs;
+        struct shared_msr_entry *guest_msrs;
         int                   nmsrs;
         int                   save_nmsrs;
-        int                   msr_offset_efer;
 #ifdef CONFIG_X86_64
-        int                   msr_offset_kernel_gs_base;
+        u64                   msr_host_kernel_gs_base;
+        u64                   msr_guest_kernel_gs_base;
 #endif
         struct vmcs          *vmcs;
         struct {
@@ -88,7 +112,6 @@ struct vcpu_vmx {
                 u16           fs_sel, gs_sel, ldt_sel;
                 int           gs_ldt_reload_needed;
                 int           fs_reload_needed;
-                int           guest_efer_loaded;
         } host_state;
         struct {
                 int vm86_active;
@@ -107,7 +130,6 @@ struct vcpu_vmx {
         } rmode;
         int vpid;
         bool emulation_required;
-        enum emulation_result invalid_state_emulation_result;
 
         /* Support for vnmi-less CPUs */
         int soft_vnmi_blocked;
@@ -176,6 +198,8 @@ static struct kvm_vmx_segment_field {
         VMX_SEGMENT_FIELD(LDTR),
 };
 
+static u64 host_efer;
+
 static void ept_save_pdptrs(struct kvm_vcpu *vcpu);
 
 /*
@@ -184,28 +208,12 @@ static void ept_save_pdptrs(struct kvm_vcpu *vcpu);
  */
 static const u32 vmx_msr_index[] = {
 #ifdef CONFIG_X86_64
-        MSR_SYSCALL_MASK, MSR_LSTAR, MSR_CSTAR, MSR_KERNEL_GS_BASE,
+        MSR_SYSCALL_MASK, MSR_LSTAR, MSR_CSTAR,
 #endif
         MSR_EFER, MSR_K6_STAR,
 };
 #define NR_VMX_MSR ARRAY_SIZE(vmx_msr_index)
 
-static void load_msrs(struct kvm_msr_entry *e, int n)
-{
-        int i;
-
-        for (i = 0; i < n; ++i)
-                wrmsrl(e[i].index, e[i].data);
-}
-
-static void save_msrs(struct kvm_msr_entry *e, int n)
-{
-        int i;
-
-        for (i = 0; i < n; ++i)
-                rdmsrl(e[i].index, e[i].data);
-}
-
 static inline int is_page_fault(u32 intr_info)
 {
         return (intr_info & (INTR_INFO_INTR_TYPE_MASK | INTR_INFO_VECTOR_MASK |
@@ -320,6 +328,12 @@ static inline int cpu_has_vmx_unrestricted_guest(void)
                 SECONDARY_EXEC_UNRESTRICTED_GUEST;
 }
 
+static inline int cpu_has_vmx_ple(void)
+{
+        return vmcs_config.cpu_based_2nd_exec_ctrl &
+                SECONDARY_EXEC_PAUSE_LOOP_EXITING;
+}
+
 static inline int vm_need_virtualize_apic_accesses(struct kvm *kvm)
 {
         return flexpriority_enabled &&
@@ -348,7 +362,7 @@ static int __find_msr_index(struct vcpu_vmx *vmx, u32 msr)
         int i;
 
         for (i = 0; i < vmx->nmsrs; ++i)
-                if (vmx->guest_msrs[i].index == msr)
+                if (vmx_msr_index[vmx->guest_msrs[i].index] == msr)
                         return i;
         return -1;
 }
@@ -379,7 +393,7 @@ static inline void __invept(int ext, u64 eptp, gpa_t gpa)
                         : : "a" (&operand), "c" (ext) : "cc", "memory");
 }
 
-static struct kvm_msr_entry *find_msr_entry(struct vcpu_vmx *vmx, u32 msr)
+static struct shared_msr_entry *find_msr_entry(struct vcpu_vmx *vmx, u32 msr)
 {
         int i;
 
@@ -570,17 +584,12 @@ static void reload_tss(void)
         load_TR_desc();
 }
 
-static void load_transition_efer(struct vcpu_vmx *vmx)
+static bool update_transition_efer(struct vcpu_vmx *vmx, int efer_offset)
 {
-        int efer_offset = vmx->msr_offset_efer;
-        u64 host_efer;
         u64 guest_efer;
         u64 ignore_bits;
 
-        if (efer_offset < 0)
-                return;
-        host_efer = vmx->host_msrs[efer_offset].data;
-        guest_efer = vmx->guest_msrs[efer_offset].data;
+        guest_efer = vmx->vcpu.arch.shadow_efer;
 
         /*
          * NX is emulated; LMA and LME handled by hardware; SCE meaninless
@@ -593,27 +602,17 @@ static void load_transition_efer(struct vcpu_vmx *vmx)
         if (guest_efer & EFER_LMA)
                 ignore_bits &= ~(u64)EFER_SCE;
 #endif
-        if ((guest_efer & ~ignore_bits) == (host_efer & ~ignore_bits))
-                return;
-
-        vmx->host_state.guest_efer_loaded = 1;
         guest_efer &= ~ignore_bits;
         guest_efer |= host_efer & ignore_bits;
-        wrmsrl(MSR_EFER, guest_efer);
-        vmx->vcpu.stat.efer_reload++;
-}
-
-static void reload_host_efer(struct vcpu_vmx *vmx)
-{
-        if (vmx->host_state.guest_efer_loaded) {
-                vmx->host_state.guest_efer_loaded = 0;
-                load_msrs(vmx->host_msrs + vmx->msr_offset_efer, 1);
-        }
+        vmx->guest_msrs[efer_offset].data = guest_efer;
+        vmx->guest_msrs[efer_offset].mask = ~ignore_bits;
+        return true;
 }
 
 static void vmx_save_host_state(struct kvm_vcpu *vcpu)
 {
         struct vcpu_vmx *vmx = to_vmx(vcpu);
+        int i;
 
         if (vmx->host_state.loaded)
                 return;
@@ -650,13 +649,15 @@ static void vmx_save_host_state(struct kvm_vcpu *vcpu)
 #endif
 
 #ifdef CONFIG_X86_64
-        if (is_long_mode(&vmx->vcpu))
-                save_msrs(vmx->host_msrs +
-                          vmx->msr_offset_kernel_gs_base, 1);
-
+        if (is_long_mode(&vmx->vcpu)) {
+                rdmsrl(MSR_KERNEL_GS_BASE, vmx->msr_host_kernel_gs_base);
+                wrmsrl(MSR_KERNEL_GS_BASE, vmx->msr_guest_kernel_gs_base);
+        }
 #endif
-        load_msrs(vmx->guest_msrs, vmx->save_nmsrs);
-        load_transition_efer(vmx);
+        for (i = 0; i < vmx->save_nmsrs; ++i)
+                kvm_set_shared_msr(vmx->guest_msrs[i].index,
+                                   vmx->guest_msrs[i].data,
+                                   vmx->guest_msrs[i].mask);
 }
 
 static void __vmx_load_host_state(struct vcpu_vmx *vmx)
@@ -684,9 +685,12 @@ static void __vmx_load_host_state(struct vcpu_vmx *vmx)
                 local_irq_restore(flags);
         }
         reload_tss();
-        save_msrs(vmx->guest_msrs, vmx->save_nmsrs);
-        load_msrs(vmx->host_msrs, vmx->save_nmsrs);
-        reload_host_efer(vmx);
+#ifdef CONFIG_X86_64
+        if (is_long_mode(&vmx->vcpu)) {
+                rdmsrl(MSR_KERNEL_GS_BASE, vmx->msr_guest_kernel_gs_base);
+                wrmsrl(MSR_KERNEL_GS_BASE, vmx->msr_host_kernel_gs_base);
+        }
+#endif
 }
 
 static void vmx_load_host_state(struct vcpu_vmx *vmx)
@@ -877,19 +881,14 @@ static void vmx_queue_exception(struct kvm_vcpu *vcpu, unsigned nr,
 /*
  * Swap MSR entry in host/guest MSR entry array.
  */
-#ifdef CONFIG_X86_64
 static void move_msr_up(struct vcpu_vmx *vmx, int from, int to)
 {
-        struct kvm_msr_entry tmp;
+        struct shared_msr_entry tmp;
 
         tmp = vmx->guest_msrs[to];
         vmx->guest_msrs[to] = vmx->guest_msrs[from];
         vmx->guest_msrs[from] = tmp;
-        tmp = vmx->host_msrs[to];
-        vmx->host_msrs[to] = vmx->host_msrs[from];
-        vmx->host_msrs[from] = tmp;
 }
-#endif
 
 /*
  * Set up the vmcs to automatically save and restore system
@@ -898,15 +897,13 @@ static void move_msr_up(struct vcpu_vmx *vmx, int from, int to)
  */
 static void setup_msrs(struct vcpu_vmx *vmx)
 {
-        int save_nmsrs;
+        int save_nmsrs, index;
         unsigned long *msr_bitmap;
 
         vmx_load_host_state(vmx);
         save_nmsrs = 0;
 #ifdef CONFIG_X86_64
         if (is_long_mode(&vmx->vcpu)) {
-                int index;
-
                 index = __find_msr_index(vmx, MSR_SYSCALL_MASK);
                 if (index >= 0)
                         move_msr_up(vmx, index, save_nmsrs++);
@@ -916,9 +913,6 @@ static void setup_msrs(struct vcpu_vmx *vmx)
                 index = __find_msr_index(vmx, MSR_CSTAR);
                 if (index >= 0)
                         move_msr_up(vmx, index, save_nmsrs++);
-                index = __find_msr_index(vmx, MSR_KERNEL_GS_BASE);
-                if (index >= 0)
-                        move_msr_up(vmx, index, save_nmsrs++);
                 /*
                  * MSR_K6_STAR is only needed on long mode guests, and only
                  * if efer.sce is enabled.
@@ -928,13 +922,11 @@ static void setup_msrs(struct vcpu_vmx *vmx)
                         move_msr_up(vmx, index, save_nmsrs++);
         }
 #endif
-        vmx->save_nmsrs = save_nmsrs;
+        index = __find_msr_index(vmx, MSR_EFER);
+        if (index >= 0 && update_transition_efer(vmx, index))
+                move_msr_up(vmx, index, save_nmsrs++);
 
-#ifdef CONFIG_X86_64
-        vmx->msr_offset_kernel_gs_base =
-                __find_msr_index(vmx, MSR_KERNEL_GS_BASE);
-#endif
-        vmx->msr_offset_efer = __find_msr_index(vmx, MSR_EFER);
+        vmx->save_nmsrs = save_nmsrs;
 
         if (cpu_has_vmx_msr_bitmap()) {
                 if (is_long_mode(&vmx->vcpu))
@@ -976,7 +968,7 @@ static void guest_write_tsc(u64 guest_tsc, u64 host_tsc)
 static int vmx_get_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata)
 {
         u64 data;
-        struct kvm_msr_entry *msr;
+        struct shared_msr_entry *msr;
 
         if (!pdata) {
                 printk(KERN_ERR "BUG: get_msr called with NULL pdata\n");
@@ -991,9 +983,13 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata)
         case MSR_GS_BASE:
                 data = vmcs_readl(GUEST_GS_BASE);
                 break;
+        case MSR_KERNEL_GS_BASE:
+                vmx_load_host_state(to_vmx(vcpu));
+                data = to_vmx(vcpu)->msr_guest_kernel_gs_base;
+                break;
+#endif
         case MSR_EFER:
                 return kvm_get_msr_common(vcpu, msr_index, pdata);
-#endif
         case MSR_IA32_TSC:
                 data = guest_read_tsc();
                 break;
@@ -1007,6 +1003,7 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata)
                 data = vmcs_readl(GUEST_SYSENTER_ESP);
                 break;
         default:
+                vmx_load_host_state(to_vmx(vcpu));
                 msr = find_msr_entry(to_vmx(vcpu), msr_index);
                 if (msr) {
                         vmx_load_host_state(to_vmx(vcpu));
@@ -1028,7 +1025,7 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata)
 static int vmx_set_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data)
 {
         struct vcpu_vmx *vmx = to_vmx(vcpu);
-        struct kvm_msr_entry *msr;
+        struct shared_msr_entry *msr;
         u64 host_tsc;
         int ret = 0;
 
@@ -1044,6 +1041,10 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data)
         case MSR_GS_BASE:
                 vmcs_writel(GUEST_GS_BASE, data);
                 break;
+        case MSR_KERNEL_GS_BASE:
+                vmx_load_host_state(vmx);
+                vmx->msr_guest_kernel_gs_base = data;
+                break;
 #endif
         case MSR_IA32_SYSENTER_CS:
                 vmcs_write32(GUEST_SYSENTER_CS, data);
@@ -1097,30 +1098,14 @@ static void vmx_cache_reg(struct kvm_vcpu *vcpu, enum kvm_reg reg)
         }
 }
 
-static int set_guest_debug(struct kvm_vcpu *vcpu, struct kvm_guest_debug *dbg)
+static void set_guest_debug(struct kvm_vcpu *vcpu, struct kvm_guest_debug *dbg)
 {
-        int old_debug = vcpu->guest_debug;
-        unsigned long flags;
-
-        vcpu->guest_debug = dbg->control;
-        if (!(vcpu->guest_debug & KVM_GUESTDBG_ENABLE))
-                vcpu->guest_debug = 0;
-
         if (vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP)
                 vmcs_writel(GUEST_DR7, dbg->arch.debugreg[7]);
         else
                 vmcs_writel(GUEST_DR7, vcpu->arch.dr7);
 
-        flags = vmcs_readl(GUEST_RFLAGS);
-        if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP)
-                flags |= X86_EFLAGS_TF | X86_EFLAGS_RF;
-        else if (old_debug & KVM_GUESTDBG_SINGLESTEP)
-                flags &= ~(X86_EFLAGS_TF | X86_EFLAGS_RF);
-        vmcs_writel(GUEST_RFLAGS, flags);
-
         update_exception_bitmap(vcpu);
-
-        return 0;
 }
 
 static __init int cpu_has_kvm_support(void)
@@ -1139,12 +1124,15 @@ static __init int vmx_disabled_by_bios(void)
         /* locked but not enabled */
 }
 
-static void hardware_enable(void *garbage)
+static int hardware_enable(void *garbage)
 {
         int cpu = raw_smp_processor_id();
         u64 phys_addr = __pa(per_cpu(vmxarea, cpu));
         u64 old;
 
+        if (read_cr4() & X86_CR4_VMXE)
+                return -EBUSY;
+
         INIT_LIST_HEAD(&per_cpu(vcpus_on_cpu, cpu));
         rdmsrl(MSR_IA32_FEATURE_CONTROL, old);
         if ((old & (FEATURE_CONTROL_LOCKED |
@@ -1159,6 +1147,10 @@ static void hardware_enable(void *garbage)
         asm volatile (ASM_VMX_VMXON_RAX
                       : : "a"(&phys_addr), "m"(phys_addr)
                       : "memory", "cc");
+
+        ept_sync_global();
+
+        return 0;
 }
 
 static void vmclear_local_vcpus(void)
@@ -1250,7 +1242,8 @@ static __init int setup_vmcs_config(struct vmcs_config *vmcs_conf)
                         SECONDARY_EXEC_WBINVD_EXITING |
                         SECONDARY_EXEC_ENABLE_VPID |
                         SECONDARY_EXEC_ENABLE_EPT |
-                        SECONDARY_EXEC_UNRESTRICTED_GUEST;
+                        SECONDARY_EXEC_UNRESTRICTED_GUEST |
+                        SECONDARY_EXEC_PAUSE_LOOP_EXITING;
                 if (adjust_vmx_controls(min2, opt2,
                                         MSR_IA32_VMX_PROCBASED_CTLS2,
                                         &_cpu_based_2nd_exec_control) < 0)
@@ -1344,15 +1337,17 @@ static void free_kvm_area(void)
 {
         int cpu;
 
-        for_each_online_cpu(cpu)
+        for_each_possible_cpu(cpu) {
                 free_vmcs(per_cpu(vmxarea, cpu));
+                per_cpu(vmxarea, cpu) = NULL;
+        }
 }
 
 static __init int alloc_kvm_area(void)
 {
         int cpu;
 
-        for_each_online_cpu(cpu) {
+        for_each_possible_cpu(cpu) {
                 struct vmcs *vmcs;
 
                 vmcs = alloc_vmcs_cpu(cpu);
@@ -1394,6 +1389,9 @@ static __init int hardware_setup(void)
         if (enable_ept && !cpu_has_vmx_ept_2m_page())
                 kvm_disable_largepages();
 
+        if (!cpu_has_vmx_ple())
+                ple_gap = 0;
+
         return alloc_kvm_area();
 }
 
@@ -1536,8 +1534,16 @@ continue_rmode:
 static void vmx_set_efer(struct kvm_vcpu *vcpu, u64 efer)
 {
         struct vcpu_vmx *vmx = to_vmx(vcpu);
-        struct kvm_msr_entry *msr = find_msr_entry(vmx, MSR_EFER);
+        struct shared_msr_entry *msr = find_msr_entry(vmx, MSR_EFER);
+
+        if (!msr)
+                return;
 
+        /*
+         * Force kernel_gs_base reloading before EFER changes, as control
+         * of this msr depends on is_long_mode().
+         */
+        vmx_load_host_state(to_vmx(vcpu));
         vcpu->arch.shadow_efer = efer;
         if (!msr)
                 return;
@@ -1727,6 +1733,7 @@ static void vmx_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3)
                 vmcs_write64(EPT_POINTER, eptp);
                 guest_cr3 = is_paging(vcpu) ? vcpu->arch.cr3 :
                         vcpu->kvm->arch.ept_identity_map_addr;
+                ept_load_pdptrs(vcpu);
         }
 
         vmx_flush_tlb(vcpu);
@@ -2302,13 +2309,22 @@ static int vmx_vcpu_setup(struct vcpu_vmx *vmx)
                                 ~SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES;
                 if (vmx->vpid == 0)
                         exec_control &= ~SECONDARY_EXEC_ENABLE_VPID;
-                if (!enable_ept)
+                if (!enable_ept) {
                         exec_control &= ~SECONDARY_EXEC_ENABLE_EPT;
+                        enable_unrestricted_guest = 0;
+                }
                 if (!enable_unrestricted_guest)
                         exec_control &= ~SECONDARY_EXEC_UNRESTRICTED_GUEST;
+                if (!ple_gap)
+                        exec_control &= ~SECONDARY_EXEC_PAUSE_LOOP_EXITING;
                 vmcs_write32(SECONDARY_VM_EXEC_CONTROL, exec_control);
         }
 
+        if (ple_gap) {
+                vmcs_write32(PLE_GAP, ple_gap);
+                vmcs_write32(PLE_WINDOW, ple_window);
+        }
+
         vmcs_write32(PAGE_FAULT_ERROR_CODE_MASK, !!bypass_guest_pf);
         vmcs_write32(PAGE_FAULT_ERROR_CODE_MATCH, !!bypass_guest_pf);
         vmcs_write32(CR3_TARGET_COUNT, 0);           /* 22.2.1 */
@@ -2376,10 +2392,9 @@ static int vmx_vcpu_setup(struct vcpu_vmx *vmx)
                 if (wrmsr_safe(index, data_low, data_high) < 0)
                         continue;
                 data = data_low | ((u64)data_high << 32);
-                vmx->host_msrs[j].index = index;
-                vmx->host_msrs[j].reserved = 0;
-                vmx->host_msrs[j].data = data;
-                vmx->guest_msrs[j] = vmx->host_msrs[j];
+                vmx->guest_msrs[j].index = i;
+                vmx->guest_msrs[j].data = 0;
+                vmx->guest_msrs[j].mask = -1ull;
                 ++vmx->nmsrs;
         }
 
@@ -2510,7 +2525,7 @@ static int vmx_vcpu_reset(struct kvm_vcpu *vcpu)
         if (vmx->vpid != 0)
                 vmcs_write16(VIRTUAL_PROCESSOR_ID, vmx->vpid);
 
-        vmx->vcpu.arch.cr0 = 0x60000010;
+        vmx->vcpu.arch.cr0 = X86_CR0_NW | X86_CR0_CD | X86_CR0_ET;
         vmx_set_cr0(&vmx->vcpu, vmx->vcpu.arch.cr0); /* enter rmode */
         vmx_set_cr4(&vmx->vcpu, 0);
         vmx_set_efer(&vmx->vcpu, 0);
@@ -2627,6 +2642,34 @@ static int vmx_nmi_allowed(struct kvm_vcpu *vcpu)
                                 GUEST_INTR_STATE_NMI));
 }
 
+static bool vmx_get_nmi_mask(struct kvm_vcpu *vcpu)
+{
+        if (!cpu_has_virtual_nmis())
+                return to_vmx(vcpu)->soft_vnmi_blocked;
+        else
+                return !!(vmcs_read32(GUEST_INTERRUPTIBILITY_INFO) &
+                          GUEST_INTR_STATE_NMI);
+}
+
+static void vmx_set_nmi_mask(struct kvm_vcpu *vcpu, bool masked)
+{
+        struct vcpu_vmx *vmx = to_vmx(vcpu);
+
+        if (!cpu_has_virtual_nmis()) {
+                if (vmx->soft_vnmi_blocked != masked) {
+                        vmx->soft_vnmi_blocked = masked;
+                        vmx->vnmi_blocked_time = 0;
+                }
+        } else {
+                if (masked)
+                        vmcs_set_bits(GUEST_INTERRUPTIBILITY_INFO,
+                                      GUEST_INTR_STATE_NMI);
+                else
+                        vmcs_clear_bits(GUEST_INTERRUPTIBILITY_INFO,
+                                        GUEST_INTR_STATE_NMI);
+        }
+}
+
 static int vmx_interrupt_allowed(struct kvm_vcpu *vcpu)
 {
         return (vmcs_readl(GUEST_RFLAGS) & X86_EFLAGS_IF) &&
@@ -2659,7 +2702,7 @@ static int handle_rmode_exception(struct kvm_vcpu *vcpu,
          * Cause the #SS fault with 0 error code in VM86 mode.
          */
         if (((vec == GP_VECTOR) || (vec == SS_VECTOR)) && err_code == 0)
-                if (emulate_instruction(vcpu, NULL, 0, 0, 0) == EMULATE_DONE)
+                if (emulate_instruction(vcpu, 0, 0, 0) == EMULATE_DONE)
                         return 1;
         /*
          * Forward all other exceptions that are valid in real mode.
@@ -2710,15 +2753,16 @@ static void kvm_machine_check(void)
 #endif
 }
 
-static int handle_machine_check(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_machine_check(struct kvm_vcpu *vcpu)
 {
         /* already handled by vcpu_run */
         return 1;
 }
 
-static int handle_exception(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_exception(struct kvm_vcpu *vcpu)
 {
         struct vcpu_vmx *vmx = to_vmx(vcpu);
+        struct kvm_run *kvm_run = vcpu->run;
         u32 intr_info, ex_no, error_code;
         unsigned long cr2, rip, dr6;
         u32 vect_info;
@@ -2728,12 +2772,17 @@ static int handle_exception(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         intr_info = vmcs_read32(VM_EXIT_INTR_INFO);
 
         if (is_machine_check(intr_info))
-                return handle_machine_check(vcpu, kvm_run);
+                return handle_machine_check(vcpu);
 
         if ((vect_info & VECTORING_INFO_VALID_MASK) &&
-                                                !is_page_fault(intr_info))
-                printk(KERN_ERR "%s: unexpected, vectoring info 0x%x "
-                       "intr info 0x%x\n", __func__, vect_info, intr_info);
+            !is_page_fault(intr_info)) {
+                vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
+                vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_SIMUL_EX;
+                vcpu->run->internal.ndata = 2;
+                vcpu->run->internal.data[0] = vect_info;
+                vcpu->run->internal.data[1] = intr_info;
+                return 0;
+        }
 
         if ((intr_info & INTR_INFO_INTR_TYPE_MASK) == INTR_TYPE_NMI_INTR)
                 return 1;  /* already handled by vmx_vcpu_run() */
@@ -2744,7 +2793,7 @@ static int handle_exception(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         }
 
         if (is_invalid_opcode(intr_info)) {
-                er = emulate_instruction(vcpu, kvm_run, 0, 0, EMULTYPE_TRAP_UD);
+                er = emulate_instruction(vcpu, 0, 0, EMULTYPE_TRAP_UD);
                 if (er != EMULATE_DONE)
                         kvm_queue_exception(vcpu, UD_VECTOR);
                 return 1;
@@ -2803,20 +2852,19 @@ static int handle_exception(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         return 0;
 }
 
-static int handle_external_interrupt(struct kvm_vcpu *vcpu,
-                                     struct kvm_run *kvm_run)
+static int handle_external_interrupt(struct kvm_vcpu *vcpu)
 {
         ++vcpu->stat.irq_exits;
         return 1;
 }
 
-static int handle_triple_fault(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_triple_fault(struct kvm_vcpu *vcpu)
 {
-        kvm_run->exit_reason = KVM_EXIT_SHUTDOWN;
+        vcpu->run->exit_reason = KVM_EXIT_SHUTDOWN;
         return 0;
 }
 
-static int handle_io(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_io(struct kvm_vcpu *vcpu)
 {
         unsigned long exit_qualification;
         int size, in, string;
@@ -2827,8 +2875,7 @@ static int handle_io(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         string = (exit_qualification & 16) != 0;
 
         if (string) {
-                if (emulate_instruction(vcpu,
-                                        kvm_run, 0, 0, 0) == EMULATE_DO_MMIO)
+                if (emulate_instruction(vcpu, 0, 0, 0) == EMULATE_DO_MMIO)
                         return 0;
                 return 1;
         }
@@ -2838,7 +2885,7 @@ static int handle_io(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         port = exit_qualification >> 16;
 
         skip_emulated_instruction(vcpu);
-        return kvm_emulate_pio(vcpu, kvm_run, in, size, port);
+        return kvm_emulate_pio(vcpu, in, size, port);
 }
 
 static void
@@ -2852,7 +2899,7 @@ vmx_patch_hypercall(struct kvm_vcpu *vcpu, unsigned char *hypercall)
         hypercall[2] = 0xc1;
 }
 
-static int handle_cr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_cr(struct kvm_vcpu *vcpu)
 {
         unsigned long exit_qualification, val;
         int cr;
@@ -2887,7 +2934,7 @@ static int handle_cr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                                         return 1;
                                 if (cr8_prev <= cr8)
                                         return 1;
-                                kvm_run->exit_reason = KVM_EXIT_SET_TPR;
+                                vcpu->run->exit_reason = KVM_EXIT_SET_TPR;
                                 return 0;
                         }
                 };
@@ -2922,13 +2969,13 @@ static int handle_cr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         default:
                 break;
         }
-        kvm_run->exit_reason = 0;
+        vcpu->run->exit_reason = 0;
         pr_unimpl(vcpu, "unhandled control register: op %d cr %d\n",
                (int)(exit_qualification >> 4) & 3, cr);
         return 0;
 }
 
-static int handle_dr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_dr(struct kvm_vcpu *vcpu)
 {
         unsigned long exit_qualification;
         unsigned long val;
@@ -2944,13 +2991,13 @@ static int handle_dr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                  * guest debugging itself.
                  */
                 if (vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP) {
-                        kvm_run->debug.arch.dr6 = vcpu->arch.dr6;
-                        kvm_run->debug.arch.dr7 = dr;
-                        kvm_run->debug.arch.pc =
+                        vcpu->run->debug.arch.dr6 = vcpu->arch.dr6;
+                        vcpu->run->debug.arch.dr7 = dr;
+                        vcpu->run->debug.arch.pc =
                                 vmcs_readl(GUEST_CS_BASE) +
                                 vmcs_readl(GUEST_RIP);
-                        kvm_run->debug.arch.exception = DB_VECTOR;
-                        kvm_run->exit_reason = KVM_EXIT_DEBUG;
+                        vcpu->run->debug.arch.exception = DB_VECTOR;
+                        vcpu->run->exit_reason = KVM_EXIT_DEBUG;
                         return 0;
                 } else {
                         vcpu->arch.dr7 &= ~DR7_GD;
@@ -3016,13 +3063,13 @@ static int handle_dr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int handle_cpuid(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_cpuid(struct kvm_vcpu *vcpu)
 {
         kvm_emulate_cpuid(vcpu);
         return 1;
 }
 
-static int handle_rdmsr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_rdmsr(struct kvm_vcpu *vcpu)
 {
         u32 ecx = vcpu->arch.regs[VCPU_REGS_RCX];
         u64 data;
@@ -3041,7 +3088,7 @@ static int handle_rdmsr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int handle_wrmsr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_wrmsr(struct kvm_vcpu *vcpu)
 {
         u32 ecx = vcpu->arch.regs[VCPU_REGS_RCX];
         u64 data = (vcpu->arch.regs[VCPU_REGS_RAX] & -1u)
@@ -3058,14 +3105,12 @@ static int handle_wrmsr(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int handle_tpr_below_threshold(struct kvm_vcpu *vcpu,
-                                      struct kvm_run *kvm_run)
+static int handle_tpr_below_threshold(struct kvm_vcpu *vcpu)
 {
         return 1;
 }
 
-static int handle_interrupt_window(struct kvm_vcpu *vcpu,
-                                   struct kvm_run *kvm_run)
+static int handle_interrupt_window(struct kvm_vcpu *vcpu)
 {
         u32 cpu_based_vm_exec_control;
 
@@ -3081,34 +3126,34 @@ static int handle_interrupt_window(struct kvm_vcpu *vcpu,
          * possible
          */
         if (!irqchip_in_kernel(vcpu->kvm) &&
-            kvm_run->request_interrupt_window &&
+            vcpu->run->request_interrupt_window &&
             !kvm_cpu_has_interrupt(vcpu)) {
-                kvm_run->exit_reason = KVM_EXIT_IRQ_WINDOW_OPEN;
+                vcpu->run->exit_reason = KVM_EXIT_IRQ_WINDOW_OPEN;
                 return 0;
         }
         return 1;
 }
 
-static int handle_halt(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_halt(struct kvm_vcpu *vcpu)
 {
         skip_emulated_instruction(vcpu);
         return kvm_emulate_halt(vcpu);
 }
 
-static int handle_vmcall(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_vmcall(struct kvm_vcpu *vcpu)
 {
         skip_emulated_instruction(vcpu);
         kvm_emulate_hypercall(vcpu);
         return 1;
 }
 
-static int handle_vmx_insn(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_vmx_insn(struct kvm_vcpu *vcpu)
 {
         kvm_queue_exception(vcpu, UD_VECTOR);
         return 1;
 }
 
-static int handle_invlpg(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_invlpg(struct kvm_vcpu *vcpu)
 {
         unsigned long exit_qualification = vmcs_readl(EXIT_QUALIFICATION);
 
@@ -3117,14 +3162,14 @@ static int handle_invlpg(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int handle_wbinvd(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_wbinvd(struct kvm_vcpu *vcpu)
 {
         skip_emulated_instruction(vcpu);
         /* TODO: Add support for VT-d/pass-through device */
         return 1;
 }
 
-static int handle_apic_access(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_apic_access(struct kvm_vcpu *vcpu)
 {
         unsigned long exit_qualification;
         enum emulation_result er;
@@ -3133,7 +3178,7 @@ static int handle_apic_access(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         exit_qualification = vmcs_readl(EXIT_QUALIFICATION);
         offset = exit_qualification & 0xffful;
 
-        er = emulate_instruction(vcpu, kvm_run, 0, 0, 0);
+        er = emulate_instruction(vcpu, 0, 0, 0);
 
         if (er !=  EMULATE_DONE) {
                 printk(KERN_ERR
@@ -3144,7 +3189,7 @@ static int handle_apic_access(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int handle_task_switch(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_task_switch(struct kvm_vcpu *vcpu)
 {
         struct vcpu_vmx *vmx = to_vmx(vcpu);
         unsigned long exit_qualification;
@@ -3198,7 +3243,7 @@ static int handle_task_switch(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         return 1;
 }
 
-static int handle_ept_violation(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_ept_violation(struct kvm_vcpu *vcpu)
 {
         unsigned long exit_qualification;
         gpa_t gpa;
@@ -3219,8 +3264,8 @@ static int handle_ept_violation(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                         vmcs_readl(GUEST_LINEAR_ADDRESS));
                 printk(KERN_ERR "EPT: Exit qualification is 0x%lx\n",
                         (long unsigned int)exit_qualification);
-                kvm_run->exit_reason = KVM_EXIT_UNKNOWN;
-                kvm_run->hw.hardware_exit_reason = EXIT_REASON_EPT_VIOLATION;
+                vcpu->run->exit_reason = KVM_EXIT_UNKNOWN;
+                vcpu->run->hw.hardware_exit_reason = EXIT_REASON_EPT_VIOLATION;
                 return 0;
         }
 
@@ -3290,7 +3335,7 @@ static void ept_misconfig_inspect_spte(struct kvm_vcpu *vcpu, u64 spte,
         }
 }
 
-static int handle_ept_misconfig(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_ept_misconfig(struct kvm_vcpu *vcpu)
 {
         u64 sptes[4];
         int nr_sptes, i;
@@ -3306,13 +3351,13 @@ static int handle_ept_misconfig(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         for (i = PT64_ROOT_LEVEL; i > PT64_ROOT_LEVEL - nr_sptes; --i)
                 ept_misconfig_inspect_spte(vcpu, sptes[i-1], i);
 
-        kvm_run->exit_reason = KVM_EXIT_UNKNOWN;
-        kvm_run->hw.hardware_exit_reason = EXIT_REASON_EPT_MISCONFIG;
+        vcpu->run->exit_reason = KVM_EXIT_UNKNOWN;
+        vcpu->run->hw.hardware_exit_reason = EXIT_REASON_EPT_MISCONFIG;
 
         return 0;
 }
 
-static int handle_nmi_window(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int handle_nmi_window(struct kvm_vcpu *vcpu)
 {
         u32 cpu_based_vm_exec_control;
 
@@ -3325,36 +3370,50 @@ static int handle_nmi_window(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         return 1;
 }
 
-static void handle_invalid_guest_state(struct kvm_vcpu *vcpu,
-                                struct kvm_run *kvm_run)
+static int handle_invalid_guest_state(struct kvm_vcpu *vcpu)
 {
         struct vcpu_vmx *vmx = to_vmx(vcpu);
         enum emulation_result err = EMULATE_DONE;
-
-        local_irq_enable();
-        preempt_enable();
+        int ret = 1;
 
         while (!guest_state_valid(vcpu)) {
-                err = emulate_instruction(vcpu, kvm_run, 0, 0, 0);
+                err = emulate_instruction(vcpu, 0, 0, 0);
 
-                if (err == EMULATE_DO_MMIO)
-                        break;
+                if (err == EMULATE_DO_MMIO) {
+                        ret = 0;
+                        goto out;
+                }
 
                 if (err != EMULATE_DONE) {
                         kvm_report_emulation_failure(vcpu, "emulation failure");
-                        break;
+                        vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
+                        vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_EMULATION;
+                        vcpu->run->internal.ndata = 0;
+                        ret = 0;
+                        goto out;
                 }
 
                 if (signal_pending(current))
-                        break;
+                        goto out;
                 if (need_resched())
                         schedule();
         }
 
-        preempt_disable();
-        local_irq_disable();
+        vmx->emulation_required = 0;
+out:
+        return ret;
+}
 
-        vmx->invalid_state_emulation_result = err;
+/*
+ * Indicate a busy-waiting vcpu in spinlock. We do not enable the PAUSE
+ * exiting, so only get here on cpu with PAUSE-Loop-Exiting.
+ */
+static int handle_pause(struct kvm_vcpu *vcpu)
+{
+        skip_emulated_instruction(vcpu);
+        kvm_vcpu_on_spin(vcpu);
+
+        return 1;
 }
 
 /*
@@ -3362,8 +3421,7 @@ static void handle_invalid_guest_state(struct kvm_vcpu *vcpu,
  * may resume.  Otherwise they set the kvm_run parameter to indicate what needs
  * to be done to userspace and return 0.
  */
-static int (*kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu,
-                                      struct kvm_run *kvm_run) = {
+static int (*kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = {
         [EXIT_REASON_EXCEPTION_NMI]           = handle_exception,
         [EXIT_REASON_EXTERNAL_INTERRUPT]      = handle_external_interrupt,
         [EXIT_REASON_TRIPLE_FAULT]            = handle_triple_fault,
@@ -3394,6 +3452,7 @@ static int (*kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu,
         [EXIT_REASON_MCE_DURING_VMENTRY]      = handle_machine_check,
         [EXIT_REASON_EPT_VIOLATION]           = handle_ept_violation,
         [EXIT_REASON_EPT_MISCONFIG]           = handle_ept_misconfig,
+        [EXIT_REASON_PAUSE_INSTRUCTION]       = handle_pause,
 };
 
 static const int kvm_vmx_max_exit_handlers =
@@ -3403,7 +3462,7 @@ static const int kvm_vmx_max_exit_handlers =
  * The guest has exited.  See if we can fix it or if we need userspace
  * assistance.
  */
-static int vmx_handle_exit(struct kvm_run *kvm_run, struct kvm_vcpu *vcpu)
+static int vmx_handle_exit(struct kvm_vcpu *vcpu)
 {
         struct vcpu_vmx *vmx = to_vmx(vcpu);
         u32 exit_reason = vmx->exit_reason;
@@ -3411,13 +3470,9 @@ static int vmx_handle_exit(struct kvm_run *kvm_run, struct kvm_vcpu *vcpu)
 
         trace_kvm_exit(exit_reason, kvm_rip_read(vcpu));
 
-        /* If we need to emulate an MMIO from handle_invalid_guest_state
-         * we just return 0 */
-        if (vmx->emulation_required && emulate_invalid_guest_state) {
-                if (guest_state_valid(vcpu))
-                        vmx->emulation_required = 0;
-                return vmx->invalid_state_emulation_result != EMULATE_DO_MMIO;
-        }
+        /* If guest state is invalid, start emulating */
+        if (vmx->emulation_required && emulate_invalid_guest_state)
+                return handle_invalid_guest_state(vcpu);
 
         /* Access CR3 don't cause VMExit in paging mode, so we need
          * to sync with guest real CR3. */
@@ -3425,8 +3480,8 @@ static int vmx_handle_exit(struct kvm_run *kvm_run, struct kvm_vcpu *vcpu)
                 vcpu->arch.cr3 = vmcs_readl(GUEST_CR3);
 
         if (unlikely(vmx->fail)) {
-                kvm_run->exit_reason = KVM_EXIT_FAIL_ENTRY;
-                kvm_run->fail_entry.hardware_entry_failure_reason
+                vcpu->run->exit_reason = KVM_EXIT_FAIL_ENTRY;
+                vcpu->run->fail_entry.hardware_entry_failure_reason
                         = vmcs_read32(VM_INSTRUCTION_ERROR);
                 return 0;
         }
@@ -3459,10 +3514,10 @@ static int vmx_handle_exit(struct kvm_run *kvm_run, struct kvm_vcpu *vcpu)
 
         if (exit_reason < kvm_vmx_max_exit_handlers
             && kvm_vmx_exit_handlers[exit_reason])
-                return kvm_vmx_exit_handlers[exit_reason](vcpu, kvm_run);
+                return kvm_vmx_exit_handlers[exit_reason](vcpu);
         else {
-                kvm_run->exit_reason = KVM_EXIT_UNKNOWN;
-                kvm_run->hw.hardware_exit_reason = exit_reason;
+                vcpu->run->exit_reason = KVM_EXIT_UNKNOWN;
+                vcpu->run->hw.hardware_exit_reason = exit_reason;
         }
         return 0;
 }
@@ -3600,23 +3655,18 @@ static void fixup_rmode_irq(struct vcpu_vmx *vmx)
 #define Q "l"
 #endif
 
-static void vmx_vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static void vmx_vcpu_run(struct kvm_vcpu *vcpu)
 {
         struct vcpu_vmx *vmx = to_vmx(vcpu);
 
-        if (enable_ept && is_paging(vcpu)) {
-                vmcs_writel(GUEST_CR3, vcpu->arch.cr3);
-                ept_load_pdptrs(vcpu);
-        }
         /* Record the guest's net vcpu time for enforced NMI injections. */
         if (unlikely(!cpu_has_virtual_nmis() && vmx->soft_vnmi_blocked))
                 vmx->entry_time = ktime_get();
 
-        /* Handle invalid guest state instead of entering VMX */
-        if (vmx->emulation_required && emulate_invalid_guest_state) {
-                handle_invalid_guest_state(vcpu, kvm_run);
+        /* Don't enter VMX if guest state is invalid, let the exit handler
+           start emulation until we arrive back to a valid state */
+        if (vmx->emulation_required && emulate_invalid_guest_state)
                 return;
-        }
 
         if (test_bit(VCPU_REGS_RSP, (unsigned long *)&vcpu->arch.regs_dirty))
                 vmcs_writel(GUEST_RSP, vcpu->arch.regs[VCPU_REGS_RSP]);
@@ -3775,7 +3825,6 @@ static void vmx_free_vcpu(struct kvm_vcpu *vcpu)
                 __clear_bit(vmx->vpid, vmx_vpid_bitmap);
         spin_unlock(&vmx_vpid_lock);
         vmx_free_vmcs(vcpu);
-        kfree(vmx->host_msrs);
         kfree(vmx->guest_msrs);
         kvm_vcpu_uninit(vcpu);
         kmem_cache_free(kvm_vcpu_cache, vmx);
@@ -3802,10 +3851,6 @@ static struct kvm_vcpu *vmx_create_vcpu(struct kvm *kvm, unsigned int id)
                 goto uninit_vcpu;
         }
 
-        vmx->host_msrs = kmalloc(PAGE_SIZE, GFP_KERNEL);
-        if (!vmx->host_msrs)
-                goto free_guest_msrs;
-
         vmx->vmcs = alloc_vmcs();
         if (!vmx->vmcs)
                 goto free_msrs;
@@ -3836,8 +3881,6 @@ static struct kvm_vcpu *vmx_create_vcpu(struct kvm *kvm, unsigned int id)
 free_vmcs:
         free_vmcs(vmx->vmcs);
 free_msrs:
-        kfree(vmx->host_msrs);
-free_guest_msrs:
         kfree(vmx->guest_msrs);
 uninit_vcpu:
         kvm_vcpu_uninit(&vmx->vcpu);
@@ -3973,6 +4016,8 @@ static struct kvm_x86_ops vmx_x86_ops = {
         .queue_exception = vmx_queue_exception,
         .interrupt_allowed = vmx_interrupt_allowed,
         .nmi_allowed = vmx_nmi_allowed,
+        .get_nmi_mask = vmx_get_nmi_mask,
+        .set_nmi_mask = vmx_set_nmi_mask,
         .enable_nmi_window = enable_nmi_window,
         .enable_irq_window = enable_irq_window,
         .update_cr8_intercept = update_cr8_intercept,
@@ -3987,7 +4032,12 @@ static struct kvm_x86_ops vmx_x86_ops = {
 
 static int __init vmx_init(void)
 {
-        int r;
+        int r, i;
+
+        rdmsrl_safe(MSR_EFER, &host_efer);
+
+        for (i = 0; i < NR_VMX_MSR; ++i)
+                kvm_define_shared_msr(i, vmx_msr_index[i]);
 
         vmx_io_bitmap_a = (unsigned long *)__get_free_page(GFP_KERNEL);
         if (!vmx_io_bitmap_a)
@@ -4049,8 +4099,6 @@ static int __init vmx_init(void)
         if (bypass_guest_pf)
                 kvm_mmu_set_nonpresent_ptes(~0xffeull, 0ull);
 
-        ept_sync_global();
-
         return 0;
 
 out3:
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 4fc80174191c..9d068966fb2a 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -37,6 +37,7 @@
 #include <linux/iommu.h>
 #include <linux/intel-iommu.h>
 #include <linux/cpufreq.h>
+#include <linux/user-return-notifier.h>
 #include <trace/events/kvm.h>
 #undef TRACE_INCLUDE_FILE
 #define CREATE_TRACE_POINTS
@@ -88,6 +89,25 @@ EXPORT_SYMBOL_GPL(kvm_x86_ops);
 int ignore_msrs = 0;
 module_param_named(ignore_msrs, ignore_msrs, bool, S_IRUGO | S_IWUSR);
 
+#define KVM_NR_SHARED_MSRS 16
+
+struct kvm_shared_msrs_global {
+        int nr;
+        struct kvm_shared_msr {
+                u32 msr;
+                u64 value;
+        } msrs[KVM_NR_SHARED_MSRS];
+};
+
+struct kvm_shared_msrs {
+        struct user_return_notifier urn;
+        bool registered;
+        u64 current_value[KVM_NR_SHARED_MSRS];
+};
+
+static struct kvm_shared_msrs_global __read_mostly shared_msrs_global;
+static DEFINE_PER_CPU(struct kvm_shared_msrs, shared_msrs);
+
 struct kvm_stats_debugfs_item debugfs_entries[] = {
         { "pf_fixed", VCPU_STAT(pf_fixed) },
         { "pf_guest", VCPU_STAT(pf_guest) },
@@ -124,6 +144,72 @@ struct kvm_stats_debugfs_item debugfs_entries[] = {
         { NULL }
 };
 
+static void kvm_on_user_return(struct user_return_notifier *urn)
+{
+        unsigned slot;
+        struct kvm_shared_msr *global;
+        struct kvm_shared_msrs *locals
+                = container_of(urn, struct kvm_shared_msrs, urn);
+
+        for (slot = 0; slot < shared_msrs_global.nr; ++slot) {
+                global = &shared_msrs_global.msrs[slot];
+                if (global->value != locals->current_value[slot]) {
+                        wrmsrl(global->msr, global->value);
+                        locals->current_value[slot] = global->value;
+                }
+        }
+        locals->registered = false;
+        user_return_notifier_unregister(urn);
+}
+
+void kvm_define_shared_msr(unsigned slot, u32 msr)
+{
+        int cpu;
+        u64 value;
+
+        if (slot >= shared_msrs_global.nr)
+                shared_msrs_global.nr = slot + 1;
+        shared_msrs_global.msrs[slot].msr = msr;
+        rdmsrl_safe(msr, &value);
+        shared_msrs_global.msrs[slot].value = value;
+        for_each_online_cpu(cpu)
+                per_cpu(shared_msrs, cpu).current_value[slot] = value;
+}
+EXPORT_SYMBOL_GPL(kvm_define_shared_msr);
+
+static void kvm_shared_msr_cpu_online(void)
+{
+        unsigned i;
+        struct kvm_shared_msrs *locals = &__get_cpu_var(shared_msrs);
+
+        for (i = 0; i < shared_msrs_global.nr; ++i)
+                locals->current_value[i] = shared_msrs_global.msrs[i].value;
+}
+
+void kvm_set_shared_msr(unsigned slot, u64 value, u64 mask)
+{
+        struct kvm_shared_msrs *smsr = &__get_cpu_var(shared_msrs);
+
+        if (((value ^ smsr->current_value[slot]) & mask) == 0)
+                return;
+        smsr->current_value[slot] = value;
+        wrmsrl(shared_msrs_global.msrs[slot].msr, value);
+        if (!smsr->registered) {
+                smsr->urn.on_user_return = kvm_on_user_return;
+                user_return_notifier_register(&smsr->urn);
+                smsr->registered = true;
+        }
+}
+EXPORT_SYMBOL_GPL(kvm_set_shared_msr);
+
+static void drop_user_return_notifiers(void *ignore)
+{
+        struct kvm_shared_msrs *smsr = &__get_cpu_var(shared_msrs);
+
+        if (smsr->registered)
+                kvm_on_user_return(&smsr->urn);
+}
+
 unsigned long segment_base(u16 selector)
 {
         struct descriptor_table gdt;
@@ -485,16 +571,19 @@ static inline u32 bit(int bitno)
  * and KVM_SET_MSRS, and KVM_GET_MSR_INDEX_LIST.
  *
  * This list is modified at module load time to reflect the
- * capabilities of the host cpu.
+ * capabilities of the host cpu. This capabilities test skips MSRs that are
+ * kvm-specific. Those are put in the beginning of the list.
  */
+
+#define KVM_SAVE_MSRS_BEGIN     2
 static u32 msrs_to_save[] = {
+        MSR_KVM_SYSTEM_TIME, MSR_KVM_WALL_CLOCK,
         MSR_IA32_SYSENTER_CS, MSR_IA32_SYSENTER_ESP, MSR_IA32_SYSENTER_EIP,
         MSR_K6_STAR,
 #ifdef CONFIG_X86_64
         MSR_CSTAR, MSR_KERNEL_GS_BASE, MSR_SYSCALL_MASK, MSR_LSTAR,
 #endif
-        MSR_IA32_TSC, MSR_KVM_SYSTEM_TIME, MSR_KVM_WALL_CLOCK,
-        MSR_IA32_PERF_STATUS, MSR_IA32_CR_PAT, MSR_VM_HSAVE_PA
+        MSR_IA32_TSC, MSR_IA32_PERF_STATUS, MSR_IA32_CR_PAT, MSR_VM_HSAVE_PA
 };
 
 static unsigned num_msrs_to_save;
@@ -678,7 +767,8 @@ static void kvm_write_guest_time(struct kvm_vcpu *v)
         /* With all the info we got, fill in the values */
 
         vcpu->hv_clock.system_time = ts.tv_nsec +
-                                     (NSEC_PER_SEC * (u64)ts.tv_sec);
+                                     (NSEC_PER_SEC * (u64)ts.tv_sec) + v->kvm->arch.kvmclock_offset;
+
         /*
          * The interface expects us to write an even number signaling that the
          * update is finished. Since the guest won't see the intermediate
@@ -836,6 +926,38 @@ static int set_msr_mce(struct kvm_vcpu *vcpu, u32 msr, u64 data)
         return 0;
 }
 
+static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
+{
+        struct kvm *kvm = vcpu->kvm;
+        int lm = is_long_mode(vcpu);
+        u8 *blob_addr = lm ? (u8 *)(long)kvm->arch.xen_hvm_config.blob_addr_64
+                : (u8 *)(long)kvm->arch.xen_hvm_config.blob_addr_32;
+        u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64
+                : kvm->arch.xen_hvm_config.blob_size_32;
+        u32 page_num = data & ~PAGE_MASK;
+        u64 page_addr = data & PAGE_MASK;
+        u8 *page;
+        int r;
+
+        r = -E2BIG;
+        if (page_num >= blob_size)
+                goto out;
+        r = -ENOMEM;
+        page = kzalloc(PAGE_SIZE, GFP_KERNEL);
+        if (!page)
+                goto out;
+        r = -EFAULT;
+        if (copy_from_user(page, blob_addr + (page_num * PAGE_SIZE), PAGE_SIZE))
+                goto out_free;
+        if (kvm_write_guest(kvm, page_addr, page, PAGE_SIZE))
+                goto out_free;
+        r = 0;
+out_free:
+        kfree(page);
+out:
+        return r;
+}
+
 int kvm_set_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 data)
 {
         switch (msr) {
@@ -951,6 +1073,8 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 data)
                         "0x%x data 0x%llx\n", msr, data);
                 break;
         default:
+                if (msr && (msr == vcpu->kvm->arch.xen_hvm_config.msr))
+                        return xen_hvm_config(vcpu, data);
                 if (!ignore_msrs) {
                         pr_unimpl(vcpu, "unhandled wrmsr: 0x%x data %llx\n",
                                 msr, data);
@@ -1225,6 +1349,9 @@ int kvm_dev_ioctl_check_extension(long ext)
         case KVM_CAP_PIT2:
         case KVM_CAP_PIT_STATE2:
         case KVM_CAP_SET_IDENTITY_MAP_ADDR:
+        case KVM_CAP_XEN_HVM:
+        case KVM_CAP_ADJUST_CLOCK:
+        case KVM_CAP_VCPU_EVENTS:
                 r = 1;
                 break;
         case KVM_CAP_COALESCED_MMIO:
@@ -1239,8 +1366,8 @@ int kvm_dev_ioctl_check_extension(long ext)
         case KVM_CAP_NR_MEMSLOTS:
                 r = KVM_MEMORY_SLOTS;
                 break;
-        case KVM_CAP_PV_MMU:
-                r = !tdp_enabled;
+        case KVM_CAP_PV_MMU:    /* obsolete */
+                r = 0;
                 break;
         case KVM_CAP_IOMMU:
                 r = iommu_found();
@@ -1327,6 +1454,12 @@ out:
 void kvm_arch_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
 {
         kvm_x86_ops->vcpu_load(vcpu, cpu);
+        if (unlikely(per_cpu(cpu_tsc_khz, cpu) == 0)) {
+                unsigned long khz = cpufreq_quick_get(cpu);
+                if (!khz)
+                        khz = tsc_khz;
+                per_cpu(cpu_tsc_khz, cpu) = khz;
+        }
         kvm_request_guest_time_update(vcpu);
 }
 
@@ -1760,6 +1893,61 @@ static int kvm_vcpu_ioctl_x86_set_mce(struct kvm_vcpu *vcpu,
         return 0;
 }
 
+static void kvm_vcpu_ioctl_x86_get_vcpu_events(struct kvm_vcpu *vcpu,
+                                               struct kvm_vcpu_events *events)
+{
+        vcpu_load(vcpu);
+
+        events->exception.injected = vcpu->arch.exception.pending;
+        events->exception.nr = vcpu->arch.exception.nr;
+        events->exception.has_error_code = vcpu->arch.exception.has_error_code;
+        events->exception.error_code = vcpu->arch.exception.error_code;
+
+        events->interrupt.injected = vcpu->arch.interrupt.pending;
+        events->interrupt.nr = vcpu->arch.interrupt.nr;
+        events->interrupt.soft = vcpu->arch.interrupt.soft;
+
+        events->nmi.injected = vcpu->arch.nmi_injected;
+        events->nmi.pending = vcpu->arch.nmi_pending;
+        events->nmi.masked = kvm_x86_ops->get_nmi_mask(vcpu);
+
+        events->sipi_vector = vcpu->arch.sipi_vector;
+
+        events->flags = 0;
+
+        vcpu_put(vcpu);
+}
+
+static int kvm_vcpu_ioctl_x86_set_vcpu_events(struct kvm_vcpu *vcpu,
+                                              struct kvm_vcpu_events *events)
+{
+        if (events->flags)
+                return -EINVAL;
+
+        vcpu_load(vcpu);
+
+        vcpu->arch.exception.pending = events->exception.injected;
+        vcpu->arch.exception.nr = events->exception.nr;
+        vcpu->arch.exception.has_error_code = events->exception.has_error_code;
+        vcpu->arch.exception.error_code = events->exception.error_code;
+
+        vcpu->arch.interrupt.pending = events->interrupt.injected;
+        vcpu->arch.interrupt.nr = events->interrupt.nr;
+        vcpu->arch.interrupt.soft = events->interrupt.soft;
+        if (vcpu->arch.interrupt.pending && irqchip_in_kernel(vcpu->kvm))
+                kvm_pic_clear_isr_ack(vcpu->kvm);
+
+        vcpu->arch.nmi_injected = events->nmi.injected;
+        vcpu->arch.nmi_pending = events->nmi.pending;
+        kvm_x86_ops->set_nmi_mask(vcpu, events->nmi.masked);
+
+        vcpu->arch.sipi_vector = events->sipi_vector;
+
+        vcpu_put(vcpu);
+
+        return 0;
+}
+
 long kvm_arch_vcpu_ioctl(struct file *filp,
                          unsigned int ioctl, unsigned long arg)
 {
@@ -1770,6 +1958,9 @@ long kvm_arch_vcpu_ioctl(struct file *filp,
 
         switch (ioctl) {
         case KVM_GET_LAPIC: {
+                r = -EINVAL;
+                if (!vcpu->arch.apic)
+                        goto out;
                 lapic = kzalloc(sizeof(struct kvm_lapic_state), GFP_KERNEL);
 
                 r = -ENOMEM;
@@ -1785,6 +1976,9 @@ long kvm_arch_vcpu_ioctl(struct file *filp,
                 break;
         }
         case KVM_SET_LAPIC: {
+                r = -EINVAL;
+                if (!vcpu->arch.apic)
+                        goto out;
                 lapic = kmalloc(sizeof(struct kvm_lapic_state), GFP_KERNEL);
                 r = -ENOMEM;
                 if (!lapic)
@@ -1911,6 +2105,27 @@ long kvm_arch_vcpu_ioctl(struct file *filp,
                 r = kvm_vcpu_ioctl_x86_set_mce(vcpu, &mce);
                 break;
         }
+        case KVM_GET_VCPU_EVENTS: {
+                struct kvm_vcpu_events events;
+
+                kvm_vcpu_ioctl_x86_get_vcpu_events(vcpu, &events);
+
+                r = -EFAULT;
+                if (copy_to_user(argp, &events, sizeof(struct kvm_vcpu_events)))
+                        break;
+                r = 0;
+                break;
+        }
+        case KVM_SET_VCPU_EVENTS: {
+                struct kvm_vcpu_events events;
+
+                r = -EFAULT;
+                if (copy_from_user(&events, argp, sizeof(struct kvm_vcpu_events)))
+                        break;
+
+                r = kvm_vcpu_ioctl_x86_set_vcpu_events(vcpu, &events);
+                break;
+        }
         default:
                 r = -EINVAL;
         }
@@ -2039,9 +2254,7 @@ static int kvm_vm_ioctl_get_irqchip(struct kvm *kvm, struct kvm_irqchip *chip)
                         sizeof(struct kvm_pic_state));
                 break;
         case KVM_IRQCHIP_IOAPIC:
-                memcpy(&chip->chip.ioapic,
-                        ioapic_irqchip(kvm),
-                        sizeof(struct kvm_ioapic_state));
+                r = kvm_get_ioapic(kvm, &chip->chip.ioapic);
                 break;
         default:
                 r = -EINVAL;
@@ -2071,11 +2284,7 @@ static int kvm_vm_ioctl_set_irqchip(struct kvm *kvm, struct kvm_irqchip *chip)
                 spin_unlock(&pic_irqchip(kvm)->lock);
                 break;
         case KVM_IRQCHIP_IOAPIC:
-                mutex_lock(&kvm->irq_lock);
-                memcpy(ioapic_irqchip(kvm),
-                        &chip->chip.ioapic,
-                        sizeof(struct kvm_ioapic_state));
-                mutex_unlock(&kvm->irq_lock);
+                r = kvm_set_ioapic(kvm, &chip->chip.ioapic);
                 break;
         default:
                 r = -EINVAL;
@@ -2183,7 +2392,7 @@ long kvm_arch_vm_ioctl(struct file *filp,
 {
         struct kvm *kvm = filp->private_data;
         void __user *argp = (void __user *)arg;
-        int r = -EINVAL;
+        int r = -ENOTTY;
         /*
          * This union makes it completely explicit to gcc-3.x
          * that these two variables' stack usage should be
@@ -2245,25 +2454,39 @@ long kvm_arch_vm_ioctl(struct file *filp,
                 if (r)
                         goto out;
                 break;
-        case KVM_CREATE_IRQCHIP:
+        case KVM_CREATE_IRQCHIP: {
+                struct kvm_pic *vpic;
+
+                mutex_lock(&kvm->lock);
+                r = -EEXIST;
+                if (kvm->arch.vpic)
+                        goto create_irqchip_unlock;
                 r = -ENOMEM;
-                kvm->arch.vpic = kvm_create_pic(kvm);
-                if (kvm->arch.vpic) {
+                vpic = kvm_create_pic(kvm);
+                if (vpic) {
                         r = kvm_ioapic_init(kvm);
                         if (r) {
-                                kfree(kvm->arch.vpic);
-                                kvm->arch.vpic = NULL;
-                                goto out;
+                                kfree(vpic);
+                                goto create_irqchip_unlock;
                         }
                 } else
-                        goto out;
+                        goto create_irqchip_unlock;
+                smp_wmb();
+                kvm->arch.vpic = vpic;
+                smp_wmb();
                 r = kvm_setup_default_irq_routing(kvm);
                 if (r) {
+                        mutex_lock(&kvm->irq_lock);
                         kfree(kvm->arch.vpic);
                         kfree(kvm->arch.vioapic);
-                        goto out;
+                        kvm->arch.vpic = NULL;
+                        kvm->arch.vioapic = NULL;
+                        mutex_unlock(&kvm->irq_lock);
                 }
+        create_irqchip_unlock:
+                mutex_unlock(&kvm->lock);
                 break;
+        }
         case KVM_CREATE_PIT:
                 u.pit_config.flags = KVM_PIT_SPEAKER_DUMMY;
                 goto create_pit;
@@ -2293,10 +2516,8 @@ long kvm_arch_vm_ioctl(struct file *filp,
                         goto out;
                 if (irqchip_in_kernel(kvm)) {
                         __s32 status;
-                        mutex_lock(&kvm->irq_lock);
                         status = kvm_set_irq(kvm, KVM_USERSPACE_IRQ_SOURCE_ID,
                                         irq_event.irq, irq_event.level);
-                        mutex_unlock(&kvm->irq_lock);
                         if (ioctl == KVM_IRQ_LINE_STATUS) {
                                 irq_event.status = status;
                                 if (copy_to_user(argp, &irq_event,
@@ -2422,6 +2643,55 @@ long kvm_arch_vm_ioctl(struct file *filp,
                 r = 0;
                 break;
         }
+        case KVM_XEN_HVM_CONFIG: {
+                r = -EFAULT;
+                if (copy_from_user(&kvm->arch.xen_hvm_config, argp,
+                                   sizeof(struct kvm_xen_hvm_config)))
+                        goto out;
+                r = -EINVAL;
+                if (kvm->arch.xen_hvm_config.flags)
+                        goto out;
+                r = 0;
+                break;
+        }
+        case KVM_SET_CLOCK: {
+                struct timespec now;
+                struct kvm_clock_data user_ns;
+                u64 now_ns;
+                s64 delta;
+
+                r = -EFAULT;
+                if (copy_from_user(&user_ns, argp, sizeof(user_ns)))
+                        goto out;
+
+                r = -EINVAL;
+                if (user_ns.flags)
+                        goto out;
+
+                r = 0;
+                ktime_get_ts(&now);
+                now_ns = timespec_to_ns(&now);
+                delta = user_ns.clock - now_ns;
+                kvm->arch.kvmclock_offset = delta;
+                break;
+        }
+        case KVM_GET_CLOCK: {
+                struct timespec now;
+                struct kvm_clock_data user_ns;
+                u64 now_ns;
+
+                ktime_get_ts(&now);
+                now_ns = timespec_to_ns(&now);
+                user_ns.clock = kvm->arch.kvmclock_offset + now_ns;
+                user_ns.flags = 0;
+
+                r = -EFAULT;
+                if (copy_to_user(argp, &user_ns, sizeof(user_ns)))
+                        goto out;
+                r = 0;
+                break;
+        }
+
         default:
                 ;
         }
@@ -2434,7 +2704,8 @@ static void kvm_init_msr_list(void)
         u32 dummy[2];
         unsigned i, j;
 
-        for (i = j = 0; i < ARRAY_SIZE(msrs_to_save); i++) {
+        /* skip the first msrs in the list. KVM-specific */
+        for (i = j = KVM_SAVE_MSRS_BEGIN; i < ARRAY_SIZE(msrs_to_save); i++) {
                 if (rdmsr_safe(msrs_to_save[i], &dummy[0], &dummy[1]) < 0)
                         continue;
                 if (j < i)
@@ -2758,13 +3029,13 @@ static void cache_all_regs(struct kvm_vcpu *vcpu)
 }
 
 int emulate_instruction(struct kvm_vcpu *vcpu,
-                        struct kvm_run *run,
                         unsigned long cr2,
                         u16 error_code,
                         int emulation_type)
 {
         int r, shadow_mask;
         struct decode_cache *c;
+        struct kvm_run *run = vcpu->run;
 
         kvm_clear_exception_queue(vcpu);
         vcpu->arch.mmio_fault_cr2 = cr2;
@@ -2784,7 +3055,7 @@ int emulate_instruction(struct kvm_vcpu *vcpu,
                 kvm_x86_ops->get_cs_db_l_bits(vcpu, &cs_db, &cs_l);
 
                 vcpu->arch.emulate_ctxt.vcpu = vcpu;
-                vcpu->arch.emulate_ctxt.eflags = kvm_x86_ops->get_rflags(vcpu);
+                vcpu->arch.emulate_ctxt.eflags = kvm_get_rflags(vcpu);
                 vcpu->arch.emulate_ctxt.mode =
                         (vcpu->arch.emulate_ctxt.eflags & X86_EFLAGS_VM)
                         ? X86EMUL_MODE_REAL : cs_l
@@ -2862,7 +3133,7 @@ int emulate_instruction(struct kvm_vcpu *vcpu,
                 return EMULATE_DO_MMIO;
         }
 
-        kvm_x86_ops->set_rflags(vcpu, vcpu->arch.emulate_ctxt.eflags);
+        kvm_set_rflags(vcpu, vcpu->arch.emulate_ctxt.eflags);
 
         if (vcpu->mmio_is_write) {
                 vcpu->mmio_needed = 0;
@@ -2970,8 +3241,7 @@ static int pio_string_write(struct kvm_vcpu *vcpu)
         return r;
 }
 
-int kvm_emulate_pio(struct kvm_vcpu *vcpu, struct kvm_run *run, int in,
-                  int size, unsigned port)
+int kvm_emulate_pio(struct kvm_vcpu *vcpu, int in, int size, unsigned port)
 {
         unsigned long val;
 
@@ -3000,7 +3270,7 @@ int kvm_emulate_pio(struct kvm_vcpu *vcpu, struct kvm_run *run, int in,
 }
 EXPORT_SYMBOL_GPL(kvm_emulate_pio);
 
-int kvm_emulate_pio_string(struct kvm_vcpu *vcpu, struct kvm_run *run, int in,
+int kvm_emulate_pio_string(struct kvm_vcpu *vcpu, int in,
                   int size, unsigned long count, int down,
                   gva_t address, int rep, unsigned port)
 {
@@ -3073,9 +3343,6 @@ static void bounce_off(void *info)
         /* nothing */
 }
 
-static unsigned int  ref_freq;
-static unsigned long tsc_khz_ref;
-
 static int kvmclock_cpufreq_notifier(struct notifier_block *nb, unsigned long val,
                                      void *data)
 {
@@ -3084,14 +3351,11 @@ static int kvmclock_cpufreq_notifier(struct notifier_block *nb, unsigned long va
         struct kvm_vcpu *vcpu;
         int i, send_ipi = 0;
 
-        if (!ref_freq)
-                ref_freq = freq->old;
-
         if (val == CPUFREQ_PRECHANGE && freq->old > freq->new)
                 return 0;
         if (val == CPUFREQ_POSTCHANGE && freq->old < freq->new)
                 return 0;
-        per_cpu(cpu_tsc_khz, freq->cpu) = cpufreq_scale(tsc_khz_ref, ref_freq, freq->new);
+        per_cpu(cpu_tsc_khz, freq->cpu) = freq->new;
 
         spin_lock(&kvm_lock);
         list_for_each_entry(kvm, &vm_list, vm_list) {
@@ -3128,9 +3392,28 @@ static struct notifier_block kvmclock_cpufreq_notifier_block = {
         .notifier_call  = kvmclock_cpufreq_notifier
 };
 
+static void kvm_timer_init(void)
+{
+        int cpu;
+
+        if (!boot_cpu_has(X86_FEATURE_CONSTANT_TSC)) {
+                cpufreq_register_notifier(&kvmclock_cpufreq_notifier_block,
+                                          CPUFREQ_TRANSITION_NOTIFIER);
+                for_each_online_cpu(cpu) {
+                        unsigned long khz = cpufreq_get(cpu);
+                        if (!khz)
+                                khz = tsc_khz;
+                        per_cpu(cpu_tsc_khz, cpu) = khz;
+                }
+        } else {
+                for_each_possible_cpu(cpu)
+                        per_cpu(cpu_tsc_khz, cpu) = tsc_khz;
+        }
+}
+
 int kvm_arch_init(void *opaque)
 {
-        int r, cpu;
+        int r;
         struct kvm_x86_ops *ops = (struct kvm_x86_ops *)opaque;
 
         if (kvm_x86_ops) {
@@ -3162,13 +3445,7 @@ int kvm_arch_init(void *opaque)
         kvm_mmu_set_mask_ptes(PT_USER_MASK, PT_ACCESSED_MASK,
                         PT_DIRTY_MASK, PT64_NX_MASK, 0);
 
-        for_each_possible_cpu(cpu)
-                per_cpu(cpu_tsc_khz, cpu) = tsc_khz;
-        if (!boot_cpu_has(X86_FEATURE_CONSTANT_TSC)) {
-                tsc_khz_ref = tsc_khz;
-                cpufreq_register_notifier(&kvmclock_cpufreq_notifier_block,
-                                          CPUFREQ_TRANSITION_NOTIFIER);
-        }
+        kvm_timer_init();
 
         return 0;
 
@@ -3296,7 +3573,7 @@ void realmode_lmsw(struct kvm_vcpu *vcpu, unsigned long msw,
                    unsigned long *rflags)
 {
         kvm_lmsw(vcpu, msw);
-        *rflags = kvm_x86_ops->get_rflags(vcpu);
+        *rflags = kvm_get_rflags(vcpu);
 }
 
 unsigned long realmode_get_cr(struct kvm_vcpu *vcpu, int cr)
@@ -3334,7 +3611,7 @@ void realmode_set_cr(struct kvm_vcpu *vcpu, int cr, unsigned long val,
         switch (cr) {
         case 0:
                 kvm_set_cr0(vcpu, mk_cr_64(vcpu->arch.cr0, val));
-                *rflags = kvm_x86_ops->get_rflags(vcpu);
+                *rflags = kvm_get_rflags(vcpu);
                 break;
         case 2:
                 vcpu->arch.cr2 = val;
@@ -3454,18 +3731,18 @@ EXPORT_SYMBOL_GPL(kvm_emulate_cpuid);
  *
  * No need to exit to userspace if we already have an interrupt queued.
  */
-static int dm_request_for_irq_injection(struct kvm_vcpu *vcpu,
-                                          struct kvm_run *kvm_run)
+static int dm_request_for_irq_injection(struct kvm_vcpu *vcpu)
 {
         return (!irqchip_in_kernel(vcpu->kvm) && !kvm_cpu_has_interrupt(vcpu) &&
-                kvm_run->request_interrupt_window &&
+                vcpu->run->request_interrupt_window &&
                 kvm_arch_interrupt_allowed(vcpu));
 }
 
-static void post_kvm_run_save(struct kvm_vcpu *vcpu,
-                              struct kvm_run *kvm_run)
+static void post_kvm_run_save(struct kvm_vcpu *vcpu)
 {
-        kvm_run->if_flag = (kvm_x86_ops->get_rflags(vcpu) & X86_EFLAGS_IF) != 0;
+        struct kvm_run *kvm_run = vcpu->run;
+
+        kvm_run->if_flag = (kvm_get_rflags(vcpu) & X86_EFLAGS_IF) != 0;
         kvm_run->cr8 = kvm_get_cr8(vcpu);
         kvm_run->apic_base = kvm_get_apic_base(vcpu);
         if (irqchip_in_kernel(vcpu->kvm))
@@ -3526,7 +3803,7 @@ static void update_cr8_intercept(struct kvm_vcpu *vcpu)
         kvm_x86_ops->update_cr8_intercept(vcpu, tpr, max_irr);
 }
 
-static void inject_pending_event(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static void inject_pending_event(struct kvm_vcpu *vcpu)
 {
         /* try to reinject previous events if any */
         if (vcpu->arch.exception.pending) {
@@ -3562,11 +3839,11 @@ static void inject_pending_event(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         }
 }
 
-static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
 {
         int r;
         bool req_int_win = !irqchip_in_kernel(vcpu->kvm) &&
-                kvm_run->request_interrupt_window;
+                vcpu->run->request_interrupt_window;
 
         if (vcpu->requests)
                 if (test_and_clear_bit(KVM_REQ_MMU_RELOAD, &vcpu->requests))
@@ -3587,12 +3864,12 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                         kvm_x86_ops->tlb_flush(vcpu);
                 if (test_and_clear_bit(KVM_REQ_REPORT_TPR_ACCESS,
                                        &vcpu->requests)) {
-                        kvm_run->exit_reason = KVM_EXIT_TPR_ACCESS;
+                        vcpu->run->exit_reason = KVM_EXIT_TPR_ACCESS;
                         r = 0;
                         goto out;
                 }
                 if (test_and_clear_bit(KVM_REQ_TRIPLE_FAULT, &vcpu->requests)) {
-                        kvm_run->exit_reason = KVM_EXIT_SHUTDOWN;
+                        vcpu->run->exit_reason = KVM_EXIT_SHUTDOWN;
                         r = 0;
                         goto out;
                 }
@@ -3616,7 +3893,7 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                 goto out;
         }
 
-        inject_pending_event(vcpu, kvm_run);
+        inject_pending_event(vcpu);
 
         /* enable NMI/IRQ window open exits if needed */
         if (vcpu->arch.nmi_pending)
@@ -3642,7 +3919,7 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         }
 
         trace_kvm_entry(vcpu->vcpu_id);
-        kvm_x86_ops->run(vcpu, kvm_run);
+        kvm_x86_ops->run(vcpu);
 
         /*
          * If the guest has used debug registers, at least dr7
@@ -3684,13 +3961,13 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
 
         kvm_lapic_sync_from_vapic(vcpu);
 
-        r = kvm_x86_ops->handle_exit(kvm_run, vcpu);
+        r = kvm_x86_ops->handle_exit(vcpu);
 out:
         return r;
 }
 
 
-static int __vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
+static int __vcpu_run(struct kvm_vcpu *vcpu)
 {
         int r;
 
@@ -3710,7 +3987,7 @@ static int __vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         r = 1;
         while (r > 0) {
                 if (vcpu->arch.mp_state == KVM_MP_STATE_RUNNABLE)
-                        r = vcpu_enter_guest(vcpu, kvm_run);
+                        r = vcpu_enter_guest(vcpu);
                 else {
                         up_read(&vcpu->kvm->slots_lock);
                         kvm_vcpu_block(vcpu);
@@ -3738,14 +4015,14 @@ static int __vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                 if (kvm_cpu_has_pending_timer(vcpu))
                         kvm_inject_pending_timer_irqs(vcpu);
 
-                if (dm_request_for_irq_injection(vcpu, kvm_run)) {
+                if (dm_request_for_irq_injection(vcpu)) {
                         r = -EINTR;
-                        kvm_run->exit_reason = KVM_EXIT_INTR;
+                        vcpu->run->exit_reason = KVM_EXIT_INTR;
                         ++vcpu->stat.request_irq_exits;
                 }
                 if (signal_pending(current)) {
                         r = -EINTR;
-                        kvm_run->exit_reason = KVM_EXIT_INTR;
+                        vcpu->run->exit_reason = KVM_EXIT_INTR;
                         ++vcpu->stat.signal_exits;
                 }
                 if (need_resched()) {
@@ -3756,7 +4033,7 @@ static int __vcpu_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
         }
 
         up_read(&vcpu->kvm->slots_lock);
-        post_kvm_run_save(vcpu, kvm_run);
+        post_kvm_run_save(vcpu);
 
         vapic_exit(vcpu);
 
@@ -3789,15 +4066,13 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                 if (r)
                         goto out;
         }
-#if CONFIG_HAS_IOMEM
         if (vcpu->mmio_needed) {
                 memcpy(vcpu->mmio_data, kvm_run->mmio.data, 8);
                 vcpu->mmio_read_completed = 1;
                 vcpu->mmio_needed = 0;
 
                 down_read(&vcpu->kvm->slots_lock);
-                r = emulate_instruction(vcpu, kvm_run,
-                                        vcpu->arch.mmio_fault_cr2, 0,
+                r = emulate_instruction(vcpu, vcpu->arch.mmio_fault_cr2, 0,
                                         EMULTYPE_NO_DECODE);
                 up_read(&vcpu->kvm->slots_lock);
                 if (r == EMULATE_DO_MMIO) {
@@ -3808,12 +4083,11 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
                         goto out;
                 }
         }
-#endif
         if (kvm_run->exit_reason == KVM_EXIT_HYPERCALL)
                 kvm_register_write(vcpu, VCPU_REGS_RAX,
                                      kvm_run->hypercall.ret);
 
-        r = __vcpu_run(vcpu, kvm_run);
+        r = __vcpu_run(vcpu);
 
 out:
         if (vcpu->sigset_active)
@@ -3847,13 +4121,7 @@ int kvm_arch_vcpu_ioctl_get_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs)
 #endif
 
         regs->rip = kvm_rip_read(vcpu);
-        regs->rflags = kvm_x86_ops->get_rflags(vcpu);
-
-        /*
-         * Don't leak debug flags in case they were set for guest debugging
-         */
-        if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP)
-                regs->rflags &= ~(X86_EFLAGS_TF | X86_EFLAGS_RF);
+        regs->rflags = kvm_get_rflags(vcpu);
 
         vcpu_put(vcpu);
 
@@ -3881,12 +4149,10 @@ int kvm_arch_vcpu_ioctl_set_regs(struct kvm_vcpu *vcpu, struct kvm_regs *regs)
         kvm_register_write(vcpu, VCPU_REGS_R13, regs->r13);
         kvm_register_write(vcpu, VCPU_REGS_R14, regs->r14);
         kvm_register_write(vcpu, VCPU_REGS_R15, regs->r15);
-
 #endif
 
         kvm_rip_write(vcpu, regs->rip);
-        kvm_x86_ops->set_rflags(vcpu, regs->rflags);
-
+        kvm_set_rflags(vcpu, regs->rflags);
 
         vcpu->arch.exception.pending = false;
 
@@ -4105,7 +4371,7 @@ static int is_vm86_segment(struct kvm_vcpu *vcpu, int seg)
 {
         return (seg != VCPU_SREG_LDTR) &&
                 (seg != VCPU_SREG_TR) &&
-                (kvm_x86_ops->get_rflags(vcpu) & X86_EFLAGS_VM);
+                (kvm_get_rflags(vcpu) & X86_EFLAGS_VM);
 }
 
 int kvm_load_segment_descriptor(struct kvm_vcpu *vcpu, u16 selector,
@@ -4133,7 +4399,7 @@ static void save_state_to_tss32(struct kvm_vcpu *vcpu,
 {
         tss->cr3 = vcpu->arch.cr3;
         tss->eip = kvm_rip_read(vcpu);
-        tss->eflags = kvm_x86_ops->get_rflags(vcpu);
+        tss->eflags = kvm_get_rflags(vcpu);
         tss->eax = kvm_register_read(vcpu, VCPU_REGS_RAX);
         tss->ecx = kvm_register_read(vcpu, VCPU_REGS_RCX);
         tss->edx = kvm_register_read(vcpu, VCPU_REGS_RDX);
@@ -4157,7 +4423,7 @@ static int load_state_from_tss32(struct kvm_vcpu *vcpu,
         kvm_set_cr3(vcpu, tss->cr3);
 
         kvm_rip_write(vcpu, tss->eip);
-        kvm_x86_ops->set_rflags(vcpu, tss->eflags | 2);
+        kvm_set_rflags(vcpu, tss->eflags | 2);
 
         kvm_register_write(vcpu, VCPU_REGS_RAX, tss->eax);
         kvm_register_write(vcpu, VCPU_REGS_RCX, tss->ecx);
@@ -4195,7 +4461,7 @@ static void save_state_to_tss16(struct kvm_vcpu *vcpu,
                                 struct tss_segment_16 *tss)
 {
         tss->ip = kvm_rip_read(vcpu);
-        tss->flag = kvm_x86_ops->get_rflags(vcpu);
+        tss->flag = kvm_get_rflags(vcpu);
         tss->ax = kvm_register_read(vcpu, VCPU_REGS_RAX);
         tss->cx = kvm_register_read(vcpu, VCPU_REGS_RCX);
         tss->dx = kvm_register_read(vcpu, VCPU_REGS_RDX);
@@ -4210,14 +4476,13 @@ static void save_state_to_tss16(struct kvm_vcpu *vcpu,
         tss->ss = get_segment_selector(vcpu, VCPU_SREG_SS);
         tss->ds = get_segment_selector(vcpu, VCPU_SREG_DS);
         tss->ldt = get_segment_selector(vcpu, VCPU_SREG_LDTR);
-        tss->prev_task_link = get_segment_selector(vcpu, VCPU_SREG_TR);
 }
 
 static int load_state_from_tss16(struct kvm_vcpu *vcpu,
                                  struct tss_segment_16 *tss)
 {
         kvm_rip_write(vcpu, tss->ip);
-        kvm_x86_ops->set_rflags(vcpu, tss->flag | 2);
+        kvm_set_rflags(vcpu, tss->flag | 2);
         kvm_register_write(vcpu, VCPU_REGS_RAX, tss->ax);
         kvm_register_write(vcpu, VCPU_REGS_RCX, tss->cx);
         kvm_register_write(vcpu, VCPU_REGS_RDX, tss->dx);
@@ -4363,8 +4628,8 @@ int kvm_task_switch(struct kvm_vcpu *vcpu, u16 tss_selector, int reason)
         }
 
         if (reason == TASK_SWITCH_IRET) {
-                u32 eflags = kvm_x86_ops->get_rflags(vcpu);
-                kvm_x86_ops->set_rflags(vcpu, eflags & ~X86_EFLAGS_NT);
+                u32 eflags = kvm_get_rflags(vcpu);
+                kvm_set_rflags(vcpu, eflags & ~X86_EFLAGS_NT);
         }
 
         /* set back link to prev task only if NT bit is set in eflags
@@ -4372,11 +4637,6 @@ int kvm_task_switch(struct kvm_vcpu *vcpu, u16 tss_selector, int reason)
         if (reason != TASK_SWITCH_CALL && reason != TASK_SWITCH_GATE)
                 old_tss_sel = 0xffff;
 
-        /* set back link to prev task only if NT bit is set in eflags
-           note that old_tss_sel is not used afetr this point */
-        if (reason != TASK_SWITCH_CALL && reason != TASK_SWITCH_GATE)
-                old_tss_sel = 0xffff;
-
         if (nseg_desc.type & 8)
                 ret = kvm_task_switch_32(vcpu, tss_selector, old_tss_sel,
                                          old_tss_base, &nseg_desc);
@@ -4385,8 +4645,8 @@ int kvm_task_switch(struct kvm_vcpu *vcpu, u16 tss_selector, int reason)
                                          old_tss_base, &nseg_desc);
 
         if (reason == TASK_SWITCH_CALL || reason == TASK_SWITCH_GATE) {
-                u32 eflags = kvm_x86_ops->get_rflags(vcpu);
-                kvm_x86_ops->set_rflags(vcpu, eflags | X86_EFLAGS_NT);
+                u32 eflags = kvm_get_rflags(vcpu);
+                kvm_set_rflags(vcpu, eflags | X86_EFLAGS_NT);
         }
 
         if (reason != TASK_SWITCH_IRET) {
@@ -4438,8 +4698,10 @@ int kvm_arch_vcpu_ioctl_set_sregs(struct kvm_vcpu *vcpu,
 
         mmu_reset_needed |= vcpu->arch.cr4 != sregs->cr4;
         kvm_x86_ops->set_cr4(vcpu, sregs->cr4);
-        if (!is_long_mode(vcpu) && is_pae(vcpu))
+        if (!is_long_mode(vcpu) && is_pae(vcpu)) {
                 load_pdptrs(vcpu, vcpu->arch.cr3);
+                mmu_reset_needed = 1;
+        }
 
         if (mmu_reset_needed)
                 kvm_mmu_reset_context(vcpu);
@@ -4480,12 +4742,32 @@ int kvm_arch_vcpu_ioctl_set_sregs(struct kvm_vcpu *vcpu,
 int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu,
                                         struct kvm_guest_debug *dbg)
 {
+        unsigned long rflags;
         int i, r;
 
         vcpu_load(vcpu);
 
-        if ((dbg->control & (KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_HW_BP)) ==
-            (KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_HW_BP)) {
+        if (dbg->control & (KVM_GUESTDBG_INJECT_DB | KVM_GUESTDBG_INJECT_BP)) {
+                r = -EBUSY;
+                if (vcpu->arch.exception.pending)
+                        goto unlock_out;
+                if (dbg->control & KVM_GUESTDBG_INJECT_DB)
+                        kvm_queue_exception(vcpu, DB_VECTOR);
+                else
+                        kvm_queue_exception(vcpu, BP_VECTOR);
+        }
+
+        /*
+         * Read rflags as long as potentially injected trace flags are still
+         * filtered out.
+         */
+        rflags = kvm_get_rflags(vcpu);
+
+        vcpu->guest_debug = dbg->control;
+        if (!(vcpu->guest_debug & KVM_GUESTDBG_ENABLE))
+                vcpu->guest_debug = 0;
+
+        if (vcpu->guest_debug & KVM_GUESTDBG_USE_HW_BP) {
                 for (i = 0; i < KVM_NR_DB_REGS; ++i)
                         vcpu->arch.eff_db[i] = dbg->arch.debugreg[i];
                 vcpu->arch.switch_db_regs =
@@ -4496,13 +4778,23 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu,
                 vcpu->arch.switch_db_regs = (vcpu->arch.dr7 & DR7_BP_EN_MASK);
         }
 
-        r = kvm_x86_ops->set_guest_debug(vcpu, dbg);
+        if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP) {
+                vcpu->arch.singlestep_cs =
+                        get_segment_selector(vcpu, VCPU_SREG_CS);
+                vcpu->arch.singlestep_rip = kvm_rip_read(vcpu);
+        }
+
+        /*
+         * Trigger an rflags update that will inject or remove the trace
+         * flags.
+         */
+        kvm_set_rflags(vcpu, rflags);
+
+        kvm_x86_ops->set_guest_debug(vcpu, dbg);
 
-        if (dbg->control & KVM_GUESTDBG_INJECT_DB)
-                kvm_queue_exception(vcpu, DB_VECTOR);
-        else if (dbg->control & KVM_GUESTDBG_INJECT_BP)
-                kvm_queue_exception(vcpu, BP_VECTOR);
+        r = 0;
 
+unlock_out:
         vcpu_put(vcpu);
 
         return r;
@@ -4703,14 +4995,26 @@ int kvm_arch_vcpu_reset(struct kvm_vcpu *vcpu)
         return kvm_x86_ops->vcpu_reset(vcpu);
 }
 
-void kvm_arch_hardware_enable(void *garbage)
+int kvm_arch_hardware_enable(void *garbage)
 {
-        kvm_x86_ops->hardware_enable(garbage);
+        /*
+         * Since this may be called from a hotplug notifcation,
+         * we can't get the CPU frequency directly.
+         */
+        if (!boot_cpu_has(X86_FEATURE_CONSTANT_TSC)) {
+                int cpu = raw_smp_processor_id();
+                per_cpu(cpu_tsc_khz, cpu) = 0;
+        }
+
+        kvm_shared_msr_cpu_online();
+
+        return kvm_x86_ops->hardware_enable(garbage);
 }
 
 void kvm_arch_hardware_disable(void *garbage)
 {
         kvm_x86_ops->hardware_disable(garbage);
+        drop_user_return_notifiers(garbage);
 }
 
 int kvm_arch_hardware_setup(void)
@@ -4948,8 +5252,36 @@ int kvm_arch_interrupt_allowed(struct kvm_vcpu *vcpu)
         return kvm_x86_ops->interrupt_allowed(vcpu);
 }
 
+unsigned long kvm_get_rflags(struct kvm_vcpu *vcpu)
+{
+        unsigned long rflags;
+
+        rflags = kvm_x86_ops->get_rflags(vcpu);
+        if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP)
+                rflags &= ~(unsigned long)(X86_EFLAGS_TF | X86_EFLAGS_RF);
+        return rflags;
+}
+EXPORT_SYMBOL_GPL(kvm_get_rflags);
+
+void kvm_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags)
+{
+        if (vcpu->guest_debug & KVM_GUESTDBG_SINGLESTEP &&
+            vcpu->arch.singlestep_cs ==
+                        get_segment_selector(vcpu, VCPU_SREG_CS) &&
+            vcpu->arch.singlestep_rip == kvm_rip_read(vcpu))
+                rflags |= X86_EFLAGS_TF | X86_EFLAGS_RF;
+        kvm_x86_ops->set_rflags(vcpu, rflags);
+}
+EXPORT_SYMBOL_GPL(kvm_set_rflags);
+
 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_exit);
 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_inj_virq);
 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_page_fault);
 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_msr);
 EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_cr);
+EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_nested_vmrun);
+EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_nested_vmexit);
+EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_nested_vmexit_inject);
+EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_nested_intr_vmexit);
+EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_invlpga);
+EXPORT_TRACEPOINT_SYMBOL_GPL(kvm_skinit);
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
index 73ffd5536f62..d406c5239019 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -146,10 +146,6 @@ unsigned long __init_refok init_memory_mapping(unsigned long start,
         use_gbpages = direct_gbpages;
 #endif
 
-        set_nx();
-        if (nx_enabled)
-                printk(KERN_INFO "NX (Execute Disable) protection: active\n");
-
         /* Enable PSE if available */
         if (cpu_has_pse)
                 set_in_cr4(X86_CR4_PSE);
diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c
index 30938c1d8d5d..c973f8e2a6cf 100644
--- a/arch/x86/mm/init_32.c
+++ b/arch/x86/mm/init_32.c
@@ -412,7 +412,7 @@ static void __init permanent_kmaps_init(pgd_t *pgd_base)
         pkmap_page_table = pte;
 }
 
-static void __init add_one_highpage_init(struct page *page, int pfn)
+static void __init add_one_highpage_init(struct page *page)
 {
         ClearPageReserved(page);
         init_page_count(page);
@@ -445,7 +445,7 @@ static int __init add_highpages_work_fn(unsigned long start_pfn,
                 if (!pfn_valid(node_pfn))
                         continue;
                 page = pfn_to_page(node_pfn);
-                add_one_highpage_init(page, node_pfn);
+                add_one_highpage_init(page);
         }
 
         return 0;
@@ -703,8 +703,8 @@ void __init find_low_pfn_range(void)
 }
 
 #ifndef CONFIG_NEED_MULTIPLE_NODES
-void __init initmem_init(unsigned long start_pfn,
-                                  unsigned long end_pfn)
+void __init initmem_init(unsigned long start_pfn, unsigned long end_pfn,
+                                int acpi, int k8)
 {
 #ifdef CONFIG_HIGHMEM
         highstart_pfn = highend_pfn = max_pfn;
@@ -997,7 +997,7 @@ static noinline int do_test_wp_bit(void)
 const int rodata_test_data = 0xC3;
 EXPORT_SYMBOL_GPL(rodata_test_data);
 
-static int kernel_set_to_readonly;
+int kernel_set_to_readonly __read_mostly;
 
 void set_kernel_text_rw(void)
 {
diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
index 5a4398a6006b..5198b9bb34ef 100644
--- a/arch/x86/mm/init_64.c
+++ b/arch/x86/mm/init_64.c
@@ -568,7 +568,8 @@ kernel_physical_mapping_init(unsigned long start,
 }
 
 #ifndef CONFIG_NUMA
-void __init initmem_init(unsigned long start_pfn, unsigned long end_pfn)
+void __init initmem_init(unsigned long start_pfn, unsigned long end_pfn,
+                                int acpi, int k8)
 {
         unsigned long bootmap_size, bootmap;
 
@@ -694,12 +695,12 @@ void __init mem_init(void)
 const int rodata_test_data = 0xC3;
 EXPORT_SYMBOL_GPL(rodata_test_data);
 
-static int kernel_set_to_readonly;
+int kernel_set_to_readonly;
 
 void set_kernel_text_rw(void)
 {
-        unsigned long start = PFN_ALIGN(_stext);
-        unsigned long end = PFN_ALIGN(__start_rodata);
+        unsigned long start = PFN_ALIGN(_text);
+        unsigned long end = PFN_ALIGN(__stop___ex_table);
 
         if (!kernel_set_to_readonly)
                 return;
@@ -707,13 +708,18 @@ void set_kernel_text_rw(void)
         pr_debug("Set kernel text: %lx - %lx for read write\n",
                  start, end);
 
+        /*
+         * Make the kernel identity mapping for text RW. Kernel text
+         * mapping will always be RO. Refer to the comment in
+         * static_protections() in pageattr.c
+         */
         set_memory_rw(start, (end - start) >> PAGE_SHIFT);
 }
 
 void set_kernel_text_ro(void)
 {
-        unsigned long start = PFN_ALIGN(_stext);
-        unsigned long end = PFN_ALIGN(__start_rodata);
+        unsigned long start = PFN_ALIGN(_text);
+        unsigned long end = PFN_ALIGN(__stop___ex_table);
 
         if (!kernel_set_to_readonly)
                 return;
@@ -721,14 +727,21 @@ void set_kernel_text_ro(void)
         pr_debug("Set kernel text: %lx - %lx for read only\n",
                  start, end);
 
+        /*
+         * Set the kernel identity mapping for text RO.
+         */
         set_memory_ro(start, (end - start) >> PAGE_SHIFT);
 }
 
 void mark_rodata_ro(void)
 {
-        unsigned long start = PFN_ALIGN(_stext), end = PFN_ALIGN(__end_rodata);
+        unsigned long start = PFN_ALIGN(_text);
         unsigned long rodata_start =
                 ((unsigned long)__start_rodata + PAGE_SIZE - 1) & PAGE_MASK;
+        unsigned long end = (unsigned long) &__end_rodata_hpage_align;
+        unsigned long text_end = PAGE_ALIGN((unsigned long) &__stop___ex_table);
+        unsigned long rodata_end = PAGE_ALIGN((unsigned long) &__end_rodata);
+        unsigned long data_start = (unsigned long) &_sdata;
 
         printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n",
                (end - start) >> 10);
@@ -751,6 +764,14 @@ void mark_rodata_ro(void)
         printk(KERN_INFO "Testing CPA: again\n");
         set_memory_ro(start, (end-start) >> PAGE_SHIFT);
 #endif
+
+        free_init_pages("unused kernel memory",
+                        (unsigned long) page_address(virt_to_page(text_end)),
+                        (unsigned long)
+                                 page_address(virt_to_page(rodata_start)));
+        free_init_pages("unused kernel memory",
+                        (unsigned long) page_address(virt_to_page(rodata_end)),
+                        (unsigned long) page_address(virt_to_page(data_start)));
 }
 
 #endif
diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c
index 2feb9bdedaaf..c246d259822d 100644
--- a/arch/x86/mm/ioremap.c
+++ b/arch/x86/mm/ioremap.c
@@ -281,30 +281,6 @@ void __iomem *ioremap_cache(resource_size_t phys_addr, unsigned long size)
 }
 EXPORT_SYMBOL(ioremap_cache);
 
-static void __iomem *ioremap_default(resource_size_t phys_addr,
-                                        unsigned long size)
-{
-        unsigned long flags;
-        void __iomem *ret;
-        int err;
-
-        /*
-         * - WB for WB-able memory and no other conflicting mappings
-         * - UC_MINUS for non-WB-able memory with no other conflicting mappings
-         * - Inherit from confliting mappings otherwise
-         */
-        err = reserve_memtype(phys_addr, phys_addr + size,
-                                _PAGE_CACHE_WB, &flags);
-        if (err < 0)
-                return NULL;
-
-        ret = __ioremap_caller(phys_addr, size, flags,
-                               __builtin_return_address(0));
-
-        free_memtype(phys_addr, phys_addr + size);
-        return ret;
-}
-
 void __iomem *ioremap_prot(resource_size_t phys_addr, unsigned long size,
                                 unsigned long prot_val)
 {
@@ -380,7 +356,7 @@ void *xlate_dev_mem_ptr(unsigned long phys)
         if (page_is_ram(start >> PAGE_SHIFT))
                 return __va(phys);
 
-        addr = (void __force *)ioremap_default(start, PAGE_SIZE);
+        addr = (void __force *)ioremap_cache(start, PAGE_SIZE);
         if (addr)
                 addr = (void *)((unsigned long)addr | (phys & ~PAGE_MASK));
 
diff --git a/arch/x86/mm/k8topology_64.c b/arch/x86/mm/k8topology_64.c
index 268f8255280f..970ed579d4e4 100644
--- a/arch/x86/mm/k8topology_64.c
+++ b/arch/x86/mm/k8topology_64.c
@@ -24,6 +24,9 @@
 #include <asm/apic.h>
 #include <asm/k8.h>
 
+static struct bootnode __initdata nodes[8];
+static nodemask_t __initdata nodes_parsed = NODE_MASK_NONE;
+
 static __init int find_northbridge(void)
 {
         int num;
@@ -54,18 +57,6 @@ static __init void early_get_boot_cpu_id(void)
          * need to get boot_cpu_id so can use that to create apicid_to_node
          * in k8_scan_nodes()
          */
-        /*
-         * Find possible boot-time SMP configuration:
-         */
-#ifdef CONFIG_X86_MPPARSE
-        early_find_smp_config();
-#endif
-#ifdef CONFIG_ACPI
-        /*
-         * Read APIC information from ACPI tables.
-         */
-        early_acpi_boot_init();
-#endif
 #ifdef CONFIG_X86_MPPARSE
         /*
          * get boot-time SMP configuration:
@@ -76,12 +67,26 @@ static __init void early_get_boot_cpu_id(void)
         early_init_lapic_mapping();
 }
 
-int __init k8_scan_nodes(unsigned long start, unsigned long end)
+int __init k8_get_nodes(struct bootnode *physnodes)
 {
-        unsigned numnodes, cores, bits, apicid_base;
+        int i;
+        int ret = 0;
+
+        for_each_node_mask(i, nodes_parsed) {
+                physnodes[ret].start = nodes[i].start;
+                physnodes[ret].end = nodes[i].end;
+                ret++;
+        }
+        return ret;
+}
+
+int __init k8_numa_init(unsigned long start_pfn, unsigned long end_pfn)
+{
+        unsigned long start = PFN_PHYS(start_pfn);
+        unsigned long end = PFN_PHYS(end_pfn);
+        unsigned numnodes;
         unsigned long prevbase;
-        struct bootnode nodes[8];
-        int i, j, nb, found = 0;
+        int i, nb, found = 0;
         u32 nodeid, reg;
 
         if (!early_pci_allowed())
@@ -91,16 +96,15 @@ int __init k8_scan_nodes(unsigned long start, unsigned long end)
         if (nb < 0)
                 return nb;
 
-        printk(KERN_INFO "Scanning NUMA topology in Northbridge %d\n", nb);
+        pr_info("Scanning NUMA topology in Northbridge %d\n", nb);
 
         reg = read_pci_config(0, nb, 0, 0x60);
         numnodes = ((reg >> 4) & 0xF) + 1;
         if (numnodes <= 1)
                 return -1;
 
-        printk(KERN_INFO "Number of nodes %d\n", numnodes);
+        pr_info("Number of physical nodes %d\n", numnodes);
 
-        memset(&nodes, 0, sizeof(nodes));
         prevbase = 0;
         for (i = 0; i < 8; i++) {
                 unsigned long base, limit;
@@ -111,28 +115,28 @@ int __init k8_scan_nodes(unsigned long start, unsigned long end)
                 nodeid = limit & 7;
                 if ((base & 3) == 0) {
                         if (i < numnodes)
-                                printk("Skipping disabled node %d\n", i);
+                                pr_info("Skipping disabled node %d\n", i);
                         continue;
                 }
                 if (nodeid >= numnodes) {
-                        printk("Ignoring excess node %d (%lx:%lx)\n", nodeid,
-                               base, limit);
+                        pr_info("Ignoring excess node %d (%lx:%lx)\n", nodeid,
+                                base, limit);
                         continue;
                 }
 
                 if (!limit) {
-                        printk(KERN_INFO "Skipping node entry %d (base %lx)\n",
-                               i, base);
+                        pr_info("Skipping node entry %d (base %lx)\n",
+                                i, base);
                         continue;
                 }
                 if ((base >> 8) & 3 || (limit >> 8) & 3) {
-                        printk(KERN_ERR "Node %d using interleaving mode %lx/%lx\n",
-                               nodeid, (base>>8)&3, (limit>>8) & 3);
+                        pr_err("Node %d using interleaving mode %lx/%lx\n",
+                               nodeid, (base >> 8) & 3, (limit >> 8) & 3);
                         return -1;
                 }
-                if (node_isset(nodeid, node_possible_map)) {
-                        printk(KERN_INFO "Node %d already present. Skipping\n",
-                               nodeid);
+                if (node_isset(nodeid, nodes_parsed)) {
+                        pr_info("Node %d already present, skipping\n",
+                                nodeid);
                         continue;
                 }
 
@@ -141,8 +145,8 @@ int __init k8_scan_nodes(unsigned long start, unsigned long end)
                 limit |= (1<<24)-1;
                 limit++;
 
-                if (limit > max_pfn << PAGE_SHIFT)
-                        limit = max_pfn << PAGE_SHIFT;
+                if (limit > end)
+                        limit = end;
                 if (limit <= base)
                         continue;
 
@@ -154,24 +158,24 @@ int __init k8_scan_nodes(unsigned long start, unsigned long end)
                 if (limit > end)
                         limit = end;
                 if (limit == base) {
-                        printk(KERN_ERR "Empty node %d\n", nodeid);
+                        pr_err("Empty node %d\n", nodeid);
                         continue;
                 }
                 if (limit < base) {
-                        printk(KERN_ERR "Node %d bogus settings %lx-%lx.\n",
+                        pr_err("Node %d bogus settings %lx-%lx.\n",
                                nodeid, base, limit);
                         continue;
                 }
 
                 /* Could sort here, but pun for now. Should not happen anyroads. */
                 if (prevbase > base) {
-                        printk(KERN_ERR "Node map not sorted %lx,%lx\n",
+                        pr_err("Node map not sorted %lx,%lx\n",
                                prevbase, base);
                         return -1;
                 }
 
-                printk(KERN_INFO "Node %d MemBase %016lx Limit %016lx\n",
-                       nodeid, base, limit);
+                pr_info("Node %d MemBase %016lx Limit %016lx\n",
+                        nodeid, base, limit);
 
                 found++;
 
@@ -180,18 +184,29 @@ int __init k8_scan_nodes(unsigned long start, unsigned long end)
 
                 prevbase = base;
 
-                node_set(nodeid, node_possible_map);
+                node_set(nodeid, nodes_parsed);
         }
 
         if (!found)
                 return -1;
+        return 0;
+}
+
+int __init k8_scan_nodes(void)
+{
+        unsigned int bits;
+        unsigned int cores;
+        unsigned int apicid_base;
+        int i;
 
+        BUG_ON(nodes_empty(nodes_parsed));
+        node_possible_map = nodes_parsed;
         memnode_shift = compute_hash_shift(nodes, 8, NULL);
         if (memnode_shift < 0) {
-                printk(KERN_ERR "No NUMA node hash function found. Contact maintainer\n");
+                pr_err("No NUMA node hash function found. Contact maintainer\n");
                 return -1;
         }
-        printk(KERN_INFO "Using node hash shift of %d\n", memnode_shift);
+        pr_info("Using node hash shift of %d\n", memnode_shift);
 
         /* use the coreid bits from early_identify_cpu */
         bits = boot_cpu_data.x86_coreid_bits;
@@ -200,14 +215,12 @@ int __init k8_scan_nodes(unsigned long start, unsigned long end)
         /* need to get boot_cpu_id early for system with apicid lifting */
         early_get_boot_cpu_id();
         if (boot_cpu_physical_apicid > 0) {
-                printk(KERN_INFO "BSP APIC ID: %02x\n",
-                                 boot_cpu_physical_apicid);
+                pr_info("BSP APIC ID: %02x\n", boot_cpu_physical_apicid);
                 apicid_base = boot_cpu_physical_apicid;
         }
 
-        for (i = 0; i < 8; i++) {
-                if (nodes[i].start == nodes[i].end)
-                        continue;
+        for_each_node_mask(i, node_possible_map) {
+                int j;
 
                 e820_register_active_regions(i,
                                 nodes[i].start >> PAGE_SHIFT,
diff --git a/arch/x86/mm/numa_32.c b/arch/x86/mm/numa_32.c
index d2530062fe00..b20760ca7244 100644
--- a/arch/x86/mm/numa_32.c
+++ b/arch/x86/mm/numa_32.c
@@ -347,8 +347,8 @@ static void init_remap_allocator(int nid)
                 (ulong) node_remap_end_vaddr[nid]);
 }
 
-void __init initmem_init(unsigned long start_pfn,
-                                  unsigned long end_pfn)
+void __init initmem_init(unsigned long start_pfn, unsigned long end_pfn,
+                                int acpi, int k8)
 {
         int nid;
         long kva_target_pfn;
diff --git a/arch/x86/mm/numa_64.c b/arch/x86/mm/numa_64.c
index 459913beac71..83bbc70d11bb 100644
--- a/arch/x86/mm/numa_64.c
+++ b/arch/x86/mm/numa_64.c
@@ -239,8 +239,14 @@ setup_node_bootmem(int nodeid, unsigned long start, unsigned long end)
         bootmap = early_node_mem(nodeid, bootmap_start, end,
                                  bootmap_pages<<PAGE_SHIFT, PAGE_SIZE);
         if (bootmap == NULL)  {
-                if (nodedata_phys < start || nodedata_phys >= end)
-                        free_bootmem(nodedata_phys, pgdat_size);
+                if (nodedata_phys < start || nodedata_phys >= end) {
+                        /*
+                         * only need to free it if it is from other node
+                         * bootmem
+                         */
+                        if (nid != nodeid)
+                                free_bootmem(nodedata_phys, pgdat_size);
+                }
                 node_data[nodeid] = NULL;
                 return;
         }
@@ -306,8 +312,71 @@ void __init numa_init_array(void)
 
 #ifdef CONFIG_NUMA_EMU
 /* Numa emulation */
+static struct bootnode nodes[MAX_NUMNODES] __initdata;
+static struct bootnode physnodes[MAX_NUMNODES] __initdata;
 static char *cmdline __initdata;
 
+static int __init setup_physnodes(unsigned long start, unsigned long end,
+                                        int acpi, int k8)
+{
+        int nr_nodes = 0;
+        int ret = 0;
+        int i;
+
+#ifdef CONFIG_ACPI_NUMA
+        if (acpi)
+                nr_nodes = acpi_get_nodes(physnodes);
+#endif
+#ifdef CONFIG_K8_NUMA
+        if (k8)
+                nr_nodes = k8_get_nodes(physnodes);
+#endif
+        /*
+         * Basic sanity checking on the physical node map: there may be errors
+         * if the SRAT or K8 incorrectly reported the topology or the mem=
+         * kernel parameter is used.
+         */
+        for (i = 0; i < nr_nodes; i++) {
+                if (physnodes[i].start == physnodes[i].end)
+                        continue;
+                if (physnodes[i].start > end) {
+                        physnodes[i].end = physnodes[i].start;
+                        continue;
+                }
+                if (physnodes[i].end < start) {
+                        physnodes[i].start = physnodes[i].end;
+                        continue;
+                }
+                if (physnodes[i].start < start)
+                        physnodes[i].start = start;
+                if (physnodes[i].end > end)
+                        physnodes[i].end = end;
+        }
+
+        /*
+         * Remove all nodes that have no memory or were truncated because of the
+         * limited address range.
+         */
+        for (i = 0; i < nr_nodes; i++) {
+                if (physnodes[i].start == physnodes[i].end)
+                        continue;
+                physnodes[ret].start = physnodes[i].start;
+                physnodes[ret].end = physnodes[i].end;
+                ret++;
+        }
+
+        /*
+         * If no physical topology was detected, a single node is faked to cover
+         * the entire address space.
+         */
+        if (!ret) {
+                physnodes[ret].start = start;
+                physnodes[ret].end = end;
+                ret = 1;
+        }
+        return ret;
+}
+
 /*
  * Setups up nid to range from addr to addr + size.  If the end
  * boundary is greater than max_addr, then max_addr is used instead.
@@ -315,11 +384,9 @@ static char *cmdline __initdata;
  * allocation past addr and -1 otherwise.  addr is adjusted to be at
  * the end of the node.
  */
-static int __init setup_node_range(int nid, struct bootnode *nodes, u64 *addr,
-                                   u64 size, u64 max_addr)
+static int __init setup_node_range(int nid, u64 *addr, u64 size, u64 max_addr)
 {
         int ret = 0;
-
         nodes[nid].start = *addr;
         *addr += size;
         if (*addr >= max_addr) {
@@ -335,12 +402,111 @@ static int __init setup_node_range(int nid, struct bootnode *nodes, u64 *addr,
 }
 
 /*
+ * Sets up nr_nodes fake nodes interleaved over physical nodes ranging from addr
+ * to max_addr.  The return value is the number of nodes allocated.
+ */
+static int __init split_nodes_interleave(u64 addr, u64 max_addr,
+                                                int nr_phys_nodes, int nr_nodes)
+{
+        nodemask_t physnode_mask = NODE_MASK_NONE;
+        u64 size;
+        int big;
+        int ret = 0;
+        int i;
+
+        if (nr_nodes <= 0)
+                return -1;
+        if (nr_nodes > MAX_NUMNODES) {
+                pr_info("numa=fake=%d too large, reducing to %d\n",
+                        nr_nodes, MAX_NUMNODES);
+                nr_nodes = MAX_NUMNODES;
+        }
+
+        size = (max_addr - addr - e820_hole_size(addr, max_addr)) / nr_nodes;
+        /*
+         * Calculate the number of big nodes that can be allocated as a result
+         * of consolidating the remainder.
+         */
+        big = ((size & ~FAKE_NODE_MIN_HASH_MASK) & nr_nodes) /
+                FAKE_NODE_MIN_SIZE;
+
+        size &= FAKE_NODE_MIN_HASH_MASK;
+        if (!size) {
+                pr_err("Not enough memory for each node.  "
+                        "NUMA emulation disabled.\n");
+                return -1;
+        }
+
+        for (i = 0; i < nr_phys_nodes; i++)
+                if (physnodes[i].start != physnodes[i].end)
+                        node_set(i, physnode_mask);
+
+        /*
+         * Continue to fill physical nodes with fake nodes until there is no
+         * memory left on any of them.
+         */
+        while (nodes_weight(physnode_mask)) {
+                for_each_node_mask(i, physnode_mask) {
+                        u64 end = physnodes[i].start + size;
+                        u64 dma32_end = PFN_PHYS(MAX_DMA32_PFN);
+
+                        if (ret < big)
+                                end += FAKE_NODE_MIN_SIZE;
+
+                        /*
+                         * Continue to add memory to this fake node if its
+                         * non-reserved memory is less than the per-node size.
+                         */
+                        while (end - physnodes[i].start -
+                                e820_hole_size(physnodes[i].start, end) < size) {
+                                end += FAKE_NODE_MIN_SIZE;
+                                if (end > physnodes[i].end) {
+                                        end = physnodes[i].end;
+                                        break;
+                                }
+                        }
+
+                        /*
+                         * If there won't be at least FAKE_NODE_MIN_SIZE of
+                         * non-reserved memory in ZONE_DMA32 for the next node,
+                         * this one must extend to the boundary.
+                         */
+                        if (end < dma32_end && dma32_end - end -
+                            e820_hole_size(end, dma32_end) < FAKE_NODE_MIN_SIZE)
+                                end = dma32_end;
+
+                        /*
+                         * If there won't be enough non-reserved memory for the
+                         * next node, this one must extend to the end of the
+                         * physical node.
+                         */
+                        if (physnodes[i].end - end -
+                            e820_hole_size(end, physnodes[i].end) < size)
+                                end = physnodes[i].end;
+
+                        /*
+                         * Avoid allocating more nodes than requested, which can
+                         * happen as a result of rounding down each node's size
+                         * to FAKE_NODE_MIN_SIZE.
+                         */
+                        if (nodes_weight(physnode_mask) + ret >= nr_nodes)
+                                end = physnodes[i].end;
+
+                        if (setup_node_range(ret++, &physnodes[i].start,
+                                                end - physnodes[i].start,
+                                                physnodes[i].end) < 0)
+                                node_clear(i, physnode_mask);
+                }
+        }
+        return ret;
+}
+
+/*
  * Splits num_nodes nodes up equally starting at node_start.  The return value
  * is the number of nodes split up and addr is adjusted to be at the end of the
  * last node allocated.
  */
-static int __init split_nodes_equally(struct bootnode *nodes, u64 *addr,
-                                      u64 max_addr, int node_start,
+static int __init split_nodes_equally(u64 *addr, u64 max_addr, int node_start,
                                       int num_nodes)
 {
         unsigned int big;
@@ -388,7 +554,7 @@ static int __init split_nodes_equally(struct bootnode *nodes, u64 *addr,
                                         break;
                                 }
                         }
-                if (setup_node_range(i, nodes, addr, end - *addr, max_addr) < 0)
+                if (setup_node_range(i, addr, end - *addr, max_addr) < 0)
                         break;
         }
         return i - node_start + 1;
@@ -399,12 +565,12 @@ static int __init split_nodes_equally(struct bootnode *nodes, u64 *addr,
  * always assigned to a final node and can be asymmetric.  Returns the number of
  * nodes split.
  */
-static int __init split_nodes_by_size(struct bootnode *nodes, u64 *addr,
-                                      u64 max_addr, int node_start, u64 size)
+static int __init split_nodes_by_size(u64 *addr, u64 max_addr, int node_start,
+                                      u64 size)
 {
         int i = node_start;
         size = (size << 20) & FAKE_NODE_MIN_HASH_MASK;
-        while (!setup_node_range(i++, nodes, addr, size, max_addr))
+        while (!setup_node_range(i++, addr, size, max_addr))
                 ;
         return i - node_start;
 }
@@ -413,15 +579,15 @@ static int __init split_nodes_by_size(struct bootnode *nodes, u64 *addr,
  * Sets up the system RAM area from start_pfn to last_pfn according to the
  * numa=fake command-line option.
  */
-static struct bootnode nodes[MAX_NUMNODES] __initdata;
-
-static int __init numa_emulation(unsigned long start_pfn, unsigned long last_pfn)
+static int __init numa_emulation(unsigned long start_pfn,
+                        unsigned long last_pfn, int acpi, int k8)
 {
         u64 size, addr = start_pfn << PAGE_SHIFT;
         u64 max_addr = last_pfn << PAGE_SHIFT;
         int num_nodes = 0, num = 0, coeff_flag, coeff = -1, i;
+        int num_phys_nodes;
 
-        memset(&nodes, 0, sizeof(nodes));
+        num_phys_nodes = setup_physnodes(addr, max_addr, acpi, k8);
         /*
          * If the numa=fake command-line is just a single number N, split the
          * system RAM into N fake nodes.
@@ -429,7 +595,8 @@ static int __init numa_emulation(unsigned long start_pfn, unsigned long last_pfn
         if (!strchr(cmdline, '*') && !strchr(cmdline, ',')) {
                 long n = simple_strtol(cmdline, NULL, 0);
 
-                num_nodes = split_nodes_equally(nodes, &addr, max_addr, 0, n);
+                num_nodes = split_nodes_interleave(addr, max_addr,
+                                                        num_phys_nodes, n);
                 if (num_nodes < 0)
                         return num_nodes;
                 goto out;
@@ -456,8 +623,8 @@ static int __init numa_emulation(unsigned long start_pfn, unsigned long last_pfn
                         size = ((u64)num << 20) & FAKE_NODE_MIN_HASH_MASK;
                         if (size)
                                 for (i = 0; i < coeff; i++, num_nodes++)
-                                        if (setup_node_range(num_nodes, nodes,
-                                                &addr, size, max_addr) < 0)
+                                        if (setup_node_range(num_nodes, &addr,
+                                                size, max_addr) < 0)
                                                 goto done;
                         if (!*cmdline)
                                 break;
@@ -473,7 +640,7 @@ done:
         if (addr < max_addr) {
                 if (coeff_flag && coeff < 0) {
                         /* Split remaining nodes into num-sized chunks */
-                        num_nodes += split_nodes_by_size(nodes, &addr, max_addr,
+                        num_nodes += split_nodes_by_size(&addr, max_addr,
                                                          num_nodes, num);
                         goto out;
                 }
@@ -482,7 +649,7 @@ done:
                         /* Split remaining nodes into coeff chunks */
                         if (coeff <= 0)
                                 break;
-                        num_nodes += split_nodes_equally(nodes, &addr, max_addr,
+                        num_nodes += split_nodes_equally(&addr, max_addr,
                                                          num_nodes, coeff);
                         break;
                 case ',':
@@ -490,8 +657,8 @@ done:
                         break;
                 default:
                         /* Give one final node */
-                        setup_node_range(num_nodes, nodes, &addr,
-                                         max_addr - addr, max_addr);
+                        setup_node_range(num_nodes, &addr, max_addr - addr,
+                                         max_addr);
                         num_nodes++;
                 }
         }
@@ -505,14 +672,10 @@ out:
         }
 
         /*
-         * We need to vacate all active ranges that may have been registered by
-         * SRAT and set acpi_numa to -1 so that srat_disabled() always returns
-         * true.  NUMA emulation has succeeded so we will not scan ACPI nodes.
+         * We need to vacate all active ranges that may have been registered for
+         * the e820 memory map.
          */
         remove_all_active_ranges();
-#ifdef CONFIG_ACPI_NUMA
-        acpi_numa = -1;
-#endif
         for_each_node_mask(i, node_possible_map) {
                 e820_register_active_regions(i, nodes[i].start >> PAGE_SHIFT,
                                                 nodes[i].end >> PAGE_SHIFT);
@@ -524,7 +687,8 @@ out:
 }
 #endif /* CONFIG_NUMA_EMU */
 
-void __init initmem_init(unsigned long start_pfn, unsigned long last_pfn)
+void __init initmem_init(unsigned long start_pfn, unsigned long last_pfn,
+                                int acpi, int k8)
 {
         int i;
 
@@ -532,23 +696,22 @@ void __init initmem_init(unsigned long start_pfn, unsigned long last_pfn)
         nodes_clear(node_online_map);
 
 #ifdef CONFIG_NUMA_EMU
-        if (cmdline && !numa_emulation(start_pfn, last_pfn))
+        if (cmdline && !numa_emulation(start_pfn, last_pfn, acpi, k8))
                 return;
         nodes_clear(node_possible_map);
         nodes_clear(node_online_map);
 #endif
 
 #ifdef CONFIG_ACPI_NUMA
-        if (!numa_off && !acpi_scan_nodes(start_pfn << PAGE_SHIFT,
-                                          last_pfn << PAGE_SHIFT))
+        if (!numa_off && acpi && !acpi_scan_nodes(start_pfn << PAGE_SHIFT,
+                                                  last_pfn << PAGE_SHIFT))
                 return;
         nodes_clear(node_possible_map);
         nodes_clear(node_online_map);
 #endif
 
 #ifdef CONFIG_K8_NUMA
-        if (!numa_off && !k8_scan_nodes(start_pfn<<PAGE_SHIFT,
-                                        last_pfn<<PAGE_SHIFT))
+        if (!numa_off && k8 && !k8_scan_nodes())
                 return;
         nodes_clear(node_possible_map);
         nodes_clear(node_online_map);
@@ -601,6 +764,25 @@ static __init int numa_setup(char *opt)
 early_param("numa", numa_setup);
 
 #ifdef CONFIG_NUMA
+
+static __init int find_near_online_node(int node)
+{
+        int n, val;
+        int min_val = INT_MAX;
+        int best_node = -1;
+
+        for_each_online_node(n) {
+                val = node_distance(node, n);
+
+                if (val < min_val) {
+                        min_val = val;
+                        best_node = n;
+                }
+        }
+
+        return best_node;
+}
+
 /*
  * Setup early cpu_to_node.
  *
@@ -632,7 +814,7 @@ void __init init_cpu_to_node(void)
                 if (node == NUMA_NO_NODE)
                         continue;
                 if (!node_online(node))
-                        continue;
+                        node = find_near_online_node(node);
                 numa_set_node(cpu, node);
         }
 }
diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
index dd38bfbefd1f..1d4eb93d333c 100644
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
@@ -279,6 +279,22 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
                    __pa((unsigned long)__end_rodata) >> PAGE_SHIFT))
                 pgprot_val(forbidden) |= _PAGE_RW;
 
+#if defined(CONFIG_X86_64) && defined(CONFIG_DEBUG_RODATA)
+        /*
+         * Once the kernel maps the text as RO (kernel_set_to_readonly is set),
+         * kernel text mappings for the large page aligned text, rodata sections
+         * will be always read-only. For the kernel identity mappings covering
+         * the holes caused by this alignment can be anything that user asks.
+         *
+         * This will preserve the large page mappings for kernel text/data
+         * at no extra cost.
+         */
+        if (kernel_set_to_readonly &&
+            within(address, (unsigned long)_text,
+                   (unsigned long)__end_rodata_hpage_align))
+                pgprot_val(forbidden) |= _PAGE_RW;
+#endif
+
         prot = __pgprot(pgprot_val(prot) & ~pgprot_val(forbidden));
 
         return prot;
@@ -1069,12 +1085,18 @@ EXPORT_SYMBOL(set_memory_array_wb);
 
 int set_memory_x(unsigned long addr, int numpages)
 {
+        if (!(__supported_pte_mask & _PAGE_NX))
+                return 0;
+
         return change_page_attr_clear(&addr, numpages, __pgprot(_PAGE_NX), 0);
 }
 EXPORT_SYMBOL(set_memory_x);
 
 int set_memory_nx(unsigned long addr, int numpages)
 {
+        if (!(__supported_pte_mask & _PAGE_NX))
+                return 0;
+
         return change_page_attr_set(&addr, numpages, __pgprot(_PAGE_NX), 0);
 }
 EXPORT_SYMBOL(set_memory_nx);
diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c
index e78cd0ec2bcf..66b55d6e69ed 100644
--- a/arch/x86/mm/pat.c
+++ b/arch/x86/mm/pat.c
@@ -20,6 +20,7 @@
 #include <asm/cacheflush.h>
 #include <asm/processor.h>
 #include <asm/tlbflush.h>
+#include <asm/x86_init.h>
 #include <asm/pgtable.h>
 #include <asm/fcntl.h>
 #include <asm/e820.h>
@@ -355,9 +356,6 @@ static int free_ram_pages_type(u64 start, u64 end)
  * - _PAGE_CACHE_UC_MINUS
  * - _PAGE_CACHE_UC
  *
- * req_type will have a special case value '-1', when requester want to inherit
- * the memory type from mtrr (if WB), existing PAT, defaulting to UC_MINUS.
- *
  * If new_type is NULL, function will return an error if it cannot reserve the
  * region with req_type. If new_type is non-NULL, function will return
  * available type in new_type in case of no error. In case of any error
@@ -377,9 +375,7 @@ int reserve_memtype(u64 start, u64 end, unsigned long req_type,
         if (!pat_enabled) {
                 /* This is identical to page table setting without PAT */
                 if (new_type) {
-                        if (req_type == -1)
-                                *new_type = _PAGE_CACHE_WB;
-                        else if (req_type == _PAGE_CACHE_WC)
+                        if (req_type == _PAGE_CACHE_WC)
                                 *new_type = _PAGE_CACHE_UC_MINUS;
                         else
                                 *new_type = req_type & _PAGE_CACHE_MASK;
@@ -388,7 +384,7 @@ int reserve_memtype(u64 start, u64 end, unsigned long req_type,
         }
 
         /* Low ISA region is always mapped WB in page table. No need to track */
-        if (is_ISA_range(start, end - 1)) {
+        if (x86_platform.is_untracked_pat_range(start, end)) {
                 if (new_type)
                         *new_type = _PAGE_CACHE_WB;
                 return 0;
@@ -499,7 +495,7 @@ int free_memtype(u64 start, u64 end)
                 return 0;
 
         /* Low ISA region is always mapped WB. No need to track */
-        if (is_ISA_range(start, end - 1))
+        if (x86_platform.is_untracked_pat_range(start, end))
                 return 0;
 
         is_range_ram = pat_pagerange_is_ram(start, end);
@@ -582,7 +578,7 @@ static unsigned long lookup_memtype(u64 paddr)
         int rettype = _PAGE_CACHE_WB;
         struct memtype *entry;
 
-        if (is_ISA_range(paddr, paddr + PAGE_SIZE - 1))
+        if (x86_platform.is_untracked_pat_range(paddr, paddr + PAGE_SIZE))
                 return rettype;
 
         if (pat_pagerange_is_ram(paddr, paddr + PAGE_SIZE)) {
@@ -1018,8 +1014,10 @@ static const struct file_operations memtype_fops = {
 
 static int __init pat_memtype_list_init(void)
 {
-        debugfs_create_file("pat_memtype_list", S_IRUSR, arch_debugfs_dir,
-                                NULL, &memtype_fops);
+        if (pat_enabled) {
+                debugfs_create_file("pat_memtype_list", S_IRUSR,
+                                    arch_debugfs_dir, NULL, &memtype_fops);
+        }
         return 0;
 }
 
diff --git a/arch/x86/mm/setup_nx.c b/arch/x86/mm/setup_nx.c
index 513d8ed5d2ec..a3250aa34086 100644
--- a/arch/x86/mm/setup_nx.c
+++ b/arch/x86/mm/setup_nx.c
@@ -3,10 +3,8 @@
 #include <linux/init.h>
 
 #include <asm/pgtable.h>
+#include <asm/proto.h>
 
-int nx_enabled;
-
-#if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
 static int disable_nx __cpuinitdata;
 
 /*
@@ -22,48 +20,41 @@ static int __init noexec_setup(char *str)
         if (!str)
                 return -EINVAL;
         if (!strncmp(str, "on", 2)) {
-                __supported_pte_mask |= _PAGE_NX;
                 disable_nx = 0;
         } else if (!strncmp(str, "off", 3)) {
                 disable_nx = 1;
-                __supported_pte_mask &= ~_PAGE_NX;
         }
+        x86_configure_nx();
         return 0;
 }
 early_param("noexec", noexec_setup);
-#endif
 
-#ifdef CONFIG_X86_PAE
-void __init set_nx(void)
+void __cpuinit x86_configure_nx(void)
 {
-        unsigned int v[4], l, h;
-
-        if (cpu_has_pae && (cpuid_eax(0x80000000) > 0x80000001)) {
-                cpuid(0x80000001, &v[0], &v[1], &v[2], &v[3]);
+        if (cpu_has_nx && !disable_nx)
+                __supported_pte_mask |= _PAGE_NX;
+        else
+                __supported_pte_mask &= ~_PAGE_NX;
+}
 
-                if ((v[3] & (1 << 20)) && !disable_nx) {
-                        rdmsr(MSR_EFER, l, h);
-                        l |= EFER_NX;
-                        wrmsr(MSR_EFER, l, h);
-                        nx_enabled = 1;
-                        __supported_pte_mask |= _PAGE_NX;
+void __init x86_report_nx(void)
+{
+        if (!cpu_has_nx) {
+                printk(KERN_NOTICE "Notice: NX (Execute Disable) protection "
+                       "missing in CPU or disabled in BIOS!\n");
+        } else {
+#if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
+                if (disable_nx) {
+                        printk(KERN_INFO "NX (Execute Disable) protection: "
+                               "disabled by kernel command line option\n");
+                } else {
+                        printk(KERN_INFO "NX (Execute Disable) protection: "
+                               "active\n");
                 }
-        }
-}
 #else
-void set_nx(void)
-{
-}
+                /* 32bit non-PAE kernel, NX cannot be used */
+                printk(KERN_NOTICE "Notice: NX (Execute Disable) protection "
+                       "cannot be enabled: non-PAE kernel!\n");
 #endif
-
-#ifdef CONFIG_X86_64
-void __cpuinit check_efer(void)
-{
-        unsigned long efer;
-
-        rdmsrl(MSR_EFER, efer);
-        if (!(efer & EFER_NX) || disable_nx)
-                __supported_pte_mask &= ~_PAGE_NX;
+        }
 }
-#endif
-
diff --git a/arch/x86/mm/srat_64.c b/arch/x86/mm/srat_64.c
index 9d7ce96e5a5c..d89075489664 100644
--- a/arch/x86/mm/srat_64.c
+++ b/arch/x86/mm/srat_64.c
@@ -290,8 +290,6 @@ acpi_numa_memory_affinity_init(struct acpi_srat_mem_affinity *ma)
 
         printk(KERN_INFO "SRAT: Node %u PXM %u %lx-%lx\n", node, pxm,
                start, end);
-        e820_register_active_regions(node, start >> PAGE_SHIFT,
-                                     end >> PAGE_SHIFT);
 
         if (ma->flags & ACPI_SRAT_MEM_HOT_PLUGGABLE) {
                 update_nodes_add(node, start, end);
@@ -338,6 +336,19 @@ static int __init nodes_cover_memory(const struct bootnode *nodes)
 
 void __init acpi_numa_arch_fixup(void) {}
 
+int __init acpi_get_nodes(struct bootnode *physnodes)
+{
+        int i;
+        int ret = 0;
+
+        for_each_node_mask(i, nodes_parsed) {
+                physnodes[ret].start = nodes[i].start;
+                physnodes[ret].end = nodes[i].end;
+                ret++;
+        }
+        return ret;
+}
+
 /* Use the information discovered above to actually set up the nodes. */
 int __init acpi_scan_nodes(unsigned long start, unsigned long end)
 {
@@ -350,11 +361,6 @@ int __init acpi_scan_nodes(unsigned long start, unsigned long end)
         for (i = 0; i < MAX_NUMNODES; i++)
                 cutoff_node(i, start, end);
 
-        if (!nodes_cover_memory(nodes)) {
-                bad_srat();
-                return -1;
-        }
-
         memnode_shift = compute_hash_shift(node_memblk_range, num_node_memblks,
                                            memblk_nodeid);
         if (memnode_shift < 0) {
@@ -364,6 +370,14 @@ int __init acpi_scan_nodes(unsigned long start, unsigned long end)
                 return -1;
         }
 
+        for_each_node_mask(i, nodes_parsed)
+                e820_register_active_regions(i, nodes[i].start >> PAGE_SHIFT,
+                                                nodes[i].end >> PAGE_SHIFT);
+        if (!nodes_cover_memory(nodes)) {
+                bad_srat();
+                return -1;
+        }
+
         /* Account for nodes with cpus and no memory */
         nodes_or(node_possible_map, nodes_parsed, cpu_nodes_parsed);
 
@@ -454,7 +468,6 @@ void __init acpi_fake_nodes(const struct bootnode *fake_nodes, int num_nodes)
         for (i = 0; i < num_nodes; i++)
                 if (fake_nodes[i].start != fake_nodes[i].end)
                         node_set(i, nodes_parsed);
-        WARN_ON(!nodes_cover_memory(fake_nodes));
 }
 
 static int null_slit_node_compare(int a, int b)
diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c
index 36fe08eeb5c3..65b58e4b0b8b 100644
--- a/arch/x86/mm/tlb.c
+++ b/arch/x86/mm/tlb.c
@@ -8,6 +8,7 @@
 
 #include <asm/tlbflush.h>
 #include <asm/mmu_context.h>
+#include <asm/cache.h>
 #include <asm/apic.h>
 #include <asm/uv/uv.h>
 
@@ -43,7 +44,7 @@ union smp_flush_state {
                 spinlock_t tlbstate_lock;
                 DECLARE_BITMAP(flush_cpumask, NR_CPUS);
         };
-        char pad[CONFIG_X86_INTERNODE_CACHE_BYTES];
+        char pad[INTERNODE_CACHE_BYTES];
 } ____cacheline_internodealigned_in_smp;
 
 /* State is put into the per CPU data section, but padded
diff --git a/arch/x86/vdso/vdso32-setup.c b/arch/x86/vdso/vdso32-setup.c
index 58bc00f68b12..02b442e92007 100644
--- a/arch/x86/vdso/vdso32-setup.c
+++ b/arch/x86/vdso/vdso32-setup.c
@@ -393,7 +393,6 @@ static ctl_table abi_table2[] = {
 
 static ctl_table abi_root_table2[] = {
         {
-                .ctl_name = CTL_ABI,
                 .procname = "abi",
                 .mode = 0555,
                 .child = abi_table2
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
index dfbf70e65860..c462cea8ef09 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -1093,10 +1093,8 @@ asmlinkage void __init xen_start_kernel(void)
 
         __supported_pte_mask |= _PAGE_IOMAP;
 
-#ifdef CONFIG_X86_64
         /* Work out if we support NX */
-        check_efer();
-#endif
+        x86_configure_nx();
 
         xen_setup_features();
 
diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c
index fe03eeed7b48..738da0cb0d8b 100644
--- a/arch/x86/xen/smp.c
+++ b/arch/x86/xen/smp.c
@@ -73,7 +73,7 @@ static __cpuinit void cpu_bringup(void)
 
         xen_setup_cpu_clockevents();
 
-        cpu_set(cpu, cpu_online_map);
+        set_cpu_online(cpu, true);
         percpu_write(cpu_state, CPU_ONLINE);
         wmb();